summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src
diff options
context:
space:
mode:
authorThomas <thomas.lenz@egiz.gv.at>2019-12-04 22:54:51 +0100
committerThomas <thomas.lenz@egiz.gv.at>2019-12-04 22:54:51 +0100
commit95b21a826e5d81fdeabcf4673a9e87047edaec9d (patch)
treed8d55da492dd86041c31d68651afa21c80313362 /eaaf_modules/eaaf_module_pvp2_core/src
parent759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f (diff)
downloadEAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.tar.gz
EAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.tar.bz2
EAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.zip
to some more code quality tasks
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java38
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java33
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java13
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java (renamed from eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java)4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java14
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java13
15 files changed, 87 insertions, 64 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
index e8d42e80..8bd2f024 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
@@ -30,34 +30,34 @@ import org.opensaml.xml.signature.SignatureConstants;
public interface PvpConstants extends PVPAttributeDefinitions {
- public static final String DEFAULT_SIGNING_METHODE =
+ String DEFAULT_SIGNING_METHODE =
SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
- public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
- public static final String DEFAULT_SYM_ENCRYPTION_METHODE =
+ String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
+ String DEFAULT_SYM_ENCRYPTION_METHODE =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
- public static final String DEFAULT_ASYM_ENCRYPTION_METHODE =
+ String DEFAULT_ASYM_ENCRYPTION_METHODE =
EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
- public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
- public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
- public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
+ String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
+ String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
+ String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
@Deprecated
- public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
+ String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
- public static final String REDIRECT = "Redirect";
- public static final String POST = "Post";
- public static final String SOAP = "Soap";
- public static final String METADATA = "Metadata";
- public static final String ATTRIBUTEQUERY = "AttributeQuery";
- public static final String SINGLELOGOUT = "SingleLogOut";
+ String REDIRECT = "Redirect";
+ String POST = "Post";
+ String SOAP = "Soap";
+ String METADATA = "Metadata";
+ String ATTRIBUTEQUERY = "AttributeQuery";
+ String SINGLELOGOUT = "SingleLogOut";
/**
* Get required PVP attributes for egovtoken First : PVP attribute name (OID) Second: FriendlyName
* Third: Required.
*
*/
- public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES =
+ List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES =
Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
private static final long serialVersionUID = 1L;
{
@@ -82,7 +82,7 @@ public interface PvpConstants extends PVPAttributeDefinitions {
* FriendlyName Third: Required.
*
*/
- public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES =
+ List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES =
Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
private static final long serialVersionUID = 1L;
{
@@ -129,10 +129,10 @@ public interface PvpConstants extends PVPAttributeDefinitions {
});
// constants for requested SAML2 attribtes by using own namespace
- public static final String EIDAT10_SAML_NS = "http://eid.gv.at/eID/attributes/saml-extensions";
- public static final String EIDAT10_PREFIX = "eid";
+ String EIDAT10_SAML_NS = "http://eid.gv.at/eID/attributes/saml-extensions";
+ String EIDAT10_PREFIX = "eid";
- public static final QName EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE =
+ QName EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE =
new QName(EIDAT10_SAML_NS, "AttributeValue", EIDAT10_PREFIX);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
index 27a6532b..677028a5 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
@@ -30,11 +30,11 @@ import org.opensaml.xml.security.SecurityException;
public interface IDecoder {
- public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp,
+ InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp,
MetadataProvider metadataProvider, boolean isSpEndPoint, URIComparator comparator)
throws MessageDecodingException, SecurityException, Pvp2Exception;
- public boolean handleDecode(String action, HttpServletRequest req);
+ boolean handleDecode(String action, HttpServletRequest req);
- public String getSaml2BindingName();
+ String getSaml2BindingName();
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
index 74ee74de..5f69ba62 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
@@ -33,5 +33,5 @@ public interface IRefreshableMetadataProvider {
* @param entityID EntityId
