summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java47
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java30
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java32
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java34
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java26
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java54
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java24
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java13
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java31
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java10
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java10
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java14
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java23
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java14
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafMessageContextInitializationHandler.java12
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafSaml2HttpRedirectDeflateSignatureSecurityHandler.java18
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSamlMessageHandlerChain.java17
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java38
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java30
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java43
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java33
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java13
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java17
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java45
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java5
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java17
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java54
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java33
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java30
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java16
-rw-r--r--pom.xml2
37 files changed, 430 insertions, 393 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java
index 2f058af8..184a3adb 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java
@@ -22,12 +22,12 @@ package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver;
+import org.opensaml.saml.metadata.resolver.RefreshableMetadataResolver;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
-public interface IPvp2MetadataProvider extends ExtendedRefreshableMetadataResolver {
+public interface IPvp2MetadataProvider extends RefreshableMetadataResolver {
/**
* Get a SAML2 EntityDescriptor with an EntityId from metadata provider.
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java
index 3543d85a..80697ee9 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java
@@ -2,29 +2,12 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
import javax.xml.namespace.QName;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlBindingException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSamlMessageHandlerChain;
-
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.messaging.context.BaseContext;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.messaging.decoder.servlet.HttpServletRequestMessageDecoder;
import org.opensaml.messaging.handler.MessageHandlerException;
-import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.common.binding.encoding.SAMLMessageEncoder;
@@ -48,6 +31,22 @@ import com.google.common.base.Optional;
import com.google.common.base.Predicates;
import com.google.common.base.Throwables;
import com.google.common.collect.FluentIterable;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlBindingException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSamlMessageHandlerChain;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
@@ -65,8 +64,8 @@ public abstract class AbstractBinding {
public abstract String getSaml2BindingName();
- protected MessageContext<SAMLObject> internalMessageDecode(
- HttpServletRequestMessageDecoder<SAMLObject> decoder,
+ protected MessageContext internalMessageDecode(
+ HttpServletRequestMessageDecoder decoder,
String binding) throws Pvp2Exception {
try {
decoder.initialize();
@@ -97,9 +96,9 @@ public abstract class AbstractBinding {
}
- protected MessageContext<SAMLObject> buildBasicMessageContext(
+ protected MessageContext buildBasicMessageContext(
SAMLMessageEncoder encoder, SignableSAMLObject response) {
- final MessageContext<SAMLObject> messageContext = new MessageContext<>();
+ final MessageContext messageContext = new MessageContext();
messageContext.setMessage(response);
encoder.setMessageContext(messageContext);
return messageContext;
@@ -139,7 +138,7 @@ public abstract class AbstractBinding {
}
- protected void injectInboundMessageContexts(MessageContext<SAMLObject> messageContext,
+ protected void injectInboundMessageContexts(MessageContext messageContext,
IPvp2MetadataProvider metadataProvider, QName peerEntityRole) throws Pvp2InternalErrorException {
final SAMLPeerEntityContext peerEntityContext = new SAMLPeerEntityContext();
peerEntityContext.setRole(peerEntityRole);
@@ -164,7 +163,7 @@ public abstract class AbstractBinding {
}
protected void performMessageValidation(PvpSamlMessageHandlerChain messageValidatorChain,
- MessageContext<SAMLObject> messageContext) throws Pvp2Exception {
+ MessageContext messageContext) throws Pvp2Exception {
try {
messageValidatorChain.initialize();
messageValidatorChain.invoke(messageContext);
@@ -191,7 +190,7 @@ public abstract class AbstractBinding {
}
protected InboundMessageInterface performMessageDecodePostProcessing(
- MessageContext<SAMLObject> messageContext, boolean isVerified) {
+ MessageContext messageContext, boolean isVerified) {
InboundMessage msg = null;
if (messageContext.getMessage() instanceof RequestAbstractType) {
final RequestAbstractType inboundMessage =
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
index c679de20..829f771a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
@@ -23,6 +23,17 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
+import org.opensaml.messaging.context.MessageContext;
+import org.opensaml.saml.common.binding.SAMLBindingSupport;
+import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler;
+import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler;
+import org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler;
+import org.opensaml.saml.common.messaging.SAMLMessageSecuritySupport;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.StatusResponseType;
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory;
import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
@@ -41,19 +52,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafHttpPostDecoder;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HttpPostEncoderWithOwnTemplate;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.EaafSamlProtocolMessageXmlSignatureSecurityHandler;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSamlMessageHandlerChain;
-
-import org.opensaml.messaging.context.MessageContext;
-import org.opensaml.saml.common.SAMLObject;
-import org.opensaml.saml.common.binding.SAMLBindingSupport;
-import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler;
-import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler;
-import org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler;
-import org.opensaml.saml.common.messaging.SAMLMessageSecuritySupport;
-import org.opensaml.saml.common.xml.SAMLConstants;
-import org.opensaml.saml.saml2.core.RequestAbstractType;
-import org.opensaml.saml.saml2.core.StatusResponseType;
-import org.springframework.beans.factory.annotation.Autowired;
-
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.net.URIComparator;
@@ -85,7 +83,7 @@ public class PostBinding extends AbstractBinding implements IDecoder, IEncoder {
encoder.setHttpServletResponse(httpResp);
// inject message context
- final MessageContext<SAMLObject> messageContext = buildBasicMessageContext(encoder, request);
+ final MessageContext messageContext = buildBasicMessageContext(encoder, request);
// inject signing context
messageContext.addSubcontext(injectSigningInfos(credentials));
@@ -131,7 +129,7 @@ public class PostBinding extends AbstractBinding implements IDecoder, IEncoder {
encoder.setHttpServletResponse(httpResp);
// inject message context
- final MessageContext<SAMLObject> messageContext = buildBasicMessageContext(encoder, response);
+ final MessageContext messageContext = buildBasicMessageContext(encoder, response);
// inject signing context
messageContext.addSubcontext(injectSigningInfos(credentials));
@@ -165,7 +163,7 @@ public class PostBinding extends AbstractBinding implements IDecoder, IEncoder {
throws Pvp2Exception {
final EaafHttpPostDecoder decode = new EaafHttpPostDecoder(req);
- final MessageContext<SAMLObject> messageContext = internalMessageDecode(decode, PvpConstants.POST);
+ final MessageContext messageContext = internalMessageDecode(decode, PvpConstants.POST);
// check if PVP2 AuthnRequest is signed
if (!SAMLBindingSupport.isMessageSigned(messageContext)) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
index f62f8a11..c66c773e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
@@ -23,6 +23,18 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
+import org.opensaml.messaging.context.MessageContext;
+import org.opensaml.saml.common.binding.SAMLBindingSupport;
+import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler;
+import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler;
+import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.StatusResponseType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
@@ -36,20 +48,6 @@ import at.gv.egiz.eaaf.modules.pvp2.exception.SamlBindingException;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafHttpRedirectDeflateDecoder;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.EaafSaml2HttpRedirectDeflateSignatureSecurityHandler;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSamlMessageHandlerChain;
-
-import org.opensaml.messaging.context.MessageContext;
-import org.opensaml.saml.common.SAMLObject;
-import org.opensaml.saml.common.binding.SAMLBindingSupport;
-import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler;
-import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler;
-import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
-import org.opensaml.saml.common.xml.SAMLConstants;
-import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
-import org.opensaml.saml.saml2.core.RequestAbstractType;
-import org.opensaml.saml.saml2.core.StatusResponseType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
import net.shibboleth.utilities.java.support.net.URIComparator;
public class RedirectBinding extends AbstractBinding implements IDecoder, IEncoder {
