Reverts first attempt back to plain vanilla

This reverts commit 14b1d78.

Author: merit\rembjo0

core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java

@@ -12,7 +12,6 @@
 
 import javax.xml.xpath.XPathExpressionException;
 
-import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.text.StrSubstitutor;
 import org.joda.time.DateTime;
 import org.slf4j.Logger;
@@ -61,11 +60,6 @@ public class LogoutRequest {
      */
 	private final HttpRequest request;
 
-	/**
-	 * Map with raw request parameters as received in the queryString. Required for accurate signature verification.
-	 */
-	private Map<String, String> rawRequestParams;
-	
 	/**
      * NameID.
      */	
@@ -98,19 +92,16 @@ public class LogoutRequest {
 	 *              OneLogin_Saml2_Settings
 	 * @param request
      *              the HttpRequest object to be processed (Contains GET and POST parameters, request URL, ...).
-     * @param rawRequestParams
-     *              map with 'raw' url request parameters for signature validation (keyed on name, value is key & value)          
 	 * @param nameId
 	 *              The NameID that will be set in the LogoutRequest.
 	 * @param sessionIndex
 	 *              The SessionIndex (taken from the SAML Response in the SSO process).
 	 * @throws XMLEntityException 
 	 *
 	 */
-	public LogoutRequest(Saml2Settings settings, HttpRequest request, Map<String, String> rawRequestParams, String nameId, String sessionIndex) throws XMLEntityException {
+	public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, String sessionIndex) throws XMLEntityException {
 		this.settings = settings;
 		this.request = request;
-		this.rawRequestParams = rawRequestParams;
 
 		String samlLogoutRequest = null;
 
@@ -142,7 +133,7 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request, Map<String, St
 	 * @throws XMLEntityException 
 	 */
 	public LogoutRequest(Saml2Settings settings) throws XMLEntityException {
-		this(settings, null, null, null, null);
+		this(settings, null, null, null);
 	}
 
 	/**
@@ -152,13 +143,11 @@ public LogoutRequest(Saml2Settings settings) throws XMLEntityException {
 	 *            OneLogin_Saml2_Settings
 	 * @param request
      *              the HttpRequest object to be processed (Contains GET and POST parameters, request URL, ...).
-     * @param rawRequestParams
-     *              map with 'raw' url request parameters for signature validation (keyed on name, value is key & value)
      *
 	 * @throws XMLEntityException 
 	 */
-	public LogoutRequest(Saml2Settings settings, HttpRequest request, Map<String, String> rawRequestParams) throws XMLEntityException {
-		this(settings, request, rawRequestParams, null, null);
+	public LogoutRequest(Saml2Settings settings, HttpRequest request) throws XMLEntityException {
+		this(settings, request, null, null);
 	}
 
 	/**
@@ -345,19 +334,15 @@ public Boolean isValid() throws Exception {
 				if (signAlg == null || signAlg.isEmpty()) {
 					signAlg = Constants.RSA_SHA1;
 				}
-				
-				String rawSamlRequest = rawRequestParams.get("SAMLRequest");
-				String rawRelayState = rawRequestParams.get("RelayState");
-				String rawSigAlg = rawRequestParams.get("SigAlg");
-				
-				String signedQuery = "";
-				signedQuery += rawSamlRequest;
-				
-				if (StringUtils.isNotBlank(rawRelayState)) {
-					signedQuery += "&" + rawRelayState;
+				String relayState = request.getParameter("RelayState");
+
+				String signedQuery = "SAMLRequest=" + Util.urlEncoder(request.getParameter("SAMLRequest"));
+
+				if (relayState != null && !relayState.isEmpty()) {
+					signedQuery += "&RelayState=" + Util.urlEncoder(relayState);
 				}
 
-				signedQuery += "&" + rawSigAlg;
+				signedQuery += "&SigAlg=" + Util.urlEncoder(signAlg);
 
 				if (!Util.validateBinarySignature(signedQuery, Util.base64decoder(signature), cert, signAlg)) {
 					throw new ValidationError("Signature validation failed. Logout Request rejected", ValidationError.INVALID_SIGNATURE);

core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java

@@ -7,11 +7,9 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
-import java.util.regex.Pattern;
 
 import javax.xml.xpath.XPathExpressionException;
 
-import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.text.StrSubstitutor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -63,11 +61,6 @@ public class LogoutResponse {
      */
 	private final HttpRequest request;
 
-	/**
-	 * Map with raw request parameters as received in the queryString. Required for accurate signature verification.
-	 */
-	private Map<String, String> rawRequestParams;
-	
 	/**
 	 * URL of the current host + current view
 	 */
@@ -95,14 +88,11 @@ public class LogoutResponse {
 	 *              OneLogin_Saml2_Settings
 	 * @param request
      *              the HttpRequest object to be processed (Contains GET and POST parameters, request URL, ...).
-     * @param rawRequestParams
-     *              map with 'raw' url request parameters for signature validation (keyed on name, value is key & value)
      *
 	 */
-	public LogoutResponse(Saml2Settings settings, HttpRequest request, Map<String, String> rawRequestParams) {
+	public LogoutResponse(Saml2Settings settings, HttpRequest request) {
 		this.settings = settings;
 		this.request = request;
-		this.rawRequestParams = rawRequestParams;
 
 		String samlLogoutResponse = null;
 		if (request != null) {
@@ -224,25 +214,20 @@ public Boolean isValid(String requestId) {
 				if (cert == null) {
 					throw new SettingsException("In order to validate the sign on the Logout Response, the x509cert of the IdP is required", SettingsException.CERT_NOT_FOUND);
 				}
-				
-				
+
 				String signAlg = request.getParameter("SigAlg");
 				if (signAlg == null || signAlg.isEmpty()) {
 					signAlg = Constants.RSA_SHA1;
 				}
 
-				String rawSamlResponse = rawRequestParams.get("SAMLResponse");
-				String rawRelayState = rawRequestParams.get("RelayState");
-				String rawSigAlg = rawRequestParams.get("SigAlg");
-				
-				String signedQuery = "";
-				signedQuery += rawSamlResponse;
-				
-				if (StringUtils.isNotBlank(rawRelayState)) {
-					signedQuery += "&" + rawRelayState;
+				String signedQuery = "SAMLResponse=" + Util.urlEncoder(request.getParameter("SAMLResponse"));
+
+				String relayState = request.getParameter("RelayState");
+				if (relayState != null && !relayState.isEmpty()) {
+					signedQuery += "&RelayState=" + Util.urlEncoder(relayState);
 				}
 
-				signedQuery += "&" + rawSigAlg;
+				signedQuery += "&SigAlg=" + Util.urlEncoder(signAlg);
 
 				if (!Util.validateBinarySignature(signedQuery, Util.base64decoder(signature), cert, signAlg)) {
 					throw new ValidationError("Signature validation failed. Logout Response rejected", ValidationError.INVALID_SIGNATURE);