summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpAddableChainingMetadataProvider.java22
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java55
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java165
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java25
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java13
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml2
10 files changed, 224 insertions, 80 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpAddableChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpAddableChainingMetadataProvider.java
new file mode 100644
index 00000000..8e5eb715
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpAddableChainingMetadataProvider.java
@@ -0,0 +1,22 @@
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import javax.annotation.Nonnull;
+
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+
+import org.opensaml.saml.metadata.resolver.MetadataResolver;
+
+public interface IPvpAddableChainingMetadataProvider {
+
+ /**
+ * Manually add a metadata resolver into a chaining metadata provider.
+ * <br>
+ * <b>If the chaining metadata provider also implements
+ * {@link IGarbageCollectorProcessing} manually added provider
+ * can be removed by garbage-collector process. This behavior
+ * depends on chaining metadata-provider implementation. </b>
+ *
+ * @param resolver Metadata provider that should be added
+ */
+ void addMetadataResolverIntoChain(@Nonnull MetadataResolver resolver);
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java
index 0cf7e293..fb1352ce 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java
@@ -19,11 +19,11 @@
package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
public interface IPvpMetadataConfigurationFactory {
IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authUrl,
- AbstractCredentialProvider pvpIdpCredentials);
+ IPvp2CredentialProvider pvpIdpCredentials);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
new file mode 100644
index 00000000..a564efb2
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
@@ -0,0 +1,55 @@
+package at.gv.egiz.eaaf.modules.pvp2.api.utils;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+
+public interface IPvp2CredentialProvider {
+
+ /**
+ * Get Credentials to sign metadata.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of a credential error
+ */
+ @Nonnull
+ EaafX509Credential getMetaDataSigningCredential() throws CredentialsNotAvailableException;
+
+ /**
+ * Get Credentials to sign SAML2 messages, like AuthnRequest, Response,
+ * Assertions as some examples.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of a credential error
+ */
+ @Nonnull
+ EaafX509Credential getMessageSigningCredential() throws CredentialsNotAvailableException;
+
+ /**
+ * Get Credentials to encrypt messages, like Assertion as example.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of a credential error
+ */
+ @Nullable
+ EaafX509Credential getMessageEncryptionCredential()
+ throws CredentialsNotAvailableException;
+
+ /**
+ * Get a List of trusted {@link X509Certificate} that are available in this
+ * KeyStore.
+ *
+ * @return List of trusted {@link X509Certificate}, or an emptry {@link List} if
+ * no certificates are available
+ * @throws CredentialsNotAvailableException In case of a KeyStore error
+ */
+ @Nonnull
+ List<X509Certificate> getTrustedCertificates()
+ throws CredentialsNotAvailableException;
+
+} \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
index 8a20b932..80511f64 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -36,6 +36,7 @@ import at.gv.egiz.components.spring.api.IDestroyableObject;
import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
import org.apache.commons.lang3.StringUtils;
@@ -56,7 +57,7 @@ import net.shibboleth.utilities.java.support.resolver.ResolverException;
@Slf4j
public abstract class AbstractChainingMetadataProvider implements IGarbageCollectorProcessing,
- IRefreshableMetadataProvider,
+ IRefreshableMetadataProvider, IPvpAddableChainingMetadataProvider,
IDestroyableObject, IPvp2MetadataProvider, ClearableMetadataResolver {
@Nonnull
@@ -157,21 +158,6 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
}
- /**
- * Close metadata provider and remove all loaded metadata.
