summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyAuthConfigMap.java130
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java18
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java20
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java151
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java12
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java477
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java21
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java19
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java7
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java21
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java9
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java9
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jksbin2733 -> 3980 bytes
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.jksbin0 -> 2733 bytes
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.p12bin0 -> 3204 bytes
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore.xml2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_moaid_test.xml2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/SpringTest-context_lazy.xml18
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml3
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_map_config.beans.xml16
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml18
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java35
24 files changed, 860 insertions, 132 deletions
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyAuthConfigMap.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyAuthConfigMap.java
new file mode 100644
index 00000000..42d07e8e
--- /dev/null
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummyAuthConfigMap.java
@@ -0,0 +1,130 @@
+package at.gv.egiz.eaaf.core.impl.idp.module.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ * Dummy Application-configuration implementation for jUnit tests.
+ *
+ * @author tlenz
+ *
+ */
+public class DummyAuthConfigMap implements IConfigurationWithSP {
+
+ private Map<String, String> config = new HashMap<>();
+
+ /**
+ * Dummy Application-configuration.
+ *
+ * @param configIs Property based configuration
+ * @throws IOException In case of an configuration read error
+ */
+ public DummyAuthConfigMap(final InputStream configIs) throws IOException {
+
+ final Properties props = new Properties();
+ props.load(configIs);
+
+ config = KeyValueUtils.convertPropertiesToMap(props);
+
+ }
+
+ /**
+ * Dummy Application-configuration.
+ *
+ * @param path Path to property based configuration
+ * @throws IOException In case of an configuration read error
+ */
+ public DummyAuthConfigMap(final String path) throws IOException {
+
+ final Properties props = new Properties();
+ props.load(this.getClass().getResourceAsStream(path));
+
+ config = KeyValueUtils.convertPropertiesToMap(props);
+
+ }
+
+
+ @Override
+ public String getBasicConfiguration(final String key) {
+ return config.get(key);
+
+ }
+
+ @Override
+ public String getBasicConfiguration(final String key, final String defaultValue) {
+ final String value = getBasicConfiguration(key);
+ if (StringUtils.isEmpty(value)) {
+ return defaultValue;
+ } else {
+ return value;
+ }
+
+ }
+
+ @Override
+ public boolean getBasicConfigurationBoolean(final String key) {
+ final String value = getBasicConfiguration(key);
+ if (StringUtils.isEmpty(value)) {
+ return false;
+ } else {
+ return Boolean.valueOf(value);
+ }
+ }
+
+ @Override
+ public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) {
+ return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue)));
+
+ }
+
+ @Override
+ public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) {
+ return KeyValueUtils.getSubSetWithPrefix(config, prefix);
+
+ }
+
+ @Override
+ public ISpConfiguration getServiceProviderConfiguration(final String uniqueID)
+ throws EaafConfigurationException {
+ return null;
+ }
+
+ @Override
+ public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator)
+ throws EaafConfigurationException {
+ return null;
+ }
+
+ @Override
+ public URI getConfigurationRootDirectory() {
+ return new java.io.File(".").toURI();
+
+ }
+
+ @Override
+ public String validateIdpUrl(final URL authReqUrl) throws EaafException {
+ return null;
+ }
+
+ public void putConfigValue(final String key, final String value) {
+ config.put(key, value);
+ }
+
+ public void removeConfigValue(final String key) {
+ config.remove(key);
+
+ }
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java
index ce6451c0..95070167 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java
@@ -21,4 +21,22 @@ public interface EaafX509Credential extends X509Credential {
*/
void setSignatureAlgorithmForSigning(@Nonnull String sigAlg);
+
+ /**
+ * Get the key-encryption algorithm that has to be used with this credential
+ * in case of data-encryption operations.
+ *
+ * @return Key-encryption algorithm-identifier
+ */
+ @Nonnull
+ String getKeyEncryptionAlgorithmForDataEncryption();
+
+ /**
+ * Set the key-encryption algorithm that has to be used with this credential
+ * in case of data-encryption operations.
+ *
+ * @param sigAlg Key-encryption algorithm-identifier
+ */
+ void setKeyEncryptionAlgorithmForDataEncryption(@Nonnull String sigAlg);
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
index 6d81700a..1611d623 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
@@ -46,6 +46,7 @@ public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAda
implements EaafX509Credential {
private String signatureAlgorithmtToUse;
+ private String keyEncryptionAlgorithmtToUse;
/**
* Get an OpenSAML2 keystore.
