-
Notifications
You must be signed in to change notification settings - Fork 121
/
decode_logout_request.go
85 lines (73 loc) · 2.3 KB
/
decode_logout_request.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
// Copyright 2016 Russell Haering et al.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package saml2
import (
"encoding/base64"
"fmt"
dsig "github.com/russellhaering/goxmldsig"
)
func (sp *SAMLServiceProvider) validateLogoutRequestAttributes(request *LogoutRequest) error {
if request.Destination != "" && request.Destination != sp.ServiceProviderSLOURL {
return ErrInvalidValue{
Key: DestinationAttr,
Expected: sp.ServiceProviderSLOURL,
Actual: request.Destination,
}
}
if request.Version != "2.0" {
return ErrInvalidValue{
Reason: ReasonUnsupported,
Key: "SAML version",
Expected: "2.0",
Actual: request.Version,
}
}
return nil
}
func (sp *SAMLServiceProvider) ValidateEncodedLogoutRequestPOST(encodedRequest string) (*LogoutRequest, error) {
raw, err := base64.StdEncoding.DecodeString(encodedRequest)
if err != nil {
return nil, err
}
// Parse the raw request - parseResponse is generic
doc, el, err := parseResponse(raw, sp.MaximumDecompressedBodySize)
if err != nil {
return nil, err
}
var requestSignatureValidated bool
if !sp.SkipSignatureValidation {
el, err = sp.validateElementSignature(el)
if err == dsig.ErrMissingSignature {
// Unfortunately we just blew away our Response
el = doc.Root()
} else if err != nil {
return nil, err
} else if el == nil {
return nil, fmt.Errorf("missing transformed logout request")
} else {
requestSignatureValidated = true
}
}
decodedRequest := &LogoutRequest{}
err = xmlUnmarshalElement(el, decodedRequest)
if err != nil {
return nil, fmt.Errorf("unable to unmarshal logout request: %v", err)
}
decodedRequest.SignatureValidated = requestSignatureValidated
err = sp.ValidateDecodedLogoutRequest(decodedRequest)
if err != nil {
return nil, err
}
return decodedRequest, nil
}