summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java3
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java130
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java32
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java15
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java19
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java3
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFExtensionImplementation.java12
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestExtensionBuilder.java21
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeBuilder.java21
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeMarshaller.java52
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeUnmarshaller.java51
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesBuilder.java21
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesMarshaller.java7
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesUnmarshaller.java21
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java30
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributeImpl.java109
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributesImpl.java37
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java29
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AuthnRequestValidator.java45
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml5
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java54
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java29
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java38
25 files changed, 694 insertions, 100 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java
index 2e5f49ed..ae63614e 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java
@@ -53,7 +53,7 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask {
if (processDefinitionId == null) {
log.warn("No suitable authentication process found for SessionID " + pendingReq.getPendingRequestId());
throw new EAAFException("process.02", new Object[] { pendingReq.getPendingRequestId()},
- "No suitable authentication process found for SessionID \" + pendingReq.getPendingRequestId()");
+ "No suitable authentication process found for SessionID " + pendingReq);
}
String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java
index f5b7baa8..84117406 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PVPConstants.java
@@ -6,6 +6,8 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import javax.xml.namespace.QName;
+
import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.signature.SignatureConstants;
@@ -103,5 +105,11 @@ public interface PVPConstants extends PVPAttributeDefinitions {
}
});
+ //constants for requested SAML2 attribtes by using eIDAS namespace
+ public static final String EIDAS10_SAML_NS = "http://eidas.europa.eu/saml-extensions";
+ public static final String EIDAS10_PREFIX = "eidas";
+
+ public static final QName EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE =
+ new QName(EIDAS10_SAML_NS, "AttributeValue", EIDAS10_PREFIX);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
index 218e5171..61a040c1 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
@@ -2,6 +2,7 @@
*******************************************************************************/
package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+import java.util.Collection;
import java.util.List;
import org.opensaml.saml2.core.Attribute;
@@ -193,7 +194,7 @@ public interface IPVPMetadataBuilderConfiguration {
*
* @return
*/
- public List<RequestedAttribute> getSPRequiredAttributes();
+ public Collection<RequestedAttribute> getSPRequiredAttributes();
/**
* Set all nameID types which allowed from the SP
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java
new file mode 100644
index 00000000..71949bc1
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java
@@ -0,0 +1,130 @@
+package at.gv.egiz.eaaf.modules.pvp2.api.reqattr;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+import org.opensaml.xml.AttributeExtensibleXMLObject;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSBooleanValue;
+
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+
+public interface EAAFRequestedAttribute extends SAMLObject, AttributeExtensibleXMLObject , org.opensaml.saml2.metadata.RequestedAttribute{
+
+ /** Element local name. */
+ String DEF_LOCAL_NAME = "RequestedAttribute";
+
+ /** Local name of the XSI type. */
+ String TYPE_LOCAL_NAME = "RequestedAttributeAbstractType";
+
+
+ /** Default element name. */
+ QName DEFAULT_ELEMENT_NAME = new QName(PVPConstants.EIDAS10_SAML_NS, DEF_LOCAL_NAME,
+ PVPConstants.EIDAS10_PREFIX);
+
+ /** QName of the XSI type. */
+ QName TYPE_NAME = new QName(PVPConstants.EIDAS10_SAML_NS, TYPE_LOCAL_NAME,
+ PVPConstants.EIDAS10_PREFIX);
+
+
+
+ /** NAME_ATTRIB_NAME attribute name. */
+ String NAME_ATTRIB_NAME = "Name";
+
+ /** NAME_FORMAT_ATTRIB_NAME attribute name. */
+ String NAME_FORMAT_ATTR = "NameFormat";
+
+ /** IS_REQUIRED_ATTRIB_NAME attribute name. */
+ String IS_REQUIRED_ATTR = "isRequired";
+
+ /** FRIENDLY_NAME_ATTRIB_NAME attribute name. */
+ String FRIENDLY_NAME_ATT = "FriendlyName";
+
+ /** Unspecified attribute format ID. */
+ String UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";
+
+ /** URI reference attribute format ID. */
+ String URI_REFERENCE = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri";
+
+ /** Basic attribute format ID. */
+ String BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
+
+ /**
+ * Gets the name.
+ *
+ * @return the name
+ */
+ String getName();
+
+ /**
+ * Sets the name.
+ *
+ * @param name the new name
+ */
+ void setName(String name);
+
+ /**
+ * Gets the name format.