@@ -72,10 +73,15 @@ public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAda
}
try {
- setSignatureAlgorithmForSigning(Saml2Utils.getSignatureAlgorithm(this,
+ setSignatureAlgorithmForSigning(Saml2Utils.getKeyOperationAlgorithmFromCredential(this,
PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
PvpConstants.DEFAULT_SIGNING_METHODE_EC));
+ setKeyEncryptionAlgorithmForDataEncryption(
+ Saml2Utils.getKeyOperationAlgorithmFromCredential(this,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC));
+
} catch (final SamlSigningException e) {
throw new CredentialsNotAvailableException("internal.pvp.01", new Object[] { keyStoreFriendlyName,
alias }, e);
@@ -101,4 +107,16 @@ public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAda
}
+ @Override
+ public String getKeyEncryptionAlgorithmForDataEncryption() {
+ return this.keyEncryptionAlgorithmtToUse;
+
+ }
+
+ @Override
+ public void setKeyEncryptionAlgorithmForDataEncryption(String sigAlg) {
+ this.keyEncryptionAlgorithmtToUse = sigAlg;
+
+ }
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index 336741a0..13124114 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -23,10 +23,14 @@ import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
-import java.security.PrivateKey;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.List;
+
+import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
@@ -40,26 +44,24 @@ import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
import org.apache.commons.lang3.StringUtils;
-import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
-import org.opensaml.xmlsec.signature.Signature;
-import org.opensaml.xmlsec.signature.support.SignatureConstants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
public abstract class AbstractCredentialProvider {
+ private static final String TRUSTED_CERTIFICATES_OPERATION = "Trusted Certificate Entries";
+
@Autowired
protected ResourceLoader resourceLoader;
@Autowired
protected IConfiguration basicConfig;
- private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class);
-
private KeyStore keyStore = null;
/**
@@ -76,6 +78,7 @@ public abstract class AbstractCredentialProvider {
* @return URL to the keyStore
* @throws EaafException In case of an invalid filepath
*/
+ @Nonnull
public abstract String getKeyStoreFilePath() throws EaafException;
/**
@@ -133,23 +136,16 @@ public abstract class AbstractCredentialProvider {
* @return Credentials
* @throws CredentialsNotAvailableException In case of a credential error
*/
- public EaafX509Credential getIdpMetaDataSigningCredential() throws CredentialsNotAvailableException {
+ public EaafX509Credential getMetaDataSigningCredential() throws CredentialsNotAvailableException {
try {
final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray(), getFriendlyName());
-
credentials.setUsageType(UsageType.SIGNING);
- credentials.setSignatureAlgorithmForSigning(Saml2Utils.getSignatureAlgorithm(
- credentials,
- basicConfig.getBasicConfiguration(
- PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
- PvpConstants.DEFAULT_SIGNING_METHODE_RSA),
- basicConfig.getBasicConfiguration(
- PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
- PvpConstants.DEFAULT_SIGNING_METHODE_EC)));
+ credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials));
+ credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials));
return credentials;
- } catch (final SamlSigningException e) {
+ } catch (final Exception e) {
throw new CredentialsNotAvailableException("internal.pvp.01",
new Object[] { getFriendlyName(), getMetadataKeyAlias() }, e);
@@ -157,26 +153,19 @@ public abstract class AbstractCredentialProvider {
}
/**
- * Get Credentials to sign Assertion.
+ * Get Credentials to sign SAML2 messages, like AuthnRequest, Response,
+ * Assertions as some examples.
*
* @return Credentials
* @throws CredentialsNotAvailableException In case of a credential error
*/
- public EaafX509Credential getIdpAssertionSigningCredential() throws CredentialsNotAvailableException {
+ public EaafX509Credential getMessageSigningCredential() throws CredentialsNotAvailableException {
try {
final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray(), getFriendlyName());
-
credentials.setUsageType(UsageType.SIGNING);
- credentials.setSignatureAlgorithmForSigning(Saml2Utils.getSignatureAlgorithm(
- credentials,
- basicConfig.getBasicConfiguration(
- PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
- PvpConstants.DEFAULT_SIGNING_METHODE_RSA),
- basicConfig.getBasicConfiguration(
- PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
- PvpConstants.DEFAULT_SIGNING_METHODE_EC)));
-
+ credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials));
+ credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials));
return credentials;
} catch (final Exception e) {
@@ -187,51 +176,70 @@ public abstract class AbstractCredentialProvider {
}
/**
- * Get Credentials to encrypt assertion.
+ * Get Credentials to encrypt messages, like Assertion as example.
