9 files changed, 415 insertions, 0 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java
new file mode 100644
index 00000000..28ccd7e0
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java
@@ -0,0 +1,26 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api;
+
+import java.util.List;
+
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+public interface IPVP2BasicConfiguration {
+	
+	public String getIDPEntityId(String authURL) throws EAAFException;
+
+	public String getIDPSSOPostService(String authURL) throws EAAFException;
+
+	public String getIDPSSORedirectService(String authURL) throws EAAFException;
+
+	public Object getIDPSSOSOAPService(String extractAuthURLFromRequest) throws EAAFException;
+
+	public List<ContactPerson> getIDPContacts() throws EAAFException;
+
+	public Organization getIDPOrganisation() throws EAAFException;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
new file mode 100644
index 00000000..959ad747
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
@@ -0,0 +1,25 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.binding.decoding.URIComparator;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
+
+public interface IDecoder {
+	public InboundMessageInterface decode(HttpServletRequest req, 
+			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator)
+					throws MessageDecodingException, SecurityException, PVP2Exception;
+		
+	public boolean handleDecode(String action, HttpServletRequest req);
+	
+	public String getSAML2BindingName();
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
new file mode 100644
index 00000000..a4475f20
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
@@ -0,0 +1,51 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
+public interface IEncoder {
+	
+	/**
+	 * 
+	 * @param req The http request
+	 * @param resp The http response
+	 * @param request The SAML2 request object
+	 * @param targetLocation URL, where the request should be transmit
+	 * @param relayState token for session handling
+	 * @param credentials Credential to sign the request object
+	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
+	 * @throws MessageEncodingException
+	 * @throws SecurityException
+	 * @throws PVP2Exception
+	 */
+	public void encodeRequest(HttpServletRequest req, 
+			HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
+					throws MessageEncodingException, SecurityException, PVP2Exception;
+	
+	/**
+	 * Encoder SAML Response
+	 * @param req The http request
+	 * @param resp The http response
+	 * @param response The SAML2 repsonse object
+	 * @param targetLocation URL, where the request should be transmit
+	 * @param relayState token for session handling
+	 * @param credentials Credential to sign the response object
+	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
+	 * @throws MessageEncodingException
+	 * @throws SecurityException
+	 */
+	public void encodeRespone(HttpServletRequest req, 
+			HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
+					throws MessageEncodingException, SecurityException, PVP2Exception;
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java
new file mode 100644
index 00000000..00edb1bf
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java
@@ -0,0 +1,18 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.message;
+
+import org.w3c.dom.Element;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface InboundMessageInterface {
+	
+	public String getRelayState();
+	public String getEntityID();
+	public boolean isVerified();
+	public Element getInboundMessage();
+	
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
new file mode 100644
index 00000000..218e5171
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
@@ -0,0 +1,218 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+
+/**
+ * @author tlenz
+ * 
+ */
+public interface IPVPMetadataBuilderConfiguration {
+
+	
+	/**
+	 * Defines a unique name for this PVP Service-provider, which is used for logging
+	 * 
+	 * @return
+	 */
+	public String getSPNameForLogging();
+	
+	/**
+	 * Set metadata valid area
+	 * 
+	 * @return valid until in hours [h]
+	 */
+	public int getMetadataValidUntil();
+	
+	/**
+	 * Build a SAML2 Entities element as metadata root element
+	 * 
+	 * @return true, if the metadata should start with entities element 
+	 */
+	public boolean buildEntitiesDescriptorAsRootElement();
+	
+	/**
+	 * 
+	 * 
+	 * @return true, if an IDP SSO-descriptor element should be generated 
+	 */
+	public boolean buildIDPSSODescriptor();
+	
+	/**
+	 * 
+	 * 
+	 * @return true, if an SP SSO-descriptor element should be generated 
+	 */
+	public boolean buildSPSSODescriptor();
+	
+	/**
+	 * Set the PVP entityID for this SAML2 metadata.
