summaryrefslogtreecommitdiff
path: root/eaaf_modules
diff options
context:
space:
mode:
authorThomas <thomas.lenz@egiz.gv.at>2019-12-04 22:54:51 +0100
committerThomas <thomas.lenz@egiz.gv.at>2019-12-04 22:54:51 +0100
commit95b21a826e5d81fdeabcf4673a9e87047edaec9d (patch)
treed8d55da492dd86041c31d68651afa21c80313362 /eaaf_modules
parent759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f (diff)
downloadEAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.tar.gz
EAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.tar.bz2
EAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.zip
to some more code quality tasks
Diffstat (limited to 'eaaf_modules')
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java3
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java4
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java12
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java12
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java12
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java11
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java2
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java36
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java8
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java2
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java4
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java20
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java14
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java38
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java33
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java13
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java (renamed from eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java)4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java14
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java13
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java7
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java38
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java5
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java17
33 files changed, 205 insertions, 155 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java
index 4009796f..1a88c43b 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java
@@ -81,8 +81,7 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule
if (authConfig.getBasicConfigurationBoolean(getGeneralConfigPropertyNameEnableModule(),
getGeneralConfigPropertyNameEnableModuleDefault())) {
- if (spConfig != null
- && StringUtils
+ if (StringUtils
.isNotEmpty(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))
&& Boolean
.valueOf(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))) {
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
index 251b516f..518f0d24 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
@@ -92,7 +92,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
final HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualEidDUrl).build());
final List<NameValuePair> parameters = new ArrayList<>();
parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM,
- Base64Url.encode(sl20Req.toString().getBytes())));
+ Base64Url.encode(sl20Req.toString().getBytes("UTF-8"))));
httpReq.setEntity(new UrlEncodedFormEntity(parameters));
// build http GET request
@@ -105,7 +105,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE,
SL20Constants.HTTP_HEADER_VALUE_NATIVE);
- log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes()));
+ log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes("UTF-8")));
// request VDA
final HttpResponse httpResp = httpClientFactory.getHttpClient(false).execute(httpReq);
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java
index 39cfce05..516a33b9 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java
@@ -138,7 +138,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
.extractSL20PayLoad(sl20ReqObj, joseTools, authConfig.getBasicConfigurationBoolean(
Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
- if ((payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) {
+ if (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned()) {
if (authConfig.getBasicConfigurationBoolean(
Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
log.info("SL20 result from VDA was not valid signed");
@@ -151,10 +151,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
}
}
-
- payLoadContainer.getCertChain();
-
-
+
// extract payloaf
final JsonNode payLoad = payLoadContainer.getPayload();
@@ -193,7 +190,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
// buildResponse(request, response, sl20ReqObj, aTrustErrorWorkAround);
buildResponse(request, response, sl20ReqObj);
} else {
- buildErrorResponse(request, response, "2000", "General transport Binding error");
+ buildErrorResponse(response, "2000", "General transport Binding error");
}
}
@@ -225,8 +222,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
protected abstract String getResumeEndPoint();
- private void buildErrorResponse(final HttpServletRequest request,
- final HttpServletResponse response, final String errorCode, final String errorMsg)
+ private void buildErrorResponse(final HttpServletResponse response, final String errorCode, final String errorMsg)
throws Exception {
final ObjectNode error = SL20JsonBuilderUtils.createErrorCommandResult(errorCode, errorMsg);
final ObjectNode errorCommand = SL20JsonBuilderUtils
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java
index caa2e8d8..9d444802 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java
@@ -21,7 +21,7 @@ public interface IJoseTools {
* @param payLoad Payload to sign
* @throws SlCommandoBuildException In case of a signature creation error
*/
- public String createSignature(String payLoad) throws SlCommandoBuildException;
+ String createSignature(String payLoad) throws SlCommandoBuildException;
/**
* Validates a signed SL2.0 message.
@@ -31,7 +31,7 @@ public interface IJoseTools {
* @throws SL20Exception In case of a signature validation error
*/
@Nonnull
- public VerificationResult validateSignature(@Nonnull String serializedContent)
+ VerificationResult validateSignature(@Nonnull String serializedContent)
throws SL20Exception;
/**
@@ -45,7 +45,7 @@ public interface IJoseTools {
* @throws IOException In case of a general IO error
*/
@Nonnull
- public VerificationResult validateSignature(@Nonnull String serializedContent,
+ VerificationResult validateSignature(@Nonnull String serializedContent,
@Nonnull List<X509Certificate> trustedCerts, @Nonnull AlgorithmConstraints constraints)
throws JoseException, IOException;
@@ -61,7 +61,7 @@ public interface IJoseTools {
* @throws KeyStoreException In case of TrustStore error
*/
@Nonnull
- public VerificationResult validateSignature(@Nonnull String serializedContent,
+ VerificationResult validateSignature(@Nonnull String serializedContent,
@Nonnull KeyStore trustStore, @Nonnull AlgorithmConstraints algconstraints)
throws JoseException, IOException, KeyStoreException;
@@ -70,7 +70,7 @@ public interface IJoseTools {
*
* @return
*/
- public X509Certificate getEncryptionCertificate();
+ X509Certificate getEncryptionCertificate();
/**
* Decrypt a serialized JWE token.
