diff options
10 files changed, 224 insertions, 80 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpAddableChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpAddableChainingMetadataProvider.java new file mode 100644 index 00000000..8e5eb715 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpAddableChainingMetadataProvider.java @@ -0,0 +1,22 @@ +package at.gv.egiz.eaaf.modules.pvp2.api.metadata; + +import javax.annotation.Nonnull; + +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; + +import org.opensaml.saml.metadata.resolver.MetadataResolver; + +public interface IPvpAddableChainingMetadataProvider { + + /** + * Manually add a metadata resolver into a chaining metadata provider. + * <br> + * <b>If the chaining metadata provider also implements + * {@link IGarbageCollectorProcessing} manually added provider + * can be removed by garbage-collector process. This behavior + * depends on chaining metadata-provider implementation. </b> + * + * @param resolver Metadata provider that should be added + */ + void addMetadataResolverIntoChain(@Nonnull MetadataResolver resolver); +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java index 0cf7e293..fb1352ce 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java @@ -19,11 +19,11 @@ package at.gv.egiz.eaaf.modules.pvp2.api.metadata; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; public interface IPvpMetadataConfigurationFactory { IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authUrl, - AbstractCredentialProvider pvpIdpCredentials); + IPvp2CredentialProvider pvpIdpCredentials); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java new file mode 100644 index 00000000..a564efb2 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java @@ -0,0 +1,55 @@ +package at.gv.egiz.eaaf.modules.pvp2.api.utils; + +import java.security.cert.X509Certificate; +import java.util.List; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; + +public interface IPvp2CredentialProvider { + + /** + * Get Credentials to sign metadata. + * + * @return Credentials + * @throws CredentialsNotAvailableException In case of a credential error + */ + @Nonnull + EaafX509Credential getMetaDataSigningCredential() throws CredentialsNotAvailableException; + + /** + * Get Credentials to sign SAML2 messages, like AuthnRequest, Response, + * Assertions as some examples. + * + * @return Credentials + * @throws CredentialsNotAvailableException In case of a credential error + */ + @Nonnull + EaafX509Credential getMessageSigningCredential() throws CredentialsNotAvailableException; + + /** + * Get Credentials to encrypt messages, like Assertion as example. + * + * @return Credentials + * @throws CredentialsNotAvailableException In case of a credential error + */ + @Nullable + EaafX509Credential getMessageEncryptionCredential() + throws CredentialsNotAvailableException; + + /** + * Get a List of trusted {@link X509Certificate} that are available in this + * KeyStore. + * + * @return List of trusted {@link X509Certificate}, or an emptry {@link List} if + * no certificates are available + * @throws CredentialsNotAvailableException In case of a KeyStore error + */ + @Nonnull + List<X509Certificate> getTrustedCertificates() + throws CredentialsNotAvailableException; + +}
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java index 8a20b932..80511f64 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java @@ -36,6 +36,7 @@ import at.gv.egiz.components.spring.api.IDestroyableObject; import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; import org.apache.commons.lang3.StringUtils; @@ -56,7 +57,7 @@ import net.shibboleth.utilities.java.support.resolver.ResolverException; @Slf4j public abstract class AbstractChainingMetadataProvider implements IGarbageCollectorProcessing, - IRefreshableMetadataProvider, + IRefreshableMetadataProvider, IPvpAddableChainingMetadataProvider, IDestroyableObject, IPvp2MetadataProvider, ClearableMetadataResolver { @Nonnull @@ -157,21 +158,6 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec } - /** - * Close metadata provider and remove all loaded metadata. - * - */ - public void internalDestroy() { - log.info("Destroying chained metadata resolvers ..."); - - for (final MetadataResolver resolver : internalResolvers) { - destroyMetadataResolver(resolver); - } - - internalResolvers.clear(); - - } - @Override public final MetadataFilter getMetadataFilter() { log.warn("{} does NOT support {}", AbstractChainingMetadataProvider.class.getName(), @@ -194,7 +180,7 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec * getEntityDescriptor( java.lang.String) */ @Override - public EntityDescriptor getEntityDescriptor(final String entityID) + public final EntityDescriptor