summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java92
1 files changed, 29 insertions, 63 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
index 42f69a57..d5893d4a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
@@ -20,31 +20,19 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
import java.io.IOException;
-import java.io.StringWriter;
import java.util.Collection;
import java.util.List;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
+import javax.naming.ConfigurationException;
import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-
-import org.apache.commons.httpclient.auth.CredentialsNotAvailableException;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
-import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
-import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.AttributeConsumingService;
@@ -64,16 +52,20 @@ import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
-import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
-import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
-import org.opensaml.xmlsec.signature.support.Signer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
-import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import net.shibboleth.utilities.java.support.xml.SerializeSupport;
/**
* PVP metadata builder implementation.
@@ -153,19 +145,9 @@ public class PvpMetadataBuilder {
}
}
-
- // set metadata signature parameters
- final Credential metadataSignCred = config.getMetadataSigningCredentials();
- final Signature signature = AbstractCredentialProvider.getIdpSignature(metadataSignCred);
- SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
-
- // initialize XML document builder
- DocumentBuilder builder;
- final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-
- builder = factory.newDocumentBuilder();
- final Document document = builder.newDocument();
-
+
+ SignableSAMLObject metadataToSign;
+
// build entities descriptor
if (config.buildEntitiesDescriptorAsRootElement()) {
final EntitiesDescriptor entitiesDescriptor =
@@ -174,45 +156,29 @@ public class PvpMetadataBuilder {
entitiesDescriptor.setID(Saml2Utils.getSecureIdentifier());
entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
entitiesDescriptor.getEntityDescriptors().add(entityDescriptor);
-
- // load default PVP security configurations
- entitiesDescriptor.setSignature(signature);
-
- // marshall document
- final Marshaller out =
- XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(entitiesDescriptor);
- out.marshall(entitiesDescriptor, document);
-
+ metadataToSign = entitiesDescriptor;
+
} else {
entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
entityDescriptor.setID(Saml2Utils.getSecureIdentifier());
-
- entityDescriptor.setSignature(signature);
-
- // marshall document
- final Marshaller out =
- XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(entityDescriptor);
- out.marshall(entityDescriptor, document);
-
+ metadataToSign = entityDescriptor;
+
}
// sign metadata
- Signer.signObject(signature);
-
- // transform metadata object to XML string
- final Transformer transformer = TransformerFactory.newInstance().newTransformer();
-
- final StringWriter sw = new StringWriter();
- final StreamResult sr = new StreamResult(sw);
- final DOMSource source = new DOMSource(document);
- transformer.transform(source, sr);
- sw.close();
-
- return sw.toString();
+ final EaafX509Credential metadataSignCred = config.getMetadataSigningCredentials();
+ SignableSAMLObject signedMetadata = Saml2Utils.signSamlObject(metadataToSign, metadataSignCred, true);
+
+
+ // Serialize metadata
+ final Element document =XMLObjectSupport.marshall(signedMetadata);
+ String serializedMetadata = SerializeSupport.nodeToString(document);
+ return serializedMetadata;
+
}
private RoleDescriptor generateSpMetadata(final IPvpMetadataBuilderConfiguration config)
- throws CredentialsNotAvailableException, SecurityException, EaafException {
+ throws SecurityException, EaafException {
final SPSSODescriptor spSsoDescriptor = Saml2Utils.createSamlObject(SPSSODescriptor.class);
spSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
spSsoDescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned());
@@ -353,7 +319,7 @@ public class PvpMetadataBuilder {
}
private IDPSSODescriptor generateIdpMetadata(final IPvpMetadataBuilderConfiguration config)
- throws EaafException, CredentialsNotAvailableException, SecurityException {
+ throws EaafException, SecurityException {
// check response signing credential
final Credential responseSignCred = config.getRequestorResponseSigningCredentials();
if (responseSignCred == null) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 16:50:23 +0000