diff options
Diffstat (limited to 'eaaf_modules')
103 files changed, 1387 insertions, 1558 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java index 1a88c43b..e9932ae8 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java @@ -2,19 +2,21 @@ package at.gv.egiz.eaaf.modules.auth.sl20; import java.util.Arrays; import java.util.List; + import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - /** * AuthModule to select a Securtiy-Layer 2.0 based authentication process. @@ -23,8 +25,7 @@ import org.springframework.beans.factory.annotation.Autowired; * */ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule { - private static final Logger log = - LoggerFactory.getLogger(AbstractSL20AuthenticationModulImpl.class); + private static final Logger log = LoggerFactory.getLogger(AbstractSL20AuthenticationModulImpl.class); private int priority = 3; public static final List<String> VDA_TYPE_IDS = Arrays.asList("1", "2", "3", "4"); @@ -56,17 +57,15 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule } - /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process - * .api.ExecutionContext) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv. + * egovernment.moa.id.process .api.ExecutionContext) */ @Override public String selectProcess(final ExecutionContext context, final IRequest pendingReq) { - final IspConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); if (spConfig == null) { log.error("Suspect state. NO SP CONFIGURATION IN CONTEXT!"); @@ -74,17 +73,13 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule } - final String sl20ClientTypeHeader = - (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase()); - final String sl20VdaTypeHeader = - (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + final String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase()); + final String sl20VdaTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); if (authConfig.getBasicConfigurationBoolean(getGeneralConfigPropertyNameEnableModule(), getGeneralConfigPropertyNameEnableModuleDefault())) { - if (StringUtils - .isNotEmpty(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule())) - && Boolean - .valueOf(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))) { + if (StringUtils.isNotEmpty(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule())) + && Boolean.valueOf(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))) { log.debug("SL2.0 is enabled for " + spConfig.getUniqueIdentifier()); log.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + ": " + sl20ClientTypeHeader); log.trace(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE + ": " + sl20VdaTypeHeader); @@ -97,8 +92,7 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule } } else { - log.trace("SL2.0 is NOT enabled with property: {}", - getGeneralConfigPropertyNameEnableModule()); + log.trace("SL2.0 is NOT enabled with property: {}", getGeneralConfigPropertyNameEnableModule()); return null; } @@ -106,22 +100,24 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule } /** - * Get the general configuration-key that holds the enabled key for this authentication module. + * Get the general configuration-key that holds the enabled key for this + * authentication module. * * @return */ public abstract String getGeneralConfigPropertyNameEnableModule(); /** - * Get the default value of the general configuration-key that holds the enabled key for this - * authentication module. + * Get the default value of the general configuration-key that holds the enabled + * key for this authentication module. * * @return */ public abstract boolean getGeneralConfigPropertyNameEnableModuleDefault(); /** - * Get the SP specific configuration-key that holds the enabled key for this authentication module. + * Get the SP specific configuration-key that holds the enabled key for this + * authentication module. * * @return configuration key for SP configuration */ diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java index a8460911..f607f8cb 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java @@ -3,44 +3,38 @@ package at.gv.egiz.eaaf.modules.auth.sl20; public class Constants { public static final String CONFIG_PROP_PREFIX = "modules.sl20"; - public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = - CONFIG_PROP_PREFIX + ".vda.urls.qualeID."; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID."; - public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = - CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = - CONFIG_PROP_PREFIX + ".security.keystore.path"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = - CONFIG_PROP_PREFIX + ".security.keystore.password"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = - CONFIG_PROP_PREFIX + ".security.sign.alias"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD = - CONFIG_PROP_PREFIX + ".security.sign.password"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = - CONFIG_PROP_PREFIX + ".security.encryption.alias"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = - CONFIG_PROP_PREFIX + ".security.encryption.password"; + public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX + + ".vda.authblock.transformation.id"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX + + ".security.keystore.password"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD = CONFIG_PROP_PREFIX + + ".security.sign.password"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + + ".security.encryption.alias"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + + ".security.encryption.password"; public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT = "default"; - public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = - CONFIG_PROP_VDA_ENDPOINT_QUALeID + CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT; - public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = - CONFIG_PROP_VDA_ENDPOINT_QUALeID + "list"; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_VDA_ENDPOINT_QUALeID + + CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID + "list"; public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds."; - public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = - CONFIG_PROP_PREFIX + ".security.eID.validation.disable"; - public static final String CONFIG_PROP_ENABLE_EID_ENCRYPTION = - CONFIG_PROP_PREFIX + ".security.eID.encryption.enabled"; - public static final String CONFIG_PROP_FORCE_EID_ENCRYPTION = - CONFIG_PROP_PREFIX + ".security.eID.encryption.required"; - public static final String CONFIG_PROP_FORCE_EID_SIGNED_RESULT = - CONFIG_PROP_PREFIX + ".security.eID.signed.result.required"; + public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + + ".security.eID.validation.disable"; + public static final String CONFIG_PROP_ENABLE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + + ".security.eID.encryption.enabled"; + public static final String CONFIG_PROP_FORCE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + + ".security.eID.encryption.required"; + public static final String CONFIG_PROP_FORCE_EID_SIGNED_RESULT = CONFIG_PROP_PREFIX + + ".security.eID.signed.result.required"; - public static final String CONFIG_PROP_IPC_RETURN_URL = - CONFIG_PROP_PREFIX + ".testing.ipc.return.url"; - public static final String CONFIG_PROP_HTTP_REDIRECT_CODE = - CONFIG_PROP_PREFIX + ".testing.redirect.http.code"; + public static final String CONFIG_PROP_IPC_RETURN_URL = CONFIG_PROP_PREFIX + ".testing.ipc.return.url"; + public static final String CONFIG_PROP_HTTP_REDIRECT_CODE = CONFIG_PROP_PREFIX + ".testing.redirect.http.code"; public static final String CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE = "303"; public static final String CONFIG_PROP_SP_ENABLE_SL20_AUTHENTICATION = "auth.sl20.enabled"; @@ -51,25 +45,23 @@ public class Constants { /** * Only dummy data for development!!!!!!. */ - public static final String DUMMY_SIGNING_CERT = - "MIIC9zCCAd8CBFretWcwDQYJKoZIhvcNAQEOBQAwQDELMAkGA1UEBhMCQVQxDTAL\n" - + "BgNVBAoMBEVHSVoxIjAgBgNVBAMMGW93biBkdW1teSBtZXRhZGF0YSBzaWduZXIw\n" - + "HhcNMTgwNDI0MDQ0MTExWhcNMjEwMTE3MDQ0MTExWjBAMQswCQYDVQQGEwJBVDEN\n" - + "MAsGA1UECgwERUdJWjEiMCAGA1UEAwwZb3duIGR1bW15IG1ldGFkYXRhIHNpZ25l\n" - + "cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW5trHH\n" - + "Rb1s60QtGNp2v1nfMg1R6h7SzygtmO869v5bqrVBBVGmujslr7W8cZ2DLmJoQx1N\n" - + "WwhccjXTHpNPw0B70qHGch2uRNkqkizSOlwth0Ll2DJtzxTolbajYdg+xppXScUq\n" - + "WNlNZndauPSnB2CESgNkaUou4x4YVSDInugAtLvdLx8rf2YcuidI6UIXxeSZr3VO\n" - + "Z12YtddzcJ+lwh7OX8B0UvLsdYjKjefjEudyuNBmVwLv4K2LsFhSqgE1CAzk3oCb\n" - + "V2A84klaWVPiXoBiOucyouvX781WVp1aCBp0QA8gpJH7/2wRsdPQ90tjMzM7dcgY\n" - + "LDkCAwEAATANBgkqhkiG9w0BAQ4FAAOCAQEAQuYRQcCNLDYU1ItliYz9f28+KDyU\n" - + "8WjF3NDZrlJbGSKQ4n7wkBfxdK3zprmpHadWDB+aZaPt/+voE2FduzPiLUDlpazN\n" - + "60JJ5/YHZ3q9MZvdoNg6rjkpioWatoj/smUkT6oUWL/gp8tH12fOd2oJygBqXMve\n" - + "3y3qVCghnjRaMYuXcScTZcjH9yebkTLygirtw34oGVb7t+HwbtcN65fUIBly6Rcl\n" - + "8NV3pwOKhXFKDAqXUpvhebL4+tWOqPdqfIfGaE6rELfTf3icGY3CQCzDz5Gp0Ptc\n" - + "TfQqm64xnhtAruXNJXWg2ptg+GuQgWnJUgQ8wLNMxw9XdeEwlQo5dL6xmg=="; + public static final String DUMMY_SIGNING_CERT = "MIIC9zCCAd8CBFretWcwDQYJKoZIhvcNAQEOBQAwQDELMAkGA1UEBhMCQVQxDTAL\n" + + "BgNVBAoMBEVHSVoxIjAgBgNVBAMMGW93biBkdW1teSBtZXRhZGF0YSBzaWduZXIw\n" + + "HhcNMTgwNDI0MDQ0MTExWhcNMjEwMTE3MDQ0MTExWjBAMQswCQYDVQQGEwJBVDEN\n" + + "MAsGA1UECgwERUdJWjEiMCAGA1UEAwwZb3duIGR1bW15IG1ldGFkYXRhIHNpZ25l\n" + + "cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW5trHH\n" + + "Rb1s60QtGNp2v1nfMg1R6h7SzygtmO869v5bqrVBBVGmujslr7W8cZ2DLmJoQx1N\n" + + "WwhccjXTHpNPw0B70qHGch2uRNkqkizSOlwth0Ll2DJtzxTolbajYdg+xppXScUq\n" + + "WNlNZndauPSnB2CESgNkaUou4x4YVSDInugAtLvdLx8rf2YcuidI6UIXxeSZr3VO\n" + + "Z12YtddzcJ+lwh7OX8B0UvLsdYjKjefjEudyuNBmVwLv4K2LsFhSqgE1CAzk3oCb\n" + + "V2A84klaWVPiXoBiOucyouvX781WVp1aCBp0QA8gpJH7/2wRsdPQ90tjMzM7dcgY\n" + + "LDkCAwEAATANBgkqhkiG9w0BAQ4FAAOCAQEAQuYRQcCNLDYU1ItliYz9f28+KDyU\n" + + "8WjF3NDZrlJbGSKQ4n7wkBfxdK3zprmpHadWDB+aZaPt/+voE2FduzPiLUDlpazN\n" + + "60JJ5/YHZ3q9MZvdoNg6rjkpioWatoj/smUkT6oUWL/gp8tH12fOd2oJygBqXMve\n" + + "3y3qVCghnjRaMYuXcScTZcjH9yebkTLygirtw34oGVb7t+HwbtcN65fUIBly6Rcl\n" + + "8NV3pwOKhXFKDAqXUpvhebL4+tWOqPdqfIfGaE6rELfTf3icGY3CQCzDz5Gp0Ptc\n" + + "TfQqm64xnhtAruXNJXWg2ptg+GuQgWnJUgQ8wLNMxw9XdeEwlQo5dL6xmg=="; - public static final String DUMMY_SIGNING_CERT_FINGERPRINT = - "IwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW"; + public static final String DUMMY_SIGNING_CERT_FINGERPRINT = "IwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW"; } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java index 7ca4ea87..bb0c41d7 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java @@ -16,8 +16,15 @@ public class VerificationResult { } - public VerificationResult(final JsonNode string, final List<X509Certificate> certs, final boolean wasValidSigned) { - this.payload = string; + /** + * JWS signature verification-result container. + * + * @param payload JWS payload + * @param certs JWS signercertificate + * @param wasValidSigned true if signature was valid + */ + public VerificationResult(final JsonNode payload, final List<X509Certificate> certs, final boolean wasValidSigned) { + this.payload = payload; this.certs = certs; this.validSigned = wasValidSigned; @@ -35,6 +42,4 @@ public class VerificationResult { return payload; } - - } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java index c751f2c2..62abdeb8 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java @@ -9,7 +9,7 @@ public class SL20SecurityException extends SL20Exception { } public SL20SecurityException(final String parameter) { - super("sl20.05", new Object[] {parameter}); + super("sl20.05", new Object[] { parameter }); } public SL20SecurityException(final Object[] parameters, final Throwable wrapped) { diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java index bed1cdb0..361f57b7 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java @@ -4,14 +4,13 @@ public class SlCommandoBuildException extends SL20Exception { private static final long serialVersionUID = 1L; - public SlCommandoBuildException(final String msg) { - super("sl20.01", new Object[] {msg}); + super("sl20.01", new Object[] { msg }); } public SlCommandoBuildException(final String msg, final Throwable e) { - super("sl20.01", new Object[] {msg}, e); + super("sl20.01", new Object[] { msg }, e); } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java index dab42631..4993796a 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java @@ -4,14 +4,13 @@ public class SlCommandoParserException extends SL20Exception { private static final long serialVersionUID = 1L; - public SlCommandoParserException(final String msg) { - super("sl20.02", new Object[] {msg}); + super("sl20.02", new Object[] { msg }); } public SlCommandoParserException(final String msg, final Throwable e) { - super("sl20.02", new Object[] {msg}, e); + super("sl20.02", new Object[] { msg }, e); } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java index 518f0d24..d1887d5c 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java @@ -4,10 +4,27 @@ import java.security.cert.CertificateEncodingException; import java.util.ArrayList; import java.util.List; import java.util.Map; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.apache.http.HttpResponse; +import org.apache.http.NameValuePair; +import org.apache.http.client.entity.UrlEncodedFormEntity; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.message.BasicNameValuePair; +import org.jose4j.base64url.Base64Url; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ObjectNode; + import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -23,21 +40,8 @@ import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils; -import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.http.HttpResponse; -import org.apache.http.NameValuePair; -import org.apache.http.client.entity.UrlEncodedFormEntity; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.message.BasicNameValuePair; -import org.jose4j.base64url.Base64Url; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.node.ObjectNode; +import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServletTask { private static final Logger log = LoggerFactory.getLogger(AbstractCreateQualEidRequestTask.class); @@ -57,7 +61,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl try { // get service-provider configuration - final IspConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); + final ISpConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); if (oaConfig == null) { log.warn("No SP configuration in pendingReq!"); @@ -68,16 +72,14 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // get basic configuration parameters final String vdaQualEidDUrl = extractVdaUrlForSpecificOa(oaConfig, executionContext); if (StringUtils.isEmpty(vdaQualEidDUrl)) { - log.error("NO VDA URL for qualified eID (" - + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); - throw new SL20Exception("sl20.03", new Object[] {"NO VDA URL for qualified eID"}); + log.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); + throw new SL20Exception("sl20.03", new Object[] { "NO VDA URL for qualified eID" }); } log.debug("Use {} as VDA end-point", vdaQualEidDUrl); pendingReq.setRawDataToTransaction( - Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, - vdaQualEidDUrl); + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, vdaQualEidDUrl); revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_ENDPOINT_URL, vdaQualEidDUrl); // create SL2.0 command for qualified eID @@ -85,8 +87,8 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // build request container final String qualEidReqId = Random.nextProcessReferenceValue(); - final ObjectNode sl20Req = - SL20JsonBuilderUtils.createGenericRequest(qualEidReqId, null, null, signedQualEidCommand); + final ObjectNode sl20Req = SL20JsonBuilderUtils.createGenericRequest(qualEidReqId, null, null, + signedQualEidCommand); // build http POST request final HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualEidDUrl).build()); @@ -102,8 +104,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // HttpGet httpReq = new HttpGet(sl20ReqUri.build()); // set native client header - httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, - SL20Constants.HTTP_HEADER_VALUE_NATIVE); + httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes("UTF-8"))); @@ -113,8 +114,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // parse response log.info("Receive response from VDA ... "); final JsonNode sl20Resp = SL20JsonExtractorUtils.getSL20ContainerFromResponse(httpResp); - final VerificationResult respPayloadContainer = - SL20JsonExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); + final VerificationResult respPayloadContainer = SL20JsonExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); if (respPayloadContainer.isValidSigned() == null) { log.debug("Receive unsigned payLoad from VDA"); @@ -136,28 +136,27 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // create forward SL2.0 command final ObjectNode sl20Forward = sl20Resp.deepCopy(); - SL20JsonBuilderUtils.addOnlyOnceOfTwo(sl20Forward, SL20Constants.SL20_PAYLOAD, - SL20Constants.SL20_SIGNEDPAYLOAD, command.deepCopy(), signedCommand); + SL20JsonBuilderUtils.addOnlyOnceOfTwo(sl20Forward, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + command.deepCopy(), signedCommand); // store pending request - pendingReq.setRawDataToTransaction( - Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, qualEidReqId); + pendingReq.setRawDataToTransaction(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, + qualEidReqId); requestStoreage.storePendingRequest(pendingReq); // forward SL2.0 command // TODO: maybe add SL2ClientType Header from execution context SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectUrl, - Integer - .parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE, - Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE))); + Integer.parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE, + Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE))); } else if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText() .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) { JsonNode result = SL20JsonExtractorUtils.getJsonObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false); if (result == null) { - result = SL20JsonExtractorUtils.getJsonObjectValue(respPayload, - SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false); + result = SL20JsonExtractorUtils.getJsonObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, + false); } final String errorCode = SL20JsonExtractorUtils.getStringValue(result, @@ -166,21 +165,18 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true); log.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg); - throw new SL20Exception("sl20.08", new Object[] {errorCode, errorMsg}); + throw new SL20Exception("sl20.08", new Object[] { errorCode, errorMsg }); } else { // TODO: update to add error handling - log.warn("Received an unrecognized command: " - + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText()); - throw new SlCommandoParserException( - "Received an unrecognized command: " - + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).toString()); + log.warn( + "Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText()); + throw new SlCommandoParserException("Received an unrecognized command: " + + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).toString()); } - } catch (final EaafAuthenticationException e) { - throw new TaskExecutionException(pendingReq, - "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); } catch (final Exception e) { log.warn("SL2.0 Authentication FAILED with a generic error.", e); @@ -201,18 +197,14 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl * * @return signed JWT token as serialized {@link String} * @throws CertificateEncodingException In case of certificate parsing error - * @throws SL20Exception In case of a SL2.0 error + * @throws SL20Exception In case of a SL2.0 error */ - protected abstract String buildSignedQualifiedEidCommand() - throws CertificateEncodingException, SL20Exception; + protected abstract String buildSignedQualifiedEidCommand() throws CertificateEncodingException, SL20Exception; - - private String extractVdaUrlForSpecificOa(final IspConfiguration oaConfig, - final ExecutionContext executionContext) { + private String extractVdaUrlForSpecificOa(final ISpConfiguration oaConfig, final ExecutionContext executionContext) { // load SP specific config for development and testing purposes - final String spSpecificVdaEndpoints = - oaConfig.getConfigurationValue(Constants.CONFIG_PROP_SP_SL20_ENDPOINT_LIST); + final String spSpecificVdaEndpoints = oaConfig.getConfigurationValue(Constants.CONFIG_PROP_SP_SL20_ENDPOINT_LIST); // load general configuration final Map<String, String> endPointMap = authConfigWithSp @@ -220,8 +212,8 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl endPointMap.put(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT, authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT)); if (StringUtils.isNotEmpty(spSpecificVdaEndpoints)) { - endPointMap.putAll(KeyValueUtils.convertListToMap(KeyValueUtils - .getListOfCsvValues(KeyValueUtils.normalizeCsvValueString(spSpecificVdaEndpoints)))); + endPointMap.putAll(KeyValueUtils.convertListToMap( + KeyValueUtils.getListOfCsvValues(KeyValueUtils.normalizeCsvValueString(spSpecificVdaEndpoints)))); log.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... "); } @@ -229,8 +221,8 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl log.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... "); // selection based on request Header - final String sl20VdaTypeHeader = - (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + final String sl20VdaTypeHeader = (String) executionContext + .get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); if (StringUtils.isNotEmpty(sl20VdaTypeHeader)) { final String vdaUrl = endPointMap.get(sl20VdaTypeHeader); if (StringUtils.isNotEmpty(vdaUrl)) { @@ -241,7 +233,6 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl } - log.info("NO specific VDA endpoint requested or found. Use default VDA"); return endPointMap.get(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java index 516a33b9..87dd6263 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java @@ -6,9 +6,23 @@ import java.net.URISyntaxException; import java.util.HashMap; import java.util.Map; import java.util.UUID; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; + +import org.apache.commons.lang3.StringUtils; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.entity.ContentType; +import org.jose4j.base64url.Base64Url; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import com.fasterxml.jackson.core.JsonParseException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ObjectNode; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; @@ -28,17 +42,6 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.JsonMapper; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.entity.ContentType; -import org.jose4j.base64url.Base64Url; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.node.ObjectNode; - public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask { private static final Logger log = LoggerFactory.getLogger(AbstractReceiveQualEidTask.class); @@ -81,81 +84,69 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask } log.trace("Received SL2.0 result: " + sl20Result); - revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_DATAURL_IP, - request.getRemoteAddr()); + revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_DATAURL_IP, request.getRemoteAddr()); // parse SL2.0 command/result into JSON try { - sl20ReqObj = - new JsonMapper().getMapper().readTree(Base64Url.decodeToUtf8String(sl20Result)); + sl20ReqObj = new JsonMapper().getMapper().readTree(Base64Url.decodeToUtf8String(sl20Result)); } catch (final JsonParseException e) { log.warn("SL2.0 command or result is NOT valid JSON.", e); log.debug("SL2.0 msg: " + sl20Result); - throw new SL20Exception("sl20.02", - new Object[] {"SL2.0 command or result is NOT valid JSON."}, e); + throw new SL20Exception("sl20.02", new Object[] { "SL2.0 command or result is NOT valid JSON." }, e); } // check on errorMessage - final VerificationResult payLoadContainerErrorCheck = - SL20JsonExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, false); + final VerificationResult payLoadContainerErrorCheck = SL20JsonExtractorUtils.extractSL20PayLoad(sl20ReqObj, + joseTools, false); if (SL20JsonExtractorUtils - .getStringValue(payLoadContainerErrorCheck.getPayload(), - SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) + .getStringValue(payLoadContainerErrorCheck.getPayload(), SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) { log.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR + " result .... "); - final JsonNode errorResult = SL20JsonExtractorUtils - .extractSL20Result(payLoadContainerErrorCheck.getPayload(), joseTools, false); + final JsonNode errorResult = SL20JsonExtractorUtils.extractSL20Result(payLoadContainerErrorCheck.getPayload(), + joseTools, false); final String errorCode = SL20JsonExtractorUtils.getStringValue(errorResult, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); final String errorMsg = SL20JsonExtractorUtils.getStringValue(errorResult, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, false); - log.info("Receiving errorcode: {} with msg: {} from VDA! Stopping auth-process ... ", - errorCode, errorMsg); + log.info("Receiving errorcode: {} with msg: {} from VDA! Stopping auth-process ... ", errorCode, errorMsg); // aTrustErrorWorkAround = true; - throw new SL20Exception("sl20.08", new Object[] {errorCode, errorMsg}); + throw new SL20Exception("sl20.08", new Object[] { errorCode, errorMsg }); } else { // Receive no error - To request validation // validate reqId with inResponseTo - final String sl20ReqId = pendingReq.getRawData( - Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); - final String inRespTo = - SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); + final String sl20ReqId = pendingReq + .getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); + final String inRespTo = SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { - log.info( - "SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + log.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); throw new SL20SecurityException( "SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); } - // validate signature - final VerificationResult payLoadContainer = SL20JsonExtractorUtils - .extractSL20PayLoad(sl20ReqObj, joseTools, authConfig.getBasicConfigurationBoolean( - Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); + final VerificationResult payLoadContainer = SL20JsonExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, + authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); if (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned()) { - if (authConfig.getBasicConfigurationBoolean( - Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { + if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { log.info("SL20 result from VDA was not valid signed"); - throw new SL20SecurityException(new Object[] {"Signature on SL20 result NOT valid."}); + throw new SL20SecurityException(new Object[] { "Signature on SL20 result NOT valid." }); } else { - log.warn( - "SL20 result from VDA is NOT valid signed, but signatures-verification " + log.warn("SL20 result from VDA is NOT valid signed, but signatures-verification " + "is DISABLED by configuration!"); } } - + // extract payloaf final JsonNode payLoad = payLoadContainer.getPayload(); - // handle SL2.0 response payLoad handleResponsePayLoad(payLoad); @@ -168,8 +159,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask } pendingReq.setRawDataToTransaction( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, - new TaskExecutionException(pendingReq, - "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); + new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); } catch (final Exception e) { log.warn("ERROR:", e); @@ -196,7 +186,8 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask } } catch (final Exception e) { - // write internal server errror 500 according to SL2.0 specification, chapter https transport + // write internal server errror 500 according to SL2.0 specification, chapter + // https transport // binding log.