summaryrefslogtreecommitdiff
path: root/eaaf_modules
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules')
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java50
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java94
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java13
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java2
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java5
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java5
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java107
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java144
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java37
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java19
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java107
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java81
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java27
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java446
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java102
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java88
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java (renamed from eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICMSSignatureVerificationResponse.java)2
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java27
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java10
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java (renamed from eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXMLSignatureVerificationResponse.java)17
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java23
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java28
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java2
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java7
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java104
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java57
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java (renamed from eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCMSSignatureResponse.java)6
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXMLSignatureResponse.java119
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java115
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java57
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java25
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java5
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java42
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java23
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java7
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java3
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java3
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java9
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java3
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java3
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java37
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java27
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java21
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java7
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java46
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java40
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java5
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java5
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java3
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java5
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java5
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java61
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java3
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java87
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java8
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java52
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java7
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java19
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java5
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java18
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java33
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java33
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java22
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java28
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java32
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java11
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java15
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java16
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java39
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java12
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java33
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java49
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java44
103 files changed, 1387 insertions, 1558 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java
index 1a88c43b..e9932ae8 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java
@@ -2,19 +2,21 @@ package at.gv.egiz.eaaf.modules.auth.sl20;
import java.util.Arrays;
import java.util.List;
+
import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.api.idp.IspConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-
/**
* AuthModule to select a Securtiy-Layer 2.0 based authentication process.
@@ -23,8 +25,7 @@ import org.springframework.beans.factory.annotation.Autowired;
*
*/
public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule {
- private static final Logger log =
- LoggerFactory.getLogger(AbstractSL20AuthenticationModulImpl.class);
+ private static final Logger log = LoggerFactory.getLogger(AbstractSL20AuthenticationModulImpl.class);
private int priority = 3;
public static final List<String> VDA_TYPE_IDS = Arrays.asList("1", "2", "3", "4");
@@ -56,17 +57,15 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule
}
-
/*
* (non-Javadoc)
*
- * @see
- * at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process
- * .api.ExecutionContext)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.
+ * egovernment.moa.id.process .api.ExecutionContext)
*/
@Override
public String selectProcess(final ExecutionContext context, final IRequest pendingReq) {
- final IspConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+ final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
if (spConfig == null) {
log.error("Suspect state. NO SP CONFIGURATION IN CONTEXT!");
@@ -74,17 +73,13 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule
}
- final String sl20ClientTypeHeader =
- (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase());
- final String sl20VdaTypeHeader =
- (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
+ final String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase());
+ final String sl20VdaTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
if (authConfig.getBasicConfigurationBoolean(getGeneralConfigPropertyNameEnableModule(),
getGeneralConfigPropertyNameEnableModuleDefault())) {
- if (StringUtils
- .isNotEmpty(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))
- && Boolean
- .valueOf(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))) {
+ if (StringUtils.isNotEmpty(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))
+ && Boolean.valueOf(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))) {
log.debug("SL2.0 is enabled for " + spConfig.getUniqueIdentifier());
log.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + ": " + sl20ClientTypeHeader);
log.trace(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE + ": " + sl20VdaTypeHeader);
@@ -97,8 +92,7 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule
}
} else {
- log.trace("SL2.0 is NOT enabled with property: {}",
- getGeneralConfigPropertyNameEnableModule());
+ log.trace("SL2.0 is NOT enabled with property: {}", getGeneralConfigPropertyNameEnableModule());
return null;
}
@@ -106,22 +100,24 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule
}
/**
- * Get the general configuration-key that holds the enabled key for this authentication module.
+ * Get the general configuration-key that holds the enabled key for this
+ * authentication module.
*
* @return
*/
public abstract String getGeneralConfigPropertyNameEnableModule();
/**
- * Get the default value of the general configuration-key that holds the enabled key for this
- * authentication module.
+ * Get the default value of the general configuration-key that holds the enabled
+ * key for this authentication module.
*
* @return
*/
public abstract boolean getGeneralConfigPropertyNameEnableModuleDefault();
/**
- * Get the SP specific configuration-key that holds the enabled key for this authentication module.
+ * Get the SP specific configuration-key that holds the enabled key for this
+ * authentication module.
*
* @return configuration key for SP configuration
*/
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java
index a8460911..f607f8cb 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java
@@ -3,44 +3,38 @@ package at.gv.egiz.eaaf.modules.auth.sl20;
public class Constants {
public static final String CONFIG_PROP_PREFIX = "modules.sl20";
- public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID =
- CONFIG_PROP_PREFIX + ".vda.urls.qualeID.";
+ public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.";
- public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID =
- CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id";
- public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH =
- CONFIG_PROP_PREFIX + ".security.keystore.path";
- public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD =
- CONFIG_PROP_PREFIX + ".security.keystore.password";
- public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS =
- CONFIG_PROP_PREFIX + ".security.sign.alias";
- public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD =
- CONFIG_PROP_PREFIX + ".security.sign.password";
- public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS =
- CONFIG_PROP_PREFIX + ".security.encryption.alias";
- public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD =
- CONFIG_PROP_PREFIX + ".security.encryption.password";
+ public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX
+ + ".vda.authblock.transformation.id";
+ public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path";
+ public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX
+ + ".security.keystore.password";
+ public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias";
+ public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD = CONFIG_PROP_PREFIX
+ + ".security.sign.password";
+ public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX
+ + ".security.encryption.alias";
+ public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX
+ + ".security.encryption.password";
public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT = "default";
- public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT =
- CONFIG_PROP_VDA_ENDPOINT_QUALeID + CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT;
- public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST =
- CONFIG_PROP_VDA_ENDPOINT_QUALeID + "list";
+ public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_VDA_ENDPOINT_QUALeID
+ + CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT;
+ public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID + "list";
public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds.";
- public static final String CONFIG_PROP_DISABLE_EID_VALIDATION =
- CONFIG_PROP_PREFIX + ".security.eID.validation.disable";
- public static final String CONFIG_PROP_ENABLE_EID_ENCRYPTION =
- CONFIG_PROP_PREFIX + ".security.eID.encryption.enabled";
- public static final String CONFIG_PROP_FORCE_EID_ENCRYPTION =
- CONFIG_PROP_PREFIX + ".security.eID.encryption.required";
- public static final String CONFIG_PROP_FORCE_EID_SIGNED_RESULT =
- CONFIG_PROP_PREFIX + ".security.eID.signed.result.required";
+ public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX
+ + ".security.eID.validation.disable";
+ public static final String CONFIG_PROP_ENABLE_EID_ENCRYPTION = CONFIG_PROP_PREFIX
+ + ".security.eID.encryption.enabled";
+ public static final String CONFIG_PROP_FORCE_EID_ENCRYPTION = CONFIG_PROP_PREFIX
+ + ".security.eID.encryption.required";
+ public static final String CONFIG_PROP_FORCE_EID_SIGNED_RESULT = CONFIG_PROP_PREFIX
+ + ".security.eID.signed.result.required";
- public static final String CONFIG_PROP_IPC_RETURN_URL =
- CONFIG_PROP_PREFIX + ".testing.ipc.return.url";
- public static final String CONFIG_PROP_HTTP_REDIRECT_CODE =
- CONFIG_PROP_PREFIX + ".testing.redirect.http.code";
+ public static final String CONFIG_PROP_IPC_RETURN_URL = CONFIG_PROP_PREFIX + ".testing.ipc.return.url";
+ public static final String CONFIG_PROP_HTTP_REDIRECT_CODE = CONFIG_PROP_PREFIX + ".testing.redirect.http.code";
public static final String CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE = "303";
public static final String CONFIG_PROP_SP_ENABLE_SL20_AUTHENTICATION = "auth.sl20.enabled";
@@ -51,25 +45,23 @@ public class Constants {
/**
* Only dummy data for development!!!!!!.
*/
- public static final String DUMMY_SIGNING_CERT =
- "MIIC9zCCAd8CBFretWcwDQYJKoZIhvcNAQEOBQAwQDELMAkGA1UEBhMCQVQxDTAL\n"
- + "BgNVBAoMBEVHSVoxIjAgBgNVBAMMGW93biBkdW1teSBtZXRhZGF0YSBzaWduZXIw\n"
- + "HhcNMTgwNDI0MDQ0MTExWhcNMjEwMTE3MDQ0MTExWjBAMQswCQYDVQQGEwJBVDEN\n"
- + "MAsGA1UECgwERUdJWjEiMCAGA1UEAwwZb3duIGR1bW15IG1ldGFkYXRhIHNpZ25l\n"
- + "cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW5trHH\n"
- + "Rb1s60QtGNp2v1nfMg1R6h7SzygtmO869v5bqrVBBVGmujslr7W8cZ2DLmJoQx1N\n"
- + "WwhccjXTHpNPw0B70qHGch2uRNkqkizSOlwth0Ll2DJtzxTolbajYdg+xppXScUq\n"
- + "WNlNZndauPSnB2CESgNkaUou4x4YVSDInugAtLvdLx8rf2YcuidI6UIXxeSZr3VO\n"
- + "Z12YtddzcJ+lwh7OX8B0UvLsdYjKjefjEudyuNBmVwLv4K2LsFhSqgE1CAzk3oCb\n"
- + "V2A84klaWVPiXoBiOucyouvX781WVp1aCBp0QA8gpJH7/2wRsdPQ90tjMzM7dcgY\n"
- + "LDkCAwEAATANBgkqhkiG9w0BAQ4FAAOCAQEAQuYRQcCNLDYU1ItliYz9f28+KDyU\n"
- + "8WjF3NDZrlJbGSKQ4n7wkBfxdK3zprmpHadWDB+aZaPt/+voE2FduzPiLUDlpazN\n"
- + "60JJ5/YHZ3q9MZvdoNg6rjkpioWatoj/smUkT6oUWL/gp8tH12fOd2oJygBqXMve\n"
- + "3y3qVCghnjRaMYuXcScTZcjH9yebkTLygirtw34oGVb7t+HwbtcN65fUIBly6Rcl\n"
- + "8NV3pwOKhXFKDAqXUpvhebL4+tWOqPdqfIfGaE6rELfTf3icGY3CQCzDz5Gp0Ptc\n"
- + "TfQqm64xnhtAruXNJXWg2ptg+GuQgWnJUgQ8wLNMxw9XdeEwlQo5dL6xmg==";
+ public static final String DUMMY_SIGNING_CERT = "MIIC9zCCAd8CBFretWcwDQYJKoZIhvcNAQEOBQAwQDELMAkGA1UEBhMCQVQxDTAL\n"
+ + "BgNVBAoMBEVHSVoxIjAgBgNVBAMMGW93biBkdW1teSBtZXRhZGF0YSBzaWduZXIw\n"
+ + "HhcNMTgwNDI0MDQ0MTExWhcNMjEwMTE3MDQ0MTExWjBAMQswCQYDVQQGEwJBVDEN\n"
+ + "MAsGA1UECgwERUdJWjEiMCAGA1UEAwwZb3duIGR1bW15IG1ldGFkYXRhIHNpZ25l\n"
+ + "cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW5trHH\n"
+ + "Rb1s60QtGNp2v1nfMg1R6h7SzygtmO869v5bqrVBBVGmujslr7W8cZ2DLmJoQx1N\n"
+ + "WwhccjXTHpNPw0B70qHGch2uRNkqkizSOlwth0Ll2DJtzxTolbajYdg+xppXScUq\n"
+ + "WNlNZndauPSnB2CESgNkaUou4x4YVSDInugAtLvdLx8rf2YcuidI6UIXxeSZr3VO\n"
+ + "Z12YtddzcJ+lwh7OX8B0UvLsdYjKjefjEudyuNBmVwLv4K2LsFhSqgE1CAzk3oCb\n"
+ + "V2A84klaWVPiXoBiOucyouvX781WVp1aCBp0QA8gpJH7/2wRsdPQ90tjMzM7dcgY\n"
+ + "LDkCAwEAATANBgkqhkiG9w0BAQ4FAAOCAQEAQuYRQcCNLDYU1ItliYz9f28+KDyU\n"
+ + "8WjF3NDZrlJbGSKQ4n7wkBfxdK3zprmpHadWDB+aZaPt/+voE2FduzPiLUDlpazN\n"
+ + "60JJ5/YHZ3q9MZvdoNg6rjkpioWatoj/smUkT6oUWL/gp8tH12fOd2oJygBqXMve\n"
+ + "3y3qVCghnjRaMYuXcScTZcjH9yebkTLygirtw34oGVb7t+HwbtcN65fUIBly6Rcl\n"
+ + "8NV3pwOKhXFKDAqXUpvhebL4+tWOqPdqfIfGaE6rELfTf3icGY3CQCzDz5Gp0Ptc\n"
+ + "TfQqm64xnhtAruXNJXWg2ptg+GuQgWnJUgQ8wLNMxw9XdeEwlQo5dL6xmg==";
- public static final String DUMMY_SIGNING_CERT_FINGERPRINT =
- "IwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW";
+ public static final String DUMMY_SIGNING_CERT_FINGERPRINT = "IwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW";
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
index 7ca4ea87..bb0c41d7 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
@@ -16,8 +16,15 @@ public class VerificationResult {
}
- public VerificationResult(final JsonNode string, final List<X509Certificate> certs, final boolean wasValidSigned) {
- this.payload = string;
+ /**
+ * JWS signature verification-result container.