@@ -79,6 +79,6 @@ public interface IJoseTools {
* @return decrypted payload
* @throws SL20Exception In case of a decryption error
*/
- public JsonNode decryptPayload(String compactSerialization) throws SL20Exception;
+ JsonNode decryptPayload(String compactSerialization) throws SL20Exception;
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index 28106377..6ec56825 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -133,6 +133,9 @@ public class JsonSecurityUtils implements IJoseTools {
log.info("NO SL2.0 authentication security configuration. Initialization was skipped");
}
+ } catch (RuntimeException e) {
+ throw e;
+
} catch (final Exception e) {
log.error("SL2.0 security constrains initialization FAILED.", e);
@@ -304,11 +307,11 @@ public class JsonSecurityUtils implements IJoseTools {
final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts);
if (!sortedX5cCerts.get(0).equals(encCertChain[0])) {
- log.info("Certificate from JOSE header does NOT match encryption certificate");
- log.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString());
+ log.info("Certificate from JOSE header does NOT match encryption certificate");
try {
- log.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded()));
+
+ log.debug("JOSE certificate: {}", Base64Utils.encode(sortedX5cCerts.get(0).getEncoded()));
} catch (final CertificateEncodingException e) {
e.printStackTrace();
}
@@ -441,7 +444,8 @@ public class JsonSecurityUtils implements IJoseTools {
if (cert != null && cert instanceof X509Certificate) {
result.add((X509Certificate) cert);
} else {
- log.info("Can not process entry: " + el + ". Reason: " + cert.toString());
+ log.info("Can not process entry: {}. Reason: {}", el,
+ cert != null ? cert.getType() : "cert is null");
}
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
index 5a8be243..d3726546 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
@@ -1,6 +1,7 @@
package at.gv.egiz.eaaf.modules.auth.sl20.utils;
import java.util.Arrays;
+import java.util.Collections;
import java.util.List;
import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
@@ -43,9 +44,9 @@ public class SL20Constants {
public static final String JSON_ALGORITHM_SIGNING_PS512 =
AlgorithmIdentifiers.RSA_PSS_USING_SHA512;
- public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Arrays.asList(
+ public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(Arrays.asList(
JSON_ALGORITHM_SIGNING_RS256, JSON_ALGORITHM_SIGNING_RS512, JSON_ALGORITHM_SIGNING_ES256,
- JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512);
+ JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512));
public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP =
KeyManagementAlgorithmIdentifiers.RSA_OAEP;
@@ -53,7 +54,7 @@ public class SL20Constants {
KeyManagementAlgorithmIdentifiers.RSA_OAEP_256;
public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION =
- Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256);
+ Collections.unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256));
public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 =
ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256;
@@ -64,9 +65,9 @@ public class SL20Constants {
public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM =
ContentEncryptionAlgorithmIdentifiers.AES_256_GCM;
- public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Arrays.asList(
+ public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Collections.unmodifiableList(Arrays.asList(
JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512,
- JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM);
+ JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM));
// *********************************************************************************************
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
index be306b69..6a8b96d4 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
@@ -53,7 +53,7 @@ public class SL20HttpBindingUtils {
log.debug("Client request containts is no native client ... ");
final URIBuilder clientRedirectUri = new URIBuilder(redirectUrl);
clientRedirectUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM,
- Base64Url.encode(sl20Forward.toString().getBytes()));
+ Base64Url.encode(sl20Forward.toString().getBytes("UTF-8")));
httpResp.setStatus(httpCodeRedirect);
httpResp.setHeader("Location", clientRedirectUri.build().toString());
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
index f505f28d..82a8cf26 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
@@ -1,5 +1,6 @@
package at.gv.egiz.eaaf.modules.auth.sl20.utils;
+import java.io.UnsupportedEncodingException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
@@ -65,13 +66,17 @@ public class SL20JsonBuilderUtils {
final JsonSecurityUtils encrypter) throws SlCommandoBuildException {
// TODO: add real implementation
// create header and footer
- final String dummyHeader = createJsonEncryptionHeader(encrypter).toString();
+ final String dummyHeader = createJsonEncryptionHeader().toString();
final String payLoad = result.toString();
- final String dummyFooter = createJsonSignedFooter(encrypter);
+ final String dummyFooter = createJsonSignedFooter();
- return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "."