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e); if (sl20Result != null) { @@ -228,9 +219,8 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask final ObjectNode errorCommand = SL20JsonBuilderUtils .createCommandResponse(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, error, null); - - final ObjectNode respContainer = SL20JsonBuilderUtils - .createGenericResponse(UUID.randomUUID().toString(), null, null, errorCommand, null); + final ObjectNode respContainer = SL20JsonBuilderUtils.createGenericResponse(UUID.randomUUID().toString(), null, + null, errorCommand, null); log.trace("SL20 response to VDA: " + respContainer); final StringWriter writer = new StringWriter(); @@ -247,37 +237,34 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask final JsonNode sl20ReqObj) throws IOException, SL20Exception, URISyntaxException { // create response final Map<String, String> reqParameters = new HashMap<>(); - reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, - pendingReq.getPendingRequestId()); + reqParameters.put(EaafConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId()); final ObjectNode callReqParams = SL20JsonBuilderUtils.createCallCommandParameters( new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(), getResumeEndPoint(), null), SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, false, reqParameters); - final ObjectNode callCommand = SL20JsonBuilderUtils - .createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + final ObjectNode callCommand = SL20JsonBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, + callReqParams); // build first redirect command for app - final ObjectNode redirectOneParams = SL20JsonBuilderUtils.createRedirectCommandParameters( - generateIpcRedirectUrlForDebugging(), callCommand, null, true); + final ObjectNode redirectOneParams = SL20JsonBuilderUtils + .createRedirectCommandParameters(generateIpcRedirectUrlForDebugging(), callCommand, null, true); final ObjectNode redirectOneCommand = SL20JsonBuilderUtils .createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); // build second redirect command for IDP - final ObjectNode redirectTwoParams = SL20JsonBuilderUtils.createRedirectCommandParameters( - new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(), getResumeEndPoint(), - pendingReq.getPendingRequestId()), + final ObjectNode redirectTwoParams = SL20JsonBuilderUtils.createRedirectCommandParameters(new DataUrlBuilder() + .buildDataUrl(pendingReq.getAuthUrl(), getResumeEndPoint(), pendingReq.getPendingRequestId()), redirectOneCommand, null, false); final ObjectNode redirectTwoCommand = SL20JsonBuilderUtils .createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); // build generic SL2.0 response container - final String transactionId = - SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); - final ObjectNode respContainer = SL20JsonBuilderUtils.createGenericRequest( - UUID.randomUUID().toString(), transactionId, redirectTwoCommand, null); - - if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null - && request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) - .equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + final String transactionId = SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, + false); + final ObjectNode respContainer = SL20JsonBuilderUtils.createGenericRequest(UUID.randomUUID().toString(), + transactionId, redirectTwoCommand, null); + + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && request + .getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { log.debug("Client request containts 'native client' header ... "); log.trace("SL20 response to VDA: " + respContainer); final StringWriter writer = new StringWriter(); @@ -288,21 +275,16 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask response.setContentType(ContentType.APPLICATION_JSON.toString()); response.getOutputStream().write(content); - } else { - log.info("SL2.0 DataURL communication needs http header: '" - + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); + log.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); log.debug("Client request containts is no native client ... "); - final URIBuilder clientRedirectUri = - new URIBuilder(new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(), - getResumeEndPoint(), pendingReq.getPendingRequestId())); - response.setStatus(Integer - .parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE, - Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE))); + final URIBuilder clientRedirectUri = new URIBuilder(new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(), + getResumeEndPoint(), pendingReq.getPendingRequestId())); + response.setStatus(Integer.parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE, + Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE))); response.setHeader("Location", clientRedirectUri.build().toString()); - // throw new SL20Exception("sl20.06", // new Object[] {"SL2.0 DataURL communication needs http header: '" + // SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"}); @@ -317,15 +299,12 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask */ private String generateIpcRedirectUrlForDebugging() { - - String ipcRedirectUrlConfig = - authConfig.getBasicConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL); + String ipcRedirectUrlConfig = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL); if (StringUtils.isNotEmpty(ipcRedirectUrlConfig)) { if (ipcRedirectUrlConfig.contains(PATTERN_PENDING_REQ_ID)) { log.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... "); ipcRedirectUrlConfig = ipcRedirectUrlConfig.replaceAll("#PENDINGREQID#", - EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" - + pendingReq.getPendingRequestId()); + EaafConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + pendingReq.getPendingRequestId()); } @@ -336,5 +315,4 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask } - } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java index 9d444802..6ee53a9d 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java @@ -5,14 +5,18 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.cert.X509Certificate; import java.util.List; + import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.lang.JoseException; + import com.fasterxml.jackson.databind.JsonNode; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + public interface IJoseTools { /** @@ -31,39 +35,36 @@ public interface IJoseTools { * @throws SL20Exception In case of a signature validation error */ @Nonnull - VerificationResult validateSignature(@Nonnull String serializedContent) - throws SL20Exception; + VerificationResult validateSignature(@Nonnull String serializedContent) throws SL20Exception; /** * Validate a JWS signature. * * @param serializedContent JWS in serialized form - * @param trustedCerts trusted X509 certificates - * @param constraints signature verification constraints + * @param trustedCerts trusted X509 certificates + * @param constraints signature verification constraints * @return Signature-verification result * @throws JoseException In case of a signature verification error - * @throws IOException In case of a general IO error + * @throws IOException In case of a general IO error */ @Nonnull - VerificationResult validateSignature(@Nonnull String serializedContent, - @Nonnull List<X509Certificate> trustedCerts, @Nonnull AlgorithmConstraints constraints) - throws JoseException, IOException; + VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull List<X509Certificate> trustedCerts, + @Nonnull AlgorithmConstraints constraints) throws JoseException, IOException; /** * Validate a JWS signature. * * @param serializedContent JWS in serialized form - * @param trustStore with trusted X509 certificates - * @param algconstraints signature verification constraints + * @param trustStore with trusted X509 certificates + * @param algconstraints signature verification constraints * @return Signature-verification result - * @throws JoseException In case of a signature verification error - * @throws IOException In case of a general IO error + * @throws JoseException In case of a signature verification error + * @throws IOException In case of a general IO error * @throws KeyStoreException In case of TrustStore error */ @Nonnull - VerificationResult validateSignature(@Nonnull String serializedContent, - @Nonnull KeyStore trustStore, @Nonnull AlgorithmConstraints algconstraints) - throws JoseException, IOException, KeyStoreException; + VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull KeyStore trustStore, + @Nonnull AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException; /** * Get the encryption certificate for SL2.0 End-to-End encryption. diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java index f38203d2..2387a9f2 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java @@ -35,7 +35,7 @@ public class JsonMapper implements IJsonMapper { /** * The constructor. - * + * * @param prettyPrint enables or disables the default pretty printer */ public JsonMapper(@NonNull final boolean prettyPrint) { @@ -54,10 +54,9 @@ public class JsonMapper implements IJsonMapper { } - /* * (non-Javadoc) - * + * * @at.gv.egiz.eaaf.core.api.utils.IJsonMapper#getMapper() */ public ObjectMapper getMapper() { @@ -65,10 +64,9 @@ public class JsonMapper implements IJsonMapper { } - /* * (non-Javadoc) - * + * * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#serialize(java.lang.Object) */ @Override @@ -86,12 +84,12 @@ public class JsonMapper implements IJsonMapper { /* * (non-Javadoc) - * - * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#deserialize(java.lang.String, java.lang.Class) + * + * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#deserialize(java.lang.String, + * java.lang.Class) */ @Override - public <T> Object deserialize(final String value, final Class<T> clazz) - throws EaafJsonMapperException { + public <T> Object deserialize(final String value, final Class<T> clazz) throws EaafJsonMapperException { try { if (clazz != null) { if (clazz.isAssignableFrom(TypeReference.class)) { @@ -115,8 +113,7 @@ public class JsonMapper implements IJsonMapper { } @Override - public <T> Object deserialize(final InputStream is, final Class<T> clazz) - throws EaafJsonMapperException { + public <T> Object deserialize(final InputStream is, final Class<T> clazz) throws EaafJsonMapperException { try { if (clazz != null) { if (clazz.isAssignableFrom(TypeReference.class)) { diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 6ec56825..0d2c1815 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -70,8 +70,7 @@ public class JsonSecurityUtils implements IJoseTools { log.info("Initialize SL2.0 authentication security constrains ... "); try { if (getKeyStoreFilePath() != null) { - final KeyStore keyStore = - KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); + final KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); // load signing key signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray()); @@ -88,11 +87,9 @@ public class JsonSecurityUtils implements IJoseTools { // load encryption key try { - encPrivKey = - keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); + encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); if (encPrivKey != null) { - final Certificate[] certChainEncryption = - keyStore.getCertificateChain(getEncryptionKeyAlias()); + final Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias()); encCertChain = new X509Certificate[certChainEncryption.length]; for (int i = 0; i < certChainEncryption.length; i++) { if (certChainEncryption[i] instanceof X509Certificate) { @@ -106,8 +103,8 @@ public class JsonSecurityUtils implements IJoseTools { } } catch (final Exception e) { - log.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " - + e.getMessage(), e); + log.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), + e); } @@ -117,13 +114,13 @@ public class JsonSecurityUtils implements IJoseTools { // some short validation if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { log.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); - throw new SL20Exception("sl20.03", new Object[] {"Can NOT open private key for signing"}); + throw new SL20Exception("sl20.03", new Object[] { "Can NOT open private key for signing" }); } if (signCertChain == null || signCertChain.length == 0) { log.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); - throw new SL20Exception("sl20.03", new Object[] {"NO certificate for SL2.0 signing"}); + throw new SL20Exception("sl20.03", new Object[] { "NO certificate for SL2.0 signing" }); } @@ -133,9 +130,9 @@ public class JsonSecurityUtils implements IJoseTools { log.info("NO SL2.0 authentication security configuration. Initialization was skipped"); } - } catch (RuntimeException e) { - throw e; - + } catch (final RuntimeException e) { + throw e; + } catch (final Exception e) { log.error("SL2.0 security constrains initialization FAILED.", e); @@ -173,9 +170,8 @@ public class JsonSecurityUtils implements IJoseTools { } @Override - public VerificationResult validateSignature(final String serializedContent, - final KeyStore trustStore, final AlgorithmConstraints algconstraints) - throws JoseException, IOException, KeyStoreException { + public VerificationResult validateSignature(final String serializedContent, final KeyStore trustStore, + final AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException { final List<X509Certificate> trustedCertificates = readCertsFromKeyStore(trustStore); return validateSignature(serializedContent, trustedCertificates, algconstraints); @@ -184,8 +180,8 @@ public class JsonSecurityUtils implements IJoseTools { @Override @NonNull public VerificationResult validateSignature(@Nonnull final String serializedContent, - @Nonnull final List<X509Certificate> trustedCerts, - @Nonnull final AlgorithmConstraints constraints) throws JoseException, IOException { + @Nonnull final List<X509Certificate> trustedCerts, @Nonnull final AlgorithmConstraints constraints) + throws JoseException, IOException { final JsonWebSignature jws = new JsonWebSignature(); // set payload jws.setCompactSerialization(serializedContent); @@ -219,20 +215,16 @@ public class JsonSecurityUtils implements IJoseTools { } else if (StringUtils.isNotEmpty(x5t256)) { log.debug("Found x5t256 fingerprint in JOSE header .... "); - final X509VerificationKeyResolver x509VerificationKeyResolver = - new X509VerificationKeyResolver(trustedCerts); - selectedKey = - x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); + final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts); + selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); } else { - throw new JoseException( - "JWS contains NO signature certificate or NO certificate fingerprint"); + throw new JoseException("JWS contains NO signature certificate or NO certificate fingerprint"); } if (selectedKey == null) { - throw new JoseException( - "Can NOT select verification key for JWS. Signature verification FAILED"); + throw new JoseException("Can NOT select verification key for JWS. Signature verification FAILED"); } @@ -240,23 +232,19 @@ public class JsonSecurityUtils implements IJoseTools { jws.setKey(selectedKey); // load payLoad - return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, - jws.verifySignature()); - + return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, jws.verifySignature()); } @Override @Nonnull - public VerificationResult validateSignature(@Nonnull final String serializedContent) - throws SL20Exception { + public VerificationResult validateSignature(@Nonnull final String serializedContent) throws SL20Exception { try { final AlgorithmConstraints algConstraints = new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()])); - final VerificationResult result = - validateSignature(serializedContent, trustedCerts, algConstraints); + final VerificationResult result = validateSignature(serializedContent, trustedCerts, algConstraints); if (!result.isValidSigned()) { log.info("JWS signature invalide. Stopping authentication process ..."); @@ -270,7 +258,7 @@ public class JsonSecurityUtils implements IJoseTools { } catch (JoseException | JsonParseException e) { log.warn("SL2.0 commando signature validation FAILED", e); - throw new SL20SecurityException(new Object[] {e.getMessage()}, e); + throw new SL20SecurityException(new Object[] { e.getMessage() }, e); } catch (final IOException e) { log.warn("Decrypted SL2.0 result can not be parsed.", e); @@ -280,24 +268,22 @@ public class JsonSecurityUtils implements IJoseTools { } - @Override public JsonNode decryptPayload(final String compactSerialization) throws SL20Exception { try { final JsonWebEncryption receiverJwe = new JsonWebEncryption(); // set security constrains - receiverJwe.setAlgorithmConstraints(new AlgorithmConstraints(ConstraintType.WHITELIST, - SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION + receiverJwe.setAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.size()]))); - receiverJwe.setContentEncryptionAlgorithmConstraints(new AlgorithmConstraints( - ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION + receiverJwe.setContentEncryptionAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.size()]))); // set payload receiverJwe.setCompactSerialization(compactSerialization); - // validate key from header against key from config final List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue(); final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); @@ -307,16 +293,16 @@ public class JsonSecurityUtils implements IJoseTools { final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { - log.info("Certificate from JOSE header does NOT match encryption certificate"); + log.info("Certificate from JOSE header does NOT match encryption certificate"); try { - + log.debug("JOSE certificate: {}", Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); } catch (final CertificateEncodingException e) { e.printStackTrace(); } throw new SL20Exception("sl20.05", - new Object[] {"Certificate from JOSE header does NOT match encryption certificate"}); + new Object[] { "Certificate from JOSE header does NOT match encryption certificate" }); } } else if (StringUtils.isNotEmpty(x5t256)) { @@ -326,13 +312,12 @@ public class JsonSecurityUtils implements IJoseTools { log.info("X5t256 from JOSE header does NOT match encryption certificate"); log.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint); throw new SL20Exception("sl20.05", - new Object[] {"X5t256 from JOSE header does NOT match encryption certificate"}); + new Object[] { "X5t256 from JOSE header does NOT match encryption certificate" }); } } else { - log.info( - "Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + log.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); throw new SlCommandoParserException( "Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); @@ -341,13 +326,12 @@ public class JsonSecurityUtils implements IJoseTools { // set key receiverJwe.setKey(encPrivKey); - // decrypt payload return mapper.getMapper().readTree(receiverJwe.getPlaintextString()); } catch (final JoseException e) { log.warn("SL2.0 result decryption FAILED", e); - throw new SL20SecurityException(new Object[] {e.getMessage()}, e); + throw new SL20SecurityException(new Object[] { e.getMessage() }, e); } catch (final JsonParseException e) { log.warn("Decrypted SL2.0 result is NOT a valid JSON.", e); @@ -360,8 +344,6 @@ public class JsonSecurityUtils implements IJoseTools { } - - @Override public X509Certificate getEncryptionCertificate() { // TODO: maybe update after SL2.0 update on encryption certificate parts @@ -373,14 +355,12 @@ public class JsonSecurityUtils implements IJoseTools { } private String getKeyStoreFilePath() throws EaafConfigurationException, MalformedURLException { - return FileUtils.makeAbsoluteUrl( - authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), + return FileUtils.makeAbsoluteUrl(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), authConfig.getConfigurationRootDirectory()); } private String getKeyStorePassword() { - String value = - authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD); if (value != null) { value = value.trim(); } @@ -390,8 +370,7 @@ public class JsonSecurityUtils implements IJoseTools { } private String getSigningKeyAlias() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); if (value != null) { value = value.trim(); } @@ -400,8 +379,7 @@ public class JsonSecurityUtils implements IJoseTools { } private String getSigningKeyPassword() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); if (value != null) { value = value.trim(); } @@ -410,8 +388,8 @@ public class JsonSecurityUtils implements IJoseTools { } private String getEncryptionKeyAlias() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim(); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS) + .trim(); if (value != null) { value = value.trim(); } @@ -420,8 +398,7 @@ public class JsonSecurityUtils implements IJoseTools { } private String getEncryptionKeyPassword() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD) + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD) .trim(); if (value != null) { value = value.trim(); @@ -431,8 +408,7 @@ public class JsonSecurityUtils implements IJoseTools { } @Nonnull - private List<X509Certificate> readCertsFromKeyStore(@Nonnull final KeyStore keyStore) - throws KeyStoreException { + private List<X509Certificate> readCertsFromKeyStore(@Nonnull final KeyStore keyStore) throws KeyStoreException { final List<X509Certificate> result = new ArrayList<>(); final Enumeration<String> aliases = keyStore.aliases(); @@ -444,8 +420,7 @@ public class JsonSecurityUtils implements IJoseTools { if (cert != null && cert instanceof X509Certificate) { result.add((X509Certificate) cert); } else { - log.info("Can not process entry: {}. Reason: {}", el, - cert != null ? cert.getType() : "cert is null"); + log.info("Can not process entry: {}. Reason: {}", el, cert != null ? cert.getType() : "cert is null"); } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index d3726546..d1793b0e 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -24,7 +24,6 @@ public class SL20Constants { public static final String HTTP_HEADER_SL20_RESP = "X-SL20Operation"; - // ******************************************************************************************* // JSON signing and encryption headers public static final String JSON_ALGORITHM = "alg"; @@ -39,22 +38,19 @@ public class SL20Constants { AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256; public static final String JSON_ALGORITHM_SIGNING_ES512 = AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512; - public static final String JSON_ALGORITHM_SIGNING_PS256 = - AlgorithmIdentifiers.RSA_PSS_USING_SHA256; - public static final String JSON_ALGORITHM_SIGNING_PS512 = - AlgorithmIdentifiers.RSA_PSS_USING_SHA512; + public static final String JSON_ALGORITHM_SIGNING_PS256 = AlgorithmIdentifiers.RSA_PSS_USING_SHA256; + public static final String JSON_ALGORITHM_SIGNING_PS512 = AlgorithmIdentifiers.RSA_PSS_USING_SHA512; - public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(Arrays.asList( - JSON_ALGORITHM_SIGNING_RS256, JSON_ALGORITHM_SIGNING_RS512, JSON_ALGORITHM_SIGNING_ES256, - JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512)); + public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList( + Arrays.asList(JSON_ALGORITHM_SIGNING_RS256, JSON_ALGORITHM_SIGNING_RS512, JSON_ALGORITHM_SIGNING_ES256, + JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512)); - public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = - KeyManagementAlgorithmIdentifiers.RSA_OAEP; + public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = KeyManagementAlgorithmIdentifiers.RSA_OAEP; public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP256 = KeyManagementAlgorithmIdentifiers.RSA_OAEP_256; - public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = - Collections.unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256)); + public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = Collections + .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256)); public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256; @@ -65,10 +61,10 @@ public class SL20Constants { public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM = ContentEncryptionAlgorithmIdentifiers.AES_256_GCM; - public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Collections.unmodifiableList(Arrays.asList( - JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512, - JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM)); - + public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Collections + .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, + JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512, + JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM)); // ********************************************************************************************* // Object identifier for generic transport container @@ -96,12 +92,12 @@ public class SL20Constants { @Deprecated public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID"; public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEIDCONSENT = "qualifiedEIDConsent"; - // public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig"; + // public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = + // "qualifiedSig"; public static final String SL20_COMMAND_IDENTIFIER_GETCERTIFICATE = "getCertificate"; public static final String SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES = "createCAdES"; - public static final String SL20_COMMAND_IDENTIFIER_BINDING_CREATE_KEY = "createBindingKey"; public static final String SL20_COMMAND_IDENTIFIER_BINDING_STORE_CERT = "storeBindingCert"; @@ -124,13 +120,11 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT = "IPCRedirect"; // Call command - public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL = - SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL = SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD = "method"; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET = "get"; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_POST = "post"; - public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID = - "includeTransactionID"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID = "includeTransactionID"; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER = "reqParams"; // error command @@ -144,8 +138,7 @@ public class SL20Constants { @Deprecated public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes"; @Deprecated - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = - "MANDATE-REFERENCE-VALUE"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE"; @Deprecated public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID"; @Deprecated @@ -176,11 +169,9 @@ public class SL20Constants { // public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = // SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; - // getCertificate public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_KEYID = "keyId"; - public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_JWKCENC = @@ -191,13 +182,10 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType"; - public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = - "padesComatibility"; - public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = - "excludedByteRange"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL = "cadesLevel"; - public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_JWKCENC = @@ -211,19 +199,15 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A"; - - // create binding key command public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_SN = "SN"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH = "keyLength"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG = "keyAlg"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES = "policies"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST = "x5cVdaTrust"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD = - "reqUserPassword"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD = "reqUserPassword"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; @@ -231,23 +215,18 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_SECPR256R1 = "secp256r1"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_LIFETIME = "lifeTime"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT = - "useSecureElement"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT = "useSecureElement"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_KEYTIMEOUT = "keyTimeout"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH = - "needUserAuth"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH = "needUserAuth"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID = "appID"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR = "csr"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE = - "attCert"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE = "attCert"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD = "encodedPass"; - // store binding certificate command public static final String SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE = "x5c"; - public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS = "success"; public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE = "OK"; @@ -268,14 +247,12 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE = "nonce"; public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA = "displayData"; public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL = "displayUrl"; - public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE = SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE; // QR-Code authentication public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_QRCODE = "qrCode"; - public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java index 