+ *
+ * @param payload JWS payload
+ * @param certs JWS signercertificate
+ * @param wasValidSigned true if signature was valid
+ */
+ public VerificationResult(final JsonNode payload, final List<X509Certificate> certs, final boolean wasValidSigned) {
+ this.payload = payload;
this.certs = certs;
this.validSigned = wasValidSigned;
@@ -35,6 +42,4 @@ public class VerificationResult {
return payload;
}
-
-
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java
index c751f2c2..62abdeb8 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java
@@ -9,7 +9,7 @@ public class SL20SecurityException extends SL20Exception {
}
public SL20SecurityException(final String parameter) {
- super("sl20.05", new Object[] {parameter});
+ super("sl20.05", new Object[] { parameter });
}
public SL20SecurityException(final Object[] parameters, final Throwable wrapped) {
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java
index bed1cdb0..361f57b7 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java
@@ -4,14 +4,13 @@ public class SlCommandoBuildException extends SL20Exception {
private static final long serialVersionUID = 1L;
-
public SlCommandoBuildException(final String msg) {
- super("sl20.01", new Object[] {msg});
+ super("sl20.01", new Object[] { msg });
}
public SlCommandoBuildException(final String msg, final Throwable e) {
- super("sl20.01", new Object[] {msg}, e);
+ super("sl20.01", new Object[] { msg }, e);
}
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java
index dab42631..4993796a 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java
@@ -4,14 +4,13 @@ public class SlCommandoParserException extends SL20Exception {
private static final long serialVersionUID = 1L;
-
public SlCommandoParserException(final String msg) {
- super("sl20.02", new Object[] {msg});
+ super("sl20.02", new Object[] { msg });
}
public SlCommandoParserException(final String msg, final Throwable e) {
- super("sl20.02", new Object[] {msg}, e);
+ super("sl20.02", new Object[] { msg }, e);
}
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
index 518f0d24..d1887d5c 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
@@ -4,10 +4,27 @@ import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.http.HttpResponse;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.message.BasicNameValuePair;
+import org.jose4j.base64url.Base64Url;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
-import at.gv.egiz.eaaf.core.api.idp.IspConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -23,21 +40,8 @@ import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils;
-import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.http.HttpResponse;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.message.BasicNameValuePair;
-import org.jose4j.base64url.Base64Url;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
+import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServletTask {
private static final Logger log = LoggerFactory.getLogger(AbstractCreateQualEidRequestTask.class);
@@ -57,7 +61,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
try {
// get service-provider configuration
- final IspConfiguration oaConfig = pendingReq.getServiceProviderConfiguration();
+ final ISpConfiguration oaConfig = pendingReq.getServiceProviderConfiguration();
if (oaConfig == null) {
log.warn("No SP configuration in pendingReq!");
@@ -68,16 +72,14 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
// get basic configuration parameters
final String vdaQualEidDUrl = extractVdaUrlForSpecificOa(oaConfig, executionContext);
if (StringUtils.isEmpty(vdaQualEidDUrl)) {
- log.error("NO VDA URL for qualified eID ("
- + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")");
- throw new SL20Exception("sl20.03", new Object[] {"NO VDA URL for qualified eID"});
+ log.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")");
+ throw new SL20Exception("sl20.03", new Object[] { "NO VDA URL for qualified eID" });
}
log.debug("Use {} as VDA end-point", vdaQualEidDUrl);
pendingReq.setRawDataToTransaction(
- Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL,
- vdaQualEidDUrl);
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, vdaQualEidDUrl);
revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_ENDPOINT_URL, vdaQualEidDUrl);
// create SL2.0 command for qualified eID
@@ -85,8 +87,8 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
// build request container
final String qualEidReqId = Random.nextProcessReferenceValue();
- final ObjectNode sl20Req =
- SL20JsonBuilderUtils.createGenericRequest(qualEidReqId, null, null, signedQualEidCommand);
+ final ObjectNode sl20Req = SL20JsonBuilderUtils.createGenericRequest(qualEidReqId, null, null,
+ signedQualEidCommand);
// build http POST request
final HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualEidDUrl).build());
@@ -102,8 +104,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
// HttpGet httpReq = new HttpGet(sl20ReqUri.build());
// set native client header
- httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE,
- SL20Constants.HTTP_HEADER_VALUE_NATIVE);
+ httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE);
log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes("UTF-8")));
@@ -113,8 +114,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
// parse response
log.info("Receive response from VDA ... ");
final JsonNode sl20Resp = SL20JsonExtractorUtils.getSL20ContainerFromResponse(httpResp);
- final VerificationResult respPayloadContainer =
- SL20JsonExtractorUtils.extractSL20PayLoad(sl20Resp, null, false);
+ final VerificationResult respPayloadContainer = SL20JsonExtractorUtils.extractSL20PayLoad(sl20Resp, null, false);
if (respPayloadContainer.isValidSigned() == null) {
log.debug("Receive unsigned payLoad from VDA");
@@ -136,28 +136,27 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
// create forward SL2.0 command
final ObjectNode sl20Forward = sl20Resp.deepCopy();
- SL20JsonBuilderUtils.addOnlyOnceOfTwo(sl20Forward, SL20Constants.SL20_PAYLOAD,
- SL20Constants.SL20_SIGNEDPAYLOAD, command.deepCopy(), signedCommand);
+ SL20JsonBuilderUtils.addOnlyOnceOfTwo(sl20Forward, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD,
+ command.deepCopy(), signedCommand);
// store pending request
- pendingReq.setRawDataToTransaction(
- Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, qualEidReqId);
+ pendingReq.setRawDataToTransaction(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID,
+ qualEidReqId);
requestStoreage.storePendingRequest(pendingReq);
// forward SL2.0 command
// TODO: maybe add SL2ClientType Header from execution context
SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectUrl,
- Integer
- .parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE,
- Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE)));
+ Integer.parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE,
+ Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE)));
} else if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText()
.equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) {
JsonNode result = SL20JsonExtractorUtils.getJsonObjectValue(respPayload,
SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false);
if (result == null) {
- result = SL20JsonExtractorUtils.getJsonObjectValue(respPayload,
- SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false);
+ result = SL20JsonExtractorUtils.getJsonObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS,
+ false);
}
final String errorCode = SL20JsonExtractorUtils.getStringValue(result,
@@ -166,21 +165,18 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true);
log.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg);
- throw new SL20Exception("sl20.08", new Object[] {errorCode, errorMsg});
+ throw new SL20Exception("sl20.08", new Object[] { errorCode, errorMsg });
} else {
// TODO: update to add error handling
- log.warn("Received an unrecognized command: "
- + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText());
- throw new SlCommandoParserException(
- "Received an unrecognized command: "
- + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).toString());
+ log.warn(
+ "Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText());
+ throw new SlCommandoParserException("Received an unrecognized command: "
+ + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).toString());
}
-
} catch (final EaafAuthenticationException e) {
- throw new TaskExecutionException(pendingReq,
- "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e);
} catch (final Exception e) {
log.warn("SL2.0 Authentication FAILED with a generic error.", e);
@@ -201,18 +197,14 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
*
* @return signed JWT token as serialized {@link String}
* @throws CertificateEncodingException In case of certificate parsing error
- * @throws SL20Exception In case of a SL2.0 error
+ * @throws SL20Exception In case of a SL2.0 error
*/
- protected abstract String buildSignedQualifiedEidCommand()
- throws CertificateEncodingException, SL20Exception;
+ protected abstract String buildSignedQualifiedEidCommand() throws CertificateEncodingException, SL20Exception;
-
- private String extractVdaUrlForSpecificOa(final IspConfiguration oaConfig,
- final ExecutionContext executionContext) {
+ private String extractVdaUrlForSpecificOa(final ISpConfiguration oaConfig, final ExecutionContext executionContext) {
// load SP specific config for development and testing purposes
- final String spSpecificVdaEndpoints =
- oaConfig.getConfigurationValue(Constants.CONFIG_PROP_SP_SL20_ENDPOINT_LIST);
+ final String spSpecificVdaEndpoints = oaConfig.getConfigurationValue(Constants.CONFIG_PROP_SP_SL20_ENDPOINT_LIST);
// load general configuration
final Map<String, String> endPointMap = authConfigWithSp
@@ -220,8 +212,8 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
endPointMap.put(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT,
authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT));
if (StringUtils.isNotEmpty(spSpecificVdaEndpoints)) {
- endPointMap.putAll(KeyValueUtils.convertListToMap(KeyValueUtils
- .getListOfCsvValues(KeyValueUtils.normalizeCsvValueString(spSpecificVdaEndpoints))));
+ endPointMap.putAll(KeyValueUtils.convertListToMap(
+ KeyValueUtils.getListOfCsvValues(KeyValueUtils.normalizeCsvValueString(spSpecificVdaEndpoints))));
log.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... ");
}
@@ -229,8 +221,8 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
log.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... ");
// selection based on request Header
- final String sl20VdaTypeHeader =
- (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
+ final String sl20VdaTypeHeader = (String) executionContext
+ .get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
if (StringUtils.isNotEmpty(sl20VdaTypeHeader)) {
final String vdaUrl = endPointMap.get(sl20VdaTypeHeader);
if (StringUtils.isNotEmpty(vdaUrl)) {
@@ -241,7 +233,6 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
}
-
log.info("NO specific VDA endpoint requested or found. Use default VDA");
return endPointMap.get(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT);
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java
index 516a33b9..87dd6263 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java
@@ -6,9 +6,23 @@ import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.entity.ContentType;
+import org.jose4j.base64url.Base64Url;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
@@ -28,17 +42,6 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.JsonMapper;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.entity.ContentType;
-import org.jose4j.base64url.Base64Url;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import com.fasterxml.jackson.core.JsonParseException;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
-
public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask {
private static final Logger log = LoggerFactory.getLogger(AbstractReceiveQualEidTask.class);
@@ -81,81 +84,69 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
}
log.trace("Received SL2.0 result: " + sl20Result);
- revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_DATAURL_IP,
- request.getRemoteAddr());
+ revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_DATAURL_IP, request.getRemoteAddr());
// parse SL2.0 command/result into JSON
try {
- sl20ReqObj =
- new JsonMapper().getMapper().readTree(Base64Url.decodeToUtf8String(sl20Result));
+ sl20ReqObj = new JsonMapper().getMapper().readTree(Base64Url.decodeToUtf8String(sl20Result));
} catch (final JsonParseException e) {
log.warn("SL2.0 command or result is NOT valid JSON.", e);
log.debug("SL2.0 msg: " + sl20Result);
- throw new SL20Exception("sl20.02",
- new Object[] {"SL2.0 command or result is NOT valid JSON."}, e);
+ throw new SL20Exception("sl20.02", new Object[] { "SL2.0 command or result is NOT valid JSON." }, e);
}
// check on errorMessage
- final VerificationResult payLoadContainerErrorCheck =
- SL20JsonExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, false);
+ final VerificationResult payLoadContainerErrorCheck = SL20JsonExtractorUtils.extractSL20PayLoad(sl20ReqObj,
+ joseTools, false);
if (SL20JsonExtractorUtils
- .getStringValue(payLoadContainerErrorCheck.getPayload(),
- SL20Constants.SL20_COMMAND_CONTAINER_NAME, true)
+ .getStringValue(payLoadContainerErrorCheck.getPayload(), SL20Constants.SL20_COMMAND_CONTAINER_NAME, true)
.equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) {
log.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR + " result .... ");
- final JsonNode errorResult = SL20JsonExtractorUtils
- .extractSL20Result(payLoadContainerErrorCheck.getPayload(), joseTools, false);
+ final JsonNode errorResult = SL20JsonExtractorUtils.extractSL20Result(payLoadContainerErrorCheck.getPayload(),
+ joseTools, false);
final String errorCode = SL20JsonExtractorUtils.getStringValue(errorResult,
SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true);
final String errorMsg = SL20JsonExtractorUtils.getStringValue(errorResult,
SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, false);
- log.info("Receiving errorcode: {} with msg: {} from VDA! Stopping auth-process ... ",
- errorCode, errorMsg);
+ log.info("Receiving errorcode: {} with msg: {} from VDA! Stopping auth-process ... ", errorCode, errorMsg);
// aTrustErrorWorkAround = true;
- throw new SL20Exception("sl20.08", new Object[] {errorCode, errorMsg});
+ throw new SL20Exception("sl20.08", new Object[] { errorCode, errorMsg });
} else {
// Receive no error - To request validation
// validate reqId with inResponseTo
- final String sl20ReqId = pendingReq.getRawData(
- Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
- final String inRespTo =
- SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
+ final String sl20ReqId = pendingReq
+ .getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
+ final String inRespTo = SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
- log.info(
- "SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
+ log.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
throw new SL20SecurityException(
"SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
}
-
// validate signature
- final VerificationResult payLoadContainer = SL20JsonExtractorUtils
- .extractSL20PayLoad(sl20ReqObj, joseTools, authConfig.getBasicConfigurationBoolean(
- Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
+ final VerificationResult payLoadContainer = SL20JsonExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools,
+ authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
if (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned()) {
- if (authConfig.getBasicConfigurationBoolean(
- Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
+ if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
log.info("SL20 result from VDA was not valid signed");
- throw new SL20SecurityException(new Object[] {"Signature on SL20 result NOT valid."});
+ throw new SL20SecurityException(new Object[] { "Signature on SL20 result NOT valid." });
} else {
- log.warn(
- "SL20 result from VDA is NOT valid signed, but signatures-verification "
+ log.warn("SL20 result from VDA is NOT valid signed, but signatures-verification "
+ "is DISABLED by configuration!");
}
}
-
+
// extract payloaf
final JsonNode payLoad = payLoadContainer.getPayload();
-
// handle SL2.0 response payLoad
handleResponsePayLoad(payLoad);
@@ -168,8 +159,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
}
pendingReq.setRawDataToTransaction(
Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
- new TaskExecutionException(pendingReq,
- "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
+ new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
} catch (final Exception e) {
log.warn("ERROR:", e);
@@ -196,7 +186,8 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
}
} catch (final Exception e) {
- // write internal server errror 500 according to SL2.0 specification, chapter https transport
+ // write internal server errror 500 according to SL2.0 specification, chapter
+ // https transport
// binding
log.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e);
if (sl20Result != null) {
@@ -228,9 +219,8 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
final ObjectNode errorCommand = SL20JsonBuilderUtils
.createCommandResponse(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, error, null);
-
- final ObjectNode respContainer = SL20JsonBuilderUtils
- .createGenericResponse(UUID.randomUUID().toString(), null, null, errorCommand, null);
+ final ObjectNode respContainer = SL20JsonBuilderUtils.createGenericResponse(UUID.randomUUID().toString(), null,
+ null, errorCommand, null);
log.trace("SL20 response to VDA: " + respContainer);
final StringWriter writer = new StringWriter();
@@ -247,37 +237,34 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
final JsonNode sl20ReqObj) throws IOException, SL20Exception, URISyntaxException {
// create response
final Map<String, String> reqParameters = new HashMap<>();
- reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID,
- pendingReq.getPendingRequestId());
+ reqParameters.put(EaafConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId());
