diff options
24 files changed, 860 insertions, 132 deletions
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyAuthConfigMap.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyAuthConfigMap.java new file mode 100644 index 00000000..42d07e8e --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyAuthConfigMap.java @@ -0,0 +1,130 @@ +package at.gv.egiz.eaaf.core.impl.idp.module.test; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import org.apache.commons.lang3.StringUtils; + +/** + * Dummy Application-configuration implementation for jUnit tests. + * + * @author tlenz + * + */ +public class DummyAuthConfigMap implements IConfigurationWithSP { + + private Map<String, String> config = new HashMap<>(); + + /** + * Dummy Application-configuration. + * + * @param configIs Property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final InputStream configIs) throws IOException { + + final Properties props = new Properties(); + props.load(configIs); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + /** + * Dummy Application-configuration. + * + * @param path Path to property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final String path) throws IOException { + + final Properties props = new Properties(); + props.load(this.getClass().getResourceAsStream(path)); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + + @Override + public String getBasicConfiguration(final String key) { + return config.get(key); + + } + + @Override + public String getBasicConfiguration(final String key, final String defaultValue) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + + } + + @Override + public boolean getBasicConfigurationBoolean(final String key) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return false; + } else { + return Boolean.valueOf(value); + } + } + + @Override + public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue))); + + } + + @Override + public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) { + return KeyValueUtils.getSubSetWithPrefix(config, prefix); + + } + + @Override + public ISpConfiguration getServiceProviderConfiguration(final String uniqueID) + throws EaafConfigurationException { + return null; + } + + @Override + public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator) + throws EaafConfigurationException { + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + return new java.io.File(".").toURI(); + + } + + @Override + public String validateIdpUrl(final URL authReqUrl) throws EaafException { + return null; + } + + public void putConfigValue(final String key, final String value) { + config.put(key, value); + } + + public void removeConfigValue(final String key) { + config.remove(key); + + } + + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java index ce6451c0..95070167 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java @@ -21,4 +21,22 @@ public interface EaafX509Credential extends X509Credential { */ void setSignatureAlgorithmForSigning(@Nonnull String sigAlg); + + /** + * Get the key-encryption algorithm that has to be used with this credential + * in case of data-encryption operations. + * + * @return Key-encryption algorithm-identifier + */ + @Nonnull + String getKeyEncryptionAlgorithmForDataEncryption(); + + /** + * Set the key-encryption algorithm that has to be used with this credential + * in case of data-encryption operations. + * + * @param sigAlg Key-encryption algorithm-identifier + */ + void setKeyEncryptionAlgorithmForDataEncryption(@Nonnull String sigAlg); + } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java index 6d81700a..1611d623 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java @@ -46,6 +46,7 @@ public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAda implements EaafX509Credential { private String signatureAlgorithmtToUse; + private String keyEncryptionAlgorithmtToUse; /** * Get an OpenSAML2 keystore. @@ -72,10 +73,15 @@ public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAda } try { - setSignatureAlgorithmForSigning(Saml2Utils.getSignatureAlgorithm(this, + setSignatureAlgorithmForSigning(Saml2Utils.getKeyOperationAlgorithmFromCredential(this, PvpConstants.DEFAULT_SIGNING_METHODE_RSA, PvpConstants.DEFAULT_SIGNING_METHODE_EC)); + setKeyEncryptionAlgorithmForDataEncryption( + Saml2Utils.getKeyOperationAlgorithmFromCredential(this, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC)); + } catch (final SamlSigningException e) { throw new CredentialsNotAvailableException("internal.pvp.01", new Object[] { keyStoreFriendlyName, alias }, e); @@ -101,4 +107,16 @@ public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAda } + @Override + public String getKeyEncryptionAlgorithmForDataEncryption() { + return this.keyEncryptionAlgorithmtToUse; + + } + + @Override + public void setKeyEncryptionAlgorithmForDataEncryption(String sigAlg) { + this.keyEncryptionAlgorithmtToUse = sigAlg; + + } + } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index 336741a0..13124114 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -23,10 +23,14 @@ import java.io.IOException; import java.io.InputStream; import java.security.KeyStore; import java.security.KeyStoreException; -import java.security.PrivateKey; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.RSAPrivateKey; - +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Enumeration; +import