diff options
author | Thomas <thomas.lenz@egiz.gv.at> | 2019-12-04 22:54:51 +0100 |
---|---|---|
committer | Thomas <thomas.lenz@egiz.gv.at> | 2019-12-04 22:54:51 +0100 |
commit | 95b21a826e5d81fdeabcf4673a9e87047edaec9d (patch) | |
tree | d8d55da492dd86041c31d68651afa21c80313362 /eaaf_modules | |
parent | 759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f (diff) | |
download | EAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.tar.gz EAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.tar.bz2 EAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.zip |
to some more code quality tasks
Diffstat (limited to 'eaaf_modules')
33 files changed, 205 insertions, 155 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java index 4009796f..1a88c43b 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java @@ -81,8 +81,7 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule if (authConfig.getBasicConfigurationBoolean(getGeneralConfigPropertyNameEnableModule(), getGeneralConfigPropertyNameEnableModuleDefault())) { - if (spConfig != null - && StringUtils + if (StringUtils .isNotEmpty(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule())) && Boolean .valueOf(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))) { diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java index 251b516f..518f0d24 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java @@ -92,7 +92,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl final HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualEidDUrl).build()); final List<NameValuePair> parameters = new ArrayList<>(); parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, - Base64Url.encode(sl20Req.toString().getBytes()))); + Base64Url.encode(sl20Req.toString().getBytes("UTF-8")))); httpReq.setEntity(new UrlEncodedFormEntity(parameters)); // build http GET request @@ -105,7 +105,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); - log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes())); + log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes("UTF-8"))); // request VDA final HttpResponse httpResp = httpClientFactory.getHttpClient(false).execute(httpReq); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java index 39cfce05..516a33b9 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java @@ -138,7 +138,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask .extractSL20PayLoad(sl20ReqObj, joseTools, authConfig.getBasicConfigurationBoolean( Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); - if ((payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) { + if (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned()) { if (authConfig.getBasicConfigurationBoolean( Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { log.info("SL20 result from VDA was not valid signed"); @@ -151,10 +151,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask } } - - payLoadContainer.getCertChain(); - - + // extract payloaf final JsonNode payLoad = payLoadContainer.getPayload(); @@ -193,7 +190,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask // buildResponse(request, response, sl20ReqObj, aTrustErrorWorkAround); buildResponse(request, response, sl20ReqObj); } else { - buildErrorResponse(request, response, "2000", "General transport Binding error"); + buildErrorResponse(response, "2000", "General transport Binding error"); } } @@ -225,8 +222,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask protected abstract String getResumeEndPoint(); - private void buildErrorResponse(final HttpServletRequest request, - final HttpServletResponse response, final String errorCode, final String errorMsg) + private void buildErrorResponse(final HttpServletResponse response, final String errorCode, final String errorMsg) throws Exception { final ObjectNode error = SL20JsonBuilderUtils.createErrorCommandResult(errorCode, errorMsg); final ObjectNode errorCommand = SL20JsonBuilderUtils diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java index caa2e8d8..9d444802 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java @@ -21,7 +21,7 @@ public interface IJoseTools { * @param payLoad Payload to sign * @throws SlCommandoBuildException In case of a signature creation error */ - public String createSignature(String payLoad) throws SlCommandoBuildException; + String createSignature(String payLoad) throws SlCommandoBuildException; /** * Validates a signed SL2.0 message. @@ -31,7 +31,7 @@ public interface IJoseTools { * @throws SL20Exception In case of a signature validation error */ @Nonnull - public VerificationResult validateSignature(@Nonnull String serializedContent) + VerificationResult validateSignature(@Nonnull String serializedContent) throws SL20Exception; /** @@ -45,7 +45,7 @@ public interface IJoseTools { * @throws IOException In case of a general IO error */ @Nonnull - public VerificationResult validateSignature(@Nonnull String serializedContent, + VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull List<X509Certificate> trustedCerts, @Nonnull AlgorithmConstraints constraints) throws JoseException, IOException; @@ -61,7 +61,7 @@ public interface IJoseTools { * @throws KeyStoreException In case of TrustStore