- + Base64.getUrlEncoder().encodeToString(payLoad.getBytes()) + "."
- + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes());
+ try {
+ return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "."
+ + Base64.getUrlEncoder().encodeToString(payLoad.getBytes("UTF-8")) + "."
+ + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8"));
+ } catch (UnsupportedEncodingException e) {
+ throw new SlCommandoBuildException("No UTF-8 encoding", e);
+ }
}
@@ -116,12 +121,17 @@ public class SL20JsonBuilderUtils {
// TODO: add real implementation
// create header and footer
- final String dummyHeader = createJsonSignedHeader(signer).toString();
- final String dummyFooter = createJsonSignedFooter(signer);
+ final String dummyHeader = createJsonSignedHeader().toString();
+ final String dummyFooter = createJsonSignedFooter();
- return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "."
- + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes()) + "."
- + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes());
+ try {
+ return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "."
+ + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes("UTF-8")) + "."
+ + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8"));
+
+ } catch (UnsupportedEncodingException e) {
+ throw new SlCommandoBuildException("No UTF-8 encoding", e);
+ }
}
@@ -560,7 +570,7 @@ public class SL20JsonBuilderUtils {
// TODO!!!!
- private static ObjectNode createJsonSignedHeader(final JsonSecurityUtils signer)
+ private static ObjectNode createJsonSignedHeader()
throws SlCommandoBuildException {
final ObjectNode header = mapper.getMapper().createObjectNode();
addSingleStringElement(header, SL20Constants.JSON_ALGORITHM,
@@ -574,7 +584,7 @@ public class SL20JsonBuilderUtils {
}
// TODO!!!!
- private static ObjectNode createJsonEncryptionHeader(final JsonSecurityUtils signer)
+ private static ObjectNode createJsonEncryptionHeader()
throws SlCommandoBuildException {
final ObjectNode header = mapper.getMapper().createObjectNode();
addSingleStringElement(header, SL20Constants.JSON_ALGORITHM,
@@ -590,7 +600,7 @@ public class SL20JsonBuilderUtils {
}
// TODO!!!!
- private static String createJsonSignedFooter(final JsonSecurityUtils signer) {
+ private static String createJsonSignedFooter() {
return "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7\n"
+ " AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4\n"
+ " BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K\n"
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
index f4b5a724..d4e1490d 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
@@ -245,7 +245,7 @@ public class SL20JsonExtractorUtils {
try {
final String[] signedPayload = encryptedResult.toString().split("\\.");
final JsonNode payLoad = mapper.getMapper()
- .readTree(new String(Base64.getUrlDecoder().decode(signedPayload[1])));
+ .readTree(new String(Base64.getUrlDecoder().decode(signedPayload[1]), "UTF-8"));
return payLoad;
} catch (final Exception e1) {
@@ -338,9 +338,9 @@ public class SL20JsonExtractorUtils {
}
sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
- } else if ((httpResp.getStatusLine().getStatusCode() == 500)
- || (httpResp.getStatusLine().getStatusCode() == 401)
- || (httpResp.getStatusLine().getStatusCode() == 400)) {
+ } else if (httpResp.getStatusLine().getStatusCode() == 500
+ || httpResp.getStatusLine().getStatusCode() == 401
+ || httpResp.getStatusLine().getStatusCode() == 400) {
log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()
+ ". Search for error message");
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
index 9bd5791f..49940ca5 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
@@ -17,5 +17,5 @@ public interface ISchemaRessourceProvider {
* @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme as
* {@link InputStream}
*/
- public Map<String, InputStream> getSchemas();
+ Map<String, InputStream> getSchemas();
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java
index 5cb001ef..338e77d8 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java
@@ -18,13 +18,17 @@ public class SignatureCreationService extends AbstractSignatureService
private XMLSignatureCreationInvoker xadesInvoker;
private CMSSignatureCreationInvoker cadesInvoker;
+
@PostConstruct
protected void internalInitializer() {
log.debug("Instanzing SignatureCreationService implementation ... ");
xadesInvoker = XMLSignatureCreationInvoker.getInstance();
cadesInvoker = CMSSignatureCreationInvoker.getInstance();
+ log.trace("XML_impl: {} , CMS_imp: {}",
+ xadesInvoker.getClass().getName(), cadesInvoker.getClass().getName());
log.info("MOA-Sig signature-creation service initialized");
+
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java
index 701e2072..18ee6edb 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java
@@ -42,7 +42,10 @@ public class GenericSignatureVerificationResponse
@Override
public Date getSigningDateTime() {
- return this.signingDateTime;