- *
- */
- public void internalDestroy() {
- log.info("Destroying chained metadata resolvers ...");
-
- for (final MetadataResolver resolver : internalResolvers) {
- destroyMetadataResolver(resolver);
- }
-
- internalResolvers.clear();
-
- }
-
@Override
public final MetadataFilter getMetadataFilter() {
log.warn("{} does NOT support {}", AbstractChainingMetadataProvider.class.getName(),
@@ -194,7 +180,7 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
* getEntityDescriptor( java.lang.String)
*/
@Override
- public EntityDescriptor getEntityDescriptor(final String entityID)
+ public final EntityDescriptor getEntityDescriptor(final String entityID)
throws ResolverException {
EntityDescriptor entityDesc = null;
try {
@@ -212,6 +198,7 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
"Can not find PVP metadata for entityID: " + entityID + " Start refreshing process ...");
if (refreshMetadataProvider(entityID)) {
return resolveEntityDescripor(entityID);
+
}
}
@@ -221,22 +208,21 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
@Override
@Nullable
- public final EntityDescriptor resolveSingle(@Nullable final CriteriaSet criteria) throws ResolverException {
- for (final MetadataResolver resolver : internalResolvers) {
- try {
- final EntityDescriptor descriptors = resolver.resolveSingle(criteria);
- if (descriptors != null) {
- return descriptors;
- }
-
- } catch (final ResolverException e) {
- continue;
+ public final EntityDescriptor resolveSingle(@Nullable final CriteriaSet criteria)
+ throws ResolverException {
+ EntityDescriptor result = internalResolveSingle(criteria);
+ if (result == null && criteria != null) {
+ final EntityIdCriterion entityIdCriteria = criteria.get(EntityIdCriterion.class);
+ if (entityIdCriteria != null
+ && refreshMetadataProvider(entityIdCriteria.getEntityId())) {
+ log.debug("Can not find PVP metadata for entityID: {}. Metadata refreshing was done ... ",
+ entityIdCriteria.getEntityId());
+ result = internalResolveSingle(criteria);
}
-
}
- return null;
+ return result;
}
@@ -244,21 +230,18 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
@Nonnull
public final Iterable<EntityDescriptor> resolve(@Nullable final CriteriaSet criteria)
throws ResolverException {
- for (final MetadataResolver resolver : internalResolvers) {
- try {
- final Iterable<EntityDescriptor> descriptors = resolver.resolve(criteria);
- if (descriptors != null && descriptors.iterator().hasNext()) {
- return descriptors;
-
- }
-
- } catch (final ResolverException e) {
- continue;
-
+ Iterable<EntityDescriptor> result = internalResolve(criteria);
+ if (criteria != null) {
+ final EntityIdCriterion entityIdCriteria = criteria.get(EntityIdCriterion.class);
+ if (!result.iterator().hasNext() && entityIdCriteria != null
+ && refreshMetadataProvider(entityIdCriteria.getEntityId())) {
+ log.debug("Can not find PVP metadata for entityID: {}. Metadata refreshing was done ... ",
+ entityIdCriteria.getEntityId());
+ result = internalResolve(criteria);
}
}
- return Collections.emptyList();
+ return result;
}
@Override
@@ -295,7 +278,7 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
@Override
@Nullable
- public DateTime getLastUpdate() {
+ public final DateTime getLastUpdate() {
DateTime ret = null;
for (final MetadataResolver resolver : internalResolvers) {
if (resolver instanceof RefreshableMetadataResolver) {
@@ -325,6 +308,42 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
return ret;
}
+ @Override
+ public final DateTime getLastSuccessfulRefresh() {
+ return this.lastRefeshTimestamp;
+
+ }
+
+ @Override
+ public final Boolean wasLastRefreshSuccess() {
+ return this.lastRefeshSuccessful;
+
+ }
+
+ @Override
+ public final boolean isRequireValidMetadata() {
+ log.warn("Attempt to access unsupported requireValidMetadata property on ChainingMetadataResolver");
+ return false;
+ }
+
+ @Override
+ public final void setRequireValidMetadata(final boolean requireValidMetadata) {
+ throw new UnsupportedOperationException(
+ "Setting requireValidMetadata is not supported on chaining resolver");
+ }
+
+ @Override
+ public final String getId() {
+ return getMetadataProviderId();
+
+ }
+
+ @Override
+ public final void addMetadataResolverIntoChain(MetadataResolver resolver) {
+ internalResolvers.add(resolver);
+
+ }
+
/**
* Get the URL to metadata for a specific entityID.
*
@@ -465,34 +484,58 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
}
}
- @Override
- public DateTime getLastSuccessfulRefresh() {
- return this.lastRefeshTimestamp;
+ /**
+ * Close metadata provider and remove all loaded metadata.
