summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_sp/src
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_sp/src')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java33
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java49
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java44
6 files changed, 61 insertions, 74 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java
index 07e9c28d..2e747656 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java
@@ -20,12 +20,14 @@
package at.gv.egiz.eaaf.modules.pvp2.sp.api;
import java.util.List;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.xml.security.credential.Credential;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
/**
* Configuration of a PVP2 S-Profile authentication-request builder.
*
@@ -35,7 +37,8 @@ import org.w3c.dom.Element;
public interface IPvpAuthnRequestBuilderConfiguruation {
/**
- * Defines a unique name for this PVP Service-provider, which is used for logging.
+ * Defines a unique name for this PVP Service-provider, which is used for
+ * logging.
*
* @return
*/
@@ -49,8 +52,8 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
Boolean isPassivRequest();
/**
- * Define the ID of the AssertionConsumerService, which defines the required attributes in
- * service-provider metadata.
+ * Define the ID of the AssertionConsumerService, which defines the required
+ * attributes in service-provider metadata.
*
* @return
*/
@@ -73,10 +76,10 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
/**
* Define the AuthnContextClassRefernece of this request.
*
- *<p>
+ * <p>
* Example: http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3
* http://www.stork.gov.eu/1.0/citizenQAALevel/4
- *</p>
+ * </p>
*
* @return
*/
@@ -89,7 +92,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*/
AuthnContextComparisonTypeEnumeration getAuthnContextComparison();
-
/**
* Define the credential, which should be used to sign the AuthnRequest.
*
@@ -97,9 +99,9 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*/
Credential getAuthnRequestSigningCredential();
-
/**
- * Define the SAML2 EntityDescriptor of the IDP, which should receive the AuthnRequest.
+ * Define the SAML2 EntityDescriptor of the IDP, which should receive the
+ * AuthnRequest.
*
* @return Credential, but never null.
*/
@@ -112,7 +114,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*/
boolean getNameIdPolicyAllowCreation();
-
/**
* Set the requested SubjectNameID.
*
@@ -155,11 +156,11 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
* Define the information, which should be added as 'subjectConformationDate' in
* 'SubjectConformation' element.
*
- * @return subjectConformation information or null if no subjectConformation should be set
+ * @return subjectConformation information or null if no subjectConformation
+ * should be set
*/
Element getSubjectConformationDate();
-
/**
* Get the EntityId of the SP in case of a SAML2 proxy use-case.
*
@@ -167,7 +168,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*/
String getScopeRequesterId();
-
/**
* Get a FriendlyName for the SP that sends the request.
*
@@ -175,10 +175,11 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*/
String getProviderName();
-
/**
- * Get a Set of SAML2 attributes that are requested by using SAML2 requested attributes. <br>
- * <b>Info:</b> Attributes are requested by using eIDAS SAML2 extension for requested attributes
+ * Get a Set of SAML2 attributes that are requested by using SAML2 requested
+ * attributes. <br>
+ * <b>Info:</b> Attributes are requested by using eIDAS SAML2 extension for
+ * requested attributes
*
* @return
*/
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java
index 1096c535..03fae599 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java
@@ -21,7 +21,6 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-
public class AssertionValidationExeption extends Pvp2Exception {
private static final long serialVersionUID = -3987805399122286259L;
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java
index 5ad42fb7..251ba759 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java
@@ -21,10 +21,8 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-
public class AuthnRequestBuildException extends Pvp2Exception {
-
private static final long serialVersionUID = -1375451065455859354L;
public AuthnRequestBuildException(final String messageId, final Object[] parameters) {
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java
index d8d7683c..44fbf40f 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java
@@ -21,18 +21,16 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-
public class AuthnResponseValidationException extends Pvp2Exception {
-
private static final long serialVersionUID = 8023812861029406575L;
-
public AuthnResponseValidationException(final String messageId, final Object[] parameters) {
super(messageId, parameters);
}
- public AuthnResponseValidationException(final String messageId, final Object[] parameters, final Throwable e) {
+ public AuthnResponseValidationException(final String messageId, final Object[] parameters,
+ final Throwable e) {
super(messageId, parameters, e);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
index 11b1ecad..9b284c88 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
@@ -21,18 +21,9 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.impl;
import java.security.NoSuchAlgorithmException;
import java.util.List;
+
import javax.servlet.http.HttpServletResponse;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation;
-import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
@@ -61,6 +52,18 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+
/**
* PVP2 S-Profil Authentication-Request builder-implementation.