* @return true, if refresh is success, otherwise false
*/
- public boolean refreshMetadataProvider(String entityID);
+ boolean refreshMetadataProvider(String entityID);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java
index 93980a73..0ea909e2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java
@@ -40,11 +40,11 @@ public abstract class Pvp2Exception extends EaafException {
public String getStatusCodeValue() {
- return (this.statusCodeValue);
+ return this.statusCodeValue;
}
public String getStatusMessageValue() {
- return (this.statusMessageValue);
+ return this.statusMessageValue;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
index 0933f0a2..2734c859 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
@@ -229,7 +229,7 @@ public class PostBinding implements IDecoder, IEncoder {
@Override
public boolean handleDecode(final String action, final HttpServletRequest req) {
- return (req.getMethod().equals("POST") && action.equals(PvpConstants.POST));
+ return req.getMethod().equals("POST") && action.equals(PvpConstants.POST);
}
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
index 4e548d57..7b8525ce 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
@@ -229,8 +229,8 @@ public class RedirectBinding implements IDecoder, IEncoder {
@Override
public boolean handleDecode(final String action, final HttpServletRequest req) {
- return ((action.equals(PvpConstants.REDIRECT) || action.equals(PvpConstants.SINGLELOGOUT))
- && req.getMethod().equals("GET"));
+ return action.equals(PvpConstants.REDIRECT) || action.equals(PvpConstants.SINGLELOGOUT)
+ && req.getMethod().equals("GET");
}
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
index 79a88487..2e19f259 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
@@ -126,8 +126,8 @@ public class SoapBinding implements IDecoder, IEncoder {
@Override
public boolean handleDecode(final String action, final HttpServletRequest req) {
- return (req.getMethod().equals("POST")
- && (action.equals(PvpConstants.SOAP) || action.equals(PvpConstants.ATTRIBUTEQUERY)));
+ return req.getMethod().equals("POST")
+ && action.equals(PvpConstants.SOAP) || action.equals(PvpConstants.ATTRIBUTEQUERY);
}
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
index 107a856e..c21524dd 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
@@ -19,7 +19,13 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.message;
+import java.io.IOException;
import java.io.Serializable;
+
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
@@ -28,17 +34,20 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
public class InboundMessage implements InboundMessageInterface, Serializable {
private static final Logger log = LoggerFactory.getLogger(InboundMessage.class);
private static final long serialVersionUID = 2395131650841669663L;
- private Element samlMessage = null;
+ private transient Element samlMessage = null;
private boolean verified = false;
private String entityID = null;
private String relayState = null;
+ private String serializedSamlMessage;
+
/**
* Get SAML2 metadata for Entity that sends this request.
*
@@ -90,6 +99,13 @@ public class InboundMessage implements InboundMessageInterface, Serializable {
*/
public void setSamlMessage(final Element msg) {
this.samlMessage = msg;
+ try {
+ this.serializedSamlMessage = DomUtils.serializeNode(msg);
+
+ } catch (TransformerException | IOException e) {
+ log.warn("Can not serialize message",e );
+
+ }
}
/*
@@ -129,7 +145,20 @@ public class InboundMessage implements InboundMessageInterface, Serializable {
*/
@Override
public Element getInboundMessage() {
- return samlMessage;
+ if (this.samlMessage != null) {
+ return samlMessage;
+
+ } else {
+ try {
+ return (Element) DomUtils.parseDocument(serializedSamlMessage, false, null, null);
+
+ } catch (SAXException | IOException | ParserConfigurationException e) {
+ throw new RuntimeException(e);
+
+ }
+
+ }
+
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
index ec81353a..8a6105bc 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -401,7 +401,7 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
protected void emitChangeEvent() {
- if ((getObservers() == null) || (getObservers().size() == 0)) {
+ if (getObservers() == null || getObservers().size() == 0) {
return;
}
@@ -463,13 +463,12 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
while (metadataUrlInterator.hasNext()) {
final String metadataurl = metadataUrlInterator.next();
try {
- if (StringUtils.isNotEmpty(metadataurl)) {
- if (loadedproviders.containsKey(metadataurl)) {
- // SAML2 SP is actually loaded, to nothing
- providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
- loadedproviders.remove(metadataurl);
+ if (StringUtils.isNotEmpty(metadataurl)
+ && loadedproviders.containsKey(metadataurl)) {
+ // SAML2 SP is actually loaded, to nothing
+ providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
+ loadedproviders.remove(metadataurl);
- }
}
} catch (final Throwable e) {
log.error("Failed to add Metadata (unhandled reason: " + e.getMessage(), e);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
index d84b407f..a6d2508d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
@@ -29,7 +29,7 @@ import org.opensaml.xml.security.x509.X509Credential;
* @author tlenz
*
*/