+	 * The entityID must be an URL and must be start with the public-URL prefix of the server
+	 * 
+	 * @return PVP entityID postfix as String
+	 */
+	public String getEntityID();
+	
+	/**
+	 * Set a friendlyName for this PVP entity
+	 * 
+	 * @return 
+	 */
+	public String getEntityFriendlyName();
+	
+	/**
+	 * Set the contact information for this metadata entity
+	 * 
+	 * @return
+	 */
+	public List<ContactPerson> getContactPersonInformation();
+	
+	/**
+	 * Set organisation information for this metadata entity
+	 * 
+	 * @return
+	 */
+	public Organization getOrgansiationInformation();
+	
+
+	/**
+	 * Set the credential for metadata signing
+	 * 
+	 * @return
+	 * @throws CredentialsNotAvailableException 
+	 */
+	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
+	
+	/**
+	 * Set the credential for request/response signing
+	 * IDP metadata: this credential is used for SAML2 response signing
+	 * SP metadata: this credential is used for SAML2 response signing
+	 * 
+	 * @return
+	 * @throws CredentialsNotAvailableException 
+	 */
+	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException;
+	
+	/**
+	 * Set the credential for response encryption
+	 * 
+	 * @return
+	 * @throws CredentialsNotAvailableException 
+	 */
+	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
+	
+	/**
+	 * Set the IDP Post-Binding URL for WebSSO 
+	 * 
+	 * @return
+	 */
+	public String getIDPWebSSOPostBindingURL();
+	
+	/**
+	 * Set the IDP Redirect-Binding URL for WebSSO 
+	 * 
+	 * @return
+	 */
+	public String getIDPWebSSORedirectBindingURL();
+	
+	/**
+	 * Set the IDP Post-Binding URL for Single LogOut 
+	 * 
+	 * @return
+	 */
+	public String getIDPSLOPostBindingURL();
+	
+	/**
+	 * Set the IDP Redirect-Binding URL for Single LogOut 
+	 * 
+	 * @return
+	 */
+	public String getIDPSLORedirectBindingURL();
+	
+	/**
+	 * Set the SP Post-Binding URL for for the Assertion-Consumer Service
+	 * 
+	 * @return
+	 */
+	public String getSPAssertionConsumerServicePostBindingURL();
+	
+	/**
+	 * Set the SP Redirect-Binding URL for the Assertion-Consumer Service 
+	 * 
+	 * @return
+	 */
+	public String getSPAssertionConsumerServiceRedirectBindingURL();
+	
+	/**
+	 * Set the SP Post-Binding URL for Single LogOut 
+	 * 
+	 * @return
+	 */
+	public String getSPSLOPostBindingURL();
+	
+	/**
+	 * Set the SP Redirect-Binding URL for Single LogOut 
+	 * 
+	 * @return
+	 */
+	public String getSPSLORedirectBindingURL();
+	
+	/**
+	 * Set the SP SOAP-Binding URL for Single LogOut 
+	 * 
+	 * @return
+	 */
+	public String getSPSLOSOAPBindingURL();
+	
+	
+	/**
+	 * Set all SAML2 attributes which could be provided by this IDP
+	 * 
+	 * @return
+	 */
+	public List<Attribute> getIDPPossibleAttributes();
+	
+	/**
+	 * Set all nameID types which could be provided by this IDP
+	 * 
+	 * @return a List of SAML2 nameID types
+	 */
+	public List<String> getIDPPossibleNameITTypes();
+	
+	/**
+	 * Set all SAML2 attributes which are required by the SP
+	 * 
+	 * @return
+	 */
+	public List<RequestedAttribute> getSPRequiredAttributes();
+	
+	/**
+	 * Set all nameID types which allowed from the SP
+	 * 
+	 * @return a List of SAML2 nameID types
+	 */
+	public List<String> getSPAllowedNameITTypes();
+	
+	/**
+	 * Set the 'wantAssertionSigned' attribute in SP metadata
+	 * 
+	 * @return
+	 */
+	public boolean wantAssertionSigned();
+	
+	/**
+	 * Set the 'wantAuthnRequestSigned' attribute
+	 * 
+	 * @return
+	 */
+	public boolean wantAuthnRequestSigned();
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java
new file mode 100644
index 00000000..7492c0ff
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java
@@ -0,0 +1,11 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+
+public interface IPVPMetadataConfigurationFactory {
+	
+	public IPVPMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL, AbstractCredentialProvider pvpIDPCredentials);
+	
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java
new file mode 100644
index 00000000..4c721d45
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java
@@ -0,0 +1,37 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+
+public interface IPVPMetadataProvider extends MetadataProvider {
+
+	boolean requireValidMetadata();
+
+	void setRequireValidMetadata(boolean requireValidMetadata);
+
+	MetadataFilter getMetadataFilter();
+
+	void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException;
+
+	XMLObject getMetadata() throws MetadataProviderException;
+
+	EntitiesDescriptor getEntitiesDescriptor(String entitiesID) throws MetadataProviderException;
+
+	EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException;
+
+	List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException;
+
+	RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) throws MetadataProviderException;
+
+}
\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
new file mode 100644
index 00000000..07321e0c
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
@@ -0,0 +1,18 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IRefreshableMetadataProvider {
+
+	/**
+	 * Refresh a entity or load a entity in a metadata provider 
+	 * 
+	 * @param entityID
+	 * @return true, if refresh is success, otherwise false
+	 */
+	public boolean refreshMetadataProvider(String entityID);
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java
new file mode 100644
index 00000000..a13a0bac
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java
@@ -0,0 +1,11 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.api.validation;
+
+import org.opensaml.saml2.core.RequestAbstractType;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+public interface ISAMLValidator {
+	public void validateRequest(RequestAbstractType request) throws EAAFException;
+}