getEntityDescriptor(final String entityID) throws ResolverException { EntityDescriptor entityDesc = null; try { @@ -212,6 +198,7 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec "Can not find PVP metadata for entityID: " + entityID + " Start refreshing process ..."); if (refreshMetadataProvider(entityID)) { return resolveEntityDescripor(entityID); + } } @@ -221,22 +208,21 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec @Override @Nullable - public final EntityDescriptor resolveSingle(@Nullable final CriteriaSet criteria) throws ResolverException { - for (final MetadataResolver resolver : internalResolvers) { - try { - final EntityDescriptor descriptors = resolver.resolveSingle(criteria); - if (descriptors != null) { - return descriptors; - } - - } catch (final ResolverException e) { - continue; + public final EntityDescriptor resolveSingle(@Nullable final CriteriaSet criteria) + throws ResolverException { + EntityDescriptor result = internalResolveSingle(criteria); + if (result == null && criteria != null) { + final EntityIdCriterion entityIdCriteria = criteria.get(EntityIdCriterion.class); + if (entityIdCriteria != null + && refreshMetadataProvider(entityIdCriteria.getEntityId())) { + log.debug("Can not find PVP metadata for entityID: {}. Metadata refreshing was done ... ", + entityIdCriteria.getEntityId()); + result = internalResolveSingle(criteria); } - } - return null; + return result; } @@ -244,21 +230,18 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec @Nonnull public final Iterable<EntityDescriptor> resolve(@Nullable final CriteriaSet criteria) throws ResolverException { - for (final MetadataResolver resolver : internalResolvers) { - try { - final Iterable<EntityDescriptor> descriptors = resolver.resolve(criteria); - if (descriptors != null && descriptors.iterator().hasNext()) { - return descriptors; - - } - - } catch (final ResolverException e) { - continue; - + Iterable<EntityDescriptor> result = internalResolve(criteria); + if (criteria != null) { + final EntityIdCriterion entityIdCriteria = criteria.get(EntityIdCriterion.class); + if (!result.iterator().hasNext() && entityIdCriteria != null + && refreshMetadataProvider(entityIdCriteria.getEntityId())) { + log.debug("Can not find PVP metadata for entityID: {}. Metadata refreshing was done ... ", + entityIdCriteria.getEntityId()); + result = internalResolve(criteria); } } - return Collections.emptyList(); + return result; } @Override @@ -295,7 +278,7 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec @Override @Nullable - public DateTime getLastUpdate() { + public final DateTime getLastUpdate() { DateTime ret = null; for (final MetadataResolver resolver : internalResolvers) { if (resolver instanceof RefreshableMetadataResolver) { @@ -325,6 +308,42 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec return ret; } + @Override + public final DateTime getLastSuccessfulRefresh() { + return this.lastRefeshTimestamp; + + } + + @Override + public final Boolean wasLastRefreshSuccess() { + return this.lastRefeshSuccessful; + + } + + @Override + public final boolean isRequireValidMetadata() { + log.warn("Attempt to access unsupported requireValidMetadata property on ChainingMetadataResolver"); + return false; + } + + @Override + public final void setRequireValidMetadata(final boolean requireValidMetadata) { + throw new UnsupportedOperationException( + "Setting requireValidMetadata is not supported on chaining resolver"); + } + + @Override + public final String getId() { + return getMetadataProviderId(); + + } + + @Override + public final void addMetadataResolverIntoChain(MetadataResolver resolver) { + internalResolvers.add(resolver); + + } + /** * Get the URL to metadata for a specific entityID. * @@ -465,34 +484,58 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec } } - @Override - public DateTime getLastSuccessfulRefresh() { - return this.lastRefeshTimestamp; + /** + * Close metadata provider and remove all loaded metadata. + * + */ + private void internalDestroy() { + log.info("Destroying chained metadata resolvers ..."); - } + for (final MetadataResolver resolver : internalResolvers) { + destroyMetadataResolver(resolver); + } - @Override - public Boolean wasLastRefreshSuccess() { - return this.lastRefeshSuccessful; + internalResolvers.clear(); } - @Override - public boolean isRequireValidMetadata() { - log.warn("Attempt to access unsupported requireValidMetadata property on ChainingMetadataResolver"); - return false; - } + private EntityDescriptor internalResolveSingle(@Nullable final CriteriaSet criteria) + throws ResolverException { + for (final MetadataResolver resolver : internalResolvers) { + try { + final EntityDescriptor descriptors = resolver.resolveSingle(criteria); + if (descriptors != null) { + return descriptors; + } + + } catch (final ResolverException e) { + continue; + + } + } + + return null; - @Override - public void setRequireValidMetadata(final boolean requireValidMetadata) { - throw new UnsupportedOperationException( - "Setting requireValidMetadata is not supported on chaining resolver"); } - @Override - public String getId() { - return getMetadataProviderId(); + @Nonnull + private Iterable<EntityDescriptor> internalResolve(@Nullable final CriteriaSet criteria) + throws ResolverException { + for (final MetadataResolver resolver : internalResolvers) { + try { + final Iterable<EntityDescriptor> descriptors = resolver.resolve(criteria); + if (descriptors != null && descriptors.iterator().hasNext()) { + return descriptors; + + } + } catch (final ResolverException e) { + continue; + + } + } + + return Collections.emptyList(); } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index 13124114..6959b6bd 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -39,6 +39,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; @@ -53,7 +54,7 @@ import org.springframework.core.io.ResourceLoader; import lombok.extern.slf4j.Slf4j; @Slf4j -public abstract class AbstractCredentialProvider { +public abstract class AbstractCredentialProvider implements IPvp2CredentialProvider { private static final String TRUSTED_CERTIFICATES_OPERATION = "Trusted Certificate Entries"; @@ -136,10 +137,11 @@ public abstract class AbstractCredentialProvider { * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ + @Override public EaafX509Credential getMetaDataSigningCredential() throws CredentialsNotAvailableException { try { final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, - getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray(), getFriendlyName()); + getMetadataKeyAlias(), getPassCharArrayOrNull(getMetadataKeyPassword()), getFriendlyName()); credentials.setUsageType(UsageType.SIGNING); credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials)); credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials)); @@ -152,6 +154,8 @@ public abstract class AbstractCredentialProvider { } } + + /** * Get Credentials to sign SAML2 messages, like AuthnRequest, Response, * Assertions as some examples. @@ -159,10 +163,11 @@ public abstract class AbstractCredentialProvider { * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ + @Override public EaafX509Credential getMessageSigningCredential() throws CredentialsNotAvailableException { try { final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, - getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray(), getFriendlyName()); + getSignatureKeyAlias(), getPassCharArrayOrNull(getSignatureKeyPassword()), getFriendlyName()); credentials.setUsageType(UsageType.SIGNING); credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials)); credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials)); @@ -181,6 +186,7 @@ public abstract class AbstractCredentialProvider { * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ + @Override public EaafX509Credential getMessageEncryptionCredential() throws CredentialsNotAvailableException { // if no encryption key is configured return null @@ -190,7 +196,7 @@ public abstract class AbstractCredentialProvider { try { final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, - getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray(), getFriendlyName()); + getEncryptionKeyAlias(), getPassCharArrayOrNull(getEncryptionKeyPassword()), getFriendlyName()); credentials.setUsageType(UsageType.ENCRYPTION); credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials)); credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials)); @@ -212,6 +218,7 @@ public abstract class AbstractCredentialProvider { * no certificates are available * @throws CredentialsNotAvailableException In case of a KeyStore error */ + @Override @Nonnull public List<X509Certificate> getTrustedCertificates() throws CredentialsNotAvailableException { @@ -288,4 +295,14 @@ public abstract class AbstractCredentialProvider { PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC)); } + private char[] getPassCharArrayOrNull(String metadataKeyPassword) { + char[] keyPassChar = null; + if (metadataKeyPassword != null) { + keyPassChar = metadataKeyPassword.toCharArray(); + + } + + return keyPassChar; + } + } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java index 14e6a78a..a3154b0d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java @@ -22,9 +22,11 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; import java.io.IOException; import java.io.InputStream; import java.security.PrivateKey; +import