@@ -67,7 +65,7 @@ public class RedirectBinding extends AbstractBinding implements IDecoder, IEncod
final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
encoder.setHttpServletResponse(resp);
- final MessageContext<SAMLObject> messageContext = buildBasicMessageContext(encoder, request);
+ final MessageContext messageContext = buildBasicMessageContext(encoder, request);
// set endpoint url
messageContext.addSubcontext(injectEndpointInfos(request, targetLocation));
@@ -104,7 +102,7 @@ public class RedirectBinding extends AbstractBinding implements IDecoder, IEncod
final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
encoder.setHttpServletResponse(resp);
- final MessageContext<SAMLObject> messageContext = buildBasicMessageContext(encoder, response);
+ final MessageContext messageContext = buildBasicMessageContext(encoder, response);
// set endpoint url
messageContext.addSubcontext(injectEndpointInfos(response, targetLocation));
@@ -136,7 +134,7 @@ public class RedirectBinding extends AbstractBinding implements IDecoder, IEncod
throws Pvp2Exception {
final EaafHttpRedirectDeflateDecoder decode = new EaafHttpRedirectDeflateDecoder(req);
- final MessageContext<SAMLObject> messageContext = internalMessageDecode(decode, PvpConstants.REDIRECT);
+ final MessageContext messageContext = internalMessageDecode(decode, PvpConstants.REDIRECT);
final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class, true);
if (!bindingContext.hasBindingSignature()) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
index 49e93f0a..cd651a1e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
@@ -23,6 +23,20 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
+import org.opensaml.messaging.context.MessageContext;
+import org.opensaml.saml.common.binding.SAMLBindingSupport;
+import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler;
+import org.opensaml.saml.common.binding.impl.SAMLProtocolAndRoleHandler;
+import org.opensaml.saml.common.binding.impl.SAMLSOAPDecoderBodyHandler;
+import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler;
+import org.opensaml.saml.common.messaging.SAMLMessageSecuritySupport;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder;
+import org.opensaml.saml.saml2.binding.encoding.impl.HTTPSOAP11Encoder;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.StatusResponseType;
+import org.opensaml.soap.messaging.context.SOAP11Context;
+
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
@@ -38,22 +52,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.EaafMessageContextInitializationHandler;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.EaafSamlProtocolMessageXmlSignatureSecurityHandler;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSamlMessageHandlerChain;
-
-import org.opensaml.messaging.context.MessageContext;
-import org.opensaml.saml.common.SAMLObject;
-import org.opensaml.saml.common.binding.SAMLBindingSupport;
-import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler;
-import org.opensaml.saml.common.binding.impl.SAMLProtocolAndRoleHandler;
-import org.opensaml.saml.common.binding.impl.SAMLSOAPDecoderBodyHandler;
-import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler;
-import org.opensaml.saml.common.messaging.SAMLMessageSecuritySupport;
-import org.opensaml.saml.common.xml.SAMLConstants;
-import org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder;
-import org.opensaml.saml.saml2.binding.encoding.impl.HTTPSOAP11Encoder;
-import org.opensaml.saml.saml2.core.RequestAbstractType;
-import org.opensaml.saml.saml2.core.StatusResponseType;
-import org.opensaml.soap.messaging.context.SOAP11Context;
-
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.net.URIComparator;
@@ -72,7 +70,7 @@ public class SoapBinding extends AbstractBinding implements IDecoder, IEncoder {
injectMessageHandlerChain(soapDecoder, metadataProvider, peerEntityRole);
- final MessageContext<SAMLObject> messageContext =
+ final MessageContext messageContext =
internalMessageDecode(soapDecoder, PvpConstants.SOAP);
// check if PVP2 AuthnRequest is signed
@@ -141,7 +139,7 @@ public class SoapBinding extends AbstractBinding implements IDecoder, IEncoder {
encoder.setHttpServletResponse(resp);
// inject message context
- final MessageContext<SAMLObject> messageContext = buildBasicMessageContext(encoder, response);
+ final MessageContext messageContext = buildBasicMessageContext(encoder, response);
//inject SOAP enveloped
final SOAP11Context soap11Context = new SOAP11Context();
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
index 92922e09..05a7360b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
@@ -21,6 +21,8 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
import java.io.IOException;
import java.text.MessageFormat;
+import java.time.Duration;
+import java.time.Instant;
import java.util.Collection;
import java.util.List;
@@ -29,15 +31,7 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactoryConfigurationError;
-import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-
import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.SignableSAMLObject;
@@ -67,6 +61,12 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
/**
@@ -114,7 +114,7 @@ public class PvpMetadataBuilder {
throws CredentialsNotAvailableException, EaafException, SecurityException,
TransformerFactoryConfigurationError, MarshallingException, TransformerException,
ParserConfigurationException, IOException, SignatureException {
- final DateTime date = new DateTime();
+ final Instant date = Instant.now();
final EntityDescriptor entityDescriptor = Saml2Utils.createSamlObject(EntityDescriptor.class);
// set entityID
@@ -161,19 +161,19 @@ public class PvpMetadataBuilder {
}
SignableSAMLObject metadataToSign;
-
+
// build entities descriptor
if (config.buildEntitiesDescriptorAsRootElement()) {
final EntitiesDescriptor entitiesDescriptor =
Saml2Utils.createSamlObject(EntitiesDescriptor.class);
entitiesDescriptor.setName(config.getEntityFriendlyName());
entitiesDescriptor.setID(Saml2Utils.getSecureIdentifier());
- entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
+ entitiesDescriptor.setValidUntil(date.plus(Duration.ofHours(config.getMetadataValidUntil())));
entitiesDescriptor.getEntityDescriptors().add(entityDescriptor);
metadataToSign = entitiesDescriptor;
} else {
- entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
+ entityDescriptor.setValidUntil(date.plus(Duration.ofHours(config.getMetadataValidUntil())));
entityDescriptor.setID(Saml2Utils.getSecureIdentifier());
metadataToSign = entityDescriptor;
@@ -320,7 +320,7 @@ public class PvpMetadataBuilder {
if (reqSpAttr != null && reqSpAttr.size() > 0) {
log.debug("Add " + reqSpAttr.size() + " attributes to SP metadata");
- attributeService.getRequestAttributes().addAll(reqSpAttr);
+ attributeService.getRequestedAttributes().addAll(reqSpAttr);
} else {
log.debug("SP metadata contains NO requested attributes.");
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
index 40448b45..3a21b15d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
import java.io.IOException;
import java.security.cert.CertificateException;
+import java.time.Instant;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -33,15 +34,7 @@ import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.naming.ConfigurationException;
-import at.gv.egiz.components.spring.api.IDestroyableObject;
-import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-
import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.saml.metadata.resolver.ClearableMetadataResolver;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
@@ -50,6 +43,12 @@ import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.component.IdentifiedComponent;
@@ -64,7 +63,7 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
@Nonnull
@NonnullElements
private final List<MetadataResolver> internalResolvers;
- private DateTime lastRefeshTimestamp;
+ private Instant lastRefeshTimestamp;
private boolean lastRefeshSuccessful;
private static Object mutex = new Object();
@@ -111,10 +110,10 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
@Override
public synchronized boolean refreshMetadataProvider(final String entityId) {
try {
- //if (resolveEntityDescriporForRefesh(entityId)) {
- // return true;
+ // if (resolveEntityDescriporForRefesh(entityId)) {
+ // return true;
//
- //}
+ // }
// reload metadata provider
final String metadataUrl = getMetadataUrl(entityId);
@@ -160,7 +159,6 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
}
-
@Override
public final MetadataFilter getMetadataFilter() {
log.warn("{} does NOT support {}", AbstractChainingMetadataProvider.class.getName(),
@@ -275,17 +273,17 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
}
}
- this.lastRefeshTimestamp = DateTime.now();
+ this.lastRefeshTimestamp = Instant.now();
this.lastRefeshSuccessful = true;
}
@Override
@Nullable
- public final DateTime getLastUpdate() {
- DateTime ret = null;
+ public final Instant getLastUpdate() {
+ Instant ret = null;
for (final MetadataResolver resolver : internalResolvers) {
if (resolver instanceof RefreshableMetadataResolver) {
- final DateTime lastUpdate = ((RefreshableMetadataResolver) resolver).getLastUpdate();
+ final Instant lastUpdate = ((RefreshableMetadataResolver) resolver).getLastUpdate();
if (ret == null || ret.isBefore(lastUpdate)) {
ret = lastUpdate;
}
@@ -297,11 +295,11 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
@Override
@Nullable
- public final DateTime getLastRefresh() {
- DateTime ret = null;
+ public final Instant getLastRefresh() {
+ Instant ret = null;
for (final MetadataResolver resolver : internalResolvers) {
if (resolver instanceof RefreshableMetadataResolver) {
- final DateTime lastRefresh = ((RefreshableMetadataResolver) resolver).getLastRefresh();
+ final Instant lastRefresh = ((RefreshableMetadataResolver) resolver).getLastRefresh();
if (ret == null || ret.isBefore(lastRefresh)) {
ret = lastRefresh;
}
@@ -312,7 +310,7 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
}
@Override
- public final DateTime getLastSuccessfulRefresh() {
+ public final Instant getLastSuccessfulRefresh() {
return this.lastRefeshTimestamp;
}
@@ -347,6 +345,20 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
}
+ @Override
+ public final Throwable getLastFailureCause() {
+ for (final MetadataResolver resolver : internalResolvers) {
+ if (resolver instanceof RefreshableMetadataResolver) {
+ final RefreshableMetadataResolver refreshable = (RefreshableMetadataResolver) resolver;
+ if (refreshable.getLastFailureCause() != null) {
+ return refreshable.getLastFailureCause();
+ }
+ }
+ }
+
+ return null;
+ }
+
/**
* Get the URL to metadata for a specific entityID.
