summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java50
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvp2BasicConfiguration.java109
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java63
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java119
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java42
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java58
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java243
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java35
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java61
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java42
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpAddableChainingMetadataProvider.java22
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java238
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java29
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java59
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java154
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java56
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java151
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java51
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java55
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestPostProcessor.java18
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java35
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java28
22 files changed, 913 insertions, 805 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java
deleted file mode 100644
index 48b0efc5..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPVP2BasicConfiguration.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api;
-
-import java.util.List;
-
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.Organization;
-
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-
-public interface IPVP2BasicConfiguration {
-
- public String getIDPEntityId(String authURL) throws EAAFException;
-
- public String getIDPSSOPostService(String authURL) throws EAAFException;
-
- public String getIDPSSORedirectService(String authURL) throws EAAFException;
-
- public Object getIDPSSOSOAPService(String extractAuthURLFromRequest) throws EAAFException;
-
- public List<ContactPerson> getIDPContacts() throws EAAFException;
-
- public Organization getIDPOrganisation() throws EAAFException;
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvp2BasicConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvp2BasicConfiguration.java
new file mode 100644
index 00000000..a54eb0b8
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvp2BasicConfiguration.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api;
+
+import java.util.List;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+import org.opensaml.saml.saml2.metadata.ContactPerson;
+import org.opensaml.saml.saml2.metadata.Organization;
+
+/**
+ * Basic SAML2 configuration object that provide information for SAML2 metadata.
+ *
+ * @author tlenz
+ *
+ */
+public interface IPvp2BasicConfiguration {
+
+ /**
+ * SAML2 EntityId.
+ *
+ * @param authUrl The Public-URL prefix of the application that always ends without /
+ * @return EntityId
+ * @throws EaafException In case of an error.
+ */
+ @Nonnull
+ String getIdpEntityId(@Nonnull String authUrl) throws EaafException;
+
+ /**
+ * Authentication end-point for POST-Binding in case of an IDP.
+ *
+ * @param authUrl The Public-URL prefix of the application that always ends without /
+ * @return IDP SSO endpoint
+ * @throws EaafException In case of an error.
+ */
+ @Nullable
+ String getIdpSsoPostService(@Nonnull String authUrl) throws EaafException;
+
+ /**
+ * Authentication end-point for POST-Redirect in case of an IDP.
+ *
+ * @param authUrl The Public-URL prefix of the application that always ends without /
+ * @return IDP SSO endpoint
+ * @throws EaafException In case of an error.
+ */
+ @Nullable
+ String getIdpSsoRedirectService(@Nonnull String authUrl) throws EaafException;
+
+ /**
+ * Authentication end-point for POST-SOAP in case of an IDP.
+ *
+ * @param authUrl The Public-URL prefix of the application that always ends without /
+ * @return IDP SSO endpoint
+ * @throws EaafException In case of an error.
+ */
+ @Nullable
+ String getIdpSsoSoapService(@Nonnull String authUrl) throws EaafException;
+
+ /**
+ * Contact information for SAML2 Metadata.
+ *
+ * @return SAML2 Contact object
+ * @throws EaafException In case of an error.
+ */
+ @Nonnull
+ List<ContactPerson> getIdpContacts() throws EaafException;
+
+ /**
+ * Organization information for SAML2 Metadata.
+ *
+ * @return SAML2 Organization object
+ * @throws EaafException In case of an error.
+ */
+ @Nonnull
+ Organization getIdpOrganisation() throws EaafException;
+
+ /**
+ * Get the basic {@link IConfiguration} object that was
+ * used to generate this {@link IPvp2BasicConfiguration}.
