diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-02-05 09:02:13 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-02-05 09:02:13 +0100 |
commit | 5a1eca23a9b35541b7b1955b83b47e0af983d5dd (patch) | |
tree | ea9045f10af6ba12f02777b2b6a3ff3f7fd5557b /eaaf_modules/eaaf_module_pvp2_idp/src | |
parent | e7610325ee2f1d1f4e97e1e7a9b212e692836b5a (diff) | |
download | EAAF-Components-5a1eca23a9b35541b7b1955b83b47e0af983d5dd.tar.gz EAAF-Components-5a1eca23a9b35541b7b1955b83b47e0af983d5dd.tar.bz2 EAAF-Components-5a1eca23a9b35541b7b1955b83b47e0af983d5dd.zip |
add Trusted-Certificates method to AbstractCredentialProvider
add jUnit tests for AbstractCredentialProvider
change method names in AbstractCredentialProvider
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_idp/src')
3 files changed, 10 insertions, 29 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index 1ef7da29..29bbac1e 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -194,7 +194,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement relayState = pvpRequest.getRequest().getRelayState(); } - final EaafX509Credential signCred = pvpIdpCredentials.getIdpAssertionSigningCredential(); + final EaafX509Credential signCred = pvpIdpCredentials.getMessageSigningCredential(); encoder.encodeResponse(request, response, samlResponse, pvpRequest.getConsumerUrl(), relayState, signCred, protocolRequest); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index c0190959..d138ba3a 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -129,7 +129,7 @@ public class AuthenticationAction implements IAction { } binding.encodeResponse(httpReq, httpResp, authResponse, consumerService.getLocation(), - moaRequest.getRelayState(), pvpIdpCredentials.getIdpAssertionSigningCredential(), req); + moaRequest.getRelayState(), pvpIdpCredentials.getMessageSigningCredential(), req); revisionsLogger.logEvent(req, 3105, authResponse.getID()); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java index 55e3e8b4..565f28fb 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java @@ -19,9 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder; -import java.security.PublicKey; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; import java.util.List; @@ -134,7 +131,14 @@ public class AuthResponseBuilder { X509Credential encryptionCredentials, IConfiguration authConfig) throws InvalidAssertionEncryptionException { try { - final String keyEncAlg = selectKeyEncryptionAlgorithm(encryptionCredentials, authConfig); + final String keyEncAlg = Saml2Utils.getKeyOperationAlgorithmFromCredential( + encryptionCredentials, + authConfig.getBasicConfiguration( + PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA), + authConfig.getBasicConfiguration( + PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC)); final DataEncryptionParameters dataEncParams = new DataEncryptionParameters(); dataEncParams.setAlgorithm(authConfig.getBasicConfiguration( @@ -164,29 +168,6 @@ public class AuthResponseBuilder { } - private static String selectKeyEncryptionAlgorithm(X509Credential encryptionCredentials, - IConfiguration authConfig) throws SamlSigningException { - final PublicKey privatekey = encryptionCredentials.getPublicKey(); - if (privatekey instanceof RSAPublicKey) { - return authConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, - PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); - - } else if (privatekey instanceof ECPublicKey) { - return authConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, - PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC); - - } else { - log.warn("Could NOT evaluate the Private-Key type from " + encryptionCredentials.getEntityId() - + " credential."); - throw new SamlSigningException("internal.pvp.97", - new Object[] { encryptionCredentials.getEntityId(), privatekey.getClass().getName() }); - - } - - } - private static X509Credential resolveEncryptionCredential(RequestAbstractType req, IPvp2MetadataProvider metadataProvider) throws InvalidAssertionEncryptionException { try { |