+ *
+ * @return the name format
+ */
+ String getNameFormat();
+
+ /**
+ * Sets the name format.
+ *
+ * @param nameFormat the new name format
+ */
+ void setNameFormat(String nameFormat);
+
+ /**
+ * Gets the friendly name.
+ *
+ * @return the friendly name
+ */
+ String getFriendlyName();
+
+ /**
+ * Sets the friendly name.
+ *
+ * @param friendlyName the new friendly name
+ */
+ void setFriendlyName(String friendlyName);
+
+/* *//**
+ * Gets the checks if is required.
+ *
+ * @return the checks if is required
+ *//*
+ String isRequired();*/
+
+ /**
+ * Gets the checks if is required xs boolean.
+ *
+ * @return the checks if is required xs boolean
+ */
+ String getIsRequiredXSBoolean();
+
+ /**
+ * Sets the checks if is required.
+ *
+ * @param newIsRequired the new checks if is required
+ */
+ void setIsRequired(String newIsRequired);
+
+ /**
+ * Gets the attribute values.
+ *
+ * @return the attribute values
+ */
+ List<XMLObject> getAttributeValues();
+
+ XSBooleanValue isRequiredXSBoolean();
+
+ void setIsRequired(Boolean aBoolean);
+
+ void setIsRequired(XSBooleanValue xsBooleanValue);
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java
new file mode 100644
index 00000000..42b59d98
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java
@@ -0,0 +1,32 @@
+package at.gv.egiz.eaaf.modules.pvp2.api.reqattr;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+
+public interface EAAFRequestedAttributes extends SAMLObject {
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "RequestedAttributes";
+
+ /** Default element name. */
+ QName DEFAULT_ELEMENT_NAME = new QName(PVPConstants.EIDAS10_SAML_NS, DEF_LOCAL_NAME,
+ PVPConstants.EIDAS10_PREFIX);
+
+ /** Local name of the XSI type. */
+ String TYPE_LOCAL_NAME = "RequestedAttributesType";
+
+ /** QName of the XSI type. */
+ QName TYPE_NAME = new QName(PVPConstants.EIDAS10_SAML_NS, TYPE_LOCAL_NAME,
+ PVPConstants.EIDAS10_PREFIX);
+
+ /**
+ * Gets the attributes.
+ *
+ * @return the attributes
+ */
+ List<EAAFRequestedAttribute> getAttributes();
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java
new file mode 100644
index 00000000..bf5385aa
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java
@@ -0,0 +1,15 @@
+package at.gv.egiz.eaaf.modules.pvp2.api.validation;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+
+public interface IAuthnRequestValidator {
+
+ void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException;
+
+} \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java
index 41623f3d..e7c136c9 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPAttributeBuilder.java
@@ -21,6 +21,7 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidDateFormatException;
import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
@@ -112,15 +113,25 @@ public class PVPAttributeBuilder {
}
-
+ /**
+ * Return all attributes that has a {@link PVPMETADATA} annotation
+ *
+ * @return
+ */
public static List<Attribute> buildSupportedEmptyAttributes() {
List<Attribute> attributes = new ArrayList<Attribute>();
Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
while (builderIt.hasNext()) {
IAttributeBuilder builder = builderIt.next();
- Attribute emptyAttribute = builder.buildEmpty(generator);
- if (emptyAttribute != null) {
- attributes.add(emptyAttribute);
+ if (builder.getClass().isAnnotationPresent(PVPMETADATA.class)) {
+ Attribute emptyAttribute = builder.buildEmpty(generator);
+ if (emptyAttribute != null) {
+ attributes.add(emptyAttribute);
+ }
+
+ } else {
+ log.trace(builder.getName() + "is no PVP Metadata attribute");
+
}
}
return attributes;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java
index abfac305..e29b3e91 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PVPMetadataBuilder.java
@@ -4,6 +4,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
import java.io.IOException;
import java.io.StringWriter;
+import java.util.Collection;
import java.util.List;
import javax.xml.parsers.DocumentBuilder;
@@ -308,7 +309,7 @@ public class PVPMetadataBuilder {
//add required attributes
- List<RequestedAttribute> reqSPAttr = config.getSPRequiredAttributes();
+ Collection<RequestedAttribute> reqSPAttr = config.getSPRequiredAttributes();
AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);
attributeService.setIndex(0);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFExtensionImplementation.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFExtensionImplementation.java