+ *
+ * @return Basic application configuration
+ */
+ @Nonnull
+ IConfiguration getBasicConfiguration();
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
index 3b264b6d..83bfee84 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
@@ -1,49 +1,40 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.api.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.xml.security.SecurityException;
+import javax.xml.namespace.QName;
import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import net.shibboleth.utilities.java.support.net.URIComparator;
public interface IDecoder {
- public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator)
- throws MessageDecodingException, SecurityException, PVP2Exception;
-
- public boolean handleDecode(String action, HttpServletRequest req);
-
- public String getSAML2BindingName();
+ InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp,
+ IPvp2MetadataProvider metadataProvider, QName peerEntityRole, URIComparator comparator)
+ throws Pvp2Exception;
+
+ boolean handleDecode(String action, HttpServletRequest req);
+
+ String getSaml2BindingName();
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
index ec400e7a..5a8bc4fb 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
@@ -1,75 +1,68 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.api.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.StatusResponseType;
+import org.opensaml.security.SecurityException;
public interface IEncoder {
-
- /**
- *
- * @param req The http request
- * @param resp The http response
- * @param request The SAML2 request object
- * @param targetLocation URL, where the request should be transmit
- * @param relayState token for session handling
- * @param credentials Credential to sign the request object
- * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
- * @throws MessageEncodingException
- * @throws SecurityException
- * @throws PVP2Exception
- */
- public void encodeRequest(HttpServletRequest req,
- HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException, PVP2Exception;
-
- /**
- * Encoder SAML Response
- * @param req The http request
- * @param resp The http response
- * @param response The SAML2 repsonse object
- * @param targetLocation URL, where the request should be transmit
- * @param relayState token for session handling
- * @param credentials Credential to sign the response object
- * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
- * @throws MessageEncodingException
- * @throws SecurityException
- */
- public void encodeRespone(HttpServletRequest req,
- HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException, PVP2Exception;
+
+ /**
+ * SAML2 Request encoder.
+ *
+ * @param req The http request
+ * @param resp The http response
+ * @param request The SAML2 request object
+ * @param targetLocation URL, where the request should be transmit
+ * @param relayState token for session handling
+ * @param credentials Credential to sign the request object
+ * @param pendingReq Internal MOA-ID request object that contains
+ * session-state informations but never null
+ * @throws Pvp2Exception In case of an error
+ */
+ void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation, String relayState, EaafX509Credential credentials,
+ IRequest pendingReq) throws Pvp2Exception;
+
+ /**
+ * Encoder SAML Response.
+ *
+ * @param req The http request
+ * @param resp The http response
+ * @param response The SAML2 repsonse object
+ * @param targetLocation URL, where the request should be transmit
+ * @param relayState token for session handling
+ * @param credentials Credential to sign the response object
+ * @param pendingReq Internal MOA-ID request object that contains
+ * session-state informations but never null
+ * @throws SecurityException In case of an error
+ */
+ void encodeResponse(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation, String relayState, EaafX509Credential credentials,
+ IRequest pendingReq) throws Pvp2Exception;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java
new file mode 100644
index 00000000..95070167
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/credential/EaafX509Credential.java
@@ -0,0 +1,42 @@
+package at.gv.egiz.eaaf.modules.pvp2.api.credential;
+
+import javax.annotation.Nonnull;
+
+import org.opensaml.security.x509.X509Credential;
+
+public interface EaafX509Credential extends X509Credential {
+
+ /**
+ * Get the signature algorithm that has to be used with this credential.
+ *
+ * @return Signature-algorithm identifier
+ */
+ @Nonnull
+ String getSignatureAlgorithmForSigning();
+
+ /**
+ * Set the signature algorithm that has to be used with this credential.
+ *
+ * @param sigAlg Signature-algorithm identifier
+ */
+ void setSignatureAlgorithmForSigning(@Nonnull String sigAlg);
+
+
+ /**
+ * Get the key-encryption algorithm that has to be used with this credential
+ * in case of data-encryption operations.
+ *
+ * @return Key-encryption algorithm-identifier
+ */
+ @Nonnull
+ String getKeyEncryptionAlgorithmForDataEncryption();
+
+ /**
+ * Set the key-encryption algorithm that has to be used with this credential
+ * in case of data-encryption operations.