+ if (this.signingDateTime != null) {
+ return new Date(this.signingDateTime.getTime());
+ }
+ return null;
}
@@ -84,7 +87,11 @@ public class GenericSignatureVerificationResponse
@Override
public byte[] getX509CertificateEncoded() {
- return this.getX509CertificateEncoded();
+ if (this.x509CertificateEncoded != null) {
+ return this.x509CertificateEncoded.clone();
+
+ }
+ return null;
}
@@ -101,7 +108,9 @@ public class GenericSignatureVerificationResponse
}
public void setSigningDateTime(final Date signingDateTime) {
- this.signingDateTime = signingDateTime;
+ if (signingDateTime != null) {
+ this.signingDateTime = new Date(signingDateTime.getTime());
+ }
}
public void setSignatureCheckCode(final int signatureCheckCode) {
@@ -125,7 +134,10 @@ public class GenericSignatureVerificationResponse
}
public void setX509CertificateEncoded(final byte[] x509CertificateEncoded) {
- this.x509CertificateEncoded = x509CertificateEncoded;
+ if (x509CertificateEncoded != null) {
+ this.x509CertificateEncoded = x509CertificateEncoded.clone();
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java
index 8cf941a7..aa094f1e 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java
@@ -145,15 +145,14 @@ public class VerifyXmlSignatureResponseParser {
respData.setPublicAuthority(publicAuthority != null);
respData.setPublicAuthorityCode(
XPathUtils.getElementValue(verifyXmlSignatureResponse, PUBLIC_AUTHORITY_CODE_XPATH, ""));
- respData.setSignatureCheckCode(new Integer(
- XPathUtils.getElementValue(verifyXmlSignatureResponse, SIGNATURE_CHECK_CODE_XPATH, ""))
- .intValue());
+ respData.setSignatureCheckCode(Integer.parseInt(
+ XPathUtils.getElementValue(verifyXmlSignatureResponse, SIGNATURE_CHECK_CODE_XPATH, "")));
final String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXmlSignatureResponse,
XMLDSIG_MANIFEST_CHECK_CODE_XPATH, null);
if (xmlDsigCheckCode != null) {
respData.setXmlDSIGManigest(true);
- respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
+ respData.setXmlDSIGManifestCheckCode(Integer.parseInt(xmlDsigCheckCode));
} else {
respData.setXmlDSIGManigest(false);
@@ -163,12 +162,11 @@ public class VerifyXmlSignatureResponseParser {
final String signatureManifestCheckCode = XPathUtils
.getElementValue(verifyXmlSignatureResponse, SIGNATURE_MANIFEST_CHECK_CODE_XPATH, null);
if (signatureManifestCheckCode != null) {
- respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue());
+ respData.setSignatureManifestCheckCode(Integer.parseInt(signatureManifestCheckCode));
}
- respData.setCertificateCheckCode(new Integer(
- XPathUtils.getElementValue(verifyXmlSignatureResponse, CERTIFICATE_CHECK_CODE_XPATH, ""))
- .intValue());
+ respData.setCertificateCheckCode(Integer.parseInt(
+ XPathUtils.getElementValue(verifyXmlSignatureResponse, CERTIFICATE_CHECK_CODE_XPATH, "")));
final String signingTimeElement =
XPathUtils.getElementValue(verifyXmlSignatureResponse, SIGNING_TIME_XPATH, "");
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
index e8d42e80..8bd2f024 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
@@ -30,34 +30,34 @@ import org.opensaml.xml.signature.SignatureConstants;
public interface PvpConstants extends PVPAttributeDefinitions {
- public static final String DEFAULT_SIGNING_METHODE =
+ String DEFAULT_SIGNING_METHODE =
SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
- public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
- public static final String DEFAULT_SYM_ENCRYPTION_METHODE =
+ String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
+ String DEFAULT_SYM_ENCRYPTION_METHODE =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
- public static final String DEFAULT_ASYM_ENCRYPTION_METHODE =
+ String DEFAULT_ASYM_ENCRYPTION_METHODE =
EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
- public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
- public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
- public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
+ String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
+ String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
+ String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
@Deprecated
- public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
+ String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
- public static final String REDIRECT = "Redirect";
- public static final String POST = "Post";
- public static final String SOAP = "Soap";
- public static final String METADATA = "Metadata";
- public static final String ATTRIBUTEQUERY = "AttributeQuery";
- public static final String SINGLELOGOUT = "SingleLogOut";
+ String REDIRECT = "Redirect";
+ String POST = "Post";
+ String SOAP = "Soap";
+ String METADATA = "Metadata";
+ String ATTRIBUTEQUERY = "AttributeQuery";
+ String SINGLELOGOUT = "SingleLogOut";
/**
* Get required PVP attributes for egovtoken First : PVP attribute name (OID) Second: FriendlyName
* Third: Required.