new file mode 100644
index 00000000..fe4e4123
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFExtensionImplementation.java
@@ -0,0 +1,12 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import org.opensaml.saml2.common.impl.ExtensionsImpl;
+
+public class EAAFExtensionImplementation extends ExtensionsImpl {
+
+ protected EAAFExtensionImplementation(String namespaceURI, String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestExtensionBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestExtensionBuilder.java
new file mode 100644
index 00000000..e9aaefb6
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestExtensionBuilder.java
@@ -0,0 +1,21 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
+
+public class EAAFRequestExtensionBuilder extends AbstractSAMLObjectBuilder<Extensions> {
+
+ @Override
+ public Extensions buildObject() {
+ return buildObject(SAMLConstants.SAML20P_NS, Extensions.LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
+
+ }
+
+ @Override
+ public Extensions buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new EAAFExtensionImplementation(namespaceURI, localName, namespacePrefix);
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeBuilder.java
new file mode 100644
index 00000000..69655450
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeBuilder.java
@@ -0,0 +1,21 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.impl.reqattr.EAAFRequestedAttributeImpl;
+
+public class EAAFRequestedAttributeBuilder extends AbstractSAMLObjectBuilder<EAAFRequestedAttribute> {
+
+ @Override
+ public EAAFRequestedAttribute buildObject() {
+ return buildObject(EAAFRequestedAttribute.DEFAULT_ELEMENT_NAME);
+ }
+
+ @Override
+ public EAAFRequestedAttribute buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new EAAFRequestedAttributeImpl(namespaceURI, localName,
+ namespacePrefix);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeMarshaller.java
new file mode 100644
index 00000000..8bfd144a
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeMarshaller.java
@@ -0,0 +1,52 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import java.util.Map.Entry;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.Configuration;
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+
+public class EAAFRequestedAttributeMarshaller extends AbstractSAMLObjectMarshaller {
+ protected final void marshallAttributes(final XMLObject samlElement,
+ final Element domElement) throws MarshallingException {
+ final EAAFRequestedAttribute requestedAttr = (EAAFRequestedAttribute) samlElement;
+
+ if (requestedAttr.getName() != null) {
+ domElement.setAttributeNS(null, EAAFRequestedAttribute.NAME_ATTRIB_NAME, requestedAttr.getName());
+ }
+
+ if (requestedAttr.getNameFormat() != null) {
+ domElement.setAttributeNS(null, EAAFRequestedAttribute.NAME_FORMAT_ATTR, requestedAttr.getNameFormat());
+ }
+
+ if (requestedAttr.getFriendlyName() != null) {
+ domElement.setAttributeNS(null, EAAFRequestedAttribute.FRIENDLY_NAME_ATT, requestedAttr.getFriendlyName());
+ }
+
+ if (requestedAttr.getIsRequiredXSBoolean() != null) {
+ domElement.setAttributeNS(null, EAAFRequestedAttribute.IS_REQUIRED_ATTR, requestedAttr.getIsRequiredXSBoolean());
+ }
+
+ Attr attr;
+ for (Entry<QName, String> entry : requestedAttr.getUnknownAttributes()
+ .entrySet()) {
+ attr = XMLHelper.constructAttribute(domElement.getOwnerDocument(),
+ entry.getKey());
+ attr.setValue(entry.getValue());
+ domElement.setAttributeNodeNS(attr);
+ if (Configuration.isIDAttribute(entry.getKey())
+ || requestedAttr.getUnknownAttributes().isIDAttribute(
+ entry.getKey())) {
+ attr.getOwnerElement().setIdAttributeNode(attr, true);
+ }
+ }
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeUnmarshaller.java
new file mode 100644
index 00000000..2754f145
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributeUnmarshaller.java
@@ -0,0 +1,51 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Attr;
+
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+
+public class EAAFRequestedAttributeUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+ protected final void processChildElement(final XMLObject parentSAMLObject, final XMLObject childSAMLObject) throws UnmarshallingException {
+ final EAAFRequestedAttribute requestedAttr = (EAAFRequestedAttribute) parentSAMLObject;