*
* @return Credentials
* @throws CredentialsNotAvailableException In case of a credential error
*/
- public EaafX509Credential getIdpAssertionEncryptionCredential()
+ public EaafX509Credential getMessageEncryptionCredential()
throws CredentialsNotAvailableException {
// if no encryption key is configured return null
if (StringUtils.isEmpty(getEncryptionKeyAlias())) {
return null;
}
- final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
- getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray(), getFriendlyName());
- credentials.setUsageType(UsageType.ENCRYPTION);
- return credentials;
+ try {
+ final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
+ getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray(), getFriendlyName());
+ credentials.setUsageType(UsageType.ENCRYPTION);
+ credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials));
+ credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials));
+ return credentials;
+
+ } catch (final Exception e) {
+ throw new CredentialsNotAvailableException("internal.pvp.01",
+ new Object[] { getFriendlyName(), getEncryptionKeyAlias() }, e);
+
+ }
}
/**
- * Get an XML signature object.
+ * Get a List of trusted {@link X509Certificate} that are available in this
+ * KeyStore.
*
- * @param credentials Credentials for signing
- * @return OpenSAML Signature object
+ * @return List of trusted {@link X509Certificate}, or an emptry {@link List} if
+ * no certificates are available
+ * @throws CredentialsNotAvailableException In case of a KeyStore error
*/
- @Deprecated
- public static Signature getIdpSignature(final Credential credentials) {
- final PrivateKey privatekey = credentials.getPrivateKey();
- final Signature signer = Saml2Utils.createSamlObject(Signature.class);
-
- if (privatekey instanceof RSAPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
- } else if (privatekey instanceof ECPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
- } else {
- log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId()
- + " credential.");
+ @Nonnull
+ public List<X509Certificate> getTrustedCertificates()
+ throws CredentialsNotAvailableException {
+ final List<X509Certificate> result = new ArrayList<>();
+ try {
+ final Enumeration<String> aliases = keyStore.aliases();
+ while (aliases.hasMoreElements()) {
+ final String el = aliases.nextElement();
+ log.trace("Process TrustStoreEntry: " + el);
+ if (keyStore.isCertificateEntry(el)) {
+ final Certificate cert = keyStore.getCertificate(el);
+ if (cert != null && cert instanceof X509Certificate) {
+ result.add((X509Certificate) cert);
+
+ } else {
+ log.info("Can not process entry: {}. Reason: {}",
+ el, cert != null ? cert.getType() : "cert is null");
+
+ }
+ }
+ }
+ } catch (final KeyStoreException e) {
+ throw new CredentialsNotAvailableException("internal.pvp.01",
+ new Object[] { getFriendlyName(), TRUSTED_CERTIFICATES_OPERATION }, e);
}
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
- return signer;
+ return Collections.unmodifiableList(result);
}
@@ -254,7 +262,30 @@ public abstract class AbstractCredentialProvider {
throw e;
}
+ }
+
+ private String selectSigningAlgorithm(EaafKeyStoreX509CredentialAdapter credentials)
+ throws SamlSigningException {
+ return Saml2Utils.getKeyOperationAlgorithmFromCredential(
+ credentials,
+ basicConfig.getBasicConfiguration(
+ PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
+ PvpConstants.DEFAULT_SIGNING_METHODE_RSA),
+ basicConfig.getBasicConfiguration(
+ PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG,
+ PvpConstants.DEFAULT_SIGNING_METHODE_EC));
+ }
+ private String selectKeyEncryptionAlgorithm(EaafKeyStoreX509CredentialAdapter credentials)
+ throws SamlSigningException {
+ return Saml2Utils.getKeyOperationAlgorithmFromCredential(
+ credentials,
+ basicConfig.getBasicConfiguration(
+ PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA),
+ basicConfig.getBasicConfiguration(
+ PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC));
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
index dc7e9338..14e6a78a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
@@ -132,7 +132,7 @@ public class Saml2Utils {
@Nonnull EaafX509Credential signingCredential, boolean injectCertificate) throws SamlSigningException {
try {
- final String usedSigAlg = getSignatureAlgorithm(signingCredential,
+ final String usedSigAlg = getKeyOperationAlgorithmFromCredential(signingCredential,
PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
PvpConstants.DEFAULT_SIGNING_METHODE_EC);
@@ -218,15 +218,15 @@ public class Saml2Utils {
/**
* Select signature algorithm for a given credential.
*
- * @param credentials {@link X509Credential} that will be used for signing
- * @param rsaSigAlgorithm RSA based signing algorithm that should be used in
+ * @param credentials {@link X509Credential} that will be used for key operations
+ * @param rsaSigAlgorithm RSA based algorithm that should be used in
* case of RSA credential
- * @param ecSigAlgorithm EC based signing algorithm that should be used in case
+ * @param ecSigAlgorithm EC based algorithm that should be used in case
* of RSA credential
- * @return either the rsaSigAlgorithm or the ecSigAlgorithm
+ * @return either the RSA based algorithm or the EC based algorithm
* @throws SamlSigningException In case of an unsupported credential
*/
- public static String getSignatureAlgorithm(X509Credential credentials,
+ public static String getKeyOperationAlgorithmFromCredential(X509Credential credentials,
String rsaSigAlgorithm, String ecSigAlgorithm) throws SamlSigningException {
final PrivateKey privatekey = credentials.getPrivateKey();
if (privatekey instanceof RSAPrivateKey) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
new file mode 100644
index 00000000..1183bb49
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
@@ -0,0 +1,477 @@
+package at.gv.egiz.eaaf.modules.pvp2.test;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/spring/test_eaaf_core_spring_config.beans.xml",
+ "/spring/SpringTest-context_lazy.xml"
+ })
+@TestPropertySource(locations = {"/config/config_1.props"})
+public class CredentialProviderTest {
+
+ private static final String PATH_JKS_WITH_TRUST_CERTS = "src/test/resources/data/junit.jks";
+ private static final String PATH_JKS_WITHOUT_TRUST_CERTS = "src/test/resources/data/junit_without_trustcerts.jks";
+ private static final String ALIAS_METADATA = "meta";
+ private static final String ALIAS_SIGN = "sig";
+ private static final String ALIAS_ENC = "meta";
+ private static final String PASSWORD = "password";
+
+
+ @Autowired private ApplicationContext context;
+ @Autowired private DummyAuthConfigMap config;
+
+ /**
+ * jUnit test initializer.
+ */
+ @Before
+ public void initialize() {
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, PATH_JKS_WITH_TRUST_CERTS);
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_PASSWORD, PASSWORD);
+
+ config.removeConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS);
+ config.removeConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD);
+
+ config.removeConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS);
+ config.removeConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD);
+
+ config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS);
+ config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD);
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void noKeyStoreUrl() {
+ config.removeConfigValue(DummyCredentialProvider.KEYSTORE_PATH);
+ try {
+ context.getBean(DummyCredentialProvider.class);
+ Assert.fail("No KeyStore not detected");
+
+ } catch (final BeansException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+ e.getCause(), "Wrong exception");
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void noKeyStore() {
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, "src/test/resources/config/notExist.p12");
+ try {
+ context.getBean(DummyCredentialProvider.class);
+ Assert.fail("No KeyStore not detected");
+
+ } catch (final BeansException e) {
+ org.springframework.util.Assert.isInstanceOf(java.io.FileNotFoundException.class,
+ e.getCause(), "Wrong exception");
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void noWrongKeyStorePassword() {
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_PASSWORD, "test");
+ try {
+ context.getBean(DummyCredentialProvider.class);
+ Assert.fail("No KeyStore not detected");
+
+ } catch (final BeansException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+ e.getCause(), "Wrong exception");
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfigurationWrongAlias() {
+ final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMessageSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMessageEncryptionCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfigurationWrongPassword() {
+ final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMessageSigningCredential();
+ Assert.fail("No message signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ final EaafX509Credential encCred = credential.getMessageEncryptionCredential();
+ Assert.assertNull("No encryption credentials not detected", encCred);
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfigurationValidAliasWrongPassword() {
+ final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS,
+ ALIAS_METADATA);
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS,
+ ALIAS_SIGN);
+ config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMessageSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS,
+ ALIAS_ENC);
+ config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD,
+ RandomStringUtils.randomAlphabetic(5));
+ credential.getMessageEncryptionCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfigurationWrongAliasValidPassword() {
+ final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD,
+ PASSWORD);
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD,
+ PASSWORD);
+ credential.getMessageSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+ config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD,
+ PASSWORD);
+ credential.getMessageEncryptionCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void validonfiguration() throws CredentialsNotAvailableException {
+ final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS,
+ ALIAS_METADATA);
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD,
+ PASSWORD);
+
+ checkCredential(credential.getMetaDataSigningCredential(),
+ PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA);
+
+ config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS,
+ ALIAS_SIGN);
+ config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD,
+ PASSWORD);
+ checkCredential(credential.getMessageSigningCredential(),
+ PvpConstants.DEFAULT_SIGNING_METHODE_EC,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC);
+
+ config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS,
+ ALIAS_ENC);
+ config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD,
+ PASSWORD);
+ checkCredential(credential.getMessageEncryptionCredential(),
+ PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA);
+
+
+ final List<X509Certificate> trustCerts = credential.getTrustedCertificates();
+ Assert.assertNotNull("TrustCerts are null", trustCerts);
+ Assert.assertFalse("TrustCerts not empty", trustCerts.isEmpty());
+ Assert.assertEquals("# of Trustcerts", 2, trustCerts.size());
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void validonfigurationWithOutTrustCerts() throws CredentialsNotAvailableException {
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, PATH_JKS_WITHOUT_TRUST_CERTS);
+
+ config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
+ "RSA-SIG_" + RandomStringUtils.randomAlphabetic(10));
+ config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG,
+ "EC-SIG_" + RandomStringUtils.randomAlphabetic(10));
+ config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG,
+ "RSA_ENC_" + RandomStringUtils.randomAlphabetic(10));
+ config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG,
+ "EC-ENC_" + RandomStringUtils.randomAlphabetic(10));
+
+ final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS,
+ ALIAS_METADATA);
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD,
+ PASSWORD);
+
+ checkCredential(credential.getMetaDataSigningCredential(),
+ config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG),
+ config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG));
+
+ config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS,
+ ALIAS_SIGN);
+ config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD,
+ PASSWORD);
+ checkCredential(credential.getMessageSigningCredential(),
+ config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG),
+ config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG));
+
+ config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS,
+ ALIAS_ENC);
+ config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD,
+ PASSWORD);
+ checkCredential(credential.getMessageEncryptionCredential(),
+ config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG),
+ config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG));
+
+ final List<X509Certificate> trustCerts = credential.getTrustedCertificates();
+ Assert.assertNotNull("TrustCerts are null", trustCerts);
+ Assert.assertTrue("TrustCerts not empty", trustCerts.isEmpty());
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfiguration() {
+ final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ credential.getMessageSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ final EaafX509Credential encCred = credential.getMessageEncryptionCredential();
+ Assert.assertNull("No encryption signing credentials not detected", encCred);
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void notKeyConfigurationPkcs12() {
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH,
+ "src/test/resources/data/junit_without_trustcerts.p12");
+ final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ try {
+ credential.getMetaDataSigningCredential();
+ Assert.fail("No Metadata signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ credential.getMessageSigningCredential();
+ Assert.fail("No message signing credentials not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+
+ try {
+ final EaafX509Credential encCred = credential.getMessageEncryptionCredential();
+ Assert.assertNull("No encryption signing credentials not detected", encCred);
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01"));
+
+ }
+ }
+
+ private void checkCredential(EaafX509Credential metaDataSigningCredential, String sigAlg, String keyEncAlg) {
+ Assert.assertNotNull("No metadata signing credentials", metaDataSigningCredential);
+ Assert.assertNotNull("SigAlg is null",
+ metaDataSigningCredential.getSignatureAlgorithmForSigning());
+ Assert.assertNotNull("KeyEncAlg is null",
+ metaDataSigningCredential.getKeyEncryptionAlgorithmForDataEncryption());
+ Assert.assertFalse("SigAlg is empty",
+ metaDataSigningCredential.getSignatureAlgorithmForSigning().isEmpty());
+ Assert.assertFalse("KeyEncAlg is empty",
+ metaDataSigningCredential.getKeyEncryptionAlgorithmForDataEncryption().isEmpty());
+
+ Assert.assertEquals("Wrong SigAlg", sigAlg,
+ metaDataSigningCredential.getSignatureAlgorithmForSigning());
+ Assert.assertEquals("Wrong KeyEncAlg", keyEncAlg,
+ metaDataSigningCredential.getKeyEncryptionAlgorithmForDataEncryption());
+
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index 87073e81..76dba510 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -65,7 +65,8 @@ import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml"})
+@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml",
+ "/spring/test_eaaf_core_spring_config.beans.xml"})
@TestPropertySource(locations = {"/config/config_1.props"})
public class PostBindingTest {
@@ -246,7 +247,7 @@ public class PostBindingTest {
final String serviceUrl = "http://testservice.org";
final String b64AuthnReq = generateSaml2AuthnRequest(
- credentialProvider.getIdpMetaDataSigningCredential());
+ credentialProvider.getMetaDataSigningCredential());
httpReq.setMethod("POST");
httpReq.addParameter("SAMLRequest", b64AuthnReq);
@@ -289,7 +290,7 @@ public class PostBindingTest {
final String relayState = RandomStringUtils.randomAlphanumeric(10);
final String b64AuthnReq = generateSaml2AuthnRequest(
- credentialProvider.getIdpMetaDataSigningCredential());
+ credentialProvider.getMetaDataSigningCredential());
httpReq.setMethod("POST");
httpReq.addParameter("SAMLRequest", b64AuthnReq);
httpReq.addParameter("RelayState", relayState);
@@ -319,7 +320,7 @@ public class PostBindingTest {
final String serviceUrl = "http://testservice.org";
final String b64AuthnReq = generateSaml2AuthnRequest(
- credentialProvider.getIdpAssertionSigningCredential());
+ credentialProvider.getMessageSigningCredential());
httpReq.setMethod("POST");
httpReq.addParameter("SAMLRequest", b64AuthnReq);
@@ -353,7 +354,7 @@ public class PostBindingTest {
final URIComparator comparator = new EaafUriCompare(serviceUrl);
- final String b64AuthnReq = generateSaml2Response(credentialProvider.getIdpMetaDataSigningCredential());
+ final String b64AuthnReq = generateSaml2Response(credentialProvider.getMetaDataSigningCredential());
httpReq.setMethod("POST");
httpReq.addParameter("SAMLRequest", b64AuthnReq);
@@ -382,7 +383,7 @@ public class PostBindingTest {
PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
- credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+ credentialProvider.getMetaDataSigningCredential(), pendingReq);
//validate
Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
@@ -416,7 +417,7 @@ public class PostBindingTest {
PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
- credentialProvider.getIdpAssertionSigningCredential(), pendingReq);
+ credentialProvider.getMessageSigningCredential(), pendingReq);
//validate
Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
@@ -451,7 +452,7 @@ public class PostBindingTest {
PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
- credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+ credentialProvider.getMetaDataSigningCredential(), pendingReq);
//validate
@@ -489,7 +490,7 @@ public class PostBindingTest {
PostBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState,
- credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+ credentialProvider.getMetaDataSigningCredential(), pendingReq);
//validate
@@ -527,7 +528,7 @@ public class PostBindingTest {
PostBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState,
- credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+ credentialProvider.getMetaDataSigningCredential(), pendingReq);
//validate
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
index 23cc98a6..f85e5c2a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java
@@ -58,7 +58,8 @@ import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml" })
+@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
+ "/spring/test_eaaf_core_spring_config.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
public class RedirectBindingTest {
@@ -336,7 +337,7 @@ public class RedirectBindingTest {
httpReq.setMethod("GET");
httpReq.setRequestURI("http://testservice.org");
- httpReq.setQueryString(generateAuthnRequest(credentialProvider.getIdpMetaDataSigningCredential()));
+ httpReq.setQueryString(generateAuthnRequest(credentialProvider.getMetaDataSigningCredential()));
httpReq.setParameter(HTTP_FORM_SAMLREQ, URLDecoder.decode(URISupport.getRawQueryStringParameter(
httpReq.getQueryString(), HTTP_FORM_SAMLREQ).substring(HTTP_FORM_SAMLREQ_PARAM.length()), "UTF-8"));
@@ -406,7 +407,7 @@ public class RedirectBindingTest {
httpReq.setMethod("GET");
httpReq.setRequestURI("http://testservice.org");
- httpReq.setQueryString(generateResponse(credentialProvider.getIdpMetaDataSigningCredential()));
+ httpReq.setQueryString(generateResponse(credentialProvider.getMetaDataSigningCredential()));
httpReq.setParameter(HTTP_FORM_SAMLRESP, URLDecoder.decode(URISupport.getRawQueryStringParameter(
httpReq.getQueryString(), HTTP_FORM_SAMLRESP).substring(HTTP_FORM_SAMLRESP_PARM.length()), "UTF-8"));
@@ -459,7 +460,7 @@ public class RedirectBindingTest {
httpReq.setMethod("GET");
httpReq.setRequestURI("http://testservice.org");
httpReq.setParameter(HTTP_FORM_RELAYSTATE, relayState);
- httpReq.setQueryString(generateResponse(credentialProvider.getIdpMetaDataSigningCredential()));
+ httpReq.setQueryString(generateResponse(credentialProvider.getMetaDataSigningCredential()));
httpReq.setParameter(HTTP_FORM_SAMLRESP, URLDecoder.decode(URISupport.getRawQueryStringParameter(
httpReq.getQueryString(), HTTP_FORM_SAMLRESP).substring(HTTP_FORM_SAMLRESP_PARM.length()), "UTF-8"));
@@ -500,7 +501,7 @@ public class RedirectBindingTest {
RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
- credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+ credentialProvider.getMetaDataSigningCredential(), pendingReq);
// validate
Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
@@ -548,7 +549,7 @@ public class RedirectBindingTest {
RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
- credentialProvider.getIdpAssertionSigningCredential(), pendingReq);
+ credentialProvider.getMessageSigningCredential(), pendingReq);
// validate
// validate
@@ -598,7 +599,7 @@ public class RedirectBindingTest {
RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
- credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+ credentialProvider.getMetaDataSigningCredential(), pendingReq);
// validate
Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
@@ -649,7 +650,7 @@ public class RedirectBindingTest {
RedirectBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState,
- credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+ credentialProvider.getMetaDataSigningCredential(), pendingReq);
// validate
Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
@@ -700,7 +701,7 @@ public class RedirectBindingTest {
RedirectBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState,
- credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+ credentialProvider.getMetaDataSigningCredential(), pendingReq);
// validate
Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java
index 1125d30e..b43f6a3e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java
@@ -44,7 +44,8 @@ import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml"})