*
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java
index d2b861dc..1b44afe4 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java
@@ -1,14 +1,14 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import java.time.Instant;
-import org.joda.time.DateTime;
import org.opensaml.core.criterion.EntityIdCriterion;
-import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver;
+import org.opensaml.saml.metadata.resolver.RefreshableMetadataResolver;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
@@ -16,9 +16,9 @@ import net.shibboleth.utilities.java.support.resolver.ResolverException;
@Slf4j
public class PvpMetadataResolverAdapter implements IPvp2MetadataProvider, IRefreshableMetadataProvider {
- private final ExtendedRefreshableMetadataResolver internalProvider;
+ private final RefreshableMetadataResolver internalProvider;
- public PvpMetadataResolverAdapter(ExtendedRefreshableMetadataResolver provider) {
+ public PvpMetadataResolverAdapter(RefreshableMetadataResolver provider) {
this.internalProvider = provider;
}
@@ -29,13 +29,13 @@ public class PvpMetadataResolverAdapter implements IPvp2MetadataProvider, IRefre
}
@Override
- public DateTime getLastRefresh() {
+ public Instant getLastRefresh() {
return internalProvider.getLastRefresh();
}
@Override
- public DateTime getLastUpdate() {
+ public Instant getLastUpdate() {
return internalProvider.getLastUpdate();
}
@@ -88,7 +88,7 @@ public class PvpMetadataResolverAdapter implements IPvp2MetadataProvider, IRefre
}
@Override
- public DateTime getLastSuccessfulRefresh() {
+ public Instant getLastSuccessfulRefresh() {
return internalProvider.getLastSuccessfulRefresh();
}
@@ -112,4 +112,10 @@ public class PvpMetadataResolverAdapter implements IPvp2MetadataProvider, IRefre
}
}
+ @Override
+ public Throwable getLastFailureCause() {
+ return internalProvider.getLastFailureCause();
+
+ }
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
index d29f1a0e..bf541b67 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java
@@ -1,6 +1,7 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
import java.io.IOException;
+import java.time.Duration;
import java.util.Timer;
import javax.annotation.Nonnull;
@@ -10,7 +11,7 @@ import javax.net.ssl.SSLHandshakeException;
import org.apache.http.client.HttpClient;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
-import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver;
+import org.opensaml.saml.metadata.resolver.RefreshableMetadataResolver;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.HTTPMetadataResolver;
@@ -102,7 +103,7 @@ public class PvpMetadataResolverFactory implements IDestroyableObject {
@Nullable final MetadataFilter filter, @Nonnull final String idForLogging,
@Nullable final ParserPool pool, @Nullable final HttpClient httpClient) throws Pvp2MetadataException {
- ExtendedRefreshableMetadataResolver internalProvider = null;
+ RefreshableMetadataResolver internalProvider = null;
try {
if (metadataLocation.startsWith(URI_PREFIX_HTTP)
@@ -181,7 +182,7 @@ public class PvpMetadataResolverFactory implements IDestroyableObject {
* @throws ComponentInitializationException In case of a metadata resolver
* initialization error
*/
- private ExtendedRefreshableMetadataResolver createNewFileSystemMetaDataProvider(final Resource metadataFile,
+ private RefreshableMetadataResolver createNewFileSystemMetaDataProvider(final Resource metadataFile,
final MetadataFilter filter, final String idForLogging, final Timer timer,
final ParserPool pool) throws IOException, ComponentInitializationException {
ResourceBackedMetadataResolver fileSystemResolver = null;
@@ -212,7 +213,7 @@ public class PvpMetadataResolverFactory implements IDestroyableObject {
* @throws ResolverException In case of an internal OpenSAML
* resolver error
*/
- private ExtendedRefreshableMetadataResolver createNewHttpMetaDataProvider(final String metadataUrl,
+ private RefreshableMetadataResolver createNewHttpMetaDataProvider(final String metadataUrl,
final MetadataFilter filter, final String idForLogging, final Timer timer,
final ParserPool pool, final HttpClient httpClient) throws ComponentInitializationException,
ResolverException {
@@ -241,8 +242,8 @@ public class PvpMetadataResolverFactory implements IDestroyableObject {
}
resolver.setRequireValidMetadata(true);
- resolver.setMinRefreshDelay(1000 * 60 * 15); // 15 minutes
- resolver.setMaxRefreshDelay(1000 * 60 * 60 * 24); // 24 hours
+ resolver.setMinRefreshDelay(Duration.ofMinutes(15));
+ resolver.setMaxRefreshDelay(Duration.ofHours(24));
resolver.setMetadataFilter(filter);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java
index fdd44b9a..f9860839 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java
@@ -6,16 +6,17 @@ import java.io.UnsupportedEncodingException;
import javax.servlet.http.HttpServletRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SamlHttpUtils;
-
import org.opensaml.core.xml.XMLObject;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
import com.google.common.base.Strings;
+
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SamlHttpUtils;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.codec.Base64Support;
+import net.shibboleth.utilities.java.support.codec.DecodingException;
/**
* SAML2 Post-Binding decoder with same EAAF specific hardening regarding http
@@ -51,18 +52,26 @@ public class EaafHttpPostDecoder extends HTTPPostDecoder {
throw new MessageDecodingException("No SAML message present in request");
}
- log.trace("Base64 decoding SAML message: {}", encodedMessage);
- final byte[] decodedBytes = Base64Support.decode(encodedMessage);
-
try {
- log.trace("Decoded SAML message: {}", new String(decodedBytes, "UTF-8"));
+ log.trace("Base64 decoding SAML message: {}", encodedMessage);
+ final byte[] decodedBytes = Base64Support.decode(encodedMessage);
- } catch (final UnsupportedEncodingException e) {
- log.warn("Logging of incomming message failed", e);
+ try {
+ log.trace("Decoded SAML message: {}", new String(decodedBytes, "UTF-8"));
- }
+ } catch (final UnsupportedEncodingException e) {
+ log.warn("Logging of incomming message failed", e);
+
+ }
+
+ return new ByteArrayInputStream(decodedBytes);
+
+ } catch (final DecodingException e) {
+ log.error("Unable to Base64 decode SAML message");
+ throw new MessageDecodingException("Unable to Base64 decode SAML message",e);
+ }
+
- return new ByteArrayInputStream(decodedBytes);
}
/**
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java
index c5174f02..28f98d30 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java
@@ -4,9 +4,6 @@ import java.io.InputStream;
import javax.servlet.http.HttpServletRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SamlHttpUtils;
-
import org.opensaml.core.xml.XMLObject;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.decoder.MessageDecodingException;
@@ -16,6 +13,9 @@ import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder;
import com.google.common.base.Strings;
+
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SamlHttpUtils;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
@@ -39,7 +39,7 @@ public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder {
@Override
protected void doDecode() throws MessageDecodingException {
- final MessageContext<SAMLObject> messageContext = new MessageContext<>();
+ final MessageContext messageContext = new MessageContext();
final HttpServletRequest request = getHttpServletRequest();
if (!"GET".equalsIgnoreCase(request.getMethod())) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
index fa77b73c..396b513f 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
@@ -28,17 +28,15 @@ import java.io.Writer;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder;
-import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
-
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.Velocity;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.encoder.MessageEncodingException;
-import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.net.HttpServletSupport;
@@ -80,7 +78,7 @@ public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder {
* message
*/
@Override
- protected void postEncode(final MessageContext<SAMLObject> messageContext, final String endpointUrl)
+ protected void postEncode(final MessageContext messageContext, final String endpointUrl)
throws MessageEncodingException {
log.debug("Invoking Velocity template to create POST body");
InputStream is = null;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
index 38735fb8..e75be5de 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
@@ -39,8 +39,8 @@ public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
@Override