+ *
+ * @param sigAlg Key-encryption algorithm-identifier
+ */
+ void setKeyEncryptionAlgorithmForDataEncryption(@Nonnull String sigAlg);
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java
index 416672a1..e5b253a2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/message/InboundMessageInterface.java
@@ -1,42 +1,34 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.api.message;
import org.w3c.dom.Element;
-/**
- * @author tlenz
- *
- */
public interface InboundMessageInterface {
-
- public String getRelayState();
- public String getEntityID();
- public boolean isVerified();
- public Element getInboundMessage();
-
+
+ String getRelayState();
+
+ String getEntityID();
+
+ boolean isVerified();
+
+ Element getInboundMessage();
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
deleted file mode 100644
index c041ec72..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataBuilderConfiguration.java
+++ /dev/null
@@ -1,243 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
-
-import java.util.Collection;
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPMetadataBuilderConfiguration {
-
-
- /**
- * Defines a unique name for this PVP Service-provider, which is used for logging
- *
- * @return
- */
- public String getSPNameForLogging();
-
- /**
- * Set metadata valid area
- *
- * @return valid until in hours [h]
- */
- public int getMetadataValidUntil();
-
- /**
- * Build a SAML2 Entities element as metadata root element
- *
- * @return true, if the metadata should start with entities element
- */
- public boolean buildEntitiesDescriptorAsRootElement();
-
- /**
- *
- *
- * @return true, if an IDP SSO-descriptor element should be generated
- */
- public boolean buildIDPSSODescriptor();
-
- /**
- *
- *
- * @return true, if an SP SSO-descriptor element should be generated
- */
- public boolean buildSPSSODescriptor();
-
- /**
- * Set the PVP entityID for this SAML2 metadata.
- * The entityID must be an URL and must be start with the public-URL prefix of the server
- *
- * @return PVP entityID postfix as String
- */
- public String getEntityID();
-
- /**
- * Set a friendlyName for this PVP entity
- *
- * @return
- */
- public String getEntityFriendlyName();
-
- /**
- * Set the contact information for this metadata entity
- *
- * @return
- */
- public List<ContactPerson> getContactPersonInformation();
-
- /**
- * Set organisation information for this metadata entity
- *
- * @return
- */
- public Organization getOrgansiationInformation();
-
-
- /**
- * Set the credential for metadata signing
- *
- * @return
- * @throws CredentialsNotAvailableException
- */
- public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
-
- /**
- * Set the credential for request/response signing
- * IDP metadata: this credential is used for SAML2 response signing
- * SP metadata: this credential is used for SAML2 response signing
- *
- * @return
- * @throws CredentialsNotAvailableException
- */
- public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException;
-
- /**
- * Set the credential for response encryption
- *
- * @return
- * @throws CredentialsNotAvailableException
- */
- public Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
-
- /**
- * Set the IDP Post-Binding URL for WebSSO
- *
- * @return
- */
- public String getIDPWebSSOPostBindingURL();
-
- /**
- * Set the IDP Redirect-Binding URL for WebSSO
- *
- * @return
- */
- public String getIDPWebSSORedirectBindingURL();
-
- /**
- * Set the IDP Post-Binding URL for Single LogOut
- *
- * @return
- */
- public String getIDPSLOPostBindingURL();
-
- /**
- * Set the IDP Redirect-Binding URL for Single LogOut
- *
- * @return
- */
- public String getIDPSLORedirectBindingURL();
-
- /**
- * Set the SP Post-Binding URL for for the Assertion-Consumer Service
- *
- * @return
- */
- public String getSPAssertionConsumerServicePostBindingURL();
-
- /**
- * Set the SP Redirect-Binding URL for the Assertion-Consumer Service
- *
- * @return
- */
- public String getSPAssertionConsumerServiceRedirectBindingURL();
-
- /**
- * Set the SP Post-Binding URL for Single LogOut
- *
- * @return
- */
- public String getSPSLOPostBindingURL();
-
- /**
- * Set the SP Redirect-Binding URL for Single LogOut
- *
- * @return
- */
- public String getSPSLORedirectBindingURL();
-
- /**
- * Set the SP SOAP-Binding URL for Single LogOut
- *
- * @return
- */
- public String getSPSLOSOAPBindingURL();
-
-
- /**
- * Set all SAML2 attributes which could be provided by this IDP
- *
- * @return
- */
- public List<Attribute> getIDPPossibleAttributes();
-
- /**
- * Set all nameID types which could be provided by this IDP
- *
- * @return a List of SAML2 nameID types
- */
- public List<String> getIDPPossibleNameITTypes();
-
- /**
- * Set all SAML2 attributes which are required by the SP
- *
- * @return
- */
- public Collection<RequestedAttribute> getSPRequiredAttributes();