*
*/
- public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES =
+ List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES =
Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
private static final long serialVersionUID = 1L;
{
@@ -82,7 +82,7 @@ public interface PvpConstants extends PVPAttributeDefinitions {
* FriendlyName Third: Required.
*
*/
- public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES =
+ List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES =
Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
private static final long serialVersionUID = 1L;
{
@@ -129,10 +129,10 @@ public interface PvpConstants extends PVPAttributeDefinitions {
});
// constants for requested SAML2 attribtes by using own namespace
- public static final String EIDAT10_SAML_NS = "http://eid.gv.at/eID/attributes/saml-extensions";
- public static final String EIDAT10_PREFIX = "eid";
+ String EIDAT10_SAML_NS = "http://eid.gv.at/eID/attributes/saml-extensions";
+ String EIDAT10_PREFIX = "eid";
- public static final QName EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE =
+ QName EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE =
new QName(EIDAT10_SAML_NS, "AttributeValue", EIDAT10_PREFIX);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
index 27a6532b..677028a5 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
@@ -30,11 +30,11 @@ import org.opensaml.xml.security.SecurityException;
public interface IDecoder {
- public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp,
+ InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp,
MetadataProvider metadataProvider, boolean isSpEndPoint, URIComparator comparator)
throws MessageDecodingException, SecurityException, Pvp2Exception;
- public boolean handleDecode(String action, HttpServletRequest req);
+ boolean handleDecode(String action, HttpServletRequest req);
- public String getSaml2BindingName();
+ String getSaml2BindingName();
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
index 74ee74de..5f69ba62 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
@@ -33,5 +33,5 @@ public interface IRefreshableMetadataProvider {
* @param entityID EntityId
* @return true, if refresh is success, otherwise false
*/
- public boolean refreshMetadataProvider(String entityID);
+ boolean refreshMetadataProvider(String entityID);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java
index 93980a73..0ea909e2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java
@@ -40,11 +40,11 @@ public abstract class Pvp2Exception extends EaafException {
public String getStatusCodeValue() {
- return (this.statusCodeValue);
+ return this.statusCodeValue;
}
public String getStatusMessageValue() {
- return (this.statusMessageValue);
+ return this.statusMessageValue;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
index 0933f0a2..2734c859 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
@@ -229,7 +229,7 @@ public class PostBinding implements IDecoder, IEncoder {
@Override
public boolean handleDecode(final String action, final HttpServletRequest req) {
- return (req.getMethod().equals("POST") && action.equals(PvpConstants.POST));
+ return req.getMethod().equals("POST") && action.equals(PvpConstants.POST);
}
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
index 4e548d57..7b8525ce 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
@@ -229,8 +229,8 @@ public class RedirectBinding implements IDecoder, IEncoder {
@Override
public boolean handleDecode(final String action, final HttpServletRequest req) {
- return ((action.equals(PvpConstants.REDIRECT) || action.equals(PvpConstants.SINGLELOGOUT))
- && req.getMethod().equals("GET"));
+ return action.equals(PvpConstants.REDIRECT) || action.equals(PvpConstants.SINGLELOGOUT)
+ && req.getMethod().equals("GET");
}
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
index 79a88487..2e19f259 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
@@ -126,8 +126,8 @@ public class SoapBinding implements IDecoder, IEncoder {
@Override
public boolean handleDecode(final String action, final HttpServletRequest req) {
- return (req.getMethod().equals("POST")
- && (action.equals(PvpConstants.SOAP) || action.equals(PvpConstants.ATTRIBUTEQUERY)));
+ return req.getMethod().equals("POST")
+ && action.equals(PvpConstants.SOAP) || action.equals(PvpConstants.ATTRIBUTEQUERY);
}
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
index 107a856e..c21524dd 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
@@ -19,7 +19,13 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.message;
+import java.io.IOException;
import java.io.Serializable;
+
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
@@ -28,17 +34,20 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
public class InboundMessage implements InboundMessageInterface, Serializable {
private static final Logger log = LoggerFactory.getLogger(InboundMessage.class);
private static final long serialVersionUID = 2395131650841669663L;
- private Element samlMessage = null;
+ private transient Element samlMessage = null;
private boolean verified = false;
private String entityID = null;
private String relayState = null;
+ private String serializedSamlMessage;
+
/**
* Get SAML2 metadata for Entity that sends this request.