+ final QName childQName = childSAMLObject.getElementQName();
+
+ if ("AttributeValue".equals(childQName.getLocalPart())
+ && childQName.getNamespaceURI().equals(PVPConstants.EIDAS10_SAML_NS)) {
+ requestedAttr.getAttributeValues().add(childSAMLObject);
+
+ } else
+ super.processChildElement(parentSAMLObject, childSAMLObject);
+
+ }
+
+ protected final void processAttribute(final XMLObject samlObject, final Attr attribute) throws UnmarshallingException {
+ final EAAFRequestedAttribute requestedAttr = (EAAFRequestedAttribute) samlObject;
+ if (attribute.getLocalName().equals(EAAFRequestedAttribute.NAME_ATTRIB_NAME)) {
+ requestedAttr.setName(attribute.getValue());
+
+ } else if (attribute.getLocalName().equals(EAAFRequestedAttribute.NAME_FORMAT_ATTR)) {
+ requestedAttr.setNameFormat(attribute.getValue());
+
+ } else if (attribute.getLocalName().equals(EAAFRequestedAttribute.FRIENDLY_NAME_ATT)) {
+ requestedAttr.setFriendlyName(attribute.getValue());
+
+ } else if (attribute.getLocalName().equals(EAAFRequestedAttribute.IS_REQUIRED_ATTR)) {
+ requestedAttr.setIsRequired(attribute.getValue());
+
+ } else {
+ final QName attribQName = XMLHelper.getNodeQName(attribute);
+ if (attribute.isId()) {
+ requestedAttr.getUnknownAttributes().registerID(attribQName);
+ }
+ requestedAttr.getUnknownAttributes().put(attribQName,
+ attribute.getValue());
+ }
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesBuilder.java
new file mode 100644
index 00000000..4d17936a
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesBuilder.java
@@ -0,0 +1,21 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.impl.reqattr.EAAFRequestedAttributesImpl;
+
+public class EAAFRequestedAttributesBuilder extends AbstractSAMLObjectBuilder<EAAFRequestedAttributes> {
+
+ @Override
+ public EAAFRequestedAttributes buildObject() {
+ return buildObject(EAAFRequestedAttributes.DEFAULT_ELEMENT_NAME);
+ }
+
+ @Override
+ public EAAFRequestedAttributes buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new EAAFRequestedAttributesImpl(namespaceURI, localName,
+ namespacePrefix);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesMarshaller.java
new file mode 100644
index 00000000..e390ad3e
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesMarshaller.java
@@ -0,0 +1,7 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+
+public class EAAFRequestedAttributesMarshaller extends AbstractSAMLObjectMarshaller {
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesUnmarshaller.java
new file mode 100644
index 00000000..96a694fe
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EAAFRequestedAttributesUnmarshaller.java
@@ -0,0 +1,21 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
+
+public class EAAFRequestedAttributesUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+ protected final void processChildElement(final XMLObject parentObject,
+ final XMLObject childObject) throws UnmarshallingException {
+ final EAAFRequestedAttributes attrStatement = (EAAFRequestedAttributes) parentObject;
+ if (childObject instanceof EAAFRequestedAttribute) {
+ attrStatement.getAttributes().add((EAAFRequestedAttribute) childObject);
+
+ } else
+ super.processChildElement(parentObject, childObject);
+
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java
index 7b9bef88..81c8313e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EAAFDefaultSAML2Bootstrap.java
@@ -6,6 +6,15 @@ import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.xml.ConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributeMarshaller;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributeUnmarshaller;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributesBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributesMarshaller;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestedAttributesUnmarshaller;
+
/**
* @author tlenz
*
@@ -26,9 +35,28 @@ public class EAAFDefaultSAML2Bootstrap extends DefaultBootstrap {
initializeESAPI();
+ initializeExtenstions();
+
}
- public static void initializeDefaultPVPConfiguration() {
+ private static void initializeExtenstions() {
+ Configuration.registerObjectProvider(
+ EAAFRequestedAttribute.DEFAULT_ELEMENT_NAME,
+ new EAAFRequestedAttributeBuilder(),
+ new EAAFRequestedAttributeMarshaller(),
+ new EAAFRequestedAttributeUnmarshaller()
+ );
+
+ Configuration.registerObjectProvider(
