1 files changed, 225 insertions, 205 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index acc5357e..ea361f11 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -1,36 +1,32 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,  
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
  *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
  * https://joinup.ec.europa.eu/news/understanding-eupl-v12
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *  
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
 package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
 
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.RSAPrivateKey;
-
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.KeyStoreX509CredentialAdapter;
 import org.apache.commons.lang3.StringUtils;
 import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.credential.UsageType;
@@ -40,186 +36,210 @@ import org.opensaml.xml.signature.SignatureConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.KeyStoreX509CredentialAdapter;
-
 public abstract class AbstractCredentialProvider {
-	
-	private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class);
-	
-	private KeyStore keyStore = null;
-	
-	/**
-	 * Get a friendlyName for this keyStore implementation
-	 * This friendlyName is used for logging
-	 * 
-	 * @return keyStore friendlyName
-	 */
-	public abstract String getFriendlyName();
-	
-	/**
-	 * Get KeyStore
-	 * 
-	 * @return URL to the keyStore
-	 * @throws EAAFException 
-	 */
-	public abstract String getKeyStoreFilePath() throws EAAFException;
-	
-	/**
-	 * Get keyStore password
-	 * 
-	 * @return Password of the keyStore
-	 */
-	public abstract String getKeyStorePassword();
-	
-	/**
-	 * Get alias of key for metadata signing
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getMetadataKeyAlias();
-	
-	/**
-	 * Get password of key for metadata signing
-	 * 
-	 * @return key password
-	 */
-	public abstract String getMetadataKeyPassword();
-	
-	/**
-	 * Get alias of key for request/response signing
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getSignatureKeyAlias();
-	
-	/**
-	 * Get password of key for request/response signing
-	 * 
-	 * @return key password
-	 */
-	public abstract String getSignatureKeyPassword();
-	
-	/**
-	 * Get alias of key for IDP response encryption
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getEncryptionKeyAlias();
-	
-	/**
-	 * Get password of key for IDP response encryption
-	 * 
-	 * @return key password
-	 */
-	public abstract String getEncryptionKeyPassword();
-	
-	
-	public X509Credential getIDPMetaDataSigningCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(
-					keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
-
-			credentials.setUsageType(UsageType.SIGNING);
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				log.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			return credentials;
-		} catch (Exception e) {
-			log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-
-	public X509Credential getIDPAssertionSigningCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(
-					keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
-			
-			credentials.setUsageType(UsageType.SIGNING);
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				log.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			
-			return (X509Credential) credentials;
-		} catch (Exception e) {
-			log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-	
-	public X509Credential getIDPAssertionEncryptionCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			//if no encryption key is configured return null
-			if (StringUtils.isEmpty(getEncryptionKeyAlias()))
-				return null;
-			
-			KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(
-					keyStore, getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
-			
-			credentials.setUsageType(UsageType.ENCRYPTION);
-			
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				log.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: "
-						+ getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			
-			return (X509Credential) credentials;
-			
-		} catch (Exception e) {
-			log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-	
-	public static Signature getIDPSignature(Credential credentials) {		
-		PrivateKey privatekey = credentials.getPrivateKey();		
-		Signature signer = SAML2Utils.createSAMLObject(Signature.class);
-		
-		if (privatekey instanceof RSAPrivateKey) {
-			signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-			
-		} else if (privatekey instanceof ECPrivateKey) {
-			signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
-		} else {
-			log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential.");
-			
-			
-		}
-
-		signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);		
-		signer.setSigningCredential(credentials);
-		return signer;
-		
-	}
+
+  private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class);
+
+  private KeyStore keyStore = null;
+
+  /**
+   * Get a friendlyName for this keyStore implementation This friendlyName is used for logging.
+   *
+   * @return keyStore friendlyName
+   */
+  public abstract String getFriendlyName();
+
+  /**
+   * Get KeyStore.
+   *
+   * @return URL to the keyStore
+   * @throws EaafException In case of an invalid filepath
+   */
+  public abstract String getKeyStoreFilePath() throws EaafException;
+
+  /**
+   * Get keyStore password.
+   *
+   * @return Password of the keyStore
+   */
+  public abstract String getKeyStorePassword();
+
+  /**
+   * Get alias of key for metadata signing.
