some more OpenSAML3 refactoring stuff

1 files changed, 0 insertions, 196 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java
deleted file mode 100644
index 380e735c..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
- * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
- * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
- * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
- * compliance with the Licence. You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the Licence
- * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the Licence for the specific language governing permissions and limitations under
- * the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text file for details on the
- * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
- * works that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.core.criterion.EntityIdCriterion;
-import org.opensaml.saml.common.SignableSAMLObject;
-import org.opensaml.saml.common.xml.SAMLConstants;
-import org.opensaml.saml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml.common.xml.SAMLSchemaBuilder.SAML1Version;
-import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.credential.UsageType;
-import org.opensaml.security.criteria.UsageCriterion;
-import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.ws.security.SecurityPolicyRule;
-import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
-
-/**
- * Signature Policy for SAML2 redirect-binding.
- *
- * @author tlenz
- *
- */
-public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule {
-
-  private static final Logger log =
-      LoggerFactory.getLogger(AbstractRequestSignedSecurityPolicyRule.class);
-
-  private static SAMLSchemaBuilder schemaBuilder = new SAMLSchemaBuilder(SAML1Version.SAML_11);
-
-  private SignatureTrustEngine trustEngine = null;
-  private QName peerEntityRole = null;
-
-  /**
-   * Role initializer.
-   *
-   * @param peerEntityRole
-   *
-   */
-  public AbstractRequestSignedSecurityPolicyRule(final SignatureTrustEngine trustEngine,
-      final QName peerEntityRole) {
-    this.trustEngine = trustEngine;
-    this.peerEntityRole = peerEntityRole;
-
-  }
-
-  /**
-   * Reload the PVP metadata for a given entity.
-   *
-   * @param entityID for which the metadata should be refreshed.
-   * @return true if the refresh was successful, otherwise false
-   */
-  protected abstract boolean refreshMetadataProvider(String entityID);
-
-  protected abstract SignableSAMLObject getSignedSamlObject(XMLObject inboundData);
-
-  /*
-   * (non-Javadoc)
-   *
-   * @see
-   * org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.
-   * MessageContext)
-   */
-  @Override
-  public void evaluate(final MessageContext context) throws SecurityPolicyException {
-    try {
-      verifySignature(context);
-
-    } catch (final SecurityPolicyException e) {
-      if (StringUtils.isEmpty(context.getInboundMessageIssuer())) {
-        throw e;
-
-      }
-      log.debug("PVP2X message validation FAILED. Reload metadata for entityID: "
-          + context.getInboundMessageIssuer());
-      if (!refreshMetadataProvider(context.getInboundMessageIssuer())) {
-        throw e;
-      } else {
-        log.trace("PVP2X metadata reload finished. Check validate message again.");
-        verifySignature(context);
-
-      }
-      log.trace("Second PVP2X message validation finished");
-
-    }
-
-  }
-
-  private void verifySignature(final MessageContext context) throws SecurityPolicyException {
-    final SignableSAMLObject samlObj = getSignedSamlObject(context.getInboundMessage());
-    if (samlObj != null && samlObj.getSignature() != null) {
-
-      final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-      try {
-        profileValidator.validate(samlObj.getSignature());
-        performSchemaValidation(samlObj.getDOM());
-
-      } catch (final ValidationException e) {
-        log.warn("Signature is not conform to SAML signature profile", e);
-        throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-
-      } catch (final SchemaValidationException e) {
-        log.warn("Signature is not conform to SAML signature profile", e);
-        throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-
-      }
-
-      final CriteriaSet criteriaSet = new CriteriaSet();
-      criteriaSet.add(new EntityIdCriterion(context.getInboundMessageIssuer()));
-      criteriaSet.add(new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS));
-      criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
-
-      try {
-        if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-          throw new SecurityPolicyException("Signature validation FAILED.");
-
-        }
-        log.debug("PVP message signature valid.");
-
-      } catch (final org.opensaml.xml.security.SecurityException e) {
-        log.info("PVP2x message signature validation FAILED. Message:" + e.getMessage());
-        throw new SecurityPolicyException("Signature validation FAILED.");
-
-      }
-
-    } else {
-      throw new SecurityPolicyException("PVP Message is not signed.");
-
-    }
-
-  }
-
-  private void performSchemaValidation(final Element source) throws SchemaValidationException {
-
-    String err = null;
-    try {
-      final Schema test = schemaBuilder.getSAMLSchema();
-      final Validator val = test.newValidator();
-      val.validate(new DOMSource(source));
-      log.debug("Schema validation check done OK");
-      return;
-
-    } catch (final SAXException e) {
-      err = e.getMessage();
-      if (log.isDebugEnabled() || log.isTraceEnabled()) {
-        log.warn("Schema validation FAILED with exception:", e);
-      } else {
-        log.warn("Schema validation FAILED with message: " + e.getMessage());
-      }
-
-    } catch (final Exception e) {
-      err = e.getMessage();
-      if (log.isDebugEnabled() || log.isTraceEnabled()) {
-        log.warn("Schema validation FAILED with exception:", e);
-      } else {
-        log.warn("Schema validation FAILED with message: " + e.getMessage());
-      }
-
-    }
-
-    throw new SchemaValidationException("pvp2.22", new Object[] { err });
-
-  }
-
-}