+@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml",
+ "/spring/test_eaaf_core_spring_config.beans.xml"})
@TestPropertySource(locations = {"/config/config_1.props"})
public class SoapBindingTest {
@@ -162,7 +163,7 @@ public class SoapBindingTest {
PostBindingTest.class.getResourceAsStream("/data/AuthRequest_with_sig_1.xml"));
payload.setIssueInstant(DateTime.now());
final RequestAbstractType signedPayload = Saml2Utils.signSamlObject(
- payload, credentialProvider.getIdpMetaDataSigningCredential(), true);
+ payload, credentialProvider.getMetaDataSigningCredential(), true);
final Envelope enveloped = Saml2Utils.buildSoap11Envelope(signedPayload);
final Marshaller marshaller = Constraint.isNotNull(
@@ -197,7 +198,7 @@ public class SoapBindingTest {
PostBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
bindingImpl.encodeResponse(httpReq, httpResp, response, serviceUrl, null,
- credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+ credentialProvider.getMetaDataSigningCredential(), pendingReq);
Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
Assert.assertNotNull("PVP msg is null", httpResp.getContentLength());
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
index 6930790d..b9f1326d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
@@ -1,7 +1,11 @@
package at.gv.egiz.eaaf.modules.pvp2.test.dummy;
+import java.net.MalformedURLException;
+
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import org.springframework.beans.factory.annotation.Autowired;
@@ -29,7 +33,22 @@ public class DummyCredentialProvider extends AbstractCredentialProvider {
@Override
public String getKeyStoreFilePath() throws EaafException {
- return basicConfig.getBasicConfiguration(KEYSTORE_PATH);
+ final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH);
+
+ if (path != null) {
+ try {
+ return FileUtils.makeAbsoluteUrl(
+ path,
+ basicConfig.getConfigurationRootDirectory());
+
+ } catch (final MalformedURLException e) {
+ throw new EaafConfigurationException("internel test error", null, e);
+
+ }
+ }
+
+ throw new EaafConfigurationException("No keyStore path", null);
+
}
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
index 2d46f102..f8402510 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java
@@ -56,7 +56,8 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml" })
+@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
+ "/spring/test_eaaf_core_spring_config.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
public class MetadataBuilderTest {
@@ -211,7 +212,7 @@ public class MetadataBuilderTest {
@Override
public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException {
- return credentialProvider.getIdpAssertionSigningCredential();
+ return credentialProvider.getMessageSigningCredential();
}
@Override
@@ -226,7 +227,7 @@ public class MetadataBuilderTest {
@Override
public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException {
- return credentialProvider.getIdpMetaDataSigningCredential();
+ return credentialProvider.getMetaDataSigningCredential();
}
@Override
@@ -271,7 +272,7 @@ public class MetadataBuilderTest {
@Override
public Credential getEncryptionCredentials() throws CredentialsNotAvailableException {
- return credentialProvider.getIdpAssertionSigningCredential();
+ return credentialProvider.getMessageSigningCredential();
}
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
index f40fbc74..8995152d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
@@ -77,7 +77,8 @@ import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml" })
+@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
+ "/spring/test_eaaf_core_spring_config.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
public class MetadataResolverTest {
@@ -321,7 +322,7 @@ public class MetadataResolverTest {
MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory.xml"));
metadata.setValidUntil(DateTime.now().plusDays(1));
metadata.setSignature(null);
- Saml2Utils.signSamlObject(metadata, credentialProvider.getIdpMetaDataSigningCredential(), true);
+ Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true);
final Element metadataElement = XMLObjectSupport.marshall(metadata);
mockWebServer.enqueue(new MockResponse().setResponseCode(200)
.setBody(SerializeSupport.nodeToString(metadataElement))
@@ -373,7 +374,7 @@ public class MetadataResolverTest {
MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory_egov.xml"));
metadata.setValidUntil(DateTime.now().plusDays(1));
metadata.setSignature(null);
- Saml2Utils.signSamlObject(metadata, credentialProvider.getIdpMetaDataSigningCredential(), true);
+ Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true);
final Element metadataElement = XMLObjectSupport.marshall(metadata);
mockWebServer.enqueue(new MockResponse().setResponseCode(200)
.setBody(SerializeSupport.nodeToString(metadataElement))
@@ -425,7 +426,7 @@ public class MetadataResolverTest {
MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid.xml"));
metadata.setValidUntil(DateTime.now().minusDays(2));
metadata.setSignature(null);
- Saml2Utils.signSamlObject(metadata, credentialProvider.getIdpMetaDataSigningCredential(), true);
+ Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true);
final Element metadataElement = XMLObjectSupport.marshall(metadata);
mockWebServer.enqueue(new MockResponse().setResponseCode(200)
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jks b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jks
index b5262cb8..59e6ad13 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jks
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit.jks
Binary files differ
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.jks b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.jks
new file mode 100644
index 00000000..b5262cb8
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.jks
Binary files differ
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.p12 b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.p12