6a8b96d4..1d7c9646 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java @@ -3,15 +3,18 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils; import java.io.IOException; import java.io.StringWriter; import java.net.URISyntaxException; + import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import org.apache.http.client.utils.URIBuilder; import org.jose4j.base64url.Base64Url; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.MediaType; + import com.fasterxml.jackson.databind.JsonNode; public class SL20HttpBindingUtils { @@ -20,26 +23,24 @@ public class SL20HttpBindingUtils { /** * Write SL2.0 response into http-response object * - * @param httpReq Current http request - * @param httpResp Current http response - * @param sl20Forward SL2.0 command that should be written to response - * @param redirectUrl SL2.0 redirect URL in case of SL2.0 redirect command and no native client - * (see SL2.0 specification) - * @param httpCodeRedirect http redirect-code in case of SL2.0 redirect command and no native - * client (see SL2.0 specification) - * @throws IOException In case of an IO error + * @param httpReq Current http request + * @param httpResp Current http response + * @param sl20Forward SL2.0 command that should be written to response + * @param redirectUrl SL2.0 redirect URL in case of SL2.0 redirect command + * and no native client (see SL2.0 specification) + * @param httpCodeRedirect http redirect-code in case of SL2.0 redirect command + * and no native client (see SL2.0 specification) + * @throws IOException In case of an IO error * @throws URISyntaxException In case of a wrong URL */ public static void writeIntoResponse(@Nonnull final HttpServletRequest httpReq, @Nonnull final HttpServletResponse httpResp, @Nonnull final JsonNode sl20Forward, - @Nullable final String redirectUrl, @Nonnull final int httpCodeRedirect) - throws IOException, URISyntaxException { + @Nullable final String redirectUrl, @Nonnull final int httpCodeRedirect) throws IOException, URISyntaxException { // forward SL2.0 command httpResp.addIntHeader(SL20Constants.HTTP_HEADER_SL20_RESP, SL20Constants.CURRENT_SL20_VERSION); - if (httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null - && httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) - .equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + if (httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && httpReq + .getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { log.debug("Client request containts 'native client' header ... "); final StringWriter writer = new StringWriter(); writer.write(sl20Forward.toString()); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java index 82a8cf26..eb17781b 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java @@ -8,11 +8,13 @@ import java.util.Base64; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import at.gv.egiz.eaaf.modules.auth.sl20.Constants; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; +import at.gv.egiz.eaaf.modules.auth.sl20.Constants; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + public class SL20JsonBuilderUtils { private static JsonMapper mapper = new JsonMapper(); @@ -20,13 +22,12 @@ public class SL20JsonBuilderUtils { /** * Create command request. * - * @param name Commando name + * @param name Commando name * @param params Commando parameters * @return JSON Object * @throws SlCommandoBuildException In case of a build error */ - public static ObjectNode createCommand(final String name, final ObjectNode params) - throws SlCommandoBuildException { + public static ObjectNode createCommand(final String name, final ObjectNode params) throws SlCommandoBuildException { final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); @@ -38,14 +39,14 @@ public class SL20JsonBuilderUtils { /** * Create signed command request. * - * @param name Commando name + * @param name Commando name * @param params commando parameter * @param signer JWS signer implementation * @return Serialized JWS * @throws SlCommandoBuildException In case of a build error */ - public static String createSignedCommand(final String name, final ObjectNode params, - final IJoseTools signer) throws SlCommandoBuildException { + public static String createSignedCommand(final String name, final ObjectNode params, final IJoseTools signer) + throws SlCommandoBuildException { final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); addSingleJsonElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true); @@ -53,17 +54,16 @@ public class SL20JsonBuilderUtils { } - /** * Create encrypted command result. * - * @param result JSON to encrypt + * @param result JSON to encrypt * @param encrypter JWE encrypter implementation * @return Serialized JWE * @throws SlCommandoBuildException In case of a processing error */ - public static String createEncryptedCommandoResult(final ObjectNode result, - final JsonSecurityUtils encrypter) throws SlCommandoBuildException { + public static String createEncryptedCommandoResult(final ObjectNode result, final JsonSecurityUtils encrypter) + throws SlCommandoBuildException { // TODO: add real implementation // create header and footer final String dummyHeader = createJsonEncryptionHeader().toString(); @@ -71,21 +71,20 @@ public class SL20JsonBuilderUtils { final String dummyFooter = createJsonSignedFooter(); try { - return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(payLoad.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); - } catch (UnsupportedEncodingException e) { - throw new SlCommandoBuildException("No UTF-8 encoding", e); - } + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(payLoad.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); + } catch (final UnsupportedEncodingException e) { + throw new SlCommandoBuildException("No UTF-8 encoding", e); + } } - /** * Create command result. * - * @param name Commando name - * @param result commande result + * @param name Commando name + * @param result commande result * @param encryptedResult encrypted commando result * @return Result json * @throws SlCommandoBuildException In case of an error @@ -103,16 +102,15 @@ public class SL20JsonBuilderUtils { /** * Create signed command result. * - * @param name commando name - * @param result commando result + * @param name commando name + * @param result commando result * @param encryptedResult encrypted commando result * @return JWS in serialized form * @throws SlCommandoBuildException in case of an error - + * */ public static String createSignedCommandResponse(final String name, final ObjectNode result, - final String encryptedResult, final JsonSecurityUtils signer) - throws SlCommandoBuildException { + final String encryptedResult, final JsonSecurityUtils signer) throws SlCommandoBuildException { final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); addOnlyOnceOfTwo(command, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, @@ -125,36 +123,34 @@ public class SL20JsonBuilderUtils { final String dummyFooter = createJsonSignedFooter(); try { - return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); - - } catch (UnsupportedEncodingException e) { - throw new SlCommandoBuildException("No UTF-8 encoding", e); - } + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); + + } catch (final UnsupportedEncodingException e) { + throw new SlCommandoBuildException("No UTF-8 encoding", e); + } } /** * Create parameters for Redirect command. * - * @param url redirect URL - * @param command embedded command + * @param url redirect URL + * @param command embedded command * @param signedCommand Signed embedded command - * @param ipcRedirect IPC redirect flag + * @param ipcRedirect IPC redirect flag * @return result JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createRedirectCommandParameters(final String url, - final ObjectNode command, final ObjectNode signedCommand, final Boolean ipcRedirect) - throws SlCommandoBuildException { + public static ObjectNode createRedirectCommandParameters(final String url, final ObjectNode command, + final ObjectNode signedCommand, final Boolean ipcRedirect) throws SlCommandoBuildException { final ObjectNode redirectReqParams = mapper.getMapper().createObjectNode(); addOnlyOnceOfTwo(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, command, signedCommand); - addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, - url, false); - addSingleBooleanElement(redirectReqParams, - SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT, ipcRedirect, false); + addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, url, false); + addSingleBooleanElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT, + ipcRedirect, false); return redirectReqParams; } @@ -162,26 +158,21 @@ public class SL20JsonBuilderUtils { /** * Create parameters for Call command. * - * @param url http URL for Call command - * @param method http method used by call commando result + * @param url http URL for Call command + * @param method http method used by call commando result * @param includeTransactionId TransactionId - * @param reqParameters Request parameters on CALL command + * @param reqParameters Request parameters on CALL command * @return JSON * @throws SlCommandoBuildException In case of an error */ public static ObjectNode createCallCommandParameters(final String url, final String method, - final Boolean includeTransactionId, final Map<String, String> reqParameters) - throws SlCommandoBuildException { + final Boolean includeTransactionId, final Map<String, String> reqParameters) throws SlCommandoBuildException { final ObjectNode callReqParams = mapper.getMapper().createObjectNode(); - addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, - true); - addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, - method, true); - addSingleBooleanElement(callReqParams, - SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, includeTransactionId, - false); - addArrayOfStringElements(callReqParams, - SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, true); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, method, true); + addSingleBooleanElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, + includeTransactionId, false); + addArrayOfStringElements(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters); return callReqParams; } @@ -190,17 +181,15 @@ public class SL20JsonBuilderUtils { * Create result for Error command. * * @param errorCode Error-Code - * @param errorMsg Error-message + * @param errorMsg Error-message * @return JSON * @throws SlCommandoBuildException In case of an error */ public static ObjectNode createErrorCommandResult(final String errorCode, final String errorMsg) throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, - errorCode, true); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, - errorMsg, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, errorCode, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, errorMsg, true); return result; } @@ -208,20 +197,21 @@ public class SL20JsonBuilderUtils { /** * Create parameters for qualifiedeID command. * - * @param consentTemplateId Identifier of the template that is used for consent visualization - * @param consent Consent that has to be signed by user - * @param dataUrl DataURL for result - * @param x5cEnc Response encryption certificate + * @param consentTemplateId Identifier of the template that is used for consent + * visualization + * @param consent Consent that has to be signed by user + * @param dataUrl DataURL for result + * @param x5cEnc Response encryption certificate * @return JSON - * @throws CertificateEncodingException In case of a encryption certificate encoding problem - * @throws SlCommandoBuildException In case of a generel error + * @throws CertificateEncodingException In case of a encryption certificate + * encoding problem + * @throws SlCommandoBuildException In case of a generel error */ - public static ObjectNode createQualifiedeEidConsent(final String consentTemplateId, - final byte[] consent, final String dataUrl, final X509Certificate x5cEnc) + public static ObjectNode createQualifiedeEidConsent(final String consentTemplateId, final byte[] consent, + final String dataUrl, final X509Certificate x5cEnc) throws CertificateEncodingException, SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENTTEMPLATEID, - consentTemplateId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENTTEMPLATEID, consentTemplateId, true); addSingleByteElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENT, consent, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true); addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false); @@ -229,28 +219,26 @@ public class SL20JsonBuilderUtils { } - /** * Create parameters for qualifiedeID command. * - * @param authBlockId AuthBlock transformation Id - * @param dataUrl DataURL for result - * @param additionalReqParameters additional parameters - * @param x5cEnc Response encryption certificate + * @param authBlockId AuthBlock transformation Id + * @param dataUrl DataURL for result + * @param additionalReqParameters additional parameters + * @param x5cEnc Response encryption certificate * @return JSON - * @throws CertificateEncodingException In case of a encryption certificate encoding problem - * @throws SlCommandoBuildException In case of a generel error + * @throws CertificateEncodingException In case of a encryption certificate + * encoding problem + * @throws SlCommandoBuildException In case of a generel error */ @Deprecated - public static ObjectNode createQualifiedEidCommandParameters(final String authBlockId, - final String dataUrl, final Map<String, String> additionalReqParameters, - final X509Certificate x5cEnc) throws CertificateEncodingException, SlCommandoBuildException { + public static ObjectNode createQualifiedEidCommandParameters(final String authBlockId, final String dataUrl, + final Map<String, String> additionalReqParameters, final X509Certificate x5cEnc) + throws CertificateEncodingException, SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, - true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true); - addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, - additionalReqParameters); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, additionalReqParameters); addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false); return params; @@ -259,10 +247,10 @@ public class SL20JsonBuilderUtils { /** * Create result for qualifiedeID command. * - * @param idl IdentityLink + * @param idl IdentityLink * @param authBlock AuthBlock - * @param ccsUrl VDA URL - * @param loa LoA + * @param ccsUrl VDA URL + * @param loa LoA * @return JSON * @throws SlCommandoBuildException In case of an error */ @@ -270,57 +258,45 @@ public class SL20JsonBuilderUtils { final String ccsUrl, final String loa) throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, idl, true); - addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, - true); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsUrl, - true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsUrl, true); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, loa, true); return result; } - /** * Create Binding-Key command parameters. * - * @param kontoId KontoId - * @param subjectName SubjectName - * @param keySize KeySize - * @param keyAlg Key-algorithm - * @param policies Key policy - * @param dataUrl DataURL - * @param x5cVdaTrust trusted certificate from VDA + * @param kontoId KontoId + * @param subjectName SubjectName + * @param keySize KeySize + * @param keyAlg Key-algorithm + * @param policies Key policy + * @param dataUrl DataURL + * @param x5cVdaTrust trusted certificate from VDA * @param reqUserPassword User passwort initialize request - * @param x5cEnc Result encryption certificate + * @param x5cEnc Result encryption certificate * @return JSON - * @throws SlCommandoBuildException in case of an errr + * @throws SlCommandoBuildException in case of an errr * @throws CertificateEncodingException In case of a certificate error */ - public static ObjectNode createBindingKeyCommandParams(final String kontoId, - final String subjectName, final int keySize, final String keyAlg, - final Map<String, String> policies, final String dataUrl, final X509Certificate x5cVdaTrust, - final Boolean reqUserPassword, final X509Certificate x5cEnc) + public static ObjectNode createBindingKeyCommandParams(final String kontoId, final String subjectName, + final int keySize, final String keyAlg, final Map<String, String> policies, final String dataUrl, + final X509Certificate x5cVdaTrust, final Boolean reqUserPassword, final X509Certificate x5cEnc) throws SlCommandoBuildException, CertificateEncodingException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, - true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, - true); - addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, - keySize, true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg, - true); - addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES, - policies); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl, - true); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST, - x5cVdaTrust, false); - addSingleBooleanElement(params, - SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD, reqUserPassword, + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, true); + addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, keySize, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg, true); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES, policies); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST, x5cVdaTrust, false); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC, - x5cEnc, false); + addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD, + reqUserPassword, false); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC, x5cEnc, false); return params; } @@ -328,27 +304,24 @@ public class SL20JsonBuilderUtils { /** * Create Binding-Key command result. * - * @param appId AppId - * @param csr CSR - * @param attCert Key-Attestation certificate + * @param appId AppId + * @param csr CSR + * @param attCert Key-Attestation certificate * @param password user's password * @return JSON - * @throws SlCommandoBuildException In case of an error - * @throws CertificateEncodingException In case of a certificate processing error + * @throws SlCommandoBuildException In case of an error + * @throws CertificateEncodingException In case of a certificate processing + * error */ public static ObjectNode createBindingKeyCommandResult(final String appId, final byte[] csr, final X509Certificate attCert, final byte[] password) throws SlCommandoBuildException, CertificateEncodingException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, - appId, true); - addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, - true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, appId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, true); addSingleCertificateElement(result, - SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, - false); - addSingleByteElement(result, - SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false); + SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, false); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false); return result; } @@ -356,19 +329,18 @@ public class SL20JsonBuilderUtils { /** * Create Store Binding-Certificate command parameters. * - * @param cert Certificate + * @param cert Certificate * @param dataUrl DATA URL * @return JSON - * @throws CertificateEncodingException In case of a certificate processing error - * @throws SlCommandoBuildException In case of a error + * @throws CertificateEncodingException In case of a certificate processing + * error + * @throws SlCommandoBuildException In case of a error */ - public static ObjectNode createStoreBindingCertCommandParams(final X509Certificate cert, - final String dataUrl) throws CertificateEncodingException, SlCommandoBuildException { + public static ObjectNode createStoreBindingCertCommandParams(final X509Certificate cert, final String dataUrl) + throws CertificateEncodingException, SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, - cert, true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, - true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, cert, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, true); return params; } @@ -379,8 +351,7 @@ public class SL20JsonBuilderUtils { * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createStoreBindingCertCommandSuccessResult() - throws SlCommandoBuildException { + public static ObjectNode createStoreBindingCertCommandSuccessResult() throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE, true); @@ -388,27 +359,23 @@ public class SL20JsonBuilderUtils { } - /** * Create idAndPassword command parameters. * - * @param keyAlg key algorithm + * @param keyAlg key algorithm * @param dataUrl DATA Url - * @param x5cEnc result encryption certificate + * @param x5cEnc result encryption certificate * @return JSON - * @throws SlCommandoBuildException In case of an error - * @throws CertificateEncodingException In case of a certificate processing error + * @throws SlCommandoBuildException In case of an error + * @throws CertificateEncodingException In case of a certificate processing + * error */ - public static ObjectNode createIdAndPasswordCommandParameters(final String keyAlg, - final String dataUrl, final X509Certificate x5cEnc) - throws SlCommandoBuildException, CertificateEncodingException { + public static ObjectNode createIdAndPasswordCommandParameters(final String keyAlg, final String dataUrl, + final X509Certificate x5cEnc) throws SlCommandoBuildException, CertificateEncodingException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, - keyAlg, true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, - dataUrl, true); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, - x5cEnc, false); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, keyAlg, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, x5cEnc, false); return params; } @@ -416,18 +383,17 @@ public class SL20JsonBuilderUtils { /** * Create idAndPassword command result. * - * @param kontoId User's Id + * @param kontoId User's Id * @param password User's password * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createIdAndPasswordCommandResult(final String kontoId, - final byte[] password) throws SlCommandoBuildException { + public static ObjectNode createIdAndPasswordCommandResult(final String kontoId, final byte[] password) + throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, - SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true); - addSingleByteElement(result, - SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, + true); return result; } @@ -435,25 +401,20 @@ public class SL20JsonBuilderUtils { /** * Create JWS Token Authentication command. * - * @param nonce nonce that should be signed - * @param dataUrl Data URL + * @param nonce nonce that should be signed + * @param dataUrl Data URL * @param displayData Data that should be displayed * @param displayUrl URL to data that should be displayed * @return JSON * @throws SlCommandoBuildException In case of an error */ public static ObjectNode createJwsTokenAuthCommandParams(final String nonce, final String dataUrl, - final List<String> displayData, final List<String> displayUrl) - throws SlCommandoBuildException { + final List<String> displayData, final List<String> displayUrl) throws SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, - true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, - true); - addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, - displayData); - addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL, - displayUrl); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, true); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, displayData); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL, displayUrl); return params; } @@ -465,22 +426,19 @@ public class SL20JsonBuilderUtils { * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createJwsTokenAuthCommandResult(final String nonce) - throws SlCommandoBuildException { + public static ObjectNode createJwsTokenAuthCommandResult(final String nonce) throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, - nonce, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, nonce, true); return result; } - /** * Create Generic Request Container. * - * @param reqId RequestId + * @param reqId RequestId * @param transactionId TransactionId - * @param payLoad unsigned payload + * @param payLoad unsigned payload * @param signedPayload Signed payload * @return JSON * @throws SlCommandoBuildException In case of an error @@ -488,12 +446,10 @@ public class SL20JsonBuilderUtils { public static ObjectNode createGenericRequest(final String reqId, final String transactionId, final ObjectNode payLoad, final String signedPayload) throws SlCommandoBuildException { final ObjectNode req = mapper.getMapper().createObjectNode(); - addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, - true); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true); addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); - addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, - signedPayload); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, signedPayload); return req; } @@ -501,32 +457,29 @@ public class SL20JsonBuilderUtils { /** * Create Generic Response Container. * - * @param respId Response Id - * @param inResponseTo RequestId to this response + * @param respId Response Id + * @param inResponseTo RequestId to this response * @param transactionId transactionId - * @param payLoad Unsigned payload + * @param payLoad Unsigned payload * @param signedPayload Signed payload * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static final ObjectNode createGenericResponse(final String respId, - final String inResponseTo, final String transactionId, final ObjectNode payLoad, - final String signedPayload) throws SlCommandoBuildException { + public static final ObjectNode createGenericResponse(final String respId, final String inResponseTo, + final String transactionId, final ObjectNode payLoad, final String signedPayload) + throws SlCommandoBuildException { final ObjectNode req = mapper.getMapper().createObjectNode(); - addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, - true); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true); addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, false); addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); - addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, - signedPayload); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, signedPayload); return req; } - private static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, - final String secondKeyId, final ObjectNode first, final ObjectNode second) - throws SlCommandoBuildException { + private static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, final String secondKeyId, + final ObjectNode first, final ObjectNode second) throws SlCommandoBuildException { if (first == null && second == null) { throw new SlCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); } else if (first != null && second != null) { @@ -542,18 +495,18 @@ public class SL20JsonBuilderUtils { /** * Add one element of two possible elements <br> - * This method adds either the first element or the second element to parent JSON, but never both. + * This method adds either the first element or the second element to parent + * JSON, but never both. * - * @param parent Parent JSON element - * @param firstKeyId first element Id + * @param parent Parent JSON element + * @param firstKeyId first element Id * @param secondKeyId second element Id - * @param first first element - * @param second second element + * @param first first element + * @param second second element * @throws SlCommandoBuildException In case of an error. */ - public static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, - final String secondKeyId, final ObjectNode first, final String second) - throws SlCommandoBuildException { + public static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, final String secondKeyId, + final ObjectNode first, final String second) throws SlCommandoBuildException { if (first == null && (second == null || second.isEmpty())) { throw new SlCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); } else if (first != null && second != null) { @@ -567,34 +520,25 @@ public class SL20JsonBuilderUtils { } } - - // TODO!!!! - private static ObjectNode createJsonSignedHeader() - throws SlCommandoBuildException { + private static ObjectNode createJsonSignedHeader() throws SlCommandoBuildException { final ObjectNode header = mapper.getMapper().createObjectNode(); - addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, - SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true); - addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, - SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true); - addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, - Arrays.asList(Constants.DUMMY_SIGNING_CERT)); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true); + addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, Arrays.asList(Constants.DUMMY_SIGNING_CERT)); return