protected void doEncode() throws MessageEncodingException {
- final MessageContext<SAMLObject> messageContext = getMessageContext();
- final SAMLObject outboundMessage = messageContext.getMessage();
+ final MessageContext messageContext = getMessageContext();
+ final SAMLObject outboundMessage = (SAMLObject) messageContext.getMessage();
final String endpointUrl = getEndpointURL(messageContext).toString();
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java
index e391bb31..bde67205 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java
@@ -23,15 +23,15 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-
+import org.opensaml.core.xml.AbstractXMLObject;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.schema.XSBooleanValue;
import org.opensaml.core.xml.util.AttributeMap;
import org.opensaml.core.xml.util.XMLObjectChildrenList;
-import org.opensaml.saml.common.AbstractSAMLObject;
-public class EaafRequestedAttributeImpl extends AbstractSAMLObject
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
+public class EaafRequestedAttributeImpl extends AbstractXMLObject
implements EaafRequestedAttribute {
private final XMLObjectChildrenList<XMLObject> attributeValues;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java
index 9c251233..a370b305 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java
@@ -23,14 +23,14 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
-
+import org.opensaml.core.xml.AbstractXMLObject;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.util.IndexedXMLObjectChildrenList;
-import org.opensaml.saml.common.AbstractSAMLObject;
-public class EaafRequestedAttributesImpl extends AbstractSAMLObject
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+
+public class EaafRequestedAttributesImpl extends AbstractXMLObject
implements EaafRequestedAttributes {
private final IndexedXMLObjectChildrenList<XMLObject> indexedChildren;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java
index c28dd7fb..fe619ef0 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java
@@ -23,24 +23,28 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
+import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
-
import org.opensaml.core.xml.XMLObject;
+import org.opensaml.saml.metadata.resolver.filter.FilterException;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
+import org.opensaml.saml.metadata.resolver.filter.MetadataFilterContext;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
+
public abstract class AbstractMetadataSignatureFilter implements MetadataFilter {
private static final Logger log = LoggerFactory.getLogger(AbstractMetadataSignatureFilter.class);
@Override
- public XMLObject filter(@Nullable final XMLObject metadata) throws SignatureValidationException {
+ public XMLObject filter(@Nullable final XMLObject metadata,
+ @Nonnull final MetadataFilterContext context) throws FilterException {
try {
if (metadata instanceof EntitiesDescriptor) {
final EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java
index efbeb7e5..7317e7ba 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java
@@ -22,17 +22,15 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
import java.util.ArrayList;
import java.util.List;
-import at.gv.egiz.eaaf.core.impl.data.Triple;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.ext.saml2mdattr.EntityAttributes;
import org.opensaml.saml.metadata.resolver.filter.FilterException;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
+import org.opensaml.saml.metadata.resolver.filter.MetadataFilterContext;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
@@ -44,6 +42,12 @@ import org.opensaml.saml.saml2.metadata.ServiceName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
/**
* Metadata filter that inject requested attributes based on Metadata
* EntityCategories.
@@ -75,7 +79,8 @@ public class PvpEntityCategoryFilter implements MetadataFilter {
* .XMLObject)
*/
@Override
- public XMLObject filter(final XMLObject metadata) throws FilterException {
+ public XMLObject filter(@Nullable final XMLObject metadata,
+ @Nonnull final MetadataFilterContext context) throws FilterException {
if (isUsed) {
log.trace("Map PVP EntityCategory to single PVP Attributes ... ");
@@ -197,7 +202,7 @@ public class PvpEntityCategoryFilter implements MetadataFilter {
attributeService.getNames().add(serviceName);
if (attrList != null && !attrList.isEmpty()) {
- attributeService.getRequestAttributes().addAll(attrList);
+ attributeService.getRequestedAttributes().addAll(attrList);
log.info("Add " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr);
}
@@ -211,14 +216,14 @@ public class PvpEntityCategoryFilter implements MetadataFilter {
// load currently requested attributes
final List<String> currentlyReqAttr = new ArrayList<>();
- for (final RequestedAttribute reqAttr : el.getRequestAttributes()) {
+ for (final RequestedAttribute reqAttr : el.getRequestedAttributes()) {
currentlyReqAttr.add(reqAttr.getName());
}
// check against EntityAttribute List
for (final RequestedAttribute entityAttrListEl : attrList) {
if (!currentlyReqAttr.contains(entityAttrListEl.getName())) {
- el.getRequestAttributes().add(entityAttrListEl);
+ el.getRequestedAttributes().add(entityAttrListEl);
} else {
log.debug("'AttributeConsumingService' already contains attr: "
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
index b9e0c37f..2c7892f9 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
@@ -19,20 +19,23 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml.common.xml.SAMLSchemaBuilder.SAML1Version;
import org.opensaml.saml.metadata.resolver.filter.FilterException;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
+import org.opensaml.saml.metadata.resolver.filter.MetadataFilterContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+
public class SchemaValidationFilter implements MetadataFilter {
private static final Logger log = LoggerFactory.getLogger(SchemaValidationFilter.class);
private boolean isActive = true;
@@ -64,13 +67,14 @@ public class SchemaValidationFilter implements MetadataFilter {
* .XMLObject)
*/
@Override
- public XMLObject filter(final XMLObject arg0) throws FilterException {
+ public XMLObject filter(@Nullable final XMLObject metadata,
+ @Nonnull final MetadataFilterContext context) throws FilterException {
if (isActive) {
try {
final Schema test = schemaBuilder.getSAMLSchema();
final Validator val = test.newValidator();
- final DOMSource source = new DOMSource(arg0.getDOM());
+ final DOMSource source = new DOMSource(metadata.getDOM());
val.validate(source);
log.info("Metadata Schema validation check done OK");
@@ -90,7 +94,7 @@ public class SchemaValidationFilter implements MetadataFilter {
}
- return arg0;
+ return metadata;
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafMessageContextInitializationHandler.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafMessageContextInitializationHandler.java
index aba0a68b..ff587f1b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafMessageContextInitializationHandler.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafMessageContextInitializationHandler.java
@@ -2,15 +2,10 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
import javax.annotation.Nonnull;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.AbstractMessageHandler;
import org.opensaml.messaging.handler.MessageHandlerException;
-import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.messaging.context.SAMLMessageInfoContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.xmlsec.SignatureValidationConfiguration;
@@ -18,11 +13,14 @@ import org.opensaml.xmlsec.SignatureValidationParameters;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
@Slf4j
-public class EaafMessageContextInitializationHandler extends AbstractMessageHandler<SAMLObject> {
+public class EaafMessageContextInitializationHandler extends AbstractMessageHandler {
private final IPvp2MetadataProvider internalMetadataProvider;
private SignatureTrustEngine trustEngine;
@@ -44,7 +42,7 @@ public class EaafMessageContextInitializationHandler extends AbstractMessageHand
@Override
- protected void doInvoke(MessageContext<SAMLObject> messageContext) throws MessageHandlerException {
+ protected void doInvoke(MessageContext messageContext) throws MessageHandlerException {
log.trace("Injecting sub-context to SAML2 message ... ");
messageContext.addSubcontext(new SAMLPeerEntityContext());
messageContext.addSubcontext(new SAMLMessageInfoContext());
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafSaml2HttpRedirectDeflateSignatureSecurityHandler.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafSaml2HttpRedirectDeflateSignatureSecurityHandler.java
index 204229ee..36c8a1ee 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafSaml2HttpRedirectDeflateSignatureSecurityHandler.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafSaml2HttpRedirectDeflateSignatureSecurityHandler.java
@@ -3,19 +3,20 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SamlHttpUtils;
-
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler;
import com.google.common.base.Strings;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SamlHttpUtils;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.codec.Base64Support;
+import net.shibboleth.utilities.java.support.codec.DecodingException;
/**
* Always extracts the last http parameter with a specific name from request, if
@@ -95,7 +96,12 @@ public class EaafSaml2HttpRedirectDeflateSignatureSecurityHandler extends
return null;
}
- return Base64Support.decode(signature);
+ try {
+ return Base64Support.decode(signature);
+
+ } catch (DecodingException e) {
+ throw new MessageHandlerException("Base64 decoding error", e);
+ }
}
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSamlMessageHandlerChain.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSamlMessageHandlerChain.java
index a1365023..44ed2013 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSamlMessageHandlerChain.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSamlMessageHandlerChain.java
@@ -7,25 +7,24 @@ import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.MessageHandler;
import org.opensaml.messaging.handler.MessageHandlerChain;
import org.opensaml.messaging.handler.MessageHandlerException;
-import org.opensaml.saml.common.SAMLObject;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
@Slf4j
-public class PvpSamlMessageHandlerChain implements MessageHandlerChain<SAMLObject> {
- private final List<MessageHandler<SAMLObject>> handlers = new ArrayList<>();
+public class PvpSamlMessageHandlerChain implements MessageHandlerChain {
+ private final List<MessageHandler> handlers = new ArrayList<>();
private boolean isInitialized = false;
@Override
- public void invoke(MessageContext<SAMLObject> messageContext) throws MessageHandlerException {
+ public void invoke(MessageContext messageContext) throws MessageHandlerException {
if (!isInitialized) {
throw new RuntimeException("Component: "
+ PvpSamlMessageHandlerChain.class.getName() + " not initialized");
}
- for (final MessageHandler<SAMLObject> handler : getHandlers()) {
+ for (final MessageHandler handler : getHandlers()) {
log.trace("Initializing SAML message handler: {}", handler.getClass().getName());
handler.invoke(messageContext);
@@ -41,7 +40,7 @@ public class PvpSamlMessageHandlerChain implements MessageHandlerChain<SAMLObjec
@Override
public void initialize() throws ComponentInitializationException {
if (!isInitialized) {
- for (final MessageHandler<SAMLObject> handler : getHandlers()) {
+ for (final MessageHandler handler : getHandlers()) {
log.trace("Initializing SAML message handler: {}", handler.getClass().getName());
handler.initialize();
@@ -53,17 +52,17 @@ public class PvpSamlMessageHandlerChain implements MessageHandlerChain<SAMLObjec
}
@Override
- public List<MessageHandler<SAMLObject>> getHandlers() {
+ public List<MessageHandler> getHandlers() {
return handlers;
}
- public void addHandler(MessageHandler<SAMLObject> handler) {
+ public void addHandler(MessageHandler handler) {
handlers.add(handler);
}
- public void addHandlers(List<MessageHandler<SAMLObject>> handlerList) {
+ public void addHandlers(List<MessageHandler> handlerList) {
handlers.addAll(handlerList);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
index e0a3ab8e..9758ff83 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
@@ -19,6 +19,8 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
+import java.time.Duration;
+import java.time.Instant;
import java.util.ArrayList;
import java.util.List;
@@ -27,17 +29,6 @@ import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
-import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.core.criterion.EntityIdCriterion;
@@ -74,9 +65,19 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
import lombok.extern.slf4j.Slf4j;
-import net.shibboleth.utilities.java.support.net.BasicURLComparator;
import net.shibboleth.utilities.java.support.net.URIException;
+import net.shibboleth.utilities.java.support.net.impl.BasicURLComparator;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
@Slf4j
@@ -93,7 +94,7 @@ public class SamlVerificationEngine {
private static final Object SIG_VAL_ERROR_MSG = "Signature verification return false";
/**
- * 5 allow 3 minutes time jitter in before validation.
+ * allow 3 minutes time jitter in before validation.
*/
private static final int TIME_JITTER = 3;
@@ -286,10 +287,11 @@ public class SamlVerificationEngine {
// validate DateTime conditions
final Conditions conditions = saml2assertion.getConditions();
if (conditions != null) {
- final DateTime notbefore = conditions.getNotBefore().minusMinutes(5);
- final DateTime notafter = conditions.getNotOnOrAfter();
+ final Instant notbefore = conditions.getNotBefore().minus(Duration.ofMinutes(5));
+ final Instant notafter = conditions.getNotOnOrAfter();
+ final Instant now = Instant.now();
if (validateDateTime
- && (notbefore.isAfterNow() || notafter.isBeforeNow())) {
+ && (notbefore.isAfter(now) || notafter.isBefore(now))) {
isAssertionValid = false;
log.info("Assertion with ID:{} is out of Date. [ Current:{} NotBefore:{} NotAfter:{} ]",
saml2assertion.getID(), new DateTime(), notbefore, notafter);
@@ -479,14 +481,14 @@ public class SamlVerificationEngine {
throws SamlAssertionValidationExeption {
if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) {
// validate response issueInstant
- final DateTime issueInstant = samlResp.getIssueInstant();
+ final Instant issueInstant = samlResp.getIssueInstant();
if (issueInstant == null) {
log.warn("PVP response does not include a 'IssueInstant' attribute");
throw new SamlAssertionValidationExeption(ERROR_14,
new Object[] { loggerName, "'IssueInstant' attribute is not included" });
}
- if (validateDateTime && issueInstant.minusMinutes(TIME_JITTER).isAfterNow()) {
+ if (validateDateTime && issueInstant.minus(Duration.ofMinutes(TIME_JITTER)).isAfter(Instant.now())) {
log.warn("PVP response: IssueInstant DateTime is not valid anymore.");
throw new SamlAssertionValidationExeption(ERROR_14,
new Object[] { loggerName, "'IssueInstant' Time is not valid any more" });
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
index e593c1d4..abbfb1ea 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
@@ -1,10 +1,10 @@
package at.gv.egiz.eaaf.modules.pvp2.test;
+import java.time.Instant;
import java.util.ArrayList;
import java.util.List;
import org.apache.xml.security.algorithms.JCEMapper;
-import org.joda.time.DateTime;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -264,7 +264,7 @@ public abstract class AbstractSamlVerificationEngine {
final Response authnReq = (Response) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath));
- authnReq.setIssueInstant(DateTime.now());
+ authnReq.setIssueInstant(Instant.now());
final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
issuer.setValue(spEntityId);
authnReq.setIssuer(issuer);
@@ -285,7 +285,7 @@ public abstract class AbstractSamlVerificationEngine {
final AuthnRequest authnReq = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath));
- authnReq.setIssueInstant(DateTime.now());
+ authnReq.setIssueInstant(Instant.now());
final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
issuer.setValue(spEntityId);
authnReq.setIssuer(issuer);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
index 57c4b93a..1f010d06 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
@@ -1,6 +1,8 @@
package at.gv.egiz.eaaf.modules.pvp2.test;
-import org.joda.time.DateTime;
+import java.time.Duration;
+import java.time.Instant;
+
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opensaml.core.xml.io.UnmarshallingException;
@@ -219,7 +221,7 @@ public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
credentialProvider.getMetaDataSigningCredential());
final Response response = inputMsg.getFirst();
- response.setIssueInstant(DateTime.now().plusMinutes(10));
+ response.setIssueInstant(Instant.now().plus(Duration.ofMinutes(10)));
try {
verifyEngine.validateAssertion(response, credentialProvider.getMetaDataSigningCredential(),
@@ -293,8 +295,8 @@ public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
credentialProvider.getMetaDataSigningCredential());
final Response response = inputMsg.getFirst();
- response.getAssertions().get(0).getConditions().setNotBefore(DateTime.now());
- response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(15));
+ response.getAssertions().get(0).getConditions().setNotBefore(Instant.now());
+ response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plus(Duration.ofMinutes(15)));
response.getAssertions().get(0).getConditions().getAudienceRestrictions().clear();
try {
@@ -320,8 +322,8 @@ public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
credentialProvider.getMetaDataSigningCredential());
final Response response = inputMsg.getFirst();
- response.getAssertions().get(0).getConditions().setNotBefore(DateTime.now().plusMinutes(10));
- response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(15));
+ response.getAssertions().get(0).getConditions().setNotBefore(Instant.now().plus(Duration.ofMinutes(10)));
+ response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plus(Duration.ofMinutes(15)));
try {
verifyEngine.validateAssertion(response, credentialProvider.getMetaDataSigningCredential(),
@@ -346,8 +348,8 @@ public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
credentialProvider.getMetaDataSigningCredential());
final Response response = inputMsg.getFirst();
- response.getAssertions().get(0).getConditions().setNotBefore(DateTime.now());
- response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().minusMinutes(5));
+ response.getAssertions().get(0).getConditions().setNotBefore(Instant.now());
+ response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().minus(Duration.ofMinutes(5)));
try {
verifyEngine.validateAssertion(response, credentialProvider.getMetaDataSigningCredential(),
@@ -372,8 +374,8 @@ public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
credentialProvider.getMetaDataSigningCredential());
final Response response = inputMsg.getFirst();
- response.getAssertions().get(0).getConditions().setNotBefore(DateTime.now());
- response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5));
+ response.getAssertions().get(0).getConditions().setNotBefore(Instant.now());
+ response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plus(Duration.ofMinutes(5)));
verifyEngine.validateAssertion(response, credentialProvider.getMetaDataSigningCredential(),
@@ -414,8 +416,8 @@ public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
credentialProvider.getMetaDataSigningCredential());
final Response response = inputMsg.getFirst();
- response.getAssertions().get(0).getConditions().setNotBefore(DateTime.now());
- response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5));
+ response.getAssertions().get(0).getConditions().setNotBefore(Instant.now());
+ response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plus(Duration.ofMinutes(5)));
final Element secAssertionElement = XMLObjectSupport.marshall(response.getAssertions().get(0));
@@ -447,8 +449,8 @@ public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
credentialProvider.getMetaDataSigningCredential());
final Response response = inputMsg.getFirst();
- response.getAssertions().get(0).getConditions().setNotBefore(DateTime.now());
- response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5));
+ response.getAssertions().get(0).getConditions().setNotBefore(Instant.now());
+ response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plus(Duration.ofMinutes(5)));
final Element secAssertionElement = XMLObjectSupport.marshall(response.getAssertions().get(0));
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index f14a9093..8f6c35bd 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -4,6 +4,7 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
+import java.time.Instant;
import java.util.Base64;
import java.util.Map;
@@ -11,7 +12,6 @@ import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
-import org.joda.time.DateTime;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -364,7 +364,7 @@ public class PostBindingTest {
final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
PostBindingTest.class.getResourceAsStream("/data/eIDAS_connector_authn.xml"));
- authnReq.setIssueInstant(DateTime.now());
+ authnReq.setIssueInstant(Instant.now());
final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
issuer.setValue("https://demo.egiz.gv.at/demoportal_demologin/");
authnReq.setIssuer(issuer);
@@ -731,7 +731,7 @@ public class PostBindingTest {
final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
- authnReq.setIssueInstant(DateTime.now());
+ authnReq.setIssueInstant(Instant.now());
bindingImpl.encodeRequest(intHttpReq, intHttpResp, authnReq, "http://testservice.org", null,
credentials, pendingReq);
@@ -753,7 +753,7 @@ public class PostBindingTest {
final StatusResponseType response = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
PostBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
- response.setIssueInstant(DateTime.now());
+ response.setIssueInstant(Instant.now());
bindingImpl.encodeResponse(intHttpReq, intHttpResp, response, "http://testservice.org", null,
credentials, pendingReq);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
index cbeca4c3..bfa4a072 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
@@ -2,31 +2,12 @@ package at.gv.egiz.eaaf.modules.pvp2.test.binding;
import java.io.IOException;
import java.net.URLDecoder;
+import java.time.Instant;
import javax.xml.parsers.ParserConfigurationException;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
-
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
-import org.joda.time.DateTime;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -48,6 +29,24 @@ import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
import net.shibboleth.utilities.java.support.net.URIComparator;
import net.shibboleth.utilities.java.support.net.URISupport;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@@ -818,7 +817,7 @@ public class RedirectBindingTest {
final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
- authnReq.setIssueInstant(DateTime.now());
+ authnReq.setIssueInstant(Instant.now());
bindingImpl.encodeRequest(intHttpReq, intHttpResp, authnReq, "http://testservice.org", null,
credential, pendingReq);
@@ -839,7 +838,7 @@ public class RedirectBindingTest {
final StatusResponseType authnReq = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
RedirectBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
- authnReq.setIssueInstant(DateTime.now());
+ authnReq.setIssueInstant(Instant.now());
bindingImpl.encodeResponse(intHttpReq, intHttpResp, authnReq, "http://testservice.org", null,
credential, pendingReq);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java
index f3a7e01d..2c152195 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java
@@ -2,21 +2,8 @@ package at.gv.egiz.eaaf.modules.pvp2.test.binding;
import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
+import java.time.Instant;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
-import org.joda.time.DateTime;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -38,6 +25,18 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.net.URIComparator;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
@@ -93,7 +92,7 @@ public class SoapBindingTest {
final RequestAbstractType payload = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
- payload.setIssueInstant(DateTime.now());
+ payload.setIssueInstant(Instant.now());
final Envelope enveloped = Saml2Utils.buildSoap11Envelope(payload);
final Marshaller marshaller = Constraint.isNotNull(
XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(enveloped),
@@ -127,7 +126,7 @@ public class SoapBindingTest {
final RequestAbstractType payload = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
PostBindingTest.class.getResourceAsStream("/data/AuthRequest_with_sig_1.xml"));
- payload.setIssueInstant(DateTime.now());
+ payload.setIssueInstant(Instant.now());
final Envelope enveloped = Saml2Utils.buildSoap11Envelope(payload);
final Marshaller marshaller = Constraint.isNotNull(
XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(enveloped),
@@ -162,7 +161,7 @@ public class SoapBindingTest {
final RequestAbstractType payload = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
PostBindingTest.class.getResourceAsStream("/data/AuthRequest_with_sig_1.xml"));
- payload.setIssueInstant(DateTime.now());
+ payload.setIssueInstant(Instant.now());
final RequestAbstractType signedPayload = Saml2Utils.signSamlObject(
payload, credentialProvider.getMetaDataSigningCredential(), true);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
index 3673859a..07c5f8ff 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
@@ -5,17 +5,17 @@ import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
+import org.opensaml.saml.metadata.resolver.MetadataResolver;
+import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
+import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import org.opensaml.saml.metadata.resolver.MetadataResolver;
-import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
-import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
-import org.springframework.beans.factory.annotation.Autowired;
-
public class DummyMetadataProvider extends AbstractChainingMetadataProvider {
private final List<String> configuredMetadataUrls = new ArrayList<>();
@@ -75,6 +75,5 @@ public class DummyMetadataProvider extends AbstractChainingMetadataProvider {
public void setMetadataFilters(List<MetadataFilter> filtersToUse) {
metadataFilters.setFilters(filtersToUse);
- }
-
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
index 1cbc2f14..036d682b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
@@ -8,6 +8,8 @@ import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.time.Duration;
+import java.time.Instant;
import java.util.ArrayList;
import java.util.List;
@@ -15,7 +17,6 @@ import javax.xml.transform.TransformerException;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
-import org.joda.time.DateTime;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -295,7 +296,7 @@ public class MetadataResolverTest {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_moaid_test.xml"));
- metadata.setValidUntil(DateTime.now().plusDays(1));
+ metadata.setValidUntil(Instant.now().plus(Duration.ofDays(1)));
metadata.setSignature(null);
metadata.setEntityID(RandomStringUtils.randomAlphabetic(10));
final EntityDescriptor signedMatadata =
@@ -344,7 +345,7 @@ public class MetadataResolverTest {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory.xml"));
- metadata.setValidUntil(DateTime.now().plusDays(1));
+ metadata.setValidUntil(Instant.now().plus(Duration.ofDays(1)));
metadata.setSignature(null);
metadata.setEntityID(RandomStringUtils.randomAlphabetic(10));
final EntityDescriptor signedMatadata =
@@ -382,7 +383,7 @@ public class MetadataResolverTest {
Assert.assertNotNull("No EntityDescripter", descr);
final List<RequestedAttribute> reqAttr = descr.getSPSSODescriptor(SAMLConstants.SAML20P_NS)
- .getAttributeConsumingServices().get(0).getRequestAttributes();
+ .getAttributeConsumingServices().get(0).getRequestedAttributes();
Assert.assertNotNull("Req. attributes are null", reqAttr);
Assert.assertEquals("# of req. attributes", 20, reqAttr.size());
@@ -398,7 +399,7 @@ public class MetadataResolverTest {
XMLObjectProviderRegistrySupport.getParserPool(),
MetadataResolverTest.class.getResourceAsStream(
"/data/pvp_metadata_valid_with_entityCategory_egov.xml"));
- metadata.setValidUntil(DateTime.now().plusDays(1));
+ metadata.setValidUntil(Instant.now().plus(Duration.ofDays(1)));
metadata.setSignature(null);
metadata.setEntityID(RandomStringUtils.randomAlphabetic(10));
final EntityDescriptor signedMatadata =
@@ -436,7 +437,7 @@ public class MetadataResolverTest {
Assert.assertNotNull("No EntityDescripter", descr);
final List<RequestedAttribute> reqAttr = descr.getSPSSODescriptor(SAMLConstants.SAML20P_NS)
- .getAttributeConsumingServices().get(0).getRequestAttributes();
+ .getAttributeConsumingServices().get(0).getRequestedAttributes();
Assert.assertNotNull("Req. attributes are null", reqAttr);
Assert.assertEquals("# of req. attributes", 9, reqAttr.size());
@@ -451,7 +452,7 @@ public class MetadataResolverTest {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid.xml"));
- metadata.setValidUntil(DateTime.now().minusDays(2));
+ metadata.setValidUntil(Instant.now().minus(Duration.ofDays(2)));
metadata.setSignature(null);
Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true);
final Element metadataElement = XMLObjectSupport.marshall(metadata);
@@ -607,7 +608,7 @@ public class MetadataResolverTest {
final EntityDescriptor entityId = mdResolver.getEntityDescriptor(entityIdToResolve);
Assert.assertNotNull("No EntityDescripter", entityId);
- final DateTime lastRefreshSucess = mdResolver.getLastSuccessfulRefresh();
+ final Instant lastRefreshSucess = mdResolver.getLastSuccessfulRefresh();
try {
mdResolver.refresh();
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index a56c8726..1e42ac9c 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -19,12 +19,32 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.impl;
+import java.time.Duration;
+import java.time.Instant;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.NameIDType;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
+import org.opensaml.saml.saml2.core.StatusCode;
+import org.opensaml.saml.saml2.core.StatusMessage;
+import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.xmlsec.signature.SignableXMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egiz.components.eventlog.api.EventConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
@@ -59,25 +79,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
-import org.opensaml.saml.common.xml.SAMLConstants;
-import org.opensaml.saml.saml2.core.AuthnRequest;
-import org.opensaml.saml.saml2.core.Issuer;
-import org.opensaml.saml.saml2.core.NameIDType;
-import org.opensaml.saml.saml2.core.Response;
-import org.opensaml.saml.saml2.core.Status;
-import org.opensaml.saml.saml2.core.StatusCode;
-import org.opensaml.saml.saml2.core.StatusMessage;
-import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.xmlsec.signature.SignableXMLObject;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-
public abstract class AbstractPvp2XProtocol extends AbstractController implements IModulInfo {
private static final Logger log = LoggerFactory.getLogger(AbstractPvp2XProtocol.class);
@@ -166,7 +167,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
final String remoteSessionID = Saml2Utils.getSecureIdentifier();
samlResponse.setID(remoteSessionID);
- samlResponse.setIssueInstant(new DateTime());
+ samlResponse.setIssueInstant(Instant.now());
final Issuer nissuer = Saml2Utils.createSamlObject(Issuer.class);
nissuer.setValue(pvpBasicConfiguration.getIdpEntityId(pvpRequest.getAuthUrl()));
nissuer.setFormat(NameIDType.ENTITY);
@@ -457,8 +458,8 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
}
- if (authnRequest.getIssueInstant().minusMinutes(EaafConstants.ALLOWED_TIME_JITTER)
- .isAfterNow()) {
+ if (authnRequest.getIssueInstant().minus(Duration.ofMinutes(EaafConstants.ALLOWED_TIME_JITTER))
+ .isAfter(Instant.now())) {
log.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
throw new AuthnRequestValidatorException("pvp2.22",
new Object[] { "Unsupported request: No IssueInstant DateTime is not valid anymore." },
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
index f9d7767f..91e92d63 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -19,11 +19,12 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.impl;
+import java.time.Instant;
+
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.joda.time.DateTime;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnRequest;
@@ -102,7 +103,7 @@ public class AuthenticationAction implements IAction {
consumerService.setBinding(pvpRequest.getBinding());
consumerService.setLocation(pvpRequest.getConsumerUrl());
- final DateTime date = new DateTime();
+ final Instant date = Instant.now();
final SloInformationImpl sloInformation = new SloInformationImpl();
final String issuerEntityID = pvpBasicConfiguration.getIdpEntityId(pvpRequest.getAuthUrl());
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java
index 482a2a09..500482b2 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java
@@ -19,17 +19,10 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder;
+import java.time.Instant;
import java.util.ArrayList;
import java.util.List;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-
-import org.joda.time.DateTime;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
@@ -67,6 +60,12 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
@@ -94,7 +93,7 @@ public class AuthResponseBuilder {
* @throws InvalidAssertionEncryptionException In case of an error
*/
public static Response buildResponse(final IPvp2MetadataProvider metadataProvider,
- final String issuerEntityID, final RequestAbstractType req, final DateTime date,
+ final String issuerEntityID, final RequestAbstractType req, final Instant date,
final Assertion assertion, IConfiguration authConfig)
throws InvalidAssertionEncryptionException {
final Response authResponse = Saml2Utils.createSamlObject(Response.class);
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
index b7b18f0f..21912592 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
@@ -20,34 +20,14 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder;
import java.security.MessageDigest;