new file mode 100644
index 00000000..c3fe2681
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_without_trustcerts.p12
Binary files differ
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore.xml
index 52549a88..96560960 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2020-02-05T06:41:42.966Z">
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2045-02-05T06:41:42.966Z">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_moaid_test.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_moaid_test.xml
index f1fbd9be..ddc6e4ad 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_moaid_test.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_moaid_test.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata" validUntil="2020-02-05T06:41:42.966Z">
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata" validUntil="2040-02-05T06:41:42.966Z">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/SpringTest-context_lazy.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/SpringTest-context_lazy.xml
new file mode 100644
index 00000000..bd424620
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/SpringTest-context_lazy.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" >
+
+ <context:annotation-config />
+
+ <bean id="dummyCredentialProvider"
+ class="at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider"
+ lazy-init="true"/>
+
+</beans>
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
index 375224bb..3b2d0a28 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
@@ -10,9 +10,6 @@
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
- <bean id="dummyAuthConfig"
- class="at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfig" />
-
<bean id="dummyVelocityGuiBuilder"
class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyVelocityGuiFormBuilder" />
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_map_config.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_map_config.beans.xml
new file mode 100644
index 00000000..3e1df7d2
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_map_config.beans.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <bean id="dummyAuthConfig"
+ class="at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfig" />
+
+</beans> \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml
new file mode 100644
index 00000000..c1660a70
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <bean id="dummyAuthConfigMap"
+ class="at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap">
+ <constructor-arg value="/config/config_1.props" />
+ </bean>
+
+</beans> \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index 1ef7da29..29bbac1e 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -194,7 +194,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
relayState = pvpRequest.getRequest().getRelayState();
}
- final EaafX509Credential signCred = pvpIdpCredentials.getIdpAssertionSigningCredential();
+ final EaafX509Credential signCred = pvpIdpCredentials.getMessageSigningCredential();
encoder.encodeResponse(request, response, samlResponse, pvpRequest.getConsumerUrl(), relayState,
signCred, protocolRequest);
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
index c0190959..d138ba3a 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -129,7 +129,7 @@ public class AuthenticationAction implements IAction {
}
binding.encodeResponse(httpReq, httpResp, authResponse, consumerService.getLocation(),
- moaRequest.getRelayState(), pvpIdpCredentials.getIdpAssertionSigningCredential(), req);
+ moaRequest.getRelayState(), pvpIdpCredentials.getMessageSigningCredential(), req);
revisionsLogger.logEvent(req, 3105, authResponse.getID());
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java
index 55e3e8b4..565f28fb 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java
@@ -19,9 +19,6 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder;
-import java.security.PublicKey;
-import java.security.interfaces.ECPublicKey;
-import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.List;
@@ -134,7 +131,14 @@ public class AuthResponseBuilder {
X509Credential encryptionCredentials, IConfiguration authConfig)
throws InvalidAssertionEncryptionException {
try {
- final String keyEncAlg = selectKeyEncryptionAlgorithm(encryptionCredentials, authConfig);
+ final String keyEncAlg = Saml2Utils.getKeyOperationAlgorithmFromCredential(
+ encryptionCredentials,
+ authConfig.getBasicConfiguration(
+ PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA),
+ authConfig.getBasicConfiguration(
+ PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC));
final DataEncryptionParameters dataEncParams = new DataEncryptionParameters();
dataEncParams.setAlgorithm(authConfig.getBasicConfiguration(
@@ -164,29 +168,6 @@ public class AuthResponseBuilder {
}
- private static String selectKeyEncryptionAlgorithm(X509Credential encryptionCredentials,
- IConfiguration authConfig) throws SamlSigningException {
- final PublicKey privatekey = encryptionCredentials.getPublicKey();
- if (privatekey instanceof RSAPublicKey) {
- return authConfig.getBasicConfiguration(
- PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG,
- PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA);
-
- } else if (privatekey instanceof ECPublicKey) {
- return authConfig.getBasicConfiguration(
- PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG,
- PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC);
-
- } else {
- log.warn("Could NOT evaluate the Private-Key type from " + encryptionCredentials.getEntityId()
- + " credential.");
- throw new SamlSigningException("internal.pvp.97",
- new Object[] { encryptionCredentials.getEntityId(), privatekey.getClass().getName() });
-
- }
-
- }
-
private static X509Credential resolveEncryptionCredential(RequestAbstractType req,
IPvp2MetadataProvider metadataProvider) throws InvalidAssertionEncryptionException {
try {