diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_sp')
6 files changed, 61 insertions, 74 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java index 07e9c28d..2e747656 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java @@ -20,12 +20,14 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.api; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.xml.security.credential.Credential; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + /** * Configuration of a PVP2 S-Profile authentication-request builder. * @@ -35,7 +37,8 @@ import org.w3c.dom.Element; public interface IPvpAuthnRequestBuilderConfiguruation { /** - * Defines a unique name for this PVP Service-provider, which is used for logging. + * Defines a unique name for this PVP Service-provider, which is used for + * logging. * * @return */ @@ -49,8 +52,8 @@ public interface IPvpAuthnRequestBuilderConfiguruation { Boolean isPassivRequest(); /** - * Define the ID of the AssertionConsumerService, which defines the required attributes in - * service-provider metadata. + * Define the ID of the AssertionConsumerService, which defines the required + * attributes in service-provider metadata. * * @return */ @@ -73,10 +76,10 @@ public interface IPvpAuthnRequestBuilderConfiguruation { /** * Define the AuthnContextClassRefernece of this request. * - *<p> + * <p> * Example: http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3 * http://www.stork.gov.eu/1.0/citizenQAALevel/4 - *</p> + * </p> * * @return */ @@ -89,7 +92,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation { */ AuthnContextComparisonTypeEnumeration getAuthnContextComparison(); - /** * Define the credential, which should be used to sign the AuthnRequest. * @@ -97,9 +99,9 @@ public interface IPvpAuthnRequestBuilderConfiguruation { */ Credential getAuthnRequestSigningCredential(); - /** - * Define the SAML2 EntityDescriptor of the IDP, which should receive the AuthnRequest. + * Define the SAML2 EntityDescriptor of the IDP, which should receive the + * AuthnRequest. * * @return Credential, but never null. */ @@ -112,7 +114,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation { */ boolean getNameIdPolicyAllowCreation(); - /** * Set the requested SubjectNameID. * @@ -155,11 +156,11 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * Define the information, which should be added as 'subjectConformationDate' in * 'SubjectConformation' element. * - * @return subjectConformation information or null if no subjectConformation should be set + * @return subjectConformation information or null if no subjectConformation + * should be set */ Element getSubjectConformationDate(); - /** * Get the EntityId of the SP in case of a SAML2 proxy use-case. * @@ -167,7 +168,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation { */ String getScopeRequesterId(); - /** * Get a FriendlyName for the SP that sends the request. * @@ -175,10 +175,11 @@ public interface IPvpAuthnRequestBuilderConfiguruation { */ String getProviderName(); - /** - * Get a Set of SAML2 attributes that are requested by using SAML2 requested attributes. <br> - * <b>Info:</b> Attributes are requested by using eIDAS SAML2 extension for requested attributes + * Get a Set of SAML2 attributes that are requested by using SAML2 requested + * attributes. <br> + * <b>Info:</b> Attributes are requested by using eIDAS SAML2 extension for + * requested attributes * * @return */ diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java index 1096c535..03fae599 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java @@ -21,7 +21,6 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; - public class AssertionValidationExeption extends Pvp2Exception { private static final long serialVersionUID = -3987805399122286259L; diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java index 5ad42fb7..251ba759 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java @@ -21,10 +21,8 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; - public class AuthnRequestBuildException extends Pvp2Exception { - private static final long serialVersionUID = -1375451065455859354L; public AuthnRequestBuildException(final String messageId, final Object[] parameters) { diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java index d8d7683c..44fbf40f 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java @@ -21,18 +21,16 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; - public class AuthnResponseValidationException extends Pvp2Exception { - private static final long serialVersionUID = 8023812861029406575L; - public AuthnResponseValidationException(final String messageId, final Object[] parameters) { super(messageId, parameters); } - public AuthnResponseValidationException(final String messageId, final Object[] parameters, final Throwable e) { + public AuthnResponseValidationException(final String messageId, final Object[] parameters, + final Throwable e) { super(messageId, parameters, e); } diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java index 11b1ecad..9b284c88 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java @@ -21,18 +21,9 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.impl; import java.security.NoSuchAlgorithmException; import java.util.List; + import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; -import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; -import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; + import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; @@ -61,6 +52,18 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; + /** * PVP2 