*
@@ -90,6 +99,13 @@ public class InboundMessage implements InboundMessageInterface, Serializable {
*/
public void setSamlMessage(final Element msg) {
this.samlMessage = msg;
+ try {
+ this.serializedSamlMessage = DomUtils.serializeNode(msg);
+
+ } catch (TransformerException | IOException e) {
+ log.warn("Can not serialize message",e );
+
+ }
}
/*
@@ -129,7 +145,20 @@ public class InboundMessage implements InboundMessageInterface, Serializable {
*/
@Override
public Element getInboundMessage() {
- return samlMessage;
+ if (this.samlMessage != null) {
+ return samlMessage;
+
+ } else {
+ try {
+ return (Element) DomUtils.parseDocument(serializedSamlMessage, false, null, null);
+
+ } catch (SAXException | IOException | ParserConfigurationException e) {
+ throw new RuntimeException(e);
+
+ }
+
+ }
+
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
index ec81353a..8a6105bc 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -401,7 +401,7 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
protected void emitChangeEvent() {
- if ((getObservers() == null) || (getObservers().size() == 0)) {
+ if (getObservers() == null || getObservers().size() == 0) {
return;
}
@@ -463,13 +463,12 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
while (metadataUrlInterator.hasNext()) {
final String metadataurl = metadataUrlInterator.next();
try {
- if (StringUtils.isNotEmpty(metadataurl)) {
- if (loadedproviders.containsKey(metadataurl)) {
- // SAML2 SP is actually loaded, to nothing
- providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
- loadedproviders.remove(metadataurl);
+ if (StringUtils.isNotEmpty(metadataurl)
+ && loadedproviders.containsKey(metadataurl)) {
+ // SAML2 SP is actually loaded, to nothing
+ providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
+ loadedproviders.remove(metadataurl);
- }
}
} catch (final Throwable e) {
log.error("Failed to add Metadata (unhandled reason: " + e.getMessage(), e);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
index d84b407f..a6d2508d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/KeyStoreX509CredentialAdapter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
@@ -29,7 +29,7 @@ import org.opensaml.xml.security.x509.X509Credential;
* @author tlenz
*
*/
-public class KeyStoreX509CredentialAdapter
+public class EaafKeyStoreX509CredentialAdapter
extends org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter {
/**
@@ -39,7 +39,7 @@ public class KeyStoreX509CredentialAdapter
* @param alias Key alias
* @param password key Password
*/
- public KeyStoreX509CredentialAdapter(final KeyStore store, final String alias,
+ public EaafKeyStoreX509CredentialAdapter(final KeyStore store, final String alias,
final char[] password) {
super(store, alias, password);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
index 860eec64..957def02 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
@@ -101,7 +101,7 @@ public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder {
// evaluate template and write content to response
final Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");
velocityEngine.evaluate(context, out, "SAML2_POST_BINDING",
- new BufferedReader(new InputStreamReader(is)));
+ new BufferedReader(new InputStreamReader(is, "UTF-8")));
out.flush();
} catch (final Exception e) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index ea361f11..ec4009f0 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -26,7 +26,7 @@ import java.security.interfaces.RSAPrivateKey;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.KeyStoreX509CredentialAdapter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
@@ -120,7 +120,7 @@ public abstract class AbstractCredentialProvider {
keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
}
- final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+ final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
credentials.setUsageType(UsageType.SIGNING);
@@ -152,7 +152,7 @@ public abstract class AbstractCredentialProvider {
keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
}
- final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+ final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
credentials.setUsageType(UsageType.SIGNING);
@@ -191,7 +191,7 @@ public abstract class AbstractCredentialProvider {
return null;
}
- final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+ final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
credentials.setUsageType(UsageType.ENCRYPTION);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
index 1c7a9652..8bcc3e74 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
@@ -20,7 +20,6 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
@@ -34,7 +33,6 @@ import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
import org.apache.commons.lang3.StringUtils;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.Status;
@@ -56,8 +54,6 @@ import org.w3c.dom.Document;
public class Saml2Utils {
private static final Logger log = LoggerFactory.getLogger(Saml2Utils.class);
- private static SecureRandomIdentifierGenerator idGenerator;
-
private static DocumentBuilder builder;
static {
@@ -70,15 +66,7 @@ public class Saml2Utils {
} catch (final ParserConfigurationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- }
-
- try {
- idGenerator = new SecureRandomIdentifierGenerator();
