diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification')
4 files changed, 36 insertions, 35 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java index fc1b6ea8..6d78b775 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java @@ -23,7 +23,7 @@ import javax.xml.namespace.QName; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.SignableSAMLObject; import org.opensaml.common.xml.SAMLConstants; @@ -45,6 +45,8 @@ import org.slf4j.LoggerFactory; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + /** * Signature Policy for SAML2 redirect-binding. * @@ -56,7 +58,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit private static final Logger log = LoggerFactory.getLogger(AbstractRequestSignedSecurityPolicyRule.class); - private SignatureTrustEngine trustEngine = null; private QName peerEntityRole = null; @@ -73,7 +74,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - /** * Reload the PVP metadata for a given entity. * @@ -82,14 +82,14 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit */ protected abstract boolean refreshMetadataProvider(String entityID); - protected abstract SignableSAMLObject getSignedSamlObject(XMLObject inboundData); /* * (non-Javadoc) * * @see - * org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext) + * org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message. + * MessageContext) */ @Override public void evaluate(final MessageContext context) throws SecurityPolicyException { @@ -114,7 +114,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - } private void verifySignature(final MessageContext context) throws SecurityPolicyException { @@ -136,8 +135,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - - final CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIDCriteria(context.getInboundMessageIssuer())); criteriaSet.add(new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS)); @@ -191,7 +188,7 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - throw new SchemaValidationException("pvp2.22", new Object[] {err}); + throw new SchemaValidationException("pvp2.22", new Object[] { err }); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java index 8f042ae2..42d7d6a1 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java @@ -20,6 +20,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.verification; import java.util.List; + import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; import org.opensaml.ws.transport.http.HTTPInTransport; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java index 0d108596..c7a43b0b 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java @@ -20,12 +20,14 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.verification; import javax.xml.namespace.QName; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + import org.opensaml.common.SignableSAMLObject; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.xml.XMLObject; import org.opensaml.xml.signature.SignatureTrustEngine; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPolicyRule { private IRefreshableMetadataProvider metadataProvider = null; @@ -34,8 +36,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol * EAAF specific signature rule for OpenSAML2 redirect-binding. * * @param metadataProvider SAML2 metadata provider - * @param trustEngine SAML2 TrustEngine - * @param peerEntityRole Role of the Entity + * @param trustEngine SAML2 TrustEngine + * @param peerEntityRole Role of the Entity */ public PvpSignedRequestPolicyRule(final MetadataProvider metadataProvider, final SignatureTrustEngine trustEngine, final QName peerEntityRole) { @@ -49,8 +51,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule# + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation. + * AbstractRequestSignedSecurityPolicyRule# * refreshMetadataProvider(java.lang.String) */ @Override @@ -66,8 +68,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule# + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation. + * AbstractRequestSignedSecurityPolicyRule# * getSignedSAMLObject(org.opensaml.xml.XMLObject) */ @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java index 024c35d8..df91ce53 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java @@ -24,14 +24,6 @@ import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; -import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; import org.apache.commons.lang3.StringUtils; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.common.xml.SAMLSchemaBuilder; @@ -54,20 +46,29 @@ import org.springframework.stereotype.Service; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; + @Service("SAMLVerificationEngine") public class SamlVerificationEngine { private static final Logger log = LoggerFactory.getLogger(SamlVerificationEngine.class); - @Autowired(required = true) IPvpMetadataProvider metadataProvider; /** * Verify signature of a signed SAML2 object. * - * @param msg SAML2 message + * @param msg SAML2 message * @param sigTrustEngine TrustEngine - * @throws org.opensaml.xml.security.SecurityException In case of invalid signature + * @throws org.opensaml.xml.security.SecurityException In case of + * invalid signature * @throws Exception In case of a general error */ public void verify(final InboundMessage msg, final SignatureTrustEngine sigTrustEngine) @@ -77,13 +78,13 @@ public class SamlVerificationEngine { && ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) { verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(), sigTrustEngine); - } else if (msg instanceof PvpSProfileResponse){ + } else if (msg instanceof PvpSProfileResponse) { verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine); - + } else { - log.warn("SAML2 message type: {} not supported", msg.getClass().getName()); - throw new EaafProtocolException("9999", null); - + log.warn("SAML2 message type: {} not supported", msg.getClass().getName()); + throw new EaafProtocolException("9999", null); + } } catch (final InvalidProtocolRequestException e) { @@ -139,7 +140,7 @@ public class SamlVerificationEngine { throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } catch (final SchemaValidationException e) { - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() }); } @@ -170,7 +171,7 @@ public class SamlVerificationEngine { throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } catch (final SchemaValidationException e) { - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() }); } @@ -218,7 +219,7 @@ public class SamlVerificationEngine { } - throw new SchemaValidationException("pvp2.22", new Object[] {err}); + throw new SchemaValidationException("pvp2.22", new Object[] { err }); } |