header; } // TODO!!!! - private static ObjectNode createJsonEncryptionHeader() - throws SlCommandoBuildException { + private static ObjectNode createJsonEncryptionHeader() throws SlCommandoBuildException { final ObjectNode header = mapper.getMapper().createObjectNode(); - addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, - SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true); addSingleStringElement(header, SL20Constants.JSON_ENCRYPTION_PAYLOAD, SL20Constants.JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, true); - addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, - SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, true); - addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT, - Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, + true); + addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT, Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true); return header; } @@ -605,14 +549,11 @@ public class SL20JsonBuilderUtils { + " AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4\n" + " BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K\n" + " 0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv\n" - + " hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n" - + " p0igcN_IoypGlUPQGe77Rw"; + + " hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n" + " p0igcN_IoypGlUPQGe77Rw"; } - - - private static void addArrayOfStrings(final ObjectNode parent, final String keyId, - final List<String> values) throws SlCommandoBuildException { + private static void addArrayOfStrings(final ObjectNode parent, final String keyId, final List<String> values) + throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (values != null) { final ArrayNode callReqParamsArray = mapper.getMapper().createArrayNode(); @@ -624,7 +565,6 @@ public class SL20JsonBuilderUtils { } } - private static void addArrayOfStringElements(final ObjectNode parent, final String keyId, final Map<String, String> keyValuePairs) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); @@ -652,10 +592,8 @@ public class SL20JsonBuilderUtils { } - - - private static void addSingleByteElement(final ObjectNode parent, final String keyId, - final byte[] value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleByteElement(final ObjectNode parent, final String keyId, final byte[] value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -666,8 +604,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleBooleanElement(final ObjectNode parent, final String keyId, - final Boolean value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleBooleanElement(final ObjectNode parent, final String keyId, final Boolean value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -678,8 +616,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleNumberElement(final ObjectNode parent, final String keyId, - final Integer value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleNumberElement(final ObjectNode parent, final String keyId, final Integer value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -690,8 +628,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleStringElement(final ObjectNode parent, final String keyId, - final String value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleStringElement(final ObjectNode parent, final String keyId, final String value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && (value == null || value.isEmpty())) { @@ -702,8 +640,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleIntegerElement(final ObjectNode parent, final String keyId, - final Integer value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleIntegerElement(final ObjectNode parent, final String keyId, final Integer value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -714,8 +652,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleJsonElement(final ObjectNode parent, final String keyId, - final ObjectNode element, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleJsonElement(final ObjectNode parent, final String keyId, final ObjectNode element, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && element == null) { @@ -726,8 +664,6 @@ public class SL20JsonBuilderUtils { } - - private static void validateParentAndKey(final ObjectNode parent, final String keyId) throws SlCommandoBuildException { if (parent == null) { diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java index d4e1490d..eb6de461 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java @@ -7,9 +7,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; + import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; @@ -18,25 +16,29 @@ import org.apache.http.util.EntityUtils; import org.jose4j.base64url.Base64Url; import org.slf4j.Logger; import org.slf4j.LoggerFactory; + import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.ObjectNode; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; + public class SL20JsonExtractorUtils { private static final Logger log = LoggerFactory.getLogger(SL20JsonExtractorUtils.class); private static JsonMapper mapper = new JsonMapper(); - /** * Extract String value from JSON. * - * @param input JSON - * @param keyID Element identifier + * @param input JSON + * @param keyID Element identifier * @param isRequired true, if the element must not null * @return Value of this element * @throws SlCommandoParserException In case an error */ - public static String getStringValue(final JsonNode input, final String keyID, - final boolean isRequired) throws SlCommandoParserException { + public static String getStringValue(final JsonNode input, final String keyID, final boolean isRequired) + throws SlCommandoParserException { try { final JsonNode internal = getAndCheck(input, keyID, isRequired); @@ -58,14 +60,14 @@ public class SL20JsonExtractorUtils { /** * Extract Boolean value from JSON. * - * @param input JSON - * @param keyID Element identifier + * @param input JSON + * @param keyID Element identifier * @param isRequired true, if the element must not null * @return Boolean * @throws SlCommandoParserException In case of an error */ - public static boolean getBooleanValue(final ObjectNode input, final String keyID, - final boolean isRequired, final boolean defaultValue) throws SlCommandoParserException { + public static boolean getBooleanValue(final ObjectNode input, final String keyID, final boolean isRequired, + final boolean defaultValue) throws SlCommandoParserException { try { final JsonNode internal = getAndCheck(input, keyID, isRequired); @@ -87,14 +89,14 @@ public class SL20JsonExtractorUtils { /** * Extract JSONObject value from JSON. * - * @param input JSON - * @param keyID Element identifier + * @param input JSON + * @param keyID Element identifier * @param isRequired true, if the element must not null * @return JSON node * @throws SlCommandoParserException In case of an error */ - public static JsonNode getJsonObjectValue(final JsonNode input, final String keyID, - final boolean isRequired) throws SlCommandoParserException { + public static JsonNode getJsonObjectValue(final JsonNode input, final String keyID, final boolean isRequired) + throws SlCommandoParserException { try { final JsonNode internal = getAndCheck(input, keyID, isRequired); @@ -120,8 +122,7 @@ public class SL20JsonExtractorUtils { * @return List of Elements in this node * @throws SlCommandoParserException In case of an error */ - public static List<String> getListOfStringElements(final JsonNode input) - throws SlCommandoParserException { + public static List<String> getListOfStringElements(final JsonNode input) throws SlCommandoParserException { final List<String> result = new ArrayList<>(); if (input != null) { if (input.isArray()) { @@ -149,8 +150,8 @@ public class SL20JsonExtractorUtils { /** * Extract Map of Key/Value pairs from a JSON Element. * - * @param input parent JSON object - * @param keyID KeyId of the child that should be parsed + * @param input parent JSON object + * @param keyID KeyId of the child that should be parsed * @param isRequired true, if the element must not null * @return Map of element pairs * @throws SlCommandoParserException In case of an error @@ -169,8 +170,7 @@ public class SL20JsonExtractorUtils { * @return Map of element pairs * @throws SlCommandoParserException in case of an error */ - public static Map<String, String> getMapOfStringElements(final JsonNode input) - throws SlCommandoParserException { + public static Map<String, String> getMapOfStringElements(final JsonNode input) throws SlCommandoParserException { final Map<String, String> result = new HashMap<>(); if (input != null) { @@ -196,13 +196,11 @@ public class SL20JsonExtractorUtils { return result; } - private static void entitySetToMap(final Map<String, String> result, - final Iterator<Entry<String, JsonNode>> entry) { + private static void entitySetToMap(final Map<String, String> result, final Iterator<Entry<String, JsonNode>> entry) { while (entry.hasNext()) { final Entry<String, JsonNode> el = entry.next(); if (result.containsKey(el.getKey())) { - log.info("Attr. Map already contains Element with Key: " + el.getKey() - + ". Overwrite element ... "); + log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); } result.put(el.getKey(), el.getValue().asText()); @@ -211,12 +209,11 @@ public class SL20JsonExtractorUtils { } - /** * Extract Security-Layer 2.0 result from response object. * - * @param command SL2.0 command - * @param decrypter JWS decrypter implementation + * @param command SL2.0 command + * @param decrypter JWS decrypter implementation * @param mustBeEncrypted if <code>true</code>, the result must be encrypted * @return decrypted JSON * @throws SL20Exception In case of an error @@ -224,8 +221,7 @@ public class SL20JsonExtractorUtils { public static JsonNode extractSL20Result(final JsonNode command, final IJoseTools decrypter, final boolean mustBeEncrypted) throws SL20Exception { final JsonNode result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); - final JsonNode encryptedResult = - command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); + final JsonNode encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); if (result == null && encryptedResult == null) { throw new SlCommandoParserException("NO result OR encryptedResult FOUND."); @@ -238,8 +234,7 @@ public class SL20JsonExtractorUtils { } catch (final Exception e) { log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); if (!mustBeEncrypted) { - log.warn( - "Decrypted results are disabled by configuration. Parse result in plain if it is possible"); + log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); // dummy code try { @@ -267,7 +262,6 @@ public class SL20JsonExtractorUtils { throw new SlCommandoParserException("Internal build error"); } - } /** @@ -278,8 +272,8 @@ public class SL20JsonExtractorUtils { * @return Signature verification result that contains the payLoad * @throws SlCommandoParserException In case of an error */ - public static VerificationResult extractSL20PayLoad(final JsonNode container, - final IJoseTools joseTools, final boolean mustBeSigned) throws SL20Exception { + public static VerificationResult extractSL20PayLoad(final JsonNode container, final IJoseTools joseTools, + final boolean mustBeSigned) throws SL20Exception { final JsonNode sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); final JsonNode sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); @@ -301,10 +295,8 @@ public class SL20JsonExtractorUtils { throw new SlCommandoParserException("Internal build error"); } - } - /** * Extract generic transport container from httpResponse. * @@ -312,19 +304,16 @@ public class SL20JsonExtractorUtils { * @return JSON with SL2.0 response * @throws SlCommandoParserException In case of an error */ - public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp) - throws SlCommandoParserException { + public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp) throws SlCommandoParserException { try { JsonNode sl20Resp = null; - if (httpResp.getStatusLine().getStatusCode() == 303 - || httpResp.getStatusLine().getStatusCode() == 307) { + if (httpResp.getStatusLine().getStatusCode() == 303 || httpResp.getStatusLine().getStatusCode() == 307) { final Header[] locationHeader = httpResp.getHeaders("Location"); if (locationHeader == null) { throw new SlCommandoParserException("Find Redirect statuscode but not Location header"); } - final String sl20RespString = - new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); + final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); sl20Resp = mapper.getMapper().readTree(Base64Url.decode(sl20RespString)); } else if (httpResp.getStatusLine().getStatusCode() == 200) { @@ -333,16 +322,15 @@ public class SL20JsonExtractorUtils { } if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) { - throw new SlCommandoParserException("SL20 response with a wrong ContentType: " - + httpResp.getEntity().getContentType().getValue()); + throw new SlCommandoParserException( + "SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); } sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - } else if (httpResp.getStatusLine().getStatusCode() == 500 - || httpResp.getStatusLine().getStatusCode() == 401 + } else if (httpResp.getStatusLine().getStatusCode() == 500 || httpResp.getStatusLine().getStatusCode() == 401 || httpResp.getStatusLine().getStatusCode() == 400) { - log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() - + ". Search for error message"); + log.info( + "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + ". Search for error message"); try { sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); @@ -354,8 +342,6 @@ public class SL20JsonExtractorUtils { } - - } else { throw new SlCommandoParserException( "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); @@ -365,8 +351,7 @@ public class SL20JsonExtractorUtils { return sl20Resp; } catch (final Exception e) { - throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), - e); + throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); } } @@ -384,21 +369,18 @@ public class SL20JsonExtractorUtils { throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object"); } - } else { throw new SlCommandoParserException("Can NOT find content in http response"); } } - - private static JsonNode getAndCheck(final JsonNode input, final String keyID, - final boolean isRequired) throws SlCommandoParserException { + private static JsonNode getAndCheck(final JsonNode input, final String keyID, final boolean isRequired) + throws SlCommandoParserException { final JsonNode internal = input.get(keyID); if (internal == null && isRequired) { - throw new SlCommandoParserException( - "REQUIRED Element with keyId: " + keyID + " does not exist"); + throw new SlCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); } return internal; diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java index 155bfadd..67e9e29d 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java @@ -1,8 +1,9 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api; import java.util.List; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse; + +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; public interface ISignatureVerificationService { @@ -10,80 +11,89 @@ public interface ISignatureVerificationService { /** * Verify a CAdES or CMS signature. <br> * <br> - * <i>This method only validates the first CMS or CAdES signature if more than one signature - * exists</i> + * <i>This method only validates the first CMS or CAdES signature if more than + * one signature exists</i> * - * @param signature Enveloped CMS or CAdES signature + * @param signature Enveloped CMS or CAdES signature * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration - * @return @link {@link ICMSSignatureVerificationResponse}, or null if no signature was found + * @return @link {@link ICmsSignatureVerificationResponse}, or null if no + * signature was found * @throws MoaSigServiceException on signatue-verification error */ - ICMSSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID) + ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID) throws MoaSigServiceException; - - /** * Verify a XML or XAdES signature. <br> * <br> - * <i>This method only validates the first XML or XAdES signature if more than one signature - * exists</i> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> * - * @param signature Serialized XML or XAdES signature + * @param signature Serialized XML or XAdES signature * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration - * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found * @throws MoaSigServiceException on signatue-verification error */ - IXMLSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID) + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID) throws MoaSigServiceException; /** * Verify a XML or XAdES signature. <br> * <br> - * <i>This method only validates the first XML or XAdES signature if more than one signature - * exists</i> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration - * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that should be used - * for signature-verification - * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that + * should be used for + * signature-verification + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found * @throws MoaSigServiceException on signatue-verification error */ - IXMLSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID) throws MoaSigServiceException; - /** * Verify a XML or XAdES signature. <br> * <br> - * <i>This method only validates the first XML or XAdES signature if more than one signature - * exists</i> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration - * @param signatureLocationXpath Xpath that points to location of Signature element - * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param signatureLocationXpath Xpath that points to location of Signature + * element + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found * @throws MoaSigServiceException on signatue-verification error */ - IXMLSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, String signatureLocationXpath) throws MoaSigServiceException; /** * Verify a XML or XAdES signature. <br> * <br> - * <i>This method only validates the first XML or XAdES signature if more than one signature - * exists</i> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration - * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that should be used - * for signature-verification - * @param signatureLocationXpath Xpath that points to location of Signature element - * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that + * should be used for + * signature-verification + * @param signatureLocationXpath Xpath that points to location of + * Signature element + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found * @throws MoaSigServiceException on signatue-verification error */ - IXMLSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID, String signatureLocationXpath) throws MoaSigServiceException; diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICMSSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java index 57426751..5e7a4564 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICMSSignatureVerificationResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java @@ -1,5 +1,5 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; -public interface ICMSSignatureVerificationResponse extends IGenericSignatureVerificationResponse { +public interface ICmsSignatureVerificationResponse extends IGenericSignatureVerificationResponse { } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java index 13a9b08f..8ebd90be 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java @@ -1,18 +1,17 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; -import iaik.x509.X509Certificate; import java.util.Date; import org.springframework.lang.Nullable; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; - +import iaik.x509.X509Certificate; public interface IGenericSignatureVerificationResponse { /** - * Returns the signing time - * + * Returns the signing time. + * * @return Signing time, or null if signature contains no time information */ @Nullable @@ -20,53 +19,53 @@ public interface IGenericSignatureVerificationResponse { /** * Returns the signatureCheckCode. - * + * * @return int */ int getSignatureCheckCode(); /** * Returns the certificateCheckCode. - * + * * @return int */ int getCertificateCheckCode(); /** * Returns the qualifiedCertificate. - * + * * @return boolean */ boolean isQualifiedCertificate(); /** * Returns the X509 certificate. - * + * * @return X509Certificate, or null if no certificate information exists * @throws MoaSigServiceException if X509 certificate can not be deserialized */ @Nullable X509Certificate getX509Certificate() throws MoaSigServiceException; - /** - * Returns the X509 certificate in serialized form - * - * @return Serialized X509 certificate, or null if no certificate information exists + * Returns the X509 certificate in serialized form. + * + * @return Serialized X509 certificate, or null if no certificate information + * exists */ @Nullable byte[] getX509CertificateEncoded(); /** * Returns the publicAuthority. - * + * * @return boolean */ boolean isPublicAuthority(); /** * Returns the publicAuthorityCode. - * + * * @return String OID, or null if no OID exists */ @Nullable diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java index 49940ca5..17d5fa59 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java @@ -4,7 +4,7 @@ import java.io.InputStream; import java.util.Map; /** - * Inject additional XML schemes into MOA-Sig + * Inject additional XML schemes into MOA-Sig. * * @author tlenz * @@ -12,10 +12,10 @@ import java.util.Map; public interface ISchemaRessourceProvider { /** - * Get a Map of additional XML schemes that should be injected into MOA-Sig - * - * @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme as - * {@link InputStream} + * Get a Map of additional XML schemes that should be injected into MOA-Sig. + * + * @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme + * as {@link InputStream} */ Map<String, InputStream> getSchemas(); } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXMLSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java index 6273bb9e..5b766917 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXMLSignatureVerificationResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java @@ -1,34 +1,33 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; /** + * XML signature verification result. + * * @author tlenz * */ -public interface IXMLSignatureVerificationResponse extends IGenericSignatureVerificationResponse { - +public interface IXmlSignatureVerificationResponse extends IGenericSignatureVerificationResponse { /** * Returns the xmlDSIGManifestCheckCode. - * + * * @return int */ - int getXmlDSIGManifestCheckCode(); + int getXmlDsigManifestCheckCode(); /** * Returns the xmlDsigSubjectName. - * + * * @return String */ String getXmlDsigSubjectName(); - /** * Returns the xmlDSIGManigest. - * + * * @return boolean */ - boolean isXmlDSIGManigest(); - + boolean isXmlDsigManigest(); /** * Returns the the resulting code of the signature manifest check. diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java index cbf80c39..d2cab2ef 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java @@ -3,6 +3,12 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.w3c.dom.Document; + import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; @@ -10,10 +16,6 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.w3c.dom.Document; public abstract class AbstractSignatureService { private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class); @@ -22,8 +24,9 @@ public abstract class AbstractSignatureService { MoaSigInitializer moaSigConfig; /** - * Get a new {@link Document} from {@link DocumentBuilder} in synchronized form, because - * {@link DocumentBuilderFactory} and {@link DocumentBuilder} are not thread-safe. + * Get a new {@link Document} from {@link DocumentBuilder} in synchronized form, + * because {@link DocumentBuilderFactory} and {@link DocumentBuilder} are not + * thread-safe. * * @return {@link Document} * @throws ParserConfigurationException In case of an error @@ -35,11 +38,11 @@ public abstract class AbstractSignatureService { } /** - * Set up the thread-local context information needed for calling the various <code>Invoker</code> - * classes. + * Set up the thread-local context information needed for calling the various + * <code>Invoker</code> classes. * - * @throws ConfigurationException An error occurred setting up the configuration in the - * <code>TransactionContext</code>. + * @throws ConfigurationException An error occurred setting up the configuration + * in the <code>TransactionContext</code>. */ protected final void setUpContexts(final String transactionID) throws ConfigurationException { final TransactionContextManager txMgr = TransactionContextManager.getInstance(); diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java index f0ee4612..77bbc88b 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java @@ -6,8 +6,14 @@ import java.security.Provider; import java.security.Security; import java.util.Iterator; import java.util.Map.Entry; + import javax.annotation.Nonnull; import javax.annotation.PostConstruct; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ISchemaRessourceProvider; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceConfigurationException; import at.gv.egovernment.moa.spss.MOAException; @@ -15,9 +21,6 @@ import at.gv.egovernment.moa.spss.api.Configurator; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; import at.gv.egovernment.moaspss.util.DOMUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; import iaik.asn1.structures.AlgorithmID; import iaik.security.ec.provider.ECCelerate; import iaik.security.provider.IAIK; @@ -30,7 +33,6 @@ public class MoaSigInitializer { private Configurator moaSigConfigurator; - /** * Get MOA-Sig configuration object. * @@ -76,7 +78,6 @@ public class MoaSigInitializer { } - // Inject additional XML schemes if (schemas != null && schemas.length > 0) { log.debug("Infjecting additional XML schemes ... "); @@ -100,30 +101,29 @@ public class MoaSigInitializer { moaSigConfigurator = Configurator.getInstance(); - } catch (final MOAException e) { log.error("MOA-SP initialization FAILED!", e.getWrapped()); throw new MoaSigServiceConfigurationException("service.moasig.04", - new Object[] {e.toString()}, e); + new Object[] { e.toString() }, e); } - } private static void fixJava8_141ProblemWithSslAlgorithms() { log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); - // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", + // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] + // { "MD5withRSA", // "MD5/RSA", }, null, true); new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", - new String[] {"SHA1withRSA", "SHA1/RSA", "SHA-1/RSA", "SHA/RSA",}, null, true); + new String[] { "SHA1withRSA", "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", - new String[] {"SHA224withRSA", "SHA224/RSA", "SHA-224/RSA",}, null, true); + new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", - new String[] {"SHA256withRSA", "SHA256/RSA", "SHA-256/RSA",}, null, true); + new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", - new String[] {"SHA384withRSA", "SHA384/RSA", "SHA-384/RSA",}, null, true); + new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", - new String[] {"SHA512withRSA", "SHA512/RSA", "SHA-512/RSA"}, null, true); + new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); log.info("Change AlgorithmIDs finished"); } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java index c8275264..d09b26de 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java @@ -11,7 +11,7 @@ public class MoaSigSpringResourceProvider implements SpringResourceProvider { public Resource[] getResourcesToLoad() { final ClassPathResource moaSigConfig = new ClassPathResource("/moa-sig-service.beans.xml", MoaSigSpringResourceProvider.class); - return new Resource[] {moaSigConfig}; + return new Resource[] { moaSigConfig }; } @Override diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java index 338e77d8..559af62a 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java @@ -18,17 +18,14 @@ public class SignatureCreationService extends AbstractSignatureService private XMLSignatureCreationInvoker xadesInvoker; private CMSSignatureCreationInvoker cadesInvoker; - - @PostConstruct protected void internalInitializer() { log.debug("Instanzing SignatureCreationService implementation ... "); xadesInvoker = XMLSignatureCreationInvoker.getInstance(); cadesInvoker = CMSSignatureCreationInvoker.getInstance(); - log.trace("XML_impl: {} , CMS_imp: {}", - xadesInvoker.getClass().getName(), cadesInvoker.getClass().getName()); + log.trace("XML_impl: {} , CMS_imp: {}", + xadesInvoker.getClass().getName(), cadesInvoker.getClass().getName()); log.info("MOA-Sig signature-creation service initialized"); - } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java index 3dbda391..8fc4086e 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java @@ -3,10 +3,21 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; import java.io.ByteArrayInputStream; import java.security.cert.CertificateEncodingException; import java.util.List; + import javax.annotation.PostConstruct; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.lang.Nullable; +import org.springframework.stereotype.Service; +import org.springframework.util.Base64Utils; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceBuilderException; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser.VerifyXmlSignatureResponseParser; @@ -22,15 +33,6 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker; import at.gv.egovernment.moaspss.util.Constants; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.lang.Nullable; -import org.springframework.stereotype.Service; -import org.springframework.util.Base64Utils; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - /** * MOA-Sig based signature verification implementation. @@ -54,12 +56,12 @@ public class SignatureVerificationService extends AbstractSignatureService /* * (non-Javadoc) * - * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService# - * verifyCMSSignature(byte[], java.lang.String) + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. + * ISignatureVerificationService# verifyCMSSignature(byte[], java.lang.String) */ @Override @Nullable - public ICMSSignatureVerificationResponse verifyCmsSignature(final byte[] signature, + public ICmsSignatureVerificationResponse verifyCmsSignature(final byte[] signature, final String trustProfileID) throws MoaSigServiceException { try { // setup context @@ -74,12 +76,12 @@ public class SignatureVerificationService extends AbstractSignatureService } catch (final MOAException e) { log.warn("CMS signature verification has an error.", e); - throw new MoaSigServiceException("service.03", new Object[] {e.toString()}, e); + throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); } catch (final CertificateEncodingException e) { log.warn("Can NOT serialize X509 certificate from CMS/CAdES signature-verification response", e); - throw new MoaSigServiceException("service.03", new Object[] {e.toString()}, e); + throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); } finally { tearDownContexts(); @@ -91,11 +93,11 @@ public class SignatureVerificationService extends AbstractSignatureService /* * (non-Javadoc) * - * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService# - * verifyXMLSignature(byte[], java.lang.String) + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. + * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String) */ @Override - public IXMLSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION); @@ -104,11 +106,12 @@ public class SignatureVerificationService extends AbstractSignatureService /* * (non-Javadoc) * - * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService# - * verifyXMLSignature(byte[], java.lang.String, java.util.List) + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. + * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String, + * java.util.List) */ @Override - public IXMLSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID, final List<String> verifyTransformsInfoProfileID) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, @@ -118,11 +121,12 @@ public class SignatureVerificationService extends AbstractSignatureService /* * (non-Javadoc) * - * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService# - * verifyXMLSignature(byte[], java.lang.String, java.lang.String) + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. + * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String, + * java.lang.String) */ @Override - public IXMLSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID, final String signatureLocationXpath) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath); @@ -131,11 +135,12 @@ public class SignatureVerificationService extends AbstractSignatureService /* * (non-Javadoc) * - * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService# - * verifyXMLSignature(byte[], java.lang.String, java.util.List, java.lang.String) + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. + * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String, + * java.util.List, java.lang.String) */ @Override - public IXMLSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID, final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation) throws MoaSigServiceException { try { @@ -153,7 +158,7 @@ public class SignatureVerificationService extends AbstractSignatureService final Document result = new VerifyXMLSignatureResponseBuilder(true).build(vsresponse); // parses the <IXMLSignatureVerificationResponse> - final IXMLSignatureVerificationResponse verifyXmlSignatureResponse = + final IXmlSignatureVerificationResponse verifyXmlSignatureResponse = new VerifyXmlSignatureResponseParser(result.getDocumentElement()).parseData(); return verifyXmlSignatureResponse; @@ -164,7 +169,7 @@ public class SignatureVerificationService extends AbstractSignatureService } catch (final MOAException e) { log.warn("MOA-Sig signature-verification has an internal error." + " MsgCode: " + e.getMessageId() + " Msg: " + e.getMessage(), e); - throw new MoaSigServiceException("service.moasig.03", new Object[] {e.getMessage()}, e); + throw new MoaSigServiceException("service.moasig.03", new Object[] { e.getMessage() }, e); } finally { tearDownContexts(); @@ -172,7 +177,7 @@ public class SignatureVerificationService extends AbstractSignatureService } } - private ICMSSignatureVerificationResponse parseCmsVerificationResult( + private ICmsSignatureVerificationResponse parseCmsVerificationResult( final VerifyCMSSignatureResponse cmsSigVerifyResp) throws CertificateEncodingException { if (cmsSigVerifyResp.getResponseElements() == null @@ -190,8 +195,8 @@ public class SignatureVerificationService extends AbstractSignatureService final VerifyCMSSignatureResponseElement firstSig = (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0); - final at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCMSSignatureResponse result = - new at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCMSSignatureResponse(); + final at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse result = + new at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse(); // parse results into response container result.setSignatureCheckCode(firstSig.getSignatureCheck().getCode()); @@ -216,14 +221,16 @@ public class SignatureVerificationService extends AbstractSignatureService /** * Build a VerifyCMS-Siganture request for MOA-Sig. <br> * <br> - * This builder only generates verification-request for enveloped CMS or CAdES signatures <br> + * This builder only generates verification-request for enveloped CMS or CAdES + * signatures <br> * This * - * @param signature CMS or CAdES signature - * @param trustProfileID trustProfileID MOA-Sig Trust-Profile - * @param isPdfSignature Make CAdES signature as part of an PAdES document - * @param performExtendedValidation To extended validation. See MOA-Sig documentation for detailed - * information + * @param signature CMS or CAdES signature + * @param trustProfileID trustProfileID MOA-Sig Trust-Profile + * @param isPdfSignature Make CAdES signature as part of an PAdES + * document + * @param performExtendedValidation To extended validation. See MOA-Sig + * documentation for detailed information * @return */ private VerifyCMSSignatureRequest buildVerfifyCmsRequest(final byte[] signature, @@ -245,11 +252,12 @@ public class SignatureVerificationService extends AbstractSignatureService /** * Build a VerifyXML-Signature request for MOA-Sig. * - * @param signature Serialized XML signature - * @param trustProfileID MOA-Sig Trust-Profile - * @param verifyTransformsInfoProfileID {@link List} of Transformation-Profiles used for - * validation - * @param xpathSignatureLocation Xpath that points to location of Signature element + * @param signature Serialized XML signature + * @param trustProfileID MOA-Sig Trust-Profile + * @param verifyTransformsInfoProfileID {@link List} of Transformation-Profiles + * used for validation + * @param xpathSignatureLocation Xpath that points to location of + * Signature element * @return MOA-Sig verification request element * @throws MoaSigServiceBuilderException In case of an error */ @@ -266,7 +274,6 @@ public class SignatureVerificationService extends AbstractSignatureService Constants.DSIG_NS_URI); requestDoc_.appendChild(requestElem_); - // build the request final Element verifiySignatureInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); @@ -331,19 +338,18 @@ public class SignatureVerificationService extends AbstractSignatureService } catch (final Throwable t) { log.warn("Can NOT build VerifyXML-Signature request for MOA-Sig", t); - throw new MoaSigServiceBuilderException("service.moasig.03", new Object[] {t.getMessage()}, + throw new MoaSigServiceBuilderException("service.moasig.03", new Object[] { t.getMessage() }, t); } } - - @PostConstruct protected void internalInitializer() { log.debug("Instanzing SignatureVerificationService implementation ... "); - // svs = at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance(); + // svs = + // at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance(); cadesInvoker = CMSSignatureVerificationInvoker.getInstance(); xadesInvocer = XMLSignatureVerificationInvoker.getInstance(); log.info("MOA-Sig signature-verification service initialized"); diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java index 18ee6edb..0485f31f 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java @@ -2,7 +2,6 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data; import java.io.Serializable; import java.security.cert.CertificateException; -import iaik.x509.X509Certificate; import java.util.Date; import org.slf4j.Logger; @@ -11,6 +10,7 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IGenericSignatureVerificationResponse; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; +import iaik.x509.X509Certificate; public class GenericSignatureVerificationResponse implements IGenericSignatureVerificationResponse, Serializable { @@ -19,32 +19,31 @@ public class GenericSignatureVerificationResponse private static final Logger log = LoggerFactory.getLogger(GenericSignatureVerificationResponse.class); - - /** The signing time */ + /** The signing time. */ private Date signingDateTime; - /** The signatureCheckCode to be stored */ + /** The signatureCheckCode to be stored. */ private int signatureCheckCode; - /** The certificateCheckCode to be stored */ + /** The certificateCheckCode to be stored. */ private int certificateCheckCode; - /** The publicAuthority to be stored */ + /** The publicAuthority to be stored. */ private boolean publicAuthority; - /** The publicAuthorityCode to be stored */ + /** The publicAuthorityCode to be stored. */ private String publicAuthorityCode; - /** The qualifiedCertificate to be stored */ + /** The qualifiedCertificate to be stored. */ private boolean qualifiedCertificate; private byte[] x509CertificateEncoded; @Override public Date getSigningDateTime() { - if (this.signingDateTime != null) { - return new Date(this.signingDateTime.getTime()); - } + if (this.signingDateTime != null) { + return new Date(this.signingDateTime.getTime()); + } return null; } @@ -87,11 +86,11 @@ public class GenericSignatureVerificationResponse @Override public byte[] getX509CertificateEncoded() { - if (this.x509CertificateEncoded != null) { - return this.x509CertificateEncoded.clone(); - - } - return null; + if (this.x509CertificateEncoded != null) { + return this.x509CertificateEncoded.clone(); + + } + return null; } @@ -107,10 +106,15 @@ public class GenericSignatureVerificationResponse } + /** + * Set signature creation timestramp. + * + * @param signingDateTime timestamp + */ public void setSigningDateTime(final Date signingDateTime) { - if (signingDateTime != null) { - this.signingDateTime = new Date(signingDateTime.getTime()); - } + if (signingDateTime != null) { + this.signingDateTime = new Date(signingDateTime.getTime()); + } } public void setSignatureCheckCode(final int signatureCheckCode) { @@ -133,13 +137,16 @@ public class GenericSignatureVerificationResponse this.qualifiedCertificate = qualifiedCertificate; } + /** + * Set encoded signer certificate. + * + * @param x509CertificateEncoded signer cerificate + */ public void setX509CertificateEncoded(final byte[] x509CertificateEncoded) { - if (x509CertificateEncoded != null) { - this.x509CertificateEncoded = x509CertificateEncoded.clone(); - - } - } - + if (x509CertificateEncoded != null) { + this.x509CertificateEncoded = x509CertificateEncoded.clone(); + } + } } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCMSSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java index 0583a29e..ed679828 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCMSSignatureResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java @@ -1,9 +1,9 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; -public class VerifyCMSSignatureResponse extends GenericSignatureVerificationResponse - implements ICMSSignatureVerificationResponse { +public class VerifyCmsSignatureResponse extends GenericSignatureVerificationResponse + implements ICmsSignatureVerificationResponse { private static final long serialVersionUID = 708260904158070696L; diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXMLSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXMLSignatureResponse.java deleted file mode 100644 index 003d2c46..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXMLSignatureResponse.java +++ /dev/null @@ -1,119 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse; - -/** - * - * - * @author tlenz - * - */ - -public class VerifyXMLSignatureResponse extends GenericSignatureVerificationResponse - implements IXMLSignatureVerificationResponse { - - private static final long serialVersionUID = 8386070769565711601L; - - /** The xmlDsigSubjectName to be stored */ - private String xmlDsigSubjectName; - - /** The xmlDSIGManifestCheckCode to be stored */ - private int xmlDSIGManifestCheckCode; - /** The xmlDSIGManigest to be stored */ - private boolean xmlDSIGManigest; - - /** - * The result of the signature manifest check. The default value <code>-1</code> indicates that - * the signature manifest has not been checked. - */ - private int signatureManifestCheckCode = -1; - - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDSIGManifestCheckCode() - */ - @Override - public int getXmlDSIGManifestCheckCode() { - return xmlDSIGManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDsigSubjectName() - */ - @Override - public String getXmlDsigSubjectName() { - return xmlDsigSubjectName; - } - - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManifestCheckCode( - * int) - */ - public void setXmlDSIGManifestCheckCode(final int xmlDSIGManifestCheckCode) { - this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDsigSubjectName(java.lang - * .String) - */ - public void setXmlDsigSubjectName(final String xmlDsigSubjectName) { - this.xmlDsigSubjectName = xmlDsigSubjectName; - } - - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isXmlDSIGManigest() - */ - @Override - public boolean isXmlDSIGManigest() { - return xmlDSIGManigest; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManigest(boolean) - */ - public void setXmlDSIGManigest(final boolean xmlDSIGManigest) { - this.xmlDSIGManigest = xmlDSIGManigest; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureManifestCheckCode() - */ - @Override - public int getSignatureManifestCheckCode() { - return signatureManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see - * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureManifestCheckCode( - * int) - */ - public void setSignatureManifestCheckCode(final int signatureManifestCheckCode) { - this.signatureManifestCheckCode = signatureManifestCheckCode; - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java new file mode 100644 index 00000000..4b0632b1 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java @@ -0,0 +1,115 @@ +package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data; + +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; + +/** + * MOA-Sig signature verification response for XML based signatures. + * + * @author tlenz + * + */ + +public class VerifyXmlSignatureResponse extends GenericSignatureVerificationResponse + implements IXmlSignatureVerificationResponse { + + private static final long serialVersionUID = 8386070769565711601L; + + /** The xmlDsigSubjectName to be stored. */ + private String xmlDsigSubjectName; + + /** The xmlDSIGManifestCheckCode to be stored. */ + private int xmlDsigManifestCheckCode; + /** The xmlDSIGManigest to be stored. */ + private boolean xmlDsigManigest; + + /** + * The result of the signature manifest check. The default value <code>-1</code> + * indicates that the signature manifest has not been checked. + */ + private int signatureManifestCheckCode = -1; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * getXmlDSIGManifestCheckCode() + */ + @Override + public int getXmlDsigManifestCheckCode() { + return xmlDsigManifestCheckCode; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * getXmlDsigSubjectName() + */ + @Override + public String getXmlDsigSubjectName() { + return xmlDsigSubjectName; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * setXmlDSIGManifestCheckCode( int) + */ + public void setXmlDsigManifestCheckCode(final int xmlDsigManifestCheckCode) { + this.xmlDsigManifestCheckCode = xmlDsigManifestCheckCode; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * setXmlDsigSubjectName(java.lang .String) + */ + public void setXmlDsigSubjectName(final String xmlDsigSubjectName) { + this.xmlDsigSubjectName = xmlDsigSubjectName; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * isXmlDSIGManigest() + */ + @Override + public boolean isXmlDsigManigest() { + return xmlDsigManigest; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * setXmlDSIGManigest(boolean) + */ + public void setXmlDsigManigest(final boolean xmlDsigManigest) { + this.xmlDsigManigest = xmlDsigManigest; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * getSignatureManifestCheckCode() + */ + @Override + public int getSignatureManifestCheckCode() { + return signatureManifestCheckCode; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * setSignatureManifestCheckCode( int) + */ + public void setSignatureManifestCheckCode(final int signatureManifestCheckCode) { + this.signatureManifestCheckCode = signatureManifestCheckCode; + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java index aa094f1e..231cb94f 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java @@ -2,23 +2,24 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser; import java.io.ByteArrayInputStream; import java.io.InputStream; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moaspss.util.Constants; -import at.gv.egovernment.moaspss.util.DOMUtils; -import at.gv.egovernment.moaspss.util.XPathUtils; + import org.joda.time.DateTime; import org.joda.time.format.ISODateTimeFormat; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.lang.NonNull; import org.w3c.dom.Element; + +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyXmlSignatureResponse; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; import iaik.utils.Base64InputStream; import iaik.x509.X509Certificate; - public class VerifyXmlSignatureResponseParser { private static final Logger log = LoggerFactory.getLogger(VerifyXmlSignatureResponseParser.class); @@ -63,13 +64,15 @@ public class VerifyXmlSignatureResponseParser { private static final String SIGNING_TIME_XPATH = ROOT + MOA + "SigningTime"; - - /** This is the root element of the XML-Document provided by the Security Layer Card. */ + /** + * This is the root element of the XML-Document provided by the Security Layer + * Card. + */ private Element verifyXmlSignatureResponse; /** - * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the incoming String - * will be created + * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the + * incoming String will be created * * @param xmlResponse <code><InfoboxReadResponse></code> as String * @throws MoaSigServiceParserException on any parsing error @@ -82,14 +85,14 @@ public class VerifyXmlSignatureResponseParser { } catch (final Throwable t) { log.warn("Can not parse MOA-Sig response.", t); - throw new MoaSigServiceParserException("service.moasig.02", new Object[] {t.toString()}, t); + throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t); } } /** - * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the incoming - * Inputstream will be created + * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the + * incoming Inputstream will be created * * @param xmlResponse <code><InfoboxReadResponse></code> as InputStream * @throws MoaSigServiceParserException on any parsing error @@ -101,14 +104,14 @@ public class VerifyXmlSignatureResponseParser { } catch (final Throwable t) { log.warn("Can not parse MOA-Sig response.", t); - throw new MoaSigServiceParserException("service.moasig.02", new Object[] {t.toString()}, t); + throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t); } } /** - * Constructor for VerifyXMLSignatureResponseParser. The incoming Element will be used for further - * operations + * Constructor for VerifyXMLSignatureResponseParser. The incoming Element will + * be used for further operations * * @param xmlResponse <code><InfoboxReadResponse></code> as Element */ @@ -118,15 +121,16 @@ public class VerifyXmlSignatureResponseParser { } /** - * Parse MOA-Sig signatur-verification result into {@link IXMLSignatureVerificationResponse}. + * Parse MOA-Sig signatur-verification result into + * {@link IXmlSignatureVerificationResponse}. * - * @return {@link IXMLSignatureVerificationResponse} + * @return {@link IXmlSignatureVerificationResponse} * @throws MoaSigServiceException on any parsing error */ @NonNull - public IXMLSignatureVerificationResponse parseData() throws MoaSigServiceException { + public IXmlSignatureVerificationResponse parseData() throws MoaSigServiceException { try { - final VerifyXMLSignatureResponse respData = new VerifyXMLSignatureResponse(); + final VerifyXmlSignatureResponse respData = new VerifyXmlSignatureResponse(); respData.setXmlDsigSubjectName( XPathUtils.getElementValue(verifyXmlSignatureResponse, DSIG_SUBJECT_NAME_XPATH, "")); final Element e = (Element) XPathUtils.selectSingleNode(verifyXmlSignatureResponse, @@ -151,11 +155,11 @@ public class VerifyXmlSignatureResponseParser { final String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXmlSignatureResponse, XMLDSIG_MANIFEST_CHECK_CODE_XPATH, null); if (xmlDsigCheckCode != null) { - respData.setXmlDSIGManigest(true); - respData.setXmlDSIGManifestCheckCode(Integer.parseInt(xmlDsigCheckCode)); + respData.setXmlDsigManigest(true); + respData.setXmlDsigManifestCheckCode(Integer.parseInt(xmlDsigCheckCode)); } else { - respData.setXmlDSIGManigest(false); + respData.setXmlDsigManigest(false); } @@ -181,10 +185,9 @@ public class VerifyXmlSignatureResponseParser { } catch (final Throwable t) { log.warn("Can not parse MOA-Sig response.", t); - throw new MoaSigServiceParserException("service.moasig.02", new Object[] {t.toString()}, t); + throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t); } } - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java index c0482c9d..2779ee1d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. @@ -42,7 +42,7 @@ public class Pvp2SProfileCoreSpringResourceProvider implements SpringResourcePro final ClassPathResource sl20AuthConfig = new ClassPathResource("/eaaf_pvp.beans.xml", Pvp2SProfileCoreSpringResourceProvider.class); - return new Resource[] {sl20AuthConfig}; + return new Resource[] { sl20AuthConfig }; } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java index 8bd2f024..b271b46d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java @@ -22,13 +22,16 @@ package at.gv.egiz.eaaf.modules.pvp2; import java.util.ArrayList; import java.util.Collections; import java.util.List; + import javax.xml.namespace.QName; -import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; -import at.gv.egiz.eaaf.core.impl.data.Trible; + import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.signature.SignatureConstants; -public interface PvpConstants extends PVPAttributeDefinitions { +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.impl.data.Trible; + +public interface PvpConstants extends PvpAttributeDefinitions { String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; @@ -53,13 +56,14 @@ public interface PvpConstants extends PVPAttributeDefinitions { String SINGLELOGOUT = "SingleLogOut"; /** - * Get required PVP attributes for egovtoken First : PVP attribute name (OID) Second: FriendlyName - * Third: Required. + * Get required PVP attributes for egovtoken First : PVP attribute name (OID) + * Second: FriendlyName Third: Required. * */ List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { private static final long serialVersionUID = 1L; + { // currently supported attributes add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); @@ -73,18 +77,18 @@ public interface PvpConstants extends PVPAttributeDefinitions { add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false)); add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false)); - } }); /** - * Get required PVP attributes for citizenToken First : PVP attribute name (OID) Second: - * FriendlyName Third: Required. + * Get required PVP attributes for citizenToken First : PVP attribute name (OID) + * Second: FriendlyName Third: Required. * */ List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = -5947165770657082581L; + { // required attributes - eIDAS minimal-data set add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); @@ -93,7 +97,6 @@ public interface PvpConstants extends PVPAttributeDefinitions { add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true)); add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true)); - // not required attributes add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false)); @@ -123,8 +126,6 @@ public interface PvpConstants extends PVPAttributeDefinitions { add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); - - } }); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java index 39c0baff..ec806f07 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java @@ -20,10 +20,12 @@ package at.gv.egiz.eaaf.modules.pvp2.api; import java.util.List; -import at.gv.egiz.eaaf.core.exceptions.EaafException; + import org.opensaml.saml2.metadata.ContactPerson; import org.opensaml.saml2.metadata.Organization; +import at.gv.egiz.eaaf.core.exceptions.EaafException; + public interface IPvo2BasicConfiguration { String getIdpEntityId(String authUrl) throws EaafException; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java index 677028a5..89e6a384 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java @@ -21,13 +21,14 @@ package at.gv.egiz.eaaf.modules.pvp2.api.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; + import org.opensaml.common.binding.decoding.URIComparator; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.xml.security.SecurityException; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; public interface IDecoder { InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java index 9d8b0105..fcab5fd8 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java @@ -21,30 +21,32 @@ package at.gv.egiz.eaaf.modules.pvp2.api.