final ObjectNode callReqParams = SL20JsonBuilderUtils.createCallCommandParameters(
new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(), getResumeEndPoint(), null),
SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, false, reqParameters);
- final ObjectNode callCommand = SL20JsonBuilderUtils
- .createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams);
+ final ObjectNode callCommand = SL20JsonBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL,
+ callReqParams);
// build first redirect command for app
- final ObjectNode redirectOneParams = SL20JsonBuilderUtils.createRedirectCommandParameters(
- generateIpcRedirectUrlForDebugging(), callCommand, null, true);
+ final ObjectNode redirectOneParams = SL20JsonBuilderUtils
+ .createRedirectCommandParameters(generateIpcRedirectUrlForDebugging(), callCommand, null, true);
final ObjectNode redirectOneCommand = SL20JsonBuilderUtils
.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams);
// build second redirect command for IDP
- final ObjectNode redirectTwoParams = SL20JsonBuilderUtils.createRedirectCommandParameters(
- new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(), getResumeEndPoint(),
- pendingReq.getPendingRequestId()),
+ final ObjectNode redirectTwoParams = SL20JsonBuilderUtils.createRedirectCommandParameters(new DataUrlBuilder()
+ .buildDataUrl(pendingReq.getAuthUrl(), getResumeEndPoint(), pendingReq.getPendingRequestId()),
redirectOneCommand, null, false);
final ObjectNode redirectTwoCommand = SL20JsonBuilderUtils
.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
// build generic SL2.0 response container
- final String transactionId =
- SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false);
- final ObjectNode respContainer = SL20JsonBuilderUtils.createGenericRequest(
- UUID.randomUUID().toString(), transactionId, redirectTwoCommand, null);
-
- if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null
- && request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE)
- .equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {
+ final String transactionId = SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID,
+ false);
+ final ObjectNode respContainer = SL20JsonBuilderUtils.createGenericRequest(UUID.randomUUID().toString(),
+ transactionId, redirectTwoCommand, null);
+
+ if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && request
+ .getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {
log.debug("Client request containts 'native client' header ... ");
log.trace("SL20 response to VDA: " + respContainer);
final StringWriter writer = new StringWriter();
@@ -288,21 +275,16 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
response.setContentType(ContentType.APPLICATION_JSON.toString());
response.getOutputStream().write(content);
-
} else {
- log.info("SL2.0 DataURL communication needs http header: '"
- + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'");
+ log.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'");
log.debug("Client request containts is no native client ... ");
- final URIBuilder clientRedirectUri =
- new URIBuilder(new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(),
- getResumeEndPoint(), pendingReq.getPendingRequestId()));
- response.setStatus(Integer
- .parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE,
- Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE)));
+ final URIBuilder clientRedirectUri = new URIBuilder(new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(),
+ getResumeEndPoint(), pendingReq.getPendingRequestId()));
+ response.setStatus(Integer.parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE,
+ Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE)));
response.setHeader("Location", clientRedirectUri.build().toString());
-
// throw new SL20Exception("sl20.06",
// new Object[] {"SL2.0 DataURL communication needs http header: '" +
// SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"});
@@ -317,15 +299,12 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
*/
private String generateIpcRedirectUrlForDebugging() {
-
- String ipcRedirectUrlConfig =
- authConfig.getBasicConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL);
+ String ipcRedirectUrlConfig = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL);
if (StringUtils.isNotEmpty(ipcRedirectUrlConfig)) {
if (ipcRedirectUrlConfig.contains(PATTERN_PENDING_REQ_ID)) {
log.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... ");
ipcRedirectUrlConfig = ipcRedirectUrlConfig.replaceAll("#PENDINGREQID#",
- EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "="
- + pendingReq.getPendingRequestId());
+ EaafConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + pendingReq.getPendingRequestId());
}
@@ -336,5 +315,4 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask
}
-
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java
index 9d444802..6ee53a9d 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java
@@ -5,14 +5,18 @@ import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.List;
+
import javax.annotation.Nonnull;
-import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.lang.JoseException;
+
import com.fasterxml.jackson.databind.JsonNode;
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+
public interface IJoseTools {
/**
@@ -31,39 +35,36 @@ public interface IJoseTools {
* @throws SL20Exception In case of a signature validation error
*/
@Nonnull
- VerificationResult validateSignature(@Nonnull String serializedContent)
- throws SL20Exception;
+ VerificationResult validateSignature(@Nonnull String serializedContent) throws SL20Exception;
/**
* Validate a JWS signature.
*
* @param serializedContent JWS in serialized form
- * @param trustedCerts trusted X509 certificates
- * @param constraints signature verification constraints
+ * @param trustedCerts trusted X509 certificates
+ * @param constraints signature verification constraints
* @return Signature-verification result
* @throws JoseException In case of a signature verification error
- * @throws IOException In case of a general IO error
+ * @throws IOException In case of a general IO error
*/
@Nonnull
- VerificationResult validateSignature(@Nonnull String serializedContent,
- @Nonnull List<X509Certificate> trustedCerts, @Nonnull AlgorithmConstraints constraints)
- throws JoseException, IOException;
+ VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull List<X509Certificate> trustedCerts,
+ @Nonnull AlgorithmConstraints constraints) throws JoseException, IOException;
/**
* Validate a JWS signature.
*
* @param serializedContent JWS in serialized form
- * @param trustStore with trusted X509 certificates
- * @param algconstraints signature verification constraints
+ * @param trustStore with trusted X509 certificates
+ * @param algconstraints signature verification constraints
* @return Signature-verification result
- * @throws JoseException In case of a signature verification error
- * @throws IOException In case of a general IO error
+ * @throws JoseException In case of a signature verification error
+ * @throws IOException In case of a general IO error
* @throws KeyStoreException In case of TrustStore error
*/
@Nonnull
- VerificationResult validateSignature(@Nonnull String serializedContent,
- @Nonnull KeyStore trustStore, @Nonnull AlgorithmConstraints algconstraints)
- throws JoseException, IOException, KeyStoreException;
+ VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull KeyStore trustStore,
+ @Nonnull AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException;
/**
* Get the encryption certificate for SL2.0 End-to-End encryption.
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java
index f38203d2..2387a9f2 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java
@@ -35,7 +35,7 @@ public class JsonMapper implements IJsonMapper {
/**
* The constructor.
- *
+ *
* @param prettyPrint enables or disables the default pretty printer
*/
public JsonMapper(@NonNull final boolean prettyPrint) {
@@ -54,10 +54,9 @@ public class JsonMapper implements IJsonMapper {
}
-
/*
* (non-Javadoc)
- *
+ *
* @at.gv.egiz.eaaf.core.api.utils.IJsonMapper#getMapper()
*/
public ObjectMapper getMapper() {
@@ -65,10 +64,9 @@ public class JsonMapper implements IJsonMapper {
}
-
/*
* (non-Javadoc)
- *
+ *
* @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#serialize(java.lang.Object)
*/
@Override
@@ -86,12 +84,12 @@ public class JsonMapper implements IJsonMapper {
/*
* (non-Javadoc)
- *
- * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#deserialize(java.lang.String, java.lang.Class)
+ *
+ * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#deserialize(java.lang.String,
+ * java.lang.Class)
*/
@Override
- public <T> Object deserialize(final String value, final Class<T> clazz)
- throws EaafJsonMapperException {
+ public <T> Object deserialize(final String value, final Class<T> clazz) throws EaafJsonMapperException {
try {
if (clazz != null) {
if (clazz.isAssignableFrom(TypeReference.class)) {
@@ -115,8 +113,7 @@ public class JsonMapper implements IJsonMapper {
}
@Override
- public <T> Object deserialize(final InputStream is, final Class<T> clazz)
- throws EaafJsonMapperException {
+ public <T> Object deserialize(final InputStream is, final Class<T> clazz) throws EaafJsonMapperException {
try {
if (clazz != null) {
if (clazz.isAssignableFrom(TypeReference.class)) {
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index 6ec56825..0d2c1815 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -70,8 +70,7 @@ public class JsonSecurityUtils implements IJoseTools {
log.info("Initialize SL2.0 authentication security constrains ... ");
try {
if (getKeyStoreFilePath() != null) {
- final KeyStore keyStore =
- KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
+ final KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
// load signing key
signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray());
@@ -88,11 +87,9 @@ public class JsonSecurityUtils implements IJoseTools {
// load encryption key
try {
- encPrivKey =
- keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
+ encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
if (encPrivKey != null) {
- final Certificate[] certChainEncryption =
- keyStore.getCertificateChain(getEncryptionKeyAlias());
+ final Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias());
encCertChain = new X509Certificate[certChainEncryption.length];
for (int i = 0; i < certChainEncryption.length; i++) {
if (certChainEncryption[i] instanceof X509Certificate) {
@@ -106,8 +103,8 @@ public class JsonSecurityUtils implements IJoseTools {
}
} catch (final Exception e) {
- log.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: "
- + e.getMessage(), e);
+ log.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(),
+ e);
}
@@ -117,13 +114,13 @@ public class JsonSecurityUtils implements IJoseTools {
// some short validation
if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) {
log.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
- throw new SL20Exception("sl20.03", new Object[] {"Can NOT open private key for signing"});
+ throw new SL20Exception("sl20.03", new Object[] { "Can NOT open private key for signing" });
}
if (signCertChain == null || signCertChain.length == 0) {
log.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
- throw new SL20Exception("sl20.03", new Object[] {"NO certificate for SL2.0 signing"});
+ throw new SL20Exception("sl20.03", new Object[] { "NO certificate for SL2.0 signing" });
}
@@ -133,9 +130,9 @@ public class JsonSecurityUtils implements IJoseTools {
log.info("NO SL2.0 authentication security configuration. Initialization was skipped");
}
- } catch (RuntimeException e) {
- throw e;
-
+ } catch (final RuntimeException e) {
+ throw e;
+
} catch (final Exception e) {
log.error("SL2.0 security constrains initialization FAILED.", e);
@@ -173,9 +170,8 @@ public class JsonSecurityUtils implements IJoseTools {
}
@Override
- public VerificationResult validateSignature(final String serializedContent,
- final KeyStore trustStore, final AlgorithmConstraints algconstraints)
- throws JoseException, IOException, KeyStoreException {
+ public VerificationResult validateSignature(final String serializedContent, final KeyStore trustStore,
+ final AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException {
final List<X509Certificate> trustedCertificates = readCertsFromKeyStore(trustStore);
return validateSignature(serializedContent, trustedCertificates, algconstraints);
@@ -184,8 +180,8 @@ public class JsonSecurityUtils implements IJoseTools {
@Override
@NonNull
public VerificationResult validateSignature(@Nonnull final String serializedContent,
- @Nonnull final List<X509Certificate> trustedCerts,
- @Nonnull final AlgorithmConstraints constraints) throws JoseException, IOException {
+ @Nonnull final List<X509Certificate> trustedCerts, @Nonnull final AlgorithmConstraints constraints)
+ throws JoseException, IOException {
final JsonWebSignature jws = new JsonWebSignature();
// set payload
jws.setCompactSerialization(serializedContent);
@@ -219,20 +215,16 @@ public class JsonSecurityUtils implements IJoseTools {
} else if (StringUtils.isNotEmpty(x5t256)) {
log.debug("Found x5t256 fingerprint in JOSE header .... ");
- final X509VerificationKeyResolver x509VerificationKeyResolver =
- new X509VerificationKeyResolver(trustedCerts);
- selectedKey =
- x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList());
+ final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts);
+ selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList());
} else {
- throw new JoseException(
- "JWS contains NO signature certificate or NO certificate fingerprint");
+ throw new JoseException("JWS contains NO signature certificate or NO certificate fingerprint");
}
if (selectedKey == null) {
- throw new JoseException(
- "Can NOT select verification key for JWS. Signature verification FAILED");
+ throw new JoseException("Can NOT select verification key for JWS. Signature verification FAILED");
}
@@ -240,23 +232,19 @@ public class JsonSecurityUtils implements IJoseTools {
jws.setKey(selectedKey);
// load payLoad
- return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null,
- jws.verifySignature());
-
+ return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, jws.verifySignature());
}
@Override
@Nonnull
- public VerificationResult validateSignature(@Nonnull final String serializedContent)
- throws SL20Exception {
+ public VerificationResult validateSignature(@Nonnull final String serializedContent) throws SL20Exception {
try {
final AlgorithmConstraints algConstraints = new AlgorithmConstraints(ConstraintType.WHITELIST,
SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING
.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()]));
- final VerificationResult result =
- validateSignature(serializedContent, trustedCerts, algConstraints);
+ final VerificationResult result = validateSignature(serializedContent, trustedCerts, algConstraints);
if (!result.isValidSigned()) {
log.info("JWS signature invalide. Stopping authentication process ...");
@@ -270,7 +258,7 @@ public class JsonSecurityUtils implements IJoseTools {
} catch (JoseException | JsonParseException e) {
log.warn("SL2.0 commando signature validation FAILED", e);
- throw new SL20SecurityException(new Object[] {e.getMessage()}, e);
+ throw new SL20SecurityException(new Object[] { e.getMessage() }, e);
} catch (final IOException e) {
log.warn("Decrypted SL2.0 result can not be parsed.", e);
@@ -280,24 +268,22 @@ public class JsonSecurityUtils implements IJoseTools {
}
-
@Override
public JsonNode decryptPayload(final String compactSerialization) throws SL20Exception {
try {
final JsonWebEncryption receiverJwe = new JsonWebEncryption();
// set security constrains
- receiverJwe.setAlgorithmConstraints(new AlgorithmConstraints(ConstraintType.WHITELIST,
- SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION
+ receiverJwe.setAlgorithmConstraints(
+ new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION
.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.size()])));
- receiverJwe.setContentEncryptionAlgorithmConstraints(new AlgorithmConstraints(
- ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION
+ receiverJwe.setContentEncryptionAlgorithmConstraints(
+ new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION
.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.size()])));
// set payload
receiverJwe.setCompactSerialization(compactSerialization);
-
// validate key from header against key from config
final List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue();
final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue();
@@ -307,16 +293,16 @@ public class JsonSecurityUtils implements IJoseTools {
final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts);
if (!sortedX5cCerts.get(0).equals(encCertChain[0])) {
- log.info("Certificate from JOSE header does NOT match encryption certificate");
+ log.info("Certificate from JOSE header does NOT match encryption certificate");
try {
-
+
log.debug("JOSE certificate: {}", Base64Utils.encode(sortedX5cCerts.get(0).getEncoded()));
} catch (final CertificateEncodingException e) {
e.printStackTrace();
}
throw new SL20Exception("sl20.05",
- new Object[] {"Certificate from JOSE header does NOT match encryption certificate"});
+ new Object[] { "Certificate from JOSE header does NOT match encryption certificate" });
}
} else if (StringUtils.isNotEmpty(x5t256)) {
@@ -326,13 +312,12 @@ public class JsonSecurityUtils implements IJoseTools {
log.info("X5t256 from JOSE header does NOT match encryption certificate");
log.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint);
throw new SL20Exception("sl20.05",
- new Object[] {"X5t256 from JOSE header does NOT match encryption certificate"});
+ new Object[] { "X5t256 from JOSE header does NOT match encryption certificate" });
}
} else {
- log.info(
- "Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint");
+ log.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint");
throw new SlCommandoParserException(
"Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint");
@@ -341,13 +326,12 @@ public class JsonSecurityUtils implements IJoseTools {
// set key
receiverJwe.setKey(encPrivKey);
-
// decrypt payload