-
- } catch (final NoSuchAlgorithmException e) {
- e.printStackTrace();
-
- }
+ }
}
/**
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java
index 4eb711f9..8f042ae2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java
@@ -46,8 +46,8 @@ public class PvpAuthRequestSignedRole extends SAML2AuthnRequestsSignedRule {
final List<String> samlReqParam = inTransport.getParameterValues("SAMLRequest");
final List<String> samlRespParam = inTransport.getParameterValues("SAMLResponse");
final boolean isValidContent =
- ((samlReqParam.size() == 1 && !DatatypeHelper.isEmpty(samlReqParam.get(0)))
- || (samlRespParam.size() == 1 && !DatatypeHelper.isEmpty(samlRespParam.get(0))))
+ (samlReqParam.size() == 1 && !DatatypeHelper.isEmpty(samlReqParam.get(0))
+ || samlRespParam.size() == 1 && !DatatypeHelper.isEmpty(samlRespParam.get(0)))
&& !(samlReqParam.size() == 1 && samlRespParam.size() == 1);
return isValidSigned && isValidSigAlgExists && isValidContent;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
index 64eb5247..024c35d8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
@@ -23,6 +23,8 @@ import javax.xml.namespace.QName;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
@@ -73,10 +75,15 @@ public class SamlVerificationEngine {
try {
if (msg instanceof PvpSProfileRequest
&& ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) {
- verifyRequest(((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest()),
+ verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(),
sigTrustEngine);
- } else {
+ } else if (msg instanceof PvpSProfileResponse){
verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine);
+
+ } else {
+ log.warn("SAML2 message type: {} not supported", msg.getClass().getName());
+ throw new EaafProtocolException("9999", null);
+
}
} catch (final InvalidProtocolRequestException e) {
@@ -96,7 +103,7 @@ public class SamlVerificationEngine {
if (msg instanceof PvpSProfileRequest
&& ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) {
- verifyRequest(((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest()),
+ verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(),
sigTrustEngine);
} else {
verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine);
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java
index 131be543..e1c21ae7 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java
@@ -34,6 +34,6 @@ public interface ISubjectNameIdGenerator {
* @return Pair of subjectNameId and NameIdFormat
* @throws Pvp2Exception In case of an error
*/
- public Pair<String, String> generateSubjectNameId(IAuthData authData, IspConfiguration spConfig)
+ Pair<String, String> generateSubjectNameId(IAuthData authData, IspConfiguration spConfig)
throws Pvp2Exception;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index 3fac7894..8c74c3fb 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -409,7 +409,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
if (msg instanceof PvpSProfileRequest
&& ((PvpSProfileRequest) msg).getSamlRequest() instanceof AuthnRequest) {
- preProcessAuthRequest(request, response, pendingReq);
+ preProcessAuthRequest(request, pendingReq);
} else if (childPreProcess(request, response, pendingReq)) {
log.debug("Find protocol handler in child implementation");
} else {
@@ -430,15 +430,14 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
* PreProcess Authn request.
*
* @param request http request
- * @param response http response
* @param pendingReq current pending request
* @throws Throwable in case of an error
*/
private void preProcessAuthRequest(final HttpServletRequest request,
- final HttpServletResponse response, final PvpSProfilePendingRequest pendingReq)
+ final PvpSProfilePendingRequest pendingReq)
throws Throwable {
- final PvpSProfileRequest moaRequest = ((PvpSProfileRequest) pendingReq.getRequest());
+ final PvpSProfileRequest moaRequest = (PvpSProfileRequest) pendingReq.getRequest();
final SignableXMLObject samlReq = moaRequest.getSamlRequest();
if (!(samlReq instanceof AuthnRequest)) {
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java
index d050dd4b..07e9c28d 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java
@@ -39,14 +39,14 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return
*/
- public String getSpNameForLogging();
+ String getSpNameForLogging();
/**
* If true, the SAML2 isPassive flag is set in the AuthnRequest.
*
* @return
*/
- public Boolean isPassivRequest();
+ Boolean isPassivRequest();
/**
* Define the ID of the AssertionConsumerService, which defines the required attributes in
@@ -54,21 +54,21 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return
*/
- public Integer getAssertionConsumerServiceId();
+ Integer getAssertionConsumerServiceId();
/**
* Define the SAML2 EntityID of the service provider.
*
* @return
*/
- public String getSpEntityID();
+ String getSpEntityID();
/**
* Define the SAML2 NameIDPolicy.
*
* @return Service-Provider EntityID, but never null
*/
- public String getNameIdPolicyFormat();
+ String getNameIdPolicyFormat();
/**
* Define the AuthnContextClassRefernece of this request.
@@ -80,14 +80,14 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return
*/
- public String getAuthnContextClassRef();
+ String getAuthnContextClassRef();
/**
* Define the AuthnContextComparison model, which should be used.