-public class KeyStoreX509CredentialAdapter
+public class EaafKeyStoreX509CredentialAdapter
extends org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter {
/**
@@ -39,7 +39,7 @@ public class KeyStoreX509CredentialAdapter
* @param alias Key alias
* @param password key Password
*/
- public KeyStoreX509CredentialAdapter(final KeyStore store, final String alias,
+ public EaafKeyStoreX509CredentialAdapter(final KeyStore store, final String alias,
final char[] password) {
super(store, alias, password);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
index 860eec64..957def02 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
@@ -101,7 +101,7 @@ public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder {
// evaluate template and write content to response
final Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");
velocityEngine.evaluate(context, out, "SAML2_POST_BINDING",
- new BufferedReader(new InputStreamReader(is)));
+ new BufferedReader(new InputStreamReader(is, "UTF-8")));
out.flush();
} catch (final Exception e) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index ea361f11..ec4009f0 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -26,7 +26,7 @@ import java.security.interfaces.RSAPrivateKey;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.KeyStoreX509CredentialAdapter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
@@ -120,7 +120,7 @@ public abstract class AbstractCredentialProvider {
keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
}
- final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+ final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
credentials.setUsageType(UsageType.SIGNING);
@@ -152,7 +152,7 @@ public abstract class AbstractCredentialProvider {
keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
}
- final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+ final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
credentials.setUsageType(UsageType.SIGNING);
@@ -191,7 +191,7 @@ public abstract class AbstractCredentialProvider {
return null;
}
- final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+ final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
credentials.setUsageType(UsageType.ENCRYPTION);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
index 1c7a9652..8bcc3e74 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
@@ -20,7 +20,6 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
@@ -34,7 +33,6 @@ import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
import org.apache.commons.lang3.StringUtils;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.Status;
@@ -56,8 +54,6 @@ import org.w3c.dom.Document;
public class Saml2Utils {
private static final Logger log = LoggerFactory.getLogger(Saml2Utils.class);
- private static SecureRandomIdentifierGenerator idGenerator;
-
private static DocumentBuilder builder;
static {
@@ -70,15 +66,7 @@ public class Saml2Utils {
} catch (final ParserConfigurationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- }
-
- try {
- idGenerator = new SecureRandomIdentifierGenerator();
-
- } catch (final NoSuchAlgorithmException e) {
- e.printStackTrace();
-
- }
+ }
}
/**
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java
index 4eb711f9..8f042ae2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java
@@ -46,8 +46,8 @@ public class PvpAuthRequestSignedRole extends SAML2AuthnRequestsSignedRule {
final List<String> samlReqParam = inTransport.getParameterValues("SAMLRequest");
final List<String> samlRespParam = inTransport.getParameterValues("SAMLResponse");
final boolean isValidContent =
- ((samlReqParam.size() == 1 && !DatatypeHelper.isEmpty(samlReqParam.get(0)))
- || (samlRespParam.size() == 1 && !DatatypeHelper.isEmpty(samlRespParam.get(0))))
+ (samlReqParam.size() == 1 && !DatatypeHelper.isEmpty(samlReqParam.get(0))
+ || samlRespParam.size() == 1 && !DatatypeHelper.isEmpty(samlRespParam.get(0)))
&& !(samlReqParam.size() == 1 && samlRespParam.size() == 1);
return isValidSigned && isValidSigAlgExists && isValidContent;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
index 64eb5247..024c35d8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
@@ -23,6 +23,8 @@ import javax.xml.namespace.QName;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
@@ -73,10 +75,15 @@ public class SamlVerificationEngine {
try {
if (msg instanceof PvpSProfileRequest
&& ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) {
- verifyRequest(((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest()),
+ verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(),
sigTrustEngine);
- } else {
+ } else if (msg instanceof PvpSProfileResponse){
verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine);
+
+ } else {
+ log.warn("SAML2 message type: {} not supported", msg.getClass().getName());
+ throw new EaafProtocolException("9999", null);
+
}
} catch (final InvalidProtocolRequestException e) {
@@ -96,7 +103,7 @@ public class SamlVerificationEngine {
if (msg instanceof PvpSProfileRequest
&& ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) {
- verifyRequest(((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest()),
+ verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(),
sigTrustEngine);
} else {
verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine);