summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2019-12-04 19:43:32 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2019-12-04 19:43:32 +0100
commit759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f (patch)
tree2132024fc058b1ef5338bf50df575a3244cc3f9f /eaaf_modules/eaaf_module_pvp2_core
parent4f15bdc45b08724d20c66c9fd74ea6a43a03c32f (diff)
downloadEAAF-Components-759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f.tar.gz
EAAF-Components-759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f.tar.bz2
EAAF-Components-759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f.zip
common EGIZ code-style refactoring
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java54
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java139
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java36
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java48
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java138
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpEventConstants.java29
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java50
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java41
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java59
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java115
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java58
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java243
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java35
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java61
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java236
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java30
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java64
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java55
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java154
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java56
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java150
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java51
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java48
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java35
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java28
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java65
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java61
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java68
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java56
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java40
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPvpRequestException.java30
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java46
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java43
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java57
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java66
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java41
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java55
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java34
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java44
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java44
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java33
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java37
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SAMLMetadataSignatureException.java48
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java40
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java73
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java83
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java405
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java401
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java263
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java233
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java221
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java450
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java244
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java458
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java153
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFExtensionImplementation.java36
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestExtensionBuilder.java45
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeBuilder.java45
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeMarshaller.java76
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeUnmarshaller.java75
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesBuilder.java45
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesMarshaller.java31
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesUnmarshaller.java45
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafExtensionImplementation.java32
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java41
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java40
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java69
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java74
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java41
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java26
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java41
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java230
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileRequest.java69
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileResponse.java61
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java73
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileResponse.java59
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java929
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java112
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java415
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HTTPPostEncoderWithOwnTemplate.java122
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java123
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java79
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java106
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java94
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java156
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java87
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java141
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributeImpl.java133
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributesImpl.java61
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java149
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java56
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java430
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java104
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java106
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java201
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java247
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EAAFURICompare.java60
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java53
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java73
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java266
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java236
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java251
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java163
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java317
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPAuthRequestSignedRole.java66
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPSignedRequestPolicyRule.java84
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java56
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java82
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SAMLVerificationEngine.java207
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java218
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml47
112 files changed, 6539 insertions, 6652 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java
deleted file mode 100644
index c72db697..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVP2SProfileCoreSpringResourceProvider.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2;
-
-import org.springframework.core.io.ClassPathResource;
-import org.springframework.core.io.Resource;
-
-import at.gv.egiz.components.spring.api.SpringResourceProvider;
-
-public class PVP2SProfileCoreSpringResourceProvider implements SpringResourceProvider {
-
- @Override
- public String getName() {
- return "EAAF PVP2 S-Profile Core SpringResourceProvider";
- }
-
- @Override
- public String[] getPackagesToScan() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public Resource[] getResourcesToLoad() {
- ClassPathResource sl20AuthConfig = new ClassPathResource("/eaaf_pvp.beans.xml", PVP2SProfileCoreSpringResourceProvider.class);
-
- return new Resource[] {sl20AuthConfig};
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java
deleted file mode 100644
index 3b57a7e3..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java
+++ /dev/null
@@ -1,139 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
-import at.gv.egiz.eaaf.core.impl.data.Trible;
-
-public interface PVPConstants extends PVPAttributeDefinitions {
-
- public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
- public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
- public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
- public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
-
- public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
- public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
- public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
-
- @Deprecated
- public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
-
- public static final String REDIRECT = "Redirect";
- public static final String POST = "Post";
- public static final String SOAP = "Soap";
- public static final String METADATA = "Metadata";
- public static final String ATTRIBUTEQUERY = "AttributeQuery";
- public static final String SINGLELOGOUT = "SingleLogOut";
-
- /**
- *
- * Get required PVP attributes for egovtoken
- * First : PVP attribute name (OID)
- * Second: FriendlyName
- * Third: Required
- *
- */
- public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES =
- Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
- private static final long serialVersionUID = 1L;
- {
- //currently supported attributes
- add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
- add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
-
- //currently not supported attributes
- add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false));
- add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false));
- add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false));
- add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false));
- add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
- add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
-
-
- }
- });
-
- /**
- *
- * Get required PVP attributes for citizenToken
- * First : PVP attribute name (OID)
- * Second: FriendlyName
- * Third: Required
- *
- */
- public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES =
- Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
- private static final long serialVersionUID = 1L;
- {
- //required attributes - eIDAS minimal-data set
- add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
- add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
- add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
- add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
- add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
-
-
- //not required attributes
- add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
- add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
- add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
-
-
-
- }
- });
-
- //constants for requested SAML2 attribtes by using own namespace
- public static final String EIDAT10_SAML_NS = "http://eid.gv.at/eID/attributes/saml-extensions";
- public static final String EIDAT10_PREFIX = "eid";
-
- public static final QName EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE =
- new QName(EIDAT10_SAML_NS, "AttributeValue", EIDAT10_PREFIX);
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java
deleted file mode 100644
index d1f619bf..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPEventConstants.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2;
-
-public class PVPEventConstants {
-
- //TODO!!!
- public static final int AUTHPROTOCOL_PVP_METADATA = 3100;
- public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101;
- public static final int AUTHPROTOCOL_PVP_RESPONSE_ASSERTION = 3105;
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java
new file mode 100644
index 00000000..c0482c9d
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+public class Pvp2SProfileCoreSpringResourceProvider implements SpringResourceProvider {
+
+ @Override
+ public String getName() {
+ return "EAAF PVP2 S-Profile Core SpringResourceProvider";
+ }
+
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Resource[] getResourcesToLoad() {
+ final ClassPathResource sl20AuthConfig =
+ new ClassPathResource("/eaaf_pvp.beans.xml", Pvp2SProfileCoreSpringResourceProvider.class);
+
+ return new Resource[] {sl20AuthConfig};
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
new file mode 100644
index 00000000..e8d42e80
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import javax.xml.namespace.QName;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.signature.SignatureConstants;
+
+public interface PvpConstants extends PVPAttributeDefinitions {
+
+ public static final String DEFAULT_SIGNING_METHODE =
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
+ public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
+ public static final String DEFAULT_SYM_ENCRYPTION_METHODE =
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
+ public static final String DEFAULT_ASYM_ENCRYPTION_METHODE =
+ EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
+
+ public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
+ public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
+ public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
+
+ @Deprecated
+ public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
+
+ public static final String REDIRECT = "Redirect";
+ public static final String POST = "Post";
+ public static final String SOAP = "Soap";
+ public static final String METADATA = "Metadata";
+ public static final String ATTRIBUTEQUERY = "AttributeQuery";
+ public static final String SINGLELOGOUT = "SingleLogOut";
+
+ /**
+ * Get required PVP attributes for egovtoken First : PVP attribute name (OID) Second: FriendlyName
+ * Third: Required.
+ *
+ */
+ public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES =
+ Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
+ private static final long serialVersionUID = 1L;
+ {
+ // currently supported attributes
+ add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+
+ // currently not supported attributes
+ add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
+ add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
+
+
+ }
+ });
+
+ /**
+ * Get required PVP attributes for citizenToken First : PVP attribute name (OID) Second:
+ * FriendlyName Third: Required.
+ *
+ */
+ public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES =
+ Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
+ private static final long serialVersionUID = 1L;
+ {
+ // required attributes - eIDAS minimal-data set
+ add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+ add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
+ add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
+ add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
+
+
+ // not required attributes
+ add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+ EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
+ add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
+ add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME,
+ EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
+ MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME,
+ false));
+ add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME,
+ MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME,
+ MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME,
+ MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME,
+ MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME,
+ false));
+ add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ false));
+ add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME,
+ MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
+
+
+
+ }
+ });
+
+ // constants for requested SAML2 attribtes by using own namespace
+ public static final String EIDAT10_SAML_NS = "http://eid.gv.at/eID/attributes/saml-extensions";
+ public static final String EIDAT10_PREFIX = "eid";
+
+ public static final QName EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE =
+ new QName(EIDAT10_SAML_NS, "AttributeValue", EIDAT10_PREFIX);
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpEventConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpEventConstants.java
new file mode 100644
index 00000000..41b64470
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpEventConstants.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2;
+
+public class PvpEventConstants {
+
+ // TODO!!!
+ public static final int AUTHPROTOCOL_PVP_METADATA = 3100;
+ public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101;
+ public static final int AUTHPROTOCOL_PVP_RESPONSE_ASSERTION = 3105;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java
deleted file mode 100644
index 48b0efc5..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api;
-
-import java.util.List;
-
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.Organization;
-
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-
-public interface IPVP2BasicConfiguration {
-
- public String getIDPEntityId(String authURL) throws EAAFException;
-
- public String getIDPSSOPostService(String authURL) throws EAAFException;
-
- public String getIDPSSORedirectService(String authURL) throws EAAFException;
-
- public Object getIDPSSOSOAPService(String extractAuthURLFromRequest) throws EAAFException;
-
- public List<ContactPerson> getIDPContacts() throws EAAFException;
-
- public Organization getIDPOrganisation() throws EAAFException;
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java
new file mode 100644
index 00000000..39c0baff
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api;
+
+import java.util.List;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+
+public interface IPvo2BasicConfiguration {
+
+ String getIdpEntityId(String authUrl) throws EaafException;
+
+ String getIdpSsoPostService(String authUrl) throws EaafException;
+
+ String getIdpSsoRedirectService(String authUrl) throws EaafException;
+
+ Object getIspSsoSoapService(String extractAuthUrlFromRequest) throws EaafException;
+
+ List<ContactPerson> getIdpContacts() throws EaafException;
+
+ Organization getIdpOrganisation() throws EaafException;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
index 3b264b6d..27a6532b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
@@ -1,49 +1,40 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.api.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
import org.opensaml.common.binding.decoding.URIComparator;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.security.SecurityException;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
-
public interface IDecoder {
- public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator)
- throws MessageDecodingException, SecurityException, PVP2Exception;
-
- public boolean handleDecode(String action, HttpServletRequest req);
-
- public String getSAML2BindingName();
+ public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp,
+ MetadataProvider metadataProvider, boolean isSpEndPoint, URIComparator comparator)
+ throws MessageDecodingException, SecurityException, Pvp2Exception;
+
+ public boolean handleDecode(String action, HttpServletRequest req);
+
+ public String getSaml2BindingName();
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
index ec400e7a..9d8b0105 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
@@ -1,75 +1,70 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.api.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
-
public interface IEncoder {
-
- /**
- *
- * @param req The http request
- * @param resp The http response
- * @param request The SAML2 request object
- * @param targetLocation URL, where the request should be transmit
- * @param relayState token for session handling
- * @param credentials Credential to sign the request object
- * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
- * @throws MessageEncodingException
- * @throws SecurityException
- * @throws PVP2Exception
- */
- public void encodeRequest(HttpServletRequest req,
- HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException, PVP2Exception;
-
- /**
- * Encoder SAML Response
- * @param req The http request
- * @param resp The http response
- * @param response The SAML2 repsonse object
- * @param targetLocation URL, where the request should be transmit
- * @param relayState token for session handling
- * @param credentials Credential to sign the response object
- * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
- * @throws MessageEncodingException
- * @throws SecurityException
- */
- public void encodeRespone(HttpServletRequest req,
- HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException, PVP2Exception;
+
+ /**
+ * SAML2 Request encoder.
+ *
+ * @param req The http request
+ * @param resp The http response
+ * @param request The SAML2 request object
+ * @param targetLocation URL, where the request should be transmit
+ * @param relayState token for session handling
+ * @param credentials Credential to sign the request object
+ * @param pendingReq Internal MOA-ID request object that contains session-state informations but
+ * never null
+ * @throws MessageEncodingException In case of an error
+ * @throws SecurityException In case of an error
+ * @throws Pvp2Exception In case of an error
+ */
+ void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials,
+ IRequest pendingReq) throws MessageEncodingException, SecurityException, Pvp2Exception;
+
+ /**
+ * Encoder SAML Response.
+ *
+ * @param req The http request
+ * @param resp The http response
+ * @param response The SAML2 repsonse object
+ * @param targetLocation URL, where the request should be transmit
+ * @param relayState token for session handling
+ * @param credentials Credential to sign the response object
+ * @param pendingReq Internal MOA-ID request object that contains session-state informations but
+ * never null
+ * @throws MessageEncodingException In case of an error
+ * @throws SecurityException In case of an error
+ */
+ void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation, String relayState, Credential credentials,
+ IRequest pendingReq) throws MessageEncodingException, SecurityException, Pvp2Exception;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java
index 416672a1..e5b253a2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java
@@ -1,42 +1,34 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.api.message;
import org.w3c.dom.Element;
-/**
- * @author tlenz
- *
- */
public interface InboundMessageInterface {
-
- public String getRelayState();
- public String getEntityID();
- public boolean isVerified();
- public Element getInboundMessage();
-
+
+ String getRelayState();
+
+ String getEntityID();
+
+ boolean isVerified();
+
+ Element getInboundMessage();
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
deleted file mode 100644
index c041ec72..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
+++ /dev/null
@@ -1,243 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
-
-import java.util.Collection;
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPMetadataBuilderConfiguration {
-
-
- /**
- * Defines a unique name for this PVP Service-provider, which is used for logging
- *
- * @return
- */
- public String getSPNameForLogging();
-
- /**
- * Set metadata valid area
- *
- * @return valid until in hours [h]
- */
- public int getMetadataValidUntil();
-
- /**
- * Build a SAML2 Entities element as metadata root element
- *
- * @return true, if the metadata should start with entities element
- */
- public boolean buildEntitiesDescriptorAsRootElement();
-
- /**
- *
- *
- * @return true, if an IDP SSO-descriptor element should be generated
- */
- public boolean buildIDPSSODescriptor();
-
- /**
- *
- *
- * @return true, if an SP SSO-descriptor element should be generated
- */
- public boolean buildSPSSODescriptor();
-
- /**
- * Set the PVP entityID for this SAML2 metadata.
- * The entityID must be an URL and must be start with the public-URL prefix of the server
- *
- * @return PVP entityID postfix as String
- */
- public String getEntityID();
-
- /**
- * Set a friendlyName for this PVP entity
- *
- * @return
- */
- public String getEntityFriendlyName();
-
- /**
- * Set the contact information for this metadata entity
- *
- * @return
- */
- public List<ContactPerson> getContactPersonInformation();
-
- /**
- * Set organisation information for this metadata entity
- *
- * @return
- */
- public Organization getOrgansiationInformation();
-
-
- /**
- * Set the credential for metadata signing
- *
- * @return
- * @throws CredentialsNotAvailableException
- */
- public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
-
- /**
- * Set the credential for request/response signing
- * IDP metadata: this credential is used for SAML2 response signing
- * SP metadata: this credential is used for SAML2 response signing
- *
- * @return
- * @throws CredentialsNotAvailableException
- */
- public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException;
-
- /**
- * Set the credential for response encryption
- *
- * @return
- * @throws CredentialsNotAvailableException
- */
- public Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
-
- /**
- * Set the IDP Post-Binding URL for WebSSO
- *
- * @return
- */
- public String getIDPWebSSOPostBindingURL();
-
- /**
- * Set the IDP Redirect-Binding URL for WebSSO
- *
- * @return
- */
- public String getIDPWebSSORedirectBindingURL();
-
- /**
- * Set the IDP Post-Binding URL for Single LogOut
- *
- * @return
- */
- public String getIDPSLOPostBindingURL();
-
- /**
- * Set the IDP Redirect-Binding URL for Single LogOut
- *
- * @return
- */
- public String getIDPSLORedirectBindingURL();
-
- /**
- * Set the SP Post-Binding URL for for the Assertion-Consumer Service
- *
- * @return
- */
- public String getSPAssertionConsumerServicePostBindingURL();
-
- /**
- * Set the SP Redirect-Binding URL for the Assertion-Consumer Service
- *
- * @return
- */
- public String getSPAssertionConsumerServiceRedirectBindingURL();
-
- /**
- * Set the SP Post-Binding URL for Single LogOut
- *
- * @return
- */
- public String getSPSLOPostBindingURL();
-
- /**
- * Set the SP Redirect-Binding URL for Single LogOut
- *
- * @return
- */
- public String getSPSLORedirectBindingURL();
-
- /**
- * Set the SP SOAP-Binding URL for Single LogOut
- *
- * @return
- */
- public String getSPSLOSOAPBindingURL();
-
-
- /**
- * Set all SAML2 attributes which could be provided by this IDP
- *
- * @return
- */
- public List<Attribute> getIDPPossibleAttributes();
-
- /**
- * Set all nameID types which could be provided by this IDP
- *
- * @return a List of SAML2 nameID types
- */
- public List<String> getIDPPossibleNameITTypes();
-
- /**
- * Set all SAML2 attributes which are required by the SP
- *
- * @return
- */
- public Collection<RequestedAttribute> getSPRequiredAttributes();
-
- /**
- * Set all nameID types which allowed from the SP
- *
- * @return a List of SAML2 nameID types
- */
- public List<String> getSPAllowedNameITTypes();
-
- /**
- * Set the 'wantAssertionSigned' attribute in SP metadata
- *
- * @return
- */
- public boolean wantAssertionSigned();
-
- /**
- * Set the 'wantAuthnRequestSigned' attribute
- *
- * @return
- */
- public boolean wantAuthnRequestSigned();
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java
deleted file mode 100644
index be36a878..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
-
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-
-public interface IPVPMetadataConfigurationFactory {
-
- public IPVPMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL, AbstractCredentialProvider pvpIDPCredentials);
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java
deleted file mode 100644
index f5c6a35a..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
-
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.xml.XMLObject;
-
-public interface IPVPMetadataProvider extends MetadataProvider {
-
- boolean requireValidMetadata();
-
- void setRequireValidMetadata(boolean requireValidMetadata);
-
- MetadataFilter getMetadataFilter();
-
- void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException;
-
- XMLObject getMetadata() throws MetadataProviderException;
-
- EntitiesDescriptor getEntitiesDescriptor(String entitiesID) throws MetadataProviderException;
-
- EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException;
-
- List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException;
-
- RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) throws MetadataProviderException;
-
-} \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java
new file mode 100644
index 00000000..f06a1684
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java
@@ -0,0 +1,236 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import java.util.Collection;
+import java.util.List;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.security.credential.Credential;
+
+/**
+ * PVP Metadata builder configuration.
+ *
+ * @author tlenz
+ *
+ */
+public interface IPvpMetadataBuilderConfiguration {
+
+
+ /**
+ * Defines a unique name for this PVP Service-provider, which is used for logging.
+ *
+ * @return
+ */
+ String getSpNameForLogging();
+
+ /**
+ * Set metadata valid area.
+ *
+ * @return valid until in hours [h]
+ */
+ int getMetadataValidUntil();
+
+ /**
+ * Build a SAML2 Entities element as metadata root element.
+ *
+ * @return true, if the metadata should start with entities element
+ */
+ boolean buildEntitiesDescriptorAsRootElement();
+
+ /**
+ * Build an IDP SSO Descriptor.
+ *
+ * @return true, if an IDP SSO-descriptor element should be generated
+ */
+ boolean buildIdpSsoDescriptor();
+
+ /**
+ * Build a SP Descriptor.
+ *
+ * @return true, if an SP SSO-descriptor element should be generated
+ */
+ boolean buildSpSsoDescriptor();
+
+ /**
+ * Set the PVP entityID for this SAML2 metadata. The entityID must be an URL and must be start
+ * with the public-URL prefix of the server.
+ *
+ * @return PVP entityID postfix as String
+ */
+ String getEntityID();
+
+ /**
+ * Set a friendlyName for this PVP entity.
+ *
+ * @return
+ */
+ String getEntityFriendlyName();
+
+ /**
+ * Set the contact information for this metadata entity.
+ *
+ * @return
+ */
+ List<ContactPerson> getContactPersonInformation();
+
+ /**
+ * Set organisation information for this metadata entity.
+ *
+ * @return
+ */
+ Organization getOrgansiationInformation();
+
+
+ /**
+ * Set the credential for metadata signing.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of an error
+ */
+ Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
+
+ /**
+ * Set the credential for request/response signing IDP metadata: this credential is used for SAML2
+ * response signing SP metadata: this credential is used for SAML2 response signing.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of an error
+ */
+ Credential getRequestorResponseSigningCredentials()
+ throws CredentialsNotAvailableException;
+
+ /**
+ * Set the credential for response encryption.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of an error
+ */
+ Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
+
+ /**
+ * Set the IDP Post-Binding URL for WebSSO.
+ *
+ * @return
+ */
+ String getIdpWebSsoPostBindingUrl();
+
+ /**
+ * Set the IDP Redirect-Binding URL for WebSSO.
+ *
+ * @return
+ */
+ String getIdpWebSsoRedirectBindingUrl();
+
+ /**
+ * Set the IDP Post-Binding URL for Single LogOut.
+ *
+ * @return
+ */
+ String getIdpSloPostBindingUrl();
+
+ /**
+ * Set the IDP Redirect-Binding URL for Single LogOut.
+ *
+ * @return
+ */
+ String getIdpSloRedirectBindingUrl();
+
+ /**
+ * Set the SP Post-Binding URL for for the Assertion-Consumer Service.
+ *
+ * @return
+ */
+ String getSpAssertionConsumerServicePostBindingUrl();
+
+ /**
+ * Set the SP Redirect-Binding URL for the Assertion-Consumer Service.
+ *
+ * @return
+ */
+ String getSpAssertionConsumerServiceRedirectBindingUrl();
+
+ /**
+ * Set the SP Post-Binding URL for Single LogOut.
+ *
+ * @return
+ */
+ String getSpSloPostBindingUrl();
+
+ /**
+ * Set the SP Redirect-Binding URL for Single LogOut.
+ *
+ * @return
+ */
+ String getSpSloRedirectBindingUrl();
+
+ /**
+ * Set the SP SOAP-Binding URL for Single LogOut.
+ *
+ * @return
+ */
+ String getSpSloSoapBindingUrl();
+
+
+ /**
+ * Set all SAML2 attributes which could be provided by this IDP.
+ *
+ * @return
+ */
+ List<Attribute> getIdpPossibleAttributes();
+
+ /**
+ * Set all nameID types which could be provided by this IDP.
+ *
+ * @return a List of SAML2 nameID types
+ */
+ List<String> getIdpPossibleNameIdTypes();
+
+ /**
+ * Set all SAML2 attributes which are required by the SP.
+ *
+ * @return
+ */
+ Collection<RequestedAttribute> getSpRequiredAttributes();
+
+ /**
+ * Set all nameID types which allowed from the SP.
+ *
+ * @return a List of SAML2 nameID types
+ */
+ List<String> getSpAllowedNameIdTypes();
+
+ /**
+ * Set the 'wantAssertionSigned' attribute in SP metadata.
+ *
+ * @return
+ */
+ boolean wantAssertionSigned();
+
+ /**
+ * Set the 'wantAuthnRequestSigned' attribute.
+ *
+ * @return
+ */
+ boolean wantAuthnRequestSigned();
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java
new file mode 100644
index 00000000..4207d860
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+
+public interface IPvpMetadataConfigurationFactory {
+
+
+ IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authUrl,
+ AbstractCredentialProvider pvpIdpCredentials);
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java
new file mode 100644
index 00000000..bc90ff3f
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+
+public interface IPvpMetadataProvider extends MetadataProvider {
+
+ @Override
+ boolean requireValidMetadata();
+
+ @Override
+ void setRequireValidMetadata(boolean requireValidMetadata);
+
+ @Override
+ MetadataFilter getMetadataFilter();
+
+ @Override
+ void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException;
+
+ @Override
+ XMLObject getMetadata() throws MetadataProviderException;
+
+ @Override
+ EntitiesDescriptor getEntitiesDescriptor(String entitiesID) throws MetadataProviderException;
+
+ @Override
+ EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException;
+
+ @Override
+ List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException;
+
+ @Override
+ RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol)
+ throws MetadataProviderException;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
index 2f9e5fea..74ee74de 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
@@ -1,42 +1,37 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
/**
+ * Metadata provider that supports dynamic refreshing on external events.
+ *
* @author tlenz
*
*/
public interface IRefreshableMetadataProvider {
- /**
- * Refresh a entity or load a entity in a metadata provider
- *
- * @param entityID
- * @return true, if refresh is success, otherwise false
- */
- public boolean refreshMetadataProvider(String entityID);
+ /**
+ * Refresh a entity or load a entity in a metadata provider.
+ *
+ * @param entityID EntityId
+ * @return true, if refresh is success, otherwise false
+ */
+ public boolean refreshMetadataProvider(String entityID);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java
deleted file mode 100644
index 0501a990..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.reqattr;
-
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.xml.AttributeExtensibleXMLObject;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSBooleanValue;
-
-import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
-
-public interface EAAFRequestedAttribute extends SAMLObject, AttributeExtensibleXMLObject , org.opensaml.saml2.metadata.RequestedAttribute{
-
- /** Element local name. */
- String DEF_LOCAL_NAME = "RequestedAttribute";
-
- /** Local name of the XSI type. */
- String TYPE_LOCAL_NAME = "RequestedAttributeAbstractType";
-
-
- /** Default element name. */
- QName DEFAULT_ELEMENT_NAME = new QName(PVPConstants.EIDAT10_SAML_NS, DEF_LOCAL_NAME,
- PVPConstants.EIDAT10_PREFIX);
-
- /** QName of the XSI type. */
- QName TYPE_NAME = new QName(PVPConstants.EIDAT10_SAML_NS, TYPE_LOCAL_NAME,
- PVPConstants.EIDAT10_PREFIX);
-
-
-
- /** NAME_ATTRIB_NAME attribute name. */
- String NAME_ATTRIB_NAME = "Name";
-
- /** NAME_FORMAT_ATTRIB_NAME attribute name. */
- String NAME_FORMAT_ATTR = "NameFormat";
-
- /** IS_REQUIRED_ATTRIB_NAME attribute name. */
- String IS_REQUIRED_ATTR = "isRequired";
-
- /** FRIENDLY_NAME_ATTRIB_NAME attribute name. */
- String FRIENDLY_NAME_ATT = "FriendlyName";
-
- /** Unspecified attribute format ID. */
- String UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";
-
- /** URI reference attribute format ID. */
- String URI_REFERENCE = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri";
-
- /** Basic attribute format ID. */
- String BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
-
- /**
- * Gets the name.
- *
- * @return the name
- */
- String getName();
-
- /**
- * Sets the name.
- *
- * @param name the new name
- */
- void setName(String name);
-
- /**
- * Gets the name format.
- *
- * @return the name format
- */
- String getNameFormat();
-
- /**
- * Sets the name format.
- *
- * @param nameFormat the new name format
- */
- void setNameFormat(String nameFormat);
-
- /**
- * Gets the friendly name.
- *
- * @return the friendly name
- */
- String getFriendlyName();
-
- /**
- * Sets the friendly name.
- *
- * @param friendlyName the new friendly name
- */
- void setFriendlyName(String friendlyName);
-
-/* *//**
- * Gets the checks if is required.
- *
- * @return the checks if is required
- *//*
- String isRequired();*/
-
- /**
- * Gets the checks if is required xs boolean.
- *
- * @return the checks if is required xs boolean
- */
- String getIsRequiredXSBoolean();
-
- /**
- * Sets the checks if is required.
- *
- * @param newIsRequired the new checks if is required
- */
- void setIsRequired(String newIsRequired);
-
- /**
- * Gets the attribute values.
- *
- * @return the attribute values
- */
- List<XMLObject> getAttributeValues();
-
- XSBooleanValue isRequiredXSBoolean();
-
- void setIsRequired(Boolean aBoolean);
-
- void setIsRequired(XSBooleanValue xsBooleanValue);
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java
deleted file mode 100644
index 768d5c36..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.reqattr;
-
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
-
-public interface EAAFRequestedAttributes extends SAMLObject {
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "RequestedAttributes";
-
- /** Default element name. */
- QName DEFAULT_ELEMENT_NAME = new QName(PVPConstants.EIDAT10_SAML_NS, DEF_LOCAL_NAME,
- PVPConstants.EIDAT10_PREFIX);
-
- /** Local name of the XSI type. */
- String TYPE_LOCAL_NAME = "RequestedAttributesType";
-
- /** QName of the XSI type. */
- QName TYPE_NAME = new QName(PVPConstants.EIDAT10_SAML_NS, TYPE_LOCAL_NAME,
- PVPConstants.EIDAT10_PREFIX);
-
- /**
- * Gets the attributes.
- *
- * @return the attributes
- */
- List<EAAFRequestedAttribute> getAttributes();
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java
new file mode 100644
index 00000000..f44a545d
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.reqattr;
+
+import java.util.List;
+import javax.xml.namespace.QName;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.xml.AttributeExtensibleXMLObject;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSBooleanValue;
+
+public interface EaafRequestedAttribute extends SAMLObject, AttributeExtensibleXMLObject,
+ org.opensaml.saml2.metadata.RequestedAttribute {
+
+ /** Element local name. */
+ String DEF_LOCAL_NAME = "RequestedAttribute";
+
+ /** Local name of the XSI type. */
+ String TYPE_LOCAL_NAME = "RequestedAttributeAbstractType";
+
+
+ /** Default element name. */
+ QName DEFAULT_ELEMENT_NAME =
+ new QName(PvpConstants.EIDAT10_SAML_NS, DEF_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX);
+
+ /** QName of the XSI type. */
+ QName TYPE_NAME =
+ new QName(PvpConstants.EIDAT10_SAML_NS, TYPE_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX);
+
+
+
+ /** NAME_ATTRIB_NAME attribute name. */
+ String NAME_ATTRIB_NAME = "Name";
+
+ /** NAME_FORMAT_ATTRIB_NAME attribute name. */
+ String NAME_FORMAT_ATTR = "NameFormat";
+
+ /** IS_REQUIRED_ATTRIB_NAME attribute name. */
+ String IS_REQUIRED_ATTR = "isRequired";
+
+ /** FRIENDLY_NAME_ATTRIB_NAME attribute name. */
+ String FRIENDLY_NAME_ATT = "FriendlyName";
+
+ /** Unspecified attribute format ID. */
+ String UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";
+
+ /** URI reference attribute format ID. */
+ String URI_REFERENCE = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri";
+
+ /** Basic attribute format ID. */
+ String BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
+
+ /**
+ * Gets the name.
+ *
+ * @return the name
+ */
+ @Override
+ String getName();
+
+ /**
+ * Sets the name.
+ *
+ * @param name the new name
+ */
+ @Override
+ void setName(String name);
+
+ /**
+ * Gets the name format.
+ *
+ * @return the name format
+ */
+ @Override
+ String getNameFormat();
+
+ /**
+ * Sets the name format.
+ *
+ * @param nameFormat the new name format
+ */
+ @Override
+ void setNameFormat(String nameFormat);
+
+ /**
+ * Gets the friendly name.
+ *
+ * @return the friendly name
+ */
+ @Override
+ String getFriendlyName();
+
+ /**
+ * Sets the friendly name.
+ *
+ * @param friendlyName the new friendly name
+ */
+ @Override
+ void setFriendlyName(String friendlyName);
+
+ /**
+ * Gets the checks if is required xs boolean.
+ *
+ * @return the checks if is required xs boolean
+ */
+ String getIsRequiredXsBoolean();
+
+ @Override
+ void setIsRequired(Boolean aboolean);
+
+ @Override
+ void setIsRequired(XSBooleanValue xsBooleanValue);
+
+ /**
+ * Sets the checks if is required.
+ *
+ * @param newIsRequired the new checks if is required
+ */
+ void setIsRequired(String newIsRequired);
+
+ /**
+ * Gets the attribute values.
+ *
+ * @return the attribute values
+ */
+ @Override
+ List<XMLObject> getAttributeValues();
+
+ @Override
+ XSBooleanValue isRequiredXSBoolean();
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java
new file mode 100644
index 00000000..98f118b0
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.reqattr;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+
+public interface EaafRequestedAttributes extends SAMLObject {
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "RequestedAttributes";
+
+ /** Default element name. */
+ QName DEFAULT_ELEMENT_NAME =
+ new QName(PvpConstants.EIDAT10_SAML_NS, DEF_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX);
+
+ /** Local name of the XSI type. */
+ String TYPE_LOCAL_NAME = "RequestedAttributesType";
+
+ /** QName of the XSI type. */
+ QName TYPE_NAME =
+ new QName(PvpConstants.EIDAT10_SAML_NS, TYPE_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX);
+
+ /**
+ * Gets the attributes.
+ *
+ * @return the attributes
+ */
+ List<EaafRequestedAttribute> getAttributes();
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java
index 439543fe..41dcd3b9 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java
@@ -1,39 +1,33 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.api.validation;
import javax.servlet.http.HttpServletRequest;
-
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
public interface IAuthnRequestValidator {
- void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException;
+ void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq,
+ SPSSODescriptor spSsoDescriptor) throws AuthnRequestValidatorException;
-} \ No newline at end of file
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java
deleted file mode 100644
index 4b8ddea6..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.validation;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-
-public interface ISAMLValidator {
- public void validateRequest(RequestAbstractType request) throws EAAFException;
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java
new file mode 100644
index 00000000..3cbe59da
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.validation;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+public interface ISamlValidator {
+ void validateRequest(RequestAbstractType request) throws EaafException;
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java
index 189dc91e..82fb2c79 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java
@@ -1,48 +1,35 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.exception;
-/**
- * @author tlenz
- *
- */
-public class AttributQueryException extends PVP2Exception {
+public class AttributQueryException extends Pvp2Exception {
+
+
+ private static final long serialVersionUID = -4302422507173728748L;
- /**
- *
- */
- private static final long serialVersionUID = -4302422507173728748L;
+ public AttributQueryException(final String messageId, final Object[] parameters) {
+ super(messageId, parameters);
+ }
- public AttributQueryException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- public AttributQueryException(String messageId, Object[] parameters, Throwable e) {
- super(messageId, parameters, e);
- }
+ public AttributQueryException(final String messageId, final Object[] parameters, final Throwable e) {
+ super(messageId, parameters, e);
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java
index d966e4a1..97971d3a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java
@@ -1,45 +1,38 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.exception;
import org.opensaml.saml2.core.StatusCode;
-public class BindingNotSupportedException extends PVP2Exception {
+public class BindingNotSupportedException extends Pvp2Exception {
+
+ private static final long serialVersionUID = -7227603941387879360L;
+
+ public BindingNotSupportedException(final String binding) {
+ super("pvp2.11", new Object[] {binding});
+ this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
+ }
+
+
+
- public BindingNotSupportedException(String binding) {
- super("pvp2.11", new Object[] {binding});
- this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
- }
- /**
- *
- */
- private static final long serialVersionUID = -7227603941387879360L;
-
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java
index e079cdef..ae64e134 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java
@@ -1,48 +1,40 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
package at.gv.egiz.eaaf.modules.pvp2.exception;
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+public class CredentialsNotAvailableException extends EaafException {
+
+ private static final long serialVersionUID = -2564476345552842599L;
+
+ public CredentialsNotAvailableException(final String messageId, final Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public CredentialsNotAvailableException(final String messageId, final Object[] parameters,
+ final Throwable e) {
+ super(messageId, parameters, e);
+ }
-public class CredentialsNotAvailableException extends EAAFException {
- public CredentialsNotAvailableException(String messageId,
- Object[] parameters) {
- super(messageId, parameters);
- }
- public CredentialsNotAvailableException(String messageId,
- Object[] parameters, Throwable e) {
- super(messageId, parameters, e);
- }
-
- /**
- *
- */
- private static final long serialVersionUID = -2564476345552842599L;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java
index 6bcddf8a..8ca373c4 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java
@@ -1,43 +1,35 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.exception;
import org.opensaml.saml2.core.StatusCode;
-public class InvalidDateFormatException extends PVP2Exception {
+public class InvalidDateFormatException extends Pvp2Exception {
+
+ private static final long serialVersionUID = -6867976890237846085L;
+
+ public InvalidDateFormatException() {
+ super("pvp2.02", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
- public InvalidDateFormatException() {
- super("pvp2.02", null);
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
- /**
- *
- */
- private static final long serialVersionUID = -6867976890237846085L;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java
deleted file mode 100644
index 1d79ae2e..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPVPRequestException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.exception;
-
-public class InvalidPVPRequestException extends PVP2Exception {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- public InvalidPVPRequestException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPvpRequestException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPvpRequestException.java
new file mode 100644
index 00000000..e13731d6
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidPvpRequestException.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+public class InvalidPvpRequestException extends Pvp2Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public InvalidPvpRequestException(final String messageId, final Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java
deleted file mode 100644
index a5ff811d..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIDFormatNotSupportedException.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.exception;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-
-public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
-
- public NameIDFormatNotSupportedException(String nameIDFormat) {
- super("pvp2.12", new Object[] {nameIDFormat});
- statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
-
- }
-
- /**
- *
- */
- private static final long serialVersionUID = -2270762519437873336L;
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java
new file mode 100644
index 00000000..b43db603
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import org.opensaml.saml2.core.StatusCode;
+
+public class NameIdFormatNotSupportedException extends AuthnRequestValidatorException {
+
+ private static final long serialVersionUID = -2270762519437873336L;
+
+ /**
+ * Invalid nameIdFormat in SAML2 request.
+ *
+ * @param nameIdFormat requested NameIdFormat
+ */
+ public NameIdFormatNotSupportedException(final String nameIdFormat) {
+ super("pvp2.12", new Object[] {nameIdFormat});
+ statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
+
+ }
+
+
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java
index e600a1c7..f22d2d17 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java
@@ -1,43 +1,36 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.exception;
import org.opensaml.saml2.core.StatusCode;
-public class NoMetadataInformationException extends PVP2Exception {
+public class NoMetadataInformationException extends Pvp2Exception {
+
+ private static final long serialVersionUID = -4608068445208032193L;
+
+ public NoMetadataInformationException() {
+ super("pvp2.15", null);
+ this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
+ }
+
- public NoMetadataInformationException() {
- super("pvp2.15", null);
- this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
- }
- /**
- *
- */
- private static final long serialVersionUID = -4608068445208032193L;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java
deleted file mode 100644
index cfe4ca9d..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2Exception.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.exception;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-
-public abstract class PVP2Exception extends EAAFException {
- //TODO:!!!!!
-
- protected String statusCodeValue = StatusCode.RESPONDER_URI;
- protected String statusMessageValue = null;
-
- public PVP2Exception(String messageId, Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- this.statusMessageValue = this.getMessage();
- }
-
- public PVP2Exception(String messageId, Object[] parameters) {
- super(messageId, parameters);
- this.statusMessageValue = this.getMessage();
- }
-
-
- public String getStatusCodeValue() {
- return (this.statusCodeValue);
- }
-
- public String getStatusMessageValue() {
- return (this.statusMessageValue);
- }
-
- /**
- *
- */
- private static final long serialVersionUID = 7669537952484421069L;
-
-
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java
deleted file mode 100644
index 379fe19f..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/PVP2MetadataException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.exception;
-
-public class PVP2MetadataException extends PVP2Exception {
-
- private static final long serialVersionUID = 1L;
-
- public PVP2MetadataException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- public PVP2MetadataException(String messageId, Object[] parameters, Throwable wrapped) {
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java
new file mode 100644
index 00000000..93980a73
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import org.opensaml.saml2.core.StatusCode;
+
+public abstract class Pvp2Exception extends EaafException {
+ private static final long serialVersionUID = 7669537952484421069L;
+
+ protected String statusCodeValue = StatusCode.RESPONDER_URI;
+ protected String statusMessageValue = null;
+
+ public Pvp2Exception(final String messageId, final Object[] parameters, final Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ this.statusMessageValue = this.getMessage();
+ }
+
+ public Pvp2Exception(final String messageId, final Object[] parameters) {
+ super(messageId, parameters);
+ this.statusMessageValue = this.getMessage();
+ }
+
+
+ public String getStatusCodeValue() {
+ return (this.statusCodeValue);
+ }
+
+ public String getStatusMessageValue() {
+ return (this.statusMessageValue);
+ }
+
+
+
+
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java
new file mode 100644
index 00000000..ab0e8871
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+public class Pvp2MetadataException extends Pvp2Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public Pvp2MetadataException(final String messageId, final Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public Pvp2MetadataException(final String messageId, final Object[] parameters, final Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java
deleted file mode 100644
index a8012d85..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotAllowedException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.exception;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotAllowedException extends PVP2Exception {
-
- public QAANotAllowedException(String qaa_auth, String qaa_request, String mode) {
- super("pvp2.17", new Object[] {qaa_auth, qaa_request, mode});
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
-
- /**
- *
- */
- private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java
deleted file mode 100644
index 0b53ae23..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QAANotSupportedException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.exception;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotSupportedException extends PVP2Exception {
-
- public QAANotSupportedException(String qaa) {
- super("pvp2.05", new Object[] {qaa});
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
-
- /**
- *
- */
- private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java
new file mode 100644
index 00000000..9edba3f2
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import org.opensaml.saml2.core.StatusCode;
+
+
+public class QaaNotAllowedException extends Pvp2Exception {
+
+ private static final long serialVersionUID = -3964192953884089323L;
+
+ public QaaNotAllowedException(final String qaaAuth, final String qaaRequest, final String mode) {
+ super("pvp2.17", new Object[] {qaaAuth, qaaRequest, mode});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java
new file mode 100644
index 00000000..dc48508d
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import org.opensaml.saml2.core.StatusCode;
+
+
+public class QaaNotSupportedException extends Pvp2Exception {
+
+ private static final long serialVersionUID = -3964192953884089323L;
+
+ public QaaNotSupportedException(final String qaa) {
+ super("pvp2.05", new Object[] {qaa});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SAMLMetadataSignatureException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SAMLMetadataSignatureException.java
deleted file mode 100644
index 9e35871d..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SAMLMetadataSignatureException.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.exception;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class SAMLMetadataSignatureException extends PVP2Exception {
-
- public SAMLMetadataSignatureException() {
- super("pvp2.25", null);
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
-
- public SAMLMetadataSignatureException(Throwable e) {
- super("pvp2.25", null, e);
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java
new file mode 100644
index 00000000..ede310f0
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.exception;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class SamlMetadataSignatureException extends Pvp2Exception {
+ private static final long serialVersionUID = 1L;
+
+ public SamlMetadataSignatureException() {
+ super("pvp2.25", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ public SamlMetadataSignatureException(final Throwable e) {
+ super("pvp2.25", null, e);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java
index f9adbf6d..39cf148b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java
@@ -1,56 +1,35 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.exception;
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationException extends PVP2Exception {
+public class SchemaValidationException extends Pvp2Exception {
+
+ private static final long serialVersionUID = 1L;
+
- /**
- *
- */
- private static final long serialVersionUID = 1L;
+ public SchemaValidationException(final String messageId, final Object[] parameters) {
+ super(messageId, parameters);
+ }
- /**
- * @param messageId
- * @param parameters
- */
- public SchemaValidationException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * @param messageId
- * @param parameters
- */
- public SchemaValidationException(String messageId, Object[] parameters, Throwable e) {
- super(messageId, parameters, e);
- }
+ public SchemaValidationException(final String messageId, final Object[] parameters, final Throwable e) {
+ super(messageId, parameters, e);
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java
index 1f1f46e5..410686f6 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java
@@ -1,62 +1,43 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.exception;
import org.opensaml.saml2.metadata.provider.FilterException;
-/**
- * @author tlenz
- *
- */
public class SignatureValidationException extends FilterException {
- /**
- * @param string
- */
- public SignatureValidationException(String string) {
- super(string);
-
- }
-
- /**
- * @param e
- */
- public SignatureValidationException(Exception e) {
- super(e);
- }
-
- /**
- * @param string
- * @param object
- */
- public SignatureValidationException(String string, Exception e) {
- super(string, e);
- }
-
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 1L;
+
+ public SignatureValidationException(final String string) {
+ super(string);
+
+ }
+
+ public SignatureValidationException(final Exception e) {
+ super(e);
+ }
+
+ public SignatureValidationException(final String string, final Exception e) {
+ super(string, e);
+ }
+
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
index 79578788..0933f0a2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
@@ -1,34 +1,43 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HttpPostEncoderWithOwnTemplate;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSignedRequestPolicyRule;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
@@ -57,186 +66,174 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGUIBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
-import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HTTPPostEncoderWithOwnTemplate;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PVPSignedRequestPolicyRule;
-
@Service("PVPPOSTBinding")
public class PostBinding implements IDecoder, IEncoder {
- private static final Logger log = LoggerFactory.getLogger(PostBinding.class);
-
- @Autowired(required=true) IConfiguration authConfig;
- @Autowired(required=true) IVelocityGuiFormBuilder guiBuilder;
- @Autowired(required=true) IGUIBuilderConfigurationFactory guiConfigFactory;
-
- @Override
- public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException {
-
- try {
- //load default PVP security configurations
- EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
-
- //initialize POST binding encoder with template decoration
- final IVelocityGUIBuilderConfiguration guiConfig = guiConfigFactory.getSPSpecificSAML2PostConfiguration(
- pendingReq,
- "pvp_postbinding_template.html",
- authConfig.getConfigurationRootDirectory());
-
- final HTTPPostEncoderWithOwnTemplate encoder = new HTTPPostEncoderWithOwnTemplate(guiConfig, guiBuilder,
- VelocityProvider.getClassPathVelocityEngine());
-
- //set OpenSAML2 process parameter into binding context dao
- final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- final SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
- service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- service.setLocation(targetLocation);;
-
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(request);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
-
- encoder.encode(context);
-
- } catch (final Exception e) {
- log.warn("Can not encode SAML2 request", e);
- throw new SecurityException(e);
-
- }
- }
-
- @Override
- public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException {
-
- try {
- //load default PVP security configurations
- EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
-
- log.debug("create SAML POSTBinding response");
-
- //initialize POST binding encoder with template decoration
- final IVelocityGUIBuilderConfiguration guiConfig = guiConfigFactory.getSPSpecificSAML2PostConfiguration(
- pendingReq,
- "pvp_postbinding_template.html",
- authConfig.getConfigurationRootDirectory());
- final HTTPPostEncoderWithOwnTemplate encoder = new HTTPPostEncoderWithOwnTemplate(guiConfig, guiBuilder,
- VelocityProvider.getClassPathVelocityEngine());
-
- //set OpenSAML2 process parameter into binding context dao
- final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- final SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- service.setLocation(targetLocation);
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
- // context.setOutboundMessage(authReq);
- context.setOutboundSAMLMessage(response);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
-
- encoder.encode(context);
-
- } catch (final Exception e) {
- log.warn("Can not encode SAML2 response", e);
- throw new SecurityException(e);
-
- }
- }
-
- @Override
- public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
- SecurityException {
-
- final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- final BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
- //set metadata descriptor type
- if (isSPEndPoint) {
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(comparator);
-
- } else {
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(comparator);
- }
-
- messageContext.setMetadataProvider(metadataProvider);
-
- //set security policy context
- final BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(
- new PVPSignedRequestPolicyRule(metadataProvider,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider),
- messageContext.getPeerEntityRole()));
- final SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
- messageContext.setSecurityPolicyResolver(secResolver);
-
- decode.decode(messageContext);
-
- InboundMessage msg = null;
- if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
- final RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
- msg = new PVPSProfileRequest(inboundMessage, getSAML2BindingName());
- msg.setEntityID(inboundMessage.getIssuer().getValue());
-
- } else if (messageContext.getInboundMessage() instanceof StatusResponseType){
- final StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
- msg = new PVPSProfileResponse(inboundMessage);
- msg.setEntityID(inboundMessage.getIssuer().getValue());
-
- } else
- //create empty container if request type is unknown
- msg = new InboundMessage();
-
- if (messageContext.getPeerEntityMetadata() != null)
- msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-
- else {
- if (StringUtils.isEmpty(msg.getEntityID()))
- log.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
- }
-
-
- msg.setVerified(true);
- msg.setRelayState(messageContext.getRelayState());
-
- return msg;
- }
-
- @Override
- public boolean handleDecode(String action, HttpServletRequest req) {
- return (req.getMethod().equals("POST") && action.equals(PVPConstants.POST));
- }
-
- @Override
- public String getSAML2BindingName() {
- return SAMLConstants.SAML2_POST_BINDING_URI;
- }
+ private static final Logger log = LoggerFactory.getLogger(PostBinding.class);
+
+ @Autowired(required = true)
+ IConfiguration authConfig;
+ @Autowired(required = true)
+ IVelocityGuiFormBuilder guiBuilder;
+ @Autowired(required = true)
+ IGuiBuilderConfigurationFactory guiConfigFactory;
+
+ @Override
+ public void encodeRequest(final HttpServletRequest req, final HttpServletResponse resp,
+ final RequestAbstractType request, final String targetLocation, final String relayState,
+ final Credential credentials, final IRequest pendingReq)
+ throws MessageEncodingException, SecurityException {
+
+ try {
+ // load default PVP security configurations
+ EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration();
+
+ // initialize POST binding encoder with template decoration
+ final IVelocityGuiBuilderConfiguration guiConfig =
+ guiConfigFactory.getSpSpecificSaml2PostConfiguration(pendingReq,
+ "pvp_postbinding_template.html", authConfig.getConfigurationRootDirectory());
+
+ final HttpPostEncoderWithOwnTemplate encoder = new HttpPostEncoderWithOwnTemplate(guiConfig,
+ guiBuilder, VelocityProvider.getClassPathVelocityEngine());
+
+ // set OpenSAML2 process parameter into binding context dao
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(resp, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ final SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
+ service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ service.setLocation(targetLocation);
+
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+
+ } catch (final Exception e) {
+ log.warn("Can not encode SAML2 request", e);
+ throw new SecurityException(e);
+
+ }
+ }
+
+ @Override
+ public void encodeRespone(final HttpServletRequest req, final HttpServletResponse resp,
+ final StatusResponseType response, final String targetLocation, final String relayState,
+ final Credential credentials, final IRequest pendingReq)
+ throws MessageEncodingException, SecurityException {
+
+ try {
+ // load default PVP security configurations
+ EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration();
+
+ log.debug("create SAML POSTBinding response");
+
+ // initialize POST binding encoder with template decoration
+ final IVelocityGuiBuilderConfiguration guiConfig =
+ guiConfigFactory.getSpSpecificSaml2PostConfiguration(pendingReq,
+ "pvp_postbinding_template.html", authConfig.getConfigurationRootDirectory());
+ final HttpPostEncoderWithOwnTemplate encoder = new HttpPostEncoderWithOwnTemplate(guiConfig,
+ guiBuilder, VelocityProvider.getClassPathVelocityEngine());
+
+ // set OpenSAML2 process parameter into binding context dao
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(resp, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ final SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
+ service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ // context.setOutboundMessage(authReq);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+
+ } catch (final Exception e) {
+ log.warn("Can not encode SAML2 response", e);
+ throw new SecurityException(e);
+
+ }
+ }
+
+ @Override
+ public InboundMessageInterface decode(final HttpServletRequest req,
+ final HttpServletResponse resp, final MetadataProvider metadataProvider,
+ final boolean isSpEndPoint, final URIComparator comparator)
+ throws MessageDecodingException, SecurityException {
+
+ final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ final BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(req));
+ // set metadata descriptor type
+ if (isSpEndPoint) {
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
+
+ } else {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
+ }
+
+ messageContext.setMetadataProvider(metadataProvider);
+
+ // set security policy context
+ final BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules()
+ .add(new PvpSignedRequestPolicyRule(metadataProvider,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider),
+ messageContext.getPeerEntityRole()));
+ final SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
+ messageContext.setSecurityPolicyResolver(secResolver);
+
+ decode.decode(messageContext);
+
+ InboundMessage msg = null;
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ final RequestAbstractType inboundMessage =
+ (RequestAbstractType) messageContext.getInboundMessage();
+ msg = new PvpSProfileRequest(inboundMessage, getSaml2BindingName());
+ msg.setEntityID(inboundMessage.getIssuer().getValue());
+
+ } else if (messageContext.getInboundMessage() instanceof StatusResponseType) {
+ final StatusResponseType inboundMessage =
+ (StatusResponseType) messageContext.getInboundMessage();
+ msg = new PvpSProfileResponse(inboundMessage);
+ msg.setEntityID(inboundMessage.getIssuer().getValue());
+
+ } else {
+ // create empty container if request type is unknown
+ msg = new InboundMessage();
+ }
+
+ if (messageContext.getPeerEntityMetadata() != null) {
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+ } else {
+ if (StringUtils.isEmpty(msg.getEntityID())) {
+ log.info(
+ "No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+ }
+ }
+
+
+ msg.setVerified(true);
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
+ }
+
+ @Override
+ public boolean handleDecode(final String action, final HttpServletRequest req) {
+ return (req.getMethod().equals("POST") && action.equals(PvpConstants.POST));
+ }
+
+ @Override
+ public String getSaml2BindingName() {
+ return SAMLConstants.SAML2_POST_BINDING_URI;
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
index ca9b3d98..4e548d57 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
@@ -1,34 +1,38 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpAuthRequestSignedRole;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
@@ -58,182 +62,179 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PVPAuthRequestSignedRole;
-
@Service("PVPRedirectBinding")
public class RedirectBinding implements IDecoder, IEncoder {
-
- private static final Logger log = LoggerFactory.getLogger(RedirectBinding.class);
-
- public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException {
-
- //load default PVP security configurations
- EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
-
- log.debug("create SAML RedirectBinding response");
-
- HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- service.setLocation(targetLocation);
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(request);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
-
- encoder.encode(context);
- }
-
- public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState,
- Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException {
-
- //load default PVP security configurations
- EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
-
- log.debug("create SAML RedirectBinding response");
-
- HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- service.setLocation(targetLocation);
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(response);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
-
- encoder.encode(context);
-
- }
-
- public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
- SecurityException {
-
- HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
- new BasicParserPool());
-
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
- //set metadata descriptor type
- if (isSPEndPoint) {
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(comparator);
-
- } else {
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(comparator);
- }
-
- messageContext.setMetadataProvider(metadataProvider);
-
- SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
- PVPAuthRequestSignedRole signedRole = new PVPAuthRequestSignedRole();
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(signedRole);
- policy.getPolicyRules().add(signatureRule);
- SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setSecurityPolicyResolver(resolver);
-
- //set metadata descriptor type
- if (isSPEndPoint)
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- else
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- try {
- decode.decode(messageContext);
-
- //check signature
- signatureRule.evaluate(messageContext);
-
- } catch (SecurityException e) {
- if (StringUtils.isEmpty(messageContext.getInboundMessageIssuer())) {
- throw e;
-
- }
-
- if (metadataProvider instanceof IRefreshableMetadataProvider) {
- log.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer());
- if (!((IRefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer()))
- throw e;
-
- else {
- log.trace("PVP2X metadata reload finished. Check validate message again.");
- decode.decode(messageContext);
-
- //check signature
- signatureRule.evaluate(messageContext);
-
- }
- log.trace("Second PVP2X message validation finished");
-
- } else {
- throw e;
-
- }
- }
-
- InboundMessage msg = null;
- if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
- msg = new PVPSProfileRequest(inboundMessage, getSAML2BindingName());
-
-
- } else if (messageContext.getInboundMessage() instanceof StatusResponseType){
- StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
- msg = new PVPSProfileResponse(inboundMessage);
-
- } else
- //create empty container if request type is unknown
- msg = new InboundMessage();
-
- if (messageContext.getPeerEntityMetadata() != null)
- msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-
- else
- log.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-
- msg.setVerified(true);
- msg.setRelayState(messageContext.getRelayState());
-
- return msg;
- }
-
- public boolean handleDecode(String action, HttpServletRequest req) {
- return ((action.equals(PVPConstants.REDIRECT) || action.equals(PVPConstants.SINGLELOGOUT))
- && req.getMethod().equals("GET"));
- }
-
- public String getSAML2BindingName() {
- return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
- }
+
+ private static final Logger log = LoggerFactory.getLogger(RedirectBinding.class);
+
+ @Override
+ public void encodeRequest(final HttpServletRequest req, final HttpServletResponse resp,
+ final RequestAbstractType request, final String targetLocation, final String relayState,
+ final Credential credentials, final IRequest pendingReq)
+ throws MessageEncodingException, SecurityException {
+
+ // load default PVP security configurations
+ EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration();
+
+ log.debug("create SAML RedirectBinding response");
+
+ final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(resp, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ final SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+ }
+
+ @Override
+ public void encodeRespone(final HttpServletRequest req, final HttpServletResponse resp,
+ final StatusResponseType response, final String targetLocation, final String relayState,
+ final Credential credentials, final IRequest pendingReq)
+ throws MessageEncodingException, SecurityException {
+
+ // load default PVP security configurations
+ EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration();
+
+ log.debug("create SAML RedirectBinding response");
+
+ final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(resp, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ final SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+
+ }
+
+ @Override
+ public InboundMessageInterface decode(final HttpServletRequest req,
+ final HttpServletResponse resp, final MetadataProvider metadataProvider,
+ final boolean isSpEndPoint, final URIComparator comparator)
+ throws MessageDecodingException, SecurityException {
+
+ final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool());
+
+ final BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+ // set metadata descriptor type
+ if (isSpEndPoint) {
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
+
+ } else {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
+ }
+
+ messageContext.setMetadataProvider(metadataProvider);
+
+ final SAML2HTTPRedirectDeflateSignatureRule signatureRule =
+ new SAML2HTTPRedirectDeflateSignatureRule(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+ final PvpAuthRequestSignedRole signedRole = new PvpAuthRequestSignedRole();
+ final BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signedRole);
+ policy.getPolicyRules().add(signatureRule);
+ final SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(policy);
+ messageContext.setSecurityPolicyResolver(resolver);
+
+ // set metadata descriptor type
+ if (isSpEndPoint) {
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ } else {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ }
+
+ try {
+ decode.decode(messageContext);
+
+ // check signature
+ signatureRule.evaluate(messageContext);
+
+ } catch (final SecurityException e) {
+ if (StringUtils.isEmpty(messageContext.getInboundMessageIssuer())) {
+ throw e;
+
+ }
+
+ if (metadataProvider instanceof IRefreshableMetadataProvider) {
+ log.debug("PVP2X message validation FAILED. Reload metadata for entityID: "
+ + messageContext.getInboundMessageIssuer());
+ if (!((IRefreshableMetadataProvider) metadataProvider)
+ .refreshMetadataProvider(messageContext.getInboundMessageIssuer())) {
+ throw e;
+ } else {
+ log.trace("PVP2X metadata reload finished. Check validate message again.");
+ decode.decode(messageContext);
+
+ // check signature
+ signatureRule.evaluate(messageContext);
+
+ }
+ log.trace("Second PVP2X message validation finished");
+
+ } else {
+ throw e;
+
+ }
+ }
+
+ InboundMessage msg = null;
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ final RequestAbstractType inboundMessage =
+ (RequestAbstractType) messageContext.getInboundMessage();
+ msg = new PvpSProfileRequest(inboundMessage, getSaml2BindingName());
+
+
+ } else if (messageContext.getInboundMessage() instanceof StatusResponseType) {
+ final StatusResponseType inboundMessage =
+ (StatusResponseType) messageContext.getInboundMessage();
+ msg = new PvpSProfileResponse(inboundMessage);
+
+ } else {
+ // create empty container if request type is unknown
+ msg = new InboundMessage();
+ }
+
+ if (messageContext.getPeerEntityMetadata() != null) {
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+ } else {
+ log.info(
+ "No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+ }
+
+ msg.setVerified(true);
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
+ }
+
+ @Override
+ public boolean handleDecode(final String action, final HttpServletRequest req) {
+ return ((action.equals(PvpConstants.REDIRECT) || action.equals(PvpConstants.SINGLELOGOUT))
+ && req.getMethod().equals("GET"));
+ }
+
+ @Override
+ public String getSaml2BindingName() {
+ return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
index c70060ad..79a88487 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
@@ -1,36 +1,36 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
import java.util.List;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
@@ -56,117 +56,112 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
-
@Service("PVPSOAPBinding")
public class SoapBinding implements IDecoder, IEncoder {
- private static final Logger log = LoggerFactory.getLogger(SoapBinding.class);
- public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
- SecurityException, PVP2Exception {
- HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
- new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(
- req));
- messageContext.setMetadataProvider(metadataProvider);
-
- //TODO: update in a futher version:
- // requires a special SignedSOAPRequestPolicyRole because
- // messageContext.getInboundMessage() is not directly signed
-
- //set security context
-// BasicSecurityPolicy policy = new BasicSecurityPolicy();
-// policy.getPolicyRules().add(
-// new MOAPVPSignedRequestPolicyRule(
-// TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
-// SPSSODescriptor.DEFAULT_ELEMENT_NAME));
-// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-// policy);
-// messageContext.setSecurityPolicyResolver(resolver);
-
- //decode message
- soapDecoder.decode(messageContext);
-
- Envelope inboundMessage = (Envelope) messageContext
- .getInboundMessage();
-
- if (inboundMessage.getBody() != null) {
- List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
-
- if (!xmlElemList.isEmpty()) {
- SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);
- PVPSProfileRequest request = new PVPSProfileRequest(attrReq, getSAML2BindingName());
-
- if (messageContext.getPeerEntityMetadata() != null)
- request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-
- else if (attrReq instanceof RequestAbstractType) {
- RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
- try {
- if (StringUtils.isNotEmpty(attributeRequest.getIssuer().getValue()) &&
- metadataProvider.getRole(
- attributeRequest.getIssuer().getValue(),
- SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
- request.setEntityID(attributeRequest.getIssuer().getValue());
-
- } catch (Exception e) {
- log.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
- }
- }
-
- request.setVerified(false);
- return request;
-
- }
- }
-
- log.error("Receive empty PVP 2.1 attributequery request.");
- throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
- }
-
- public boolean handleDecode(String action, HttpServletRequest req) {
- return (req.getMethod().equals("POST") &&
- (action.equals(PVPConstants.SOAP) || action.equals(PVPConstants.ATTRIBUTEQUERY)));
- }
-
- public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException, PVP2Exception {
-
- }
-
- public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException, PVP2Exception {
-
- //load default PVP security configurations
- EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
-
- HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setOutboundSAMLMessage(response);
- context.setOutboundMessageTransport(responseAdapter);
-
- encoder.encode(context);
-
- }
-
- public String getSAML2BindingName() {
- return SAMLConstants.SAML2_SOAP11_BINDING_URI;
- }
+ private static final Logger log = LoggerFactory.getLogger(SoapBinding.class);
+
+ @Override
+ public InboundMessageInterface decode(final HttpServletRequest req,
+ final HttpServletResponse resp, final MetadataProvider metadataProvider,
+ final boolean isSpEndPoint, final URIComparator comparator)
+ throws MessageDecodingException, SecurityException, Pvp2Exception {
+ final HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
+ final BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(req));
+ messageContext.setMetadataProvider(metadataProvider);
+
+ // TODO: update in a futher version:
+ // requires a special SignedSOAPRequestPolicyRole because
+ // messageContext.getInboundMessage() is not directly signed
+
+ // set security context
+ // BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ // policy.getPolicyRules().add(
+ // new MOAPVPSignedRequestPolicyRule(
+ // TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
+ // SPSSODescriptor.DEFAULT_ELEMENT_NAME));
+ // SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+ // policy);
+ // messageContext.setSecurityPolicyResolver(resolver);
+
+ // decode message
+ soapDecoder.decode(messageContext);
+
+ final Envelope inboundMessage = (Envelope) messageContext.getInboundMessage();
+
+ if (inboundMessage.getBody() != null) {
+ final List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
+
+ if (!xmlElemList.isEmpty()) {
+ final SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);
+ final PvpSProfileRequest request = new PvpSProfileRequest(attrReq, getSaml2BindingName());
+
+ if (messageContext.getPeerEntityMetadata() != null) {
+ request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+ } else if (attrReq instanceof RequestAbstractType) {
+ final RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
+ try {
+ if (StringUtils.isNotEmpty(attributeRequest.getIssuer().getValue())
+ && metadataProvider.getRole(attributeRequest.getIssuer().getValue(),
+ SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null) {
+ request.setEntityID(attributeRequest.getIssuer().getValue());
+ }
+
+ } catch (final Exception e) {
+ log.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
+ }
+ }
+
+ request.setVerified(false);
+ return request;
+
+ }
+ }
+
+ log.error("Receive empty PVP 2.1 attributequery request.");
+ throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
+ }
+
+ @Override
+ public boolean handleDecode(final String action, final HttpServletRequest req) {
+ return (req.getMethod().equals("POST")
+ && (action.equals(PvpConstants.SOAP) || action.equals(PvpConstants.ATTRIBUTEQUERY)));
+ }
+
+ @Override
+ public void encodeRequest(final HttpServletRequest req, final HttpServletResponse resp,
+ final RequestAbstractType request, final String targetLocation, final String relayState,
+ final Credential credentials, final IRequest pendingReq)
+ throws MessageEncodingException, SecurityException, Pvp2Exception {
+
+ }
+
+ @Override
+ public void encodeRespone(final HttpServletRequest req, final HttpServletResponse resp,
+ final StatusResponseType response, final String targetLocation, final String relayState,
+ final Credential credentials, final IRequest pendingReq)
+ throws MessageEncodingException, SecurityException, Pvp2Exception {
+
+ // load default PVP security configurations
+ EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration();
+
+ final HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(resp, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+
+ }
+
+ @Override
+ public String getSaml2BindingName() {
+ return SAMLConstants.SAML2_SOAP11_BINDING_URI;
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
index c38b04bd..9765f520 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
@@ -1,31 +1,25 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeValue;
import org.opensaml.xml.Configuration;
@@ -35,87 +29,118 @@ import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSIntegerBuilder;
import org.opensaml.xml.schema.impl.XSStringBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
-
+/**
+ * Build all attributes from PVP2 citizen-token.
+ *
+ * @author tlenz
+ *
+ */
public class CitizenTokenBuilder {
- public static XMLObject buildAttributeStringValue(String value) {
- XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
- XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
- stringValue.setValue(value);
- return stringValue;
- }
-
- public static XMLObject buildAttributeIntegerValue(int value) {
- XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
- XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
- integerValue.setValue(value);
- return integerValue;
- }
-
- public static Attribute buildStringAttribute(String friendlyName,
- String name, String value) {
- Attribute attribute =
- SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.getAttributeValues().add(buildAttributeStringValue(value));
- return attribute;
- }
-
- public static Attribute buildIntegerAttribute(String friendlyName,
- String name, int value) {
- Attribute attribute =
- SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
- return attribute;
- }
-
- public static Attribute buildPVPVersion(String value) {
- return buildStringAttribute("PVP-VERSION",
- "urn:oid:1.2.40.0.10.2.1.1.261.10", value);
- }
-
- public static Attribute buildSecClass(int value) {
- return buildIntegerAttribute("SECCLASS",
- "", value);
- }
-
- public static Attribute buildPrincipalName(String value) {
- return buildStringAttribute("PRINCIPAL-NAME",
- "urn:oid:1.2.40.0.10.2.1.1.261.20", value);
- }
-
- public static Attribute buildGivenName(String value) {
- return buildStringAttribute("GIVEN-NAME",
- "urn:oid:2.5.4.42", value);
- }
-
- public static Attribute buildBirthday(String value) {
- return buildStringAttribute("BIRTHDATE",
- "urn:oid:1.2.40.0.10.2.1.1.55", value);
- }
-
- public static Attribute buildBPK(String value) {
- return buildStringAttribute("BPK",
- "urn:oid:1.2.40.0.10.2.1.1.149", value);
- }
-
- public static Attribute buildEID_CITIZEN_QAALEVEL(int value) {
- return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL",
- "urn:oid:1.2.40.0.10.2.1.1.261.94", value);
- }
-
- public static Attribute buildEID_ISSUING_NATION(String value) {
- return buildStringAttribute("EID-ISSUING-NATION",
- "urn:oid:1.2.40.0.10.2.1.1.261.32", value);
- }
-
- public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) {
- return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER",
- "urn:oid:1.2.40.0.10.2.1.1.261.34", value);
- }
-
+ /**
+ * Build simple attribute.
+ *
+ * @param value Attributevalue
+ * @return XML attribute
+ */
+ public static XMLObject buildAttributeStringValue(final String value) {
+ final XSStringBuilder stringBuilder =
+ (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ final XSString stringValue =
+ stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+ return stringValue;
+ }
+
+ /**
+ * Build simple attribute.
+ *
+ * @param value Attributevalue
+ * @return XML attribute
+ */
+ public static XMLObject buildAttributeIntegerValue(final int value) {
+ final XSIntegerBuilder integerBuilder =
+ (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
+ final XSInteger integerValue =
+ integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
+ integerValue.setValue(value);
+ return integerValue;
+ }
+
+ /**
+ * Build simple attribute.
+ *
+ * @param friendlyName attribute friendly-name
+ * @param value Attributevalue
+ * @return XML attribute
+ */
+ public static Attribute buildStringAttribute(final String friendlyName, final String name,
+ final String value) {
+ final Attribute attribute = Saml2Utils.createSamlObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getAttributeValues().add(buildAttributeStringValue(value));
+ return attribute;
+ }
+
+ /**
+ * Build simple attribute.
+ *
+ * @param friendlyName attribute friendly-name
+ * @param value Attributevalue
+ * @return XML attribute
+ */
+ public static Attribute buildIntegerAttribute(final String friendlyName, final String name,
+ final int value) {
+ final Attribute attribute = Saml2Utils.createSamlObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
+ return attribute;
+ }
+
+ /**
+ * Build PVP version attribute.
+ *
+ * @param value PVP Version
+ * @return SAML2 Attribute
+ */
+ public static Attribute buildPvpVersion(final String value) {
+ return buildStringAttribute("PVP-VERSION", "urn:oid:1.2.40.0.10.2.1.1.261.10", value);
+ }
+
+ public static Attribute buildSecClass(final int value) {
+ return buildIntegerAttribute("SECCLASS", "", value);
+ }
+
+ public static Attribute buildPrincipalName(final String value) {
+ return buildStringAttribute("PRINCIPAL-NAME", "urn:oid:1.2.40.0.10.2.1.1.261.20", value);
+ }
+
+ public static Attribute buildGivenName(final String value) {
+ return buildStringAttribute("GIVEN-NAME", "urn:oid:2.5.4.42", value);
+ }
+
+ public static Attribute buildBirthday(final String value) {
+ return buildStringAttribute("BIRTHDATE", "urn:oid:1.2.40.0.10.2.1.1.55", value);
+ }
+
+ public static Attribute buildBpk(final String value) {
+ return buildStringAttribute("BPK", "urn:oid:1.2.40.0.10.2.1.1.149", value);
+ }
+
+ public static Attribute buildEid_Citizen_QaaLevel(final int value) {
+ return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL", "urn:oid:1.2.40.0.10.2.1.1.261.94",
+ value);
+ }
+
+ public static Attribute buildEid_Issuing_Nation(final String value) {
+ return buildStringAttribute("EID-ISSUING-NATION", "urn:oid:1.2.40.0.10.2.1.1.261.32", value);
+ }
+
+ public static Attribute buildEid_Sector_For_Identifier(final String value) {
+ return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER", "urn:oid:1.2.40.0.10.2.1.1.261.34",
+ value);
+ }
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java
deleted file mode 100644
index 0d9e38e0..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ServiceLoader;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
-import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidDateFormatException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
-
-public class PVPAttributeBuilder {
-
- private static final Logger log = LoggerFactory.getLogger(PVPAttributeBuilder.class);
-
- private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator();
- private static HashMap<String, IAttributeBuilder> builders;
-
- private static ServiceLoader<IAttributeBuilder> attributBuilderLoader =
- ServiceLoader.load(IAttributeBuilder.class);
-
- private static void addBuilder(IAttributeBuilder builder) {
- builders.put(builder.getName(), builder);
- }
-
- static {
- builders = new HashMap<String, IAttributeBuilder>();
-
- log.info("Loading protocol attribut-builder modules:");
- if (attributBuilderLoader != null ) {
- Iterator<IAttributeBuilder> moduleLoaderInterator = attributBuilderLoader.iterator();
- while (moduleLoaderInterator.hasNext()) {
- try {
- IAttributeBuilder modul = moduleLoaderInterator.next();
- log.info("Loading attribut-builder Modul Information: " + modul.getName());
- addBuilder(modul);
-
- } catch(Throwable e) {
- log.error("Check configuration! " + "Some attribute-builder modul" +
- " is not a valid IAttributeBuilder", e);
- }
- }
- }
-
- log.info("Loading attribute-builder modules done");
-
- }
-
-
- /**
- * Get a specific attribute builder
- *
- * @param name Attribute-builder friendly name
- *
- * @return Attribute-builder with this name or null if builder does not exists
- */
- public static IAttributeBuilder getAttributeBuilder(String name) {
- return builders.get(name);
-
- }
-
- public static Attribute buildAttribute(String name, ISPConfiguration oaParam,
- IAuthData authData) throws PVP2Exception, AttributeBuilderException {
- if (builders.containsKey(name)) {
- try {
- return builders.get(name).build(oaParam, authData, generator);
- }
- catch (AttributeBuilderException e) {
- if (e instanceof UnavailableAttributeException) {
- throw e;
-
- } else if (e instanceof InvalidDateFormatAttributeException) {
- throw new InvalidDateFormatException();
-
- } else {
- throw new UnavailableAttributeException(name);
-
- }
- }
- }
- return null;
- }
-
- public static Attribute buildEmptyAttribute(String name) {
- if (builders.containsKey(name)) {
- return builders.get(name).buildEmpty(generator);
- }
- return null;
- }
-
- public static Attribute buildAttribute(String name, String value) {
- if (builders.containsKey(name)) {
- return builders.get(name).buildEmpty(generator);
- }
- return null;
- }
-
-
- /**
- * Return all attributes that has a {@link PVPMETADATA} annotation
- *
- * @return
- */
- public static List<Attribute> buildSupportedEmptyAttributes() {
- List<Attribute> attributes = new ArrayList<Attribute>();
- Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
- while (builderIt.hasNext()) {
- IAttributeBuilder builder = builderIt.next();
- if (builder.getClass().isAnnotationPresent(PVPMETADATA.class)) {
- Attribute emptyAttribute = builder.buildEmpty(generator);
- if (emptyAttribute != null) {
- attributes.add(emptyAttribute);
- }
-
- } else {
- log.trace(builder.getName() + "is no PVP Metadata attribute");
-
- }
- }
- return attributes;
- }
-
- public static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
- RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
- attribute.setIsRequired(required);
- attribute.setName(name);
- attribute.setFriendlyName(friendlyName);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- return attribute;
- }
-
- /**
- * Build a set of PVP Response-Attributes
- * <br><br>
- * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but no execpetion is thrown.
- * Therefore, the return List must not include all requested attributes.
- *
- * @param authData AuthenticationData <code>IAuthData</code> which is used to build the attribute values, but never <code>null</code>
- * @param reqAttributenName List of PVP attribute names which are requested, but never <code>null</code>
- * @return List of PVP attributes, but never <code>null</code>
- */
- public static List<Attribute> buildSetOfResponseAttributes(IAuthData authData,
- Collection<String> reqAttributenName) {
- List<Attribute> attrList = new ArrayList<Attribute>();
- if (reqAttributenName != null) {
- Iterator<String> it = reqAttributenName.iterator();
- while (it.hasNext()) {
- String reqAttributName = it.next();
- try {
- Attribute attr = PVPAttributeBuilder.buildAttribute(
- reqAttributName, null, authData);
- if (attr == null) {
- log.info(
- "Attribute generation failed! for "
- + reqAttributName);
-
- } else {
- attrList.add(attr);
-
- }
-
- } catch (PVP2Exception e) {
- log.info(
- "Attribute generation failed! for "
- + reqAttributName);
-
- } catch (Exception e) {
- log.warn(
- "General Attribute generation failed! for "
- + reqAttributName, e);
-
- }
- }
- }
-
- return attrList;
- }
-
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java
deleted file mode 100644
index 61c6006b..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java
+++ /dev/null
@@ -1,450 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.Collection;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.apache.commons.httpclient.auth.CredentialsNotAvailableException;
-import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.KeyDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.SecurityHelper;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.Signer;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Document;
-
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
-
-/**
- * @author tlenz
- *
- */
-
-@Service("PVPMetadataBuilder")
-public class PVPMetadataBuilder {
-
- private static final Logger log = LoggerFactory.getLogger(PVPMetadataBuilder.class);
-
- X509KeyInfoGeneratorFactory keyInfoFactory = null;
-
- /**
- *
- */
- public PVPMetadataBuilder() {
- keyInfoFactory = new X509KeyInfoGeneratorFactory();
- keyInfoFactory.setEmitEntityIDAsKeyName(true);
- keyInfoFactory.setEmitEntityCertificate(true);
-
- }
-
-
- /**
- *
- * Build PVP 2.1 conform SAML2 metadata
- *
- * @param config
- * PVPMetadataBuilder configuration
- *
- * @return PVP metadata as XML String
- * @throws SecurityException
- * @throws ConfigurationException
- * @throws CredentialsNotAvailableException
- * @throws TransformerFactoryConfigurationError
- * @throws MarshallingException
- * @throws TransformerException
- * @throws ParserConfigurationException
- * @throws IOException
- * @throws SignatureException
- */
- public String buildPVPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, EAAFException, SecurityException, TransformerFactoryConfigurationError, MarshallingException, TransformerException, ParserConfigurationException, IOException, SignatureException {
- DateTime date = new DateTime();
- EntityDescriptor entityDescriptor = SAML2Utils
- .createSAMLObject(EntityDescriptor.class);
-
- //set entityID
- entityDescriptor.setEntityID(config.getEntityID());
-
- //set contact and organisation information
- List<ContactPerson> contactPersons = config.getContactPersonInformation();
- if (contactPersons != null)
- entityDescriptor.getContactPersons().addAll(contactPersons);
-
- Organization organisation = config.getOrgansiationInformation();
- if (organisation != null)
- entityDescriptor.setOrganization(organisation);
-
- //set IDP metadata
- if (config.buildIDPSSODescriptor()) {
- RoleDescriptor idpSSODesc = generateIDPMetadata(config);
- if (idpSSODesc != null)
- entityDescriptor.getRoleDescriptors().add(idpSSODesc);
-
- }
-
- //set SP metadata for interfederation
- if (config.buildSPSSODescriptor()) {
- RoleDescriptor spSSODesc = generateSPMetadata(config);
- if (spSSODesc != null)
- entityDescriptor.getRoleDescriptors().add(spSSODesc);
-
- }
-
- //set metadata signature parameters
- Credential metadataSignCred = config.getMetadataSigningCredentials();
- Signature signature = AbstractCredentialProvider.getIDPSignature(metadataSignCred);
- SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
-
- //initialize XML document builder
- DocumentBuilder builder;
- DocumentBuilderFactory factory = DocumentBuilderFactory
- .newInstance();
-
- builder = factory.newDocumentBuilder();
- Document document = builder.newDocument();
-
-
- //build entities descriptor
- if (config.buildEntitiesDescriptorAsRootElement()) {
- EntitiesDescriptor entitiesDescriptor =
- SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
- entitiesDescriptor.setName(config.getEntityFriendlyName());
- entitiesDescriptor.setID(SAML2Utils.getSecureIdentifier());
- entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
- entitiesDescriptor.getEntityDescriptors().add(entityDescriptor);
-
- //load default PVP security configurations
- EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
- entitiesDescriptor.setSignature(signature);
-
-
- //marshall document
- Marshaller out = Configuration.getMarshallerFactory()
- .getMarshaller(entitiesDescriptor);
- out.marshall(entitiesDescriptor, document);
-
- } else {
- entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
- entityDescriptor.setID(SAML2Utils.getSecureIdentifier());
-
- entityDescriptor.setSignature(signature);
-
-
-
- //marshall document
- Marshaller out = Configuration.getMarshallerFactory()
- .getMarshaller(entityDescriptor);
- out.marshall(entityDescriptor, document);
-
- }
-
- //sign metadata
- Signer.signObject(signature);
-
- //transform metadata object to XML string
- Transformer transformer = TransformerFactory.newInstance()
- .newTransformer();
-
- StringWriter sw = new StringWriter();
- StreamResult sr = new StreamResult(sw);
- DOMSource source = new DOMSource(document);
- transformer.transform(source, sr);
- sw.close();
-
- return sw.toString();
- }
-
-
- private RoleDescriptor generateSPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, EAAFException {
- SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class);
- spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
- spSSODescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned());
- spSSODescriptor.setWantAssertionsSigned(config.wantAssertionSigned());
-
- KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-
- //Set AuthRequest Signing certificate
- Credential authcredential = config.getRequestorResponseSigningCredentials();
- if (authcredential == null) {
- log.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. ");
- return null;
-
- } else {
- KeyDescriptor signKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- signKeyDescriptor.setUse(UsageType.SIGNING);
- signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
- spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
- }
-
- //Set assertion encryption credentials
- Credential authEncCredential = config.getEncryptionCredentials();
-
- if (authEncCredential != null) {
- KeyDescriptor encryKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
- encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));
- spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
-
- } else {
- log.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
-
- }
-
- //check nameID formates
- if (config.getSPAllowedNameITTypes() == null || config.getSPAllowedNameITTypes().size() == 0) {
- log.warn("SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
- return null;
-
- } else {
- for (String format : config.getSPAllowedNameITTypes()) {
- NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- nameIDFormat.setFormat(format);
- spSSODescriptor.getNameIDFormats().add(nameIDFormat);
-
- }
- }
-
-
- //add POST-Binding assertion consumer services
- if (StringUtils.isNotEmpty(config.getSPAssertionConsumerServicePostBindingURL())) {
- AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
- postassertionConsumerService.setIndex(0);
- postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- postassertionConsumerService.setLocation(config.getSPAssertionConsumerServicePostBindingURL());
- postassertionConsumerService.setIsDefault(true);
- spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
-
- }
-
- //add POST-Binding assertion consumer services
- if (StringUtils.isNotEmpty(config.getSPAssertionConsumerServiceRedirectBindingURL())) {
- AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
- redirectassertionConsumerService.setIndex(1);
- redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- redirectassertionConsumerService.setLocation(config.getSPAssertionConsumerServiceRedirectBindingURL());
- spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
-
- }
-
- //validate WebSSO endpoints
- if (spSSODescriptor.getAssertionConsumerServices().size() == 0) {
- log.warn("SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. ");
- return null;
-
- }
-
- //add POST-Binding SLO descriptor
- if (StringUtils.isNotEmpty(config.getSPSLOPostBindingURL())) {
- SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- postSLOService.setLocation(config.getSPSLOPostBindingURL());
- postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- spSSODescriptor.getSingleLogoutServices().add(postSLOService);
-
- }
-
- //add POST-Binding SLO descriptor
- if (StringUtils.isNotEmpty(config.getSPSLORedirectBindingURL())) {
- SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- redirectSLOService.setLocation(config.getSPSLORedirectBindingURL());
- redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-
- }
-
- //add POST-Binding SLO descriptor
- if (StringUtils.isNotEmpty(config.getSPSLOSOAPBindingURL())) {
- SingleLogoutService soapSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- soapSLOService.setLocation(config.getSPSLOSOAPBindingURL());
- soapSLOService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
- spSSODescriptor.getSingleLogoutServices().add(soapSLOService);
-
- }
-
-
- //add required attributes
- Collection<RequestedAttribute> reqSPAttr = config.getSPRequiredAttributes();
- AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);
-
- attributeService.setIndex(0);
- attributeService.setIsDefault(true);
- ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
- serviceName.setName(new LocalizedString("Default Service", "en"));
- attributeService.getNames().add(serviceName);
-
- if (reqSPAttr != null && reqSPAttr.size() > 0) {
- log.debug("Add " + reqSPAttr.size() + " attributes to SP metadata");
- attributeService.getRequestAttributes().addAll(reqSPAttr);
-
- } else {
- log.debug("SP metadata contains NO requested attributes.");
-
- }
-
- spSSODescriptor.getAttributeConsumingServices().add(attributeService);
-
- return spSSODescriptor;
- }
-
- private IDPSSODescriptor generateIDPMetadata(IPVPMetadataBuilderConfiguration config) throws EAAFException, CredentialsNotAvailableException, SecurityException {
- //check response signing credential
- Credential responseSignCred = config.getRequestorResponseSigningCredentials();
- if (responseSignCred == null) {
- log.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. ");
- return null;
-
- }
-
- //check nameID formates
- if (config.getIDPPossibleNameITTypes() == null || config.getIDPPossibleNameITTypes().size() == 0) {
- log.warn("IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
- return null;
-
- }
-
- // build SAML2 IDP-SSO descriptor element
- IDPSSODescriptor idpSSODescriptor = SAML2Utils
- .createSAMLObject(IDPSSODescriptor.class);
-
- idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-
- //set ass default value, because PVP 2.x specification defines this feature as MUST
- idpSSODescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned());
-
- // add WebSSO descriptor for POST-Binding
- if (StringUtils.isNotEmpty(config.getIDPWebSSOPostBindingURL())) {
- SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
- postSingleSignOnService.setLocation(config.getIDPWebSSOPostBindingURL());
- postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-
- }
-
- // add WebSSO descriptor for Redirect-Binding
- if (StringUtils.isNotEmpty(config.getIDPWebSSORedirectBindingURL())) {
- SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
- postSingleSignOnService.setLocation(config.getIDPWebSSORedirectBindingURL());
- postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-
- }
-
- //add Single LogOut POST-Binding endpoing
- if (StringUtils.isNotEmpty(config.getIDPSLOPostBindingURL())) {
- SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- postSLOService.setLocation(config.getIDPSLOPostBindingURL());
- postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- idpSSODescriptor.getSingleLogoutServices().add(postSLOService);
-
- }
-
- //add Single LogOut Redirect-Binding endpoing
- if (StringUtils.isNotEmpty(config.getIDPSLORedirectBindingURL())) {
- SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- redirectSLOService.setLocation(config.getIDPSLORedirectBindingURL());
- redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-
- }
-
- //validate WebSSO endpoints
- if (idpSSODescriptor.getSingleSignOnServices().size() == 0) {
- log.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. ");
- return null;
-
- }
-
- //set assertion signing key
- KeyDescriptor signKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- signKeyDescriptor.setUse(UsageType.SIGNING);
- KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
- signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(config.getRequestorResponseSigningCredentials()));
- idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
- //set IDP attribute set
- idpSSODescriptor.getAttributes().addAll(config.getIDPPossibleAttributes());
-
- //set providable nameID formats
- for (String format : config.getIDPPossibleNameITTypes()) {
- NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- nameIDFormat.setFormat(format);
- idpSSODescriptor.getNameIDFormats().add(nameIDFormat);
-
- }
-
- return idpSSODescriptor;
-
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java
new file mode 100644
index 00000000..73ba73c7
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java
@@ -0,0 +1,244 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.ServiceLoader;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IspConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata;
+import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidDateFormatException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PvpAttributeBuilder {
+
+ private static final Logger log = LoggerFactory.getLogger(PvpAttributeBuilder.class);
+
+ private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator();
+ private static HashMap<String, IAttributeBuilder> builders;
+
+ private static ServiceLoader<IAttributeBuilder> attributBuilderLoader =
+ ServiceLoader.load(IAttributeBuilder.class);
+
+ private static void addBuilder(final IAttributeBuilder builder) {
+ builders.put(builder.getName(), builder);
+ }
+
+ static {
+ builders = new HashMap<>();
+
+ log.info("Loading protocol attribut-builder modules:");
+ if (attributBuilderLoader != null) {
+ final Iterator<IAttributeBuilder> moduleLoaderInterator = attributBuilderLoader.iterator();
+ while (moduleLoaderInterator.hasNext()) {
+ try {
+ final IAttributeBuilder modul = moduleLoaderInterator.next();
+ log.info("Loading attribut-builder Modul Information: " + modul.getName());
+ addBuilder(modul);
+
+ } catch (final Throwable e) {
+ log.error("Check configuration! " + "Some attribute-builder modul"
+ + " is not a valid IAttributeBuilder", e);
+ }
+ }
+ }
+
+ log.info("Loading attribute-builder modules done");
+
+ }
+
+
+ /**
+ * Get a specific attribute builder.
+ *
+ * @param name Attribute-builder friendly name
+ *
+ * @return Attribute-builder with this name or null if builder does not exists
+ */
+ public static IAttributeBuilder getAttributeBuilder(final String name) {
+ return builders.get(name);
+
+ }
+
+ /**
+ * Build an SAML2 attribute.
+ *
+ * @param name attribute name
+ * @param value attribute value
+ * @return SAML2 attribute
+ */
+ public static Attribute buildAttribute(final String name, final String value) {
+ log.warn("Attribute value: {} is NOT injected", value);
+
+ if (builders.containsKey(name)) {
+ return builders.get(name).buildEmpty(generator);
+ }
+ return null;
+ }
+
+ /**
+ * Build a SAML2 attribute.
+ *
+ * @param name attribute name
+ * @param oaParam Service-Provider configuration
+ * @param authData serice-provider specific authentication data
+ * @return SAML2 attribute
+ * @throws Pvp2Exception In case of a general error
+ * @throws AttributeBuilderException In case of an attribute builder error
+ */
+ public static Attribute buildAttribute(final String name, final IspConfiguration oaParam,
+ final IAuthData authData) throws Pvp2Exception, AttributeBuilderException {
+ if (builders.containsKey(name)) {
+ try {
+ return builders.get(name).build(oaParam, authData, generator);
+ } catch (final AttributeBuilderException e) {
+ if (e instanceof UnavailableAttributeException) {
+ throw e;
+
+ } else if (e instanceof InvalidDateFormatAttributeException) {
+ throw new InvalidDateFormatException();
+
+ } else {
+ throw new UnavailableAttributeException(name);
+
+ }
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Build an empty attribute.
+ *
+ * @param name attributename
+ * @return SAML2 attribute
+ */
+ public static Attribute buildEmptyAttribute(final String name) {
+ if (builders.containsKey(name)) {
+ return builders.get(name).buildEmpty(generator);
+ }
+ return null;
+ }
+
+
+
+
+
+ /**
+ * Return all attributes that has a {@link PvpMetadata} annotation.
+ *
+ * @return
+ */
+ public static List<Attribute> buildSupportedEmptyAttributes() {
+ final List<Attribute> attributes = new ArrayList<>();
+ final Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
+ while (builderIt.hasNext()) {
+ final IAttributeBuilder builder = builderIt.next();
+ if (builder.getClass().isAnnotationPresent(PvpMetadata.class)) {
+ final Attribute emptyAttribute = builder.buildEmpty(generator);
+ if (emptyAttribute != null) {
+ attributes.add(emptyAttribute);
+ }
+
+ } else {
+ log.trace(builder.getName() + "is no PVP Metadata attribute");
+
+ }
+ }
+ return attributes;
+ }
+
+ /**
+ * Build a requested attribute.
+ *
+ * @param name attribute name
+ * @param friendlyName attribute friendlyname
+ * @param required is attribute mandatory
+ * @return SAML2 requested attribute
+ */
+ public static RequestedAttribute buildReqAttribute(final String name, final String friendlyName,
+ final boolean required) {
+ final RequestedAttribute attribute = Saml2Utils.createSamlObject(RequestedAttribute.class);
+ attribute.setIsRequired(required);
+ attribute.setName(name);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ return attribute;
+ }
+
+ /**
+ * Build a set of PVP Response-Attributes <br>
+ * <br>
+ * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but no execpetion is
+ * thrown. Therefore, the return List must not include all requested attributes.
+ *
+ * @param authData AuthenticationData <code>IAuthData</code> which is used to build the attribute
+ * values, but never <code>null</code>
+ * @param reqAttributenName List of PVP attribute names which are requested, but never
+ * <code>null</code>
+ * @return List of PVP attributes, but never <code>null</code>
+ */
+ public static List<Attribute> buildSetOfResponseAttributes(final IAuthData authData,
+ final Collection<String> reqAttributenName) {
+ final List<Attribute> attrList = new ArrayList<>();
+ if (reqAttributenName != null) {
+ final Iterator<String> it = reqAttributenName.iterator();
+ while (it.hasNext()) {
+ final String reqAttributName = it.next();
+ try {
+ final Attribute attr =
+ PvpAttributeBuilder.buildAttribute(reqAttributName, null, authData);
+ if (attr == null) {
+ log.info("Attribute generation failed! for " + reqAttributName);
+
+ } else {
+ attrList.add(attr);
+
+ }
+
+ } catch (final Pvp2Exception e) {
+ log.info("Attribute generation failed! for " + reqAttributName);
+
+ } catch (final Exception e) {
+ log.warn("General Attribute generation failed! for " + reqAttributName, e);
+
+ }
+ }
+ }
+
+ return attrList;
+ }
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
new file mode 100644
index 00000000..1efa8745
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
@@ -0,0 +1,458 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.Collection;
+import java.util.List;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import org.apache.commons.httpclient.auth.CredentialsNotAvailableException;
+import org.apache.commons.lang3.StringUtils;
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.ServiceName;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.SecurityHelper;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.Signer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+import org.w3c.dom.Document;
+
+/**
+ * PVP metadata builder implementation.
+ *
+ * @author tlenz
+ *
+ */
+
+@Service("PVPMetadataBuilder")
+public class PvpMetadataBuilder {
+
+ private static final Logger log = LoggerFactory.getLogger(PvpMetadataBuilder.class);
+
+ X509KeyInfoGeneratorFactory keyInfoFactory = null;
+
+ /**
+ * PVP metadata builder.
+ *
+ */
+ public PvpMetadataBuilder() {
+ keyInfoFactory = new X509KeyInfoGeneratorFactory();
+ keyInfoFactory.setEmitEntityIDAsKeyName(true);
+ keyInfoFactory.setEmitEntityCertificate(true);
+
+ }
+
+
+ /**
+ * Build PVP 2.1 conform SAML2 metadata.
+ *
+ * @param config PVPMetadataBuilder configuration*
+ * @return PVP metadata as XML String
+ * @throws SecurityException In case of an error
+ * @throws ConfigurationException In case of an error
+ * @throws CredentialsNotAvailableException In case of an error
+ * @throws TransformerFactoryConfigurationError In case of an error
+ * @throws MarshallingException In case of an error
+ * @throws TransformerException In case of an error
+ * @throws ParserConfigurationException In case of an error
+ * @throws IOException In case of an error
+ * @throws SignatureException In case of an error
+ */
+ public String buildPvpMetadata(final IPvpMetadataBuilderConfiguration config)
+ throws CredentialsNotAvailableException, EaafException, SecurityException,
+ TransformerFactoryConfigurationError, MarshallingException, TransformerException,
+ ParserConfigurationException, IOException, SignatureException {
+ final DateTime date = new DateTime();
+ final EntityDescriptor entityDescriptor = Saml2Utils.createSamlObject(EntityDescriptor.class);
+
+ // set entityID
+ entityDescriptor.setEntityID(config.getEntityID());
+
+ // set contact and organisation information
+ final List<ContactPerson> contactPersons = config.getContactPersonInformation();
+ if (contactPersons != null) {
+ entityDescriptor.getContactPersons().addAll(contactPersons);
+ }
+
+ final Organization organisation = config.getOrgansiationInformation();
+ if (organisation != null) {
+ entityDescriptor.setOrganization(organisation);
+ }
+
+ // set IDP metadata
+ if (config.buildIdpSsoDescriptor()) {
+ final RoleDescriptor idpSsoDesc = generateIdpMetadata(config);
+ if (idpSsoDesc != null) {
+ entityDescriptor.getRoleDescriptors().add(idpSsoDesc);
+ }
+
+ }
+
+ // set SP metadata for interfederation
+ if (config.buildSpSsoDescriptor()) {
+ final RoleDescriptor spSsoDesc = generateSpMetadata(config);
+ if (spSsoDesc != null) {
+ entityDescriptor.getRoleDescriptors().add(spSsoDesc);
+ }
+
+ }
+
+ // set metadata signature parameters
+ final Credential metadataSignCred = config.getMetadataSigningCredentials();
+ final Signature signature = AbstractCredentialProvider.getIdpSignature(metadataSignCred);
+ SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
+
+ // initialize XML document builder
+ DocumentBuilder builder;
+ final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+
+ builder = factory.newDocumentBuilder();
+ final Document document = builder.newDocument();
+
+
+ // build entities descriptor
+ if (config.buildEntitiesDescriptorAsRootElement()) {
+ final EntitiesDescriptor entitiesDescriptor =
+ Saml2Utils.createSamlObject(EntitiesDescriptor.class);
+ entitiesDescriptor.setName(config.getEntityFriendlyName());
+ entitiesDescriptor.setID(Saml2Utils.getSecureIdentifier());
+ entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
+ entitiesDescriptor.getEntityDescriptors().add(entityDescriptor);
+
+ // load default PVP security configurations
+ EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration();
+ entitiesDescriptor.setSignature(signature);
+
+
+ // marshall document
+ final Marshaller out =
+ org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(entitiesDescriptor);
+ out.marshall(entitiesDescriptor, document);
+
+ } else {
+ entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
+ entityDescriptor.setID(Saml2Utils.getSecureIdentifier());
+
+ entityDescriptor.setSignature(signature);
+
+
+
+ // marshall document
+ final Marshaller out =
+ org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(entityDescriptor);
+ out.marshall(entityDescriptor, document);
+
+ }
+
+ // sign metadata
+ Signer.signObject(signature);
+
+ // transform metadata object to XML string
+ final Transformer transformer = TransformerFactory.newInstance().newTransformer();
+
+ final StringWriter sw = new StringWriter();
+ final StreamResult sr = new StreamResult(sw);
+ final DOMSource source = new DOMSource(document);
+ transformer.transform(source, sr);
+ sw.close();
+
+ return sw.toString();
+ }
+
+
+ private RoleDescriptor generateSpMetadata(final IPvpMetadataBuilderConfiguration config)
+ throws CredentialsNotAvailableException, SecurityException, EaafException {
+ final SPSSODescriptor spSsoDescriptor = Saml2Utils.createSamlObject(SPSSODescriptor.class);
+ spSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+ spSsoDescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned());
+ spSsoDescriptor.setWantAssertionsSigned(config.wantAssertionSigned());
+
+ final KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
+
+ // Set AuthRequest Signing certificate
+ final Credential authcredential = config.getRequestorResponseSigningCredentials();
+ if (authcredential == null) {
+ log.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. ");
+ return null;
+
+ } else {
+ final KeyDescriptor signKeyDescriptor = Saml2Utils.createSamlObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
+ spSsoDescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ }
+
+ // Set assertion encryption credentials
+ final Credential authEncCredential = config.getEncryptionCredentials();
+
+ if (authEncCredential != null) {
+ final KeyDescriptor encryKeyDescriptor = Saml2Utils.createSamlObject(KeyDescriptor.class);
+ encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
+ encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));
+ spSsoDescriptor.getKeyDescriptors().add(encryKeyDescriptor);
+
+ } else {
+ log.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
+
+ }
+
+ // check nameID formates
+ if (config.getSpAllowedNameIdTypes() == null || config.getSpAllowedNameIdTypes().size() == 0) {
+ log.warn(
+ "SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
+ return null;
+
+ } else {
+ for (final String format : config.getSpAllowedNameIdTypes()) {
+ final NameIDFormat nameIdFormat = Saml2Utils.createSamlObject(NameIDFormat.class);
+ nameIdFormat.setFormat(format);
+ spSsoDescriptor.getNameIDFormats().add(nameIdFormat);
+
+ }
+ }
+
+
+ // add POST-Binding assertion consumer services
+ if (StringUtils.isNotEmpty(config.getSpAssertionConsumerServicePostBindingUrl())) {
+ final AssertionConsumerService postassertionConsumerService =
+ Saml2Utils.createSamlObject(AssertionConsumerService.class);
+ postassertionConsumerService.setIndex(0);
+ postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ postassertionConsumerService
+ .setLocation(config.getSpAssertionConsumerServicePostBindingUrl());
+ postassertionConsumerService.setIsDefault(true);
+ spSsoDescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
+
+ }
+
+ // add POST-Binding assertion consumer services
+ if (StringUtils.isNotEmpty(config.getSpAssertionConsumerServiceRedirectBindingUrl())) {
+ final AssertionConsumerService redirectassertionConsumerService =
+ Saml2Utils.createSamlObject(AssertionConsumerService.class);
+ redirectassertionConsumerService.setIndex(1);
+ redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ redirectassertionConsumerService
+ .setLocation(config.getSpAssertionConsumerServiceRedirectBindingUrl());
+ spSsoDescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
+
+ }
+
+ // validate WebSSO endpoints
+ if (spSsoDescriptor.getAssertionConsumerServices().size() == 0) {
+ log.warn(
+ "SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. ");
+ return null;
+
+ }
+
+ // add POST-Binding SLO descriptor
+ if (StringUtils.isNotEmpty(config.getSpSloPostBindingUrl())) {
+ final SingleLogoutService postSloService =
+ Saml2Utils.createSamlObject(SingleLogoutService.class);
+ postSloService.setLocation(config.getSpSloPostBindingUrl());
+ postSloService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ spSsoDescriptor.getSingleLogoutServices().add(postSloService);
+
+ }
+
+ // add POST-Binding SLO descriptor
+ if (StringUtils.isNotEmpty(config.getSpSloRedirectBindingUrl())) {
+ final SingleLogoutService redirectSloService =
+ Saml2Utils.createSamlObject(SingleLogoutService.class);
+ redirectSloService.setLocation(config.getSpSloRedirectBindingUrl());
+ redirectSloService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ spSsoDescriptor.getSingleLogoutServices().add(redirectSloService);
+
+ }
+
+ // add POST-Binding SLO descriptor
+ if (StringUtils.isNotEmpty(config.getSpSloSoapBindingUrl())) {
+ final SingleLogoutService soapSloService =
+ Saml2Utils.createSamlObject(SingleLogoutService.class);
+ soapSloService.setLocation(config.getSpSloSoapBindingUrl());
+ soapSloService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ spSsoDescriptor.getSingleLogoutServices().add(soapSloService);
+
+ }
+
+
+ // add required attributes
+ final Collection<RequestedAttribute> reqSpAttr = config.getSpRequiredAttributes();
+ final AttributeConsumingService attributeService =
+ Saml2Utils.createSamlObject(AttributeConsumingService.class);
+
+ attributeService.setIndex(0);
+ attributeService.setIsDefault(true);
+ final ServiceName serviceName = Saml2Utils.createSamlObject(ServiceName.class);
+ serviceName.setName(new LocalizedString("Default Service", "en"));
+ attributeService.getNames().add(serviceName);
+
+ if (reqSpAttr != null && reqSpAttr.size() > 0) {
+ log.debug("Add " + reqSpAttr.size() + " attributes to SP metadata");
+ attributeService.getRequestAttributes().addAll(reqSpAttr);
+
+ } else {
+ log.debug("SP metadata contains NO requested attributes.");
+
+ }
+
+ spSsoDescriptor.getAttributeConsumingServices().add(attributeService);
+
+ return spSsoDescriptor;
+ }
+
+ private IDPSSODescriptor generateIdpMetadata(final IPvpMetadataBuilderConfiguration config)
+ throws EaafException, CredentialsNotAvailableException, SecurityException {
+ // check response signing credential
+ final Credential responseSignCred = config.getRequestorResponseSigningCredentials();
+ if (responseSignCred == null) {
+ log.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. ");
+ return null;
+
+ }
+
+ // check nameID formates
+ if (config.getIdpPossibleNameIdTypes() == null
+ || config.getIdpPossibleNameIdTypes().size() == 0) {
+ log.warn(
+ "IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
+ return null;
+
+ }
+
+ // build SAML2 IDP-SSO descriptor element
+ final IDPSSODescriptor idpSsoDescriptor = Saml2Utils.createSamlObject(IDPSSODescriptor.class);
+
+ idpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ // set ass default value, because PVP 2.x specification defines this feature as MUST
+ idpSsoDescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned());
+
+ // add WebSSO descriptor for POST-Binding
+ if (StringUtils.isNotEmpty(config.getIdpWebSsoPostBindingUrl())) {
+ final SingleSignOnService postSingleSignOnService =
+ Saml2Utils.createSamlObject(SingleSignOnService.class);
+ postSingleSignOnService.setLocation(config.getIdpWebSsoPostBindingUrl());
+ postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ idpSsoDescriptor.getSingleSignOnServices().add(postSingleSignOnService);
+
+ }
+
+ // add WebSSO descriptor for Redirect-Binding
+ if (StringUtils.isNotEmpty(config.getIdpWebSsoRedirectBindingUrl())) {
+ final SingleSignOnService postSingleSignOnService =
+ Saml2Utils.createSamlObject(SingleSignOnService.class);
+ postSingleSignOnService.setLocation(config.getIdpWebSsoRedirectBindingUrl());
+ postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ idpSsoDescriptor.getSingleSignOnServices().add(postSingleSignOnService);
+
+ }
+
+ // add Single LogOut POST-Binding endpoing
+ if (StringUtils.isNotEmpty(config.getIdpSloPostBindingUrl())) {
+ final SingleLogoutService postSloService =
+ Saml2Utils.createSamlObject(SingleLogoutService.class);
+ postSloService.setLocation(config.getIdpSloPostBindingUrl());
+ postSloService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ idpSsoDescriptor.getSingleLogoutServices().add(postSloService);
+
+ }
+
+ // add Single LogOut Redirect-Binding endpoing
+ if (StringUtils.isNotEmpty(config.getIdpSloRedirectBindingUrl())) {
+ final SingleLogoutService redirectSloService =
+ Saml2Utils.createSamlObject(SingleLogoutService.class);
+ redirectSloService.setLocation(config.getIdpSloRedirectBindingUrl());
+ redirectSloService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ idpSsoDescriptor.getSingleLogoutServices().add(redirectSloService);
+
+ }
+
+ // validate WebSSO endpoints
+ if (idpSsoDescriptor.getSingleSignOnServices().size() == 0) {
+ log.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. ");
+ return null;
+
+ }
+
+ // set assertion signing key
+ final KeyDescriptor signKeyDescriptor = Saml2Utils.createSamlObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ final KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
+ signKeyDescriptor
+ .setKeyInfo(keyInfoGenerator.generate(config.getRequestorResponseSigningCredentials()));
+ idpSsoDescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ // set IDP attribute set
+ idpSsoDescriptor.getAttributes().addAll(config.getIdpPossibleAttributes());
+
+ // set providable nameID formats
+ for (final String format : config.getIdpPossibleNameIdTypes()) {
+ final NameIDFormat nameIdFormat = Saml2Utils.createSamlObject(NameIDFormat.class);
+ nameIdFormat.setFormat(format);
+ idpSsoDescriptor.getNameIDFormats().add(nameIdFormat);
+
+ }
+
+ return idpSsoDescriptor;
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java
index cb4a4608..559a3959 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java
@@ -1,31 +1,26 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeValue;
import org.opensaml.xml.Configuration;
@@ -35,58 +30,66 @@ import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSIntegerBuilder;
import org.opensaml.xml.schema.impl.XSStringBuilder;
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
-
public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
-
- private XMLObject buildAttributeStringValue(String value) {
- XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
- XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
- stringValue.setValue(value);
- return stringValue;
- }
-
- private XMLObject buildAttributeIntegerValue(int value) {
- XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
- XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
- integerValue.setValue(value);
- return integerValue;
- }
-
- public Attribute buildStringAttribute(final String friendlyName, final String name, final String value) {
- Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- attribute.getAttributeValues().add(buildAttributeStringValue(value));
- return attribute;
- }
-
- public Attribute buildIntegerAttribute(final String friendlyName, final String name, final int value) {
- Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
- return attribute;
- }
-
- public Attribute buildEmptyAttribute(final String friendlyName, final String name) {
- Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- return attribute;
- }
- public Attribute buildLongAttribute(String friendlyName, String name, long value) {
- Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value));
- return attribute;
- }
-
+ private XMLObject buildAttributeStringValue(final String value) {
+ final XSStringBuilder stringBuilder =
+ (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ final XSString stringValue =
+ stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+ return stringValue;
+ }
+
+ private XMLObject buildAttributeIntegerValue(final int value) {
+ final XSIntegerBuilder integerBuilder =
+ (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
+ final XSInteger integerValue =
+ integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
+ integerValue.setValue(value);
+ return integerValue;
+ }
+
+ @Override
+ public Attribute buildStringAttribute(final String friendlyName, final String name,
+ final String value) {
+ final Attribute attribute = Saml2Utils.createSamlObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ attribute.getAttributeValues().add(buildAttributeStringValue(value));
+ return attribute;
+ }
+
+ @Override
+ public Attribute buildIntegerAttribute(final String friendlyName, final String name,
+ final int value) {
+ final Attribute attribute = Saml2Utils.createSamlObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
+ return attribute;
+ }
+
+ @Override
+ public Attribute buildEmptyAttribute(final String friendlyName, final String name) {
+ final Attribute attribute = Saml2Utils.createSamlObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ return attribute;
+ }
+
+ @Override
+ public Attribute buildLongAttribute(final String friendlyName, final String name,
+ final long value) {
+ final Attribute attribute = Saml2Utils.createSamlObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value));
+ return attribute;
+ }
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFExtensionImplementation.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFExtensionImplementation.java
deleted file mode 100644
index 817ca2f6..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFExtensionImplementation.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
-
-import org.opensaml.saml2.common.impl.ExtensionsImpl;
-
-public class EAAFExtensionImplementation extends ExtensionsImpl {
-
- protected EAAFExtensionImplementation(String namespaceURI, String elementLocalName, String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
-
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestExtensionBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestExtensionBuilder.java
deleted file mode 100644
index 431784cf..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestExtensionBuilder.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
-
-import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.common.Extensions;
-
-public class EAAFRequestExtensionBuilder extends AbstractSAMLObjectBuilder<Extensions> {
-
- @Override
- public Extensions buildObject() {
- return buildObject(SAMLConstants.SAML20P_NS, Extensions.LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
-
- }
-
- @Override
- public Extensions buildObject(String namespaceURI, String localName, String namespacePrefix) {
- return new EAAFExtensionImplementation(namespaceURI, localName, namespacePrefix);
-
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeBuilder.java
deleted file mode 100644
index 33868544..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeBuilder.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
-
-import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
-
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.impl.reqattr.EAAFRequestedAttributeImpl;
-
-public class EAAFRequestedAttributeBuilder extends AbstractSAMLObjectBuilder<EAAFRequestedAttribute> {
-
- @Override
- public EAAFRequestedAttribute buildObject() {
- return buildObject(EAAFRequestedAttribute.DEFAULT_ELEMENT_NAME);
- }
-
- @Override
- public EAAFRequestedAttribute buildObject(String namespaceURI, String localName, String namespacePrefix) {
- return new EAAFRequestedAttributeImpl(namespaceURI, localName,
- namespacePrefix);
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeMarshaller.java
deleted file mode 100644
index d95adc8f..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeMarshaller.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
-
-import java.util.Map.Entry;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.Configuration;
-import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.util.XMLHelper;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
-
-public class EAAFRequestedAttributeMarshaller extends AbstractSAMLObjectMarshaller {
- protected final void marshallAttributes(final XMLObject samlElement,
- final Element domElement) throws MarshallingException {
- final EAAFRequestedAttribute requestedAttr = (EAAFRequestedAttribute) samlElement;
-
- if (requestedAttr.getName() != null) {
- domElement.setAttributeNS(null, EAAFRequestedAttribute.NAME_ATTRIB_NAME, requestedAttr.getName());
- }
-
- if (requestedAttr.getNameFormat() != null) {
- domElement.setAttributeNS(null, EAAFRequestedAttribute.NAME_FORMAT_ATTR, requestedAttr.getNameFormat());
- }
-
- if (requestedAttr.getFriendlyName() != null) {
- domElement.setAttributeNS(null, EAAFRequestedAttribute.FRIENDLY_NAME_ATT, requestedAttr.getFriendlyName());
- }
-
- if (requestedAttr.getIsRequiredXSBoolean() != null) {
- domElement.setAttributeNS(null, EAAFRequestedAttribute.IS_REQUIRED_ATTR, requestedAttr.getIsRequiredXSBoolean());
- }
-
- Attr attr;
- for (Entry<QName, String> entry : requestedAttr.getUnknownAttributes()
- .entrySet()) {
- attr = XMLHelper.constructAttribute(domElement.getOwnerDocument(),
- entry.getKey());
- attr.setValue(entry.getValue());
- domElement.setAttributeNodeNS(attr);
- if (Configuration.isIDAttribute(entry.getKey())
- || requestedAttr.getUnknownAttributes().isIDAttribute(
- entry.getKey())) {
- attr.getOwnerElement().setIdAttributeNode(attr, true);
- }
- }
- }
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeUnmarshaller.java
deleted file mode 100644
index a4515707..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeUnmarshaller.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.util.XMLHelper;
-import org.w3c.dom.Attr;
-
-import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
-
-public class EAAFRequestedAttributeUnmarshaller extends AbstractSAMLObjectUnmarshaller {
- protected final void processChildElement(final XMLObject parentSAMLObject, final XMLObject childSAMLObject) throws UnmarshallingException {
- final EAAFRequestedAttribute requestedAttr = (EAAFRequestedAttribute) parentSAMLObject;
- final QName childQName = childSAMLObject.getElementQName();
-
- if ("AttributeValue".equals(childQName.getLocalPart())
- && childQName.getNamespaceURI().equals(PVPConstants.EIDAT10_SAML_NS)) {
- requestedAttr.getAttributeValues().add(childSAMLObject);
-
- } else
- super.processChildElement(parentSAMLObject, childSAMLObject);
-
- }
-
- protected final void processAttribute(final XMLObject samlObject, final Attr attribute) throws UnmarshallingException {
- final EAAFRequestedAttribute requestedAttr = (EAAFRequestedAttribute) samlObject;
- if (attribute.getLocalName().equals(EAAFRequestedAttribute.NAME_ATTRIB_NAME)) {
- requestedAttr.setName(attribute.getValue());
-
- } else if (attribute.getLocalName().equals(EAAFRequestedAttribute.NAME_FORMAT_ATTR)) {
- requestedAttr.setNameFormat(attribute.getValue());
-
- } else if (attribute.getLocalName().equals(EAAFRequestedAttribute.FRIENDLY_NAME_ATT)) {
- requestedAttr.setFriendlyName(attribute.getValue());
-
- } else if (attribute.getLocalName().equals(EAAFRequestedAttribute.IS_REQUIRED_ATTR)) {
- requestedAttr.setIsRequired(attribute.getValue());
-
- } else {
- final QName attribQName = XMLHelper.getNodeQName(attribute);
- if (attribute.isId()) {
- requestedAttr.getUnknownAttributes().registerID(attribQName);
- }
- requestedAttr.getUnknownAttributes().put(attribQName,
- attribute.getValue());
- }
- }
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesBuilder.java
deleted file mode 100644
index 6e432b25..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesBuilder.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
-
-import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
-
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.impl.reqattr.EAAFRequestedAttributesImpl;
-
-public class EAAFRequestedAttributesBuilder extends AbstractSAMLObjectBuilder<EAAFRequestedAttributes> {
-
- @Override
- public EAAFRequestedAttributes buildObject() {
- return buildObject(EAAFRequestedAttributes.DEFAULT_ELEMENT_NAME);
- }
-
- @Override
- public EAAFRequestedAttributes buildObject(String namespaceURI, String localName, String namespacePrefix) {
- return new EAAFRequestedAttributesImpl(namespaceURI, localName,
- namespacePrefix);
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesMarshaller.java
deleted file mode 100644
index 28d50422..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesMarshaller.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
-
-import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
-
-public class EAAFRequestedAttributesMarshaller extends AbstractSAMLObjectMarshaller {
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesUnmarshaller.java
deleted file mode 100644
index b2758326..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesUnmarshaller.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
-
-import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.UnmarshallingException;
-
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
-
-public class EAAFRequestedAttributesUnmarshaller extends AbstractSAMLObjectUnmarshaller {
- protected final void processChildElement(final XMLObject parentObject,
- final XMLObject childObject) throws UnmarshallingException {
- final EAAFRequestedAttributes attrStatement = (EAAFRequestedAttributes) parentObject;
- if (childObject instanceof EAAFRequestedAttribute) {
- attrStatement.getAttributes().add((EAAFRequestedAttribute) childObject);
-
- } else
- super.processChildElement(parentObject, childObject);
-
- }
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafExtensionImplementation.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafExtensionImplementation.java
new file mode 100644
index 00000000..e61f5e6e
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafExtensionImplementation.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import org.opensaml.saml2.common.impl.ExtensionsImpl;
+
+public class EaafExtensionImplementation extends ExtensionsImpl {
+
+ protected EaafExtensionImplementation(final String namespaceUri, final String elementLocalName,
+ final String namespacePrefix) {
+ super(namespaceUri, elementLocalName, namespacePrefix);
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java
new file mode 100644
index 00000000..d8ea35a0
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
+
+public class EaafRequestExtensionBuilder extends AbstractSAMLObjectBuilder<Extensions> {
+
+ @Override
+ public Extensions buildObject() {
+ return buildObject(SAMLConstants.SAML20P_NS, Extensions.LOCAL_NAME,
+ SAMLConstants.SAML20P_PREFIX);
+
+ }
+
+ @Override
+ public Extensions buildObject(final String namespaceUri, final String localName, final String namespacePrefix) {
+ return new EaafExtensionImplementation(namespaceUri, localName, namespacePrefix);
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java
new file mode 100644
index 00000000..4f91f267
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.impl.reqattr.EaafRequestedAttributeImpl;
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+public class EaafRequestedAttributeBuilder
+ extends AbstractSAMLObjectBuilder<EaafRequestedAttribute> {
+
+ @Override
+ public EaafRequestedAttribute buildObject() {
+ return buildObject(EaafRequestedAttribute.DEFAULT_ELEMENT_NAME);
+ }
+
+ @Override
+ public EaafRequestedAttribute buildObject(final String namespaceUri, final String localName,
+ final String namespacePrefix) {
+ return new EaafRequestedAttributeImpl(namespaceUri, localName, namespacePrefix);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java
new file mode 100644
index 00000000..a370818e
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import java.util.Map.Entry;
+import javax.xml.namespace.QName;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+
+public class EaafRequestedAttributeMarshaller extends AbstractSAMLObjectMarshaller {
+ @Override
+ protected final void marshallAttributes(final XMLObject samlElement, final Element domElement)
+ throws MarshallingException {
+ final EaafRequestedAttribute requestedAttr = (EaafRequestedAttribute) samlElement;
+
+ if (requestedAttr.getName() != null) {
+ domElement.setAttributeNS(null, EaafRequestedAttribute.NAME_ATTRIB_NAME,
+ requestedAttr.getName());
+ }
+
+ if (requestedAttr.getNameFormat() != null) {
+ domElement.setAttributeNS(null, EaafRequestedAttribute.NAME_FORMAT_ATTR,
+ requestedAttr.getNameFormat());
+ }
+
+ if (requestedAttr.getFriendlyName() != null) {
+ domElement.setAttributeNS(null, EaafRequestedAttribute.FRIENDLY_NAME_ATT,
+ requestedAttr.getFriendlyName());
+ }
+
+ if (requestedAttr.getIsRequiredXsBoolean() != null) {
+ domElement.setAttributeNS(null, EaafRequestedAttribute.IS_REQUIRED_ATTR,
+ requestedAttr.getIsRequiredXsBoolean());
+ }
+
+ Attr attr;
+ for (final Entry<QName, String> entry : requestedAttr.getUnknownAttributes().entrySet()) {
+ attr = XMLHelper.constructAttribute(domElement.getOwnerDocument(), entry.getKey());
+ attr.setValue(entry.getValue());
+ domElement.setAttributeNodeNS(attr);
+ if (org.opensaml.xml.Configuration.isIDAttribute(entry.getKey())
+ || requestedAttr.getUnknownAttributes().isIDAttribute(entry.getKey())) {
+ attr.getOwnerElement().setIdAttributeNode(attr, true);
+ }
+ }
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java
new file mode 100644
index 00000000..25baed16
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Attr;
+
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
+public class EaafRequestedAttributeUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+ @Override
+ protected final void processChildElement(final XMLObject parentSamlObject,
+ final XMLObject childSamlObject) throws UnmarshallingException {
+ final EaafRequestedAttribute requestedAttr = (EaafRequestedAttribute) parentSamlObject;
+ final QName childQName = childSamlObject.getElementQName();
+
+ if ("AttributeValue".equals(childQName.getLocalPart())
+ && childQName.getNamespaceURI().equals(PvpConstants.EIDAT10_SAML_NS)) {
+ requestedAttr.getAttributeValues().add(childSamlObject);
+
+ } else {
+ super.processChildElement(parentSamlObject, childSamlObject);
+ }
+
+ }
+
+ @Override
+ protected final void processAttribute(final XMLObject samlObject, final Attr attribute)
+ throws UnmarshallingException {
+ final EaafRequestedAttribute requestedAttr = (EaafRequestedAttribute) samlObject;
+ if (attribute.getLocalName().equals(EaafRequestedAttribute.NAME_ATTRIB_NAME)) {
+ requestedAttr.setName(attribute.getValue());
+
+ } else if (attribute.getLocalName().equals(EaafRequestedAttribute.NAME_FORMAT_ATTR)) {
+ requestedAttr.setNameFormat(attribute.getValue());
+
+ } else if (attribute.getLocalName().equals(EaafRequestedAttribute.FRIENDLY_NAME_ATT)) {
+ requestedAttr.setFriendlyName(attribute.getValue());
+
+ } else if (attribute.getLocalName().equals(EaafRequestedAttribute.IS_REQUIRED_ATTR)) {
+ requestedAttr.setIsRequired(attribute.getValue());
+
+ } else {
+ final QName attribQName = XMLHelper.getNodeQName(attribute);
+ if (attribute.isId()) {
+ requestedAttr.getUnknownAttributes().registerID(attribQName);
+ }
+ requestedAttr.getUnknownAttributes().put(attribQName, attribute.getValue());
+ }
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java
new file mode 100644
index 00000000..1f68747f
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.impl.reqattr.EaafRequestedAttributesImpl;
+
+public class EaafRequestedAttributesBuilder
+ extends AbstractSAMLObjectBuilder<EaafRequestedAttributes> {
+
+ @Override
+ public EaafRequestedAttributes buildObject() {
+ return buildObject(EaafRequestedAttributes.DEFAULT_ELEMENT_NAME);
+ }
+
+ @Override
+ public EaafRequestedAttributes buildObject(final String namespaceUri, final String localName,
+ final String namespacePrefix) {
+ return new EaafRequestedAttributesImpl(namespaceUri, localName, namespacePrefix);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java
new file mode 100644
index 00000000..2fff64b3
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+
+public class EaafRequestedAttributesMarshaller extends AbstractSAMLObjectMarshaller {
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java
new file mode 100644
index 00000000..b2cf7a82
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+public class EaafRequestedAttributesUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+ @Override
+ protected final void processChildElement(final XMLObject parentObject,
+ final XMLObject childObject) throws UnmarshallingException {
+ final EaafRequestedAttributes attrStatement = (EaafRequestedAttributes) parentObject;
+ if (childObject instanceof EaafRequestedAttribute) {
+ attrStatement.getAttributes().add((EaafRequestedAttribute) childObject);
+
+ } else {
+ super.processChildElement(parentObject, childObject);
+ }
+
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
index 452fa553..107a856e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
@@ -1,123 +1,135 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.message;
import java.io.Serializable;
-
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
-
-/**
- * @author tlenz
- *
- */
-public class InboundMessage implements InboundMessageInterface, Serializable{
- private static final Logger log = LoggerFactory.getLogger(InboundMessage.class);
-
- private static final long serialVersionUID = 2395131650841669663L;
-
- private Element samlMessage = null;
- private boolean verified = false;
- private String entityID = null;
- private String relayState = null;
-
-
- public EntityDescriptor getEntityMetadata(IPVPMetadataProvider metadataProvider) throws NoMetadataInformationException {
- try {
- if (metadataProvider == null)
- throw new NullPointerException("No PVP MetadataProvider found.");
-
- return metadataProvider.getEntityDescriptor(this.entityID);
-
- } catch (MetadataProviderException e) {
- log.warn("No Metadata for EntitiyID " + entityID);
- throw new NoMetadataInformationException();
- }
- }
-
- /**
- * @param entitiyID the entitiyID to set
- */
- public void setEntityID(String entitiyID) {
- this.entityID = entitiyID;
- }
-
- public void setVerified(boolean verified) {
- this.verified = verified;
- }
-
- /**
- * @param relayState the relayState to set
- */
- public void setRelayState(String relayState) {
- this.relayState = relayState;
- }
-
- public void setSAMLMessage(Element msg) {
- this.samlMessage = msg;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
- */
- @Override
- public String getRelayState() {
- return relayState;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
- */
- @Override
- public String getEntityID() {
- return entityID;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
- */
- @Override
- public boolean isVerified() {
- return verified;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
- */
- @Override
- public Element getInboundMessage() {
- return samlMessage;
- }
+public class InboundMessage implements InboundMessageInterface, Serializable {
+ private static final Logger log = LoggerFactory.getLogger(InboundMessage.class);
+
+ private static final long serialVersionUID = 2395131650841669663L;
+
+ private Element samlMessage = null;
+ private boolean verified = false;
+ private String entityID = null;
+ private String relayState = null;
+
+ /**
+ * Get SAML2 metadata for Entity that sends this request.
+ *
+ * @param metadataProvider Metadataprovider
+ * @return EntityDescriptor from metadata
+ * @throws NoMetadataInformationException In case of an error
+ */
+ public EntityDescriptor getEntityMetadata(final IPvpMetadataProvider metadataProvider)
+ throws NoMetadataInformationException {
+ try {
+ if (metadataProvider == null) {
+ throw new NullPointerException("No PVP MetadataProvider found.");
+ }
+
+ return metadataProvider.getEntityDescriptor(this.entityID);
+
+ } catch (final MetadataProviderException e) {
+ log.warn("No Metadata for EntitiyID " + entityID);
+ throw new NoMetadataInformationException();
+ }
+ }
+
+ /**
+ * Set EntitId of requester.
+ *
+ * @param entitiyID the entitiyID to set
+ */
+ public void setEntityID(final String entitiyID) {
+ this.entityID = entitiyID;
+ }
+
+ public void setVerified(final boolean verified) {
+ this.verified = verified;
+ }
+
+ /**
+ * Set relayState from requester.
+ *
+ * @param relayState the relayState to set
+ */
+ public void setRelayState(final String relayState) {
+ this.relayState = relayState;
+ }
+
+ /**
+ * Set full SAML2 message.
+ *
+ * @param msg message
+ */
+ public void setSamlMessage(final Element msg) {
+ this.samlMessage = msg;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
+ */
+ @Override
+ public String getRelayState() {
+ return relayState;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
+ */
+ @Override
+ public String getEntityID() {
+ return entityID;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
+ */
+ @Override
+ public boolean isVerified() {
+ return verified;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
+ */
+ @Override
+ public Element getInboundMessage() {
+ return samlMessage;
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileRequest.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileRequest.java
deleted file mode 100644
index 9c9c913d..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileRequest.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.message;
-
-
-import org.opensaml.Configuration;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.signature.SignableXMLObject;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class PVPSProfileRequest extends InboundMessage{
- private static final Logger log = LoggerFactory.getLogger(PVPSProfileRequest.class);
-
- private static final long serialVersionUID = 8613921176727607896L;
-
- private String binding = null;
-
- public PVPSProfileRequest(SignableXMLObject inboundMessage, String binding) {
- setSAMLMessage(inboundMessage.getDOM());
- this.binding = binding;
-
- }
-
- public String getRequestBinding() {
- return binding;
- }
-
- public SignableXMLObject getSamlRequest() {
- UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
- Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-
- try {
- return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage());
-
- } catch (UnmarshallingException e) {
- log.warn("AuthnRequest Unmarshaller error", e);
- return null;
- }
-
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileResponse.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileResponse.java
deleted file mode 100644
index 107aa731..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PVPSProfileResponse.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.message;
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class PVPSProfileResponse extends InboundMessage {
-
- private static final Logger log = LoggerFactory.getLogger(PVPSProfileResponse.class);
-
- private static final long serialVersionUID = -1133012928130138501L;
-
- public PVPSProfileResponse(StatusResponseType response) {
- setSAMLMessage(response.getDOM());
- }
-
- public StatusResponseType getResponse() {
- UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
- Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-
- try {
- return (StatusResponseType) unmashaller.unmarshall(getInboundMessage());
-
- } catch (UnmarshallingException e) {
- log.warn("AuthnResponse Unmarshaller error", e);
- return null;
- }
-
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java
new file mode 100644
index 00000000..dce2dd04
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.message;
+
+
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.signature.SignableXMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PvpSProfileRequest extends InboundMessage {
+ private static final Logger log = LoggerFactory.getLogger(PvpSProfileRequest.class);
+
+ private static final long serialVersionUID = 8613921176727607896L;
+
+ private String binding = null;
+
+ /**
+ * PVP2 S-Profil request DAO.
+ *
+ * @param inboundMessage SAML2 request object
+ * @param binding Used SAML2 binding
+ */
+ public PvpSProfileRequest(final SignableXMLObject inboundMessage, final String binding) {
+ setSamlMessage(inboundMessage.getDOM());
+ this.binding = binding;
+
+ }
+
+ public String getRequestBinding() {
+ return binding;
+ }
+
+ /**
+ * Get SAML2 request object.
+ *
+ * @return
+ */
+ public SignableXMLObject getSamlRequest() {
+ final UnmarshallerFactory unmarshallerFactory =
+ org.opensaml.xml.Configuration.getUnmarshallerFactory();
+ final Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
+
+ try {
+ return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage());
+
+ } catch (final UnmarshallingException e) {
+ log.warn("AuthnRequest Unmarshaller error", e);
+ return null;
+ }
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileResponse.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileResponse.java
new file mode 100644
index 00000000..8d1cbe8c
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileResponse.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.message;
+
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PvpSProfileResponse extends InboundMessage {
+
+ private static final Logger log = LoggerFactory.getLogger(PvpSProfileResponse.class);
+
+ private static final long serialVersionUID = -1133012928130138501L;
+
+ public PvpSProfileResponse(final StatusResponseType response) {
+ setSamlMessage(response.getDOM());
+ }
+
+ /**
+ * Get SAML2 Response object.
