summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2022-01-09 21:30:56 +0100
committerThomas <>2022-01-09 21:30:56 +0100
commit0e60708e5915eb858d5931c45f807329bd365c11 (patch)
tree6d5e5a305e8b9b7e969fb051acffd811379709b6
parente28540643df720d0f3ea2d00c8bee8f0beeebce8 (diff)
downloadEAAF-Components-0e60708e5915eb858d5931c45f807329bd365c11.tar.gz
EAAF-Components-0e60708e5915eb858d5931c45f807329bd365c11.tar.bz2
EAAF-Components-0e60708e5915eb858d5931c45f807329bd365c11.zip
chore(SAML2): update implementation to remove usage of deprecated openSAML4.x API
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java22
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java10
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java18
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java4
8 files changed, 37 insertions, 37 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java
index 3d9125fe..6e718385 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java
@@ -22,15 +22,15 @@ package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
import java.util.Collection;
import java.util.List;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.metadata.ContactPerson;
import org.opensaml.saml.saml2.metadata.Organization;
import org.opensaml.saml.saml2.metadata.RequestedAttribute;
import org.opensaml.security.credential.Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+
/**
* PVP Metadata builder configuration.
*
@@ -43,7 +43,7 @@ public interface IPvpMetadataBuilderConfiguration {
* Defines a unique name for this PVP Service-provider, which is used for
* logging.
*
- * @return
+ * @return Name of this SAML2 SP
*/
String getSpNameForLogging();
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
index 05a7360b..da3db0a8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
@@ -237,7 +237,7 @@ public class PvpMetadataBuilder {
} else {
for (final String format : config.getSpAllowedNameIdTypes()) {
final NameIDFormat nameIdFormat = Saml2Utils.createSamlObject(NameIDFormat.class);
- nameIdFormat.setFormat(format);
+ nameIdFormat.setURI(format);
spSsoDescriptor.getNameIDFormats().add(nameIdFormat);
}
@@ -424,7 +424,7 @@ public class PvpMetadataBuilder {
// set providable nameID formats
for (final String format : config.getIdpPossibleNameIdTypes()) {
final NameIDFormat nameIdFormat = Saml2Utils.createSamlObject(NameIDFormat.class);
- nameIdFormat.setFormat(format);
+ nameIdFormat.setURI(format);
idpSsoDescriptor.getNameIDFormats().add(nameIdFormat);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
index 2257eba9..60800eb2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
@@ -325,7 +325,7 @@ public class SamlVerificationEngine {
} else {
for (final AudienceRestriction el : audienceRest) {
for (final Audience audience : el.getAudiences()) {
- if (!urlCompare(spEntityId, audience.getAudienceURI())) {
+ if (!urlCompare(spEntityId, audience.getURI())) {
log.info("Assertion with ID:{} 'AudienceRestriction' is not valid.",
saml2assertion.getID());
isAssertionValid = false;
@@ -520,7 +520,7 @@ public class SamlVerificationEngine {
samlResp.getIssuer().getValue(),
samlResp.getStatus().getStatusCode().getValue(),
samlResp.getStatus().getStatusMessage() != null
- ? samlResp.getStatus().getStatusMessage().getMessage()
+ ? samlResp.getStatus().getStatusMessage().getValue()
: " no status message" });
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
index c784e392..b44d70e3 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
@@ -3,16 +3,6 @@ package at.gv.egiz.eaaf.modules.pvp2.test;
import java.security.cert.X509Certificate;
import java.util.List;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.xml.security.algorithms.JCEMapper;
import org.junit.Assert;
@@ -26,13 +16,23 @@ import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({
"/spring/test_eaaf_core_map_config.beans.xml",
"/spring/SpringTest-context_lazy.xml",
"/spring/eaaf_utils.beans.xml"
- })
+ })
public class CredentialProviderTest {
private static final String HSM_FACASE_HOST = "eid.a-sit.at";
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index 63c8c99a..a2611165 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -134,11 +134,11 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
if (e instanceof NoPassivAuthenticationException) {
statusCode.setValue(StatusCode.NO_PASSIVE);
- statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
+ statusMessage.setValue(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
} else if (e instanceof NameIdFormatNotSupportedException) {
statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY);
- statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
+ statusMessage.setValue(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
} else if (e instanceof SloException) {
// SLOExecpetions only occurs if session information is lost
@@ -149,7 +149,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
statusCode.setValue(ex.getStatusCodeValue());
final String statusMessageValue = ex.getStatusMessageValue();
if (statusMessageValue != null) {
- statusMessage.setMessage(StringEscapeUtils.escapeXml11(statusMessageValue));