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; + import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; + public interface IEncoder { /** * SAML2 Request encoder. * - * @param req The http request - * @param resp The http response - * @param request The SAML2 request object + * @param req The http request + * @param resp The http response + * @param request The SAML2 request object * @param targetLocation URL, where the request should be transmit - * @param relayState token for session handling - * @param credentials Credential to sign the request object - * @param pendingReq Internal MOA-ID request object that contains session-state informations but - * never null + * @param relayState token for session handling + * @param credentials Credential to sign the request object + * @param pendingReq Internal MOA-ID request object that contains + * session-state informations but never null * @throws MessageEncodingException In case of an error - * @throws SecurityException In case of an error - * @throws Pvp2Exception In case of an error + * @throws SecurityException In case of an error + * @throws Pvp2Exception In case of an error */ void encodeRequest(HttpServletRequest req, HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, @@ -53,16 +55,16 @@ public interface IEncoder { /** * Encoder SAML Response. * - * @param req The http request - * @param resp The http response - * @param response The SAML2 repsonse object + * @param req The http request + * @param resp The http response + * @param response The SAML2 repsonse object * @param targetLocation URL, where the request should be transmit - * @param relayState token for session handling - * @param credentials Credential to sign the response object - * @param pendingReq Internal MOA-ID request object that contains session-state informations but - * never null - * @throws MessageEncodingException In case of an error - * @throws SecurityException In case of an error + * @param relayState token for session handling + * @param credentials Credential to sign the response object + * @param pendingReq Internal MOA-ID request object that contains + * session-state informations but never null + * @throws MessageEncodingException In case of an error + * @throws SecurityException In case of an error */ void encodeRespone(HttpServletRequest req, HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java index f06a1684..ab39fefb 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java @@ -21,13 +21,15 @@ package at.gv.egiz.eaaf.modules.pvp2.api.metadata; import java.util.Collection; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; + import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.ContactPerson; import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; + /** * PVP Metadata builder configuration. * @@ -36,9 +38,9 @@ import org.opensaml.xml.security.credential.Credential; */ public interface IPvpMetadataBuilderConfiguration { - /** - * Defines a unique name for this PVP Service-provider, which is used for logging. + * Defines a unique name for this PVP Service-provider, which is used for + * logging. * * @return */ @@ -73,8 +75,8 @@ public interface IPvpMetadataBuilderConfiguration { boolean buildSpSsoDescriptor(); /** - * Set the PVP entityID for this SAML2 metadata. The entityID must be an URL and must be start - * with the public-URL prefix of the server. + * Set the PVP entityID for this SAML2 metadata. The entityID must be an URL and + * must be start with the public-URL prefix of the server. * * @return PVP entityID postfix as String */ @@ -101,7 +103,6 @@ public interface IPvpMetadataBuilderConfiguration { */ Organization getOrgansiationInformation(); - /** * Set the credential for metadata signing. * @@ -111,11 +112,12 @@ public interface IPvpMetadataBuilderConfiguration { Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException; /** - * Set the credential for request/response signing IDP metadata: this credential is used for SAML2 - * response signing SP metadata: this credential is used for SAML2 response signing. + * Set the credential for request/response signing IDP metadata: this credential + * is used for SAML2 response signing SP metadata: this credential is used for + * SAML2 response signing. * * @return Credentials - * @throws CredentialsNotAvailableException In case of an error + * @throws CredentialsNotAvailableException In case of an error */ Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException; @@ -124,7 +126,7 @@ public interface IPvpMetadataBuilderConfiguration { * Set the credential for response encryption. * * @return Credentials - * @throws CredentialsNotAvailableException In case of an error + * @throws CredentialsNotAvailableException In case of an error */ Credential getEncryptionCredentials() throws CredentialsNotAvailableException; @@ -191,7 +193,6 @@ public interface IPvpMetadataBuilderConfiguration { */ String getSpSloSoapBindingUrl(); - /** * Set all SAML2 attributes which could be provided by this IDP. * diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java index 4207d860..0cf7e293 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java @@ -23,7 +23,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; public interface IPvpMetadataConfigurationFactory { - IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authUrl, AbstractCredentialProvider pvpIdpCredentials); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java index bc90ff3f..25b2d250 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java index f44a545d..fe908869 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java @@ -20,13 +20,16 @@ package at.gv.egiz.eaaf.modules.pvp2.api.reqattr; import java.util.List; + import javax.xml.namespace.QName; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; + import org.opensaml.common.SAMLObject; import org.opensaml.xml.AttributeExtensibleXMLObject; import org.opensaml.xml.XMLObject; import org.opensaml.xml.schema.XSBooleanValue; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; + public interface EaafRequestedAttribute extends SAMLObject, AttributeExtensibleXMLObject, org.opensaml.saml2.metadata.RequestedAttribute { @@ -36,7 +39,6 @@ public interface EaafRequestedAttribute extends SAMLObject, AttributeExtensibleX /** Local name of the XSI type. */ String TYPE_LOCAL_NAME = "RequestedAttributeAbstractType"; - /** Default element name. */ QName DEFAULT_ELEMENT_NAME = new QName(PvpConstants.EIDAT10_SAML_NS, DEF_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX); @@ -45,8 +47,6 @@ public interface EaafRequestedAttribute extends SAMLObject, AttributeExtensibleX QName TYPE_NAME = new QName(PvpConstants.EIDAT10_SAML_NS, TYPE_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX); - - /** NAME_ATTRIB_NAME attribute name. */ String NAME_ATTRIB_NAME = "Name"; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java index 98f118b0..4c168b31 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java index 41dcd3b9..90195f1d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java @@ -20,11 +20,13 @@ package at.gv.egiz.eaaf.modules.pvp2.api.validation; import javax.servlet.http.HttpServletRequest; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; + import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.metadata.SPSSODescriptor; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; + public interface IAuthnRequestValidator { void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java index 3cbe59da..3454e890 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java index 82fb2c79..78529e23 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java @@ -21,7 +21,6 @@ package at.gv.egiz.eaaf.modules.pvp2.exception; public class AttributQueryException extends Pvp2Exception { - private static final long serialVersionUID = -4302422507173728748L; public AttributQueryException(final String messageId, final Object[] parameters) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java index 97971d3a..2273d343 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java @@ -26,13 +26,8 @@ public class BindingNotSupportedException extends Pvp2Exception { private static final long serialVersionUID = -7227603941387879360L; public BindingNotSupportedException(final String binding) { - super("pvp2.11", new Object[] {binding}); + super("pvp2.11", new Object[] { binding }); this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI; } - - - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java index ae64e134..ede00366 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java @@ -34,7 +34,4 @@ public class CredentialsNotAvailableException extends EaafException { super(messageId, parameters, e); } - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java index 8ca373c4..538279b5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java @@ -30,6 +30,4 @@ public class InvalidDateFormatException extends Pvp2Exception { this.statusCodeValue = StatusCode.REQUESTER_URI; } - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java index b43db603..a5b5ed33 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java @@ -19,9 +19,10 @@ package at.gv.egiz.eaaf.modules.pvp2.exception; -import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; import org.opensaml.saml2.core.StatusCode; +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; + public class NameIdFormatNotSupportedException extends AuthnRequestValidatorException { private static final long serialVersionUID = -2270762519437873336L; @@ -32,12 +33,9 @@ public class NameIdFormatNotSupportedException extends AuthnRequestValidatorExce * @param nameIdFormat requested NameIdFormat */ public NameIdFormatNotSupportedException(final String nameIdFormat) { - super("pvp2.12", new Object[] {nameIdFormat}); + super("pvp2.12", new Object[] { nameIdFormat }); statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI; } - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java index f22d2d17..002a946c 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java @@ -30,7 +30,4 @@ public class NoMetadataInformationException extends Pvp2Exception { this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI; } - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java index 0ea909e2..dcbda8b5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java @@ -19,9 +19,10 @@ package at.gv.egiz.eaaf.modules.pvp2.exception; -import at.gv.egiz.eaaf.core.exceptions.EaafException; import org.opensaml.saml2.core.StatusCode; +import at.gv.egiz.eaaf.core.exceptions.EaafException; + public abstract class Pvp2Exception extends EaafException { private static final long serialVersionUID = 7669537952484421069L; @@ -38,7 +39,6 @@ public abstract class Pvp2Exception extends EaafException { this.statusMessageValue = this.getMessage(); } - public String getStatusCodeValue() { return this.statusCodeValue; } @@ -47,9 +47,4 @@ public abstract class Pvp2Exception extends EaafException { return this.statusMessageValue; } - - - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java index ab0e8871..5ed7c99d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java index 9edba3f2..9620a5ea 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java @@ -21,13 +21,12 @@ package at.gv.egiz.eaaf.modules.pvp2.exception; import org.opensaml.saml2.core.StatusCode; - public class QaaNotAllowedException extends Pvp2Exception { private static final long serialVersionUID = -3964192953884089323L; public QaaNotAllowedException(final String qaaAuth, final String qaaRequest, final String mode) { - super("pvp2.17", new Object[] {qaaAuth, qaaRequest, mode}); + super("pvp2.17", new Object[] { qaaAuth, qaaRequest, mode }); this.statusCodeValue = StatusCode.REQUESTER_URI; } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java index dc48508d..8824ca63 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java @@ -21,17 +21,13 @@ package at.gv.egiz.eaaf.modules.pvp2.exception; import org.opensaml.saml2.core.StatusCode; - public class QaaNotSupportedException extends Pvp2Exception { private static final long serialVersionUID = -3964192953884089323L; public QaaNotSupportedException(final String qaa) { - super("pvp2.05", new Object[] {qaa}); + super("pvp2.05", new Object[] { qaa }); this.statusCodeValue = StatusCode.REQUESTER_URI; } - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java index ede310f0..e27c5b1d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java @@ -34,7 +34,4 @@ public class SamlMetadataSignatureException extends Pvp2Exception { this.statusCodeValue = StatusCode.REQUESTER_URI; } - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java index 39cf148b..14ad34a5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java @@ -23,7 +23,6 @@ public class SchemaValidationException extends Pvp2Exception { private static final long serialVersionUID = 1L; - public SchemaValidationException(final String messageId, final Object[] parameters) { super(messageId, parameters); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java index 410686f6..0abfa5b2 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java @@ -38,6 +38,4 @@ public class SignatureValidationException extends FilterException { super(string, e); } - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java index 2734c859..4e642a8a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java @@ -21,23 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HttpPostEncoderWithOwnTemplate; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSignedRequestPolicyRule; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -66,6 +50,24 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HttpPostEncoderWithOwnTemplate; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSignedRequestPolicyRule; + @Service("PVPPOSTBinding") public class PostBinding implements IDecoder, IEncoder { private static final Logger log = LoggerFactory.getLogger(PostBinding.class); @@ -220,7 +222,6 @@ public class PostBinding implements IDecoder, IEncoder { } } - msg.setVerified(true); msg.setRelayState(messageContext.getRelayState()); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java index 7b8525ce..eca1a072 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java @@ -21,18 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpAuthRequestSignedRole; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -62,6 +51,19 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpAuthRequestSignedRole; + @Service("PVPRedirectBinding") public class RedirectBinding implements IDecoder, IEncoder { @@ -203,7 +205,6 @@ public class RedirectBinding implements IDecoder, IEncoder { (RequestAbstractType) messageContext.getInboundMessage(); msg = new PvpSProfileRequest(inboundMessage, getSaml2BindingName()); - } else if (messageContext.getInboundMessage() instanceof StatusResponseType) { final StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage(); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java index 2e19f259..f56078e5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java @@ -20,17 +20,10 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.binding; import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -56,6 +49,16 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; + @Service("PVPSOAPBinding") public class SoapBinding implements IDecoder, IEncoder { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java index 9765f520..8c7fa2fc 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java @@ -19,7 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeValue; import org.opensaml.xml.Configuration; @@ -29,6 +28,8 @@ import org.opensaml.xml.schema.XSString; import org.opensaml.xml.schema.impl.XSIntegerBuilder; import org.opensaml.xml.schema.impl.XSStringBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + /** * Build all attributes from PVP2 citizen-token. * @@ -71,7 +72,7 @@ public class CitizenTokenBuilder { * Build simple attribute. * * @param friendlyName attribute friendly-name - * @param value Attributevalue + * @param value Attributevalue * @return XML attribute */ public static Attribute buildStringAttribute(final String friendlyName, final String name, @@ -87,7 +88,7 @@ public class CitizenTokenBuilder { * Build simple attribute. * * @param friendlyName attribute friendly-name - * @param value Attributevalue + * @param value Attributevalue * @return XML attribute */ public static Attribute buildIntegerAttribute(final String friendlyName, final String name, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java index 73ba73c7..39d2a493 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java @@ -25,10 +25,16 @@ import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.ServiceLoader; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; @@ -36,10 +42,6 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidDateFormatException; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; public class PvpAttributeBuilder { @@ -78,7 +80,6 @@ public class PvpAttributeBuilder { } - /** * Get a specific attribute builder. * @@ -94,7 +95,7 @@ public class PvpAttributeBuilder { /** * Build an SAML2 attribute. * - * @param name attribute name + * @param name attribute name * @param value attribute value * @return SAML2 attribute */ @@ -110,14 +111,14 @@ public class PvpAttributeBuilder { /** * Build a SAML2 attribute. * - * @param name attribute name - * @param oaParam Service-Provider configuration + * @param name attribute name + * @param oaParam Service-Provider configuration * @param authData serice-provider specific authentication data * @return SAML2 attribute - * @throws Pvp2Exception In case of a general error + * @throws Pvp2Exception In case of a general error * @throws AttributeBuilderException In case of an attribute builder error */ - public static Attribute buildAttribute(final String name, final IspConfiguration oaParam, + public static Attribute buildAttribute(final String name, final ISpConfiguration oaParam, final IAuthData authData) throws Pvp2Exception, AttributeBuilderException { if (builders.containsKey(name)) { try { @@ -151,10 +152,6 @@ public class PvpAttributeBuilder { return null; } - - - - /** * Return all attributes that has a {@link PvpMetadata} annotation. * @@ -182,9 +179,9 @@ public class PvpAttributeBuilder { /** * Build a requested attribute. * - * @param name attribute name + * @param name attribute name * @param friendlyName attribute friendlyname - * @param required is attribute mandatory + * @param required is attribute mandatory * @return SAML2 requested attribute */ public static RequestedAttribute buildReqAttribute(final String name, final String friendlyName, @@ -200,13 +197,15 @@ public class PvpAttributeBuilder { /** * Build a set of PVP Response-Attributes <br> * <br> - * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but no execpetion is - * thrown. Therefore, the return List must not include all requested attributes. + * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but + * no execpetion is thrown. Therefore, the return List must not include all + * requested attributes. * - * @param authData AuthenticationData <code>IAuthData</code> which is used to build the attribute - * values, but never <code>null</code> - * @param reqAttributenName List of PVP attribute names which are requested, but never - * <code>null</code> + * @param authData AuthenticationData <code>IAuthData</code> which is + * used to build the attribute values, but never + * <code>null</code> + * @param reqAttributenName List of PVP attribute names which are requested, but + * never <code>null</code> * @return List of PVP attributes, but never <code>null</code> */ public static List<Attribute> buildSetOfResponseAttributes(final IAuthData authData, @@ -240,5 +239,4 @@ public class PvpAttributeBuilder { return attrList; } - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java index 1efa8745..b543a5dc 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java @@ -23,6 +23,7 @@ import java.io.IOException; import java.io.StringWriter; import java.util.Collection; import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -32,11 +33,7 @@ import javax.xml.transform.TransformerFactory; import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + import org.apache.commons.httpclient.auth.CredentialsNotAvailableException; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; @@ -73,6 +70,12 @@ import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; import org.w3c.dom.Document; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + /** * PVP metadata builder implementation. * @@ -98,21 +101,20 @@ public class PvpMetadataBuilder { } - /** * Build PVP 2.1 conform SAML2 metadata. * * @param config PVPMetadataBuilder configuration* * @return PVP metadata as XML String - * @throws SecurityException In case of an error - * @throws ConfigurationException In case of an error - * @throws CredentialsNotAvailableException In case of an error + * @throws SecurityException In case of an error + * @throws ConfigurationException In case of an error + * @throws CredentialsNotAvailableException In case of an error * @throws TransformerFactoryConfigurationError In case of an error - * @throws MarshallingException In case of an error - * @throws TransformerException In case of an error - * @throws ParserConfigurationException In case of an error - * @throws IOException In case of an error - * @throws SignatureException In case of an error + * @throws MarshallingException In case of an error + * @throws TransformerException In case of an error + * @throws ParserConfigurationException In case of an error + * @throws IOException In case of an error + * @throws SignatureException In case of an error */ public String buildPvpMetadata(final IPvpMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, EaafException, SecurityException, @@ -165,7 +167,6 @@ public class PvpMetadataBuilder { builder = factory.newDocumentBuilder(); final Document document = builder.newDocument(); - // build entities descriptor if (config.buildEntitiesDescriptorAsRootElement()) { final EntitiesDescriptor entitiesDescriptor = @@ -179,7 +180,6 @@ public class PvpMetadataBuilder { EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration(); entitiesDescriptor.setSignature(signature); - // marshall document final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(entitiesDescriptor); @@ -191,8 +191,6 @@ public class PvpMetadataBuilder { entityDescriptor.setSignature(signature); - - // marshall document final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(entityDescriptor); @@ -215,7 +213,6 @@ public class PvpMetadataBuilder { return sw.toString(); } - private RoleDescriptor generateSpMetadata(final IPvpMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, EaafException { final SPSSODescriptor spSsoDescriptor = Saml2Utils.createSamlObject(SPSSODescriptor.class); @@ -268,7 +265,6 @@ public class PvpMetadataBuilder { } } - // add POST-Binding assertion consumer services if (StringUtils.isNotEmpty(config.getSpAssertionConsumerServicePostBindingUrl())) { final AssertionConsumerService postassertionConsumerService = @@ -332,7 +328,6 @@ public class PvpMetadataBuilder { } - // add required attributes final Collection<RequestedAttribute> reqSpAttr = config.getSpRequiredAttributes(); final AttributeConsumingService attributeService = @@ -382,7 +377,8 @@ public class PvpMetadataBuilder { idpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - // set ass default value, because PVP 2.x specification defines this feature as MUST + // set ass default value, because PVP 2.x specification defines this feature as + // MUST idpSsoDescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned()); // add WebSSO descriptor for POST-Binding diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java index 559a3959..d697f3d4 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java @@ -19,8 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder; -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeValue; import org.opensaml.xml.Configuration; @@ -30,6 +28,9 @@ import org.opensaml.xml.schema.XSString; import org.opensaml.xml.schema.impl.XSIntegerBuilder; import org.opensaml.xml.schema.impl.XSStringBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> { private XMLObject buildAttributeStringValue(final String value) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java index d8ea35a0..25cbc6ef 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. @@ -33,7 +33,8 @@ public class EaafRequestExtensionBuilder extends AbstractSAMLObjectBuilder<Exten } @Override - public Extensions buildObject(final String namespaceUri, final String localName, final String namespacePrefix) { + public Extensions buildObject(final String namespaceUri, final String localName, + final String namespacePrefix) { return new EaafExtensionImplementation(namespaceUri, localName, namespacePrefix); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java index 4f91f267..81d8d192 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java @@ -19,9 +19,10 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr; +import org.opensaml.common.impl.AbstractSAMLObjectBuilder; + import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; import at.gv.egiz.eaaf.modules.pvp2.impl.reqattr.EaafRequestedAttributeImpl; -import org.opensaml.common.impl.AbstractSAMLObjectBuilder; public class EaafRequestedAttributeBuilder extends AbstractSAMLObjectBuilder<EaafRequestedAttribute> { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java index a370818e..749310f2 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java @@ -20,8 +20,9 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr; import java.util.Map.Entry; + import javax.xml.namespace.QName; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + import org.opensaml.common.impl.AbstractSAMLObjectMarshaller; import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.MarshallingException; @@ -29,6 +30,8 @@ import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Attr; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + public class EaafRequestedAttributeMarshaller extends AbstractSAMLObjectMarshaller { @Override protected final void marshallAttributes(final XMLObject samlElement, final Element domElement) diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java index 25baed16..35532e77 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java index 1f68747f..db08f87f 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java index 2fff64b3..8aa70e5a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java index b2cf7a82..f616bbb0 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java @@ -19,12 +19,13 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller; import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.UnmarshallingException; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; + public class EaafRequestedAttributesUnmarshaller extends AbstractSAMLObjectUnmarshaller { @Override protected final void processChildElement(final XMLObject parentObject, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java index c21524dd..cd22bba7 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java @@ -25,10 +25,6 @@ import java.io.Serializable; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.slf4j.Logger; @@ -36,6 +32,11 @@ import org.slf4j.LoggerFactory; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; + public class InboundMessage implements InboundMessageInterface, Serializable { private static final Logger log = LoggerFactory.getLogger(InboundMessage.class); @@ -100,18 +101,19 @@ public class InboundMessage implements InboundMessageInterface, Serializable { public void setSamlMessage(final Element msg) { this.samlMessage = msg; try { - this.serializedSamlMessage = DomUtils.serializeNode(msg); - - } catch (TransformerException | IOException e) { - log.warn("Can not serialize message",e ); - - } + this.serializedSamlMessage = DomUtils.serializeNode(msg); + + } catch (TransformerException | IOException e) { + log.warn("Can not serialize message", e); + + } } /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage# + * getRelayState() */ @Override public String getRelayState() { @@ -121,7 +123,8 @@ public class InboundMessage implements InboundMessageInterface, Serializable { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage# + * getEntityID() */ @Override public String getEntityID() { @@ -131,7 +134,8 @@ public class InboundMessage implements InboundMessageInterface, Serializable { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage# + * isVerified() */ @Override public boolean isVerified() { @@ -141,24 +145,25 @@ public class InboundMessage implements InboundMessageInterface, Serializable { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage# + * getInboundMessage() */ @Override public Element getInboundMessage() { - if (this.samlMessage != null) { - return samlMessage; - - } else { - try { - return (Element) DomUtils.parseDocument(serializedSamlMessage, false, null, null); - - } catch (SAXException | IOException | ParserConfigurationException e) { - throw new RuntimeException(e); - - } - - } - + if (this.samlMessage != null) { + return samlMessage; + + } else { + try { + return (Element) DomUtils.parseDocument(serializedSamlMessage, false, null, null); + + } catch (SAXException | IOException | ParserConfigurationException e) { + throw new RuntimeException(e); + + } + + } + } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java index dce2dd04..8a2cce3e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java @@ -19,7 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.message; - import org.opensaml.xml.io.Unmarshaller; import org.opensaml.xml.io.UnmarshallerFactory; import org.opensaml.xml.io.UnmarshallingException; @@ -38,7 +37,7 @@ public class PvpSProfileRequest extends InboundMessage { * PVP2 S-Profil request DAO. * * @param inboundMessage SAML2 request object - * @param binding Used SAML2 binding + * @param binding Used SAML2 binding */ public PvpSProfileRequest(final SignableXMLObject inboundMessage, final String binding) { setSamlMessage(inboundMessage.getDOM()); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java index 8a6105bc..4a9bb89a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java @@ -28,12 +28,9 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Timer; + import javax.xml.namespace.QName; -import at.gv.egiz.components.spring.api.IDestroyableObject; -import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + import org.apache.commons.lang3.StringUtils; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; @@ -48,6 +45,12 @@ import org.opensaml.xml.XMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.components.spring.