+ *
+ * @return
+ */
+ public StatusResponseType getResponse() {
+ final UnmarshallerFactory unmarshallerFactory =
+ org.opensaml.xml.Configuration.getUnmarshallerFactory();
+ final Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
+
+ try {
+ return (StatusResponseType) unmashaller.unmarshall(getInboundMessage());
+
+ } catch (final UnmarshallingException e) {
+ log.warn("AuthnResponse Unmarshaller error", e);
+ return null;
+ }
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
index 08ef26ab..ec81353a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -1,29 +1,22 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
import java.io.IOException;
@@ -35,9 +28,12 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Timer;
-
import javax.xml.namespace.QName;
-
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -52,419 +48,474 @@ import org.opensaml.xml.XMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import at.gv.egiz.components.spring.api.IDestroyableObject;
-import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-
public abstract class AbstractChainingMetadataProvider extends SimpleMetadataProvider
- implements ObservableMetadataProvider, IGarbageCollectorProcessing,
- IRefreshableMetadataProvider, IDestroyableObject, IPVPMetadataProvider {
-
- private static final Logger log = LoggerFactory.getLogger(AbstractChainingMetadataProvider.class);
-
- private MetadataProvider internalProvider = null;
- private static Object mutex = new Object();
- private Timer timer = null;
-
-
- public AbstractChainingMetadataProvider() {
- internalProvider = new ChainingMetadataProvider();
-
- }
-
- public final Timer getTimer() {
- return this.timer;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
- */
- @Override
- public void runGarbageCollector() {
- synchronized (mutex) {
- /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
- try {
- log.trace("Check consistence of PVP2X metadata");
- addAndRemoveMetadataProvider();
-
- } catch (EAAFConfigurationException e) {
- log.error("Access to MOA-ID configuration FAILED.", e);
-
- }
- }
-
- }
-
- public void fullyDestroy() {
- internalDestroy();
-
- }
-
- @Override
- public synchronized boolean refreshMetadataProvider(String entityID) {
- try {
- //check if metadata provider is already loaded
- try {
- if (internalProvider.getEntityDescriptor(entityID) != null)
- return true;
-
- } catch (MetadataProviderException e) {}
-
-
- //reload metadata provider
- String metadataURL = getMetadataURL(entityID);
- if (StringUtils.isNotEmpty(metadataURL)) {
- Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
-
- // check if MetadataProvider is actually loaded
- if (actuallyLoadedProviders.containsKey(metadataURL)) {
- actuallyLoadedProviders.get(metadataURL).refresh();
- log.info("SAML2 metadata for service provider: "
- + entityID + " is refreshed.");
- return true;
-
- } else {
- //load new Metadata Provider
- if (timer == null)
- timer = new Timer(true);
-
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
- chainProvider.addMetadataProvider(createNewMetadataProvider(entityID));
-
- emitChangeEvent();
- log.info("SAML2 metadata for service provider: "
- + entityID + " is added.");
- return true;
-
- }
-
- } else
- log.debug("Can not refresh SAML2 metadata: NO SAML2 metadata URL for SP with Id: " + entityID);
-
- } catch (MetadataProviderException e) {
- log.warn("Refresh SAML2 metadata for service provider: "
- + entityID + " FAILED.", e);
-
- } catch (IOException e) {
- log.warn("Refresh SAML2 metadata for service provider: "
- + entityID + " FAILED.", e);
-
- } catch (EAAFConfigurationException e) {
- log.warn("Refresh SAML2 metadata for service provider: "
- + entityID + " FAILED.", e);
-
- } catch (CertificateException e) {
- log.warn("Refresh SAML2 metadata for service provider: "
- + entityID + " FAILED.", e);
-
- }
-
- return false;
-
- }
-
- public void internalDestroy() {
- if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
- log.info("Destrorying PVP-Authentication MetaDataProvider.");
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-
- List<MetadataProvider> providers = chainProvider.getProviders();
- for (MetadataProvider provider : providers) {
- if (provider instanceof HTTPMetadataProvider) {
- HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
- log.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
- httpprovider.destroy();
-
- } else {
- log.warn("MetadataProvider can not be destroyed.");
- }
- }
-
- internalProvider = new ChainingMetadataProvider();
-
- if (timer != null)
- timer.cancel();
-
- } else {
- log.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
- }
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#requireValidMetadata()
- */
- @Override
- public boolean requireValidMetadata() {
- return internalProvider.requireValidMetadata();
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setRequireValidMetadata(boolean)
- */
- @Override
- public void setRequireValidMetadata(boolean requireValidMetadata) {
- internalProvider.setRequireValidMetadata(requireValidMetadata);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadataFilter()
- */
- @Override
- public MetadataFilter getMetadataFilter() {
- return internalProvider.getMetadataFilter();
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter)
- */
- @Override
- public void setMetadataFilter(MetadataFilter newFilter)
- throws MetadataProviderException {
- internalProvider.setMetadataFilter(newFilter);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadata()
- */
- @Override
- public XMLObject getMetadata() throws MetadataProviderException {
- return internalProvider.getMetadata();
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntitiesDescriptor(java.lang.String)
- */
- @Override
- public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
- throws MetadataProviderException {
- EntitiesDescriptor entitiesDesc = null;
- try {
- entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
-
- if (entitiesDesc == null) {
- log.debug("Can not find PVP metadata for entityID: " + entitiesID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entitiesID))
- return internalProvider.getEntitiesDescriptor(entitiesID);
-
- }
-
- } catch (MetadataProviderException e) {
- log.debug("Can not find PVP metadata for entityID: " + entitiesID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entitiesID))
- return internalProvider.getEntitiesDescriptor(entitiesID);
-
- }
-
- return entitiesDesc;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntityDescriptor(java.lang.String)
- */
- @Override
- public EntityDescriptor getEntityDescriptor(String entityID)
- throws MetadataProviderException {
- EntityDescriptor entityDesc = null;
- try {
- entityDesc = internalProvider.getEntityDescriptor(entityID);
- if (entityDesc == null) {
- log.debug("Can not find PVP metadata for entityID: " + entityID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entityID))
- return internalProvider.getEntityDescriptor(entityID);
-
- }
-
- } catch (MetadataProviderException e) {
- log.debug("Can not find PVP metadata for entityID: " + entityID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entityID))
- return internalProvider.getEntityDescriptor(entityID);
-
- }
-
-// if (entityDesc != null)
-// lastAccess.put(entityID, new Date());
-
- return entityDesc;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName)
- */
- @Override
- public List<RoleDescriptor> getRole(String entityID, QName roleName)
- throws MetadataProviderException {
- List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
-
-// if (result != null)
-// lastAccess.put(entityID, new Date());
-
- return result;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String)
- */
- @Override
- public RoleDescriptor getRole(String entityID, QName roleName,
- String supportedProtocol) throws MetadataProviderException {
- RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
-
-// if (result != null)
-// lastAccess.put(entityID, new Date());
-
- return result;
- }
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
- */
- @Override
- public List<Observer> getObservers() {
- return ((ChainingMetadataProvider) internalProvider).getObservers();
- }
-
-
- /**
- * Get the URL to metadata for a specific entityID
- *
- * @param entityId
- * @return
- * @throws EAAFConfigurationException
- */
- protected abstract String getMetadataURL(String entityId) throws EAAFConfigurationException;
-
- /**
- * Creates a new implementation specific SAML2 metadata provider
- *
- * @param entityId
- * @return
- * @throws EAAFConfigurationException
- * @throws IOException
- * @throws CertificateException
- * @throws ConfigurationException
- */
- protected abstract MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException;
-
- /**
- * Get a List of metadata URLs for all SAML2 SPs from configuration
- *
- * @throws EAAFConfigurationException
- */
- protected abstract List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException;
-
-
- protected void emitChangeEvent() {
- if ((getObservers() == null) || (getObservers().size() == 0)) {
- return;
- }
-
- List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
- for (ObservableMetadataProvider.Observer observer : tempObserverList)
- if (observer != null)
- observer.onEvent(this);
- }
-
- private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
- Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-
- //make a Map of all actually loaded HTTPMetadataProvider
- List<MetadataProvider> providers = chainProvider.getProviders();
- for (MetadataProvider provider : providers) {
- if (provider instanceof HTTPMetadataProvider) {
- HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
- loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
-
- }
- }
-
- return loadedproviders;
- }
-
- private void addAndRemoveMetadataProvider() throws EAAFConfigurationException {
- if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
- log.info("Reload MOAMetaDataProvider.");
-
- /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
- *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
- Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-
- //get all actually loaded metadata providers
- Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
-
- /* TODO: maybe add metadata provider destroy after timeout.
- * But could be a problem if one Metadataprovider load an EntitiesDescriptor
- * with more the multiple EntityDescriptors. If one of this EntityDesciptors
- * are expired the full EntitiesDescriptor is removed.
- *
- * Timeout requires a better solution in this case!
- */
-
- //load all SAML2 SPs form configuration and
- //compare actually loaded Providers with configured SAML2 SPs
- List<String> allMetadataURLs = getAllMetadataURLsFromConfiguration();
-
- if (allMetadataURLs != null) {
- Iterator<String> metadataURLInterator = allMetadataURLs.iterator();
- while (metadataURLInterator.hasNext()) {
- String metadataurl = metadataURLInterator.next();
- try {
- if (StringUtils.isNotEmpty(metadataurl)) {
- if (loadedproviders.containsKey(metadataurl)) {
- // SAML2 SP is actually loaded, to nothing
- providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
- loadedproviders.remove(metadataurl);
-
- }
- }
- } catch (Throwable e) {
- log.error(
- "Failed to add Metadata (unhandled reason: " + e.getMessage(), e);
-
- }
- }
- }
-
- //remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
- Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
- for (HTTPMetadataProvider provider : notusedproviders) {
- String metadataurl = provider.getMetadataURI();
- try {
- provider.destroy();
-
- /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
- *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
- //chainProvider.removeMetadataProvider(provider);
- log.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
-
- } catch (Throwable e) {
- log.error("HTTPMetadataProvider with URL " + metadataurl
- + " can not be removed from the list of actually loaded Providers.", e);
-
- }
-
- }
-
- try {
- chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
- emitChangeEvent();
-
- } catch (MetadataProviderException e) {
- log.warn("ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy", e);
-
- }
-
- } else
- log.warn("ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy");
-
- }
+ implements ObservableMetadataProvider, IGarbageCollectorProcessing,
+ IRefreshableMetadataProvider, IDestroyableObject, IPvpMetadataProvider {
+
+ private static final Logger log = LoggerFactory.getLogger(AbstractChainingMetadataProvider.class);
+
+ private MetadataProvider internalProvider = null;
+ private static Object mutex = new Object();
+ private Timer timer = null;
+
+
+ public AbstractChainingMetadataProvider() {
+ internalProvider = new ChainingMetadataProvider();
+
+ }
+
+ public final Timer getTimer() {
+ return this.timer;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
+ */
+ @Override
+ public void runGarbageCollector() {
+ synchronized (mutex) {
+ /* add new Metadataprovider or remove Metadataprovider which are not in use any more. */
+ try {
+ log.trace("Check consistence of PVP2X metadata");
+ addAndRemoveMetadataProvider();
+
+ } catch (final EaafConfigurationException e) {
+ log.error("Access to MOA-ID configuration FAILED.", e);
+
+ }
+ }
+
+ }
+
+ @Override
+ public void fullyDestroy() {
+ internalDestroy();
+
+ }
+
+ @Override
+ public synchronized boolean refreshMetadataProvider(final String entityID) {
+ try {
+ // check if metadata provider is already loaded
+ try {
+ if (internalProvider.getEntityDescriptor(entityID) != null) {
+ return true;
+ }
+
+ } catch (final MetadataProviderException e) {
+ log.debug("Metadata for EntityId: {} is not valid. Starting refresh ... ", entityID);
+
+ }
+
+
+ // reload metadata provider
+ final String metadataUrl = getMetadataUrl(entityID);
+ if (StringUtils.isNotEmpty(metadataUrl)) {
+ final Map<String, HTTPMetadataProvider> actuallyLoadedProviders =
+ getAllActuallyLoadedProviders();
+
+ // check if MetadataProvider is actually loaded
+ if (actuallyLoadedProviders.containsKey(metadataUrl)) {
+ actuallyLoadedProviders.get(metadataUrl).refresh();
+ log.info("SAML2 metadata for service provider: " + entityID + " is refreshed.");
+ return true;
+
+ } else {
+ // load new Metadata Provider
+ if (timer == null) {
+ timer = new Timer(true);
+ }
+
+ final ChainingMetadataProvider chainProvider =
+ (ChainingMetadataProvider) internalProvider;
+ chainProvider.addMetadataProvider(createNewMetadataProvider(entityID));
+
+ emitChangeEvent();
+ log.info("SAML2 metadata for service provider: " + entityID + " is added.");
+ return true;
+
+ }
+
+ } else {
+ log.debug(
+ "Can not refresh SAML2 metadata: NO SAML2 metadata URL for SP with Id: " + entityID);
+ }
+
+ } catch (final MetadataProviderException e) {
+ log.warn("Refresh SAML2 metadata for service provider: " + entityID + " FAILED.", e);
+
+ } catch (final IOException e) {
+ log.warn("Refresh SAML2 metadata for service provider: " + entityID + " FAILED.", e);
+
+ } catch (final EaafConfigurationException e) {
+ log.warn("Refresh SAML2 metadata for service provider: " + entityID + " FAILED.", e);
+
+ } catch (final CertificateException e) {
+ log.warn("Refresh SAML2 metadata for service provider: " + entityID + " FAILED.", e);
+
+ }
+
+ return false;
+
+ }
+
+ /**
+ * Close metadata provider and remove all loaded metadata.
+ *
+ */
+ public void internalDestroy() {
+ if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+ log.info("Destrorying PVP-Authentication MetaDataProvider.");
+ final ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+
+ final List<MetadataProvider> providers = chainProvider.getProviders();
+ for (final MetadataProvider provider : providers) {
+ if (provider instanceof HTTPMetadataProvider) {
+ final HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+ log.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
+ httpprovider.destroy();
+
+ } else {
+ log.warn("MetadataProvider can not be destroyed.");
+ }
+ }
+
+ internalProvider = new ChainingMetadataProvider();
+
+ if (timer != null) {
+ timer.cancel();
+ }
+
+ } else {
+ log.warn(
+ "ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
+ }
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#requireValidMetadata()
+ */
+ @Override
+ public boolean requireValidMetadata() {
+ return internalProvider.requireValidMetadata();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setRequireValidMetadata
+ * (boolean)
+ */
+ @Override
+ public void setRequireValidMetadata(final boolean requireValidMetadata) {
+ internalProvider.setRequireValidMetadata(requireValidMetadata);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadataFilter()
+ */
+ @Override
+ public MetadataFilter getMetadataFilter() {
+ return internalProvider.getMetadataFilter();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setMetadataFilter(org.
+ * opensaml.saml2.metadata.provider.MetadataFilter)
+ */
+ @Override
+ public void setMetadataFilter(final MetadataFilter newFilter) throws MetadataProviderException {
+ internalProvider.setMetadataFilter(newFilter);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadata()
+ */
+ @Override
+ public XMLObject getMetadata() throws MetadataProviderException {
+ return internalProvider.getMetadata();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntitiesDescriptor(
+ * java.lang.String)
+ */
+ @Override
+ public EntitiesDescriptor getEntitiesDescriptor(final String entitiesID)
+ throws MetadataProviderException {
+ EntitiesDescriptor entitiesDesc = null;
+ try {
+ entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
+
+ if (entitiesDesc == null) {
+ log.debug("Can not find PVP metadata for entityID: " + entitiesID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entitiesID)) {
+ return internalProvider.getEntitiesDescriptor(entitiesID);
+ }
+
+ }
+
+ } catch (final MetadataProviderException e) {
+ log.debug("Can not find PVP metadata for entityID: " + entitiesID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entitiesID)) {
+ return internalProvider.getEntitiesDescriptor(entitiesID);
+ }
+
+ }
+
+ return entitiesDesc;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntityDescriptor(
+ * java.lang.String)
+ */
+ @Override
+ public EntityDescriptor getEntityDescriptor(final String entityID)
+ throws MetadataProviderException {
+ EntityDescriptor entityDesc = null;
+ try {
+ entityDesc = internalProvider.getEntityDescriptor(entityID);
+ if (entityDesc == null) {
+ log.debug("Can not find PVP metadata for entityID: " + entityID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID)) {
+ return internalProvider.getEntityDescriptor(entityID);
+ }
+
+ }
+
+ } catch (final MetadataProviderException e) {
+ log.debug(
+ "Can not find PVP metadata for entityID: " + entityID + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID)) {
+ return internalProvider.getEntityDescriptor(entityID);
+ }
+
+ }
+
+ // if (entityDesc != null)
+ // lastAccess.put(entityID, new Date());
+
+ return entityDesc;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.
+ * String, javax.xml.namespace.QName)
+ */
+ @Override
+ public List<RoleDescriptor> getRole(final String entityID, final QName roleName)
+ throws MetadataProviderException {
+ final List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
+
+ // if (result != null)
+ // lastAccess.put(entityID, new Date());
+
+ return result;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.
+ * String, javax.xml.namespace.QName, java.lang.String)
+ */
+ @Override
+ public RoleDescriptor getRole(final String entityID, final QName roleName,
+ final String supportedProtocol) throws MetadataProviderException {
+ final RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
+
+ // if (result != null)
+ // lastAccess.put(entityID, new Date());
+
+ return result;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
+ */
+ @Override
+ public List<Observer> getObservers() {
+ return ((ChainingMetadataProvider) internalProvider).getObservers();
+ }
+
+
+ /**
+ * Get the URL to metadata for a specific entityID.
+ *
+ * @param entityId EntityId
+ * @return URL to metadata
+ * @throws EaafConfigurationException In case of an error
+ */
+ protected abstract String getMetadataUrl(String entityId) throws EaafConfigurationException;
+
+ /**
+ * Creates a new implementation specific SAML2 metadata provider.
+ *
+ * @param entityId EntityId
+ * @return MetadataProvider
+ * @throws EaafConfigurationException In case of an error
+ * @throws IOException In case of an error
+ * @throws CertificateException In case of an error
+ * @throws ConfigurationException In case of an error
+ */
+ protected abstract MetadataProvider createNewMetadataProvider(String entityId)
+ throws EaafConfigurationException, IOException, CertificateException;
+
+ /**
+ * Get a List of metadata URLs for all SAML2 SPs from configuration.
+ *
+ * @throws EaafConfigurationException In case of an error
+ */
+ protected abstract List<String> getAllMetadataUrlsFromConfiguration()
+ throws EaafConfigurationException;
+
+
+ protected void emitChangeEvent() {
+ if ((getObservers() == null) || (getObservers().size() == 0)) {
+ return;
+ }
+
+ final List<Observer> tempObserverList = new ArrayList<>(getObservers());
+ for (final ObservableMetadataProvider.Observer observer : tempObserverList) {
+ if (observer != null) {
+ observer.onEvent(this);
+ }
+ }
+ }
+
+ private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
+ final Map<String, HTTPMetadataProvider> loadedproviders =
+ new HashMap<>();
+ final ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+
+ // make a Map of all actually loaded HTTPMetadataProvider
+ final List<MetadataProvider> providers = chainProvider.getProviders();
+ for (final MetadataProvider provider : providers) {
+ if (provider instanceof HTTPMetadataProvider) {
+ final HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+ loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
+
+ }
+ }
+
+ return loadedproviders;
+ }
+
+ private void addAndRemoveMetadataProvider() throws EaafConfigurationException {
+ if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+ log.info("Reload MOAMetaDataProvider.");
+
+ /*
+ * OpenSAML ChainingMetadataProvider can not remove a MetadataProvider
+ * (UnsupportedOperationException) The ChainingMetadataProvider use internal a
+ * unmodifiableList to hold all registrated MetadataProviders.
+ */
+ final Map<String, MetadataProvider> providersinuse = new HashMap<>();
+ final ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+
+ // get all actually loaded metadata providers
+ final Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+
+ /*
+ * TODO: maybe add metadata provider destroy after timeout. But could be a problem if one
+ * Metadataprovider load an EntitiesDescriptor with more the multiple EntityDescriptors. If
+ * one of this EntityDesciptors are expired the full EntitiesDescriptor is removed.
+ *
+ * Timeout requires a better solution in this case!
+ */
+
+ // load all SAML2 SPs form configuration and
+ // compare actually loaded Providers with configured SAML2 SPs
+ final List<String> allMetadataUrls = getAllMetadataUrlsFromConfiguration();
+
+ if (allMetadataUrls != null) {
+ final Iterator<String> metadataUrlInterator = allMetadataUrls.iterator();
+ while (metadataUrlInterator.hasNext()) {
+ final String metadataurl = metadataUrlInterator.next();
+ try {
+ if (StringUtils.isNotEmpty(metadataurl)) {
+ if (loadedproviders.containsKey(metadataurl)) {
+ // SAML2 SP is actually loaded, to nothing
+ providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
+ loadedproviders.remove(metadataurl);
+
+ }
+ }
+ } catch (final Throwable e) {
+ log.error("Failed to add Metadata (unhandled reason: " + e.getMessage(), e);
+
+ }
+ }
+ }
+
+ // remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
+ final Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
+ for (final HTTPMetadataProvider provider : notusedproviders) {
+ final String metadataurl = provider.getMetadataURI();
+ try {
+ provider.destroy();
+
+ /*
+ * OpenSAML ChainingMetadataProvider can not remove a MetadataProvider
+ * (UnsupportedOperationException) The ChainingMetadataProvider use internal a
+ * unmodifiableList to hold all registrated MetadataProviders.
+ */
+ // chainProvider.removeMetadataProvider(provider);
+ log.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
+
+ } catch (final Throwable e) {
+ log.error("HTTPMetadataProvider with URL " + metadataurl
+ + " can not be removed from the list of actually loaded Providers.", e);
+
+ }
+
+ }
+
+ try {
+ chainProvider.setProviders(new ArrayList<>(providersinuse.values()));
+ emitChangeEvent();
+
+ } catch (final MetadataProviderException e) {
+ log.warn(
+ "ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy",
+ e);
+
+ }
+
+ } else {
+ log.warn(
+ "ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy");
+ }
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
index 06065a82..04c1dcb8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
@@ -1,34 +1,26 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
import java.util.ArrayList;
import java.util.List;
-
import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
@@ -37,44 +29,48 @@ import org.slf4j.LoggerFactory;
/**
+ * Metadata filter-chain implementation.
+ *
* @author tlenz
*
*/
public class MetadataFilterChain implements MetadataFilter {
- private static final Logger log = LoggerFactory.getLogger(MetadataFilterChain.class);
-
-
- private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
-
- /**
- * Return all actually used Metadata filters
- *
- * @return List of Metadata filters
- */
- public List<MetadataFilter> getFilters() {
- return filters;
- }
-
- /**
- * Add a new Metadata filter to filterchain
- *
- * @param filter
- */
- public void addFilter(MetadataFilter filter) {
- filters.add(filter);
- }
-
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
- */
- @Override
- public void doFilter(XMLObject arg0) throws FilterException {
- for (MetadataFilter filter : filters) {
- log.trace("Use EAAFMetadataFilter " + filter.getClass().getName());
- filter.doFilter(arg0);
- }
+ private static final Logger log = LoggerFactory.getLogger(MetadataFilterChain.class);
+
+
+ private final List<MetadataFilter> filters = new ArrayList<>();
+
+ /**
+ * Return all actually used Metadata filters.
+ *
+ * @return List of Metadata filters
+ */
+ public List<MetadataFilter> getFilters() {
+ return filters;
+ }
+
+ /**
+ * Add a new Metadata filter to filterchain.
+ *
+ * @param filter add a metadata filter
+ */
+ public void addFilter(final MetadataFilter filter) {
+ filters.add(filter);
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(final XMLObject arg0) throws FilterException {
+ for (final MetadataFilter filter : filters) {
+ log.trace("Use EAAFMetadataFilter " + filter.getClass().getName());
+ filter.doFilter(arg0);
+ }
- }
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
index c16ca5fd..67dd1d35 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
@@ -1,37 +1,32 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
import java.io.File;
import java.net.MalformedURLException;
import java.util.Timer;
-
import javax.net.ssl.SSLHandshakeException;
-
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
import org.apache.commons.httpclient.HttpClient;
import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
@@ -42,195 +37,193 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
-
/**
+ * Simple SAML2 metadata provider.
+ *
* @author tlenz
*
*/
-public abstract class SimpleMetadataProvider implements MetadataProvider{
- private static final Logger log = LoggerFactory.getLogger(SimpleMetadataProvider.class);
-
- private static final String URI_PREFIX_HTTP = "http:";
- private static final String URI_PREFIX_HTTPS = "https:";
- private static final String URI_PREFIX_FILE = "file:";
-
-
- @Autowired
- protected IConfiguration authConfig;
-
-
- /**
- * Create a single SAML2 metadata provider
- *
- * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http
- * based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used
- * @param filter Filters, which should be used to validate the metadata
- * @param IdForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
- * @param httpClient Apache commons 3.x http client
- *
- * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
- */
- protected MetadataProvider createNewSimpleMetadataProvider(String metadataLocation, MetadataFilter filter,
- String IdForLogging, Timer timer, ParserPool pool, HttpClient httpClient) {
- if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS)) {
- if (httpClient != null)
- return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool, httpClient);
-
- else {
- log.warn("Can not load http(s) based SAML2 metadata without a HTTP client");
- return null;
- }
-
- } else {
- String absoluteMetadataLocation;
- try {
- absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
- metadataLocation,
- authConfig.getConfigurationRootDirectory());
-
- if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
- File metadataFile = new File(absoluteMetadataLocation);
- if (metadataFile.exists())
- return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
-
- else {
- log.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
- return null;
- }
-
- }
-
-
- } catch (MalformedURLException e) {
- log.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
-
- }
-
- }
-
- log.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);
- return null;
-
- }
-
-
- /**
- * Create a single SAML2 filesystem based metadata provider
- *
- * @param metadataFile File, where the metadata should be loaded
- * @param filter Filters, which should be used to validate the metadata
- * @param IdForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
- * @param pool
- *
- * @return SAML2 Metadata Provider
- */
- private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
- FilesystemMetadataProvider fileSystemProvider = null;
- try {
- fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
- fileSystemProvider.setParserPool(pool);
- fileSystemProvider.setRequireValidMetadata(true);
- fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes
- fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
- //httpProvider.setRefreshDelayFactor(0.1F);
-
- fileSystemProvider.setMetadataFilter(filter);
- fileSystemProvider.initialize();
-
- fileSystemProvider.setRequireValidMetadata(true);
-
- return fileSystemProvider;
-
- } catch (Exception e) {
- log.warn(
- "Failed to load Metadata file for "
- + IdForLogging + "[ "
- + "File: " + metadataFile.getAbsolutePath()
- + " Msg: " + e.getMessage() + " ]", e);
-
-
- log.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath()
- + " Reason: " + e.getMessage(), e);
-
- if (fileSystemProvider != null)
- fileSystemProvider.destroy();
-
- }
-
- return null;
-
- }
-
-
-
- /**
- * Create a single SAML2 HTTP metadata provider
- *
- * @param metadataURL URL, where the metadata should be loaded
- * @param filter Filters, which should be used to validate the metadata
- * @param IdForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
- * @param pool
- *
- * @return SAML2 Metadata Provider
- */
- private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool, HttpClient httpClient) {
- HTTPMetadataProvider httpProvider = null;
- try {
- httpProvider = new HTTPMetadataProvider(timer, httpClient,
- metadataURL);
- httpProvider.setParserPool(pool);
- httpProvider.setRequireValidMetadata(true);
- httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
- httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
- //httpProvider.setRefreshDelayFactor(0.1F);
-
- httpProvider.setMetadataFilter(filter);
- httpProvider.initialize();
-
- httpProvider.setRequireValidMetadata(true);
-
- return httpProvider;
-
- } catch (Throwable e) {
- if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
- log.warn("SSL-Server certificate for metadata "
- + metadataURL + " not trusted.", e);
-
- } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
- log.warn("Signature verification for metadata"
- + metadataURL + " FAILED.", e);
-
- } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
- log.warn("Schema validation for metadata "
- + metadataURL + " FAILED.", e);
- }
-
- log.warn(
- "Failed to load Metadata file for "
- + IdForLogging + "[ "
- + e.getMessage() + " ]", e);
-
- if (httpProvider != null) {
- log.debug("Destroy failed Metadata provider");
- httpProvider.destroy();
- }
-
-// if (timer != null) {
-// log.debug("Destroy Timer.");
-// timer.cancel();
-// }
-
-
- }
-
- return null;
- }
+public abstract class SimpleMetadataProvider implements MetadataProvider {
+ private static final Logger log = LoggerFactory.getLogger(SimpleMetadataProvider.class);
+
+ private static final String URI_PREFIX_HTTP = "http:";
+ private static final String URI_PREFIX_HTTPS = "https:";
+ private static final String URI_PREFIX_FILE = "file:";
+
+
+ @Autowired
+ protected IConfiguration authConfig;
+
+
+ /**
+ * Create a single SAML2 metadata provider.
+ *
+ * @param metadataLocation where the metadata should be loaded, but never null. If the location
+ * starts with http(s):, than a http based metadata provider is used. If the location
+ * starts with file:, than a filesystem based metadata provider is used
+ * @param filter Filters, which should be used to validate the metadata
+ * @param idForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param httpClient Apache commons 3.x http client
+ *
+ * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
+ */
+ protected MetadataProvider createNewSimpleMetadataProvider(final String metadataLocation,
+ final MetadataFilter filter, final String idForLogging, final Timer timer,
+ final ParserPool pool, final HttpClient httpClient) {
+ if (metadataLocation.startsWith(URI_PREFIX_HTTP)
+ || metadataLocation.startsWith(URI_PREFIX_HTTPS)) {
+ if (httpClient != null) {
+ return createNewHttpMetaDataProvider(metadataLocation, filter, idForLogging, timer, pool,
+ httpClient);
+ } else {
+ log.warn("Can not load http(s) based SAML2 metadata without a HTTP client");
+ return null;
+ }
+
+ } else {
+ String absoluteMetadataLocation;
+ try {
+ absoluteMetadataLocation =
+ FileUtils.makeAbsoluteUrl(metadataLocation, authConfig.getConfigurationRootDirectory());
+
+ if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
+ final File metadataFile = new File(absoluteMetadataLocation);
+ if (metadataFile.exists()) {
+ return createNewFileSystemMetaDataProvider(metadataFile, filter, idForLogging, timer,
+ pool);
+ } else {
+ log.warn(
+ "SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
+ return null;
+ }
+
+ }
+
+
+ } catch (final MalformedURLException e) {
+ log.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
+
+ }
+
+ }
+
+ log.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);
+ return null;
+
+ }
+
+
+ /**
+ * Create a single SAML2 filesystem based metadata provider.
+ *
+ * @param metadataFile File, where the metadata should be loaded
+ * @param filter Filters, which should be used to validate the metadata
+ * @param idForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param pool
+ *
+ * @return SAML2 Metadata Provider
+ */
+ private MetadataProvider createNewFileSystemMetaDataProvider(final File metadataFile,
+ final MetadataFilter filter, final String idForLogging, final Timer timer,
+ final ParserPool pool) {
+ FilesystemMetadataProvider fileSystemProvider = null;
+ try {
+ fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
+ fileSystemProvider.setParserPool(pool);
+ fileSystemProvider.setRequireValidMetadata(true);
+ fileSystemProvider.setMinRefreshDelay(1000 * 60 * 15); // 15 minutes
+ fileSystemProvider.setMaxRefreshDelay(1000 * 60 * 60 * 24); // 24 hours
+ // httpProvider.setRefreshDelayFactor(0.1F);
+
+ fileSystemProvider.setMetadataFilter(filter);
+ fileSystemProvider.initialize();
+
+ fileSystemProvider.setRequireValidMetadata(true);
+
+ return fileSystemProvider;
+
+ } catch (final Exception e) {
+ log.warn("Failed to load Metadata file for " + idForLogging + "[ " + "File: "
+ + metadataFile.getAbsolutePath() + " Msg: " + e.getMessage() + " ]", e);
+
+
+ log.warn("Can not initialize SAML2 metadata provider from filesystem: "
+ + metadataFile.getAbsolutePath() + " Reason: " + e.getMessage(), e);
+
+ if (fileSystemProvider != null) {
+ fileSystemProvider.destroy();
+ }
+
+ }
+
+ return null;
+
+ }
+
+
+
+ /**
+ * Create a single SAML2 HTTP metadata provider.
+ *
+ * @param metadataUrl URL, where the metadata should be loaded
+ * @param filter Filters, which should be used to validate the metadata
+ * @param idForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param pool
+ *
+ * @return SAML2 Metadata Provider
+ */
+ private MetadataProvider createNewHttpMetaDataProvider(final String metadataUrl,
+ final MetadataFilter filter, final String idForLogging, final Timer timer,
+ final ParserPool pool, final HttpClient httpClient) {
+ HTTPMetadataProvider httpProvider = null;
+ try {
+ httpProvider = new HTTPMetadataProvider(timer, httpClient, metadataUrl);
+ httpProvider.setParserPool(pool);
+ httpProvider.setRequireValidMetadata(true);
+ httpProvider.setMinRefreshDelay(1000 * 60 * 15); // 15 minutes
+ httpProvider.setMaxRefreshDelay(1000 * 60 * 60 * 24); // 24 hours
+ // httpProvider.setRefreshDelayFactor(0.1F);
+
+ httpProvider.setMetadataFilter(filter);
+ httpProvider.initialize();
+
+ httpProvider.setRequireValidMetadata(true);
+
+ return httpProvider;
+
+ } catch (final Throwable e) {
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ log.warn("SSL-Server certificate for metadata " + metadataUrl + " not trusted.", e);
+
+ }
+ if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
+ log.warn("Signature verification for metadata" + metadataUrl + " FAILED.", e);
+
+ }
+ if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+ log.warn("Schema validation for metadata " + metadataUrl + " FAILED.", e);
+ }
+
+ log.warn("Failed to load Metadata file for " + idForLogging + "[ " + e.getMessage() + " ]",
+ e);
+
+ if (httpProvider != null) {
+ log.debug("Destroy failed Metadata provider");
+ httpProvider.destroy();
+ }
+
+ // if (timer != null) {
+ // log.debug("Destroy Timer.");
+ // timer.cancel();
+ // }
+
+
+ }
+
+ return null;
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HTTPPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HTTPPostEncoderWithOwnTemplate.java
deleted file mode 100644
index 8af12acc..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HTTPPostEncoderWithOwnTemplate.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HTTPTransportUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGUIBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder;
-
-/**
- * @author tlenz
- *
- */
-public class HTTPPostEncoderWithOwnTemplate extends HTTPPostEncoder {
- private static final Logger log = LoggerFactory.getLogger(HTTPPostEncoderWithOwnTemplate.class);
-
-
- private final VelocityEngine velocityEngine;
- private final IVelocityGUIBuilderConfiguration guiConfig;
- private final IVelocityGuiFormBuilder guiBuilder;
-
- /**
- * @param engine
- * @param templateId
- */
- public HTTPPostEncoderWithOwnTemplate(IVelocityGUIBuilderConfiguration guiConfig, IVelocityGuiFormBuilder guiBuilder, VelocityEngine engine) {
- super(engine, null);
- this.velocityEngine = engine;
- this.guiConfig = guiConfig;
- this.guiBuilder = guiBuilder;
-
- }
-
- /**
- * Base64 and POST encodes the outbound message and writes it to the outbound transport.