+ *
+ */
+ private void internalDestroy() {
+ log.info("Destroying chained metadata resolvers ...");
- }
+ for (final MetadataResolver resolver : internalResolvers) {
+ destroyMetadataResolver(resolver);
+ }
- @Override
- public Boolean wasLastRefreshSuccess() {
- return this.lastRefeshSuccessful;
+ internalResolvers.clear();
}
- @Override
- public boolean isRequireValidMetadata() {
- log.warn("Attempt to access unsupported requireValidMetadata property on ChainingMetadataResolver");
- return false;
- }
+ private EntityDescriptor internalResolveSingle(@Nullable final CriteriaSet criteria)
+ throws ResolverException {
+ for (final MetadataResolver resolver : internalResolvers) {
+ try {
+ final EntityDescriptor descriptors = resolver.resolveSingle(criteria);
+ if (descriptors != null) {
+ return descriptors;
+ }
+
+ } catch (final ResolverException e) {
+ continue;
+
+ }
+ }
+
+ return null;
- @Override
- public void setRequireValidMetadata(final boolean requireValidMetadata) {
- throw new UnsupportedOperationException(
- "Setting requireValidMetadata is not supported on chaining resolver");
}
- @Override
- public String getId() {
- return getMetadataProviderId();
+ @Nonnull
+ private Iterable<EntityDescriptor> internalResolve(@Nullable final CriteriaSet criteria)
+ throws ResolverException {
+ for (final MetadataResolver resolver : internalResolvers) {
+ try {
+ final Iterable<EntityDescriptor> descriptors = resolver.resolve(criteria);
+ if (descriptors != null && descriptors.iterator().hasNext()) {
+ return descriptors;
+
+ }
+ } catch (final ResolverException e) {
+ continue;
+
+ }
+ }
+
+ return Collections.emptyList();
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index 13124114..6959b6bd 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -39,6 +39,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
@@ -53,7 +54,7 @@ import org.springframework.core.io.ResourceLoader;
import lombok.extern.slf4j.Slf4j;
@Slf4j
-public abstract class AbstractCredentialProvider {
+public abstract class AbstractCredentialProvider implements IPvp2CredentialProvider {
private static final String TRUSTED_CERTIFICATES_OPERATION = "Trusted Certificate Entries";
@@ -136,10 +137,11 @@ public abstract class AbstractCredentialProvider {
* @return Credentials
* @throws CredentialsNotAvailableException In case of a credential error
*/
+ @Override
public EaafX509Credential getMetaDataSigningCredential() throws CredentialsNotAvailableException {
try {
final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
- getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray(), getFriendlyName());
+ getMetadataKeyAlias(), getPassCharArrayOrNull(getMetadataKeyPassword()), getFriendlyName());
credentials.setUsageType(UsageType.SIGNING);
credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials));
credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials));
@@ -152,6 +154,8 @@ public abstract class AbstractCredentialProvider {
}
}
+
+
/**
* Get Credentials to sign SAML2 messages, like AuthnRequest, Response,
* Assertions as some examples.
@@ -159,10 +163,11 @@ public abstract class AbstractCredentialProvider {
* @return Credentials
* @throws CredentialsNotAvailableException In case of a credential error
*/
+ @Override
public EaafX509Credential getMessageSigningCredential() throws CredentialsNotAvailableException {
try {
final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
- getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray(), getFriendlyName());
+ getSignatureKeyAlias(), getPassCharArrayOrNull(getSignatureKeyPassword()), getFriendlyName());
credentials.setUsageType(UsageType.SIGNING);
credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials));
credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials));
@@ -181,6 +186,7 @@ public abstract class AbstractCredentialProvider {
* @return Credentials
* @throws CredentialsNotAvailableException In case of a credential error
*/
+ @Override
public EaafX509Credential getMessageEncryptionCredential()
throws CredentialsNotAvailableException {
// if no encryption key is configured return null
@@ -190,7 +196,7 @@ public abstract class AbstractCredentialProvider {
try {
final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
- getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray(), getFriendlyName());
+ getEncryptionKeyAlias(), getPassCharArrayOrNull(getEncryptionKeyPassword()), getFriendlyName());
credentials.setUsageType(UsageType.ENCRYPTION);
credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials));
credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials));
@@ -212,6 +218,7 @@ public abstract class AbstractCredentialProvider {
* no certificates are available
* @throws CredentialsNotAvailableException In case of a KeyStore error
*/
+ @Override
@Nonnull
public List<X509Certificate> getTrustedCertificates()
throws CredentialsNotAvailableException {