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + public abstract class AbstractChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing, IRefreshableMetadataProvider, IDestroyableObject, IPvpMetadataProvider { @@ -58,7 +61,6 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro private static Object mutex = new Object(); private Timer timer = null; - public AbstractChainingMetadataProvider() { internalProvider = new ChainingMetadataProvider(); @@ -72,12 +74,16 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector() + * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing# + * runGarbageCollector() */ @Override public void runGarbageCollector() { synchronized (mutex) { - /* add new Metadataprovider or remove Metadataprovider which are not in use any more. */ + /* + * add new Metadataprovider or remove Metadataprovider which are not in use any + * more. + */ try { log.trace("Check consistence of PVP2X metadata"); addAndRemoveMetadataProvider(); @@ -110,7 +116,6 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro } - // reload metadata provider final String metadataUrl = getMetadataUrl(entityID); if (StringUtils.isNotEmpty(metadataUrl)) { @@ -195,12 +200,11 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro } } - /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#requireValidMetadata() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * requireValidMetadata() */ @Override public boolean requireValidMetadata() { @@ -210,9 +214,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setRequireValidMetadata - * (boolean) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * setRequireValidMetadata (boolean) */ @Override public void setRequireValidMetadata(final boolean requireValidMetadata) { @@ -222,8 +225,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadataFilter() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getMetadataFilter() */ @Override public MetadataFilter getMetadataFilter() { @@ -233,9 +236,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setMetadataFilter(org. - * opensaml.saml2.metadata.provider.MetadataFilter) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * setMetadataFilter(org. opensaml.saml2.metadata.provider.MetadataFilter) */ @Override public void setMetadataFilter(final MetadataFilter newFilter) throws MetadataProviderException { @@ -245,7 +247,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadata() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getMetadata() */ @Override public XMLObject getMetadata() throws MetadataProviderException { @@ -255,9 +258,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntitiesDescriptor( - * java.lang.String) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getEntitiesDescriptor( java.lang.String) */ @Override public EntitiesDescriptor getEntitiesDescriptor(final String entitiesID) @@ -290,9 +292,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntityDescriptor( - * java.lang.String) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getEntityDescriptor( java.lang.String) */ @Override public EntityDescriptor getEntityDescriptor(final String entityID) @@ -327,8 +328,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang. - * String, javax.xml.namespace.QName) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getRole(java.lang. String, javax.xml.namespace.QName) */ @Override public List<RoleDescriptor> getRole(final String entityID, final QName roleName) @@ -344,8 +345,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang. - * String, javax.xml.namespace.QName, java.lang.String) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getRole(java.lang. String, javax.xml.namespace.QName, java.lang.String) */ @Override public RoleDescriptor getRole(final String entityID, final QName roleName, @@ -361,14 +362,15 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers() + * @see + * org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers( + * ) */ @Override public List<Observer> getObservers() { return ((ChainingMetadataProvider) internalProvider).getObservers(); } - /** * Get the URL to metadata for a specific entityID. * @@ -384,9 +386,9 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro * @param entityId EntityId * @return MetadataProvider * @throws EaafConfigurationException In case of an error - * @throws IOException In case of an error - * @throws CertificateException In case of an error - * @throws ConfigurationException In case of an error + * @throws IOException In case of an error + * @throws CertificateException In case of an error + * @throws ConfigurationException In case of an error */ protected abstract MetadataProvider createNewMetadataProvider(String entityId) throws EaafConfigurationException, IOException, CertificateException; @@ -399,7 +401,6 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro protected abstract List<String> getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException; - protected void emitChangeEvent() { if (getObservers() == null || getObservers().size() == 0) { return; @@ -447,9 +448,10 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro final Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders(); /* - * TODO: maybe add metadata provider destroy after timeout. But could be a problem if one - * Metadataprovider load an EntitiesDescriptor with more the multiple EntityDescriptors. If - * one of this EntityDesciptors are expired the full EntitiesDescriptor is removed. + * TODO: maybe add metadata provider destroy after timeout. But could be a + * problem if one Metadataprovider load an EntitiesDescriptor with more the + * multiple EntityDescriptors. If one of this EntityDesciptors are expired the + * full EntitiesDescriptor is removed. * * Timeout requires a better solution in this case! */ @@ -464,7 +466,7 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro final String metadataurl = metadataUrlInterator.next(); try { if (StringUtils.isNotEmpty(metadataurl) - && loadedproviders.containsKey(metadataurl)) { + && loadedproviders.containsKey(metadataurl)) { // SAML2 SP is actually loaded, to nothing providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); loadedproviders.remove(metadataurl); @@ -477,7 +479,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro } } - // remove all actually loaded MetadataProviders with are not in ConfigurationDB any more + // remove all actually loaded MetadataProviders with are not in ConfigurationDB + // any more final Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values(); for (final HTTPMetadataProvider provider : notusedproviders) { final String metadataurl = provider.getMetadataURI(); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java index 04c1dcb8..ebc057df 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java @@ -21,13 +21,13 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.metadata; import java.util.ArrayList; import java.util.List; + import org.opensaml.saml2.metadata.provider.FilterException; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; - /** * Metadata filter-chain implementation. * @@ -37,7 +37,6 @@ import org.slf4j.LoggerFactory; public class MetadataFilterChain implements MetadataFilter { private static final Logger log = LoggerFactory.getLogger(MetadataFilterChain.class); - private final List<MetadataFilter> filters = new ArrayList<>(); /** @@ -58,11 +57,12 @@ public class MetadataFilterChain implements MetadataFilter { filters.add(filter); } - /* * (non-Javadoc) * - * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + * @see + * org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml + * .XMLObject) */ @Override public void doFilter(final XMLObject arg0) throws FilterException { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java index 67dd1d35..d63950cb 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java @@ -22,11 +22,9 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.metadata; import java.io.File; import java.net.MalformedURLException; import java.util.Timer; + import javax.net.ssl.SSLHandshakeException; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; + import org.apache.commons.httpclient.HttpClient; import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; @@ -37,6 +35,11 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; + /** * Simple SAML2 metadata provider. * @@ -50,23 +53,26 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { private static final String URI_PREFIX_HTTPS = "https:"; private static final String URI_PREFIX_FILE = "file:"; - @Autowired protected IConfiguration authConfig; - /** * Create a single SAML2 metadata provider. * - * @param metadataLocation where the metadata should be loaded, but never null. If the location - * starts with http(s):, than a http based metadata provider is used. If the location - * starts with file:, than a filesystem based metadata provider is used - * @param filter Filters, which should be used to validate the metadata - * @param idForLogging Id, which is used for Logging - * @param timer {@link Timer} which is used to schedule metadata refresh operations - * @param httpClient Apache commons 3.x http client + * @param metadataLocation where the metadata should be loaded, but never null. + * If the location starts with http(s):, than a http + * based metadata provider is used. If the location + * starts with file:, than a filesystem based metadata + * provider is used + * @param filter Filters, which should be used to validate the + * metadata + * @param idForLogging Id, which is used for Logging + * @param timer {@link Timer} which is used to schedule metadata + * refresh operations + * @param httpClient Apache commons 3.x http client * - * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized + * @return SAML2 Metadata Provider, or null if the metadata provider can not + * initialized */ protected MetadataProvider createNewSimpleMetadataProvider(final String metadataLocation, final MetadataFilter filter, final String idForLogging, final Timer timer, @@ -100,7 +106,6 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { } - } catch (final MalformedURLException e) { log.warn("SAML2 metadata URL is invalid: " + metadataLocation, e); @@ -113,14 +118,14 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { } - /** * Create a single SAML2 filesystem based metadata provider. * * @param metadataFile File, where the metadata should be loaded - * @param filter Filters, which should be used to validate the metadata + * @param filter Filters, which should be used to validate the metadata * @param idForLogging Id, which is used for Logging - * @param timer {@link Timer} which is used to schedule metadata refresh operations + * @param timer {@link Timer} which is used to schedule metadata refresh + * operations * @param pool * * @return SAML2 Metadata Provider @@ -148,7 +153,6 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { log.warn("Failed to load Metadata file for " + idForLogging + "[ " + "File: " + metadataFile.getAbsolutePath() + " Msg: " + e.getMessage() + " ]", e); - log.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath() + " Reason: " + e.getMessage(), e); @@ -162,15 +166,14 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { } - - /** * Create a single SAML2 HTTP metadata provider. * - * @param metadataUrl URL, where the metadata should be loaded - * @param filter Filters, which should be used to validate the metadata + * @param metadataUrl URL, where the metadata should be loaded + * @param filter Filters, which should be used to validate the metadata * @param idForLogging Id, which is used for Logging - * @param timer {@link Timer} which is used to schedule metadata refresh operations + * @param timer {@link Timer} which is used to schedule metadata refresh + * operations * @param pool * * @return SAML2 Metadata Provider @@ -220,7 +223,6 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { // timer.cancel(); // } - } return null; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java index a6d2508d..92d8f4b9 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java @@ -20,8 +20,8 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; import java.security.KeyStore; -import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.security.x509.X509Credential; /** * OpenSAML2 KeyStore adapter. @@ -35,8 +35,8 @@ public class EaafKeyStoreX509CredentialAdapter /** * Get an OpenSAML2 keystore. * - * @param store Java KeyStore - * @param alias Key alias + * @param store Java KeyStore + * @param alias Key alias * @param password key Password */ public EaafKeyStoreX509CredentialAdapter(final KeyStore store, final String alias, @@ -49,5 +49,4 @@ public class EaafKeyStoreX509CredentialAdapter return X509Credential.class; } - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java index 957def02..404b4e8e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java @@ -25,8 +25,7 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStreamWriter; import java.io.Writer; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder; + import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.opensaml.common.binding.SAMLMessageContext; @@ -37,6 +36,9 @@ import org.opensaml.ws.transport.http.HTTPTransportUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder; + /** * OpenSAML2 Post-Binding encoder that uses dynamic loaded templates. * @@ -46,7 +48,6 @@ import org.slf4j.LoggerFactory; public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder { private static final Logger log = LoggerFactory.getLogger(HttpPostEncoderWithOwnTemplate.class); - private final VelocityEngine velocityEngine; private final IVelocityGuiBuilderConfiguration guiConfig; private final IVelocityGuiFormBuilder guiBuilder; @@ -54,9 +55,9 @@ public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder { /** * Own Post-Binding encoder. * - * @param guiConfig GUI configuration + * @param guiConfig GUI configuration * @param guiBuilder GUI builder implementation - * @param engine velocity engine + * @param engine velocity engine */ public HttpPostEncoderWithOwnTemplate(final IVelocityGuiBuilderConfiguration guiConfig, final IVelocityGuiFormBuilder guiBuilder, final VelocityEngine engine) { @@ -68,12 +69,14 @@ public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder { } /** - * Base64 and POST encodes the outbound message and writes it to the outbound transport. + * Base64 and POST encodes the outbound message and writes it to the outbound + * transport. * * @param messageContext current message context - * @param endpointUrl endpoint URL to which to encode message + * @param endpointUrl endpoint URL to which to encode message * - * @throws MessageEncodingException thrown if there is a problem encoding the message + * @throws MessageEncodingException thrown if there is a problem encoding the + * message */ @Override protected void postEncode(final SAMLMessageContext messageContext, final String endpointUrl) diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java index 2def1446..8838daec 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java @@ -19,7 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; import org.opensaml.ws.message.MessageContext; @@ -27,6 +26,8 @@ import org.opensaml.ws.message.encoder.MessageEncodingException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; + /** * Create deflate encoded SAML2 redirect-binding informations. * @@ -71,5 +72,4 @@ public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder { return redirectUrl; } - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java index 9db8e5e7..9625b591 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java @@ -19,6 +19,9 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize; +import org.opensaml.DefaultBootstrap; +import org.opensaml.xml.ConfigurationException; + import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributeBuilder; @@ -27,8 +30,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributeU import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesBuilder; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesMarshaller; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesUnmarshaller; -import org.opensaml.DefaultBootstrap; -import org.opensaml.xml.ConfigurationException; /** * EAAF specific OpenSAML Initializer. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java index a1a7e9d2..f3e50e4e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java @@ -84,7 +84,6 @@ public class EaafDefaultSecurityConfigurationBootstrap // use SHA256 instead of SHA1 config.registerSignatureAlgorithmURI("AES", SignatureConstants.ALGO_ID_MAC_HMAC_SHA256); - config.registerSignatureAlgorithmURI("DESede", SignatureConstants.ALGO_ID_MAC_HMAC_SHA256); config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#"); @@ -112,7 +111,6 @@ public class EaafDefaultSecurityConfigurationBootstrap config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM); - config.registerDataEncryptionAlgorithmURI("DESede", Integer.valueOf(168), "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"); config.registerDataEncryptionAlgorithmURI("DESede", Integer.valueOf(192), diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java index 1ceb5adc..e91ee19c 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java @@ -22,13 +22,15 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr; import java.util.ArrayList; import java.util.Collections; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + import org.opensaml.common.impl.AbstractSAMLObject; import org.opensaml.xml.XMLObject; import org.opensaml.xml.schema.XSBooleanValue; import org.opensaml.xml.util.AttributeMap; import org.opensaml.xml.util.XMLObjectChildrenList; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + public class EaafRequestedAttributeImpl extends AbstractSAMLObject implements EaafRequestedAttribute { @@ -42,9 +44,9 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject /** * Build an EAAF specific requested attribute. * - * @param namespaceUri Attribute namespace + * @param namespaceUri Attribute namespace * @param elementLocalName Attribute name - * @param namespacePrefix Attribute namespace prefix + * @param namespacePrefix Attribute namespace prefix */ public EaafRequestedAttributeImpl(final String namespaceUri, final String elementLocalName, final String namespacePrefix) { @@ -86,19 +88,16 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject return Collections.unmodifiableList(children); } - @Override public final AttributeMap getUnknownAttributes() { return unknownAttributes; } - @Override public final void setFriendlyName(final String newFriendlyName) { this.friendlyName = prepareForAssignment(this.friendlyName, newFriendlyName); } - @Override public void setIsRequired(final Boolean aboolean) { this.isRequired = String.valueOf(aboolean); @@ -115,19 +114,16 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject } - @Override public final void setName(final String newName) { this.name = prepareForAssignment(this.name, newName); } - @Override public final void setNameFormat(final String newNameFormat) { this.nameFormat = prepareForAssignment(this.nameFormat, newNameFormat); } - public final void setUnknownAttributes(final AttributeMap newUnknownAttr) { this.unknownAttributes = newUnknownAttr; } @@ -137,10 +133,6 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject return XSBooleanValue.valueOf(isRequired); } - - - - @Override public Boolean isRequired() { return Boolean.parseBoolean(isRequired); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java index 3b447538..eefc166b 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java @@ -22,12 +22,14 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr; import java.util.ArrayList; import java.util.Collections; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; + import org.opensaml.common.impl.AbstractSAMLObject; import org.opensaml.xml.XMLObject; import org.opensaml.xml.util.IndexedXMLObjectChildrenList; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; + public class EaafRequestedAttributesImpl extends AbstractSAMLObject implements EaafRequestedAttributes { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index ec4009f0..5c9bb6be 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -23,10 +23,7 @@ import java.security.KeyStore; import java.security.PrivateKey; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.RSAPrivateKey; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; + import org.apache.commons.lang3.StringUtils; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; @@ -36,6 +33,11 @@ import org.opensaml.xml.signature.SignatureConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; + public abstract class AbstractCredentialProvider { private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class); @@ -43,7 +45,8 @@ public abstract class AbstractCredentialProvider { private KeyStore keyStore = null; /** - * Get a friendlyName for this keyStore implementation This friendlyName is used for logging. + * Get a friendlyName for this keyStore implementation This friendlyName is used + * for logging. * * @return keyStore friendlyName */ @@ -106,7 +109,6 @@ public abstract class AbstractCredentialProvider { */ public abstract String getEncryptionKeyPassword(); - /** * Get Credentials to sign metadata. * @@ -128,15 +130,15 @@ public abstract class AbstractCredentialProvider { log.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey."); throw new CredentialsNotAvailableException("config.27", - new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: " - + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."}); + new Object[] { getFriendlyName() + " Assertion Signing credentials (Alias: " + + getMetadataKeyAlias() + ") is not found or contains no PrivateKey." }); } return credentials; } catch (final Exception e) { log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e); + throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -160,8 +162,8 @@ public abstract class AbstractCredentialProvider { log.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey."); throw new CredentialsNotAvailableException("config.27", - new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: " - + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."}); + new Object[] { getFriendlyName() + " Assertion Signing credentials (Alias: " + + getSignatureKeyAlias() + ") is not found or contains no PrivateKey." }); } @@ -169,7 +171,7 @@ public abstract class AbstractCredentialProvider { } catch (final Exception e) { log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e); + throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -200,8 +202,8 @@ public abstract class AbstractCredentialProvider { log.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey."); throw new CredentialsNotAvailableException("config.27", - new Object[] {getFriendlyName() + " Assertion Encryption credentials (Alias: " - + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."}); + new Object[] { getFriendlyName() + " Assertion Encryption credentials (Alias: " + + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey." }); } @@ -210,7 +212,7 @@ public abstract class AbstractCredentialProvider { } catch (final Exception e) { log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e); + throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -234,7 +236,6 @@ public abstract class AbstractCredentialProvider { log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential."); - } signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java index 876fa744..31ffd5a7 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java @@ -20,14 +20,17 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; import java.util.List; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; -import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException; + import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException; + /** - * EAAF LoA Level verifier checks if requested LoA matchs to LoA of authentication. + * EAAF LoA Level verifier checks if requested LoA matchs to LoA of + * authentication. * * * @author tlenz @@ -40,23 +43,23 @@ public class QaaLevelVerifier { private static boolean verifyQaaLevel(final String qaaAuth, final String requiredLoA, final String matchingMode) throws QaaNotAllowedException { // to MINIMUM machting - if (EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) { + if (EaafConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) { log.trace("Perfom LoA matching in 'MINIMUM' mode ... "); - if (EAAFConstants.EIDAS_LOA_LOW.equals(requiredLoA) - && (EAAFConstants.EIDAS_LOA_LOW.equals(qaaAuth) - || EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) - || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { + if (EaafConstants.EIDAS_LOA_LOW.equals(requiredLoA) + && (EaafConstants.EIDAS_LOA_LOW.equals(qaaAuth) + || EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) + || EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { return true; - } else if (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA) - && (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) - || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { + } else if (EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA) + && (EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) + || EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { return true; - } else if (EAAFConstants.EIDAS_LOA_HIGH.equals(requiredLoA) - && EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) { + } else if (EaafConstants.EIDAS_LOA_HIGH.equals(requiredLoA) + && EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) { return true; } - } else if (EAAFConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) { + } else if (EaafConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) { // to EXACT matching log.trace("Perfom LoA matching in 'EXACT' mode ... "); if (qaaAuth.equals(requiredLoA)) { @@ -78,7 +81,7 @@ public class QaaLevelVerifier { /** * Check LoA level. * - * @param qaaAuth LoA of authentication + * @param qaaAuth LoA of authentication * @param requiredLoAs List of allowed LoA levels * @param matchingMode LoA matching mode * @throws QaaNotAllowedException If LoA does not match diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java index 8bcc3e74..1a282b55 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java @@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; import java.io.IOException; import java.util.List; + import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -29,9 +30,7 @@ import javax.xml.transform.TransformerException; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.core.Attribute; @@ -51,6 +50,10 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Document; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + public class Saml2Utils { private static final Logger log = LoggerFactory.getLogger(Saml2Utils.class); @@ -66,13 +69,13 @@ public class Saml2Utils { } catch (final ParserConfigurationException e) { // TODO Auto-generated catch block e.printStackTrace(); - } + } } /** * Create a SAML2 object. * - * @param <T> SAML2 object class + * @param <T> SAML2 object class * @param clazz object class * @return SAML2 object */ @@ -103,14 +106,13 @@ public class Saml2Utils { } - /** * Transform SAML2 Object to Element. * * @param object SAML2 object * @return Element - * @throws IOException In case of an transformation error - * @throws MarshallingException In case of an transformation error + * @throws IOException In case of an transformation error + * @throws MarshallingException In case of an transformation error * @throws TransformerException In case of an transformation error */ public static Document asDomDocument(final XMLObject object) @@ -178,9 +180,9 @@ public class Saml2Utils { /** * Generate EAAF specific requested attribute. * - * @param attr SAML2 attribute definition + * @param attr SAML2 attribute definition * @param isRequired is-mandatory flag - * @param value Attribute value + * @param value Attribute value * @return */ public static EaafRequestedAttribute generateReqAuthnAttributeSimple(final Attribute attr, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java index fcee2382..ca37d6e5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java @@ -23,7 +23,6 @@ import org.opensaml.common.binding.decoding.URIComparator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; - public class EaafUriCompare implements URIComparator { private static final Logger log = LoggerFactory.getLogger(EaafUriCompare.class); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java index d8ae95a0..6497ce06 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java @@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation; import java.util.ArrayList; import java.util.List; + import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.security.MetadataCredentialResolver; import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java index 