- *
- * @param messageContext current message context
- * @param endpointURL endpoint URL to which to encode message
- *
- * @throws MessageEncodingException thrown if there is a problem encoding the message
- */
- @Override
- protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
- log.debug("Invoking Velocity template to create POST body");
- InputStream is = null;
- try {
- //build Velocity Context from GUI input paramters
- final VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig);
-
- //load template
- is = guiBuilder.getTemplateInputStream(guiConfig);
-
- //populate velocity context with SAML2 parameters
- populateVelocityContext(context, messageContext, endpointURL);
-
- //populate transport parameter
- final HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
- HTTPTransportUtils.addNoCacheHeaders(outTransport);
- HTTPTransportUtils.setUTF8Encoding(outTransport);
- HTTPTransportUtils.setContentType(outTransport, "text/html");
-
- //evaluate template and write content to response
- final Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");
- velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is)));
- out.flush();
-
- } catch (final Exception e) {
- log.error("Error invoking Velocity template", e);
- throw new MessageEncodingException("Error creating output document", e);
-
- } finally {
- if (is != null) {
- try {
- is.close();
-
- } catch (final IOException e) {
- log.error("Can NOT close GUI-Template InputStream.", e);
- }
- }
-
- }
- }
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
new file mode 100644
index 00000000..860eec64
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.binding.SAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.opensaml.ws.transport.http.HTTPTransportUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * OpenSAML2 Post-Binding encoder that uses dynamic loaded templates.
+ *
+ * @author tlenz
+ *
+ */
+public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder {
+ private static final Logger log = LoggerFactory.getLogger(HttpPostEncoderWithOwnTemplate.class);
+
+
+ private final VelocityEngine velocityEngine;
+ private final IVelocityGuiBuilderConfiguration guiConfig;
+ private final IVelocityGuiFormBuilder guiBuilder;
+
+ /**
+ * Own Post-Binding encoder.
+ *
+ * @param guiConfig GUI configuration
+ * @param guiBuilder GUI builder implementation
+ * @param engine velocity engine
+ */
+ public HttpPostEncoderWithOwnTemplate(final IVelocityGuiBuilderConfiguration guiConfig,
+ final IVelocityGuiFormBuilder guiBuilder, final VelocityEngine engine) {
+ super(engine, null);
+ this.velocityEngine = engine;
+ this.guiConfig = guiConfig;
+ this.guiBuilder = guiBuilder;
+
+ }
+
+ /**
+ * Base64 and POST encodes the outbound message and writes it to the outbound transport.
+ *
+ * @param messageContext current message context
+ * @param endpointUrl endpoint URL to which to encode message
+ *
+ * @throws MessageEncodingException thrown if there is a problem encoding the message
+ */
+ @Override
+ protected void postEncode(final SAMLMessageContext messageContext, final String endpointUrl)
+ throws MessageEncodingException {
+ log.debug("Invoking Velocity template to create POST body");
+ InputStream is = null;
+ try {
+ // build Velocity Context from GUI input paramters
+ final VelocityContext context =
+ guiBuilder.generateVelocityContextFromConfiguration(guiConfig);
+
+ // load template
+ is = guiBuilder.getTemplateInputStream(guiConfig);
+
+ // populate velocity context with SAML2 parameters
+ populateVelocityContext(context, messageContext, endpointUrl);
+
+ // populate transport parameter
+ final HTTPOutTransport outTransport =
+ (HTTPOutTransport) messageContext.getOutboundMessageTransport();
+ HTTPTransportUtils.addNoCacheHeaders(outTransport);
+ HTTPTransportUtils.setUTF8Encoding(outTransport);
+ HTTPTransportUtils.setContentType(outTransport, "text/html");
+
+ // evaluate template and write content to response
+ final Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");
+ velocityEngine.evaluate(context, out, "SAML2_POST_BINDING",
+ new BufferedReader(new InputStreamReader(is)));
+ out.flush();
+
+ } catch (final Exception e) {
+ log.error("Error invoking Velocity template", e);
+ throw new MessageEncodingException("Error creating output document", e);
+
+ } finally {
+ if (is != null) {
+ try {
+ is.close();
+
+ } catch (final IOException e) {
+ log.error("Can NOT close GUI-Template InputStream.", e);
+ }
+ }
+
+ }
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java
index 2f3912ca..d84b407f 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java
@@ -1,56 +1,53 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml;
import java.security.KeyStore;
-
import org.opensaml.xml.security.x509.X509Credential;
/**
+ * OpenSAML2 KeyStore adapter.
+ *
* @author tlenz
*
*/
-public class KeyStoreX509CredentialAdapter extends
- org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter {
-
- /**
- * @param store
- * @param alias
- * @param password
- */
- public KeyStoreX509CredentialAdapter(KeyStore store, String alias,
- char[] password) {
- super(store, alias, password);
- }
-
- public Class<? extends X509Credential> getCredentialType() {
- return X509Credential.class;
- }
-
+public class KeyStoreX509CredentialAdapter
+ extends org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter {
+
+ /**
+ * Get an OpenSAML2 keystore.
+ *
+ * @param store Java KeyStore
+ * @param alias Key alias
+ * @param password key Password
+ */
+ public KeyStoreX509CredentialAdapter(final KeyStore store, final String alias,
+ final char[] password) {
+ super(store, alias, password);
+ }
+
+ @Override
+ public Class<? extends X509Credential> getCredentialType() {
+ return X509Credential.class;
+ }
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
index 544dc9f5..2def1446 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
@@ -1,31 +1,25 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
import org.opensaml.ws.message.MessageContext;
@@ -33,49 +27,49 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
-
/**
+ * Create deflate encoded SAML2 redirect-binding informations.
+ *
* @author tlenz
*
*/
public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
- private static final Logger log = LoggerFactory.getLogger(StringRedirectDeflateEncoder.class);
-
- private String redirectURL = null;
-
- public void encode(MessageContext messageContext)
- throws MessageEncodingException {
- if (!(messageContext instanceof SAMLMessageContext)) {
- log.error("Invalid message context type, this encoder only support SAMLMessageContext");
- throw new MessageEncodingException(
- "Invalid message context type, this encoder only support SAMLMessageContext");
- }
+ private static final Logger log = LoggerFactory.getLogger(StringRedirectDeflateEncoder.class);
+
+ private String redirectUrl = null;
+
+ @Override
+ public void encode(final MessageContext messageContext) throws MessageEncodingException {
+ if (!(messageContext instanceof SAMLMessageContext)) {
+ log.error("Invalid message context type, this encoder only support SAMLMessageContext");
+ throw new MessageEncodingException(
+ "Invalid message context type, this encoder only support SAMLMessageContext");
+ }
+
+ // load default PVP security configurations
+ EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration();
+
+ final SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
+
+ final String endpointUrl = getEndpointURL(samlMsgCtx).buildURL();
- //load default PVP security configurations
- EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
-
- SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
+ setResponseDestination(samlMsgCtx.getOutboundSAMLMessage(), endpointUrl);
- String endpointURL = getEndpointURL(samlMsgCtx).buildURL();
+ removeSignature(samlMsgCtx);
- setResponseDestination(samlMsgCtx.getOutboundSAMLMessage(), endpointURL);
+ final String encodedMessage = deflateAndBase64Encode(samlMsgCtx.getOutboundSAMLMessage());
- removeSignature(samlMsgCtx);
+ redirectUrl = buildRedirectURL(samlMsgCtx, endpointUrl, encodedMessage);
+ }
- String encodedMessage = deflateAndBase64Encode(samlMsgCtx
- .getOutboundSAMLMessage());
+ /**
+ * Get generated redirect URL.
+ *
+ * @return the redirectURL
+ */
+ public String getRedirectUrl() {
+ return redirectUrl;
+ }
- redirectURL = buildRedirectURL(samlMsgCtx, endpointURL,
- encodedMessage);
- }
- /**
- * @return the redirectURL
- */
- public String getRedirectURL() {
- return redirectURL;
- }
-
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java
deleted file mode 100644
index 266b6e5f..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize;
-
-import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.xml.ConfigurationException;
-
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributeBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributeMarshaller;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributeUnmarshaller;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributesBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributesMarshaller;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributesUnmarshaller;
-
-/**
- * @author tlenz
- *
- */
-public class EAAFDefaultSAML2Bootstrap extends DefaultBootstrap {
-
- public static synchronized void bootstrap() throws ConfigurationException {
-
- initializeXMLSecurity();
-
- initializeXMLTooling();
-
- initializeArtifactBuilderFactories();
-
- initializeGlobalSecurityConfiguration();
-
- initializeParserPool();
-
- initializeESAPI();
-
- initializeExtenstions();
-
- }
-
- private static void initializeExtenstions() {
- Configuration.registerObjectProvider(
- EAAFRequestedAttribute.DEFAULT_ELEMENT_NAME,
- new EAAFRequestedAttributeBuilder(),
- new EAAFRequestedAttributeMarshaller(),
- new EAAFRequestedAttributeUnmarshaller()
- );
-
- Configuration.registerObjectProvider(
- EAAFRequestedAttributes.DEFAULT_ELEMENT_NAME,
- new EAAFRequestedAttributesBuilder(),
- new EAAFRequestedAttributesMarshaller(),
- new EAAFRequestedAttributesUnmarshaller()
- );
-
- }
-
- public static void initializeDefaultPVPConfiguration() {
- initializeGlobalSecurityConfiguration();
-
- }
-
- /**
- * Initializes the default global security configuration.
- */
- protected static void initializeGlobalSecurityConfiguration() {
- Configuration.setGlobalSecurityConfiguration(EAAFDefaultSecurityConfigurationBootstrap.buildDefaultConfig());
- }
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java
deleted file mode 100644
index ddd5b13e..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSecurityConfigurationBootstrap.java
+++ /dev/null
@@ -1,156 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.security.BasicSecurityConfiguration;
-import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
-import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
-import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.SignatureConstants;
-
-/**
- * @author tlenz
- *
- */
-public class EAAFDefaultSecurityConfigurationBootstrap extends
- DefaultSecurityConfigurationBootstrap {
-
- public static BasicSecurityConfiguration buildDefaultConfig() {
- BasicSecurityConfiguration config = new BasicSecurityConfiguration();
-
- populateSignatureParams(config);
- populateEncryptionParams(config);
- populateKeyInfoCredentialResolverParams(config);
- populateKeyInfoGeneratorManager(config);
- populateKeyParams(config);
-
- return config;
- }
-
- protected static void populateKeyInfoGeneratorManager(
- BasicSecurityConfiguration config) {
- NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
- config.setKeyInfoGeneratorManager(namedManager);
-
- namedManager.setUseDefaultManager(true);
- KeyInfoGeneratorManager defaultManager = namedManager
- .getDefaultManager();
-
- BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory();
- basicFactory.setEmitPublicKeyValue(true);
-
- X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
- x509Factory.setEmitEntityCertificate(true);
-
- defaultManager.registerFactory(basicFactory);
- defaultManager.registerFactory(x509Factory);
- }
-
- protected static void populateSignatureParams(
- BasicSecurityConfiguration config) {
-
- //use SHA256 instead of SHA1
- config.registerSignatureAlgorithmURI("RSA",
- SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
- config.registerSignatureAlgorithmURI("DSA",
- "http://www.w3.org/2000/09/xmldsig#dsa-sha1");
-
- //use SHA256 instead of SHA1
- config.registerSignatureAlgorithmURI("EC",
- SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
- //use SHA256 instead of SHA1
- config.registerSignatureAlgorithmURI("AES",
- SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-
-
- config.registerSignatureAlgorithmURI("DESede",
- SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-
- config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
- config.setSignatureHMACOutputLength(null);
-
- //use SHA256 instead of SHA1
- config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
- }
-
- protected static void populateEncryptionParams(
- BasicSecurityConfiguration config) {
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
- "http://www.w3.org/2001/04/xmlenc#aes128-cbc");
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
- "http://www.w3.org/2001/04/xmlenc#aes192-cbc");
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
- "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
-
- //support GCM mode
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
-
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM);
-
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
-
-
- config.registerDataEncryptionAlgorithmURI("DESede",
- Integer.valueOf(168),
- "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
- config.registerDataEncryptionAlgorithmURI("DESede",
- Integer.valueOf(192),
- "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
-
- config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES",
- "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-
- config.registerKeyTransportEncryptionAlgorithmURI("RSA", null,
- "DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-
- config.registerKeyTransportEncryptionAlgorithmURI("AES",
- Integer.valueOf(128), null,
- "http://www.w3.org/2001/04/xmlenc#kw-aes128");
- config.registerKeyTransportEncryptionAlgorithmURI("AES",
- Integer.valueOf(192), null,
- "http://www.w3.org/2001/04/xmlenc#kw-aes192");
- config.registerKeyTransportEncryptionAlgorithmURI("AES",
- Integer.valueOf(256), null,
- "http://www.w3.org/2001/04/xmlenc#kw-aes256");
- config.registerKeyTransportEncryptionAlgorithmURI("DESede",
- Integer.valueOf(168), null,
- "http://www.w3.org/2001/04/xmlenc#kw-tripledes");
- config.registerKeyTransportEncryptionAlgorithmURI("DESede",
- Integer.valueOf(192), null,
- "http://www.w3.org/2001/04/xmlenc#kw-tripledes");
-
- config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
- }
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java
new file mode 100644
index 00000000..9db8e5e7
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributeMarshaller;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributeUnmarshaller;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesMarshaller;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesUnmarshaller;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.xml.ConfigurationException;
+
+/**
+ * EAAF specific OpenSAML Initializer.
+ *
+ * @author tlenz
+ *
+ */
+public class EaafDefaultSaml2Bootstrap extends DefaultBootstrap {
+
+ /**
+ * OpenSAML2 bootstrap.
+ *
+ * @throws ConfigurationException In case of an error
+ */
+ public static synchronized void bootstrap() throws ConfigurationException {
+
+ initializeXMLSecurity();
+
+ initializeXMLTooling();
+
+ initializeArtifactBuilderFactories();
+
+ initializeGlobalSecurityConfiguration();
+
+ initializeParserPool();
+
+ initializeESAPI();
+
+ initializeExtenstions();
+
+ }
+
+ private static void initializeExtenstions() {
+ org.opensaml.xml.Configuration.registerObjectProvider(
+ EaafRequestedAttribute.DEFAULT_ELEMENT_NAME, new EaafRequestedAttributeBuilder(),
+ new EaafRequestedAttributeMarshaller(), new EaafRequestedAttributeUnmarshaller());
+
+ org.opensaml.xml.Configuration.registerObjectProvider(
+ EaafRequestedAttributes.DEFAULT_ELEMENT_NAME, new EaafRequestedAttributesBuilder(),
+ new EaafRequestedAttributesMarshaller(), new EaafRequestedAttributesUnmarshaller());
+
+ }
+
+ public static void initializeDefaultPvpConfiguration() {
+ initializeGlobalSecurityConfiguration();
+
+ }
+
+ /**
+ * Initializes the default global security configuration.
+ */
+ protected static void initializeGlobalSecurityConfiguration() {
+ org.opensaml.xml.Configuration.setGlobalSecurityConfiguration(
+ EaafDefaultSecurityConfigurationBootstrap.buildDefaultConfig());
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java
new file mode 100644
index 00000000..a1a7e9d2
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java
@@ -0,0 +1,141 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize;
+
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.security.BasicSecurityConfiguration;
+import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
+import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
+import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.SignatureConstants;
+
+/**
+ * EAAF specific OpenSAML2 security configuration.
+ *
+ * @author tlenz
+ *
+ */
+public class EaafDefaultSecurityConfigurationBootstrap
+ extends DefaultSecurityConfigurationBootstrap {
+
+ /**
+ * Build EAAF security configuration for OpenSAML2.
+ *
+ * @return
+ */
+ public static BasicSecurityConfiguration buildDefaultConfig() {
+ final BasicSecurityConfiguration config = new BasicSecurityConfiguration();
+
+ populateSignatureParams(config);
+ populateEncryptionParams(config);
+ populateKeyInfoCredentialResolverParams(config);
+ populateKeyInfoGeneratorManager(config);
+ populateKeyParams(config);
+
+ return config;
+ }
+
+ protected static void populateKeyInfoGeneratorManager(final BasicSecurityConfiguration config) {
+ final NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
+ config.setKeyInfoGeneratorManager(namedManager);
+
+ namedManager.setUseDefaultManager(true);
+ final KeyInfoGeneratorManager defaultManager = namedManager.getDefaultManager();
+
+ final BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory();
+ basicFactory.setEmitPublicKeyValue(true);
+
+ final X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
+ x509Factory.setEmitEntityCertificate(true);
+
+ defaultManager.registerFactory(basicFactory);
+ defaultManager.registerFactory(x509Factory);
+ }
+
+ protected static void populateSignatureParams(final BasicSecurityConfiguration config) {
+
+ // use SHA256 instead of SHA1
+ config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+
+ config.registerSignatureAlgorithmURI("DSA", "http://www.w3.org/2000/09/xmldsig#dsa-sha1");
+
+ // use SHA256 instead of SHA1
+ config.registerSignatureAlgorithmURI("EC", SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
+
+ // use SHA256 instead of SHA1
+ config.registerSignatureAlgorithmURI("AES", SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
+
+
+ config.registerSignatureAlgorithmURI("DESede", SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
+
+ config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
+ config.setSignatureHMACOutputLength(null);
+
+ // use SHA256 instead of SHA1
+ config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
+ }
+
+ protected static void populateEncryptionParams(final BasicSecurityConfiguration config) {
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
+ "http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
+ "http://www.w3.org/2001/04/xmlenc#aes192-cbc");
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
+ "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
+
+ // support GCM mode
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
+
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM);
+
+ config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
+
+
+ config.registerDataEncryptionAlgorithmURI("DESede", Integer.valueOf(168),
+ "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
+ config.registerDataEncryptionAlgorithmURI("DESede", Integer.valueOf(192),
+ "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
+
+ config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES",
+ "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+
+ config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "DESede",
+ "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
+
+ config.registerKeyTransportEncryptionAlgorithmURI("AES", Integer.valueOf(128), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-aes128");
+ config.registerKeyTransportEncryptionAlgorithmURI("AES", Integer.valueOf(192), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-aes192");
+ config.registerKeyTransportEncryptionAlgorithmURI("AES", Integer.valueOf(256), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-aes256");
+ config.registerKeyTransportEncryptionAlgorithmURI("DESede", Integer.valueOf(168), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-tripledes");
+ config.registerKeyTransportEncryptionAlgorithmURI("DESede", Integer.valueOf(192), null,
+ "http://www.w3.org/2001/04/xmlenc#kw-tripledes");
+
+ config.setAutoGeneratedDataEncryptionKeyAlgorithmURI(
+ "http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributeImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributeImpl.java
deleted file mode 100644
index ed169d8c..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributeImpl.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSBooleanValue;
-import org.opensaml.xml.util.AttributeMap;
-import org.opensaml.xml.util.XMLObjectChildrenList;
-
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
-
-public class EAAFRequestedAttributeImpl extends AbstractSAMLObject implements EAAFRequestedAttribute {
-
- private final XMLObjectChildrenList<XMLObject> attributeValues;
- private String friendlyName;
- private String isRequired;
- private String name;
- private String nameFormat;
- private AttributeMap unknownAttributes;
-
- public EAAFRequestedAttributeImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- unknownAttributes = new AttributeMap(this);
- attributeValues = new XMLObjectChildrenList<XMLObject>(this);
-
- }
-
- public final List<XMLObject> getAttributeValues() {
- return attributeValues;
- }
-
- public final String getFriendlyName() {
- return friendlyName;
- }
-
- public final String getIsRequiredXSBoolean() {
- return isRequired;
- }
-
- public final String getName() {
- return name;
- }
-
- public final String getNameFormat() {
- return nameFormat;
- }
-
- public final List<XMLObject> getOrderedChildren() {
- final List<XMLObject> children = new ArrayList<XMLObject>();
- children.addAll(attributeValues);
- return Collections.unmodifiableList(children);
- }
-
-
- public final AttributeMap getUnknownAttributes() {
- return unknownAttributes;
- }
-
-
- public final void setFriendlyName(final String newFriendlyName) {
- this.friendlyName = prepareForAssignment(this.friendlyName,
- newFriendlyName);
- }
-
-
- public final void setIsRequired(final String newIsRequired) {
- isRequired = prepareForAssignment(this.isRequired, newIsRequired);
-
- }
-
-
- public final void setName(final String newName) {
- this.name = prepareForAssignment(this.name, newName);
- }
-
-
- public final void setNameFormat(final String newNameFormat) {
- this.nameFormat = prepareForAssignment(this.nameFormat, newNameFormat);
- }
-
-
- public final void setUnknownAttributes(final AttributeMap newUnknownAttr) {
- this.unknownAttributes = newUnknownAttr;
- }
-
- @Override
- public XSBooleanValue isRequiredXSBoolean() {
- return XSBooleanValue.valueOf(isRequired);
- }
-
- @Override
- public void setIsRequired(Boolean aBoolean) {
- this.isRequired = String.valueOf(aBoolean);
- }
-
- @Override
- public void setIsRequired(XSBooleanValue xsBooleanValue) {
- this.isRequired = String.valueOf(xsBooleanValue);
- }
-
- @Override
- public Boolean isRequired() {
- return Boolean.parseBoolean(isRequired);
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributesImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributesImpl.java
deleted file mode 100644
index b85d4791..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributesImpl.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.util.IndexedXMLObjectChildrenList;
-
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
-
-public class EAAFRequestedAttributesImpl extends AbstractSAMLObject implements EAAFRequestedAttributes {
-
- private final IndexedXMLObjectChildrenList<XMLObject> indexedChildren;
-
- public EAAFRequestedAttributesImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- indexedChildren = new IndexedXMLObjectChildrenList<XMLObject>(this);
- }
-
- @Override
- public List<XMLObject> getOrderedChildren() {
- final List<XMLObject> children = new ArrayList<XMLObject>();
- children.addAll(indexedChildren);
- return Collections.unmodifiableList(children);
-
- }
-
- @Override
- public List<EAAFRequestedAttribute> getAttributes() {
- return (List<EAAFRequestedAttribute>) indexedChildren
- .subList(EAAFRequestedAttribute.DEFAULT_ELEMENT_NAME);
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java
new file mode 100644
index 00000000..1ceb5adc
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSBooleanValue;
+import org.opensaml.xml.util.AttributeMap;
+import org.opensaml.xml.util.XMLObjectChildrenList;
+
+public class EaafRequestedAttributeImpl extends AbstractSAMLObject
+ implements EaafRequestedAttribute {
+
+ private final XMLObjectChildrenList<XMLObject> attributeValues;
+ private String friendlyName;
+ private String isRequired;
+ private String name;
+ private String nameFormat;
+ private AttributeMap unknownAttributes;
+
+ /**
+ * Build an EAAF specific requested attribute.
+ *
+ * @param namespaceUri Attribute namespace
+ * @param elementLocalName Attribute name
+ * @param namespacePrefix Attribute namespace prefix
+ */
+ public EaafRequestedAttributeImpl(final String namespaceUri, final String elementLocalName,
+ final String namespacePrefix) {
+ super(namespaceUri, elementLocalName, namespacePrefix);
+ unknownAttributes = new AttributeMap(this);
+ attributeValues = new XMLObjectChildrenList<>(this);
+
+ }
+
+ @Override
+ public final List<XMLObject> getAttributeValues() {
+ return attributeValues;
+ }
+
+ @Override
+ public final String getFriendlyName() {
+ return friendlyName;
+ }
+
+ @Override
+ public final String getIsRequiredXsBoolean() {
+ return isRequired;
+ }
+
+ @Override
+ public final String getName() {
+ return name;
+ }
+
+ @Override
+ public final String getNameFormat() {
+ return nameFormat;
+ }
+
+ @Override
+ public final List<XMLObject> getOrderedChildren() {
+ final List<XMLObject> children = new ArrayList<>();
+ children.addAll(attributeValues);
+ return Collections.unmodifiableList(children);
+ }
+
+
+ @Override
+ public final AttributeMap getUnknownAttributes() {
+ return unknownAttributes;
+ }
+
+
+ @Override
+ public final void setFriendlyName(final String newFriendlyName) {
+ this.friendlyName = prepareForAssignment(this.friendlyName, newFriendlyName);
+ }
+
+
+ @Override
+ public void setIsRequired(final Boolean aboolean) {
+ this.isRequired = String.valueOf(aboolean);
+ }
+
+ @Override
+ public void setIsRequired(final XSBooleanValue xsBooleanValue) {
+ this.isRequired = String.valueOf(xsBooleanValue);
+ }
+
+ @Override
+ public final void setIsRequired(final String newIsRequired) {
+ isRequired = prepareForAssignment(this.isRequired, newIsRequired);
+
+ }
+
+
+ @Override
+ public final void setName(final String newName) {
+ this.name = prepareForAssignment(this.name, newName);
+ }
+
+
+ @Override
+ public final void setNameFormat(final String newNameFormat) {
+ this.nameFormat = prepareForAssignment(this.nameFormat, newNameFormat);
+ }
+
+
+ public final void setUnknownAttributes(final AttributeMap newUnknownAttr) {
+ this.unknownAttributes = newUnknownAttr;
+ }
+
+ @Override
+ public XSBooleanValue isRequiredXSBoolean() {
+ return XSBooleanValue.valueOf(isRequired);
+ }
+
+
+
+
+
+ @Override
+ public Boolean isRequired() {
+ return Boolean.parseBoolean(isRequired);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java
new file mode 100644
index 00000000..3b447538
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.util.IndexedXMLObjectChildrenList;
+
+public class EaafRequestedAttributesImpl extends AbstractSAMLObject
+ implements EaafRequestedAttributes {
+
+ private final IndexedXMLObjectChildrenList<XMLObject> indexedChildren;
+
+ public EaafRequestedAttributesImpl(final String namespaceUri, final String elementLocalName,
+ final String namespacePrefix) {
+ super(namespaceUri, elementLocalName, namespacePrefix);
+ indexedChildren = new IndexedXMLObjectChildrenList<>(this);
+ }
+
+ @Override
+ public List<XMLObject> getOrderedChildren() {
+ final List<XMLObject> children = new ArrayList<>();
+ children.addAll(indexedChildren);
+ return Collections.unmodifiableList(children);
+
+ }
+
+ @Override
+ public List<EaafRequestedAttribute> getAttributes() {
+ return (List<EaafRequestedAttribute>) indexedChildren
+ .subList(EaafRequestedAttribute.DEFAULT_ELEMENT_NAME);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index acc5357e..ea361f11 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -1,36 +1,32 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
-
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.KeyStoreX509CredentialAdapter;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
@@ -40,186 +36,210 @@ import org.opensaml.xml.signature.SignatureConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.KeyStoreX509CredentialAdapter;
-
public abstract class AbstractCredentialProvider {
-
- private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class);
-
- private KeyStore keyStore = null;
-
- /**
- * Get a friendlyName for this keyStore implementation
- * This friendlyName is used for logging
- *
- * @return keyStore friendlyName
- */
- public abstract String getFriendlyName();
-
- /**
- * Get KeyStore
- *
- * @return URL to the keyStore
- * @throws EAAFException
- */
- public abstract String getKeyStoreFilePath() throws EAAFException;
-
- /**
- * Get keyStore password
- *
- * @return Password of the keyStore
- */
- public abstract String getKeyStorePassword();
-
- /**
- * Get alias of key for metadata signing
- *
- * @return key alias
- */
- public abstract String getMetadataKeyAlias();
-
- /**
- * Get password of key for metadata signing
- *
- * @return key password
- */
- public abstract String getMetadataKeyPassword();
-
- /**
- * Get alias of key for request/response signing
- *
- * @return key alias
- */
- public abstract String getSignatureKeyAlias();
-
- /**
- * Get password of key for request/response signing
- *
- * @return key password
- */
- public abstract String getSignatureKeyPassword();
-
- /**
- * Get alias of key for IDP response encryption
- *
- * @return key alias
- */
- public abstract String getEncryptionKeyAlias();
-
- /**
- * Get password of key for IDP response encryption
- *
- * @return key password
- */
- public abstract String getEncryptionKeyPassword();
-
-
- public X509Credential getIDPMetaDataSigningCredential()
- throws CredentialsNotAvailableException {
- try {
-
- if (keyStore == null)
- keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(),
- getKeyStorePassword());
-
- KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(
- keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
-
- credentials.setUsageType(UsageType.SIGNING);
- if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
- log.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
- + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
-
- }
- return credentials;
- } catch (Exception e) {
- log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
- e.printStackTrace();
- throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
- }
- }
-
- public X509Credential getIDPAssertionSigningCredential()
- throws CredentialsNotAvailableException {
- try {
- if (keyStore == null)
- keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(),
- getKeyStorePassword());
-
- KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(
- keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
-
- credentials.setUsageType(UsageType.SIGNING);
- if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
- log.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
- + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
-
- }
-
- return (X509Credential) credentials;
- } catch (Exception e) {
- log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
- e.printStackTrace();
- throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
- }
- }
-
- public X509Credential getIDPAssertionEncryptionCredential()
- throws CredentialsNotAvailableException {
- try {
- if (keyStore == null)
- keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(),
- getKeyStorePassword());
-
- //if no encryption key is configured return null
- if (StringUtils.isEmpty(getEncryptionKeyAlias()))
- return null;
-
- KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(
- keyStore, getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
-
- credentials.setUsageType(UsageType.ENCRYPTION);
-
- if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
- log.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: "
- + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
-
- }
-
- return (X509Credential) credentials;
-
- } catch (Exception e) {
- log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
- e.printStackTrace();
- throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
- }
- }
-
- public static Signature getIDPSignature(Credential credentials) {
- PrivateKey privatekey = credentials.getPrivateKey();
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
-
- if (privatekey instanceof RSAPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
- } else if (privatekey instanceof ECPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
- } else {
- log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential.");
-
-
- }
-
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
- return signer;
-
- }
+
+ private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class);
+
+ private KeyStore keyStore = null;
+
+ /**
+ * Get a friendlyName for this keyStore implementation This friendlyName is used for logging.
+ *
+ * @return keyStore friendlyName
+ */
+ public abstract String getFriendlyName();
+
+ /**
+ * Get KeyStore.
+ *
+ * @return URL to the keyStore
+ * @throws EaafException In case of an invalid filepath
+ */
+ public abstract String getKeyStoreFilePath() throws EaafException;
+
+ /**
+ * Get keyStore password.
+ *
+ * @return Password of the keyStore
+ */
+ public abstract String getKeyStorePassword();
+
+ /**
+ * Get alias of key for metadata signing.
+ *
+ * @return key alias
+ */
+ public abstract String getMetadataKeyAlias();
+
+ /**
+ * Get password of key for metadata signing.
+ *
+ * @return key password
+ */
+ public abstract String getMetadataKeyPassword();
+
+ /**
+ * Get alias of key for request/response signing.
+ *
+ * @return key alias
+ */
+ public abstract String getSignatureKeyAlias();
+
+ /**
+ * Get password of key for request/response signing.
+ *
+ * @return key password
+ */
+ public abstract String getSignatureKeyPassword();
+
+ /**
+ * Get alias of key for IDP response encryption.
+ *
+ * @return key alias
+ */
+ public abstract String getEncryptionKeyAlias();
+
+ /**
+ * Get password of key for IDP response encryption.
+ *
+ * @return key password
+ */
+ public abstract String getEncryptionKeyPassword();
+
+
+ /**
+ * Get Credentials to sign metadata.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of a credential error
+ */
+ public X509Credential getIdpMetaDataSigningCredential() throws CredentialsNotAvailableException {
+ try {
+
+ if (keyStore == null) {
+ keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
+ }
+
+ final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+ getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
+
+ credentials.setUsageType(UsageType.SIGNING);
+ if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
+ log.error(getFriendlyName()
+ + " Metadata Signing credentials is not found or contains no PrivateKey.");
+ throw new CredentialsNotAvailableException("config.27",
+ new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: "
+ + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
+
+ }
+ return credentials;
+ } catch (final Exception e) {
+ log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
+ e.printStackTrace();
+ throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e);
+ }
+ }
+
+ /**
+ * Get Credentials to sign Assertion.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of a credential error
+ */
+ public X509Credential getIdpAssertionSigningCredential() throws CredentialsNotAvailableException {
+ try {
+ if (keyStore == null) {
+ keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
+ }
+
+ final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+ getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
+
+ credentials.setUsageType(UsageType.SIGNING);
+ if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
+ log.error(getFriendlyName()
+ + " Assertion Signing credentials is not found or contains no PrivateKey.");
+ throw new CredentialsNotAvailableException("config.27",
+ new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: "
+ + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
+
+ }
+
+ return credentials;
+ } catch (final Exception e) {
+ log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
+ e.printStackTrace();
+ throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e);
+ }
+ }
+
+ /**
+ * Get Credentials to encrypt assertion.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of a credential error
+ */
+ public X509Credential getIdpAssertionEncryptionCredential()
+ throws CredentialsNotAvailableException {
+ try {
+ if (keyStore == null) {
+ keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
+ }
+
+ // if no encryption key is configured return null
+ if (StringUtils.isEmpty(getEncryptionKeyAlias())) {
+ return null;
+ }
+
+ final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+ getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
+
+ credentials.setUsageType(UsageType.ENCRYPTION);
+
+ if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
+ log.error(getFriendlyName()
+ + " Assertion Encryption credentials is not found or contains no PrivateKey.");
+ throw new CredentialsNotAvailableException("config.27",
+ new Object[] {getFriendlyName() + " Assertion Encryption credentials (Alias: "
+ + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
+
+ }
+
+ return credentials;
+
+ } catch (final Exception e) {
+ log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
+ e.printStackTrace();
+ throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e);
+ }
+ }
+
+ /**
+ * Get an XML signature object.