+ statusMessage.setValue(StringEscapeUtils.escapeXml11(statusMessageValue));
}
@@ -157,7 +157,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
} else {
statusCode.setValue(StatusCode.RESPONDER);
- statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
+ statusMessage.setValue(StringEscapeUtils.escapeXml11(e.getLocalizedMessage()));
internalErrorCode = statusMessager.getResponseErrorCode(e);
}
@@ -172,7 +172,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
}
//set status-message if availabe
- if (statusMessage.getMessage() != null) {
+ if (statusMessage.getValue() != null) {
status.setStatusMessage(statusMessage);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
index 21912592..88ff2206 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
@@ -107,7 +107,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
final AuthnContextClassRef authnContextClassRef =
Saml2Utils.createSamlObject(AuthnContextClassRef.class);
- authnContextClassRef.setAuthnContextClassRef(qaaLevel);
+ authnContextClassRef.setURI(qaaLevel);
final NameID subjectNameID = Saml2Utils.createSamlObject(NameID.class);
subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
@@ -151,7 +151,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
// check if authn. request contains LoA
final RequestedAuthnContext reqAuthnContext = authnRequest.getRequestedAuthnContext();
if (reqAuthnContext == null) {
- authnContextClassRef.setAuthnContextClassRef(authData.getEidasQaaLevel());
+ authnContextClassRef.setURI(authData.getEidasQaaLevel());
} else {
// authn. request requests LoA levels. To LoA validation
@@ -169,12 +169,12 @@ public class Pvp2AssertionBuilder implements PvpConstants {
if (reqAuthnContextClassRefIt.size() == 0) {
QaaLevelVerifier.verifyQaaLevel(authData.getEidasQaaLevel(), oaParam.getRequiredLoA(),
loaMatchingMode);
- authnContextClassRef.setAuthnContextClassRef(authData.getEidasQaaLevel());
+ authnContextClassRef.setURI(authData.getEidasQaaLevel());
} else {
final List<String> eidasLoaFromRequest = new ArrayList<>();
for (final AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
- final String qaa_uri = authnClassRef.getAuthnContextClassRef();
+ final String qaa_uri = authnClassRef.getURI();
if (!qaa_uri.trim().startsWith(EaafConstants.EIDAS_LOA_PREFIX)) {
if (loaLevelMapper != null) {
@@ -202,7 +202,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
// verifiy LoAs from request to authentication LoA
QaaLevelVerifier.verifyQaaLevel(authData.getEidasQaaLevel(), eidasLoaFromRequest,
loaMatchingMode);
- authnContextClassRef.setAuthnContextClassRef(authData.getEidasQaaLevel());
+ authnContextClassRef.setURI(authData.getEidasQaaLevel());
}
}
@@ -309,12 +309,12 @@ public class Pvp2AssertionBuilder implements PvpConstants {
if (metadataNameIdFormats != null) {
for (final NameIDFormat el : metadataNameIdFormats) {
- if (NameIDType.PERSISTENT.equals(el.getFormat())) {
+ if (NameIDType.PERSISTENT.equals(el.getURI())) {
nameIdFormat = NameIDType.PERSISTENT;
break;
- } else if (NameIDType.TRANSIENT.equals(el.getFormat())
- || NameIDType.UNSPECIFIED.equals(el.getFormat())) {
+ } else if (NameIDType.TRANSIENT.equals(el.getURI())
+ || NameIDType.UNSPECIFIED.equals(el.getURI())) {
break;
}
@@ -442,7 +442,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
Saml2Utils.createSamlObject(AudienceRestriction.class);
final Audience audience = Saml2Utils.createSamlObject(Audience.class);
- audience.setAudienceURI(entityID);
+ audience.setURI(entityID);
audienceRestriction.getAudiences().add(audience);
conditions.setNotBefore(date);
conditions.setNotOnOrAfter(isValidTo);
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
index c48a0fd4..bac90451 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
@@ -185,7 +185,7 @@ public class PvpAuthnRequestBuilder {
final AuthnContextClassRef authnClassRef =
Saml2Utils.createSamlObject(AuthnContextClassRef.class);
- authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRef());
+ authnClassRef.setURI(config.getAuthnContextClassRef());
if (config.getAuthnContextComparison() == null) {
reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
@@ -244,7 +244,7 @@ public class PvpAuthnRequestBuilder {
if (StringUtils.isNotEmpty(config.getScopeRequesterId())) {
final Scoping scope = Saml2Utils.createSamlObject(Scoping.class);
final RequesterID requesterId = Saml2Utils.createSamlObject(RequesterID.class);
- requesterId.setRequesterID(config.getScopeRequesterId());
+ requesterId.setURI(config.getScopeRequesterId());
scope.getRequesterIDs().add(requesterId);
authReq.setScoping(scope);
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
index d59012a5..f87096fb 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
@@ -265,8 +265,8 @@ public class AssertionAttributeExtractor {
&& authn.getAuthnContext().getAuthnContextClassRef() != null) {
final AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef();
- if (StringUtils.isNotEmpty(qaaClass.getAuthnContextClassRef())) {
- return qaaClass.getAuthnContextClassRef();
+ if (StringUtils.isNotEmpty(qaaClass.getURI())) {
+ return qaaClass.getURI();
} else {
throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)");
}