return mapper.getMapper().readTree(receiverJwe.getPlaintextString());
} catch (final JoseException e) {
log.warn("SL2.0 result decryption FAILED", e);
- throw new SL20SecurityException(new Object[] {e.getMessage()}, e);
+ throw new SL20SecurityException(new Object[] { e.getMessage() }, e);
} catch (final JsonParseException e) {
log.warn("Decrypted SL2.0 result is NOT a valid JSON.", e);
@@ -360,8 +344,6 @@ public class JsonSecurityUtils implements IJoseTools {
}
-
-
@Override
public X509Certificate getEncryptionCertificate() {
// TODO: maybe update after SL2.0 update on encryption certificate parts
@@ -373,14 +355,12 @@ public class JsonSecurityUtils implements IJoseTools {
}
private String getKeyStoreFilePath() throws EaafConfigurationException, MalformedURLException {
- return FileUtils.makeAbsoluteUrl(
- authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH),
+ return FileUtils.makeAbsoluteUrl(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH),
authConfig.getConfigurationRootDirectory());
}
private String getKeyStorePassword() {
- String value =
- authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD);
+ String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD);
if (value != null) {
value = value.trim();
}
@@ -390,8 +370,7 @@ public class JsonSecurityUtils implements IJoseTools {
}
private String getSigningKeyAlias() {
- String value = authConfig
- .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim();
+ String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim();
if (value != null) {
value = value.trim();
}
@@ -400,8 +379,7 @@ public class JsonSecurityUtils implements IJoseTools {
}
private String getSigningKeyPassword() {
- String value = authConfig
- .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim();
+ String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim();
if (value != null) {
value = value.trim();
}
@@ -410,8 +388,8 @@ public class JsonSecurityUtils implements IJoseTools {
}
private String getEncryptionKeyAlias() {
- String value = authConfig
- .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim();
+ String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS)
+ .trim();
if (value != null) {
value = value.trim();
}
@@ -420,8 +398,7 @@ public class JsonSecurityUtils implements IJoseTools {
}
private String getEncryptionKeyPassword() {
- String value = authConfig
- .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD)
+ String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD)
.trim();
if (value != null) {
value = value.trim();
@@ -431,8 +408,7 @@ public class JsonSecurityUtils implements IJoseTools {
}
@Nonnull
- private List<X509Certificate> readCertsFromKeyStore(@Nonnull final KeyStore keyStore)
- throws KeyStoreException {
+ private List<X509Certificate> readCertsFromKeyStore(@Nonnull final KeyStore keyStore) throws KeyStoreException {
final List<X509Certificate> result = new ArrayList<>();
final Enumeration<String> aliases = keyStore.aliases();
@@ -444,8 +420,7 @@ public class JsonSecurityUtils implements IJoseTools {
if (cert != null && cert instanceof X509Certificate) {
result.add((X509Certificate) cert);
} else {
- log.info("Can not process entry: {}. Reason: {}", el,
- cert != null ? cert.getType() : "cert is null");
+ log.info("Can not process entry: {}. Reason: {}", el, cert != null ? cert.getType() : "cert is null");
}
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
index d3726546..d1793b0e 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
@@ -24,7 +24,6 @@ public class SL20Constants {
public static final String HTTP_HEADER_SL20_RESP = "X-SL20Operation";
-
// *******************************************************************************************
// JSON signing and encryption headers
public static final String JSON_ALGORITHM = "alg";
@@ -39,22 +38,19 @@ public class SL20Constants {
AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256;
public static final String JSON_ALGORITHM_SIGNING_ES512 =
AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512;
- public static final String JSON_ALGORITHM_SIGNING_PS256 =
- AlgorithmIdentifiers.RSA_PSS_USING_SHA256;
- public static final String JSON_ALGORITHM_SIGNING_PS512 =
- AlgorithmIdentifiers.RSA_PSS_USING_SHA512;
+ public static final String JSON_ALGORITHM_SIGNING_PS256 = AlgorithmIdentifiers.RSA_PSS_USING_SHA256;
+ public static final String JSON_ALGORITHM_SIGNING_PS512 = AlgorithmIdentifiers.RSA_PSS_USING_SHA512;
- public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(Arrays.asList(
- JSON_ALGORITHM_SIGNING_RS256, JSON_ALGORITHM_SIGNING_RS512, JSON_ALGORITHM_SIGNING_ES256,
- JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512));
+ public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(
+ Arrays.asList(JSON_ALGORITHM_SIGNING_RS256, JSON_ALGORITHM_SIGNING_RS512, JSON_ALGORITHM_SIGNING_ES256,
+ JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512));
- public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP =
- KeyManagementAlgorithmIdentifiers.RSA_OAEP;
+ public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = KeyManagementAlgorithmIdentifiers.RSA_OAEP;
public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP256 =
KeyManagementAlgorithmIdentifiers.RSA_OAEP_256;
- public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION =
- Collections.unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256));
+ public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = Collections
+ .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256));
public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 =
ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256;
@@ -65,10 +61,10 @@ public class SL20Constants {
public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM =
ContentEncryptionAlgorithmIdentifiers.AES_256_GCM;
- public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Collections.unmodifiableList(Arrays.asList(
- JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512,
- JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM));
-
+ public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Collections
+ .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256,
+ JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512,
+ JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM));
// *********************************************************************************************
// Object identifier for generic transport container
@@ -96,12 +92,12 @@ public class SL20Constants {
@Deprecated
public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID";
public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEIDCONSENT = "qualifiedEIDConsent";
- // public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig";
+ // public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG =
+ // "qualifiedSig";
public static final String SL20_COMMAND_IDENTIFIER_GETCERTIFICATE = "getCertificate";
public static final String SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES = "createCAdES";
-
public static final String SL20_COMMAND_IDENTIFIER_BINDING_CREATE_KEY = "createBindingKey";
public static final String SL20_COMMAND_IDENTIFIER_BINDING_STORE_CERT = "storeBindingCert";
@@ -124,13 +120,11 @@ public class SL20Constants {
public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT = "IPCRedirect";
// Call command
- public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL =
- SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL;
+ public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL = SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL;
public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD = "method";
public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET = "get";
public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_POST = "post";
- public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID =
- "includeTransactionID";
+ public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID = "includeTransactionID";
public static final String SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER = "reqParams";
// error command
@@ -144,8 +138,7 @@ public class SL20Constants {
@Deprecated
public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes";
@Deprecated
- public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE =
- "MANDATE-REFERENCE-VALUE";
+ public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE";
@Deprecated
public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID";
@Deprecated
@@ -176,11 +169,9 @@ public class SL20Constants {
// public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC =
// SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
-
// getCertificate
public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_KEYID = "keyId";
- public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL =
- SL20_COMMAND_PARAM_GENERAL_DATAURL;
+ public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC =
SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_JWKCENC =
@@ -191,13 +182,10 @@ public class SL20Constants {
public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId";
public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content";
public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType";
- public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY =
- "padesComatibility";
- public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE =
- "excludedByteRange";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange";
public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL = "cadesLevel";
- public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL =
- SL20_COMMAND_PARAM_GENERAL_DATAURL;
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_X5CENC =
SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_JWKCENC =
@@ -211,19 +199,15 @@ public class SL20Constants {
public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L";
public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A";
-
-
// create binding key command
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID";
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_SN = "SN";
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH = "keyLength";
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG = "keyAlg";
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES = "policies";
- public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL =
- SL20_COMMAND_PARAM_GENERAL_DATAURL;
+ public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST = "x5cVdaTrust";
- public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD =
- "reqUserPassword";
+ public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD = "reqUserPassword";
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC =
SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
@@ -231,23 +215,18 @@ public class SL20Constants {
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_SECPR256R1 = "secp256r1";
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_LIFETIME = "lifeTime";
- public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT =
- "useSecureElement";
+ public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT = "useSecureElement";
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_KEYTIMEOUT = "keyTimeout";
- public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH =
- "needUserAuth";
+ public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH = "needUserAuth";
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID = "appID";
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR = "csr";
- public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE =
- "attCert";
+ public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE = "attCert";
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD = "encodedPass";
-
// store binding certificate command
public static final String SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE = "x5c";
- public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL =
- SL20_COMMAND_PARAM_GENERAL_DATAURL;
+ public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS = "success";
public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE = "OK";
@@ -268,14 +247,12 @@ public class SL20Constants {
public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE = "nonce";
public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA = "displayData";
public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL = "displayUrl";
- public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL =
- SL20_COMMAND_PARAM_GENERAL_DATAURL;
+ public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE =
SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE;
// QR-Code authentication
public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_QRCODE = "qrCode";
- public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL =
- SL20_COMMAND_PARAM_GENERAL_DATAURL;
+ public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
index 6a8b96d4..1d7c9646 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
@@ -3,15 +3,18 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URISyntaxException;
+
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
import org.apache.http.client.utils.URIBuilder;
import org.jose4j.base64url.Base64Url;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.MediaType;
+
import com.fasterxml.jackson.databind.JsonNode;
public class SL20HttpBindingUtils {
@@ -20,26 +23,24 @@ public class SL20HttpBindingUtils {
/**
* Write SL2.0 response into http-response object
*
- * @param httpReq Current http request
- * @param httpResp Current http response
- * @param sl20Forward SL2.0 command that should be written to response
- * @param redirectUrl SL2.0 redirect URL in case of SL2.0 redirect command and no native client
- * (see SL2.0 specification)
- * @param httpCodeRedirect http redirect-code in case of SL2.0 redirect command and no native
- * client (see SL2.0 specification)
- * @throws IOException In case of an IO error
+ * @param httpReq Current http request
+ * @param httpResp Current http response
+ * @param sl20Forward SL2.0 command that should be written to response
+ * @param redirectUrl SL2.0 redirect URL in case of SL2.0 redirect command
+ * and no native client (see SL2.0 specification)
+ * @param httpCodeRedirect http redirect-code in case of SL2.0 redirect command
+ * and no native client (see SL2.0 specification)
+ * @throws IOException In case of an IO error
* @throws URISyntaxException In case of a wrong URL
*/
public static void writeIntoResponse(@Nonnull final HttpServletRequest httpReq,
@Nonnull final HttpServletResponse httpResp, @Nonnull final JsonNode sl20Forward,
- @Nullable final String redirectUrl, @Nonnull final int httpCodeRedirect)
- throws IOException, URISyntaxException {
+ @Nullable final String redirectUrl, @Nonnull final int httpCodeRedirect) throws IOException, URISyntaxException {
// forward SL2.0 command
httpResp.addIntHeader(SL20Constants.HTTP_HEADER_SL20_RESP, SL20Constants.CURRENT_SL20_VERSION);
- if (httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null
- && httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE)
- .equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {
+ if (httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && httpReq
+ .getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {
log.debug("Client request containts 'native client' header ... ");
final StringWriter writer = new StringWriter();
writer.write(sl20Forward.toString());
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
index 82a8cf26..eb17781b 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java
@@ -8,11 +8,13 @@ import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
-import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
+import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+
public class SL20JsonBuilderUtils {
private static JsonMapper mapper = new JsonMapper();
@@ -20,13 +22,12 @@ public class SL20JsonBuilderUtils {
/**
* Create command request.
*
- * @param name Commando name
+ * @param name Commando name
* @param params Commando parameters
* @return JSON Object
* @throws SlCommandoBuildException In case of a build error
*/
- public static ObjectNode createCommand(final String name, final ObjectNode params)
- throws SlCommandoBuildException {
+ public static ObjectNode createCommand(final String name, final ObjectNode params) throws SlCommandoBuildException {
final ObjectNode command = mapper.getMapper().createObjectNode();
addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true);
@@ -38,14 +39,14 @@ public class SL20JsonBuilderUtils {
/**
* Create signed command request.
*
- * @param name Commando name
+ * @param name Commando name
* @param params commando parameter
* @param signer JWS signer implementation
* @return Serialized JWS
* @throws SlCommandoBuildException In case of a build error
*/
- public static String createSignedCommand(final String name, final ObjectNode params,
- final IJoseTools signer) throws SlCommandoBuildException {
+ public static String createSignedCommand(final String name, final ObjectNode params, final IJoseTools signer)
+ throws SlCommandoBuildException {
final ObjectNode command = mapper.getMapper().createObjectNode();
addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true);
addSingleJsonElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true);
@@ -53,17 +54,16 @@ public class SL20JsonBuilderUtils {
}
-
/**
* Create encrypted command result.
*
- * @param result JSON to encrypt
+ * @param result JSON to encrypt
* @param encrypter JWE encrypter implementation
* @return Serialized JWE
* @throws SlCommandoBuildException In case of a processing error
*/
- public static String createEncryptedCommandoResult(final ObjectNode result,
- final JsonSecurityUtils encrypter) throws SlCommandoBuildException {
+ public static String createEncryptedCommandoResult(final ObjectNode result, final JsonSecurityUtils encrypter)
+ throws SlCommandoBuildException {
// TODO: add real implementation
// create header and footer
final String dummyHeader = createJsonEncryptionHeader().toString();
@@ -71,21 +71,20 @@ public class SL20JsonBuilderUtils {
final String dummyFooter = createJsonSignedFooter();
try {
- return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "."
- + Base64.getUrlEncoder().encodeToString(payLoad.getBytes("UTF-8")) + "."
- + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8"));
- } catch (UnsupportedEncodingException e) {
- throw new SlCommandoBuildException("No UTF-8 encoding", e);
- }
+ return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "."
+ + Base64.getUrlEncoder().encodeToString(payLoad.getBytes("UTF-8")) + "."
+ + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8"));
+ } catch (final UnsupportedEncodingException e) {
+ throw new SlCommandoBuildException("No UTF-8 encoding", e);
+ }
}
-
/**
* Create command result.
*
- * @param name Commando name
- * @param result commande result
+ * @param name Commando name
+ * @param result commande result
* @param encryptedResult encrypted commando result
* @return Result json
* @throws SlCommandoBuildException In case of an error
@@ -103,16 +102,15 @@ public class SL20JsonBuilderUtils {
/**
* Create signed command result.
*
- * @param name commando name
- * @param result commando result
+ * @param name commando name
+ * @param result commando result
* @param encryptedResult encrypted commando result
* @return JWS in serialized form
* @throws SlCommandoBuildException in case of an error
-
+ *
*/
public static String createSignedCommandResponse(final String name, final ObjectNode result,
- final String encryptedResult, final JsonSecurityUtils signer)
- throws SlCommandoBuildException {
+ final String encryptedResult, final JsonSecurityUtils signer) throws SlCommandoBuildException {
final ObjectNode command = mapper.getMapper().createObjectNode();
addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true);
addOnlyOnceOfTwo(command, SL20Constants.SL20_COMMAND_CONTAINER_RESULT,
@@ -125,36 +123,34 @@ public class SL20JsonBuilderUtils {
final String dummyFooter = createJsonSignedFooter();
try {
- return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "."
- + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes("UTF-8")) + "."
- + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8"));
-
- } catch (UnsupportedEncodingException e) {
- throw new SlCommandoBuildException("No UTF-8 encoding", e);
- }
+ return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "."
+ + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes("UTF-8")) + "."
+ + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8"));
+
+ } catch (final UnsupportedEncodingException e) {
+ throw new SlCommandoBuildException("No UTF-8 encoding", e);
+ }
}
/**
* Create parameters for Redirect command.
*
- * @param url redirect URL
- * @param command embedded command
+ * @param url redirect URL
+ * @param command embedded command
* @param signedCommand Signed embedded command
- * @param ipcRedirect IPC redirect flag
+ * @param ipcRedirect IPC redirect flag
* @return result JSON
* @throws SlCommandoBuildException In case of an error
*/
- public static ObjectNode createRedirectCommandParameters(final String url,
- final ObjectNode command, final ObjectNode signedCommand, final Boolean ipcRedirect)
- throws SlCommandoBuildException {
+ public static ObjectNode createRedirectCommandParameters(final String url, final ObjectNode command,
+ final ObjectNode signedCommand, final Boolean ipcRedirect) throws SlCommandoBuildException {
final ObjectNode redirectReqParams = mapper.getMapper().createObjectNode();
addOnlyOnceOfTwo(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND,
SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, command, signedCommand);
- addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL,
- url, false);
- addSingleBooleanElement(redirectReqParams,
- SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT, ipcRedirect, false);
+ addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, url, false);
+ addSingleBooleanElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT,
+ ipcRedirect, false);
return redirectReqParams;
}
@@ -162,26 +158,21 @@ public class SL20JsonBuilderUtils {
/**
* Create parameters for Call command.
*
- * @param url http URL for Call command
- * @param method http method used by call commando result
+ * @param url http URL for Call command
+ * @param method http method used by call commando result
* @param includeTransactionId TransactionId
- * @param reqParameters Request parameters on CALL command
+ * @param reqParameters Request parameters on CALL command
* @return JSON
* @throws SlCommandoBuildException In case of an error
*/
public static ObjectNode createCallCommandParameters(final String url, final String method,
- final Boolean includeTransactionId, final Map<String, String> reqParameters)
- throws SlCommandoBuildException {
+ final Boolean includeTransactionId, final Map<String, String> reqParameters) throws SlCommandoBuildException {
final ObjectNode callReqParams = mapper.getMapper().createObjectNode();
- addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url,
- true);
- addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD,
- method, true);
- addSingleBooleanElement(callReqParams,
- SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, includeTransactionId,
- false);
- addArrayOfStringElements(callReqParams,
- SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters);
+ addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, true);
+ addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, method, true);
+ addSingleBooleanElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID,
+ includeTransactionId, false);
+ addArrayOfStringElements(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters);
return callReqParams;
}
@@ -190,17 +181,15 @@ public class SL20JsonBuilderUtils {
* Create result for Error command.
*
* @param errorCode Error-Code
- * @param errorMsg Error-message
+ * @param errorMsg Error-message
* @return JSON
* @throws SlCommandoBuildException In case of an error
*/
public static ObjectNode createErrorCommandResult(final String errorCode, final String errorMsg)
throws SlCommandoBuildException {
final ObjectNode result = mapper.getMapper().createObjectNode();
- addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE,
- errorCode, true);
- addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE,
- errorMsg, true);
+ addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, errorCode, true);
+ addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, errorMsg, true);
return result;
}
@@ -208,20 +197,21 @@ public class SL20JsonBuilderUtils {
/**
* Create parameters for qualifiedeID command.
*
- * @param consentTemplateId Identifier of the template that is used for consent visualization
- * @param consent Consent that has to be signed by user
- * @param dataUrl DataURL for result
- * @param x5cEnc Response encryption certificate
+ * @param consentTemplateId Identifier of the template that is used for consent
+ * visualization
+ * @param consent Consent that has to be signed by user
+ * @param dataUrl DataURL for result
+ * @param x5cEnc Response encryption certificate
* @return JSON
- * @throws CertificateEncodingException In case of a encryption certificate encoding problem
- * @throws SlCommandoBuildException In case of a generel error
+ * @throws CertificateEncodingException In case of a encryption certificate
+ * encoding problem
+ * @throws SlCommandoBuildException In case of a generel error
*/
- public static ObjectNode createQualifiedeEidConsent(final String consentTemplateId,
- final byte[] consent, final String dataUrl, final X509Certificate x5cEnc)
+ public static ObjectNode createQualifiedeEidConsent(final String consentTemplateId, final byte[] consent,
+ final String dataUrl, final X509Certificate x5cEnc)
throws CertificateEncodingException, SlCommandoBuildException {
final ObjectNode params = mapper.getMapper().createObjectNode();
- addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENTTEMPLATEID,
- consentTemplateId, true);
+ addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENTTEMPLATEID, consentTemplateId, true);
addSingleByteElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENT, consent, true);
addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true);
addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false);
@@ -229,28 +219,26 @@ public class SL20JsonBuilderUtils {
}
-
/**
* Create parameters for qualifiedeID command.
*
- * @param authBlockId AuthBlock transformation Id
- * @param dataUrl DataURL for result
- * @param additionalReqParameters additional parameters
- * @param x5cEnc Response encryption certificate
+ * @param authBlockId AuthBlock transformation Id
+ * @param dataUrl DataURL for result
+ * @param additionalReqParameters additional parameters
+ * @param x5cEnc Response encryption certificate
* @return JSON
- * @throws CertificateEncodingException In case of a encryption certificate encoding problem
- * @throws SlCommandoBuildException In case of a generel error
+ * @throws CertificateEncodingException In case of a encryption certificate
+ * encoding problem
+ * @throws SlCommandoBuildException In case of a generel error
*/
@Deprecated
- public static ObjectNode createQualifiedEidCommandParameters(final String authBlockId,
- final String dataUrl, final Map<String, String> additionalReqParameters,
- final X509Certificate x5cEnc) throws CertificateEncodingException, SlCommandoBuildException {
+ public static ObjectNode createQualifiedEidCommandParameters(final String authBlockId, final String dataUrl,
+ final Map<String, String> additionalReqParameters, final X509Certificate x5cEnc)
+ throws CertificateEncodingException, SlCommandoBuildException {
final ObjectNode params = mapper.getMapper().createObjectNode();
- addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId,
- true);
+ addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, true);
addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true);
- addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES,
- additionalReqParameters);
+ addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, additionalReqParameters);
addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false);
return params;
@@ -259,10 +247,10 @@ public class SL20JsonBuilderUtils {
/**
* Create result for qualifiedeID command.
*
- * @param idl IdentityLink
+ * @param idl IdentityLink
* @param authBlock AuthBlock
- * @param ccsUrl VDA URL
- * @param loa LoA
+ * @param ccsUrl VDA URL
+ * @param loa LoA
* @return JSON
* @throws SlCommandoBuildException In case of an error
*/
@@ -270,57 +258,45 @@ public class SL20JsonBuilderUtils {
final String ccsUrl, final String loa) throws SlCommandoBuildException {
final ObjectNode result = mapper.getMapper().createObjectNode();
addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, idl, true);
- addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock,
- true);
- addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsUrl,
- true);
+ addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, true);
+ addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsUrl, true);
addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, loa, true);
return result;
}
-
/**
* Create Binding-Key command parameters.
*
- * @param kontoId KontoId
- * @param subjectName SubjectName
- * @param keySize KeySize
- * @param keyAlg Key-algorithm
- * @param policies Key policy
- * @param dataUrl DataURL
- * @param x5cVdaTrust trusted certificate from VDA
+ * @param kontoId KontoId
+ * @param subjectName SubjectName
+ * @param keySize KeySize
+ * @param keyAlg Key-algorithm
+ * @param policies Key policy
+ * @param dataUrl DataURL
+ * @param x5cVdaTrust trusted certificate from VDA
* @param reqUserPassword User passwort initialize request
- * @param x5cEnc Result encryption certificate
+ * @param x5cEnc Result encryption certificate
* @return JSON
- * @throws SlCommandoBuildException in case of an errr
+ * @throws SlCommandoBuildException in case of an errr
* @throws CertificateEncodingException In case of a certificate error
*/
- public static ObjectNode createBindingKeyCommandParams(final String kontoId,
- final String subjectName, final int keySize, final String keyAlg,
- final Map<String, String> policies, final String dataUrl, final X509Certificate x5cVdaTrust,
- final Boolean reqUserPassword, final X509Certificate x5cEnc)
+ public static ObjectNode createBindingKeyCommandParams(final String kontoId, final String subjectName,
+ final int keySize, final String keyAlg, final Map<String, String> policies, final String dataUrl,
+ final X509Certificate x5cVdaTrust, final Boolean reqUserPassword, final X509Certificate x5cEnc)
throws SlCommandoBuildException, CertificateEncodingException {
final ObjectNode params = mapper.getMapper().createObjectNode();
- addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId,
- true);
- addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName,
- true);
- addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH,
- keySize, true);
- addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg,
- true);
- addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES,
- policies);
- addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl,
- true);
- addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST,
- x5cVdaTrust, false);
- addSingleBooleanElement(params,
- SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD, reqUserPassword,
+ addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, true);
+ addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, true);
+ addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, keySize, true);
+ addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg, true);
+ addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES, policies);
+ addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl, true);
+ addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST, x5cVdaTrust,
false);
- addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC,
- x5cEnc, false);
+ addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD,
+ reqUserPassword, false);
+ addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC, x5cEnc, false);
return params;
}
@@ -328,27 +304,24 @@ public class SL20JsonBuilderUtils {
/**
* Create Binding-Key command result.
*
- * @param appId AppId
- * @param csr CSR
- * @param attCert Key-Attestation certificate
+ * @param appId AppId
+ * @param csr CSR
+ * @param attCert Key-Attestation certificate
* @param password user's password
* @return JSON
- * @throws SlCommandoBuildException In case of an error
- * @throws CertificateEncodingException In case of a certificate processing error
+ * @throws SlCommandoBuildException In case of an error
+ * @throws CertificateEncodingException In case of a certificate processing
+ * error
*/
public static ObjectNode createBindingKeyCommandResult(final String appId, final byte[] csr,
final X509Certificate attCert, final byte[] password)
throws SlCommandoBuildException, CertificateEncodingException {
final ObjectNode result = mapper.getMapper().createObjectNode();
- addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID,
- appId, true);
- addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr,
- true);
+ addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, appId, true);
+ addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, true);
addSingleCertificateElement(result,
- SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert,
- false);
- addSingleByteElement(result,
- SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false);
+ SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, false);
+ addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false);
return result;
}
@@ -356,19 +329,18 @@ public class SL20JsonBuilderUtils {
/**
* Create Store Binding-Certificate command parameters.
*
- * @param cert Certificate
+ * @param cert Certificate
* @param dataUrl DATA URL
* @return JSON
- * @throws CertificateEncodingException In case of a certificate processing error
- * @throws SlCommandoBuildException In case of a error
+ * @throws CertificateEncodingException In case of a certificate processing
+ * error
+ * @throws SlCommandoBuildException In case of a error
*/
- public static ObjectNode createStoreBindingCertCommandParams(final X509Certificate cert,
- final String dataUrl) throws CertificateEncodingException, SlCommandoBuildException {
+ public static ObjectNode createStoreBindingCertCommandParams(final X509Certificate cert, final String dataUrl)
+ throws CertificateEncodingException, SlCommandoBuildException {
final ObjectNode params = mapper.getMapper().createObjectNode();
- addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE,
- cert, true);
- addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl,
- true);
+ addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, cert, true);
+ addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, true);
return params;
}
@@ -379,8 +351,7 @@ public class SL20JsonBuilderUtils {
* @return JSON
* @throws SlCommandoBuildException In case of an error
*/
- public static ObjectNode createStoreBindingCertCommandSuccessResult()
- throws SlCommandoBuildException {
+ public static ObjectNode createStoreBindingCertCommandSuccessResult() throws SlCommandoBuildException {
final ObjectNode result = mapper.getMapper().createObjectNode();
addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS,
SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE, true);
@@ -388,27 +359,23 @@ public class SL20JsonBuilderUtils {
}
-
/**
* Create idAndPassword command parameters.
