diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils')
3 files changed, 47 insertions, 41 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index ec4009f0..5c9bb6be 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -23,10 +23,7 @@ import java.security.KeyStore; import java.security.PrivateKey; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.RSAPrivateKey; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; + import org.apache.commons.lang3.StringUtils; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; @@ -36,6 +33,11 @@ import org.opensaml.xml.signature.SignatureConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; + public abstract class AbstractCredentialProvider { private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class); @@ -43,7 +45,8 @@ public abstract class AbstractCredentialProvider { private KeyStore keyStore = null; /** - * Get a friendlyName for this keyStore implementation This friendlyName is used for logging. + * Get a friendlyName for this keyStore implementation This friendlyName is used + * for logging. * * @return keyStore friendlyName */ @@ -106,7 +109,6 @@ public abstract class AbstractCredentialProvider { */ public abstract String getEncryptionKeyPassword(); - /** * Get Credentials to sign metadata. * @@ -128,15 +130,15 @@ public abstract class AbstractCredentialProvider { log.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey."); throw new CredentialsNotAvailableException("config.27", - new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: " - + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."}); + new Object[] { getFriendlyName() + " Assertion Signing credentials (Alias: " + + getMetadataKeyAlias() + ") is not found or contains no PrivateKey." }); } return credentials; } catch (final Exception e) { log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e); + throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -160,8 +162,8 @@ public abstract class AbstractCredentialProvider { log.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey."); throw new CredentialsNotAvailableException("config.27", - new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: " - + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."}); + new Object[] { getFriendlyName() + " Assertion Signing credentials (Alias: " + + getSignatureKeyAlias() + ") is not found or contains no PrivateKey." }); } @@ -169,7 +171,7 @@ public abstract class AbstractCredentialProvider { } catch (final Exception e) { log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e); + throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -200,8 +202,8 @@ public abstract class AbstractCredentialProvider { log.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey."); throw new CredentialsNotAvailableException("config.27", - new Object[] {getFriendlyName() + " Assertion Encryption credentials (Alias: " - + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."}); + new Object[] { getFriendlyName() + " Assertion Encryption credentials (Alias: " + + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey." }); } @@ -210,7 +212,7 @@ public abstract class AbstractCredentialProvider { } catch (final Exception e) { log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e); + throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -234,7 +236,6 @@ public abstract class AbstractCredentialProvider { log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential."); - } signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java index 876fa744..31ffd5a7 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java @@ -20,14 +20,17 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; import java.util.List; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; -import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException; + import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException; + /** - * EAAF LoA Level verifier checks if requested LoA matchs to LoA of authentication. + * EAAF LoA Level verifier checks if requested LoA matchs to LoA of + * authentication. * * * @author tlenz @@ -40,23 +43,23 @@ public class QaaLevelVerifier { private static boolean verifyQaaLevel(final String qaaAuth, final String requiredLoA, final String matchingMode) throws QaaNotAllowedException { // to MINIMUM machting - if (EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) { + if (EaafConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) { log.trace("Perfom LoA matching in 'MINIMUM' mode ... "); - if (EAAFConstants.EIDAS_LOA_LOW.equals(requiredLoA) - && (EAAFConstants.EIDAS_LOA_LOW.equals(qaaAuth) - || EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) - || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { + if (EaafConstants.EIDAS_LOA_LOW.equals(requiredLoA) + && (EaafConstants.EIDAS_LOA_LOW.equals(qaaAuth) + || EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) + || EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { return true; - } else if (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA) - && (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) - || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { + } else if (EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA) + && (EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) + || EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { return true; - } else if (EAAFConstants.EIDAS_LOA_HIGH.equals(requiredLoA) - && EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) { + } else if (EaafConstants.EIDAS_LOA_HIGH.equals(requiredLoA) + && EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) { return true; } - } else if (EAAFConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) { + } else if (EaafConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) { // to EXACT matching log.trace("Perfom LoA matching in 'EXACT' mode ... "); if (qaaAuth.equals(requiredLoA)) { @@ -78,7 +81,7 @@ public class QaaLevelVerifier { /** * Check LoA level. * - * @param qaaAuth LoA of authentication + * @param qaaAuth LoA of authentication * @param requiredLoAs List of allowed LoA levels * @param matchingMode LoA matching mode * @throws QaaNotAllowedException If LoA does not match diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java index 8bcc3e74..1a282b55 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java @@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; import java.io.IOException; import java.util.List; + import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -29,9 +30,7 @@ import javax.xml.transform.TransformerException; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.core.Attribute; @@ -51,6 +50,10 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Document; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + public class Saml2Utils { private static final Logger log = LoggerFactory.getLogger(Saml2Utils.class); @@ -66,13 +69,13 @@ public class Saml2Utils { } catch (final ParserConfigurationException e) { // TODO Auto-generated catch block e.printStackTrace(); - } + } } /** * Create a SAML2 object. * - * @param <T> SAML2 object class + * @param <T> SAML2 object class * @param clazz object class * @return SAML2 object */ @@ -103,14 +106,13 @@ public class Saml2Utils { } - /** * Transform SAML2 Object to Element. * * @param object SAML2 object * @return Element - * @throws IOException In case of an transformation error - * @throws MarshallingException In case of an transformation error + * @throws IOException In case of an transformation error + * @throws MarshallingException In case of an transformation error * @throws TransformerException In case of an transformation error */ public static Document asDomDocument(final XMLObject object) @@ -178,9 +180,9 @@ public class Saml2Utils { /** * Generate EAAF specific requested attribute. * - * @param attr SAML2 attribute definition + * @param attr SAML2 attribute definition * @param isRequired is-mandatory flag - * @param value Attribute value + * @param value Attribute value * @return */ public static EaafRequestedAttribute generateReqAuthnAttributeSimple(final Attribute attr, |