+ *
+ * @param credentials Credentials for signing
+ * @return OpenSAML Signature object
+ */
+ public static Signature getIdpSignature(final Credential credentials) {
+ final PrivateKey privatekey = credentials.getPrivateKey();
+ final Signature signer = Saml2Utils.createSamlObject(Signature.class);
+
+ if (privatekey instanceof RSAPrivateKey) {
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+
+ } else if (privatekey instanceof ECPrivateKey) {
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
+
+ } else {
+ log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId()
+ + " credential.");
+
+
+ }
+
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(credentials);
+ return signer;
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java
deleted file mode 100644
index 8e7183d3..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
-
-import java.util.List;
-
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egiz.eaaf.modules.pvp2.exception.QAANotAllowedException;
-
-/**
- * @author tlenz
- *
- */
-public class QAALevelVerifier {
-
- private static final Logger log = LoggerFactory.getLogger(QAALevelVerifier.class);
-
- private static boolean verifyQAALevel(String qaaAuth, String requiredLoA, String matchingMode) throws QAANotAllowedException {
- //to MINIMUM machting
- if (EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) {
- log.trace("Perfom LoA matching in 'MINIMUM' mode ... ");
- if (EAAFConstants.EIDAS_LOA_LOW.equals(requiredLoA) &&
- (EAAFConstants.EIDAS_LOA_LOW.equals(qaaAuth) ||
- EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) ||
- EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))
- )
- return true;
-
- else if (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA) &&
- (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) ||
- EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))
- )
- return true;
-
- else if (EAAFConstants.EIDAS_LOA_HIGH.equals(requiredLoA) && EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))
- return true;
-
- } else if (EAAFConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) {
- //to EXACT matching
- log.trace("Perfom LoA matching in 'EXACT' mode ... ");
- if (qaaAuth.equals(requiredLoA)) {
- log.debug("Required LoA fits LoA from authentication. Continue auth process ... ");
- return true;
-
- }
-
- } else {
- log.warn("LoA matching-mode:" + matchingMode + " is NOT supported by this implementation");
- throw new QAANotAllowedException(qaaAuth, requiredLoA, matchingMode);
-
- }
-
- return false;
-
- }
-
- public static void verifyQAALevel(String qaaAuth, List<String> requiredLoAs, String matchingMode) throws QAANotAllowedException {
- log.trace("Starting LoA verification: authLoA: " + qaaAuth
- + " requiredLoA: " + StringUtils.join(requiredLoAs, "|")
- + " matchingMode: " + matchingMode);
-
- boolean hasMatch = false;
- for (String loa : requiredLoAs) {
- if (verifyQAALevel(qaaAuth, loa, matchingMode))
- hasMatch = true;
-
- }
-
- if (!hasMatch)
- throw new QAANotAllowedException(qaaAuth, StringUtils.join(requiredLoAs, "|"), matchingMode);
-
- else
- log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... ");
-
- }
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java
new file mode 100644
index 00000000..876fa744
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
+
+import java.util.List;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * EAAF LoA Level verifier checks if requested LoA matchs to LoA of authentication.
+ *
+ *
+ * @author tlenz
+ *
+ */
+public class QaaLevelVerifier {
+
+ private static final Logger log = LoggerFactory.getLogger(QaaLevelVerifier.class);
+
+ private static boolean verifyQaaLevel(final String qaaAuth, final String requiredLoA,
+ final String matchingMode) throws QaaNotAllowedException {
+ // to MINIMUM machting
+ if (EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) {
+ log.trace("Perfom LoA matching in 'MINIMUM' mode ... ");
+ if (EAAFConstants.EIDAS_LOA_LOW.equals(requiredLoA)
+ && (EAAFConstants.EIDAS_LOA_LOW.equals(qaaAuth)
+ || EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth)
+ || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) {
+ return true;
+ } else if (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA)
+ && (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth)
+ || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) {
+ return true;
+ } else if (EAAFConstants.EIDAS_LOA_HIGH.equals(requiredLoA)
+ && EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) {
+ return true;
+ }
+
+ } else if (EAAFConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) {
+ // to EXACT matching
+ log.trace("Perfom LoA matching in 'EXACT' mode ... ");
+ if (qaaAuth.equals(requiredLoA)) {
+ log.debug("Required LoA fits LoA from authentication. Continue auth process ... ");
+ return true;
+
+ }
+
+ } else {
+ log.warn("LoA matching-mode:" + matchingMode + " is NOT supported by this implementation");
+ throw new QaaNotAllowedException(qaaAuth, requiredLoA, matchingMode);
+
+ }
+
+ return false;
+
+ }
+
+ /**
+ * Check LoA level.
+ *
+ * @param qaaAuth LoA of authentication
+ * @param requiredLoAs List of allowed LoA levels
+ * @param matchingMode LoA matching mode
+ * @throws QaaNotAllowedException If LoA does not match
+ */
+ public static void verifyQaaLevel(final String qaaAuth, final List<String> requiredLoAs,
+ final String matchingMode) throws QaaNotAllowedException {
+ log.trace("Starting LoA verification: authLoA: " + qaaAuth + " requiredLoA: "
+ + StringUtils.join(requiredLoAs, "|") + " matchingMode: " + matchingMode);
+
+ boolean hasMatch = false;
+ for (final String loa : requiredLoAs) {
+ if (verifyQaaLevel(qaaAuth, loa, matchingMode)) {
+ hasMatch = true;
+ }
+
+ }
+
+ if (!hasMatch) {
+ throw new QaaNotAllowedException(qaaAuth, StringUtils.join(requiredLoAs, "|"), matchingMode);
+ } else {
+ log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... ");
+ }
+
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java
deleted file mode 100644
index d33ee6c6..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java
+++ /dev/null
@@ -1,201 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
-
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.Configuration;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.soap.soap11.Body;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.XMLObjectBuilderFactory;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
-
-public class SAML2Utils {
- private static final Logger log = LoggerFactory.getLogger(SAML2Utils.class);
-
- public static <T> T createSAMLObject(final Class<T> clazz) {
- try {
- XMLObjectBuilderFactory builderFactory = Configuration
- .getBuilderFactory();
-
- QName defaultElementName = (QName) clazz.getDeclaredField(
- "DEFAULT_ELEMENT_NAME").get(null);
- @SuppressWarnings("unchecked")
- T object = (T) builderFactory.getBuilder(defaultElementName)
- .buildObject(defaultElementName);
- return object;
- } catch (Throwable e) {
- e.printStackTrace();
- return null;
- }
- }
-
- public static String getSecureIdentifier() {
- return "_".concat(Random.nextHexRandom16());
-
- /*Bug-Fix: There are open problems with RandomNumberGenerator via Java SPI and Java JDK 8.121
- * Generation of a 16bit Random identifier FAILES with an Caused by: java.lang.ArrayIndexOutOfBoundsException
- * Caused by: java.lang.ArrayIndexOutOfBoundsException
- at iaik.security.random.o.engineNextBytes(Unknown Source)
- at iaik.security.random.SecRandomSpi.engineNextBytes(Unknown Source)
- at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
- at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:62)
- at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56)
- at at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils.getSecureIdentifier(SAML2Utils.java:69)
- */
- //return idGenerator.generateIdentifier();
- }
-
- private static SecureRandomIdentifierGenerator idGenerator;
-
- private static DocumentBuilder builder;
- static {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- try {
- builder = factory.newDocumentBuilder();
- } catch (ParserConfigurationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- try {
- idGenerator = new SecureRandomIdentifierGenerator();
- } catch(NoSuchAlgorithmException e) {
- e.printStackTrace();
- }
- }
-
- public static Document asDOMDocument(XMLObject object) throws IOException,
- MarshallingException, TransformerException {
- Document document = builder.newDocument();
- Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
- object);
- out.marshall(object, document);
- return document;
- }
-
- public static Status getSuccessStatus() {
- Status status = SAML2Utils.createSAMLObject(Status.class);
- StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
- statusCode.setValue(StatusCode.SUCCESS_URI);
- status.setStatusCode(statusCode);
- return status;
- }
-
- public static int getDefaultAssertionConsumerServiceIndex(SPSSODescriptor spSSODescriptor) {
-
- List<AssertionConsumerService> assertionConsumerList = spSSODescriptor.getAssertionConsumerServices();
-
- for (AssertionConsumerService el : assertionConsumerList) {
- if (el.isDefault())
- return el.getIndex();
-
- }
-
- return 0;
- }
-
- public static Envelope buildSOAP11Envelope(XMLObject payload) {
- XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
- Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME);
- Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME);
-
- body.getUnknownXMLObjects().add(payload);
- envelope.setBody(body);
-
- return envelope;
- }
-
- public static EAAFRequestedAttribute generateReqAuthnAttributeSimple(Attribute attr, boolean isRequired, String value) {
- EAAFRequestedAttribute requested = SAML2Utils.createSAMLObject(EAAFRequestedAttribute.class);
- requested.setName(attr.getName());
- requested.setNameFormat(attr.getNameFormat());
- requested.setFriendlyName(attr.getFriendlyName());
- requested.setIsRequired(String.valueOf(isRequired));
- List<XMLObject> attributeValues = requested.getAttributeValues();
- if (StringUtils.isNotEmpty(value)) {
- XMLObject attributeValueForRequest = createAttributeValue(PVPConstants.EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE, value);
- attributeValues.add(attributeValueForRequest);
- }
- return requested;
-
- }
-
- public static void schemeValidation(XMLObject xmlObject) throws Exception {
- try {
- Schema test = SAMLSchemaBuilder.getSAML11Schema();
- Validator val = test.newValidator();
- DOMSource source = new DOMSource(xmlObject.getDOM());
- val.validate(source);
- log.debug("SAML2 Scheme validation successful");
- return;
-
- } catch (Exception e) {
- log.warn("SAML2 scheme validation FAILED.", e);
- throw e;
-
- }
- }
-
- private static XMLObject createAttributeValue(QName attributeValueType, String value) {
- XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
- XSString stringValue = stringBuilder.buildObject(attributeValueType, XSString.TYPE_NAME);
- stringValue.setValue(value);
- return stringValue;
-
- }
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
new file mode 100644
index 00000000..1c7a9652
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
@@ -0,0 +1,247 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
+
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.util.List;
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.Validator;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.ws.soap.soap11.Body;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+
+public class Saml2Utils {
+ private static final Logger log = LoggerFactory.getLogger(Saml2Utils.class);
+
+ private static SecureRandomIdentifierGenerator idGenerator;
+
+ private static DocumentBuilder builder;
+
+ static {
+ final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+
+ try {
+ builder = factory.newDocumentBuilder();
+
+ } catch (final ParserConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ try {
+ idGenerator = new SecureRandomIdentifierGenerator();
+
+ } catch (final NoSuchAlgorithmException e) {
+ e.printStackTrace();
+
+ }
+ }
+
+ /**
+ * Create a SAML2 object.
+ *
+ * @param <T> SAML2 object class
+ * @param clazz object class
+ * @return SAML2 object
+ */
+ public static <T> T createSamlObject(final Class<T> clazz) {
+ try {
+ final XMLObjectBuilderFactory builderFactory =
+ org.opensaml.xml.Configuration.getBuilderFactory();
+
+ final QName defaultElementName =
+ (QName) clazz.getDeclaredField("DEFAULT_ELEMENT_NAME").get(null);
+ @SuppressWarnings("unchecked")
+ final T object =
+ (T) builderFactory.getBuilder(defaultElementName).buildObject(defaultElementName);
+ return object;
+ } catch (final Throwable e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Get a new SAML2 conform random value.
+ *
+ * @return
+ */
+ public static String getSecureIdentifier() {
+ return "_".concat(Random.nextHexRandom16());
+
+ }
+
+
+ /**
+ * Transform SAML2 Object to Element.
+ *
+ * @param object SAML2 object
+ * @return Element
+ * @throws IOException In case of an transformation error
+ * @throws MarshallingException In case of an transformation error
+ * @throws TransformerException In case of an transformation error
+ */
+ public static Document asDomDocument(final XMLObject object)
+ throws IOException, MarshallingException, TransformerException {
+ final Document document = builder.newDocument();
+ final Marshaller out =
+ org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(object);
+ out.marshall(object, document);
+ return document;
+ }
+
+ /**
+ * Build success status element.
+ *
+ * @return
+ */
+ public static Status getSuccessStatus() {
+ final Status status = Saml2Utils.createSamlObject(Status.class);
+ final StatusCode statusCode = Saml2Utils.createSamlObject(StatusCode.class);
+ statusCode.setValue(StatusCode.SUCCESS_URI);
+ status.setStatusCode(statusCode);
+ return status;
+ }
+
+ /**
+ * Get AssertionConsumerService Index from metadata element.
+ *
+ * @param spSsoDescriptor metadata element
+ * @return
+ */
+ public static int getDefaultAssertionConsumerServiceIndex(final SPSSODescriptor spSsoDescriptor) {
+
+ final List<AssertionConsumerService> assertionConsumerList =
+ spSsoDescriptor.getAssertionConsumerServices();
+
+ for (final AssertionConsumerService el : assertionConsumerList) {
+ if (el.isDefault()) {
+ return el.getIndex();
+ }
+
+ }
+
+ return 0;
+ }
+
+ /**
+ * Build SOAP11 body from SAML2 object.
+ *
+ * @param payload SAML2 object
+ * @return
+ */
+ public static Envelope buildSoap11Envelope(final XMLObject payload) {
+ final XMLObjectBuilderFactory bf = org.opensaml.xml.Configuration.getBuilderFactory();
+ final Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME)
+ .buildObject(Envelope.DEFAULT_ELEMENT_NAME);
+ final Body body =
+ (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME);
+
+ body.getUnknownXMLObjects().add(payload);
+ envelope.setBody(body);
+
+ return envelope;
+ }
+
+ /**
+ * Generate EAAF specific requested attribute.
+ *
+ * @param attr SAML2 attribute definition
+ * @param isRequired is-mandatory flag
+ * @param value Attribute value
+ * @return
+ */
+ public static EaafRequestedAttribute generateReqAuthnAttributeSimple(final Attribute attr,
+ final boolean isRequired, final String value) {
+ final EaafRequestedAttribute requested =
+ Saml2Utils.createSamlObject(EaafRequestedAttribute.class);
+ requested.setName(attr.getName());
+ requested.setNameFormat(attr.getNameFormat());
+ requested.setFriendlyName(attr.getFriendlyName());
+ requested.setIsRequired(String.valueOf(isRequired));
+ final List<XMLObject> attributeValues = requested.getAttributeValues();
+ if (StringUtils.isNotEmpty(value)) {
+ final XMLObject attributeValueForRequest =
+ createAttributeValue(PvpConstants.EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE, value);
+ attributeValues.add(attributeValueForRequest);
+ }
+ return requested;
+
+ }
+
+ /**
+ * Perform XML schema-validation on SAML2 object.
+ *
+ * @param xmlObject SAML2 object
+ * @throws Exception In case of a validation error
+ */
+ public static void schemeValidation(final XMLObject xmlObject) throws Exception {
+ try {
+ final Schema test = SAMLSchemaBuilder.getSAML11Schema();
+ final Validator val = test.newValidator();
+ final DOMSource source = new DOMSource(xmlObject.getDOM());
+ val.validate(source);
+ log.debug("SAML2 Scheme validation successful");
+ return;
+
+ } catch (final Exception e) {
+ log.warn("SAML2 scheme validation FAILED.", e);
+ throw e;
+
+ }
+ }
+
+ private static XMLObject createAttributeValue(final QName attributeValueType,
+ final String value) {
+ final XSStringBuilder stringBuilder = (XSStringBuilder) org.opensaml.xml.Configuration
+ .getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ final XSString stringValue = stringBuilder.buildObject(attributeValueType, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+ return stringValue;
+
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EAAFURICompare.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EAAFURICompare.java
deleted file mode 100644
index 30b7dcf9..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EAAFURICompare.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.validation;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-public class EAAFURICompare implements URIComparator {
- private static final Logger log = LoggerFactory.getLogger(EAAFURICompare.class);
-
- private String serviceURL = "";
-
- /**
- *
- *
- * @param serviceURL public URL of the PVP S-Profile endpoint
- */
- public EAAFURICompare(String serviceURL) {
- this.serviceURL = serviceURL;
- }
-
- public boolean compare(String uri1, String uri2) {
- if (this.serviceURL.equals(uri1))
- return true;
-
- else {
- log.warn("PVP request destination-endpoint: " + uri1
- + " does not match to IDP endpoint:" + serviceURL);
- return false;
-
- }
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java
new file mode 100644
index 00000000..fcee2382
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.validation;
+
+import org.opensaml.common.binding.decoding.URIComparator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+public class EaafUriCompare implements URIComparator {
+ private static final Logger log = LoggerFactory.getLogger(EaafUriCompare.class);
+
+ private String serviceUrl = "";
+
+ /**
+ * SAML2 URL comperator.
+ *
+ * @param serviceUrl public URL of the PVP S-Profile endpoint
+ */
+ public EaafUriCompare(final String serviceUrl) {
+ this.serviceUrl = serviceUrl;
+ }
+
+ @Override
+ public boolean compare(final String uri1, final String uri2) {
+ if (this.serviceUrl.equals(uri1)) {
+ return true;
+ } else {
+ log.warn("PVP request destination-endpoint: " + uri1 + " does not match to IDP endpoint:"
+ + serviceUrl);
+ return false;
+
+ }
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java
index 18ee5797..d8ae95a0 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java
@@ -1,34 +1,26 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.validation;
import java.util.ArrayList;
import java.util.List;
-
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
@@ -42,24 +34,31 @@ import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
public class TrustEngineFactory {
- public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(MetadataProvider provider) {
- MetadataCredentialResolver resolver;
+ /**
+ * Get OpenSAML2 TrustEngine.
+ *
+ * @param provider Metadata provider
+ * @return
+ */
+ public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(
+ final MetadataProvider provider) {
+ MetadataCredentialResolver resolver;
- resolver = new MetadataCredentialResolver(provider);
+ resolver = new MetadataCredentialResolver(provider);
- List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
- keyInfoProvider.add(new DSAKeyValueProvider());
- keyInfoProvider.add(new RSAKeyValueProvider());
- keyInfoProvider.add(new InlineX509DataProvider());
+ final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>();
+ keyInfoProvider.add(new DSAKeyValueProvider());
+ keyInfoProvider.add(new RSAKeyValueProvider());
+ keyInfoProvider.add(new InlineX509DataProvider());
- KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
- keyInfoProvider);
+ final KeyInfoCredentialResolver keyInfoResolver =
+ new BasicProviderKeyInfoCredentialResolver(keyInfoProvider);
- ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
- resolver, keyInfoResolver);
+ final ExplicitKeySignatureTrustEngine engine =
+ new ExplicitKeySignatureTrustEngine(resolver, keyInfoResolver);
- return engine;
+ return engine;
- }
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java
index 424c4431..40cbdeb0 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java
@@ -1,35 +1,30 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
@@ -37,118 +32,117 @@ import org.opensaml.xml.XMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
-
public abstract class AbstractMetadataSignatureFilter implements MetadataFilter {
- private static final Logger log = LoggerFactory.getLogger(AbstractMetadataSignatureFilter.class);
-
- public void doFilter(XMLObject metadata) throws SignatureValidationException {
- try {
- if (metadata instanceof EntitiesDescriptor) {
- EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
- if(entitiesDescriptor.getSignature() == null) {
- throw new PVP2MetadataException("pvp2.26",
- new Object[] {"Root element of metadata file has to be signed"});
- }
- processEntitiesDescriptor(entitiesDescriptor);
-
-
- if (entitiesDescriptor.getEntityDescriptors().size() == 0) {
- throw new PVP2MetadataException("pvp2.26",
- new Object[] {"No valid entity in metadata " + entitiesDescriptor.getName()});
- }
-
-
- } else if (metadata instanceof EntityDescriptor) {
- EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
- processEntityDescriptorr(entityDescriptor);
-
- } else
- throw new PVP2MetadataException("pvp2.26",
- new Object[] {"Invalid Metadata file Root element is unknown"});
-
-
-
- log.info("Metadata signature policy check done OK");
- } catch (EAAFException e) {
- log.warn("Metadata signature policy check FAILED.", e);
- throw new SignatureValidationException(e);
-
- }
- }
-
- /**
- * Signature verification of a SAML2 EntityDescriptor element
- *
- * @param desc
- * @throws PVP2MetadataException if the signature is not valid or can not verified
- */
- protected abstract void verify(EntityDescriptor desc) throws PVP2MetadataException;
-
- /**
- * Signature verification of a SAML2 EntitiesDescriptor element
- *
- * @param desc
- * @throws PVP2MetadataException if the signature is not valid or can not verified
- */
- protected abstract void verify(EntitiesDescriptor desc) throws PVP2MetadataException;
-
- /**
- * Verify a EntityDescriptor element of an EntitiesDescriptor
- *
- * @param entity EntityDescriptor to verify
- * @param desc Full EntitiesDescriptor that contains the EntityDescriptor
- * @throws PVP2MetadataException
- */
- protected abstract void verify(EntityDescriptor entity, EntitiesDescriptor desc) throws PVP2MetadataException;
-
-
- private void processEntityDescriptorr(EntityDescriptor desc) throws EAAFException {
- verify(desc);
-
- }
-
- private void processEntitiesDescriptor(EntitiesDescriptor desc) throws EAAFException {
- Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
-
- if(desc.getSignature() != null) {
- verify(desc);
-
- }
-
- while(entID.hasNext()) {
- processEntitiesDescriptor(entID.next());
- }
-
- Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
- List<EntityDescriptor> verifiedEntIT = new ArrayList<EntityDescriptor>();
-
- //check every Entity
- while(entIT.hasNext()) {
- EntityDescriptor entity = entIT.next();
- log.debug("Validate metadata for entityID: " + entity.getEntityID() + " ..... ");
- try {
- verify(entity, desc);
-
- //add entity to verified entity-list
- verifiedEntIT.add(entity);
- log.debug("Metadata for entityID: " + entity.getEntityID() + " valid");
-
-
- } catch (Exception e) {
- //remove entity of signature can not be verified.
- log.info("Entity " + entity.getEntityID() + " is removed from metadata "
- + desc.getName() + ". Entity verification error: " + e.getMessage());
-
- }
-
- }
-
- //set only verified entity elements
- desc.getEntityDescriptors().clear();
- desc.getEntityDescriptors().addAll(verifiedEntIT);
- }
+ private static final Logger log = LoggerFactory.getLogger(AbstractMetadataSignatureFilter.class);
+
+ @Override
+ public void doFilter(final XMLObject metadata) throws SignatureValidationException {
+ try {
+ if (metadata instanceof EntitiesDescriptor) {
+ final EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
+ if (entitiesDescriptor.getSignature() == null) {
+ throw new Pvp2MetadataException("pvp2.26",
+ new Object[] {"Root element of metadata file has to be signed"});
+ }
+ processEntitiesDescriptor(entitiesDescriptor);
+
+
+ if (entitiesDescriptor.getEntityDescriptors().size() == 0) {
+ throw new Pvp2MetadataException("pvp2.26",
+ new Object[] {"No valid entity in metadata " + entitiesDescriptor.getName()});
+ }
+
+
+ } else if (metadata instanceof EntityDescriptor) {
+ final EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
+ processEntityDescriptorr(entityDescriptor);
+
+ } else {
+ throw new Pvp2MetadataException("pvp2.26",
+ new Object[] {"Invalid Metadata file Root element is unknown"});
+ }
+
+
+
+ log.info("Metadata signature policy check done OK");
+ } catch (final EaafException e) {
+ log.warn("Metadata signature policy check FAILED.", e);
+ throw new SignatureValidationException(e);
+
+ }
+ }
+
+ /**
+ * Signature verification of a SAML2 EntityDescriptor element.
+ *
+ * @param desc EntityDescriptor
+ * @throws Pvp2MetadataException if the signature is not valid or can not verified
+ */
+ protected abstract void verify(EntityDescriptor desc) throws Pvp2MetadataException;
+
+ /**
+ * Signature verification of a SAML2 EntitiesDescriptor element.
+ *
+ * @param desc EntitiesDescriptor
+ * @throws Pvp2MetadataException if the signature is not valid or can not verified
+ */
+ protected abstract void verify(EntitiesDescriptor desc) throws Pvp2MetadataException;
+
+ /**
+ * Verify a EntityDescriptor element of an EntitiesDescriptor.
+ *
+ * @param entity EntityDescriptor to verify
+ * @param desc Full EntitiesDescriptor that contains the EntityDescriptor
+ * @throws Pvp2MetadataException In case of an verification error
+ */
+ protected abstract void verify(EntityDescriptor entity, EntitiesDescriptor desc)
+ throws Pvp2MetadataException;
+
+
+ private void processEntityDescriptorr(final EntityDescriptor desc) throws EaafException {
+ verify(desc);
+
+ }
+
+ private void processEntitiesDescriptor(final EntitiesDescriptor desc) throws EaafException {
+ final Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
+
+ if (desc.getSignature() != null) {
+ verify(desc);
+
+ }
+
+ while (entID.hasNext()) {
+ processEntitiesDescriptor(entID.next());
+ }
+
+ final Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+ final List<EntityDescriptor> verifiedEntIT = new ArrayList<>();
+
+ // check every Entity
+ while (entIT.hasNext()) {
+ final EntityDescriptor entity = entIT.next();
+ log.debug("Validate metadata for entityID: " + entity.getEntityID() + " ..... ");
+ try {
+ verify(entity, desc);
+
+ // add entity to verified entity-list
+ verifiedEntIT.add(entity);
+ log.debug("Metadata for entityID: " + entity.getEntityID() + " valid");
+
+
+ } catch (final Exception e) {
+ // remove entity of signature can not be verified.
+ log.info("Entity " + entity.getEntityID() + " is removed from metadata " + desc.getName()
+ + ". Entity verification error: " + e.getMessage());
+
+ }
+
+ }
+
+ // set only verified entity elements
+ desc.getEntityDescriptors().clear();
+ desc.getEntityDescriptors().addAll(verifiedEntIT);
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java
deleted file mode 100644
index 87ab31fb..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java
+++ /dev/null
@@ -1,236 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.samlext.saml2mdattr.EntityAttributes;
-import org.opensaml.xml.XMLObject;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import at.gv.egiz.eaaf.core.impl.data.Trible;
-import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
-import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
-
-/**
- * @author tlenz
- *
- */
-public class PVPEntityCategoryFilter implements MetadataFilter {
- private static final Logger log = LoggerFactory.getLogger(PVPEntityCategoryFilter.class);
-
- private boolean isUsed = false;
-
- /**
- * Filter to map PVP EntityCategories into a set of single PVP attributes
- *
- * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
- *
- */
- public PVPEntityCategoryFilter(boolean isUsed) {
- this.isUsed = isUsed;
- }
-
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
- */
- @Override
- public void doFilter(XMLObject metadata) throws FilterException {
-
- if (isUsed) {
- log.trace("Map PVP EntityCategory to single PVP Attributes ... ");
- String entityId = null;
- try {
- if (metadata instanceof EntitiesDescriptor) {
- log.trace("Find EnitiesDescriptor ... ");
- EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
- if (entitiesDesc.getEntityDescriptors() != null) {
- for (EntityDescriptor el : entitiesDesc.getEntityDescriptors())
- resolveEntityCategoriesToAttributes(el);
-
- }
-
- } else if (metadata instanceof EntityDescriptor) {
- log.trace("Find EntityDescriptor");
- resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
-
-
- } else
- throw new PVP2MetadataException("pvp2.26",
- new Object[] {"Invalid Metadata file Root element is no Entities- or EntityDescriptor"});
-
-
-
- } catch (Exception e) {
- log.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
-
- }
-
- } else
- log.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
-
- }
-
- private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
- log.debug("Resolving EntityCategorie for Entity: " + metadata.getEntityID() + " ...");
- Extensions extensions = metadata.getExtensions();
- if (extensions != null) {
- List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
- if (listOfExt != null && !listOfExt.isEmpty()) {
- log.trace("Find #" + listOfExt.size() + " 'Extension' elements ");
- for (XMLObject el : listOfExt) {
- log.trace("Find ExtensionElement: " + el.getElementQName().toString());
- if (el instanceof EntityAttributes) {
- EntityAttributes entityAttrElem = (EntityAttributes)el;
- if (entityAttrElem.getAttributes() != null) {
- log.trace("Find EntityAttributes. Start attribute processing ...");
- for (Attribute entityAttr : entityAttrElem.getAttributes()) {
- if (entityAttr.getName().equals(PVPConstants.ENTITY_CATEGORY_ATTRIBITE)) {
- if (!entityAttr.getAttributeValues().isEmpty()) {
- String entityAttrValue = entityAttr.getAttributeValues().get(0).getDOM().getTextContent();
- if (PVPConstants.EGOVTOKEN.equals(entityAttrValue)) {
- log.debug("Find 'EGOVTOKEN' EntityAttribute. Adding single pvp attributes ... ");
- addAttributesToEntityDescriptor(metadata,
- buildAttributeList(PVPConstants.EGOVTOKEN_PVP_ATTRIBUTES),
- entityAttrValue);
-
-
- } else if (PVPConstants.CITIZENTOKEN.equals(entityAttrValue)) {
- log.debug("Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... ");
- addAttributesToEntityDescriptor(metadata,
- buildAttributeList(PVPConstants.CITIZENTOKEN_PVP_ATTRIBUTES),
- entityAttrValue);
-
- } else
- log.info("EntityAttributeValue: " + entityAttrValue + " is UNKNOWN!");
-
- } else
- log.info("EntityAttribute: No attribute value");
-
- } else
- log.info("EntityAttribute: " + entityAttr.getName() + " is NOT supported");
-
- }
-
- } else
- log.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
-
- }
- }
-
- } else
- log.trace("'Extension' element is 'null' or empty");
-
- } else
- log.trace("No 'Extension' element found");
-
- }
-
- /**
- * @param metadata
- * @param attrList
- */
- private void addAttributesToEntityDescriptor(EntityDescriptor metadata, List<RequestedAttribute> attrList, String entityAttr) {
- SPSSODescriptor spSSODesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
- if (spSSODesc != null) {
- if (spSSODesc.getAttributeConsumingServices() == null ||
- spSSODesc.getAttributeConsumingServices().isEmpty()) {
- log.trace("No 'AttributeConsumingServices' found. Added it ...");
-
- AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);
- attributeService.setIndex(0);
- attributeService.setIsDefault(true);
- ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
- serviceName.setName(new LocalizedString("Default Service", "en"));
- attributeService.getNames().add(serviceName);
-
- if (attrList != null && !attrList.isEmpty()) {
- attributeService.getRequestAttributes().addAll(attrList);
- log.info("Add " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr);
-
- }
-
- spSSODesc.getAttributeConsumingServices().add(attributeService);
-
- } else {
- log.debug("Find 'AttributeConsumingServices'. Starting updating process ... ");
- for (AttributeConsumingService el : spSSODesc.getAttributeConsumingServices()) {
- log.debug("Update 'AttributeConsumingService' with Index: " + el.getIndex());
-
- //load currently requested attributes
- List<String> currentlyReqAttr = new ArrayList<String>();
- for (RequestedAttribute reqAttr : el.getRequestAttributes())
- currentlyReqAttr.add(reqAttr.getName());
-
-
- //check against EntityAttribute List
- for (RequestedAttribute entityAttrListEl : attrList) {
- if (!currentlyReqAttr.contains(entityAttrListEl.getName())) {
- el.getRequestAttributes().add(entityAttrListEl);
-
- } else
- log.debug("'AttributeConsumingService' already contains attr: " + entityAttrListEl.getName());
-
- }
-
- }
-
- }
-
- } else
- log.info("Can ONLY add 'EntityAttributes' to 'SPSSODescriptor'");
-
- }
-
- private List<RequestedAttribute> buildAttributeList(List<Trible<String, String, Boolean>> attrSet) {
- List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
- for (Trible<String, String, Boolean> el : attrSet)
- requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));
-
- return requestedAttributes;
-
-
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java
new file mode 100644
index 00000000..2d81b1f8
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java
@@ -0,0 +1,251 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
+
+import java.util.ArrayList;
+import java.util.List;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.ServiceName;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.samlext.saml2mdattr.EntityAttributes;
+import org.opensaml.xml.XMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Metadata filter that inject requested attributes based on Metadata EntityCategories.
+ *
+ * @author tlenz
+ *
+ */
+public class PvpEntityCategoryFilter implements MetadataFilter {
+ private static final Logger log = LoggerFactory.getLogger(PvpEntityCategoryFilter.class);
+
+ private boolean isUsed = false;
+
+ /**
+ * Filter to map PVP EntityCategories into a set of single PVP attributes.