java.security.PublicKey; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; import java.util.List; import javax.annotation.Nonnull; @@ -229,17 +231,22 @@ public class Saml2Utils { public static String getKeyOperationAlgorithmFromCredential(X509Credential credentials, String rsaSigAlgorithm, String ecSigAlgorithm) throws SamlSigningException { final PrivateKey privatekey = credentials.getPrivateKey(); - if (privatekey instanceof RSAPrivateKey) { + final PublicKey publickey = credentials.getPublicKey(); + if (privatekey instanceof RSAPrivateKey + || publickey instanceof RSAPublicKey) { return rsaSigAlgorithm; - } else if (privatekey instanceof ECPrivateKey) { + } else if (privatekey instanceof ECPrivateKey + || publickey instanceof ECPublicKey) { return ecSigAlgorithm; } else { log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential."); throw new SamlSigningException("internal.pvp.97", - new Object[] { credentials.getEntityId(), privatekey.getClass().getName() }); + new Object[] { credentials.getEntityId(), + privatekey != null ? privatekey.getClass().getName() : publickey.getClass().getName() + }); } } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index 29bbac1e..a56c8726 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -41,6 +41,7 @@ import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor; import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPvpRequestException; import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException; @@ -53,7 +54,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding; import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; @@ -93,14 +93,14 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement @Autowired(required = false) protected List<IAuthnRequestPostProcessor> authRequestPostProcessors; - private AbstractCredentialProvider pvpIdpCredentials; + private IPvp2CredentialProvider pvpIdpCredentials; /** * Sets a specific credential provider for PVP S-Profile IDP component. * * @param pvpIdpCredentials credential provider */ - public void setPvpIdpCredentials(final AbstractCredentialProvider pvpIdpCredentials) { + public void setPvpIdpCredentials(final IPvp2CredentialProvider pvpIdpCredentials) { this.pvpIdpCredentials = pvpIdpCredentials; } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index d138ba3a..16cd27cd 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.impl.data.SloInformationImpl; import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException; import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException; import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder; @@ -41,7 +42,6 @@ import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.Pvp2AssertionBuilder; import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import org.joda.time.DateTime; @@ -74,14 +74,14 @@ public class AuthenticationAction implements IAction { @Autowired(required = true) IRevisionLogger revisionsLogger; - private AbstractCredentialProvider pvpIdpCredentials; + private IPvp2CredentialProvider pvpIdpCredentials; /** * Sets a specific credential provider for PVP S-Profile IDP component. * * @param pvpIdpCredentials credential provider */ - public void setPvpIdpCredentials(final AbstractCredentialProvider pvpIdpCredentials) { + public void setPvpIdpCredentials(final IPvp2CredentialProvider pvpIdpCredentials) { this.pvpIdpCredentials = pvpIdpCredentials; } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java index 3f0ad0b6..0b344ba3 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java @@ -31,9 +31,9 @@ import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.modules.pvp2.PvpEventConstants; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataConfigurationFactory; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -53,14 +53,14 @@ public class MetadataAction implements IAction { @Autowired private IPvpMetadataConfigurationFactory configFactory; - private AbstractCredentialProvider pvpIdpCredentials; + private IPvp2CredentialProvider pvpIdpCredentials; /** * Sets a specific credential provider for PVP S-Profile IDP component. * * @param pvpIdpCredentials credential provider */ - public void setPvpIdpCredentials(final AbstractCredentialProvider pvpIdpCredentials) { + public void setPvpIdpCredentials(final IPvp2CredentialProvider pvpIdpCredentials) { this.pvpIdpCredentials = pvpIdpCredentials; } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml index 52549a88..96560960 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> -<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2020-02-05T06:41:42.966Z"> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2045-02-05T06:41:42.966Z"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> |