-
- /**
- * Set all nameID types which allowed from the SP
- *
- * @return a List of SAML2 nameID types
- */
- public List<String> getSPAllowedNameITTypes();
-
- /**
- * Set the 'wantAssertionSigned' attribute in SP metadata
- *
- * @return
- */
- public boolean wantAssertionSigned();
-
- /**
- * Set the 'wantAuthnRequestSigned' attribute
- *
- * @return
- */
- public boolean wantAuthnRequestSigned();
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java
deleted file mode 100644
index be36a878..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataConfigurationFactory.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
-
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-
-public interface IPVPMetadataConfigurationFactory {
-
- public IPVPMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL, AbstractCredentialProvider pvpIDPCredentials);
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java
deleted file mode 100644
index f5c6a35a..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPVPMetadataProvider.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
-
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.xml.XMLObject;
-
-public interface IPVPMetadataProvider extends MetadataProvider {
-
- boolean requireValidMetadata();
-
- void setRequireValidMetadata(boolean requireValidMetadata);
-
- MetadataFilter getMetadataFilter();
-
- void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException;
-
- XMLObject getMetadata() throws MetadataProviderException;
-
- EntitiesDescriptor getEntitiesDescriptor(String entitiesID) throws MetadataProviderException;
-
- EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException;
-
- List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException;
-
- RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) throws MetadataProviderException;
-
-} \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java
new file mode 100644
index 00000000..2f058af8
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+
+import net.shibboleth.utilities.java.support.resolver.ResolverException;
+
+public interface IPvp2MetadataProvider extends ExtendedRefreshableMetadataResolver {
+
+ /**
+ * Get a SAML2 EntityDescriptor with an EntityId from metadata provider.
+ *
+ * @param entityID Unique EntityId of the application
+ * @return SAML2 {@link EntityDescriptor}
+ * @throws ResolverException In case of an internal resolver error.
+ */
+ @Nullable
+ EntityDescriptor getEntityDescriptor(@Nonnull String entityID) throws ResolverException;
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpAddableChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpAddableChainingMetadataProvider.java
new file mode 100644
index 00000000..8e5eb715
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpAddableChainingMetadataProvider.java
@@ -0,0 +1,22 @@
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import javax.annotation.Nonnull;
+
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+
+import org.opensaml.saml.metadata.resolver.MetadataResolver;
+
+public interface IPvpAddableChainingMetadataProvider {
+
+ /**
+ * Manually add a metadata resolver into a chaining metadata provider.
+ * <br>
+ * <b>If the chaining metadata provider also implements
+ * {@link IGarbageCollectorProcessing} manually added provider
+ * can be removed by garbage-collector process. This behavior
+ * depends on chaining metadata-provider implementation. </b>
+ *
+ * @param resolver Metadata provider that should be added
+ */
+ void addMetadataResolverIntoChain(@Nonnull MetadataResolver resolver);
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java
new file mode 100644
index 00000000..3d9125fe
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java
@@ -0,0 +1,238 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import java.util.Collection;
+import java.util.List;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+
+import org.opensaml.saml.saml2.core.Attribute;
+import org.opensaml.saml.saml2.metadata.ContactPerson;
+import org.opensaml.saml.saml2.metadata.Organization;
+import org.opensaml.saml.saml2.metadata.RequestedAttribute;
+import org.opensaml.security.credential.Credential;
+
+/**
+ * PVP Metadata builder configuration.
+ *
+ * @author tlenz
+ *
+ */
+public interface IPvpMetadataBuilderConfiguration {
+
+ /**
+ * Defines a unique name for this PVP Service-provider, which is used for
+ * logging.
+ *
+ * @return
+ */
+ String getSpNameForLogging();
+
+ /**
+ * Set metadata valid area.
+ *
+ * @return valid until in hours [h]
+ */
+ int getMetadataValidUntil();
+
+ /**
+ * Build a SAML2 Entities element as metadata root element.
+ *
+ * @return true, if the metadata should start with entities element
+ */
+ boolean buildEntitiesDescriptorAsRootElement();
+
+ /**
+ * Build an IDP SSO Descriptor.