java.util.List; + +import javax.annotation.Nonnull; import javax.annotation.PostConstruct; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; @@ -40,26 +44,24 @@ import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; import org.apache.commons.lang3.StringUtils; -import org.opensaml.security.credential.Credential; import org.opensaml.security.credential.UsageType; -import org.opensaml.xmlsec.signature.Signature; -import org.opensaml.xmlsec.signature.support.SignatureConstants; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; +import lombok.extern.slf4j.Slf4j; + +@Slf4j public abstract class AbstractCredentialProvider { + private static final String TRUSTED_CERTIFICATES_OPERATION = "Trusted Certificate Entries"; + @Autowired protected ResourceLoader resourceLoader; @Autowired protected IConfiguration basicConfig; - private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class); - private KeyStore keyStore = null; /** @@ -76,6 +78,7 @@ public abstract class AbstractCredentialProvider { * @return URL to the keyStore * @throws EaafException In case of an invalid filepath */ + @Nonnull public abstract String getKeyStoreFilePath() throws EaafException; /** @@ -133,23 +136,16 @@ public abstract class AbstractCredentialProvider { * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ - public EaafX509Credential getIdpMetaDataSigningCredential() throws CredentialsNotAvailableException { + public EaafX509Credential getMetaDataSigningCredential() throws CredentialsNotAvailableException { try { final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray(), getFriendlyName()); - credentials.setUsageType(UsageType.SIGNING); - credentials.setSignatureAlgorithmForSigning(Saml2Utils.getSignatureAlgorithm( - credentials, - basicConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG, - PvpConstants.DEFAULT_SIGNING_METHODE_RSA), - basicConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG, - PvpConstants.DEFAULT_SIGNING_METHODE_EC))); + credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials)); + credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials)); return credentials; - } catch (final SamlSigningException e) { + } catch (final Exception e) { throw new CredentialsNotAvailableException("internal.pvp.01", new Object[] { getFriendlyName(), getMetadataKeyAlias() }, e); @@ -157,26 +153,19 @@ public abstract class AbstractCredentialProvider { } /** - * Get Credentials to sign Assertion. + * Get Credentials to sign SAML2 messages, like AuthnRequest, Response, + * Assertions as some examples. * * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ - public EaafX509Credential getIdpAssertionSigningCredential() throws CredentialsNotAvailableException { + public EaafX509Credential getMessageSigningCredential() throws CredentialsNotAvailableException { try { final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray(), getFriendlyName()); - credentials.setUsageType(UsageType.SIGNING); - credentials.setSignatureAlgorithmForSigning(Saml2Utils.getSignatureAlgorithm( - credentials, - basicConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG, - PvpConstants.DEFAULT_SIGNING_METHODE_RSA), - basicConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG, - PvpConstants.DEFAULT_SIGNING_METHODE_EC))); - + credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials)); + credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials)); return credentials; } catch (final Exception e) { @@ -187,51 +176,70 @@ public abstract class AbstractCredentialProvider { } /** - * Get Credentials to encrypt assertion. + * Get Credentials to encrypt messages, like Assertion as example. * * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ - public EaafX509Credential getIdpAssertionEncryptionCredential() + public EaafX509Credential getMessageEncryptionCredential() throws CredentialsNotAvailableException { // if no encryption key is configured return null if (StringUtils.isEmpty(getEncryptionKeyAlias())) { return null; } - final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, - getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray(), getFriendlyName()); - credentials.setUsageType(UsageType.ENCRYPTION); - return credentials; + try { + final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, + getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray(), getFriendlyName()); + credentials.setUsageType(UsageType.ENCRYPTION); + credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials)); + credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials)); + return credentials; + + } catch (final Exception e) { + throw new CredentialsNotAvailableException("internal.pvp.01", + new Object[] { getFriendlyName(), getEncryptionKeyAlias() }, e); + + } } /** - * Get an XML signature object. + * Get a List of trusted {@link X509Certificate} that are available in this + * KeyStore. * - * @param credentials Credentials for signing - * @return OpenSAML Signature object + * @return List of trusted {@link X509Certificate}, or an emptry {@link List} if + * no certificates are available + * @throws CredentialsNotAvailableException In case of a KeyStore error */ - @Deprecated - public static Signature getIdpSignature(final Credential credentials) { - final PrivateKey privatekey = credentials.getPrivateKey(); - final Signature signer = Saml2Utils.createSamlObject(Signature.class); - - if (privatekey instanceof RSAPrivateKey) { - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - - } else if (privatekey instanceof ECPrivateKey) { - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256); - - } else { - log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() - + " credential."); + @Nonnull + public List<X509Certificate> getTrustedCertificates() + throws CredentialsNotAvailableException { + final List<X509Certificate> result = new ArrayList<>(); + try { + final Enumeration<String> aliases = keyStore.aliases(); + while (aliases.hasMoreElements()) { + final String el = aliases.nextElement(); + log.trace("Process TrustStoreEntry: " + el); + if (keyStore.isCertificateEntry(el)) { + final Certificate cert = keyStore.getCertificate(el); + if (cert != null && cert instanceof X509Certificate) { + result.add((X509Certificate) cert); + + } else { + log.info("Can not process entry: {}. Reason: {}", + el, cert != null ? cert.getType() : "cert is null"); + + } + } + } + } catch (final KeyStoreException e) { + throw new CredentialsNotAvailableException("internal.pvp.01", + new Object[] { getFriendlyName(), TRUSTED_CERTIFICATES_OPERATION }, e); } - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); - return signer; + return Collections.unmodifiableList(result); } @@ -254,7 +262,30 @@ public abstract class AbstractCredentialProvider { throw e; } + } + + private String selectSigningAlgorithm(EaafKeyStoreX509CredentialAdapter credentials) + throws SamlSigningException { + return Saml2Utils.getKeyOperationAlgorithmFromCredential( + credentials, + basicConfig.getBasicConfiguration( + PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG, + PvpConstants.DEFAULT_SIGNING_METHODE_RSA), + basicConfig.getBasicConfiguration( + PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG, + PvpConstants.DEFAULT_SIGNING_METHODE_EC)); + } + private String selectKeyEncryptionAlgorithm(EaafKeyStoreX509CredentialAdapter credentials) + throws SamlSigningException { + return Saml2Utils.getKeyOperationAlgorithmFromCredential( + credentials, + basicConfig.getBasicConfiguration( + PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA), + basicConfig.getBasicConfiguration( + PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC)); } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java index dc7e9338..14e6a78a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java @@ -132,7 +132,7 @@ public class Saml2Utils { @Nonnull EaafX509Credential signingCredential, boolean injectCertificate) throws SamlSigningException { try { - final String usedSigAlg = getSignatureAlgorithm(signingCredential, + final String usedSigAlg = getKeyOperationAlgorithmFromCredential(signingCredential, PvpConstants.DEFAULT_SIGNING_METHODE_RSA, PvpConstants.DEFAULT_SIGNING_METHODE_EC); @@ -218,15 +218,15 @@ public class Saml2Utils { /** * Select signature algorithm for a given credential. * - * @param credentials {@link X509Credential} that will be used for signing - * @param rsaSigAlgorithm RSA based signing algorithm that should be used in + * @param credentials {@link X509Credential} that will be used for key operations + * @param rsaSigAlgorithm RSA based algorithm that should be used in * case of RSA credential - * @param ecSigAlgorithm EC based signing algorithm that should be used in case + * @param ecSigAlgorithm EC based algorithm that should be used in case * of RSA credential - * @return either the rsaSigAlgorithm or the ecSigAlgorithm + * @return either the RSA based algorithm or the EC based algorithm * @throws SamlSigningException In case of an unsupported credential */ - public static String getSignatureAlgorithm(X509Credential credentials, + public static String getKeyOperationAlgorithmFromCredential(X509Credential credentials, String rsaSigAlgorithm, String ecSigAlgorithm) throws SamlSigningException { final PrivateKey privatekey = credentials.getPrivateKey(); if (privatekey instanceof RSAPrivateKey) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java new file mode 100644 index 00000000..1183bb49 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java @@ -0,0 +1,477 @@ +package at.gv.egiz.eaaf.modules.pvp2.test; + +import java.security.cert.X509Certificate; +import java.util.List; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/spring/test_eaaf_core_spring_config.beans.xml", + "/spring/SpringTest-context_lazy.xml" + }) +@TestPropertySource(locations = {"/config/config_1.props"}) +public class CredentialProviderTest { + + private static final String PATH_JKS_WITH_TRUST_CERTS = "src/test/resources/data/junit.jks"; + private static final String PATH_JKS_WITHOUT_TRUST_CERTS = "src/test/resources/data/junit_without_trustcerts.jks"; + private static final String ALIAS_METADATA = "meta"; + private static final String ALIAS_SIGN = "sig"; + private static final String ALIAS_ENC = "meta"; + private static final String PASSWORD = "password"; + + + @Autowired private ApplicationContext context; + @Autowired private DummyAuthConfigMap config; + + /** + * jUnit test initializer. + */ + @Before + public void initialize() { + config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, PATH_JKS_WITH_TRUST_CERTS); + config.putConfigValue(DummyCredentialProvider.KEYSTORE_PASSWORD, PASSWORD); + + config.removeConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS); + config.removeConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD); + + config.removeConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS); + config.removeConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD); + + config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS); + config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD); + + } + + @Test + @DirtiesContext + public void noKeyStoreUrl() { + config.removeConfigValue(DummyCredentialProvider.KEYSTORE_PATH); + try { + context.getBean(DummyCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getCause(), "Wrong exception"); + } + + } + + @Test + @DirtiesContext + public void noKeyStore() { + config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, "src/test/resources/config/notExist.p12"); + try { + context.getBean(DummyCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + org.springframework.util.Assert.isInstanceOf(java.io.FileNotFoundException.class, + e.getCause(), "Wrong exception"); + } + + } + + @Test + @DirtiesContext + public void noWrongKeyStorePassword() { + config.putConfigValue(DummyCredentialProvider.KEYSTORE_PASSWORD, "test"); + try { + context.getBean(DummyCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getCause(), "Wrong exception"); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongAlias() { + final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongPassword() { + final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No message signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationValidAliasWrongPassword() { + final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, + ALIAS_METADATA); + config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, + ALIAS_SIGN); + config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS, + ALIAS_ENC); + config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongAliasValidPassword() { + final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, + PASSWORD); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD, + PASSWORD); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD, + PASSWORD); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } + + @Test + @DirtiesContext + public void validonfiguration() throws CredentialsNotAvailableException { + final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + + config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, + ALIAS_METADATA); + config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, + PASSWORD); + + checkCredential(credential.getMetaDataSigningCredential(), + PvpConstants.DEFAULT_SIGNING_METHODE_RSA, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); + + config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, + ALIAS_SIGN); + config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD, + PASSWORD); + checkCredential(credential.getMessageSigningCredential(), + PvpConstants.DEFAULT_SIGNING_METHODE_EC, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC); + + config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS, + ALIAS_ENC); + config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD, + PASSWORD); + checkCredential(credential.getMessageEncryptionCredential(), + PvpConstants.DEFAULT_SIGNING_METHODE_RSA, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); + + + final List<X509Certificate> trustCerts = credential.getTrustedCertificates(); + Assert.assertNotNull("TrustCerts are null", trustCerts); + Assert.assertFalse("TrustCerts not empty", trustCerts.isEmpty()); + Assert.assertEquals("# of Trustcerts", 2, trustCerts.size()); + + } + + @Test + @DirtiesContext + public void validonfigurationWithOutTrustCerts() throws CredentialsNotAvailableException { + config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, PATH_JKS_WITHOUT_TRUST_CERTS); + + config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG, + "RSA-SIG_" + RandomStringUtils.randomAlphabetic(10)); + config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG, + "EC-SIG_" + RandomStringUtils.randomAlphabetic(10)); + config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, + "RSA_ENC_" + RandomStringUtils.randomAlphabetic(10)); + config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, + "EC-ENC_" + RandomStringUtils.randomAlphabetic(10)); + + final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, + ALIAS_METADATA); + config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, + PASSWORD); + + checkCredential(credential.getMetaDataSigningCredential(), + config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG), + config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG)); + + config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, + ALIAS_SIGN); + config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD, + PASSWORD); + checkCredential(credential.getMessageSigningCredential(), + config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG), + config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG)); + + config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS, + ALIAS_ENC); + config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD, + PASSWORD); + checkCredential(credential.getMessageEncryptionCredential(), + config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG), + config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG)); + + final List<X509Certificate> trustCerts = credential.getTrustedCertificates(); + Assert.assertNotNull("TrustCerts are null", trustCerts); + Assert.assertTrue("TrustCerts not empty", trustCerts.isEmpty()); + + } + + @Test + @DirtiesContext + public void notKeyConfiguration() { + final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption signing credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationPkcs12() { + config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, + "src/test/resources/data/junit_without_trustcerts.p12"); + final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + credential.getMessageSigningCredential(); + Assert.fail("No message signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption signing credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } + + private void checkCredential(EaafX509Credential metaDataSigningCredential, String sigAlg, String keyEncAlg) { + Assert.assertNotNull("No metadata signing credentials", metaDataSigningCredential); + Assert.assertNotNull("SigAlg is null", + metaDataSigningCredential.getSignatureAlgorithmForSigning()); + Assert.assertNotNull("KeyEncAlg is null", + metaDataSigningCredential.getKeyEncryptionAlgorithmForDataEncryption()); + Assert.assertFalse("SigAlg is empty", + metaDataSigningCredential.getSignatureAlgorithmForSigning().isEmpty()); + Assert.assertFalse("KeyEncAlg is empty", + metaDataSigningCredential.getKeyEncryptionAlgorithmForDataEncryption().isEmpty()); + + Assert.assertEquals("Wrong SigAlg", sigAlg, + metaDataSigningCredential.getSignatureAlgorithmForSigning()); + Assert.assertEquals("Wrong KeyEncAlg", keyEncAlg, + metaDataSigningCredential.getKeyEncryptionAlgorithmForDataEncryption()); + + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java index 87073e81..76dba510 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java @@ -65,7 +65,8 @@ import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; @RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml"}) +@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml", + "/spring/test_eaaf_core_spring_config.beans.xml"}) @TestPropertySource(locations = {"/config/config_1.props"}) public class PostBindingTest { @@ -246,7 +247,7 @@ public class PostBindingTest { final String serviceUrl = "http://testservice.org"; final String b64AuthnReq = generateSaml2AuthnRequest( - credentialProvider.getIdpMetaDataSigningCredential()); + credentialProvider.getMetaDataSigningCredential()); httpReq.setMethod("POST"); httpReq.addParameter("SAMLRequest", b64AuthnReq); @@ -289,7 +290,7 @@ public class PostBindingTest { final String relayState = RandomStringUtils.randomAlphanumeric(10); final String b64AuthnReq = generateSaml2AuthnRequest( - credentialProvider.getIdpMetaDataSigningCredential()); + credentialProvider.getMetaDataSigningCredential()); httpReq.setMethod("POST"); httpReq.addParameter("SAMLRequest", b64AuthnReq); httpReq.addParameter("RelayState", relayState); @@ -319,7 +320,7 @@ public class PostBindingTest { final String serviceUrl = "http://testservice.org"; final String b64AuthnReq = generateSaml2AuthnRequest( - credentialProvider.getIdpAssertionSigningCredential()); + credentialProvider.getMessageSigningCredential()); httpReq.setMethod("POST"); httpReq.addParameter("SAMLRequest", b64AuthnReq); @@ -353,7 +354,7 @@ public class PostBindingTest { final URIComparator comparator = new EaafUriCompare(serviceUrl); - final String b64AuthnReq = generateSaml2Response(credentialProvider.getIdpMetaDataSigningCredential()); + final String b64AuthnReq = generateSaml2Response(credentialProvider.getMetaDataSigningCredential()); httpReq.setMethod("POST"); httpReq.addParameter("SAMLRequest", b64AuthnReq); @@ -382,7 +383,7 @@ public class PostBindingTest { PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState, - credentialProvider.getIdpMetaDataSigningCredential(), pendingReq); + credentialProvider.getMetaDataSigningCredential(), pendingReq); //validate Assert.assertEquals("http StatusCode", 200, httpResp.getStatus()); @@ -416,7 +417,7 @@ public class PostBindingTest { PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState, - credentialProvider.getIdpAssertionSigningCredential(), pendingReq); + credentialProvider.getMessageSigningCredential(), pendingReq); //validate Assert.assertEquals("http StatusCode", 200, httpResp.getStatus()); @@ -451,7 +452,7 @@ public class PostBindingTest { PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState, - credentialProvider.getIdpMetaDataSigningCredential(), pendingReq); + credentialProvider.getMetaDataSigningCredential(), pendingReq); //validate @@ -489,7 +490,7 @@ public class PostBindingTest { PostBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml")); bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState, - credentialProvider.getIdpMetaDataSigningCredential(), pendingReq); + credentialProvider.getMetaDataSigningCredential(), pendingReq); //validate @@ -527,7 +528,7 @@ public class PostBindingTest { PostBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml")); bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState, - credentialProvider.getIdpMetaDataSigningCredential(), pendingReq); + credentialProvider.getMetaDataSigningCredential(), pendingReq); //validate diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java index 23cc98a6..f85e5c2a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java @@ -58,7 +58,8 @@ import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; @RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml" }) +@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", + "/spring/test_eaaf_core_spring_config.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) public class RedirectBindingTest { @@ -336,7 +337,7 @@ public class RedirectBindingTest { httpReq.setMethod("GET"); httpReq.setRequestURI("http://testservice.org"); - httpReq.setQueryString(generateAuthnRequest(credentialProvider.getIdpMetaDataSigningCredential())); + httpReq.setQueryString(generateAuthnRequest(credentialProvider.getMetaDataSigningCredential())); httpReq.setParameter(HTTP_FORM_SAMLREQ, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLREQ).substring(HTTP_FORM_SAMLREQ_PARAM.length()), "UTF-8")); @@ -406,7 +407,7 @@ public class RedirectBindingTest { httpReq.setMethod("GET"); httpReq.setRequestURI("http://testservice.org"); - httpReq.setQueryString(generateResponse(credentialProvider.getIdpMetaDataSigningCredential())); + httpReq.setQueryString(generateResponse(credentialProvider.getMetaDataSigningCredential())); httpReq.setParameter(HTTP_FORM_SAMLRESP, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLRESP).substring(HTTP_FORM_SAMLRESP_PARM.length()), "UTF-8")); @@ -459,7 +460,7 @@ public class RedirectBindingTest { httpReq.setMethod("GET"); httpReq.setRequestURI("http://testservice.org"); httpReq.setParameter(HTTP_FORM_RELAYSTATE, relayState); - httpReq.setQueryString(generateResponse(credentialProvider.getIdpMetaDataSigningCredential())); + httpReq.setQueryString(generateResponse(credentialProvider.getMetaDataSigningCredential())); httpReq.setParameter(HTTP_FORM_SAMLRESP, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLRESP).substring(HTTP_FORM_SAMLRESP_PARM.length()), "UTF-8")); @@ -500,7 +501,7 @@ public class RedirectBindingTest { RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState, - credentialProvider.getIdpMetaDataSigningCredential(), pendingReq); + credentialProvider.getMetaDataSigningCredential(), pendingReq); // validate Assert.assertEquals("http StatusCode", 302, httpResp.getStatus()); @@ -548,7 +549,7 @@ public class RedirectBindingTest { RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState, - credentialProvider.getIdpAssertionSigningCredential(), pendingReq); + credentialProvider.getMessageSigningCredential(), pendingReq); // validate // validate @@ -598,7 +599,7 @@ public class RedirectBindingTest { RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState, - credentialProvider.getIdpMetaDataSigningCredential(), pendingReq); + credentialProvider.getMetaDataSigningCredential(), pendingReq); // validate Assert.assertEquals("http StatusCode", 302, httpResp.getStatus()); @@ -649,7 +650,7 @@ public class RedirectBindingTest { RedirectBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml")); bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState, - credentialProvider.getIdpMetaDataSigningCredential(), pendingReq); + credentialProvider.getMetaDataSigningCredential(), pendingReq); // validate Assert.assertEquals("http StatusCode", 302, httpResp.getStatus()); @@ -700,7 +701,7 @@ public class RedirectBindingTest { RedirectBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml")); bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState, - credentialProvider.getIdpMetaDataSigningCredential(), pendingReq); + credentialProvider.getMetaDataSigningCredential(), pendingReq); // validate Assert.assertEquals("http StatusCode", 302, httpResp.getStatus()); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java index 1125d30e..b43f6a3e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java @@ -44,7 +44,8 @@ import net.shibboleth.utilities.java.support.xml.SerializeSupport; import net.shibboleth.utilities.java.support.xml.XMLParserException; @RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml"}) +@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml", + "/spring/test_eaaf_core_spring_config.beans.xml"}) @TestPropertySource(locations = {"/config/config_1.props"}) public class SoapBindingTest { @@ -162,7 +163,7 @@ public class SoapBindingTest { PostBindingTest.class.getResourceAsStream("/data/AuthRequest_with_sig_1.xml")); payload.setIssueInstant(DateTime.now()); final RequestAbstractType signedPayload = Saml2Utils.signSamlObject( - payload, credentialProvider.getIdpMetaDataSigningCredential(), true); + payload, credentialProvider.getMetaDataSigningCredential(), true); final Envelope enveloped = Saml2Utils.buildSoap11Envelope(signedPayload); final Marshaller marshaller = Constraint.isNotNull( @@ -197,7 +198,7 @@ public class SoapBindingTest { PostBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml")); bindingImpl.encodeResponse(httpReq, httpResp, response, serviceUrl, null, - credentialProvider.getIdpMetaDataSigningCredential(), pendingReq); + credentialProvider.getMetaDataSigningCredential(), pendingReq); Assert.assertEquals("http StatusCode", 200, httpResp.getStatus()); Assert.assertNotNull("PVP msg is null", httpResp.getContentLength()); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java index 6930790d..b9f1326d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java @@ -1,7 +1,11 @@ package at.gv.egiz.eaaf.modules.pvp2.test.dummy; +import java.net.MalformedURLException; + import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import org.springframework.beans.factory.annotation.Autowired; @@ -29,7 +33,22 @@ public class DummyCredentialProvider extends AbstractCredentialProvider { @Override public String getKeyStoreFilePath() throws EaafException { - return basicConfig.getBasicConfiguration(KEYSTORE_PATH); + final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH); + + if (path != null) { + try { + return FileUtils.makeAbsoluteUrl( + path, + basicConfig.getConfigurationRootDirectory()); + + } catch (final MalformedURLException e) { + throw new EaafConfigurationException("internel test error", null, e); + + } + } + + throw new EaafConfigurationException("No keyStore path", null); + } @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java index 2d46f102..f8402510 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java @@ -56,7 +56,8 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException; @RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml" }) +@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", + "/spring/test_eaaf_core_spring_config.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) public class MetadataBuilderTest { @@ -211,7 +212,7 @@ public class MetadataBuilderTest { @Override public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getIdpAssertionSigningCredential(); + return credentialProvider.getMessageSigningCredential(); } @Override @@ -226,7 +227,7 @@ public class MetadataBuilderTest { @Override public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getIdpMetaDataSigningCredential(); + return credentialProvider.getMetaDataSigningCredential(); } @Override @@ -271,7 +272,7 @@ public class MetadataBuilderTest { @Override public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getIdpAssertionSigningCredential(); + return credentialProvider.getMessageSigningCredential(); } @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java index f40fbc74..8995152d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java @@ -77,7 +77,8 @@ import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; @RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml" }) +@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", + "/spring/test_eaaf_core_spring_config.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) public class MetadataResolverTest { @@ -321,7 +322,7 @@ public class MetadataResolverTest { MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory.xml")); metadata.setValidUntil(DateTime.now().plusDays(1)); metadata.setSignature(null); - Saml2Utils.signSamlObject(metadata, credentialProvider.getIdpMetaDataSigningCredential(), true); + Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); final Element metadataElement = XMLObjectSupport.marshall(metadata); mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(SerializeSupport.nodeToString(metadataElement)) @@ -373,7 +374,7 @@ public class MetadataResolverTest { MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory_egov.xml")); metadata.setValidUntil(DateTime.now().plusDays(1)); metadata.setSignature(null); - Saml2Utils.signSamlObject(metadata, credentialProvider.getIdpMetaDataSigningCredential(), true); + Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); final Element metadataElement = XMLObjectSupport.marshall(metadata); mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(SerializeSupport.nodeToString(metadataElement)) @@ -425,7 +426,7 @@ public class MetadataResolverTest { MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid.xml")); metadata.setValidUntil(DateTime.now().minusDays(2)); metadata.setSignature(null); - Saml2Utils.signSamlObject(metadata, credentialProvider.getIdpMetaDataSigningCredential(), true); + Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); final Element metadataElement = XMLObjectSupport.marshall(metadata); mockWebServer.enqueue(new MockResponse().setResponseCode(200) diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jks b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jks Binary files differindex b5262cb8..59e6ad13 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jks +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jks diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.jks b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.jks Binary files differnew file mode 100644 index 00000000..b5262cb8 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.jks diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.p12 b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.p12 Binary files differnew file mode 100644 index 00000000..c3fe2681 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.p12 diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore.xml index 52549a88..96560960 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> -<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2020-02-05T06:41:42.966Z"> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2045-02-05T06:41:42.966Z"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_moaid_test.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_moaid_test.xml index f1fbd9be..ddc6e4ad 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_moaid_test.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_moaid_test.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> -<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata" validUntil="2020-02-05T06:41:42.966Z"> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata" validUntil="2040-02-05T06:41:42.966Z"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/SpringTest-context_lazy.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/SpringTest-context_lazy.xml new file mode 100644 index 00000000..bd424620 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/SpringTest-context_lazy.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" > + + <context:annotation-config /> + + <bean id="dummyCredentialProvider" + class="at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider" + lazy-init="true"/> + +</beans> diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml index 375224bb..3b2d0a28 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml @@ -10,9 +10,6 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - <bean id="dummyAuthConfig" - class="at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfig" /> - <bean id="dummyVelocityGuiBuilder" class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyVelocityGuiFormBuilder" /> diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_map_config.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_map_config.beans.xml new file mode 100644 index 00000000..3e1df7d2 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_map_config.beans.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <bean id="dummyAuthConfig" + class="at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfig" /> + +</beans>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml new file mode 100644 index 00000000..c1660a70 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <bean id="dummyAuthConfigMap" + class="at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap"> + <constructor-arg value="/config/config_1.props" /> + </bean> + +</beans>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index 1ef7da29..29bbac1e 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -194,7 +194,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement relayState = pvpRequest.getRequest().getRelayState(); } - final EaafX509Credential signCred = pvpIdpCredentials.getIdpAssertionSigningCredential(); + final EaafX509Credential signCred = pvpIdpCredentials.getMessageSigningCredential(); encoder.encodeResponse(request, response, samlResponse, pvpRequest.getConsumerUrl(), relayState, signCred, protocolRequest); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index c0190959..d138ba3a 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -129,7 +129,7 @@ public class AuthenticationAction implements IAction { } binding.encodeResponse(httpReq, httpResp, authResponse, consumerService.getLocation(), - moaRequest.getRelayState(), pvpIdpCredentials.getIdpAssertionSigningCredential(), req); + moaRequest.getRelayState(), pvpIdpCredentials.getMessageSigningCredential(), req); revisionsLogger.logEvent(req, 3105, authResponse.getID()); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java index 55e3e8b4..565f28fb 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java @@ -19,9 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder; -import java.security.PublicKey; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; import java.util.List; @@ -134,7 +131,14 @@ public class AuthResponseBuilder { X509Credential encryptionCredentials, IConfiguration authConfig) throws InvalidAssertionEncryptionException { try { - final String keyEncAlg = selectKeyEncryptionAlgorithm(encryptionCredentials, authConfig); + final String keyEncAlg = Saml2Utils.getKeyOperationAlgorithmFromCredential( + encryptionCredentials, + authConfig.getBasicConfiguration( + PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA), + authConfig.getBasicConfiguration( + PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC)); final DataEncryptionParameters dataEncParams = new DataEncryptionParameters(); dataEncParams.setAlgorithm(authConfig.getBasicConfiguration( @@ -164,29 +168,6 @@ public class AuthResponseBuilder { } - private static String selectKeyEncryptionAlgorithm(X509Credential encryptionCredentials, - IConfiguration authConfig) throws SamlSigningException { - final PublicKey privatekey = encryptionCredentials.getPublicKey(); - if (privatekey instanceof RSAPublicKey) { - return authConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, - PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); - - } else if (privatekey instanceof ECPublicKey) { - return authConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, - PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC); - - } else { - log.warn("Could NOT evaluate the Private-Key type from " + encryptionCredentials.getEntityId() - + " credential."); - throw new SamlSigningException("internal.pvp.97", - new Object[] { encryptionCredentials.getEntityId(), privatekey.getClass().getName() }); - - } - - } - private static X509Credential resolveEncryptionCredential(RequestAbstractType req, IPvp2MetadataProvider metadataProvider) throws InvalidAssertionEncryptionException { try { |