+   *
+   * @return key alias
+   */
+  public abstract String getMetadataKeyAlias();
+
+  /**
+   * Get password of key for metadata signing.
+   *
+   * @return key password
+   */
+  public abstract String getMetadataKeyPassword();
+
+  /**
+   * Get alias of key for request/response signing.
+   *
+   * @return key alias
+   */
+  public abstract String getSignatureKeyAlias();
+
+  /**
+   * Get password of key for request/response signing.
+   *
+   * @return key password
+   */
+  public abstract String getSignatureKeyPassword();
+
+  /**
+   * Get alias of key for IDP response encryption.
+   *
+   * @return key alias
+   */
+  public abstract String getEncryptionKeyAlias();
+
+  /**
+   * Get password of key for IDP response encryption.
+   *
+   * @return key password
+   */
+  public abstract String getEncryptionKeyPassword();
+
+
+  /**
+   * Get Credentials to sign metadata.
+   *
+   * @return Credentials
+   * @throws CredentialsNotAvailableException In case of a credential error
+   */
+  public X509Credential getIdpMetaDataSigningCredential() throws CredentialsNotAvailableException {
+    try {
+
+      if (keyStore == null) {
+        keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
+      }
+
+      final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+          getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
+
+      credentials.setUsageType(UsageType.SIGNING);
+      if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
+        log.error(getFriendlyName()
+            + " Metadata Signing credentials is not found or contains no PrivateKey.");
+        throw new CredentialsNotAvailableException("config.27",
+            new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: "
+                + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
+
+      }
+      return credentials;
+    } catch (final Exception e) {
+      log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
+      e.printStackTrace();
+      throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e);
+    }
+  }
+
+  /**
+   * Get Credentials to sign Assertion.
+   *
+   * @return Credentials
+   * @throws CredentialsNotAvailableException In case of a credential error
+   */
+  public X509Credential getIdpAssertionSigningCredential() throws CredentialsNotAvailableException {
+    try {
+      if (keyStore == null) {
+        keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
+      }
+
+      final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+          getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
+
+      credentials.setUsageType(UsageType.SIGNING);
+      if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
+        log.error(getFriendlyName()
+            + " Assertion Signing credentials is not found or contains no PrivateKey.");
+        throw new CredentialsNotAvailableException("config.27",
+            new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: "
+                + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
+
+      }
+
+      return credentials;
+    } catch (final Exception e) {
+      log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
+      e.printStackTrace();
+      throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e);
+    }
+  }
+
+  /**
+   * Get Credentials to encrypt assertion.
+   *
+   * @return Credentials
+   * @throws CredentialsNotAvailableException In case of a credential error
+   */
+  public X509Credential getIdpAssertionEncryptionCredential()
+      throws CredentialsNotAvailableException {
+    try {
+      if (keyStore == null) {
+        keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
+      }
+
+      // if no encryption key is configured return null
+      if (StringUtils.isEmpty(getEncryptionKeyAlias())) {
+        return null;
+      }
+
+      final KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore,
+          getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
+
+      credentials.setUsageType(UsageType.ENCRYPTION);
+
+      if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
+        log.error(getFriendlyName()
+            + " Assertion Encryption credentials is not found or contains no PrivateKey.");
+        throw new CredentialsNotAvailableException("config.27",
+            new Object[] {getFriendlyName() + " Assertion Encryption credentials (Alias: "
+                + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
+
+      }
+
+      return credentials;
+
+    } catch (final Exception e) {
+      log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
+      e.printStackTrace();
+      throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e);
+    }
+  }
+
+  /**
+   * Get an XML signature object.
+   *
+   * @param credentials Credentials for signing
+   * @return OpenSAML Signature object
+   */
+  public static Signature getIdpSignature(final Credential credentials) {
+    final PrivateKey privatekey = credentials.getPrivateKey();
+    final Signature signer = Saml2Utils.createSamlObject(Signature.class);
+
+    if (privatekey instanceof RSAPrivateKey) {
+      signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+
+    } else if (privatekey instanceof ECPrivateKey) {
+      signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
+
+    } else {
+      log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId()
+          + " credential.");
+
+
+    }
+
+    signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+    signer.setSigningCredential(credentials);
+    return signer;
+
+  }
 }