+ *
+ * @return true, if an IDP SSO-descriptor element should be generated
+ */
+ boolean buildIdpSsoDescriptor();
+
+ /**
+ * Build a SP Descriptor.
+ *
+ * @return true, if an SP SSO-descriptor element should be generated
+ */
+ boolean buildSpSsoDescriptor();
+
+ /**
+ * Set the PVP entityID for this SAML2 metadata. The entityID must be an URL and
+ * must be start with the public-URL prefix of the server.
+ *
+ * @return PVP entityID postfix as String
+ */
+ String getEntityID();
+
+ /**
+ * Set a friendlyName for this PVP entity.
+ *
+ * @return
+ */
+ String getEntityFriendlyName();
+
+ /**
+ * Set the contact information for this metadata entity.
+ *
+ * @return
+ */
+ List<ContactPerson> getContactPersonInformation();
+
+ /**
+ * Set organisation information for this metadata entity.
+ *
+ * @return
+ */
+ Organization getOrgansiationInformation();
+
+ /**
+ * Set the credential for metadata signing.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of an error
+ */
+ EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
+
+ /**
+ * Set the credential for request/response signing IDP metadata: this credential
+ * is used for SAML2 response signing SP metadata: this credential is used for
+ * SAML2 response signing.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of an error
+ */
+ Credential getRequestorResponseSigningCredentials()
+ throws CredentialsNotAvailableException;
+
+ /**
+ * Set the credential for response encryption.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of an error
+ */
+ Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
+
+ /**
+ * Set the IDP Post-Binding URL for WebSSO.
+ *
+ * @return
+ */
+ String getIdpWebSsoPostBindingUrl();
+
+ /**
+ * Set the IDP Redirect-Binding URL for WebSSO.
+ *
+ * @return
+ */
+ String getIdpWebSsoRedirectBindingUrl();
+
+ /**
+ * Set the IDP Post-Binding URL for Single LogOut.
+ *
+ * @return
+ */
+ String getIdpSloPostBindingUrl();
+
+ /**
+ * Set the IDP Redirect-Binding URL for Single LogOut.
+ *
+ * @return
+ */
+ String getIdpSloRedirectBindingUrl();
+
+ /**
+ * Set the SP Post-Binding URL for for the Assertion-Consumer Service.
+ *
+ * @return
+ */
+ String getSpAssertionConsumerServicePostBindingUrl();
+
+ /**
+ * Set the SP Redirect-Binding URL for the Assertion-Consumer Service.
+ *
+ * @return
+ */
+ String getSpAssertionConsumerServiceRedirectBindingUrl();
+
+ /**
+ * Set the SP Post-Binding URL for Single LogOut.
+ *
+ * @return
+ */
+ String getSpSloPostBindingUrl();
+
+ /**
+ * Set the SP Redirect-Binding URL for Single LogOut.
+ *
+ * @return
+ */
+ String getSpSloRedirectBindingUrl();
+
+ /**
+ * Set the SP SOAP-Binding URL for Single LogOut.
+ *
+ * @return
+ */
+ String getSpSloSoapBindingUrl();
+
+ /**
+ * Set all SAML2 attributes which could be provided by this IDP.
+ *
+ * @return
+ */
+ List<Attribute> getIdpPossibleAttributes();
+
+ /**
+ * Set all nameID types which could be provided by this IDP.
+ *
+ * @return a List of SAML2 nameID types
+ */
+ List<String> getIdpPossibleNameIdTypes();
+
+ /**
+ * Set all SAML2 attributes which are required by the SP.
+ *
+ * @return
+ */
+ Collection<RequestedAttribute> getSpRequiredAttributes();
+
+ /**
+ * Set all nameID types which allowed from the SP.
+ *
+ * @return a List of SAML2 nameID types
+ */
+ List<String> getSpAllowedNameIdTypes();
+
+ /**
+ * Set the 'wantAssertionSigned' attribute in SP metadata.
+ *
+ * @return
+ */
+ boolean wantAssertionSigned();
+
+ /**
+ * Set the 'wantAuthnRequestSigned' attribute.