40cbdeb0..d1eb66a3 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java @@ -22,9 +22,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; + import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.MetadataFilter; @@ -32,6 +30,10 @@ import org.opensaml.xml.XMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; + public abstract class AbstractMetadataSignatureFilter implements MetadataFilter { private static final Logger log = LoggerFactory.getLogger(AbstractMetadataSignatureFilter.class); @@ -42,28 +44,24 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter final EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; if (entitiesDescriptor.getSignature() == null) { throw new Pvp2MetadataException("pvp2.26", - new Object[] {"Root element of metadata file has to be signed"}); + new Object[] { "Root element of metadata file has to be signed" }); } processEntitiesDescriptor(entitiesDescriptor); - if (entitiesDescriptor.getEntityDescriptors().size() == 0) { throw new Pvp2MetadataException("pvp2.26", - new Object[] {"No valid entity in metadata " + entitiesDescriptor.getName()}); + new Object[] { "No valid entity in metadata " + entitiesDescriptor.getName() }); } - } else if (metadata instanceof EntityDescriptor) { final EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; processEntityDescriptorr(entityDescriptor); } else { throw new Pvp2MetadataException("pvp2.26", - new Object[] {"Invalid Metadata file Root element is unknown"}); + new Object[] { "Invalid Metadata file Root element is unknown" }); } - - log.info("Metadata signature policy check done OK"); } catch (final EaafException e) { log.warn("Metadata signature policy check FAILED.", e); @@ -76,7 +74,8 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter * Signature verification of a SAML2 EntityDescriptor element. * * @param desc EntityDescriptor - * @throws Pvp2MetadataException if the signature is not valid or can not verified + * @throws Pvp2MetadataException if the signature is not valid or can not + * verified */ protected abstract void verify(EntityDescriptor desc) throws Pvp2MetadataException; @@ -84,7 +83,8 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter * Signature verification of a SAML2 EntitiesDescriptor element. * * @param desc EntitiesDescriptor - * @throws Pvp2MetadataException if the signature is not valid or can not verified + * @throws Pvp2MetadataException if the signature is not valid or can not + * verified */ protected abstract void verify(EntitiesDescriptor desc) throws Pvp2MetadataException; @@ -92,13 +92,12 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter * Verify a EntityDescriptor element of an EntitiesDescriptor. * * @param entity EntityDescriptor to verify - * @param desc Full EntitiesDescriptor that contains the EntityDescriptor + * @param desc Full EntitiesDescriptor that contains the EntityDescriptor * @throws Pvp2MetadataException In case of an verification error */ protected abstract void verify(EntityDescriptor entity, EntitiesDescriptor desc) throws Pvp2MetadataException; - private void processEntityDescriptorr(final EntityDescriptor desc) throws EaafException { verify(desc); @@ -130,7 +129,6 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter verifiedEntIT.add(entity); log.debug("Metadata for entityID: " + entity.getEntityID() + " valid"); - } catch (final Exception e) { // remove entity of signature can not be verified. log.info("Entity " + entity.getEntityID() + " is removed from metadata " + desc.getName() diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java index 2d81b1f8..797335d8 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java @@ -21,11 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; import java.util.ArrayList; import java.util.List; -import at.gv.egiz.eaaf.core.impl.data.Trible; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.common.Extensions; import org.opensaml.saml2.core.Attribute; @@ -43,8 +39,15 @@ import org.opensaml.xml.XMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + /** - * Metadata filter that inject requested attributes based on Metadata EntityCategories. + * Metadata filter that inject requested attributes based on Metadata + * EntityCategories. * * @author tlenz * @@ -57,18 +60,20 @@ public class PvpEntityCategoryFilter implements MetadataFilter { /** * Filter to map PVP EntityCategories into a set of single PVP attributes. * - * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored + * @param isUsed if true PVP EntityCategories are mapped, otherwise they are + * ignored * */ public PvpEntityCategoryFilter(final boolean isUsed) { this.isUsed = isUsed; } - /* * (non-Javadoc) * - * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + * @see + * org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml + * .XMLObject) */ @Override public void doFilter(final XMLObject metadata) throws FilterException { @@ -91,14 +96,11 @@ public class PvpEntityCategoryFilter implements MetadataFilter { log.trace("Find EntityDescriptor"); resolveEntityCategoriesToAttributes((EntityDescriptor) metadata); - } else { throw new Pvp2MetadataException("pvp2.26", new Object[] { - "Invalid Metadata file Root element is no Entities- or EntityDescriptor"}); + "Invalid Metadata file Root element is no Entities- or EntityDescriptor" }); } - - } catch (final Exception e) { log.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e); @@ -136,7 +138,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter { buildAttributeList(PvpConstants.EGOVTOKEN_PVP_ATTRIBUTES), entityAttrValue); - } else if (PvpConstants.CITIZENTOKEN.equals(entityAttrValue)) { log.debug( "Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... "); @@ -176,7 +177,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter { } - private void addAttributesToEntityDescriptor(final EntityDescriptor metadata, final List<RequestedAttribute> attrList, final String entityAttr) { final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -212,7 +212,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter { currentlyReqAttr.add(reqAttr.getName()); } - // check against EntityAttribute List for (final RequestedAttribute entityAttrListEl : attrList) { if (!currentlyReqAttr.contains(entityAttrListEl.getName())) { @@ -245,7 +244,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter { return requestedAttributes; - } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java index 3ff78ca8..6dcc3234 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java @@ -22,7 +22,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.metadata.provider.FilterException; import org.opensaml.saml2.metadata.provider.MetadataFilter; @@ -31,6 +31,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + public class SchemaValidationFilter implements MetadataFilter { private static final Logger log = LoggerFactory.getLogger(SchemaValidationFilter.class); private boolean isActive = true; @@ -43,11 +45,12 @@ public class SchemaValidationFilter implements MetadataFilter { this.isActive = useSchemaValidation; } - /* * (non-Javadoc) * - * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + * @see + * org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml + * .XMLObject) */ @Override public void doFilter(final XMLObject arg0) throws FilterException { @@ -84,7 +87,7 @@ public class SchemaValidationFilter implements MetadataFilter { } throw new FilterException(new SchemaValidationException("pvp2.26", - new Object[] {"Metadata Schema validation FAILED with message: " + errString})); + new Object[] { "Metadata Schema validation FAILED with message: " + errString })); } else { log.info("Metadata Schema validation check is DEACTIVATED!"); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java index fc1b6ea8..6d78b775 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java @@ -23,7 +23,7 @@ import javax.xml.namespace.QName; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.SignableSAMLObject; import org.opensaml.common.xml.SAMLConstants; @@ -45,6 +45,8 @@ import org.slf4j.LoggerFactory; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + /** * Signature Policy for SAML2 redirect-binding. * @@ -56,7 +58,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit private static final Logger log = LoggerFactory.getLogger(AbstractRequestSignedSecurityPolicyRule.class); - private SignatureTrustEngine trustEngine = null; private QName peerEntityRole = null; @@ -73,7 +74,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - /** * Reload the PVP metadata for a given entity. * @@ -82,14 +82,14 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit */ protected abstract boolean refreshMetadataProvider(String entityID); - protected abstract SignableSAMLObject getSignedSamlObject(XMLObject inboundData); /* * (non-Javadoc) * * @see - * org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext) + * org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message. + * MessageContext) */ @Override public void evaluate(final MessageContext context) throws SecurityPolicyException { @@ -114,7 +114,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - } private void verifySignature(final MessageContext context) throws SecurityPolicyException { @@ -136,8 +135,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - - final CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIDCriteria(context.getInboundMessageIssuer())); criteriaSet.add(new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS)); @@ -191,7 +188,7 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - throw new SchemaValidationException("pvp2.22", new Object[] {err}); + throw new SchemaValidationException("pvp2.22", new Object[] { err }); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java index 8f042ae2..42d7d6a1 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java @@ -20,6 +20,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.verification; import java.util.List; + import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; import org.opensaml.ws.transport.http.HTTPInTransport; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java index 0d108596..c7a43b0b 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java @@ -20,12 +20,14 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.verification; import javax.xml.namespace.QName; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + import org.opensaml.common.SignableSAMLObject; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.xml.XMLObject; import org.opensaml.xml.signature.SignatureTrustEngine; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPolicyRule { private IRefreshableMetadataProvider metadataProvider = null; @@ -34,8 +36,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol * EAAF specific signature rule for OpenSAML2 redirect-binding. * * @param metadataProvider SAML2 metadata provider - * @param trustEngine SAML2 TrustEngine - * @param peerEntityRole Role of the Entity + * @param trustEngine SAML2 TrustEngine + * @param peerEntityRole Role of the Entity */ public PvpSignedRequestPolicyRule(final MetadataProvider metadataProvider, final SignatureTrustEngine trustEngine, final QName peerEntityRole) { @@ -49,8 +51,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule# + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation. + * AbstractRequestSignedSecurityPolicyRule# * refreshMetadataProvider(java.lang.String) */ @Override @@ -66,8 +68,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule# + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation. + * AbstractRequestSignedSecurityPolicyRule# * getSignedSAMLObject(org.opensaml.xml.XMLObject) */ @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java index 024c35d8..df91ce53 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java @@ -24,14 +24,6 @@ import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; -import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; import org.apache.commons.lang3.StringUtils; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.common.xml.SAMLSchemaBuilder; @@ -54,20 +46,29 @@ import org.springframework.stereotype.Service; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; + @Service("SAMLVerificationEngine") public class SamlVerificationEngine { private static final Logger log = LoggerFactory.getLogger(SamlVerificationEngine.class); - @Autowired(required = true) IPvpMetadataProvider metadataProvider; /** * Verify signature of a signed SAML2 object. * - * @param msg SAML2 message + * @param msg SAML2 message * @param sigTrustEngine TrustEngine - * @throws org.opensaml.xml.security.SecurityException In case of invalid signature + * @throws org.opensaml.xml.security.SecurityException In case of + * invalid signature * @throws Exception In case of a general error */ public void verify(final InboundMessage msg, final SignatureTrustEngine sigTrustEngine) @@ -77,13 +78,13 @@ public class SamlVerificationEngine { && ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) { verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(), sigTrustEngine); - } else if (msg instanceof PvpSProfileResponse){ + } else if (msg instanceof PvpSProfileResponse) { verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine); - + } else { - log.warn("SAML2 message type: {} not supported", msg.getClass().getName()); - throw new EaafProtocolException("9999", null); - + log.warn("SAML2 message type: {} not supported", msg.getClass().getName()); + throw new EaafProtocolException("9999", null); + } } catch (final InvalidProtocolRequestException e) { @@ -139,7 +140,7 @@ public class SamlVerificationEngine { throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } catch (final SchemaValidationException e) { - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() }); } @@ -170,7 +171,7 @@ public class SamlVerificationEngine { throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } catch (final SchemaValidationException e) { - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() }); } @@ -218,7 +219,7 @@ public class SamlVerificationEngine { } - throw new SchemaValidationException("pvp2.22", new Object[] {err}); + throw new SchemaValidationException("pvp2.22", new Object[] { err }); } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java index e1c21ae7..fd04e38f 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java @@ -20,7 +20,7 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.api.builder; import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; @@ -34,6 +34,6 @@ public interface ISubjectNameIdGenerator { * @return Pair of subjectNameId and NameIdFormat * @throws Pvp2Exception In case of an error */ - Pair<String, String> generateSubjectNameId(IAuthData authData, IspConfiguration spConfig) + Pair<String, String> generateSubjectNameId(IAuthData authData, ISpConfiguration spConfig) throws Pvp2Exception; } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index 8c74c3fb..7ff2fe6a 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -25,7 +25,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; @@ -459,7 +459,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement } - if (authnRequest.getIssueInstant().minusMinutes(EAAFConstants.ALLOWED_TIME_JITTER) + if (authnRequest.getIssueInstant().minusMinutes(EaafConstants.ALLOWED_TIME_JITTER) .isAfterNow()) { log.warn("Unsupported request: No IssueInstant DateTime is not valid anymore."); throw new AuthnRequestValidatorException("pvp2.22", diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index 9378b579..189e6128 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -29,7 +29,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; +import at.gv.egiz.eaaf.core.impl.data.SloInformationImpl; import at.gv.egiz.eaaf.modules.pvp2.api.IPvo2BasicConfiguration; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; @@ -106,7 +106,7 @@ public class AuthenticationAction implements IAction { consumerService.setLocation(pvpRequest.getConsumerUrl()); final DateTime date = new DateTime(); - final SLOInformationImpl sloInformation = new SLOInformationImpl(); + final SloInformationImpl sloInformation = new SloInformationImpl(); final String issuerEntityID = pvpBasicConfiguration.getIdpEntityId(pvpRequest.getAuthUrl()); // build Assertion diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java index 79de4567..f57f9db0 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java @@ -23,10 +23,10 @@ import java.security.MessageDigest; import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egiz.eaaf.core.impl.data.Pair; @@ -138,7 +138,7 @@ public class Pvp2AssertionBuilder implements PvpConstants { final AssertionConsumerService assertionConsumerService, final SloInformationInterface sloInformation) throws Pvp2Exception { - final IspConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); + final ISpConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); final AuthnContextClassRef authnContextClassRef = Saml2Utils.createSamlObject(AuthnContextClassRef.class); @@ -153,7 +153,7 @@ public class Pvp2AssertionBuilder implements PvpConstants { reqAuthnContext.getAuthnContextClassRefs(); // get matching mode from authn. request - String loaMatchingMode = EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; + String loaMatchingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM; if (reqAuthnContext.getComparison() != null && StringUtils.isNotEmpty(reqAuthnContext.getComparison().toString())) { loaMatchingMode = reqAuthnContext.getComparison().toString(); @@ -170,10 +170,10 @@ public class Pvp2AssertionBuilder implements PvpConstants { for (final AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { final String qaa_uri = authnClassRef.getAuthnContextClassRef(); - if (!qaa_uri.trim().startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) { + if (!qaa_uri.trim().startsWith(EaafConstants.EIDAS_LOA_PREFIX)) { if (loaLevelMapper != null) { log.debug("Find no eIDAS LoA in AuthnReq. Start mapping process ... "); - eidasLoaFromRequest.add(loaLevelMapper.mapToeIDASLoA(qaa_uri.trim())); + eidasLoaFromRequest.add(loaLevelMapper.mapToEidasLoa(qaa_uri.trim())); } else { log.debug("AuthnRequest contains no eIDAS LoA. NO LoA mapper FOUND, ignore " + "'" diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java index 07e9c28d..2e747656 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java @@ -20,12 +20,14 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.api; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.xml.security.credential.Credential; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + /** * Configuration of a PVP2 S-Profile authentication-request builder. * @@ -35,7 +37,8 @@ import org.w3c.dom.Element; public interface IPvpAuthnRequestBuilderConfiguruation { /** - * Defines a unique name for this PVP Service-provider, which is used for logging. + * Defines a unique name for this PVP Service-provider, which is used for + * logging. * * @return */ @@ -49,8 +52,8 @@ public interface IPvpAuthnRequestBuilderConfiguruation { Boolean isPassivRequest(); /** - * Define the ID of the AssertionConsumerService, which defines the required attributes in - * service-provider metadata. + * Define the ID of the AssertionConsumerService, which defines the required + * attributes in service-provider metadata. * * @return */ @@ -73,10 +76,10 @@ public interface IPvpAuthnRequestBuilderConfiguruation { /** * Define the AuthnContextClassRefernece of this request. * - *<p> + * <p> * Example: http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3 * http://www.stork.gov.eu/1.0/citizenQAALevel/4 - *</p> + * </p> * * @return */ @@ -89,7 +92,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation { */ AuthnContextComparisonTypeEnumeration getAuthnContextComparison(); - /** * Define the credential, which should be used to sign the AuthnRequest. * @@ -97,9 +99,9 @@ public interface IPvpAuthnRequestBuilderConfiguruation { */ Credential getAuthnRequestSigningCredential(); - /** - * Define the SAML2 EntityDescriptor of the IDP, which should receive the AuthnRequest. + * Define the SAML2 EntityDescriptor of the IDP, which should receive the + * AuthnRequest. * * @return Credential, but never null. */ @@ -112,7 +114,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation { */ boolean getNameIdPolicyAllowCreation(); - /** * Set the requested SubjectNameID. * @@ -155,11 +156,11 @@ public interface IPvpAuthnRequestBuilderConfiguruation { * Define the information, which should be added as 'subjectConformationDate' in * 'SubjectConformation' element. * - * @return subjectConformation information or null if no subjectConformation should be set + * @return subjectConformation information or null if no subjectConformation + * should be set */ Element getSubjectConformationDate(); - /** * Get the EntityId of the SP in case of a SAML2 proxy use-case. * @@ -167,7 +168,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation { */ String getScopeRequesterId(); - /** * Get a FriendlyName for the SP that sends the request. * @@ -175,10 +175,11 @@ public interface IPvpAuthnRequestBuilderConfiguruation { */ String getProviderName(); - /** - * Get a Set of SAML2 attributes that are requested by using SAML2 requested attributes. <br> - * <b>Info:</b> Attributes are requested by using eIDAS SAML2 extension for requested attributes + * Get a Set of SAML2 attributes that are requested by using SAML2 requested + * attributes. <br> + * <b>Info:</b> Attributes are requested by using eIDAS SAML2 extension for + * requested attributes * * @return */ diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java index 1096c535..03fae599 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java @@ -21,7 +21,6 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; - public class AssertionValidationExeption extends Pvp2Exception { private static final long serialVersionUID = -3987805399122286259L; diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java index 5ad42fb7..251ba759 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java @@ -21,10 +21,8 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; - public class AuthnRequestBuildException extends Pvp2Exception { - private static final long serialVersionUID = -1375451065455859354L; public AuthnRequestBuildException(final String messageId, final Object[] parameters) { diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java index d8d7683c..44fbf40f 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java @@ -21,18 +21,16 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; - public class AuthnResponseValidationException extends Pvp2Exception { - private static final long serialVersionUID = 8023812861029406575L; - public AuthnResponseValidationException(final String messageId, final Object[] parameters) { super(messageId, parameters); } - public AuthnResponseValidationException(final String messageId, final Object[] parameters, final Throwable e) { + public AuthnResponseValidationException(final String messageId, final Object[] parameters, + final Throwable e) { super(messageId, parameters, e); } diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java index 11b1ecad..9b284c88 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java @@ -21,18 +21,9 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.impl; import java.security.NoSuchAlgorithmException; import java.util.List; + import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; -import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; -import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; + import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; @@ -61,6 +52,18 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; + /** * PVP2 S-Profil Authentication-Request builder-implementation. * @@ -71,21 +74,19 @@ import org.springframework.stereotype.Service; public class PvpAuthnRequestBuilder { private static final Logger log = LoggerFactory.getLogger(PvpAuthnRequestBuilder.class); - @Autowired(required = true) ApplicationContext springContext; - /** * Build a PVP2.x specific authentication request * * @param pendingReq Currently processed pendingRequest - * @param config AuthnRequest builder configuration, never null - * @param httpResp http response object + * @param config AuthnRequest builder configuration, never null + * @param httpResp http response object * @throws NoSuchAlgorithmException In case of error - * @throws SecurityException In case of error - * @throws Pvp2Exception In case of error - * @throws MessageEncodingException In case of error + * @throws SecurityException In case of error + * @throws Pvp2Exception In case of error + * @throws MessageEncodingException In case of error */ public void buildAuthnRequest(final IRequest pendingReq, final IPvpAuthnRequestBuilderConfiguruation config, final HttpServletResponse httpResp) @@ -115,13 +116,12 @@ public class PvpAuthnRequestBuilder { log.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID() + " does not support POST or Redirect Binding."); throw new AuthnRequestBuildException("sp.pvp2.00", - new Object[] {config.getSpNameForLogging(), idpEntity.getEntityID()}); + new Object[] { config.getSpNameForLogging(), idpEntity.getEntityID() }); } else { authReq.setDestination(endpoint.getLocation()); } - // set basic AuthnRequest information final String reqID = config.getRequestID(); if (StringUtils.isNotEmpty(reqID)) { @@ -217,7 +217,6 @@ public class PvpAuthnRequestBuilder { } - // set ProviderName if (StringUtils.isNotEmpty(config.getProviderName())) { authReq.setProviderName(config.getProviderName()); @@ -254,10 +253,10 @@ public class PvpAuthnRequestBuilder { binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); } else { - log.warn("Binding: {} is not supported", endpoint.getBinding()); - throw new AuthnRequestBuildException("sp.pvp2.00", - new Object[] {config.getSpNameForLogging(), idpEntity.getEntityID()}); - + log.warn("Binding: {} is not supported", endpoint.getBinding()); + throw new AuthnRequestBuildException("sp.pvp2.00", + new Object[] { config.getSpNameForLogging(), idpEntity.getEntityID() }); + } // encode message diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java index 42d1c85e..fa2b9312 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java @@ -27,8 +27,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; + import org.apache.commons.lang3.StringUtils; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Attribute; @@ -42,6 +41,9 @@ import org.opensaml.xml.XMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; + public class AssertionAttributeExtractor { private static final Logger log = LoggerFactory.getLogger(AssertionAttributeExtractor.class); @@ -61,7 +63,8 @@ public class AssertionAttributeExtractor { /** * Parse the SAML2 Response element and extracts included information. <br> * <br> - * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response is used! + * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response + * is used! * * @param samlResponse SAML2 Response * @throws AssertionAttributeExtractorExeption In case of an error @@ -131,7 +134,8 @@ public class AssertionAttributeExtractor { } /** - * check attributes from assertion with attributeNameList bPK or enc_bPK are always needed. + * check attributes from assertion with attributeNameList bPK or enc_bPK are + * always needed. * * @param attributeNameList List of attributes which are required * @@ -269,14 +273,14 @@ public class AssertionAttributeExtractor { return assertion; } - /** * Get the Assertion validTo period. * - *<p> - * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used. If - * this is empty, this method returns value of SAML 'Conditions' element. - *</p> + * <p> + * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' + * element is used. If this is empty, this method returns value of SAML + * 'Conditions' element. + * </p> * * @return Date, until this SAML2 assertion is valid */ @@ -298,9 +302,9 @@ public class AssertionAttributeExtractor { /** * Get the Assertion validFrom period. * - *<p> + * <p> * This method returns value of SAML 'Conditions' element. - *</p> + * </p> * * @return Date, after this SAML2 assertion is valid, otherwise null */ @@ -331,21 +335,9 @@ public class AssertionAttributeExtractor { && assertion.getAttributeStatements().size() > 0) { final AttributeStatement attrStat = assertion.getAttributeStatements().get(0); for (final Attribute attr : attrStat.getAttributes()) { -// if (attr.getName().startsWith(PvpConstants.STORK_ATTRIBUTE_PREFIX)) { -// final List<String> storkAttrValues = new ArrayList<>(); -// for (final XMLObject el : attr.getAttributeValues()) { -// storkAttrValues.add(el.getDOM().getTextContent()); -// } - // PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), - // false, storkAttrValues , "Available"); - // storkAttributes.put(attr.getName(), storkAttr ); - -// } else { - final List<String> attrList = new ArrayList<>(); - for (final XMLObject el : attr.getAttributeValues()) { - attrList.add(el.getDOM().getTextContent()); - // } - + final List<String> attrList = new ArrayList<>(); + for (final XMLObject el : attr.getAttributeValues()) { + attrList.add(el.getDOM().getTextContent()); attributs.put(attr.getName(), attrList); } |