+ EAAFRequestedAttributes.DEFAULT_ELEMENT_NAME,
+ new EAAFRequestedAttributesBuilder(),
+ new EAAFRequestedAttributesMarshaller(),
+ new EAAFRequestedAttributesUnmarshaller()
+ );
+
+ }
+
+ public static void initializeDefaultPVPConfiguration() {
initializeGlobalSecurityConfiguration();
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributeImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributeImpl.java
new file mode 100644
index 00000000..a04f6123
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributeImpl.java
@@ -0,0 +1,109 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSBooleanValue;
+import org.opensaml.xml.util.AttributeMap;
+import org.opensaml.xml.util.XMLObjectChildrenList;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+
+public class EAAFRequestedAttributeImpl extends AbstractSAMLObject implements EAAFRequestedAttribute {
+
+ private final XMLObjectChildrenList<XMLObject> attributeValues;
+ private String friendlyName;
+ private String isRequired;
+ private String name;
+ private String nameFormat;
+ private AttributeMap unknownAttributes;
+
+ public EAAFRequestedAttributeImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ unknownAttributes = new AttributeMap(this);
+ attributeValues = new XMLObjectChildrenList<XMLObject>(this);
+
+ }
+
+ public final List<XMLObject> getAttributeValues() {
+ return attributeValues;
+ }
+
+ public final String getFriendlyName() {
+ return friendlyName;
+ }
+
+ public final String getIsRequiredXSBoolean() {
+ return isRequired;
+ }
+
+ public final String getName() {
+ return name;
+ }
+
+ public final String getNameFormat() {
+ return nameFormat;
+ }
+
+ public final List<XMLObject> getOrderedChildren() {
+ final List<XMLObject> children = new ArrayList<XMLObject>();
+ children.addAll(attributeValues);
+ return Collections.unmodifiableList(children);
+ }
+
+
+ public final AttributeMap getUnknownAttributes() {
+ return unknownAttributes;
+ }
+
+
+ public final void setFriendlyName(final String newFriendlyName) {
+ this.friendlyName = prepareForAssignment(this.friendlyName,
+ newFriendlyName);
+ }
+
+
+ public final void setIsRequired(final String newIsRequired) {
+ isRequired = prepareForAssignment(this.isRequired, newIsRequired);
+
+ }
+
+
+ public final void setName(final String newName) {
+ this.name = prepareForAssignment(this.name, newName);
+ }
+
+
+ public final void setNameFormat(final String newNameFormat) {
+ this.nameFormat = prepareForAssignment(this.nameFormat, newNameFormat);
+ }
+
+
+ public final void setUnknownAttributes(final AttributeMap newUnknownAttr) {
+ this.unknownAttributes = newUnknownAttr;
+ }
+
+ @Override
+ public XSBooleanValue isRequiredXSBoolean() {
+ return XSBooleanValue.valueOf(isRequired);
+ }
+
+ @Override
+ public void setIsRequired(Boolean aBoolean) {
+ this.isRequired = String.valueOf(aBoolean);
+ }
+
+ @Override
+ public void setIsRequired(XSBooleanValue xsBooleanValue) {
+ this.isRequired = String.valueOf(xsBooleanValue);
+ }
+
+ @Override
+ public Boolean isRequired() {
+ return Boolean.parseBoolean(isRequired);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributesImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributesImpl.java
new file mode 100644
index 00000000..c78ffe94
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EAAFRequestedAttributesImpl.java
@@ -0,0 +1,37 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.util.IndexedXMLObjectChildrenList;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
+
+public class EAAFRequestedAttributesImpl extends AbstractSAMLObject implements EAAFRequestedAttributes {
+
+ private final IndexedXMLObjectChildrenList<XMLObject> indexedChildren;
+
+ public EAAFRequestedAttributesImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ indexedChildren = new IndexedXMLObjectChildrenList<XMLObject>(this);
+ }
+
+ @Override
+ public List<XMLObject> getOrderedChildren() {
+ final List<XMLObject> children = new ArrayList<XMLObject>();
+ children.addAll(indexedChildren);
+ return Collections.unmodifiableList(children);
+
+ }
+
+ @Override
+ public List<EAAFRequestedAttribute> getAttributes() {
+ return (List<EAAFRequestedAttribute>) indexedChildren
+ .subList(EAAFRequestedAttribute.DEFAULT_ELEMENT_NAME);
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java
index 1da3fea3..4e9d3073 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/SAML2Utils.java