+ *
+ * @return
+ */
+ boolean wantAuthnRequestSigned();
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java
new file mode 100644
index 00000000..fb1352ce
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
+
+public interface IPvpMetadataConfigurationFactory {
+
+ IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authUrl,
+ IPvp2CredentialProvider pvpIdpCredentials);
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
index 2f9e5fea..cc492345 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IRefreshableMetadataProvider.java
@@ -1,42 +1,39 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
+import org.opensaml.saml.metadata.resolver.RefreshableMetadataResolver;
+
/**
+ * Metadata provider that supports dynamic refreshing on external events.
+ *
* @author tlenz
*
*/
-public interface IRefreshableMetadataProvider {
+public interface IRefreshableMetadataProvider extends RefreshableMetadataResolver {
- /**
- * Refresh a entity or load a entity in a metadata provider
- *
- * @param entityID
- * @return true, if refresh is success, otherwise false
- */
- public boolean refreshMetadataProvider(String entityID);
+ /**
+ * Refresh a entity or load a entity in a metadata provider.
+ *
+ * @param entityID EntityId
+ * @return true, if refresh is success, otherwise false
+ */
+ boolean refreshMetadataProvider(String entityID);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java
deleted file mode 100644
index 0501a990..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttribute.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.reqattr;
-
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.xml.AttributeExtensibleXMLObject;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSBooleanValue;
-
-import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
-
-public interface EAAFRequestedAttribute extends SAMLObject, AttributeExtensibleXMLObject , org.opensaml.saml2.metadata.RequestedAttribute{
-
- /** Element local name. */
- String DEF_LOCAL_NAME = "RequestedAttribute";
-
- /** Local name of the XSI type. */
- String TYPE_LOCAL_NAME = "RequestedAttributeAbstractType";
-
-
- /** Default element name. */
- QName DEFAULT_ELEMENT_NAME = new QName(PVPConstants.EIDAT10_SAML_NS, DEF_LOCAL_NAME,
- PVPConstants.EIDAT10_PREFIX);
-
- /** QName of the XSI type. */
- QName TYPE_NAME = new QName(PVPConstants.EIDAT10_SAML_NS, TYPE_LOCAL_NAME,
- PVPConstants.EIDAT10_PREFIX);
-
-
-
- /** NAME_ATTRIB_NAME attribute name. */
- String NAME_ATTRIB_NAME = "Name";
-
- /** NAME_FORMAT_ATTRIB_NAME attribute name. */
- String NAME_FORMAT_ATTR = "NameFormat";
-
- /** IS_REQUIRED_ATTRIB_NAME attribute name. */
- String IS_REQUIRED_ATTR = "isRequired";
-
- /** FRIENDLY_NAME_ATTRIB_NAME attribute name. */
- String FRIENDLY_NAME_ATT = "FriendlyName";
-
- /** Unspecified attribute format ID. */
- String UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";
-
- /** URI reference attribute format ID. */
- String URI_REFERENCE = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri";
-
- /** Basic attribute format ID. */
- String BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
-
- /**
- * Gets the name.
- *
- * @return the name
- */
- String getName();
-
- /**
- * Sets the name.
- *
- * @param name the new name
- */
- void setName(String name);
-
- /**
- * Gets the name format.
- *
- * @return the name format
- */
- String getNameFormat();
-
- /**
- * Sets the name format.
- *
- * @param nameFormat the new name format
- */
- void setNameFormat(String nameFormat);
-
- /**
- * Gets the friendly name.
- *
- * @return the friendly name
- */
- String getFriendlyName();
-
- /**
- * Sets the friendly name.
- *
- * @param friendlyName the new friendly name
- */
- void setFriendlyName(String friendlyName);
-
-/* *//**
- * Gets the checks if is required.
- *
- * @return the checks if is required
- *//*
- String isRequired();*/
-
- /**
- * Gets the checks if is required xs boolean.
- *
- * @return the checks if is required xs boolean
- */
- String getIsRequiredXSBoolean();
-
- /**
- * Sets the checks if is required.
- *
- * @param newIsRequired the new checks if is required
- */
- void setIsRequired(String newIsRequired);
-
- /**
- * Gets the attribute values.