S-Profil Authentication-Request builder-implementation. * @@ -71,21 +74,19 @@ import org.springframework.stereotype.Service; public class PvpAuthnRequestBuilder { private static final Logger log = LoggerFactory.getLogger(PvpAuthnRequestBuilder.class); - @Autowired(required = true) ApplicationContext springContext; - /** * Build a PVP2.x specific authentication request * * @param pendingReq Currently processed pendingRequest - * @param config AuthnRequest builder configuration, never null - * @param httpResp http response object + * @param config AuthnRequest builder configuration, never null + * @param httpResp http response object * @throws NoSuchAlgorithmException In case of error - * @throws SecurityException In case of error - * @throws Pvp2Exception In case of error - * @throws MessageEncodingException In case of error + * @throws SecurityException In case of error + * @throws Pvp2Exception In case of error + * @throws MessageEncodingException In case of error */ public void buildAuthnRequest(final IRequest pendingReq, final IPvpAuthnRequestBuilderConfiguruation config, final HttpServletResponse httpResp) @@ -115,13 +116,12 @@ public class PvpAuthnRequestBuilder { log.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID() + " does not support POST or Redirect Binding."); throw new AuthnRequestBuildException("sp.pvp2.00", - new Object[] {config.getSpNameForLogging(), idpEntity.getEntityID()}); + new Object[] { config.getSpNameForLogging(), idpEntity.getEntityID() }); } else { authReq.setDestination(endpoint.getLocation()); } - // set basic AuthnRequest information final String reqID = config.getRequestID(); if (StringUtils.isNotEmpty(reqID)) { @@ -217,7 +217,6 @@ public class PvpAuthnRequestBuilder { } - // set ProviderName if (StringUtils.isNotEmpty(config.getProviderName())) { authReq.setProviderName(config.getProviderName()); @@ -254,10 +253,10 @@ public class PvpAuthnRequestBuilder { binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); } else { - log.warn("Binding: {} is not supported", endpoint.getBinding()); - throw new AuthnRequestBuildException("sp.pvp2.00", - new Object[] {config.getSpNameForLogging(), idpEntity.getEntityID()}); - + log.warn("Binding: {} is not supported", endpoint.getBinding()); + throw new AuthnRequestBuildException("sp.pvp2.00", + new Object[] { config.getSpNameForLogging(), idpEntity.getEntityID() }); + } // encode message diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java index 42d1c85e..fa2b9312 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java @@ -27,8 +27,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; + import org.apache.commons.lang3.StringUtils; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Attribute; @@ -42,6 +41,9 @@ import org.opensaml.xml.XMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; + public class AssertionAttributeExtractor { private static final Logger log = LoggerFactory.getLogger(AssertionAttributeExtractor.class); @@ -61,7 +63,8 @@ public class AssertionAttributeExtractor { /** * Parse the SAML2 Response element and extracts included information. <br> * <br> - * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response is used! + * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response + * is used! * * @param samlResponse SAML2 Response * @throws AssertionAttributeExtractorExeption In case of an error @@ -131,7 +134,8 @@ public class AssertionAttributeExtractor { } /** - * check attributes from assertion with attributeNameList bPK or enc_bPK are always needed. + * check attributes from assertion with attributeNameList bPK or enc_bPK are + * always needed. * * @param attributeNameList List of attributes which are required * @@ -269,14 +273,14 @@ public class AssertionAttributeExtractor { return assertion; } - /** * Get the Assertion validTo period. * - *<p> - * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used. If - * this is empty, this method returns value of SAML 'Conditions' element. - *</p> + * <p> + * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' + * element is used. If this is empty, this method returns value of SAML + * 'Conditions' element. + * </p> * * @return Date, until this SAML2 assertion is valid */ @@ -298,9 +302,9 @@ public class AssertionAttributeExtractor { /** * Get the Assertion validFrom period. * - *<p> + * <p> * This method returns value of SAML 'Conditions' element. - *</p> + * </p> * * @return Date, after this SAML2 assertion is valid, otherwise null */ @@ -331,21 +335,9 @@ public class AssertionAttributeExtractor { && assertion.getAttributeStatements().size() > 0) { final AttributeStatement attrStat = assertion.getAttributeStatements().get(0); for (final Attribute attr : attrStat.getAttributes()) { -// if (attr.getName().startsWith(PvpConstants.STORK_ATTRIBUTE_PREFIX)) { -// final List<String> storkAttrValues = new ArrayList<>(); -// for (final XMLObject el : attr.getAttributeValues()) { -// storkAttrValues.add(el.getDOM().getTextContent()); -// } - // PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), - // false, storkAttrValues , "Available"); - // storkAttributes.put(attr.getName(), storkAttr ); - -// } else { - final List<String> attrList = new ArrayList<>(); - for (final XMLObject el : attr.getAttributeValues()) { - attrList.add(el.getDOM().getTextContent()); - // } - + final List<String> attrList = new ArrayList<>(); + for (final XMLObject el : attr.getAttributeValues()) { + attrList.add(el.getDOM().getTextContent()); attributs.put(attr.getName(), attrList); } |