*
- * @param keyAlg key algorithm
+ * @param keyAlg key algorithm
* @param dataUrl DATA Url
- * @param x5cEnc result encryption certificate
+ * @param x5cEnc result encryption certificate
* @return JSON
- * @throws SlCommandoBuildException In case of an error
- * @throws CertificateEncodingException In case of a certificate processing error
+ * @throws SlCommandoBuildException In case of an error
+ * @throws CertificateEncodingException In case of a certificate processing
+ * error
*/
- public static ObjectNode createIdAndPasswordCommandParameters(final String keyAlg,
- final String dataUrl, final X509Certificate x5cEnc)
- throws SlCommandoBuildException, CertificateEncodingException {
+ public static ObjectNode createIdAndPasswordCommandParameters(final String keyAlg, final String dataUrl,
+ final X509Certificate x5cEnc) throws SlCommandoBuildException, CertificateEncodingException {
final ObjectNode params = mapper.getMapper().createObjectNode();
- addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG,
- keyAlg, true);
- addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL,
- dataUrl, true);
- addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC,
- x5cEnc, false);
+ addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, keyAlg, true);
+ addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, dataUrl, true);
+ addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, x5cEnc, false);
return params;
}
@@ -416,18 +383,17 @@ public class SL20JsonBuilderUtils {
/**
* Create idAndPassword command result.
*
- * @param kontoId User's Id
+ * @param kontoId User's Id
* @param password User's password
* @return JSON
* @throws SlCommandoBuildException In case of an error
*/
- public static ObjectNode createIdAndPasswordCommandResult(final String kontoId,
- final byte[] password) throws SlCommandoBuildException {
+ public static ObjectNode createIdAndPasswordCommandResult(final String kontoId, final byte[] password)
+ throws SlCommandoBuildException {
final ObjectNode result = mapper.getMapper().createObjectNode();
- addSingleStringElement(result,
- SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true);
- addSingleByteElement(result,
- SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, true);
+ addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true);
+ addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password,
+ true);
return result;
}
@@ -435,25 +401,20 @@ public class SL20JsonBuilderUtils {
/**
* Create JWS Token Authentication command.
*
- * @param nonce nonce that should be signed
- * @param dataUrl Data URL
+ * @param nonce nonce that should be signed
+ * @param dataUrl Data URL
* @param displayData Data that should be displayed
* @param displayUrl URL to data that should be displayed
* @return JSON
* @throws SlCommandoBuildException In case of an error
*/
public static ObjectNode createJwsTokenAuthCommandParams(final String nonce, final String dataUrl,
- final List<String> displayData, final List<String> displayUrl)
- throws SlCommandoBuildException {
+ final List<String> displayData, final List<String> displayUrl) throws SlCommandoBuildException {
final ObjectNode params = mapper.getMapper().createObjectNode();
- addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce,
- true);
- addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl,
- true);
- addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA,
- displayData);
- addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL,
- displayUrl);
+ addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, true);
+ addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, true);
+ addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, displayData);
+ addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL, displayUrl);
return params;
}
@@ -465,22 +426,19 @@ public class SL20JsonBuilderUtils {
* @return JSON
* @throws SlCommandoBuildException In case of an error
*/
- public static ObjectNode createJwsTokenAuthCommandResult(final String nonce)
- throws SlCommandoBuildException {
+ public static ObjectNode createJwsTokenAuthCommandResult(final String nonce) throws SlCommandoBuildException {
final ObjectNode result = mapper.getMapper().createObjectNode();
- addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE,
- nonce, true);
+ addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, nonce, true);
return result;
}
-
/**
* Create Generic Request Container.
*
- * @param reqId RequestId
+ * @param reqId RequestId
* @param transactionId TransactionId
- * @param payLoad unsigned payload
+ * @param payLoad unsigned payload
* @param signedPayload Signed payload
* @return JSON
* @throws SlCommandoBuildException In case of an error
@@ -488,12 +446,10 @@ public class SL20JsonBuilderUtils {
public static ObjectNode createGenericRequest(final String reqId, final String transactionId,
final ObjectNode payLoad, final String signedPayload) throws SlCommandoBuildException {
final ObjectNode req = mapper.getMapper().createObjectNode();
- addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION,
- true);
+ addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true);
addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false);
- addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad,
- signedPayload);
+ addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, signedPayload);
return req;
}
@@ -501,32 +457,29 @@ public class SL20JsonBuilderUtils {
/**
* Create Generic Response Container.
*
- * @param respId Response Id
- * @param inResponseTo RequestId to this response
+ * @param respId Response Id
+ * @param inResponseTo RequestId to this response
* @param transactionId transactionId
- * @param payLoad Unsigned payload
+ * @param payLoad Unsigned payload
* @param signedPayload Signed payload
* @return JSON
* @throws SlCommandoBuildException In case of an error
*/
- public static final ObjectNode createGenericResponse(final String respId,
- final String inResponseTo, final String transactionId, final ObjectNode payLoad,
- final String signedPayload) throws SlCommandoBuildException {
+ public static final ObjectNode createGenericResponse(final String respId, final String inResponseTo,
+ final String transactionId, final ObjectNode payLoad, final String signedPayload)
+ throws SlCommandoBuildException {
final ObjectNode req = mapper.getMapper().createObjectNode();
- addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION,
- true);
+ addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true);
addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, false);
addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false);
- addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad,
- signedPayload);
+ addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, signedPayload);
return req;
}
- private static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId,
- final String secondKeyId, final ObjectNode first, final ObjectNode second)
- throws SlCommandoBuildException {
+ private static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, final String secondKeyId,
+ final ObjectNode first, final ObjectNode second) throws SlCommandoBuildException {
if (first == null && second == null) {
throw new SlCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL");
} else if (first != null && second != null) {
@@ -542,18 +495,18 @@ public class SL20JsonBuilderUtils {
/**
* Add one element of two possible elements <br>
- * This method adds either the first element or the second element to parent JSON, but never both.
+ * This method adds either the first element or the second element to parent
+ * JSON, but never both.
*
- * @param parent Parent JSON element
- * @param firstKeyId first element Id
+ * @param parent Parent JSON element
+ * @param firstKeyId first element Id
* @param secondKeyId second element Id
- * @param first first element
- * @param second second element
+ * @param first first element
+ * @param second second element
* @throws SlCommandoBuildException In case of an error.
*/
- public static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId,
- final String secondKeyId, final ObjectNode first, final String second)
- throws SlCommandoBuildException {
+ public static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, final String secondKeyId,
+ final ObjectNode first, final String second) throws SlCommandoBuildException {
if (first == null && (second == null || second.isEmpty())) {
throw new SlCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL");
} else if (first != null && second != null) {
@@ -567,34 +520,25 @@ public class SL20JsonBuilderUtils {
}
}
-
-
// TODO!!!!
- private static ObjectNode createJsonSignedHeader()
- throws SlCommandoBuildException {
+ private static ObjectNode createJsonSignedHeader() throws SlCommandoBuildException {
final ObjectNode header = mapper.getMapper().createObjectNode();
- addSingleStringElement(header, SL20Constants.JSON_ALGORITHM,
- SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true);
- addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE,
- SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true);
- addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE,
- Arrays.asList(Constants.DUMMY_SIGNING_CERT));
+ addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true);
+ addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true);
+ addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, Arrays.asList(Constants.DUMMY_SIGNING_CERT));
return header;
}
// TODO!!!!
- private static ObjectNode createJsonEncryptionHeader()
- throws SlCommandoBuildException {
+ private static ObjectNode createJsonEncryptionHeader() throws SlCommandoBuildException {
final ObjectNode header = mapper.getMapper().createObjectNode();
- addSingleStringElement(header, SL20Constants.JSON_ALGORITHM,
- SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true);
+ addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true);
addSingleStringElement(header, SL20Constants.JSON_ENCRYPTION_PAYLOAD,
SL20Constants.JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, true);
- addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE,
- SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, true);
- addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT,
- Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true);
+ addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT,
+ true);
+ addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT, Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true);
return header;
}
@@ -605,14 +549,11 @@ public class SL20JsonBuilderUtils {
+ " AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4\n"
+ " BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K\n"
+ " 0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv\n"
- + " hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n"
- + " p0igcN_IoypGlUPQGe77Rw";
+ + " hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n" + " p0igcN_IoypGlUPQGe77Rw";
}
-
-
- private static void addArrayOfStrings(final ObjectNode parent, final String keyId,
- final List<String> values) throws SlCommandoBuildException {
+ private static void addArrayOfStrings(final ObjectNode parent, final String keyId, final List<String> values)
+ throws SlCommandoBuildException {
validateParentAndKey(parent, keyId);
if (values != null) {
final ArrayNode callReqParamsArray = mapper.getMapper().createArrayNode();
@@ -624,7 +565,6 @@ public class SL20JsonBuilderUtils {
}
}
-
private static void addArrayOfStringElements(final ObjectNode parent, final String keyId,
final Map<String, String> keyValuePairs) throws SlCommandoBuildException {
validateParentAndKey(parent, keyId);
@@ -652,10 +592,8 @@ public class SL20JsonBuilderUtils {
}
-
-
- private static void addSingleByteElement(final ObjectNode parent, final String keyId,
- final byte[] value, final boolean isRequired) throws SlCommandoBuildException {
+ private static void addSingleByteElement(final ObjectNode parent, final String keyId, final byte[] value,
+ final boolean isRequired) throws SlCommandoBuildException {
validateParentAndKey(parent, keyId);
if (isRequired && value == null) {
@@ -666,8 +604,8 @@ public class SL20JsonBuilderUtils {
}
- private static void addSingleBooleanElement(final ObjectNode parent, final String keyId,
- final Boolean value, final boolean isRequired) throws SlCommandoBuildException {
+ private static void addSingleBooleanElement(final ObjectNode parent, final String keyId, final Boolean value,
+ final boolean isRequired) throws SlCommandoBuildException {
validateParentAndKey(parent, keyId);
if (isRequired && value == null) {
@@ -678,8 +616,8 @@ public class SL20JsonBuilderUtils {
}
- private static void addSingleNumberElement(final ObjectNode parent, final String keyId,
- final Integer value, final boolean isRequired) throws SlCommandoBuildException {
+ private static void addSingleNumberElement(final ObjectNode parent, final String keyId, final Integer value,
+ final boolean isRequired) throws SlCommandoBuildException {
validateParentAndKey(parent, keyId);
if (isRequired && value == null) {
@@ -690,8 +628,8 @@ public class SL20JsonBuilderUtils {
}
- private static void addSingleStringElement(final ObjectNode parent, final String keyId,
- final String value, final boolean isRequired) throws SlCommandoBuildException {
+ private static void addSingleStringElement(final ObjectNode parent, final String keyId, final String value,
+ final boolean isRequired) throws SlCommandoBuildException {
validateParentAndKey(parent, keyId);
if (isRequired && (value == null || value.isEmpty())) {
@@ -702,8 +640,8 @@ public class SL20JsonBuilderUtils {
}
- private static void addSingleIntegerElement(final ObjectNode parent, final String keyId,
- final Integer value, final boolean isRequired) throws SlCommandoBuildException {
+ private static void addSingleIntegerElement(final ObjectNode parent, final String keyId, final Integer value,
+ final boolean isRequired) throws SlCommandoBuildException {
validateParentAndKey(parent, keyId);
if (isRequired && value == null) {
@@ -714,8 +652,8 @@ public class SL20JsonBuilderUtils {
}
- private static void addSingleJsonElement(final ObjectNode parent, final String keyId,
- final ObjectNode element, final boolean isRequired) throws SlCommandoBuildException {
+ private static void addSingleJsonElement(final ObjectNode parent, final String keyId, final ObjectNode element,
+ final boolean isRequired) throws SlCommandoBuildException {
validateParentAndKey(parent, keyId);
if (isRequired && element == null) {
@@ -726,8 +664,6 @@ public class SL20JsonBuilderUtils {
}
-
-
private static void validateParentAndKey(final ObjectNode parent, final String keyId)
throws SlCommandoBuildException {
if (parent == null) {
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
index d4e1490d..eb6de461 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
@@ -7,9 +7,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
-import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
@@ -18,25 +16,29 @@ import org.apache.http.util.EntityUtils;
import org.jose4j.base64url.Base64Url;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+
public class SL20JsonExtractorUtils {
private static final Logger log = LoggerFactory.getLogger(SL20JsonExtractorUtils.class);
private static JsonMapper mapper = new JsonMapper();
-
/**
* Extract String value from JSON.
*
- * @param input JSON
- * @param keyID Element identifier
+ * @param input JSON
+ * @param keyID Element identifier
* @param isRequired true, if the element must not null
* @return Value of this element
* @throws SlCommandoParserException In case an error
*/
- public static String getStringValue(final JsonNode input, final String keyID,
- final boolean isRequired) throws SlCommandoParserException {
+ public static String getStringValue(final JsonNode input, final String keyID, final boolean isRequired)
+ throws SlCommandoParserException {
try {
final JsonNode internal = getAndCheck(input, keyID, isRequired);
@@ -58,14 +60,14 @@ public class SL20JsonExtractorUtils {
/**
* Extract Boolean value from JSON.
*
- * @param input JSON
- * @param keyID Element identifier
+ * @param input JSON
+ * @param keyID Element identifier
* @param isRequired true, if the element must not null
* @return Boolean
* @throws SlCommandoParserException In case of an error
*/
- public static boolean getBooleanValue(final ObjectNode input, final String keyID,
- final boolean isRequired, final boolean defaultValue) throws SlCommandoParserException {
+ public static boolean getBooleanValue(final ObjectNode input, final String keyID, final boolean isRequired,
+ final boolean defaultValue) throws SlCommandoParserException {
try {
final JsonNode internal = getAndCheck(input, keyID, isRequired);
@@ -87,14 +89,14 @@ public class SL20JsonExtractorUtils {
/**
* Extract JSONObject value from JSON.