error */ @Nonnull - public VerificationResult validateSignature(@Nonnull String serializedContent, + VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull KeyStore trustStore, @Nonnull AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException; @@ -70,7 +70,7 @@ public interface IJoseTools { * * @return */ - public X509Certificate getEncryptionCertificate(); + X509Certificate getEncryptionCertificate(); /** * Decrypt a serialized JWE token. @@ -79,6 +79,6 @@ public interface IJoseTools { * @return decrypted payload * @throws SL20Exception In case of a decryption error */ - public JsonNode decryptPayload(String compactSerialization) throws SL20Exception; + JsonNode decryptPayload(String compactSerialization) throws SL20Exception; } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 28106377..6ec56825 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -133,6 +133,9 @@ public class JsonSecurityUtils implements IJoseTools { log.info("NO SL2.0 authentication security configuration. Initialization was skipped"); } + } catch (RuntimeException e) { + throw e; + } catch (final Exception e) { log.error("SL2.0 security constrains initialization FAILED.", e); @@ -304,11 +307,11 @@ public class JsonSecurityUtils implements IJoseTools { final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { - log.info("Certificate from JOSE header does NOT match encryption certificate"); - log.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); + log.info("Certificate from JOSE header does NOT match encryption certificate"); try { - log.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); + + log.debug("JOSE certificate: {}", Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); } catch (final CertificateEncodingException e) { e.printStackTrace(); } @@ -441,7 +444,8 @@ public class JsonSecurityUtils implements IJoseTools { if (cert != null && cert instanceof X509Certificate) { result.add((X509Certificate) cert); } else { - log.info("Can not process entry: " + el + ". Reason: " + cert.toString()); + log.info("Can not process entry: {}. Reason: {}", el, + cert != null ? cert.getType() : "cert is null"); } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index 5a8be243..d3726546 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -1,6 +1,7 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils; import java.util.Arrays; +import java.util.Collections; import java.util.List; import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; @@ -43,9 +44,9 @@ public class SL20Constants { public static final String JSON_ALGORITHM_SIGNING_PS512 = AlgorithmIdentifiers.RSA_PSS_USING_SHA512; - public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Arrays.asList( + public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(Arrays.asList( JSON_ALGORITHM_SIGNING_RS256, JSON_ALGORITHM_SIGNING_RS512, JSON_ALGORITHM_SIGNING_ES256, - JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512); + JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512)); public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = KeyManagementAlgorithmIdentifiers.RSA_OAEP; @@ -53,7 +54,7 @@ public class SL20Constants { KeyManagementAlgorithmIdentifiers.RSA_OAEP_256; public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = - Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256); + Collections.unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256)); public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256; @@ -64,9 +65,9 @@ public class SL20Constants { public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM = ContentEncryptionAlgorithmIdentifiers.AES_256_GCM; - public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Arrays.asList( + public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Collections.unmodifiableList(Arrays.asList( JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512, - JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM); + JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM)); // ********************************************************************************************* diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java index be306b69..6a8b96d4 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java @@ -53,7 +53,7 @@ public class SL20HttpBindingUtils { log.debug("Client request containts is no native client ... "); final URIBuilder clientRedirectUri = new URIBuilder(redirectUrl); clientRedirectUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, - Base64Url.encode(sl20Forward.toString().getBytes())); + Base64Url.encode(sl20Forward.toString().getBytes("UTF-8"))); httpResp.setStatus(httpCodeRedirect); httpResp.setHeader("Location", clientRedirectUri.build().toString()); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java index f505f28d..82a8cf26 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java @@ -1,5 +1,6 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils; +import java.io.UnsupportedEncodingException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Arrays; @@ -65,13 +66,17 @@ public class SL20JsonBuilderUtils { final JsonSecurityUtils encrypter) throws SlCommandoBuildException { // TODO: add real implementation // create header and footer - final String dummyHeader = createJsonEncryptionHeader(encrypter).toString(); + final String dummyHeader = createJsonEncryptionHeader().toString(); final String payLoad = result.toString(); - final String dummyFooter = createJsonSignedFooter(encrypter); + final String dummyFooter = createJsonSignedFooter(); - return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." - + Base64.getUrlEncoder().encodeToString(payLoad.getBytes()) + "." - + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes()); + try { + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(payLoad.