Address SIDP-95 (what kind of freak sends an Authn Request to the attribute query...
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 17 Dec 2007 11:43:48 +0000 (11:43 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 17 Dec 2007 11:43:48 +0000 (11:43 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2502 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java

index 3d31354..589ec5c 100644 (file)
@@ -144,6 +144,15 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
             requestContext.setMessageDecoder(decoder);
             decoder.decode(requestContext);
             log.debug("Decoded request");
+            
+            if (!(requestContext.getInboundMessage() instanceof Request)) {
+                log.error("Incomming message was not a Request, it was a {}", requestContext.getInboundMessage()
+                        .getClass().getName());
+                requestContext
+                        .setFailureStatus(buildStatus(StatusCode.REQUESTER, null, "Invalid SAML Request message."));
+                throw new ProfileException("Invalid SAML Request message.");
+            }
+            
             return requestContext;
         } catch (MessageDecodingException e) {
             log.error("Error decoding attribute query message", e);
@@ -156,14 +165,13 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
             throw new ProfileException("Message did not meet security policy requirements", e);
         } finally {
             // Set as much information as can be retrieved from the decoded message
-
             Request request = requestContext.getInboundSAMLMessage();
             if (request == null) {
                 log.error("Decoder did not contain an attribute query, an error occured decoding the message");
                 throw new ProfileException("Unable to decode message.");
             }
             AttributeQuery query = request.getAttributeQuery();
-            if(query != null){
+            if (query != null) {
                 requestContext.setSubjectNameIdentifier(query.getSubject().getNameIdentifier());
             }
 
index 34288be..9a6da96 100644 (file)
@@ -145,6 +145,15 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
             requestContext.setMessageDecoder(decoder);
             decoder.decode(requestContext);
             log.debug("Decoded request");
+            
+            if (!(requestContext.getInboundMessage() instanceof AttributeQuery)) {
+                log.error("Incomming message was not a AttributeQuery, it was a {}", requestContext.getInboundMessage()
+                        .getClass().getName());
+                requestContext.setFailureStatus(buildStatus(StatusCode.REQUESTER_URI, null,
+                        "Invalid SAML AttributeQuery message."));
+                throw new ProfileException("Invalid SAML AttributeQuery message.");
+            }
+            
             return requestContext;
         } catch (MessageDecodingException e) {
             log.error("Error decoding attribute query message", e);
@@ -158,10 +167,10 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
         } finally {
             // Set as much information as can be retrieved from the decoded message
             AttributeQuery query = requestContext.getInboundSAMLMessage();
-            if(query != null){
+            if (query != null) {
                 requestContext.setSubjectNameIdentifier(query.getSubject().getNameID());
             }
-            
+
             String relyingPartyId = requestContext.getInboundMessageIssuer();
             RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
             if (rpConfig == null) {
index 0c4ad68..6cd3d09 100644 (file)
@@ -270,7 +270,7 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
      * 
      * @return request context with decoded information
      * 
-     * @throws ProfileException thrown if the incomming message failed decoding
+     * @throws ProfileException thrown if the incoming message failed decoding
      */
     protected SSORequestContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
             throws ProfileException {
@@ -291,6 +291,16 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
             SAMLMessageDecoder decoder = getMessageDecoders().get(getInboundBinding());
             requestContext.setMessageDecoder(decoder);
             decoder.decode(requestContext);
+            log.debug("Decoded request");
+            
+            if (!(requestContext.getInboundMessage() instanceof AuthnRequest)) {
+                log.error("Incomming message was not a AuthnRequest, it was a {}", requestContext.getInboundMessage()
+                        .getClass().getName());
+                requestContext.setFailureStatus(buildStatus(StatusCode.REQUESTER_URI, null,
+                        "Invalid SAML AuthnRequest message."));
+                throw new ProfileException("Invalid SAML AuthnRequest message.");
+            }
+            
             return requestContext;
         } catch (MessageDecodingException e) {
             log.error("Error decoding authentication request message", e);