@@ -12,8 +12,10 @@ import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
+import org.apache.commons.lang3.StringUtils;
import org.opensaml.Configuration;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.metadata.AssertionConsumerService;
@@ -24,9 +26,13 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
import org.w3c.dom.Document;
import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
public class SAML2Utils {
@@ -122,4 +128,27 @@ public class SAML2Utils {
return envelope;
}
+
+ public static EAAFRequestedAttribute generateReqAuthnAttributeSimple(Attribute attr, boolean isRequired, String value) {
+ EAAFRequestedAttribute requested = SAML2Utils.createSAMLObject(EAAFRequestedAttribute.class);
+ requested.setName(attr.getName());
+ requested.setNameFormat(attr.getNameFormat());
+ requested.setFriendlyName(attr.getFriendlyName());
+ requested.setIsRequired(String.valueOf(isRequired));
+ List<XMLObject> attributeValues = requested.getAttributeValues();
+ if (StringUtils.isNotEmpty(value)) {
+ XMLObject attributeValueForRequest = createAttributeValue(PVPConstants.EIDAS_REQUESTED_ATTRIBUTE_VALUE_TYPE, value);
+ attributeValues.add(attributeValueForRequest);
+ }
+ return requested;
+
+ }
+
+ private static XMLObject createAttributeValue(QName attributeValueType, String value) {
+ XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ XSString stringValue = stringBuilder.buildObject(attributeValueType, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+ return stringValue;
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AuthnRequestValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AuthnRequestValidator.java
deleted file mode 100644
index 86c7f309..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AuthnRequestValidator.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
-
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
-
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestValidator {
- private static final Logger log = LoggerFactory.getLogger(AuthnRequestValidator.class);
-
- public static void validate(AuthnRequest req) throws AuthnRequestValidatorException{
-
- //validate NameIDPolicy
- NameIDPolicy nameIDPolicy = req.getNameIDPolicy();
- if (nameIDPolicy != null) {
- String nameIDFormat = nameIDPolicy.getFormat();
- if (nameIDFormat != null) {
- if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
- NameID.PERSISTENT.equals(nameIDFormat) ||
- NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
-
- throw new NameIDFormatNotSupportedException(nameIDFormat);
-
- }
-
- } else
- log.trace("Find NameIDPolicy, but NameIDFormat is 'null'");
- } else
- log.trace("AuthnRequest includes no 'NameIDPolicy'");
-
-
-
- }
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml
index 2c64b5f1..ed582d1a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/eaaf_pvp.beans.xml
@@ -23,8 +23,5 @@
<bean id="PVPSOAPBinding"
class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding" />
-
- <bean id="SAMLVerificationEngine"
- class="at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine" />
-
+
</beans> \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java
index 93ffa789..ee0eee0a 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java
@@ -19,9 +19,7 @@ import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.security.SecurityPolicyException;
@@ -35,7 +33,6 @@ import at.gv.egiz.components.eventlog.api.EventConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
@@ -47,6 +44,7 @@ import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPVPRequestException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
@@ -61,7 +59,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.AuthnRequestValidator;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine;
public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
@@ -70,8 +67,11 @@ public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulCon
@Autowired(required=true) protected IPVP2BasicConfiguration pvpBasicConfiguration;
@Autowired(required=true) protected IPVPMetadataProvider metadataProvider;
@Autowired(required=true) protected SAMLVerificationEngine samlVerificationEngine;
+ @Autowired(required=true) protected IAuthnRequestValidator authRequestValidator;
private AbstractCredentialProvider pvpIDPCredentials;
+
+
/**
* Sets a specific credential provider for PVP S-Profile IDP component.