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); + } catch (UnsupportedEncodingException e) { + throw new SlCommandoBuildException("No UTF-8 encoding", e); + } } @@ -116,12 +121,17 @@ public class SL20JsonBuilderUtils { // TODO: add real implementation // create header and footer - final String dummyHeader = createJsonSignedHeader(signer).toString(); - final String dummyFooter = createJsonSignedFooter(signer); + final String dummyHeader = createJsonSignedHeader().toString(); + final String dummyFooter = createJsonSignedFooter(); - return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." - + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes()) + "." - + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes()); + try { + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); + + } catch (UnsupportedEncodingException e) { + throw new SlCommandoBuildException("No UTF-8 encoding", e); + } } @@ -560,7 +570,7 @@ public class SL20JsonBuilderUtils { // TODO!!!! - private static ObjectNode createJsonSignedHeader(final JsonSecurityUtils signer) + private static ObjectNode createJsonSignedHeader() throws SlCommandoBuildException { final ObjectNode header = mapper.getMapper().createObjectNode(); addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, @@ -574,7 +584,7 @@ public class SL20JsonBuilderUtils { } // TODO!!!! - private static ObjectNode createJsonEncryptionHeader(final JsonSecurityUtils signer) + private static ObjectNode createJsonEncryptionHeader() throws SlCommandoBuildException { final ObjectNode header = mapper.getMapper().createObjectNode(); addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, @@ -590,7 +600,7 @@ public class SL20JsonBuilderUtils { } // TODO!!!! - private static String createJsonSignedFooter(final JsonSecurityUtils signer) { + private static String createJsonSignedFooter() { return "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7\n" + " AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4\n" + " BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K\n" diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java index f4b5a724..d4e1490d 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java @@ -245,7 +245,7 @@ public class SL20JsonExtractorUtils { try { final String[] signedPayload = encryptedResult.toString().split("\\."); final JsonNode payLoad = mapper.getMapper() - .readTree(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); + .readTree(new String(Base64.getUrlDecoder().decode(signedPayload[1]), "UTF-8")); return payLoad; } catch (final Exception e1) { @@ -338,9 +338,9 @@ public class SL20JsonExtractorUtils { } sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - } else if ((httpResp.getStatusLine().getStatusCode() == 500) - || (httpResp.getStatusLine().getStatusCode() == 401) - || (httpResp.getStatusLine().getStatusCode() == 400)) { + } else if (httpResp.getStatusLine().getStatusCode() == 500 + || httpResp.getStatusLine().getStatusCode() == 401 + || httpResp.getStatusLine().getStatusCode() == 400) { log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + ". Search for error message"); diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java index 9bd5791f..49940ca5 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java @@ -17,5 +17,5 @@ public interface ISchemaRessourceProvider { * @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme as * {@link InputStream} */ - public Map<String, InputStream> getSchemas(); + Map<String, InputStream> getSchemas(); } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java index 5cb001ef..338e77d8 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java @@ -18,13 +18,17 @@ public class SignatureCreationService extends AbstractSignatureService private XMLSignatureCreationInvoker xadesInvoker; private CMSSignatureCreationInvoker cadesInvoker; + @PostConstruct protected void internalInitializer() { log.debug("Instanzing SignatureCreationService implementation ... "); xadesInvoker = XMLSignatureCreationInvoker.getInstance(); cadesInvoker = CMSSignatureCreationInvoker.getInstance(); + log.trace("XML_impl: {} , CMS_imp: {}", + xadesInvoker.getClass().getName(), cadesInvoker.getClass().getName()); log.info("MOA-Sig signature-creation service initialized"); + } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java index 701e2072..18ee6edb 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java @@ -42,7 +42,10 @@ public class GenericSignatureVerificationResponse @Override public Date getSigningDateTime() { - return this.signingDateTime; + if (this.signingDateTime != null) { + return new Date(this.signingDateTime.getTime()); + } + return null; } @@ -84,7 +87,11 @@ public class GenericSignatureVerificationResponse @Override public byte[] getX509CertificateEncoded() { - return this.getX509CertificateEncoded(); + if (this.x509CertificateEncoded != null) { + return this.x509CertificateEncoded.clone(); + + } + return null; } @@ -101,7 +108,9 @@ public class GenericSignatureVerificationResponse } public void setSigningDateTime(final Date signingDateTime) { - this.signingDateTime = signingDateTime; + if (signingDateTime != null) { + this.signingDateTime = new Date(signingDateTime.getTime()); + } } public void setSignatureCheckCode(final int signatureCheckCode) { @@ -125,7 +134,10 @@ public class GenericSignatureVerificationResponse } public void setX509CertificateEncoded(final byte[] x509CertificateEncoded) { - this.x509CertificateEncoded = x509CertificateEncoded; + if (x509CertificateEncoded != null) { + this.x509CertificateEncoded = x509CertificateEncoded.clone(); + + } } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java index 8cf941a7..aa094f1e 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java @@ -145,15 +145,14 @@ public class VerifyXmlSignatureResponseParser { respData.setPublicAuthority(publicAuthority != null); respData.setPublicAuthorityCode( XPathUtils.getElementValue(verifyXmlSignatureResponse, PUBLIC_AUTHORITY_CODE_XPATH, "")); - respData.setSignatureCheckCode(new Integer( - XPathUtils.getElementValue(verifyXmlSignatureResponse, SIGNATURE_CHECK_CODE_XPATH, "")) - .intValue()); + respData.setSignatureCheckCode(Integer.parseInt( + XPathUtils.getElementValue(verifyXmlSignatureResponse, SIGNATURE_CHECK_CODE_XPATH, ""))); final String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXmlSignatureResponse, XMLDSIG_MANIFEST_CHECK_CODE_XPATH, null); if (xmlDsigCheckCode != null) { respData.setXmlDSIGManigest(true); - respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); + respData.setXmlDSIGManifestCheckCode(Integer.parseInt(xmlDsigCheckCode)); } else { respData.setXmlDSIGManigest(false); @@ -163,12 +162,11 @@ public class VerifyXmlSignatureResponseParser { final String signatureManifestCheckCode = XPathUtils .getElementValue(verifyXmlSignatureResponse, SIGNATURE_MANIFEST_CHECK_CODE_XPATH, null); if (signatureManifestCheckCode != null) { - respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue()); + respData.setSignatureManifestCheckCode(Integer.parseInt(signatureManifestCheckCode)); } - respData.setCertificateCheckCode(new Integer( - XPathUtils.getElementValue(verifyXmlSignatureResponse, CERTIFICATE_CHECK_CODE_XPATH, "")) - .intValue()); + respData.setCertificateCheckCode(Integer.parseInt( + XPathUtils.getElementValue(verifyXmlSignatureResponse, CERTIFICATE_CHECK_CODE_XPATH, ""))); final String signingTimeElement = XPathUtils.getElementValue(verifyXmlSignatureResponse, SIGNING_TIME_XPATH, ""); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java index e8d42e80..8bd2f024 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java @@ -30,34 +30,34 @@ import org.opensaml.xml.signature.SignatureConstants; public interface PvpConstants extends PVPAttributeDefinitions { - public static final String DEFAULT_SIGNING_METHODE = + String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; - public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256; - public static final String DEFAULT_SYM_ENCRYPTION_METHODE = + String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256; + String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256; - public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = + String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP; - public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category"; - public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken"; - public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken"; + String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category"; + String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken"; + String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken"; @Deprecated - public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/"; + String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/"; - public static final String REDIRECT = "Redirect"; - public static final String POST = "Post"; - public static final String SOAP = "Soap"; - public static final String METADATA = "Metadata"; - public static final String ATTRIBUTEQUERY = "AttributeQuery"; - public static final String SINGLELOGOUT = "SingleLogOut"; + String REDIRECT = "Redirect"; + String POST = "Post"; + String SOAP = "Soap"; + String METADATA = "Metadata"; + String ATTRIBUTEQUERY = "AttributeQuery"; + String SINGLELOGOUT = "SingleLogOut"; /** * Get required PVP attributes for egovtoken First : PVP attribute name (OID) Second: FriendlyName * Third: Required. * */ - public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES = + List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { private static final long serialVersionUID = 1L; { @@ -82,7 +82,7 @@ public interface PvpConstants extends PVPAttributeDefinitions { * FriendlyName Third: Required. * */ - public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES = + List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { private static final long serialVersionUID = 1L; { @@ -129,10 +129,10 @@ public interface PvpConstants extends PVPAttributeDefinitions { }); // constants for requested SAML2 attribtes by using own namespace - public static final String EIDAT10_SAML_NS = "http://eid.gv.at/eID/attributes/saml-extensions"; - public static final String EIDAT10_PREFIX = "eid"; + String EIDAT10_SAML_NS = "http://eid.gv.at/eID/attributes/saml-extensions"; + String EIDAT10_PREFIX = "eid"; - public static final QName EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE = + QName EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE = new QName(EIDAT10_SAML_NS, "AttributeValue", EIDAT10_PREFIX); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java index 27a6532b..677028a5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java @@ -30,11 +30,11 @@ import org.opensaml.xml.security.SecurityException; public interface IDecoder { - public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp, + InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSpEndPoint, URIComparator comparator) throws MessageDecodingException, SecurityException, Pvp2Exception; - public boolean handleDecode(String action, HttpServletRequest req); + boolean handleDecode(String action, HttpServletRequest req); - public String getSaml2BindingName(); + String getSaml2BindingName(); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java index 74ee74de..5f69ba62 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java @@ -33,5 +33,5 @@ public interface IRefreshableMetadataProvider { * @param entityID EntityId * @return true, if refresh is success, otherwise false */ - public boolean refreshMetadataProvider(String entityID); + boolean refreshMetadataProvider(String entityID); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java index 93980a73..0ea909e2 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java @@ -40,11 +40,11 @@ public abstract class Pvp2Exception extends EaafException { public String getStatusCodeValue() { - return (this.statusCodeValue); + return this.statusCodeValue; } public String getStatusMessageValue() { - return (this.statusMessageValue); + return this.statusMessageValue; } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java index 0933f0a2..2734c859 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java @@ -229,7 +229,7 @@ public class PostBinding implements IDecoder, IEncoder { @Override public boolean handleDecode(final String action, final HttpServletRequest req) { - return (req.getMethod().equals("POST") && action.equals(PvpConstants.POST)); + return req.getMethod().equals("POST") && action.equals(PvpConstants.POST); } @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java index 4e548d57..7b8525ce 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java @@ -229,8 +229,8 @@ public class RedirectBinding implements IDecoder, IEncoder { @Override public boolean handleDecode(final String action, final HttpServletRequest req) { - return ((action.equals(PvpConstants.REDIRECT) || action.equals(PvpConstants.SINGLELOGOUT)) - && req.getMethod().equals("GET")); + return action.equals(PvpConstants.REDIRECT) || action.equals(PvpConstants.SINGLELOGOUT) + && req.getMethod().equals("GET"); } @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java index 79a88487..2e19f259 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java @@ -126,8 +126,8 @@ public class SoapBinding implements IDecoder, IEncoder { @Override public boolean handleDecode(final String action, final HttpServletRequest req) { - return (req.getMethod().equals("POST") - && (action.equals(PvpConstants.SOAP) || action.equals(PvpConstants.ATTRIBUTEQUERY))); + return req.getMethod().equals("POST") + && action.equals(PvpConstants.SOAP) || action.equals(PvpConstants.ATTRIBUTEQUERY); } @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java index 107a856e..c21524dd 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java @@ -19,7 +19,13 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.message; +import java.io.IOException; import java.io.Serializable; + +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; @@ -28,17 +34,20 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Element; +import org.xml.sax.SAXException; public class InboundMessage implements InboundMessageInterface, Serializable { private static final Logger log = LoggerFactory.getLogger(InboundMessage.class); private static final long serialVersionUID = 2395131650841669663L; - private Element samlMessage = null; + private transient Element samlMessage = null; private boolean verified = false; private String entityID = null; private String relayState = null; + private String serializedSamlMessage; + /** * Get SAML2 metadata for Entity that sends this request. * @@ -90,6 +99,13 @@ public class InboundMessage implements InboundMessageInterface, Serializable { */ public void setSamlMessage(final Element msg) { this.samlMessage = msg; + try { + this.serializedSamlMessage = DomUtils.serializeNode(msg); + + } catch (TransformerException | IOException e) { + log.warn("Can not serialize message",e ); + + } } /* @@ -129,7 +145,20 @@ public class InboundMessage implements InboundMessageInterface, Serializable { */ @Override public Element getInboundMessage() { - return samlMessage; + if (this.samlMessage != null) { + return samlMessage; + + } else { + try { + return (Element) DomUtils.parseDocument(serializedSamlMessage, false, null, null); + + } catch (SAXException | IOException | ParserConfigurationException e) { + throw new RuntimeException(e); + + } + + } + } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java index ec81353a..8a6105bc 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java @@ -401,7 +401,7 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro protected void emitChangeEvent() { - if ((getObservers() == null) || (getObservers().size() == 0)) { + if (getObservers() == null || getObservers().size() == 0) { return; } @@ -463,13 +463,12 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro while (metadataUrlInterator.hasNext()) { final String metadataurl = metadataUrlInterator.next(); try { - if (StringUtils.isNotEmpty(metadataurl)) { - if (loadedproviders.containsKey(metadataurl)) { - // SAML2 SP is actually loaded, to nothing - providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); - loadedproviders.remove(metadataurl); + if (StringUtils.isNotEmpty(metadataurl) + && loadedproviders.containsKey(metadataurl)) { + // SAML2 SP is actually loaded, to nothing + providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); + loadedproviders.remove(metadataurl); - } } } catch (final Throwable e) { log.error("Failed to add Metadata (unhandled reason: " + e.getMessage(), e); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java index d84b407f..a6d2508d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java @@ -29,7 +29,7 @@ import org.opensaml.xml.security.x509.X509Credential; * @author tlenz * */ -public class KeyStoreX509CredentialAdapter +public class EaafKeyStoreX509CredentialAdapter extends org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter { /** @@ -39,7 +39,7 @@ public class KeyStoreX509CredentialAdapter * @param alias Key alias * @param password key Password */ - public KeyStoreX509CredentialAdapter(final KeyStore store, final String alias, + public EaafKeyStoreX509CredentialAdapter(final KeyStore store, final String alias, final char[] password) { super(store, alias, password); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java index 860eec64..957def02 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java @@ -101,7 +101,7 @@ public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder { // evaluate template and write content to response final Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8"); velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", - new BufferedReader(new InputStreamReader(is))); + new BufferedReader(new InputStreamReader(is, "UTF-8"))); out.flush(); } catch (final Exception e) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index ea361f11..ec4009f0 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -26,7 +26,7 @@ import java.security.interfaces.RSAPrivateKey; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.KeyStoreX509CredentialAdapter; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; import org.apache.commons.lang3.StringUtils; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; @@ -120,7 +120,7 @@ public abstract class AbstractCredentialProvider { keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); } - final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore, + final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray()); credentials.setUsageType(UsageType.SIGNING); @@ -152,7 +152,7 @@ public abstract class AbstractCredentialProvider { keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); } - final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore, + final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray()); credentials.setUsageType(UsageType.SIGNING); @@ -191,7 +191,7 @@ public abstract class AbstractCredentialProvider { return null; } - final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore, + final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); credentials.setUsageType(UsageType.ENCRYPTION); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java index 1c7a9652..8bcc3e74 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java @@ -20,7 +20,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; import java.io.IOException; -import java.security.NoSuchAlgorithmException; import java.util.List; import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; @@ -34,7 +33,6 @@ import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; import org.apache.commons.lang3.StringUtils; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.Status; @@ -56,8 +54,6 @@ import org.w3c.dom.Document; public class Saml2Utils { private static final Logger log = LoggerFactory.getLogger(Saml2Utils.class); - private static SecureRandomIdentifierGenerator idGenerator; - private static DocumentBuilder builder; static { @@ -70,15 +66,7 @@ public class Saml2Utils { } catch (final ParserConfigurationException e) { // TODO