*
- * @param input JSON
- * @param keyID Element identifier
+ * @param input JSON
+ * @param keyID Element identifier
* @param isRequired true, if the element must not null
* @return JSON node
* @throws SlCommandoParserException In case of an error
*/
- public static JsonNode getJsonObjectValue(final JsonNode input, final String keyID,
- final boolean isRequired) throws SlCommandoParserException {
+ public static JsonNode getJsonObjectValue(final JsonNode input, final String keyID, final boolean isRequired)
+ throws SlCommandoParserException {
try {
final JsonNode internal = getAndCheck(input, keyID, isRequired);
@@ -120,8 +122,7 @@ public class SL20JsonExtractorUtils {
* @return List of Elements in this node
* @throws SlCommandoParserException In case of an error
*/
- public static List<String> getListOfStringElements(final JsonNode input)
- throws SlCommandoParserException {
+ public static List<String> getListOfStringElements(final JsonNode input) throws SlCommandoParserException {
final List<String> result = new ArrayList<>();
if (input != null) {
if (input.isArray()) {
@@ -149,8 +150,8 @@ public class SL20JsonExtractorUtils {
/**
* Extract Map of Key/Value pairs from a JSON Element.
*
- * @param input parent JSON object
- * @param keyID KeyId of the child that should be parsed
+ * @param input parent JSON object
+ * @param keyID KeyId of the child that should be parsed
* @param isRequired true, if the element must not null
* @return Map of element pairs
* @throws SlCommandoParserException In case of an error
@@ -169,8 +170,7 @@ public class SL20JsonExtractorUtils {
* @return Map of element pairs
* @throws SlCommandoParserException in case of an error
*/
- public static Map<String, String> getMapOfStringElements(final JsonNode input)
- throws SlCommandoParserException {
+ public static Map<String, String> getMapOfStringElements(final JsonNode input) throws SlCommandoParserException {
final Map<String, String> result = new HashMap<>();
if (input != null) {
@@ -196,13 +196,11 @@ public class SL20JsonExtractorUtils {
return result;
}
- private static void entitySetToMap(final Map<String, String> result,
- final Iterator<Entry<String, JsonNode>> entry) {
+ private static void entitySetToMap(final Map<String, String> result, final Iterator<Entry<String, JsonNode>> entry) {
while (entry.hasNext()) {
final Entry<String, JsonNode> el = entry.next();
if (result.containsKey(el.getKey())) {
- log.info("Attr. Map already contains Element with Key: " + el.getKey()
- + ". Overwrite element ... ");
+ log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... ");
}
result.put(el.getKey(), el.getValue().asText());
@@ -211,12 +209,11 @@ public class SL20JsonExtractorUtils {
}
-
/**
* Extract Security-Layer 2.0 result from response object.
*
- * @param command SL2.0 command
- * @param decrypter JWS decrypter implementation
+ * @param command SL2.0 command
+ * @param decrypter JWS decrypter implementation
* @param mustBeEncrypted if <code>true</code>, the result must be encrypted
* @return decrypted JSON
* @throws SL20Exception In case of an error
@@ -224,8 +221,7 @@ public class SL20JsonExtractorUtils {
public static JsonNode extractSL20Result(final JsonNode command, final IJoseTools decrypter,
final boolean mustBeEncrypted) throws SL20Exception {
final JsonNode result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT);
- final JsonNode encryptedResult =
- command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT);
+ final JsonNode encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT);
if (result == null && encryptedResult == null) {
throw new SlCommandoParserException("NO result OR encryptedResult FOUND.");
@@ -238,8 +234,7 @@ public class SL20JsonExtractorUtils {
} catch (final Exception e) {
log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage());
if (!mustBeEncrypted) {
- log.warn(
- "Decrypted results are disabled by configuration. Parse result in plain if it is possible");
+ log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible");
// dummy code
try {
@@ -267,7 +262,6 @@ public class SL20JsonExtractorUtils {
throw new SlCommandoParserException("Internal build error");
}
-
}
/**
@@ -278,8 +272,8 @@ public class SL20JsonExtractorUtils {
* @return Signature verification result that contains the payLoad
* @throws SlCommandoParserException In case of an error
*/
- public static VerificationResult extractSL20PayLoad(final JsonNode container,
- final IJoseTools joseTools, final boolean mustBeSigned) throws SL20Exception {
+ public static VerificationResult extractSL20PayLoad(final JsonNode container, final IJoseTools joseTools,
+ final boolean mustBeSigned) throws SL20Exception {
final JsonNode sl20Payload = container.get(SL20Constants.SL20_PAYLOAD);
final JsonNode sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD);
@@ -301,10 +295,8 @@ public class SL20JsonExtractorUtils {
throw new SlCommandoParserException("Internal build error");
}
-
}
-
/**
* Extract generic transport container from httpResponse.
*
@@ -312,19 +304,16 @@ public class SL20JsonExtractorUtils {
* @return JSON with SL2.0 response
* @throws SlCommandoParserException In case of an error
*/
- public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp)
- throws SlCommandoParserException {
+ public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp) throws SlCommandoParserException {
try {
JsonNode sl20Resp = null;
- if (httpResp.getStatusLine().getStatusCode() == 303
- || httpResp.getStatusLine().getStatusCode() == 307) {
+ if (httpResp.getStatusLine().getStatusCode() == 303 || httpResp.getStatusLine().getStatusCode() == 307) {
final Header[] locationHeader = httpResp.getHeaders("Location");
if (locationHeader == null) {
throw new SlCommandoParserException("Find Redirect statuscode but not Location header");
}
- final String sl20RespString =
- new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
+ final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
sl20Resp = mapper.getMapper().readTree(Base64Url.decode(sl20RespString));
} else if (httpResp.getStatusLine().getStatusCode() == 200) {
@@ -333,16 +322,15 @@ public class SL20JsonExtractorUtils {
}
if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) {
- throw new SlCommandoParserException("SL20 response with a wrong ContentType: "
- + httpResp.getEntity().getContentType().getValue());
+ throw new SlCommandoParserException(
+ "SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue());
}
sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
- } else if (httpResp.getStatusLine().getStatusCode() == 500
- || httpResp.getStatusLine().getStatusCode() == 401
+ } else if (httpResp.getStatusLine().getStatusCode() == 500 || httpResp.getStatusLine().getStatusCode() == 401
|| httpResp.getStatusLine().getStatusCode() == 400) {
- log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()
- + ". Search for error message");
+ log.info(
+ "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + ". Search for error message");
try {
sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
@@ -354,8 +342,6 @@ public class SL20JsonExtractorUtils {
}
-
-
} else {
throw new SlCommandoParserException(
"SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode());
@@ -365,8 +351,7 @@ public class SL20JsonExtractorUtils {
return sl20Resp;
} catch (final Exception e) {
- throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(),
- e);
+ throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e);
}
}
@@ -384,21 +369,18 @@ public class SL20JsonExtractorUtils {
throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object");
}
-
} else {
throw new SlCommandoParserException("Can NOT find content in http response");
}
}
-
- private static JsonNode getAndCheck(final JsonNode input, final String keyID,
- final boolean isRequired) throws SlCommandoParserException {
+ private static JsonNode getAndCheck(final JsonNode input, final String keyID, final boolean isRequired)
+ throws SlCommandoParserException {
final JsonNode internal = input.get(keyID);
if (internal == null && isRequired) {
- throw new SlCommandoParserException(
- "REQUIRED Element with keyId: " + keyID + " does not exist");
+ throw new SlCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist");
}
return internal;
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java
index 155bfadd..67e9e29d 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java
@@ -1,8 +1,9 @@
package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api;
import java.util.List;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException;
public interface ISignatureVerificationService {
@@ -10,80 +11,89 @@ public interface ISignatureVerificationService {
/**
* Verify a CAdES or CMS signature. <br>
* <br>
- * <i>This method only validates the first CMS or CAdES signature if more than one signature
- * exists</i>
+ * <i>This method only validates the first CMS or CAdES signature if more than
+ * one signature exists</i>
*
- * @param signature Enveloped CMS or CAdES signature
+ * @param signature Enveloped CMS or CAdES signature
* @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
- * @return @link {@link ICMSSignatureVerificationResponse}, or null if no signature was found
+ * @return @link {@link ICmsSignatureVerificationResponse}, or null if no
+ * signature was found
* @throws MoaSigServiceException on signatue-verification error
*/
- ICMSSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID)
+ ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID)
throws MoaSigServiceException;
-
-
/**
* Verify a XML or XAdES signature. <br>
* <br>
- * <i>This method only validates the first XML or XAdES signature if more than one signature
- * exists</i>
+ * <i>This method only validates the first XML or XAdES signature if more than
+ * one signature exists</i>
*
- * @param signature Serialized XML or XAdES signature
+ * @param signature Serialized XML or XAdES signature
* @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
- * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found
+ * @return @link {@link IXmlSignatureVerificationResponse}, or null if no
+ * signature was found
* @throws MoaSigServiceException on signatue-verification error
*/
- IXMLSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID)
+ IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID)
throws MoaSigServiceException;
/**
* Verify a XML or XAdES signature. <br>
* <br>
- * <i>This method only validates the first XML or XAdES signature if more than one signature
- * exists</i>
+ * <i>This method only validates the first XML or XAdES signature if more than
+ * one signature exists</i>
*
- * @param signature Serialized XML or XAdES signature
- * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
- * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that should be used
- * for signature-verification
- * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found
+ * @param signature Serialized XML or XAdES signature
+ * @param trustProfileID Id of the Trust-Profile from MOA-Sig
+ * configuration
+ * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that
+ * should be used for
+ * signature-verification
+ * @return @link {@link IXmlSignatureVerificationResponse}, or null if no
+ * signature was found
* @throws MoaSigServiceException on signatue-verification error
*/
- IXMLSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
+ IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
List<String> verifyTransformsInfoProfileID) throws MoaSigServiceException;
-
/**
* Verify a XML or XAdES signature. <br>
* <br>
- * <i>This method only validates the first XML or XAdES signature if more than one signature
- * exists</i>
+ * <i>This method only validates the first XML or XAdES signature if more than
+ * one signature exists</i>
*
- * @param signature Serialized XML or XAdES signature
- * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
- * @param signatureLocationXpath Xpath that points to location of Signature element
- * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found
+ * @param signature Serialized XML or XAdES signature
+ * @param trustProfileID Id of the Trust-Profile from MOA-Sig
+ * configuration
+ * @param signatureLocationXpath Xpath that points to location of Signature
+ * element
+ * @return @link {@link IXmlSignatureVerificationResponse}, or null if no
+ * signature was found
* @throws MoaSigServiceException on signatue-verification error
*/
- IXMLSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
+ IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
String signatureLocationXpath) throws MoaSigServiceException;
/**
* Verify a XML or XAdES signature. <br>
* <br>
- * <i>This method only validates the first XML or XAdES signature if more than one signature
- * exists</i>
+ * <i>This method only validates the first XML or XAdES signature if more than
+ * one signature exists</i>
*
- * @param signature Serialized XML or XAdES signature
- * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
- * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that should be used
- * for signature-verification
- * @param signatureLocationXpath Xpath that points to location of Signature element
- * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found
+ * @param signature Serialized XML or XAdES signature
+ * @param trustProfileID Id of the Trust-Profile from MOA-Sig
+ * configuration
+ * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that
+ * should be used for
+ * signature-verification
+ * @param signatureLocationXpath Xpath that points to location of
+ * Signature element
+ * @return @link {@link IXmlSignatureVerificationResponse}, or null if no
+ * signature was found
* @throws MoaSigServiceException on signatue-verification error
*/
- IXMLSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
+ IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
List<String> verifyTransformsInfoProfileID, String signatureLocationXpath)
throws MoaSigServiceException;
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICMSSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java
index 57426751..5e7a4564 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICMSSignatureVerificationResponse.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java
@@ -1,5 +1,5 @@
package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data;
-public interface ICMSSignatureVerificationResponse extends IGenericSignatureVerificationResponse {
+public interface ICmsSignatureVerificationResponse extends IGenericSignatureVerificationResponse {
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java
index 13a9b08f..8ebd90be 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java
@@ -1,18 +1,17 @@
package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data;
-import iaik.x509.X509Certificate;
import java.util.Date;
import org.springframework.lang.Nullable;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException;
-
+import iaik.x509.X509Certificate;
public interface IGenericSignatureVerificationResponse {
/**
- * Returns the signing time
- *
+ * Returns the signing time.
+ *
* @return Signing time, or null if signature contains no time information
*/
@Nullable
@@ -20,53 +19,53 @@ public interface IGenericSignatureVerificationResponse {
/**
* Returns the signatureCheckCode.
- *
+ *
* @return int
*/
int getSignatureCheckCode();
/**
* Returns the certificateCheckCode.
- *
+ *
* @return int
*/
int getCertificateCheckCode();
/**
* Returns the qualifiedCertificate.
- *
+ *
* @return boolean
*/
boolean isQualifiedCertificate();
/**
* Returns the X509 certificate.
- *
+ *
* @return X509Certificate, or null if no certificate information exists
* @throws MoaSigServiceException if X509 certificate can not be deserialized
*/
@Nullable
X509Certificate getX509Certificate() throws MoaSigServiceException;
-
/**
- * Returns the X509 certificate in serialized form
- *
- * @return Serialized X509 certificate, or null if no certificate information exists
+ * Returns the X509 certificate in serialized form.
+ *
+ * @return Serialized X509 certificate, or null if no certificate information
+ * exists
*/
@Nullable
byte[] getX509CertificateEncoded();
/**
* Returns the publicAuthority.
- *
+ *
* @return boolean
*/
boolean isPublicAuthority();
/**
* Returns the publicAuthorityCode.
- *
+ *
* @return String OID, or null if no OID exists
*/
@Nullable
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
index 49940ca5..17d5fa59 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java
@@ -4,7 +4,7 @@ import java.io.InputStream;
import java.util.Map;
/**
- * Inject additional XML schemes into MOA-Sig
+ * Inject additional XML schemes into MOA-Sig.
*
* @author tlenz
*
@@ -12,10 +12,10 @@ import java.util.Map;
public interface ISchemaRessourceProvider {
/**
- * Get a Map of additional XML schemes that should be injected into MOA-Sig
- *
- * @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme as
- * {@link InputStream}
+ * Get a Map of additional XML schemes that should be injected into MOA-Sig.
+ *
+ * @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme
+ * as {@link InputStream}
*/
Map<String, InputStream> getSchemas();
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXMLSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java
index 6273bb9e..5b766917 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXMLSignatureVerificationResponse.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java
@@ -1,34 +1,33 @@
package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data;
/**
+ * XML signature verification result.