- *
- * @return the attribute values
- */
- List<XMLObject> getAttributeValues();
-
- XSBooleanValue isRequiredXSBoolean();
-
- void setIsRequired(Boolean aBoolean);
-
- void setIsRequired(XSBooleanValue xsBooleanValue);
-
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java
deleted file mode 100644
index 768d5c36..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EAAFRequestedAttributes.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.reqattr;
-
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
-
-public interface EAAFRequestedAttributes extends SAMLObject {
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "RequestedAttributes";
-
- /** Default element name. */
- QName DEFAULT_ELEMENT_NAME = new QName(PVPConstants.EIDAT10_SAML_NS, DEF_LOCAL_NAME,
- PVPConstants.EIDAT10_PREFIX);
-
- /** Local name of the XSI type. */
- String TYPE_LOCAL_NAME = "RequestedAttributesType";
-
- /** QName of the XSI type. */
- QName TYPE_NAME = new QName(PVPConstants.EIDAT10_SAML_NS, TYPE_LOCAL_NAME,
- PVPConstants.EIDAT10_PREFIX);
-
- /**
- * Gets the attributes.
- *
- * @return the attributes
- */
- List<EAAFRequestedAttribute> getAttributes();
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java
new file mode 100644
index 00000000..ae5fccea
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java
@@ -0,0 +1,151 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.reqattr;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+
+import org.opensaml.core.xml.AttributeExtensibleXMLObject;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.schema.XSBooleanValue;
+import org.opensaml.saml.common.SAMLObject;
+import org.opensaml.saml.saml2.metadata.RequestedAttribute;
+
+public interface EaafRequestedAttribute extends SAMLObject, AttributeExtensibleXMLObject,
+ RequestedAttribute {
+
+ /** Element local name. */
+ String DEF_LOCAL_NAME = "RequestedAttribute";
+
+ /** Local name of the XSI type. */
+ String TYPE_LOCAL_NAME = "RequestedAttributeAbstractType";
+
+ /** Default element name. */
+ QName DEFAULT_ELEMENT_NAME =
+ new QName(PvpConstants.EIDAT10_SAML_NS, DEF_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX);
+
+ /** QName of the XSI type. */
+ QName TYPE_NAME =
+ new QName(PvpConstants.EIDAT10_SAML_NS, TYPE_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX);
+
+ /** NAME_ATTRIB_NAME attribute name. */
+ String NAME_ATTRIB_NAME = "Name";
+
+ /** NAME_FORMAT_ATTRIB_NAME attribute name. */
+ String NAME_FORMAT_ATTR = "NameFormat";
+
+ /** IS_REQUIRED_ATTRIB_NAME attribute name. */
+ String IS_REQUIRED_ATTR = "isRequired";
+
+ /** FRIENDLY_NAME_ATTRIB_NAME attribute name. */
+ String FRIENDLY_NAME_ATT = "FriendlyName";
+
+ /** Unspecified attribute format ID. */
+ String UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";
+
+ /** URI reference attribute format ID. */
+ String URI_REFERENCE = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri";
+
+ /** Basic attribute format ID. */
+ String BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
+
+ /**
+ * Gets the name.
+ *
+ * @return the name
+ */
+ @Override
+ String getName();
+
+ /**
+ * Sets the name.
+ *
+ * @param name the new name
+ */
+ @Override
+ void setName(String name);
+
+ /**
+ * Gets the name format.
+ *
+ * @return the name format
+ */
+ @Override
+ String getNameFormat();
+
+ /**
+ * Sets the name format.
+ *
+ * @param nameFormat the new name format
+ */
+ @Override
+ void setNameFormat(String nameFormat);
+
+ /**
+ * Gets the friendly name.
+ *
+ * @return the friendly name
+ */
+ @Override
+ String getFriendlyName();
+
+ /**
+ * Sets the friendly name.
+ *
+ * @param friendlyName the new friendly name
+ */
+ @Override
+ void setFriendlyName(String friendlyName);
+
+ /**
+ * Gets the checks if is required xs boolean.
+ *
+ * @return the checks if is required xs boolean
+ */
+ String getIsRequiredXsBoolean();
+
+ @Override
+ void setIsRequired(Boolean aboolean);
+
+ @Override
+ void setIsRequired(XSBooleanValue xsBooleanValue);
+
+ /**
+ * Sets the checks if is required.
+ *
+ * @param newIsRequired the new checks if is required
+ */
+ void setIsRequired(String newIsRequired);
+
+ /**
+ * Gets the attribute values.