+import java.time.Instant;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.naming.ConfigurationException;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
-import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotSupportedException;
-import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
-import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
-import at.gv.egiz.eaaf.modules.pvp2.idp.exception.UnprovideableAttributeException;
-import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.QaaLevelVerifier;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-
import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
@@ -79,6 +59,26 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.Base64Utils;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotSupportedException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.UnprovideableAttributeException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.QaaLevelVerifier;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
@Service("PVP2AssertionBuilder")
public class Pvp2AssertionBuilder implements PvpConstants {
@@ -102,7 +102,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
* @throws Pvp2Exception In case of an error
*/
public Assertion buildAssertion(final String issuerEntityID, final AttributeQuery attrQuery,
- final List<Attribute> attrList, final DateTime now, final DateTime validTo,
+ final List<Attribute> attrList, final Instant now, final Instant validTo,
final String qaaLevel, final String sessionIndex) throws Pvp2Exception {
final AuthnContextClassRef authnContextClassRef =
@@ -140,7 +140,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
*/
public Assertion buildAssertion(final String issuerEntityID,
final PvpSProfilePendingRequest pendingReq, final AuthnRequest authnRequest,
- final IAuthData authData, final EntityDescriptor peerEntity, final DateTime date,
+ final IAuthData authData, final EntityDescriptor peerEntity, final Instant date,
final AssertionConsumerService assertionConsumerService,
final SloInformationInterface sloInformation) throws Pvp2Exception {
@@ -249,7 +249,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
if (attributeConsumingService != null) {
final Iterator<RequestedAttribute> it =
- attributeConsumingService.getRequestAttributes().iterator();
+ attributeConsumingService.getRequestedAttributes().iterator();
while (it.hasNext()) {
final RequestedAttribute reqAttribut = it.next();
try {
@@ -364,7 +364,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
Saml2Utils.createSamlObject(SubjectConfirmationData.class);
subjectConfirmationData.setInResponseTo(authnRequest.getID());
subjectConfirmationData
- .setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
+ .setNotOnOrAfter(Instant.ofEpochMilli(authData.getSsoSessionValidTo().getTime()));
// set 'recipient' attribute in subjectConformationData
subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
@@ -403,10 +403,10 @@ public class Pvp2AssertionBuilder implements PvpConstants {
* @throws ConfigurationException In case on an error
*/
- public Assertion buildGenericAssertion(String issuer, final String entityID, final DateTime date,
+ public Assertion buildGenericAssertion(String issuer, final String entityID, final Instant date,
final AuthnContextClassRef authnContextClassRef, final List<Attribute> attrList,
final NameID subjectNameID, final SubjectConfirmationData subjectConfirmationData,
- final String sessionIndex, final DateTime isValidTo) throws ResponderErrorException {
+ final String sessionIndex, final Instant isValidTo) throws ResponderErrorException {
final Assertion assertion = Saml2Utils.createSamlObject(Assertion.class);
final AuthnContext authnContext = Saml2Utils.createSamlObject(AuthnContext.class);
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java
index b2e528c4..799002ed 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java
@@ -1,25 +1,11 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.test;
import java.io.IOException;
+import java.time.Instant;
import javax.xml.transform.TransformerException;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfig;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
-import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException;
-import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
-import at.gv.egiz.eaaf.modules.pvp2.test.binding.PostBindingTest;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
import org.apache.commons.lang3.RandomStringUtils;
-import org.joda.time.DateTime;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -37,6 +23,19 @@ import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfig;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.test.binding.PostBindingTest;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@RunWith(SpringJUnit4ClassRunner.class)
@@ -80,7 +79,7 @@ public class AuthnResponseBuilderTest {
PostBindingTest.class.getResourceAsStream("/data/Assertion_1.xml"));
//build response
- final DateTime now = DateTime.now();
+ final Instant now = Instant.now();
final Response response = AuthResponseBuilder.buildResponse(
metadataProvider, issuerEntityID, authnReq,
now, assertion, authConfig);
@@ -125,7 +124,7 @@ public class AuthnResponseBuilderTest {
PostBindingTest.class.getResourceAsStream("/data/Assertion_1.xml"));
//build response
- final DateTime now = DateTime.now();
+ final Instant now = Instant.now();
final Response response = AuthResponseBuilder.buildResponse(
metadataProvider, issuerEntityID, authnReq,
now, assertion, authConfig);
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
index 752386a0..eb808f04 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
@@ -20,24 +20,12 @@
package at.gv.egiz.eaaf.modules.pvp2.sp.impl;
import java.security.NoSuchAlgorithmException;
+import java.time.Instant;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation;
-import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
-
import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
@@ -61,7 +49,19 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
-import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+import net.shibboleth.utilities.java.support.security.impl.SecureRandomIdentifierGenerationStrategy;
+
/**
* PVP2 S-Profil Authentication-Request builder-implementation.
@@ -130,7 +130,7 @@ public class PvpAuthnRequestBuilder {
}
- authReq.setIssueInstant(new DateTime());
+ authReq.setIssueInstant(Instant.now());
// set isPassive flag
if (config.isPassivRequest() == null) {
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
index b12a5913..21541700 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
@@ -28,10 +28,6 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
-import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
-
import org.apache.commons.lang3.StringUtils;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.saml2.core.Assertion;
@@ -45,6 +41,10 @@ import org.opensaml.saml.saml2.core.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+
public class AssertionAttributeExtractor {
private static final Logger log = LoggerFactory.getLogger(AssertionAttributeExtractor.class);
@@ -296,13 +296,13 @@ public class AssertionAttributeExtractor {
&& getFullAssertion().getAuthnStatements().size() > 0) {
for (final AuthnStatement el : getFullAssertion().getAuthnStatements()) {
if (el.getSessionNotOnOrAfter() != null) {
- return el.getSessionNotOnOrAfter().toDate();
+ return Date.from(el.getSessionNotOnOrAfter());
}
}
}
- return getFullAssertion().getConditions().getNotOnOrAfter().toDate();
+ return Date.from(getFullAssertion().getConditions().getNotOnOrAfter());
}
@@ -317,7 +317,7 @@ public class AssertionAttributeExtractor {
*/
public Date getAssertionIssuingDate() {
try {
- return getFullAssertion().getIssueInstant().toDate();
+ return Date.from(getFullAssertion().getIssueInstant());
} catch (final NullPointerException e) {
return null;
@@ -336,7 +336,7 @@ public class AssertionAttributeExtractor {
*/
public Date getAssertionNotBefore() {
try {
- return getFullAssertion().getConditions().getNotBefore().toDate();
+ return Date.from(getFullAssertion().getConditions().getNotBefore());
} catch (final NullPointerException e) {
return null;
diff --git a/pom.xml b/pom.xml
index ad24a636..1cac4b56 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,7 +48,7 @@
<!-- Other third-party libs -->
<org.springframework.version>5.1.5.RELEASE</org.springframework.version>
- <org.opensaml.version>3.4.3</org.opensaml.version>
+ <org.opensaml.version>4.0.0</org.opensaml.version>
<org.apache.santuario.xmlsec.version>2.1.4</org.apache.santuario.xmlsec.version>
<org.bouncycastle.bcprov-jdk15on.version>1.64</org.bouncycastle.bcprov-jdk15on.version>