+ *
+ * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
+ *
+ */
+ public PvpEntityCategoryFilter(final boolean isUsed) {
+ this.isUsed = isUsed;
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(final XMLObject metadata) throws FilterException {
+
+ if (isUsed) {
+ log.trace("Map PVP EntityCategory to single PVP Attributes ... ");
+ final String entityId = null;
+ try {
+ if (metadata instanceof EntitiesDescriptor) {
+ log.trace("Find EnitiesDescriptor ... ");
+ final EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
+ if (entitiesDesc.getEntityDescriptors() != null) {
+ for (final EntityDescriptor el : entitiesDesc.getEntityDescriptors()) {
+ resolveEntityCategoriesToAttributes(el);
+ }
+
+ }
+
+ } else if (metadata instanceof EntityDescriptor) {
+ log.trace("Find EntityDescriptor");
+ resolveEntityCategoriesToAttributes((EntityDescriptor) metadata);
+
+
+ } else {
+ throw new Pvp2MetadataException("pvp2.26", new Object[] {
+ "Invalid Metadata file Root element is no Entities- or EntityDescriptor"});
+ }
+
+
+
+ } catch (final Exception e) {
+ log.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: "
+ + entityId, e);
+
+ }
+
+ } else {
+ log.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
+ }
+
+ }
+
+ private void resolveEntityCategoriesToAttributes(final EntityDescriptor metadata) {
+ log.debug("Resolving EntityCategorie for Entity: " + metadata.getEntityID() + " ...");
+ final Extensions extensions = metadata.getExtensions();
+ if (extensions != null) {
+ final List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
+ if (listOfExt != null && !listOfExt.isEmpty()) {
+ log.trace("Find #" + listOfExt.size() + " 'Extension' elements ");
+ for (final XMLObject el : listOfExt) {
+ log.trace("Find ExtensionElement: " + el.getElementQName().toString());
+ if (el instanceof EntityAttributes) {
+ final EntityAttributes entityAttrElem = (EntityAttributes) el;
+ if (entityAttrElem.getAttributes() != null) {
+ log.trace("Find EntityAttributes. Start attribute processing ...");
+ for (final Attribute entityAttr : entityAttrElem.getAttributes()) {
+ if (entityAttr.getName().equals(PvpConstants.ENTITY_CATEGORY_ATTRIBITE)) {
+ if (!entityAttr.getAttributeValues().isEmpty()) {
+ final String entityAttrValue =
+ entityAttr.getAttributeValues().get(0).getDOM().getTextContent();
+ if (PvpConstants.EGOVTOKEN.equals(entityAttrValue)) {
+ log.debug(
+ "Find 'EGOVTOKEN' EntityAttribute. Adding single pvp attributes ... ");
+ addAttributesToEntityDescriptor(metadata,
+ buildAttributeList(PvpConstants.EGOVTOKEN_PVP_ATTRIBUTES),
+ entityAttrValue);
+
+
+ } else if (PvpConstants.CITIZENTOKEN.equals(entityAttrValue)) {
+ log.debug(
+ "Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... ");
+ addAttributesToEntityDescriptor(metadata,
+ buildAttributeList(PvpConstants.CITIZENTOKEN_PVP_ATTRIBUTES),
+ entityAttrValue);
+
+ } else {
+ log.info("EntityAttributeValue: " + entityAttrValue + " is UNKNOWN!");
+ }
+
+ } else {
+ log.info("EntityAttribute: No attribute value");
+ }
+
+ } else {
+ log.info("EntityAttribute: " + entityAttr.getName() + " is NOT supported");
+ }
+
+ }
+
+ } else {
+ log.info(
+ "Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
+ }
+
+ }
+ }
+
+ } else {
+ log.trace("'Extension' element is 'null' or empty");
+ }
+
+ } else {
+ log.trace("No 'Extension' element found");
+ }
+
+ }
+
+
+ private void addAttributesToEntityDescriptor(final EntityDescriptor metadata,
+ final List<RequestedAttribute> attrList, final String entityAttr) {
+ final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ if (spSsoDesc != null) {
+ if (spSsoDesc.getAttributeConsumingServices() == null
+ || spSsoDesc.getAttributeConsumingServices().isEmpty()) {
+ log.trace("No 'AttributeConsumingServices' found. Added it ...");
+
+ final AttributeConsumingService attributeService =
+ Saml2Utils.createSamlObject(AttributeConsumingService.class);
+ attributeService.setIndex(0);
+ attributeService.setIsDefault(true);
+ final ServiceName serviceName = Saml2Utils.createSamlObject(ServiceName.class);
+ serviceName.setName(new LocalizedString("Default Service", "en"));
+ attributeService.getNames().add(serviceName);
+
+ if (attrList != null && !attrList.isEmpty()) {
+ attributeService.getRequestAttributes().addAll(attrList);
+ log.info("Add " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr);
+
+ }
+
+ spSsoDesc.getAttributeConsumingServices().add(attributeService);
+
+ } else {
+ log.debug("Find 'AttributeConsumingServices'. Starting updating process ... ");
+ for (final AttributeConsumingService el : spSsoDesc.getAttributeConsumingServices()) {
+ log.debug("Update 'AttributeConsumingService' with Index: " + el.getIndex());
+
+ // load currently requested attributes
+ final List<String> currentlyReqAttr = new ArrayList<>();
+ for (final RequestedAttribute reqAttr : el.getRequestAttributes()) {
+ currentlyReqAttr.add(reqAttr.getName());
+ }
+
+
+ // check against EntityAttribute List
+ for (final RequestedAttribute entityAttrListEl : attrList) {
+ if (!currentlyReqAttr.contains(entityAttrListEl.getName())) {
+ el.getRequestAttributes().add(entityAttrListEl);
+
+ } else {
+ log.debug("'AttributeConsumingService' already contains attr: "
+ + entityAttrListEl.getName());
+ }
+
+ }
+
+ }
+
+ }
+
+ } else {
+ log.info("Can ONLY add 'EntityAttributes' to 'SPSSODescriptor'");
+ }
+
+ }
+
+ private List<RequestedAttribute> buildAttributeList(
+ final List<Trible<String, String, Boolean>> attrSet) {
+ final List<RequestedAttribute> requestedAttributes = new ArrayList<>();
+ for (final Trible<String, String, Boolean> el : attrSet) {
+ requestedAttributes
+ .add(PvpAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));
+ }
+
+ return requestedAttributes;
+
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
index b5de4b21..3ff78ca8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
@@ -1,35 +1,28 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
-
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
@@ -38,69 +31,65 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-
-/**
- * @author tlenz
- *
- */
public class SchemaValidationFilter implements MetadataFilter {
- private static final Logger log = LoggerFactory.getLogger(SchemaValidationFilter.class);
- private boolean isActive = true;
-
- public SchemaValidationFilter() {
- }
-
- /**
- *
- */
- public SchemaValidationFilter(boolean useSchemaValidation) {
- this.isActive = useSchemaValidation;
- }
-
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
- */
- @Override
- public void doFilter(XMLObject arg0) throws FilterException {
-
- String errString = null;
-
- if (isActive) {
- try {
- Schema test = SAMLSchemaBuilder.getSAML11Schema();
- Validator val = test.newValidator();
- DOMSource source = new DOMSource(arg0.getDOM());
- val.validate(source);
- log.info("Metadata Schema validation check done OK");
- return;
-
- } catch (SAXException e) {
- if (log.isDebugEnabled() || log.isTraceEnabled())
- log.warn("Metadata Schema validation FAILED with exception:", e);
- else
- log.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-
- errString = e.getMessage();
-
- } catch (Exception e) {
- if (log.isDebugEnabled() || log.isTraceEnabled())
- log.warn("Metadata Schema validation FAILED with exception:", e);
- else
- log.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-
- errString = e.getMessage();
-
- }
-
- throw new FilterException(
- new SchemaValidationException("pvp2.26",
- new Object[] {"Metadata Schema validation FAILED with message: " + errString}));
-
- } else
- log.info("Metadata Schema validation check is DEACTIVATED!");
-
- }
+ private static final Logger log = LoggerFactory.getLogger(SchemaValidationFilter.class);
+ private boolean isActive = true;
+
+ public SchemaValidationFilter() {
+
+ }
+
+ public SchemaValidationFilter(final boolean useSchemaValidation) {
+ this.isActive = useSchemaValidation;
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(final XMLObject arg0) throws FilterException {
+
+ String errString = null;
+
+ if (isActive) {
+ try {
+ final Schema test = SAMLSchemaBuilder.getSAML11Schema();
+ final Validator val = test.newValidator();
+ final DOMSource source = new DOMSource(arg0.getDOM());
+ val.validate(source);
+ log.info("Metadata Schema validation check done OK");
+ return;
+
+ } catch (final SAXException e) {
+ if (log.isDebugEnabled() || log.isTraceEnabled()) {
+ log.warn("Metadata Schema validation FAILED with exception:", e);
+ } else {
+ log.warn("Metadata Schema validation FAILED with message: " + e.getMessage());
+ }
+
+ errString = e.getMessage();
+
+ } catch (final Exception e) {
+ if (log.isDebugEnabled() || log.isTraceEnabled()) {
+ log.warn("Metadata Schema validation FAILED with exception:", e);
+ } else {
+ log.warn("Metadata Schema validation FAILED with message: " + e.getMessage());
+ }
+
+ errString = e.getMessage();
+
+ }
+
+ throw new FilterException(new SchemaValidationException("pvp2.26",
+ new Object[] {"Metadata Schema validation FAILED with message: " + errString}));
+
+ } else {
+ log.info("Metadata Schema validation check is DEACTIVATED!");
+ }
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java
index f1dd1269..fc1b6ea8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java
@@ -1,36 +1,29 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
import javax.xml.namespace.QName;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
-
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.xml.SAMLConstants;
@@ -52,144 +45,154 @@ import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-
/**
+ * Signature Policy for SAML2 redirect-binding.
+ *
* @author tlenz
*
*/
public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule {
- private static final Logger log = LoggerFactory.getLogger(AbstractRequestSignedSecurityPolicyRule.class);
-
-
- private SignatureTrustEngine trustEngine = null;
- private QName peerEntityRole = null;
- /**
- * @param peerEntityRole
- *
- */
- public AbstractRequestSignedSecurityPolicyRule(SignatureTrustEngine trustEngine, QName peerEntityRole) {
- this.trustEngine = trustEngine;
- this.peerEntityRole = peerEntityRole;
-
- }
-
-
- /**
- * Reload the PVP metadata for a given entity
- *
- * @param entityID for which the metadata should be refreshed.
- * @return true if the refresh was successful, otherwise false
- */
- protected abstract boolean refreshMetadataProvider(String entityID);
-
-
- protected abstract SignableSAMLObject getSignedSAMLObject(XMLObject inboundData);
-
- /* (non-Javadoc)
- * @see org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext)
- */
- @Override
- public void evaluate(MessageContext context) throws SecurityPolicyException {
- try {
- verifySignature(context);
-
- } catch (SecurityPolicyException e) {
- if (StringUtils.isEmpty(context.getInboundMessageIssuer())) {
- throw e;
-
- }
- log.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer());
- if (!refreshMetadataProvider(context.getInboundMessageIssuer()))
- throw e;
-
- else {
- log.trace("PVP2X metadata reload finished. Check validate message again.");
- verifySignature(context);
-
- }
- log.trace("Second PVP2X message validation finished");
-
- }
-
-
- }
-
- private void verifySignature(MessageContext context) throws SecurityPolicyException {
- SignableSAMLObject samlObj = getSignedSAMLObject(context.getInboundMessage());
- if (samlObj != null && samlObj.getSignature() != null) {
-
- SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
- try {
- profileValidator.validate(samlObj.getSignature());
- performSchemaValidation(samlObj.getDOM());
-
- } catch (ValidationException e) {
- log.warn("Signature is not conform to SAML signature profile", e);
- throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-
- } catch (SchemaValidationException e) {
- log.warn("Signature is not conform to SAML signature profile", e);
- throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-
- }
-
-
-
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add( new EntityIDCriteria(context.getInboundMessageIssuer()) );
- criteriaSet.add( new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS) );
- criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
- try {
- if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new SecurityPolicyException("Signature validation FAILED.");
-
- }
- log.debug("PVP message signature valid.");
-
- } catch (org.opensaml.xml.security.SecurityException e) {
- log.info("PVP2x message signature validation FAILED. Message:" + e.getMessage());
- throw new SecurityPolicyException("Signature validation FAILED.");
-
- }
-
- } else {
- throw new SecurityPolicyException("PVP Message is not signed.");
-
- }
-
- }
-
- private void performSchemaValidation(Element source) throws SchemaValidationException {
-
- String err = null;
- try {
- Schema test = SAMLSchemaBuilder.getSAML11Schema();
- Validator val = test.newValidator();
- val.validate(new DOMSource(source));
- log.debug("Schema validation check done OK");
- return;
-
- } catch (SAXException e) {
- err = e.getMessage();
- if (log.isDebugEnabled() || log.isTraceEnabled())
- log.warn("Schema validation FAILED with exception:", e);
- else
- log.warn("Schema validation FAILED with message: "+ e.getMessage());
-
- } catch (Exception e) {
- err = e.getMessage();
- if (log.isDebugEnabled() || log.isTraceEnabled())
- log.warn("Schema validation FAILED with exception:", e);
- else
- log.warn("Schema validation FAILED with message: "+ e.getMessage());
-
- }
-
- throw new SchemaValidationException("pvp2.22", new Object[]{err});
-
- }
+ private static final Logger log =
+ LoggerFactory.getLogger(AbstractRequestSignedSecurityPolicyRule.class);
+
+
+ private SignatureTrustEngine trustEngine = null;
+ private QName peerEntityRole = null;
+
+ /**
+ * Role initializer.
+ *
+ * @param peerEntityRole
+ *
+ */
+ public AbstractRequestSignedSecurityPolicyRule(final SignatureTrustEngine trustEngine,
+ final QName peerEntityRole) {
+ this.trustEngine = trustEngine;
+ this.peerEntityRole = peerEntityRole;
+
+ }
+
+
+ /**
+ * Reload the PVP metadata for a given entity.
+ *
+ * @param entityID for which the metadata should be refreshed.
+ * @return true if the refresh was successful, otherwise false
+ */
+ protected abstract boolean refreshMetadataProvider(String entityID);
+
+
+ protected abstract SignableSAMLObject getSignedSamlObject(XMLObject inboundData);
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext)
+ */
+ @Override
+ public void evaluate(final MessageContext context) throws SecurityPolicyException {
+ try {
+ verifySignature(context);
+
+ } catch (final SecurityPolicyException e) {
+ if (StringUtils.isEmpty(context.getInboundMessageIssuer())) {
+ throw e;
+
+ }
+ log.debug("PVP2X message validation FAILED. Reload metadata for entityID: "
+ + context.getInboundMessageIssuer());
+ if (!refreshMetadataProvider(context.getInboundMessageIssuer())) {
+ throw e;
+ } else {
+ log.trace("PVP2X metadata reload finished. Check validate message again.");
+ verifySignature(context);
+
+ }
+ log.trace("Second PVP2X message validation finished");
+
+ }
+
+
+ }
+
+ private void verifySignature(final MessageContext context) throws SecurityPolicyException {
+ final SignableSAMLObject samlObj = getSignedSamlObject(context.getInboundMessage());
+ if (samlObj != null && samlObj.getSignature() != null) {
+
+ final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ try {
+ profileValidator.validate(samlObj.getSignature());
+ performSchemaValidation(samlObj.getDOM());
+
+ } catch (final ValidationException e) {
+ log.warn("Signature is not conform to SAML signature profile", e);
+ throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
+
+ } catch (final SchemaValidationException e) {
+ log.warn("Signature is not conform to SAML signature profile", e);
+ throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
+
+ }
+
+
+
+ final CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add(new EntityIDCriteria(context.getInboundMessageIssuer()));
+ criteriaSet.add(new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS));
+ criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
+
+ try {
+ if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) {
+ throw new SecurityPolicyException("Signature validation FAILED.");
+
+ }
+ log.debug("PVP message signature valid.");
+
+ } catch (final org.opensaml.xml.security.SecurityException e) {
+ log.info("PVP2x message signature validation FAILED. Message:" + e.getMessage());
+ throw new SecurityPolicyException("Signature validation FAILED.");
+
+ }
+
+ } else {
+ throw new SecurityPolicyException("PVP Message is not signed.");
+
+ }
+
+ }
+
+ private void performSchemaValidation(final Element source) throws SchemaValidationException {
+
+ String err = null;
+ try {
+ final Schema test = SAMLSchemaBuilder.getSAML11Schema();
+ final Validator val = test.newValidator();
+ val.validate(new DOMSource(source));
+ log.debug("Schema validation check done OK");
+ return;
+
+ } catch (final SAXException e) {
+ err = e.getMessage();
+ if (log.isDebugEnabled() || log.isTraceEnabled()) {
+ log.warn("Schema validation FAILED with exception:", e);
+ } else {
+ log.warn("Schema validation FAILED with message: " + e.getMessage());
+ }
+
+ } catch (final Exception e) {
+ err = e.getMessage();
+ if (log.isDebugEnabled() || log.isTraceEnabled()) {
+ log.warn("Schema validation FAILED with exception:", e);
+ } else {
+ log.warn("Schema validation FAILED with message: " + e.getMessage());
+ }
+
+ }
+
+ throw new SchemaValidationException("pvp2.22", new Object[] {err});
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPAuthRequestSignedRole.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPAuthRequestSignedRole.java
deleted file mode 100644
index 6d5fdff8..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPAuthRequestSignedRole.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
-
-import java.util.List;
-
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
-import org.opensaml.ws.transport.http.HTTPInTransport;
-import org.opensaml.xml.util.DatatypeHelper;
-
-/**
- * @author tlenz
- *
- */
-public class PVPAuthRequestSignedRole extends SAML2AuthnRequestsSignedRule {
-
- @Override
- protected boolean isMessageSigned(SAMLMessageContext messageContext) {
- // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings.
- HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport();
-
- //Check signature parameter exists only once and is not empty
- List<String> sigParam = inTransport.getParameterValues("Signature");
- boolean isValidSigned = sigParam.size() == 1 && !DatatypeHelper.isEmpty(sigParam.get(0));
-
- //Check signature-algorithm parameter exists only once and is not empty
- List<String> sigAlgParam = inTransport.getParameterValues("SigAlg");
- boolean isValidSigAlgExists = sigAlgParam.size() == 1 && !DatatypeHelper.isEmpty(sigAlgParam.get(0));
-
- //Check signature-content parameter exists only once and is not empty
- List<String> samlReqParam = inTransport.getParameterValues("SAMLRequest");
- List<String> samlRespParam = inTransport.getParameterValues("SAMLResponse");
- boolean isValidContent = ( ( samlReqParam.size() == 1 && !DatatypeHelper.isEmpty(samlReqParam.get(0)) )
- || ( samlRespParam.size() == 1 && !DatatypeHelper.isEmpty(samlRespParam.get(0)) )
- ) && !(samlReqParam.size() == 1 && samlRespParam.size() == 1)
- ;
-
- return isValidSigned && isValidSigAlgExists && isValidContent;
-
- }
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPSignedRequestPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPSignedRequestPolicyRule.java
deleted file mode 100644
index eecaf4f0..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PVPSignedRequestPolicyRule.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-
-/**
- * @author tlenz
- *
- */
-public class PVPSignedRequestPolicyRule extends
- AbstractRequestSignedSecurityPolicyRule {
-
- private IRefreshableMetadataProvider metadataProvider = null;
-
- /**
- * @param metadataProvider
- * @param trustEngine
- * @param peerEntityRole
- */
- public PVPSignedRequestPolicyRule(MetadataProvider metadataProvider, SignatureTrustEngine trustEngine,
- QName peerEntityRole) {
- super(trustEngine, peerEntityRole);
- if (metadataProvider instanceof IRefreshableMetadataProvider)
- this.metadataProvider = (IRefreshableMetadataProvider) metadataProvider;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String)
- */
- @Override
- protected boolean refreshMetadataProvider(String entityID) {
- if (metadataProvider != null)
- return metadataProvider.refreshMetadataProvider(entityID);
-
- return false;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject)
- */
- @Override
- protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) {
- if (inboundData instanceof SignableSAMLObject)
- return (SignableSAMLObject) inboundData;
-
- else
- return null;
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java
new file mode 100644
index 00000000..4eb711f9
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
+
+import java.util.List;
+import org.opensaml.common.binding.SAMLMessageContext;
+import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
+import org.opensaml.ws.transport.http.HTTPInTransport;
+import org.opensaml.xml.util.DatatypeHelper;
+
+public class PvpAuthRequestSignedRole extends SAML2AuthnRequestsSignedRule {
+
+ @Override
+ protected boolean isMessageSigned(final SAMLMessageContext messageContext) {
+ // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings.
+ final HTTPInTransport inTransport =
+ (HTTPInTransport) messageContext.getInboundMessageTransport();
+
+ // Check signature parameter exists only once and is not empty
+ final List<String> sigParam = inTransport.getParameterValues("Signature");
+ final boolean isValidSigned = sigParam.size() == 1 && !DatatypeHelper.isEmpty(sigParam.get(0));
+
+ // Check signature-algorithm parameter exists only once and is not empty
+ final List<String> sigAlgParam = inTransport.getParameterValues("SigAlg");
+ final boolean isValidSigAlgExists =
+ sigAlgParam.size() == 1 && !DatatypeHelper.isEmpty(sigAlgParam.get(0));
+
+ // Check signature-content parameter exists only once and is not empty
+ final List<String> samlReqParam = inTransport.getParameterValues("SAMLRequest");
+ final List<String> samlRespParam = inTransport.getParameterValues("SAMLResponse");
+ final boolean isValidContent =
+ ((samlReqParam.size() == 1 && !DatatypeHelper.isEmpty(samlReqParam.get(0)))
+ || (samlRespParam.size() == 1 && !DatatypeHelper.isEmpty(samlRespParam.get(0))))
+ && !(samlReqParam.size() == 1 && samlRespParam.size() == 1);
+
+ return isValidSigned && isValidSigAlgExists && isValidContent;
+
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java
new file mode 100644
index 00000000..0d108596
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
+
+import javax.xml.namespace.QName;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.signature.SignatureTrustEngine;
+
+public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPolicyRule {
+
+ private IRefreshableMetadataProvider metadataProvider = null;
+
+ /**
+ * EAAF specific signature rule for OpenSAML2 redirect-binding.
+ *
+ * @param metadataProvider SAML2 metadata provider
+ * @param trustEngine SAML2 TrustEngine
+ * @param peerEntityRole Role of the Entity
+ */
+ public PvpSignedRequestPolicyRule(final MetadataProvider metadataProvider,
+ final SignatureTrustEngine trustEngine, final QName peerEntityRole) {
+ super(trustEngine, peerEntityRole);
+ if (metadataProvider instanceof IRefreshableMetadataProvider) {
+ this.metadataProvider = (IRefreshableMetadataProvider) metadataProvider;
+ }
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#
+ * refreshMetadataProvider(java.lang.String)
+ */
+ @Override
+ protected boolean refreshMetadataProvider(final String entityID) {
+ if (metadataProvider != null) {
+ return metadataProvider.refreshMetadataProvider(entityID);
+ }
+
+ return false;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#
+ * getSignedSAMLObject(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ protected SignableSAMLObject getSignedSamlObject(final XMLObject inboundData) {
+ if (inboundData instanceof SignableSAMLObject) {
+ return (SignableSAMLObject) inboundData;
+ } else {
+ return null;
+ }
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SAMLVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SAMLVerificationEngine.java
deleted file mode 100644
index 078e4ac0..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SAMLVerificationEngine.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.validation.ValidationException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
-
-@Service("SAMLVerificationEngine")
-public class SAMLVerificationEngine {
- private static final Logger log = LoggerFactory.getLogger(SAMLVerificationEngine.class);
-
-
- @Autowired(required=true) IPVPMetadataProvider metadataProvider;
-
- public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
- try {
- if (msg instanceof PVPSProfileRequest &&
- ((PVPSProfileRequest)msg).getSamlRequest() instanceof RequestAbstractType)
- verifyRequest(((RequestAbstractType)((PVPSProfileRequest)msg).getSamlRequest()), sigTrustEngine);
-
- else
- verifyIDPResponse(((PVPSProfileResponse)msg).getResponse(), sigTrustEngine);
-
- } catch (InvalidProtocolRequestException e) {
- if (StringUtils.isEmpty(msg.getEntityID())) {
- throw e;
-
- }
- log.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID());
-
- if (metadataProvider == null ||
- !(metadataProvider instanceof IRefreshableMetadataProvider) ||
- !((IRefreshableMetadataProvider)metadataProvider).refreshMetadataProvider(msg.getEntityID()))
- throw e;
-
- else {
- log.trace("PVP2X metadata reload finished. Check validate message again.");
-
- if (msg instanceof PVPSProfileRequest &&
- ((PVPSProfileRequest)msg).getSamlRequest() instanceof RequestAbstractType)
- verifyRequest(((RequestAbstractType)((PVPSProfileRequest)msg).getSamlRequest()), sigTrustEngine);
-
- else
- verifyIDPResponse(((PVPSProfileResponse)msg).getResponse(), sigTrustEngine);
-
- }
- log.trace("Second PVP2X message validation finished");
- }
- }
-
- public void verifySLOResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
- verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- }
-
- public void verifyIDPResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException{
- verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- }
-
- private void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine, QName defaultElementName) throws InvalidProtocolRequestException{
- SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
- try {
- profileValidator.validate(samlObj.getSignature());
- performSchemaValidation(samlObj.getDOM());
-
- } catch (ValidationException e) {
- log.warn("Signature is not conform to SAML signature profile", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
-
- } catch (SchemaValidationException e) {
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
-
- }
-
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS) );
- criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
- try {
- if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
- }
- } catch (org.opensaml.xml.security.SecurityException e) {
- log.warn("PVP2x message signature validation FAILED.", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
- }
- }
-
- private void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
- SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
- try {
- profileValidator.validate(samlObj.getSignature());
- performSchemaValidation(samlObj.getDOM());
-
- } catch (ValidationException e) {
- log.warn("Signature is not conform to SAML signature profile", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
-
- } catch (SchemaValidationException e) {
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
-
- }
-
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
- criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
- try {
- if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
- }
- } catch (org.opensaml.xml.security.SecurityException e) {
- log.warn("PVP2x message signature validation FAILED.", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
- }
- }
-
- protected void performSchemaValidation(Element source) throws SchemaValidationException {
-
- String err = null;
- try {
- Schema test = SAMLSchemaBuilder.getSAML11Schema();
- Validator val = test.newValidator();
- val.validate(new DOMSource(source));
- log.debug("Schema validation check done OK");
- return;
-
- } catch (SAXException e) {
- err = e.getMessage();
- if (log.isDebugEnabled() || log.isTraceEnabled())
- log.warn("Schema validation FAILED with exception:", e);
- else
- log.warn("Schema validation FAILED with message: "+ e.getMessage());
-
- } catch (Exception e) {
- err = e.getMessage();
- if (log.isDebugEnabled() || log.isTraceEnabled())
- log.warn("Schema validation FAILED with exception:", e);
- else
- log.warn("Schema validation FAILED with message: "+ e.getMessage());
-
- }
-
- throw new SchemaValidationException("pvp2.22", new Object[]{err});
-
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
new file mode 100644
index 00000000..64eb5247
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
@@ -0,0 +1,218 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
+
+import javax.xml.namespace.QName;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.Validator;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.signature.SignatureTrustEngine;
+import org.opensaml.xml.validation.ValidationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+@Service("SAMLVerificationEngine")
+public class SamlVerificationEngine {
+ private static final Logger log = LoggerFactory.getLogger(SamlVerificationEngine.class);
+
+
+ @Autowired(required = true)
+ IPvpMetadataProvider metadataProvider;
+
+ /**
+ * Verify signature of a signed SAML2 object.
+ *
+ * @param msg SAML2 message
+ * @param sigTrustEngine TrustEngine
+ * @throws org.opensaml.xml.security.SecurityException In case of invalid signature
+ * @throws Exception In case of a general error
+ */
+ public void verify(final InboundMessage msg, final SignatureTrustEngine sigTrustEngine)
+ throws org.opensaml.xml.security.SecurityException, Exception {
+ try {
+ if (msg instanceof PvpSProfileRequest
+ && ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) {
+ verifyRequest(((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest()),
+ sigTrustEngine);
+ } else {
+ verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine);
+ }
+
+ } catch (final InvalidProtocolRequestException e) {
+ if (StringUtils.isEmpty(msg.getEntityID())) {
+ throw e;
+
+ }
+ log.debug(
+ "PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID());
+
+ if (metadataProvider == null || !(metadataProvider instanceof IRefreshableMetadataProvider)
+ || !((IRefreshableMetadataProvider) metadataProvider)
+ .refreshMetadataProvider(msg.getEntityID())) {
+ throw e;
+ } else {
+ log.trace("PVP2X metadata reload finished. Check validate message again.");
+
+ if (msg instanceof PvpSProfileRequest
+ && ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) {
+ verifyRequest(((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest()),
+ sigTrustEngine);
+ } else {
+ verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine);
+ }
+
+ }
+ log.trace("Second PVP2X message validation finished");
+ }
+ }
+
+ public void verifySloResponse(final StatusResponseType samlObj,
+ final SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException {
+ verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ }
+
+ public void verifyIdpResponse(final StatusResponseType samlObj,
+ final SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException {
+ verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ }
+
+ private void verifyResponse(final StatusResponseType samlObj,
+ final SignatureTrustEngine sigTrustEngine, final QName defaultElementName)
+ throws InvalidProtocolRequestException {
+ final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ try {
+ profileValidator.validate(samlObj.getSignature());
+ performSchemaValidation(samlObj.getDOM());
+
+ } catch (final ValidationException e) {
+ log.warn("Signature is not conform to SAML signature profile", e);
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+
+ } catch (final SchemaValidationException e) {
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+
+ }
+
+ final CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add(new EntityIDCriteria(samlObj.getIssuer().getValue()));
+ criteriaSet.add(new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS));
+ criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
+
+ try {
+ if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ }
+ } catch (final org.opensaml.xml.security.SecurityException e) {
+ log.warn("PVP2x message signature validation FAILED.", e);
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ }
+ }
+
+ private void verifyRequest(final RequestAbstractType samlObj,
+ final SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException {
+ final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ try {
+ profileValidator.validate(samlObj.getSignature());
+ performSchemaValidation(samlObj.getDOM());
+
+ } catch (final ValidationException e) {
+ log.warn("Signature is not conform to SAML signature profile", e);
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+
+ } catch (final SchemaValidationException e) {
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+
+ }
+
+ final CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add(new EntityIDCriteria(samlObj.getIssuer().getValue()));
+ criteriaSet
+ .add(new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
+ criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
+
+ try {
+ if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ }
+ } catch (final org.opensaml.xml.security.SecurityException e) {
+ log.warn("PVP2x message signature validation FAILED.", e);
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ }
+ }
+
+ protected void performSchemaValidation(final Element source) throws SchemaValidationException {
+
+ String err = null;
+ try {
+ final Schema test = SAMLSchemaBuilder.getSAML11Schema();
+ final Validator val = test.newValidator();
+ val.validate(new DOMSource(source));
+ log.debug("Schema validation check done OK");
+ return;
+
+ } catch (final SAXException e) {
+ err = e.getMessage();
+ if (log.isDebugEnabled() || log.isTraceEnabled()) {
+ log.warn("Schema validation FAILED with exception:", e);
+ } else {
+ log.warn("Schema validation FAILED with message: " + e.getMessage());
+ }
+
+ } catch (final Exception e) {
+ err = e.getMessage();
+ if (log.isDebugEnabled() || log.isTraceEnabled()) {
+ log.warn("Schema validation FAILED with exception:", e);
+ } else {
+ log.warn("Schema validation FAILED with message: " + e.getMessage());
+ }
+
+ }
+
+ throw new SchemaValidationException("pvp2.22", new Object[] {err});
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
index 9c60d724..8bc7508c 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -1 +1 @@
-at.gv.egiz.eaaf.modules.pvp2.PVP2SProfileCoreSpringResourceProvider \ No newline at end of file
+at.gv.egiz.eaaf.modules.pvp2.Pvp2SProfileCoreSpringResourceProvider \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml
index 2cbcce20..ee4d3864 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml
@@ -1,30 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- -->
-
-<!--
- -->
<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:tx="http://www.springframework.org/schema/tx"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
-
- <bean id="PVPMetadataBuilder"
- class="at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder" />
-
- <bean id="PVPPOSTBinding"
- class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding" />
-
- <bean id="PVPRedirectBinding"
- class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding" />
-
- <bean id="PVPSOAPBinding"
- class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding" />
-
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <bean id="PVPMetadataBuilder"
+ class="at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder" />
+
+ <bean id="PVPPOSTBinding"
+ class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding" />
+
+ <bean id="PVPRedirectBinding"
+ class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding" />
+
+ <bean id="PVPSOAPBinding"
+ class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding" />
+
</beans> \ No newline at end of file