+ *
+ * @return the attribute values
+ */
+ @Override
+ List<XMLObject> getAttributeValues();
+
+ @Override
+ XSBooleanValue isRequiredXSBoolean();
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java
new file mode 100644
index 00000000..6e8d6202
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.reqattr;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+
+import org.opensaml.saml.common.SAMLObject;
+
+public interface EaafRequestedAttributes extends SAMLObject {
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "RequestedAttributes";
+
+ /** Default element name. */
+ QName DEFAULT_ELEMENT_NAME =
+ new QName(PvpConstants.EIDAT10_SAML_NS, DEF_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX);
+
+ /** Local name of the XSI type. */
+ String TYPE_LOCAL_NAME = "RequestedAttributesType";
+
+ /** QName of the XSI type. */
+ QName TYPE_NAME =
+ new QName(PvpConstants.EIDAT10_SAML_NS, TYPE_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX);
+
+ /**
+ * Gets the attributes.
+ *
+ * @return the attributes
+ */
+ List<EaafRequestedAttribute> getAttributes();
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
new file mode 100644
index 00000000..a564efb2
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java
@@ -0,0 +1,55 @@
+package at.gv.egiz.eaaf.modules.pvp2.api.utils;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+
+public interface IPvp2CredentialProvider {
+
+ /**
+ * Get Credentials to sign metadata.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of a credential error
+ */
+ @Nonnull
+ EaafX509Credential getMetaDataSigningCredential() throws CredentialsNotAvailableException;
+
+ /**
+ * Get Credentials to sign SAML2 messages, like AuthnRequest, Response,
+ * Assertions as some examples.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of a credential error
+ */
+ @Nonnull
+ EaafX509Credential getMessageSigningCredential() throws CredentialsNotAvailableException;
+
+ /**
+ * Get Credentials to encrypt messages, like Assertion as example.
+ *
+ * @return Credentials
+ * @throws CredentialsNotAvailableException In case of a credential error
+ */
+ @Nullable
+ EaafX509Credential getMessageEncryptionCredential()
+ throws CredentialsNotAvailableException;
+
+ /**
+ * Get a List of trusted {@link X509Certificate} that are available in this
+ * KeyStore.
+ *
+ * @return List of trusted {@link X509Certificate}, or an emptry {@link List} if
+ * no certificates are available
+ * @throws CredentialsNotAvailableException In case of a KeyStore error
+ */
+ @Nonnull
+ List<X509Certificate> getTrustedCertificates()
+ throws CredentialsNotAvailableException;
+
+} \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestPostProcessor.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestPostProcessor.java
index b23c230e..9f7a5980 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestPostProcessor.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestPostProcessor.java
@@ -24,14 +24,15 @@ import javax.servlet.http.HttpServletRequest;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
/**
* SAML2 Authn. request post-processor.
*
* <p>
- * Implementations of this interface are executed before user authentication starts.
+ * Implementations of this interface are executed before user authentication
+ * starts.
* </p>
*
* @author tlenz
@@ -42,12 +43,13 @@ public interface IAuthnRequestPostProcessor {
/**
* Authn. request post-processor
*
- * @param httpReq http request
- * @param pendingReq current pending request
- * @param authReq received SAML2 authentication request
+ * @param httpReq http request
+ * @param pendingReq current pending request
+ * @param authReq received SAML2 authentication request
* @param spSsoDescriptor Metadata descriptor of the requested SP
- * @throws AuthnRequestValidatorException In case of a validation error,
- * if post processor implements additional validation
+ * @throws AuthnRequestValidatorException In case of a validation error, if post
+ * processor implements additional
+ * validation
*/
void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq,
SPSSODescriptor spSsoDescriptor) throws AuthnRequestValidatorException;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java
deleted file mode 100644
index 4b8ddea6..00000000
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISAMLValidator.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-package at.gv.egiz.eaaf.modules.pvp2.api.validation;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-
-public interface ISAMLValidator {
- public void validateRequest(RequestAbstractType request) throws EAAFException;
-}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java
new file mode 100644
index 00000000..9042d874
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.api.validation;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+
+public interface ISamlValidator {
+ void validateRequest(RequestAbstractType request) throws EaafException;
+}