@@ -288,4 +295,14 @@ public abstract class AbstractCredentialProvider {
PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC));
}
+ private char[] getPassCharArrayOrNull(String metadataKeyPassword) {
+ char[] keyPassChar = null;
+ if (metadataKeyPassword != null) {
+ keyPassChar = metadataKeyPassword.toCharArray();
+
+ }
+
+ return keyPassChar;
+ }
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
index 14e6a78a..a3154b0d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
@@ -22,9 +22,11 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
+import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
import java.util.List;
import javax.annotation.Nonnull;
@@ -229,17 +231,22 @@ public class Saml2Utils {
public static String getKeyOperationAlgorithmFromCredential(X509Credential credentials,
String rsaSigAlgorithm, String ecSigAlgorithm) throws SamlSigningException {
final PrivateKey privatekey = credentials.getPrivateKey();
- if (privatekey instanceof RSAPrivateKey) {
+ final PublicKey publickey = credentials.getPublicKey();
+ if (privatekey instanceof RSAPrivateKey
+ || publickey instanceof RSAPublicKey) {
return rsaSigAlgorithm;
- } else if (privatekey instanceof ECPrivateKey) {
+ } else if (privatekey instanceof ECPrivateKey
+ || publickey instanceof ECPublicKey) {
return ecSigAlgorithm;
} else {
log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId()
+ " credential.");
throw new SamlSigningException("internal.pvp.97",
- new Object[] { credentials.getEntityId(), privatekey.getClass().getName() });
+ new Object[] { credentials.getEntityId(),
+ privatekey != null ? privatekey.getClass().getName() : publickey.getClass().getName()
+ });
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index 29bbac1e..a56c8726 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -41,6 +41,7 @@ import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPvpRequestException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException;
@@ -53,7 +54,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
@@ -93,14 +93,14 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
@Autowired(required = false)
protected List<IAuthnRequestPostProcessor> authRequestPostProcessors;
- private AbstractCredentialProvider pvpIdpCredentials;
+ private IPvp2CredentialProvider pvpIdpCredentials;
/**
* Sets a specific credential provider for PVP S-Profile IDP component.
*
* @param pvpIdpCredentials credential provider
*/
- public void setPvpIdpCredentials(final AbstractCredentialProvider pvpIdpCredentials) {
+ public void setPvpIdpCredentials(final IPvp2CredentialProvider pvpIdpCredentials) {
this.pvpIdpCredentials = pvpIdpCredentials;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
index d138ba3a..16cd27cd 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.impl.data.SloInformationImpl;
import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
@@ -41,7 +42,6 @@ import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.Pvp2AssertionBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import org.joda.time.DateTime;
@@ -74,14 +74,14 @@ public class AuthenticationAction implements IAction {
@Autowired(required = true)
IRevisionLogger revisionsLogger;
- private AbstractCredentialProvider pvpIdpCredentials;
+ private IPvp2CredentialProvider pvpIdpCredentials;
/**
* Sets a specific credential provider for PVP S-Profile IDP component.
*
* @param pvpIdpCredentials credential provider
*/
- public void setPvpIdpCredentials(final AbstractCredentialProvider pvpIdpCredentials) {
+ public void setPvpIdpCredentials(final IPvp2CredentialProvider pvpIdpCredentials) {
this.pvpIdpCredentials = pvpIdpCredentials;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java
index 3f0ad0b6..0b344ba3 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/MetadataAction.java
@@ -31,9 +31,9 @@ import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.modules.pvp2.PvpEventConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataConfigurationFactory;
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -53,14 +53,14 @@ public class MetadataAction implements IAction {
@Autowired
private IPvpMetadataConfigurationFactory configFactory;
- private AbstractCredentialProvider pvpIdpCredentials;
+ private IPvp2CredentialProvider pvpIdpCredentials;
/**
* Sets a specific credential provider for PVP S-Profile IDP component.
*
* @param pvpIdpCredentials credential provider
*/
- public void setPvpIdpCredentials(final AbstractCredentialProvider pvpIdpCredentials) {
+ public void setPvpIdpCredentials(final IPvp2CredentialProvider pvpIdpCredentials) {
this.pvpIdpCredentials = pvpIdpCredentials;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml
index 52549a88..96560960 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2020-02-05T06:41:42.966Z">
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2045-02-05T06:41:42.966Z">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>