*
@@ -71,21 +74,19 @@ import org.springframework.stereotype.Service;
public class PvpAuthnRequestBuilder {
private static final Logger log = LoggerFactory.getLogger(PvpAuthnRequestBuilder.class);
-
@Autowired(required = true)
ApplicationContext springContext;
-
/**
* Build a PVP2.x specific authentication request
*
* @param pendingReq Currently processed pendingRequest
- * @param config AuthnRequest builder configuration, never null
- * @param httpResp http response object
+ * @param config AuthnRequest builder configuration, never null
+ * @param httpResp http response object
* @throws NoSuchAlgorithmException In case of error
- * @throws SecurityException In case of error
- * @throws Pvp2Exception In case of error
- * @throws MessageEncodingException In case of error
+ * @throws SecurityException In case of error
+ * @throws Pvp2Exception In case of error
+ * @throws MessageEncodingException In case of error
*/
public void buildAuthnRequest(final IRequest pendingReq,
final IPvpAuthnRequestBuilderConfiguruation config, final HttpServletResponse httpResp)
@@ -115,13 +116,12 @@ public class PvpAuthnRequestBuilder {
log.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID()
+ " does not support POST or Redirect Binding.");
throw new AuthnRequestBuildException("sp.pvp2.00",
- new Object[] {config.getSpNameForLogging(), idpEntity.getEntityID()});
+ new Object[] { config.getSpNameForLogging(), idpEntity.getEntityID() });
} else {
authReq.setDestination(endpoint.getLocation());
}
-
// set basic AuthnRequest information
final String reqID = config.getRequestID();
if (StringUtils.isNotEmpty(reqID)) {
@@ -217,7 +217,6 @@ public class PvpAuthnRequestBuilder {
}
-
// set ProviderName
if (StringUtils.isNotEmpty(config.getProviderName())) {
authReq.setProviderName(config.getProviderName());
@@ -254,10 +253,10 @@ public class PvpAuthnRequestBuilder {
binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
} else {
- log.warn("Binding: {} is not supported", endpoint.getBinding());
- throw new AuthnRequestBuildException("sp.pvp2.00",
- new Object[] {config.getSpNameForLogging(), idpEntity.getEntityID()});
-
+ log.warn("Binding: {} is not supported", endpoint.getBinding());
+ throw new AuthnRequestBuildException("sp.pvp2.00",
+ new Object[] { config.getSpNameForLogging(), idpEntity.getEntityID() });
+
}
// encode message
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
index 42d1c85e..fa2b9312 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
@@ -27,8 +27,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+
import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
@@ -42,6 +41,9 @@ import org.opensaml.xml.XMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+
public class AssertionAttributeExtractor {
private static final Logger log = LoggerFactory.getLogger(AssertionAttributeExtractor.class);
@@ -61,7 +63,8 @@ public class AssertionAttributeExtractor {
/**
* Parse the SAML2 Response element and extracts included information. <br>
* <br>
- * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response is used!
+ * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response
+ * is used!
*
* @param samlResponse SAML2 Response
* @throws AssertionAttributeExtractorExeption In case of an error
@@ -131,7 +134,8 @@ public class AssertionAttributeExtractor {
}
/**
- * check attributes from assertion with attributeNameList bPK or enc_bPK are always needed.
+ * check attributes from assertion with attributeNameList bPK or enc_bPK are
+ * always needed.
*
* @param attributeNameList List of attributes which are required
*
@@ -269,14 +273,14 @@ public class AssertionAttributeExtractor {
return assertion;
}
-
/**
* Get the Assertion validTo period.
*
- *<p>
- * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used. If
- * this is empty, this method returns value of SAML 'Conditions' element.
- *</p>
+ * <p>
+ * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment'
+ * element is used. If this is empty, this method returns value of SAML
+ * 'Conditions' element.
+ * </p>
*
* @return Date, until this SAML2 assertion is valid
*/
@@ -298,9 +302,9 @@ public class AssertionAttributeExtractor {
/**
* Get the Assertion validFrom period.
*
- *<p>
+ * <p>
* This method returns value of SAML 'Conditions' element.
- *</p>
+ * </p>
*
* @return Date, after this SAML2 assertion is valid, otherwise null
*/
@@ -331,21 +335,9 @@ public class AssertionAttributeExtractor {
&& assertion.getAttributeStatements().size() > 0) {
final AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
for (final Attribute attr : attrStat.getAttributes()) {
-// if (attr.getName().startsWith(PvpConstants.STORK_ATTRIBUTE_PREFIX)) {
-// final List<String> storkAttrValues = new ArrayList<>();
-// for (final XMLObject el : attr.getAttributeValues()) {
-// storkAttrValues.add(el.getDOM().getTextContent());
-// }
- // PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
- // false, storkAttrValues , "Available");
- // storkAttributes.put(attr.getName(), storkAttr );
-
-// } else {
- final List<String> attrList = new ArrayList<>();
- for (final XMLObject el : attr.getAttributeValues()) {
- attrList.add(el.getDOM().getTextContent());
- // }
-
+ final List<String> attrList = new ArrayList<>();
+ for (final XMLObject el : attr.getAttributeValues()) {
+ attrList.add(el.getDOM().getTextContent());
attributs.put(attr.getName(), attrList);
}