Auto-generated catch block e.printStackTrace(); - } - - try { - idGenerator = new SecureRandomIdentifierGenerator(); - - } catch (final NoSuchAlgorithmException e) { - e.printStackTrace(); - - } + } } /** diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java index 4eb711f9..8f042ae2 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java @@ -46,8 +46,8 @@ public class PvpAuthRequestSignedRole extends SAML2AuthnRequestsSignedRule { final List<String> samlReqParam = inTransport.getParameterValues("SAMLRequest"); final List<String> samlRespParam = inTransport.getParameterValues("SAMLResponse"); final boolean isValidContent = - ((samlReqParam.size() == 1 && !DatatypeHelper.isEmpty(samlReqParam.get(0))) - || (samlRespParam.size() == 1 && !DatatypeHelper.isEmpty(samlRespParam.get(0)))) + (samlReqParam.size() == 1 && !DatatypeHelper.isEmpty(samlReqParam.get(0)) + || samlRespParam.size() == 1 && !DatatypeHelper.isEmpty(samlRespParam.get(0))) && !(samlReqParam.size() == 1 && samlRespParam.size() == 1); return isValidSigned && isValidSigAlgExists && isValidContent; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java index 64eb5247..024c35d8 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java @@ -23,6 +23,8 @@ import javax.xml.namespace.QName; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; + +import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; @@ -73,10 +75,15 @@ public class SamlVerificationEngine { try { if (msg instanceof PvpSProfileRequest && ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) { - verifyRequest(((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest()), + verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(), sigTrustEngine); - } else { + } else if (msg instanceof PvpSProfileResponse){ verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine); + + } else { + log.warn("SAML2 message type: {} not supported", msg.getClass().getName()); + throw new EaafProtocolException("9999", null); + } } catch (final InvalidProtocolRequestException e) { @@ -96,7 +103,7 @@ public class SamlVerificationEngine { if (msg instanceof PvpSProfileRequest && ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) { - verifyRequest(((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest()), + verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(), sigTrustEngine); } else { verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java index 131be543..e1c21ae7 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java @@ -34,6 +34,6 @@ public interface ISubjectNameIdGenerator { * @return Pair of subjectNameId and NameIdFormat * @throws Pvp2Exception In case of an error */ - public Pair<String, String> generateSubjectNameId(IAuthData authData, IspConfiguration spConfig) + Pair<String, String> generateSubjectNameId(IAuthData authData, IspConfiguration spConfig) throws Pvp2Exception; } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index 3fac7894..8c74c3fb 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -409,7 +409,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement if (msg instanceof PvpSProfileRequest && ((PvpSProfileRequest) msg).getSamlRequest() instanceof AuthnRequest) { - preProcessAuthRequest(request, response, pendingReq); + preProcessAuthRequest(request, pendingReq); } else if (childPreProcess(request, response, pendingReq)) { log.debug("Find protocol handler in child implementation"); } else { @@ -430,15 +430,14 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement * PreProcess Authn request. * * @param request http request - * @param response http response * @param pendingReq current pending request * @throws Throwable in case of an error */ private void preProcessAuthRequest(final HttpServletRequest request, - final HttpServletResponse response, final PvpSProfilePendingRequest pendingReq) + final PvpSProfilePendingRequest pendingReq) throws Throwable { - final PvpSProfileRequest moaRequest = ((PvpSProfileRequest) pendingReq.getRequest()); + final PvpSProfileRequest moaRequest = (PvpSProfileRequest) pendingReq.getRequest(); final SignableXMLObject samlReq = moaRequest.getSamlRequest(); if (!(samlReq instanceof AuthnRequest)) { diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java index d050dd4b..07e9c28d 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java @@ -39,14 +39,14 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return */ - public String getSpNameForLogging(); + String getSpNameForLogging(); /** * If true, the SAML2 isPassive flag is set in the AuthnRequest. * * @return */ - public Boolean isPassivRequest(); + Boolean isPassivRequest(); /** * Define the ID of the AssertionConsumerService, which defines the required attributes in @@ -54,21 +54,21 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return */ - public Integer getAssertionConsumerServiceId(); + Integer getAssertionConsumerServiceId(); /** * Define the SAML2 EntityID of the service provider. * * @return */ - public String getSpEntityID(); + String getSpEntityID(); /** * Define the SAML2 NameIDPolicy. * * @return Service-Provider EntityID, but never null */ - public String getNameIdPolicyFormat(); + String getNameIdPolicyFormat(); /** * Define