*
* @return
*/
- public AuthnContextComparisonTypeEnumeration getAuthnContextComparison();
+ AuthnContextComparisonTypeEnumeration getAuthnContextComparison();
/**
@@ -95,7 +95,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return
*/
- public Credential getAuthnRequestSigningCredential();
+ Credential getAuthnRequestSigningCredential();
/**
@@ -103,14 +103,14 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return Credential, but never null.
*/
- public EntityDescriptor getIdpEntityDescriptor();
+ EntityDescriptor getIdpEntityDescriptor();
/**
* Set the SAML2 NameIDPolicy allow-creation flag.
*
* @return EntityDescriptor, but never null.
*/
- public boolean getNameIdPolicyAllowCreation();
+ boolean getNameIdPolicyAllowCreation();
/**
@@ -118,7 +118,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return SubjectNameID, or null if no SubjectNameID should be used
*/
- public String getSubjectNameID();
+ String getSubjectNameID();
/**
* Define the qualifier of the <code>SubjectNameID</code> <br>
@@ -127,7 +127,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return qualifier, or null if no qualifier should be set
*/
- public String getSubjectNameIdQualifier();
+ String getSubjectNameIdQualifier();
/**
* Define the format of the subjectNameID, which is included in authn-request.
@@ -135,21 +135,21 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return nameIDFormat, of SAML2 'transient' if nothing is defined
*/
- public String getSubjectNameIdFormat();
+ String getSubjectNameIdFormat();
/**
* Define a SP specific SAML2 requestID.
*
* @return requestID, or null if the requestID should be generated automatically
*/
- public String getRequestID();
+ String getRequestID();
/**
* Defines the 'method' attribute in 'SubjectConformation' element.
*
* @return method, or null if no method should set
*/
- public String getSubjectConformationMethode();
+ String getSubjectConformationMethode();
/**
* Define the information, which should be added as 'subjectConformationDate' in
@@ -157,7 +157,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return subjectConformation information or null if no subjectConformation should be set
*/
- public Element getSubjectConformationDate();
+ Element getSubjectConformationDate();
/**
@@ -165,7 +165,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return
*/
- public String getScopeRequesterId();
+ String getScopeRequesterId();
/**
@@ -173,7 +173,7 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return
*/
- public String getProviderName();
+ String getProviderName();
/**
@@ -182,6 +182,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*
* @return
*/
- public List<EaafRequestedAttribute> getRequestedAttributes();
+ List<EaafRequestedAttribute> getRequestedAttributes();
}
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
index 36f43cc8..11b1ecad 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
@@ -253,6 +253,11 @@ public class PvpAuthnRequestBuilder {
} else if (endpoint.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
+ } else {
+ log.warn("Binding: {} is not supported", endpoint.getBinding());
+ throw new AuthnRequestBuildException("sp.pvp2.00",
+ new Object[] {config.getSpNameForLogging(), idpEntity.getEntityID()});
+
}
// encode message
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
index e0cad257..42d1c85e 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
@@ -285,7 +285,7 @@ public class AssertionAttributeExtractor {
&& getFullAssertion().getAuthnStatements().size() > 0) {
for (final AuthnStatement el : getFullAssertion().getAuthnStatements()) {
if (el.getSessionNotOnOrAfter() != null) {
- return (el.getSessionNotOnOrAfter().toDate());
+ return el.getSessionNotOnOrAfter().toDate();
}
}
@@ -331,21 +331,20 @@ public class AssertionAttributeExtractor {
&& assertion.getAttributeStatements().size() > 0) {
final AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
for (final Attribute attr : attrStat.getAttributes()) {
- if (attr.getName().startsWith(PvpConstants.STORK_ATTRIBUTE_PREFIX)) {
- final List<String> storkAttrValues = new ArrayList<>();
- for (final XMLObject el : attr.getAttributeValues()) {
- storkAttrValues.add(el.getDOM().getTextContent());
- }
-
+// if (attr.getName().startsWith(PvpConstants.STORK_ATTRIBUTE_PREFIX)) {
+// final List<String> storkAttrValues = new ArrayList<>();
+// for (final XMLObject el : attr.getAttributeValues()) {
+// storkAttrValues.add(el.getDOM().getTextContent());
+// }
// PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
// false, storkAttrValues , "Available");
// storkAttributes.put(attr.getName(), storkAttr );
- } else {
+// } else {
final List<String> attrList = new ArrayList<>();
for (final XMLObject el : attr.getAttributeValues()) {
attrList.add(el.getDOM().getTextContent());
- }
+ // }
attributs.put(attr.getName(), attrList);