@@ -470,42 +470,14 @@ public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulCon
}
}
-
- //select AttributeConsumingService from request
- AttributeConsumingService attributeConsumer = null;
- Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
- int attributeIdx = 0;
-
- if(aIdx != null) {
- attributeIdx = aIdx.intValue();
- }
-
- if (spSSODescriptor.getAttributeConsumingServices() != null &&
- spSSODescriptor.getAttributeConsumingServices().size() > 0) {
- attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
- }
-
+
//validate AuthnRequest
- AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
- AuthnRequestValidator.validate(authReq);
-
-// String useMandate = request.getParameter(PARAM_USEMANDATE);
-// if(useMandate != null) {
-// if(useMandate.equals("true") && attributeConsumer != null) {
-// if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-// throw new MandateAttributesNotHandleAbleException();
-// }
-// }
-// }
-
+ AuthnRequest authReq = (AuthnRequest) samlReq;
String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-
- log.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
-
- pendingReq.setSPEntityId(oaURL);
- pendingReq.setOnlineApplicationConfiguration(oa);
+ log.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
+
+ pendingReq.setSPEntityId(StringEscapeUtils.escapeHtml(oaURL));
+ pendingReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(pendingReq.getSPEntityId()));
pendingReq.setBinding(consumerService.getBinding());
pendingReq.setRequest(moaRequest);
pendingReq.setConsumerURL(consumerService.getLocation());
@@ -513,13 +485,17 @@ public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulCon
//parse AuthRequest
pendingReq.setPassiv(authReq.isPassive());
pendingReq.setForce(authReq.isForceAuthn());
-
+
//AuthnRequest needs authentication
pendingReq.setNeedAuthentication(true);
//set protocol action, which should be executed after authentication
pendingReq.setAction(AuthenticationAction.class.getName());
+ log.trace("Starting extended AuthnRequest validation and processing ... ");
+ authRequestValidator.validate(request, pendingReq, authReq, spSSODescriptor);
+ log.debug("Extended AuthnRequest validation and processing finished");
+
//write revisionslog entry
revisionsLogger.logEvent(pendingReq, PVPEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java
index b0439775..7ddf05bd 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java
@@ -2,11 +2,15 @@
*******************************************************************************/
package at.gv.egiz.eaaf.modules.pvp2.sp.api;
+import java.util.List;
+
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.xml.security.credential.Credential;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+
/**
* @author tlenz
*
@@ -139,4 +143,29 @@ public interface IPVPAuthnRequestBuilderConfiguruation {
public Element getSubjectConformationDate();
+ /**
+ * Get the EntityId of the SP in case of a SAML2 proxy use-case
+ *
+ * @return
+ */
+ public String getScopeRequesterId();
+
+
+ /**
+ * Get a FriendlyName for the SP that sends the request
+ *
+ * @return
+ */
+ public String getProviderName();
+
+
+ /**
+ * Get a Set of SAML2 attributes that are requested by using SAML2 requested attributes
+ * <br>
+ * <b>Info:</b> Attributes are requested by using eIDAS SAML2 extension for requested attributes
+ *
+ * @return
+ */
+ public List<EAAFRequestedAttribute> getRequestedAttributes();
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java
index 9b02dc77..087504e6 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java
@@ -3,6 +3,7 @@
package at.gv.egiz.eaaf.modules.pvp2.sp.impl;
import java.security.NoSuchAlgorithmException;
+import java.util.List;
import javax.servlet.http.HttpServletResponse;
@@ -10,6 +11,7 @@ import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
@@ -18,6 +20,8 @@ import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.RequesterID;
+import org.opensaml.saml2.core.Scoping;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
@@ -33,9 +37,12 @@ import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestExtensionBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
@@ -44,7 +51,7 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
* @author tlenz
*
*/
-@Service("PVPAuthnRequestBuilder")
+@Service("pvpAuthnRequestBuilder")
public class PVPAuthnRequestBuilder {
private static final Logger log = LoggerFactory.getLogger(PVPAuthnRequestBuilder.class);
@@ -182,8 +189,31 @@ public class PVPAuthnRequestBuilder {
}
- //TODO: implement requested attributes
- //maybe: config.getRequestedAttributes();
+
+ //set ProviderName
+ if (StringUtils.isNotEmpty(config.getProviderName()))
+ authReq.setProviderName(config.getProviderName());
+
+ //set RequesterId in case of proxy mode
+ if (StringUtils.isNotEmpty(config.getScopeRequesterId())) {
+ Scoping scope = SAML2Utils.createSAMLObject(Scoping.class);
+ RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class);
+ requesterId.setRequesterID(config.getScopeRequesterId());
+ scope.getRequesterIDs().add(requesterId );
+ authReq.setScoping(scope );
+
+ }
+
+ //add optional requested attributes
+ if (config.getRequestedAttributes() != null) {
+ List<EAAFRequestedAttribute> reqAttr = config.getRequestedAttributes();
+ Extensions extenstions = new EAAFRequestExtensionBuilder().buildObject();
+ EAAFRequestedAttributes reqAttributs = SAML2Utils.createSAMLObject(EAAFRequestedAttributes.class);
+ reqAttributs.getAttributes().addAll(reqAttr);
+ extenstions.getUnknownXMLObjects().add(reqAttributs);
+ authReq.setExtensions(extenstions );
+
+ }
//select message encoder
IEncoder binding = null;
@@ -201,5 +231,5 @@ public class PVPAuthnRequestBuilder {
binding.encodeRequest(null, httpResp, authReq,
endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
}
-
+
}