the AuthnContextClassRefernece of this request. @@ -80,14 +80,14 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return */ - public String getAuthnContextClassRef(); + String getAuthnContextClassRef(); /** * Define the AuthnContextComparison model, which should be used. * * @return */ - public AuthnContextComparisonTypeEnumeration getAuthnContextComparison(); + AuthnContextComparisonTypeEnumeration getAuthnContextComparison(); /** @@ -95,7 +95,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return */ - public Credential getAuthnRequestSigningCredential(); + Credential getAuthnRequestSigningCredential(); /** @@ -103,14 +103,14 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return Credential, but never null. */ - public EntityDescriptor getIdpEntityDescriptor(); + EntityDescriptor getIdpEntityDescriptor(); /** * Set the SAML2 NameIDPolicy allow-creation flag. * * @return EntityDescriptor, but never null. */ - public boolean getNameIdPolicyAllowCreation(); + boolean getNameIdPolicyAllowCreation(); /** @@ -118,7 +118,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return SubjectNameID, or null if no SubjectNameID should be used */ - public String getSubjectNameID(); + String getSubjectNameID(); /** * Define the qualifier of the <code>SubjectNameID</code> <br> @@ -127,7 +127,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return qualifier, or null if no qualifier should be set */ - public String getSubjectNameIdQualifier(); + String getSubjectNameIdQualifier(); /** * Define the format of the subjectNameID, which is included in authn-request. @@ -135,21 +135,21 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return nameIDFormat, of SAML2 'transient' if nothing is defined */ - public String getSubjectNameIdFormat(); + String getSubjectNameIdFormat(); /** * Define a SP specific SAML2 requestID. * * @return requestID, or null if the requestID should be generated automatically */ - public String getRequestID(); + String getRequestID(); /** * Defines the 'method' attribute in 'SubjectConformation' element. * * @return method, or null if no method should set */ - public String getSubjectConformationMethode(); + String getSubjectConformationMethode(); /** * Define the information, which should be added as 'subjectConformationDate' in @@ -157,7 +157,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return subjectConformation information or null if no subjectConformation should be set */ - public Element getSubjectConformationDate(); + Element getSubjectConformationDate(); /** @@ -165,7 +165,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return */ - public String getScopeRequesterId(); + String getScopeRequesterId(); /** @@ -173,7 +173,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return */ - public String getProviderName(); + String getProviderName(); /** @@ -182,6 +182,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * * @return */ - public List<EaafRequestedAttribute> getRequestedAttributes(); + List<EaafRequestedAttribute> getRequestedAttributes(); } diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java index 36f43cc8..11b1ecad 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java @@ -253,6 +253,11 @@ public class PvpAuthnRequestBuilder { } else if (endpoint.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); + } else { + log.warn("Binding: {} is not supported", endpoint.getBinding()); + throw new AuthnRequestBuildException("sp.pvp2.00", + new Object[] {config.getSpNameForLogging(), idpEntity.getEntityID()}); + } // encode message diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java index e0cad257..42d1c85e 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java @@ -285,7 +285,7 @@ public class AssertionAttributeExtractor { && getFullAssertion().getAuthnStatements().size() > 0) { for (final AuthnStatement el : getFullAssertion().getAuthnStatements()) { if (el.getSessionNotOnOrAfter() != null) { - return (el.getSessionNotOnOrAfter().toDate()); + return el.getSessionNotOnOrAfter().toDate(); } } @@ -331,21 +331,20 @@ public class AssertionAttributeExtractor { && assertion.getAttributeStatements().size() > 0) { final AttributeStatement attrStat = assertion.getAttributeStatements().get(0); for (final Attribute attr : attrStat.getAttributes()) { - if (attr.getName().startsWith(PvpConstants.STORK_ATTRIBUTE_PREFIX)) { - final List<String> storkAttrValues = new ArrayList<>(); - for (final XMLObject el : attr.getAttributeValues()) { - storkAttrValues.add(el.getDOM().getTextContent()); - } - +// if (attr.getName().startsWith(PvpConstants.STORK_ATTRIBUTE_PREFIX)) { +// final List<String> storkAttrValues = new ArrayList<>(); +// for (final XMLObject el : attr.getAttributeValues()) { +// storkAttrValues.add(el.getDOM().getTextContent()); +// } // PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), // false, storkAttrValues , "Available"); // storkAttributes.put(attr.getName(), storkAttr ); - } else { +// } else { final List<String> attrList = new ArrayList<>(); for (final XMLObject el : attr.getAttributeValues()) { attrList.add(el.getDOM().getTextContent()); - } + // } attributs.put(attr.getName(), attrList); |