+ *
* @author tlenz
*
*/
-public interface IXMLSignatureVerificationResponse extends IGenericSignatureVerificationResponse {
-
+public interface IXmlSignatureVerificationResponse extends IGenericSignatureVerificationResponse {
/**
* Returns the xmlDSIGManifestCheckCode.
- *
+ *
* @return int
*/
- int getXmlDSIGManifestCheckCode();
+ int getXmlDsigManifestCheckCode();
/**
* Returns the xmlDsigSubjectName.
- *
+ *
* @return String
*/
String getXmlDsigSubjectName();
-
/**
* Returns the xmlDSIGManigest.
- *
+ *
* @return boolean
*/
- boolean isXmlDSIGManigest();
-
+ boolean isXmlDsigManigest();
/**
* Returns the the resulting code of the signature manifest check.
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
index cbf80c39..d2cab2ef 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
@@ -3,6 +3,12 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.w3c.dom.Document;
+
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
@@ -10,10 +16,6 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.w3c.dom.Document;
public abstract class AbstractSignatureService {
private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class);
@@ -22,8 +24,9 @@ public abstract class AbstractSignatureService {
MoaSigInitializer moaSigConfig;
/**
- * Get a new {@link Document} from {@link DocumentBuilder} in synchronized form, because
- * {@link DocumentBuilderFactory} and {@link DocumentBuilder} are not thread-safe.
+ * Get a new {@link Document} from {@link DocumentBuilder} in synchronized form,
+ * because {@link DocumentBuilderFactory} and {@link DocumentBuilder} are not
+ * thread-safe.
*
* @return {@link Document}
* @throws ParserConfigurationException In case of an error
@@ -35,11 +38,11 @@ public abstract class AbstractSignatureService {
}
/**
- * Set up the thread-local context information needed for calling the various <code>Invoker</code>
- * classes.
+ * Set up the thread-local context information needed for calling the various
+ * <code>Invoker</code> classes.
*
- * @throws ConfigurationException An error occurred setting up the configuration in the
- * <code>TransactionContext</code>.
+ * @throws ConfigurationException An error occurred setting up the configuration
+ * in the <code>TransactionContext</code>.
*/
protected final void setUpContexts(final String transactionID) throws ConfigurationException {
final TransactionContextManager txMgr = TransactionContextManager.getInstance();
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java
index f0ee4612..77bbc88b 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java
@@ -6,8 +6,14 @@ import java.security.Provider;
import java.security.Security;
import java.util.Iterator;
import java.util.Map.Entry;
+
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ISchemaRessourceProvider;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceConfigurationException;
import at.gv.egovernment.moa.spss.MOAException;
@@ -15,9 +21,6 @@ import at.gv.egovernment.moa.spss.api.Configurator;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import at.gv.egovernment.moaspss.util.DOMUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
import iaik.asn1.structures.AlgorithmID;
import iaik.security.ec.provider.ECCelerate;
import iaik.security.provider.IAIK;
@@ -30,7 +33,6 @@ public class MoaSigInitializer {
private Configurator moaSigConfigurator;
-
/**
* Get MOA-Sig configuration object.
*
@@ -76,7 +78,6 @@ public class MoaSigInitializer {
}
-
// Inject additional XML schemes
if (schemas != null && schemas.length > 0) {
log.debug("Infjecting additional XML schemes ... ");
@@ -100,30 +101,29 @@ public class MoaSigInitializer {
moaSigConfigurator = Configurator.getInstance();
-
} catch (final MOAException e) {
log.error("MOA-SP initialization FAILED!", e.getWrapped());
throw new MoaSigServiceConfigurationException("service.moasig.04",
- new Object[] {e.toString()}, e);
+ new Object[] { e.toString() }, e);
}
-
}
private static void fixJava8_141ProblemWithSslAlgorithms() {
log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
- // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA",
+ // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[]
+ // { "MD5withRSA",
// "MD5/RSA", }, null, true);
new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption",
- new String[] {"SHA1withRSA", "SHA1/RSA", "SHA-1/RSA", "SHA/RSA",}, null, true);
+ new String[] { "SHA1withRSA", "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true);
new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption",
- new String[] {"SHA224withRSA", "SHA224/RSA", "SHA-224/RSA",}, null, true);
+ new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true);
new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption",
- new String[] {"SHA256withRSA", "SHA256/RSA", "SHA-256/RSA",}, null, true);
+ new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true);
new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption",
- new String[] {"SHA384withRSA", "SHA384/RSA", "SHA-384/RSA",}, null, true);
+ new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true);
new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption",
- new String[] {"SHA512withRSA", "SHA512/RSA", "SHA-512/RSA"}, null, true);
+ new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true);
log.info("Change AlgorithmIDs finished");
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java
index c8275264..d09b26de 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java
@@ -11,7 +11,7 @@ public class MoaSigSpringResourceProvider implements SpringResourceProvider {
public Resource[] getResourcesToLoad() {
final ClassPathResource moaSigConfig =
new ClassPathResource("/moa-sig-service.beans.xml", MoaSigSpringResourceProvider.class);
- return new Resource[] {moaSigConfig};
+ return new Resource[] { moaSigConfig };
}
@Override
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java
index 338e77d8..559af62a 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java
@@ -18,17 +18,14 @@ public class SignatureCreationService extends AbstractSignatureService
private XMLSignatureCreationInvoker xadesInvoker;
private CMSSignatureCreationInvoker cadesInvoker;
-
-
@PostConstruct
protected void internalInitializer() {
log.debug("Instanzing SignatureCreationService implementation ... ");
xadesInvoker = XMLSignatureCreationInvoker.getInstance();
cadesInvoker = CMSSignatureCreationInvoker.getInstance();
- log.trace("XML_impl: {} , CMS_imp: {}",
- xadesInvoker.getClass().getName(), cadesInvoker.getClass().getName());
+ log.trace("XML_impl: {} , CMS_imp: {}",
+ xadesInvoker.getClass().getName(), cadesInvoker.getClass().getName());
log.info("MOA-Sig signature-creation service initialized");
-
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
index 3dbda391..8fc4086e 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -3,10 +3,21 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateEncodingException;
import java.util.List;
+
import javax.annotation.PostConstruct;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.lang.Nullable;
+import org.springframework.stereotype.Service;
+import org.springframework.util.Base64Utils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceBuilderException;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser.VerifyXmlSignatureResponseParser;
@@ -22,15 +33,6 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
import at.gv.egovernment.moaspss.util.Constants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.lang.Nullable;
-import org.springframework.stereotype.Service;
-import org.springframework.util.Base64Utils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
/**
* MOA-Sig based signature verification implementation.
@@ -54,12 +56,12 @@ public class SignatureVerificationService extends AbstractSignatureService
/*
* (non-Javadoc)
*
- * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#
- * verifyCMSSignature(byte[], java.lang.String)
+ * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.
+ * ISignatureVerificationService# verifyCMSSignature(byte[], java.lang.String)
*/
@Override
@Nullable
- public ICMSSignatureVerificationResponse verifyCmsSignature(final byte[] signature,
+ public ICmsSignatureVerificationResponse verifyCmsSignature(final byte[] signature,
final String trustProfileID) throws MoaSigServiceException {
try {
// setup context
@@ -74,12 +76,12 @@ public class SignatureVerificationService extends AbstractSignatureService
} catch (final MOAException e) {
log.warn("CMS signature verification has an error.", e);
- throw new MoaSigServiceException("service.03", new Object[] {e.toString()}, e);
+ throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e);
} catch (final CertificateEncodingException e) {
log.warn("Can NOT serialize X509 certificate from CMS/CAdES signature-verification response",
e);
- throw new MoaSigServiceException("service.03", new Object[] {e.toString()}, e);
+ throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e);
} finally {
tearDownContexts();
@@ -91,11 +93,11 @@ public class SignatureVerificationService extends AbstractSignatureService
/*
* (non-Javadoc)
*
- * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#
- * verifyXMLSignature(byte[], java.lang.String)
+ * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.
+ * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String)
*/
@Override
- public IXMLSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
+ public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID) throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION);
@@ -104,11 +106,12 @@ public class SignatureVerificationService extends AbstractSignatureService
/*
* (non-Javadoc)
*
- * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#
- * verifyXMLSignature(byte[], java.lang.String, java.util.List)
+ * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.
+ * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String,
+ * java.util.List)
*/
@Override
- public IXMLSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
+ public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID, final List<String> verifyTransformsInfoProfileID)
throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID,
@@ -118,11 +121,12 @@ public class SignatureVerificationService extends AbstractSignatureService
/*
* (non-Javadoc)
*
- * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#
- * verifyXMLSignature(byte[], java.lang.String, java.lang.String)
+ * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.
+ * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String,
+ * java.lang.String)
*/
@Override
- public IXMLSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
+ public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID, final String signatureLocationXpath)
throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath);
@@ -131,11 +135,12 @@ public class SignatureVerificationService extends AbstractSignatureService
/*
* (non-Javadoc)
*
- * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#
- * verifyXMLSignature(byte[], java.lang.String, java.util.List, java.lang.String)
+ * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.
+ * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String,
+ * java.util.List, java.lang.String)
*/
@Override
- public IXMLSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
+ public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID, final List<String> verifyTransformsInfoProfileID,
final String xpathSignatureLocation) throws MoaSigServiceException {
try {
@@ -153,7 +158,7 @@ public class SignatureVerificationService extends AbstractSignatureService
final Document result = new VerifyXMLSignatureResponseBuilder(true).build(vsresponse);
// parses the <IXMLSignatureVerificationResponse>
- final IXMLSignatureVerificationResponse verifyXmlSignatureResponse =
+ final IXmlSignatureVerificationResponse verifyXmlSignatureResponse =
new VerifyXmlSignatureResponseParser(result.getDocumentElement()).parseData();
return verifyXmlSignatureResponse;
@@ -164,7 +169,7 @@ public class SignatureVerificationService extends AbstractSignatureService
} catch (final MOAException e) {
log.warn("MOA-Sig signature-verification has an internal error." + " MsgCode: "
+ e.getMessageId() + " Msg: " + e.getMessage(), e);
- throw new MoaSigServiceException("service.moasig.03", new Object[] {e.getMessage()}, e);
+ throw new MoaSigServiceException("service.moasig.03", new Object[] { e.getMessage() }, e);
} finally {
tearDownContexts();
@@ -172,7 +177,7 @@ public class SignatureVerificationService extends AbstractSignatureService
}
}
- private ICMSSignatureVerificationResponse parseCmsVerificationResult(
+ private ICmsSignatureVerificationResponse parseCmsVerificationResult(
final VerifyCMSSignatureResponse cmsSigVerifyResp) throws CertificateEncodingException {
if (cmsSigVerifyResp.getResponseElements() == null
@@ -190,8 +195,8 @@ public class SignatureVerificationService extends AbstractSignatureService
final VerifyCMSSignatureResponseElement firstSig =
(VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0);
- final at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCMSSignatureResponse result =
- new at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCMSSignatureResponse();
+ final at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse result =
+ new at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse();
// parse results into response container
result.setSignatureCheckCode(firstSig.getSignatureCheck().getCode());
@@ -216,14 +221,16 @@ public class SignatureVerificationService extends AbstractSignatureService
/**
* Build a VerifyCMS-Siganture request for MOA-Sig. <br>
* <br>
- * This builder only generates verification-request for enveloped CMS or CAdES signatures <br>
+ * This builder only generates verification-request for enveloped CMS or CAdES
+ * signatures <br>
* This
*
- * @param signature CMS or CAdES signature
- * @param trustProfileID trustProfileID MOA-Sig Trust-Profile
- * @param isPdfSignature Make CAdES signature as part of an PAdES document
- * @param performExtendedValidation To extended validation. See MOA-Sig documentation for detailed
- * information
+ * @param signature CMS or CAdES signature
+ * @param trustProfileID trustProfileID MOA-Sig Trust-Profile
+ * @param isPdfSignature Make CAdES signature as part of an PAdES
+ * document
+ * @param performExtendedValidation To extended validation. See MOA-Sig
+ * documentation for detailed information
* @return
*/
private VerifyCMSSignatureRequest buildVerfifyCmsRequest(final byte[] signature,
@@ -245,11 +252,12 @@ public class SignatureVerificationService extends AbstractSignatureService
/**
* Build a VerifyXML-Signature request for MOA-Sig.
*
- * @param signature Serialized XML signature
- * @param trustProfileID MOA-Sig Trust-Profile
- * @param verifyTransformsInfoProfileID {@link List} of Transformation-Profiles used for
- * validation
- * @param xpathSignatureLocation Xpath that points to location of Signature element
+ * @param signature Serialized XML signature
+ * @param trustProfileID MOA-Sig Trust-Profile
+ * @param verifyTransformsInfoProfileID {@link List} of Transformation-Profiles
+ * used for validation
+ * @param xpathSignatureLocation Xpath that points to location of
+ * Signature element
* @return MOA-Sig verification request element
* @throws MoaSigServiceBuilderException In case of an error
*/
@@ -266,7 +274,6 @@ public class SignatureVerificationService extends AbstractSignatureService
Constants.DSIG_NS_URI);
requestDoc_.appendChild(requestElem_);
-
// build the request
final Element verifiySignatureInfoElem =
requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
@@ -331,19 +338,18 @@ public class SignatureVerificationService extends AbstractSignatureService
} catch (final Throwable t) {
log.warn("Can NOT build VerifyXML-Signature request for MOA-Sig", t);
- throw new MoaSigServiceBuilderException("service.moasig.03", new Object[] {t.getMessage()},
+ throw new MoaSigServiceBuilderException("service.moasig.03", new Object[] { t.getMessage() },
t);
}
}
-
-
@PostConstruct
protected void internalInitializer() {
log.debug("Instanzing SignatureVerificationService implementation ... ");
- // svs = at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance();
+ // svs =
+ // at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance();
cadesInvoker = CMSSignatureVerificationInvoker.getInstance();
xadesInvocer = XMLSignatureVerificationInvoker.getInstance();
log.info("MOA-Sig signature-verification service initialized");
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java
index 18ee6edb..0485f31f 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java
@@ -2,7 +2,6 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data;
import java.io.Serializable;
import java.security.cert.CertificateException;
-import iaik.x509.X509Certificate;
import java.util.Date;
import org.slf4j.Logger;
@@ -11,6 +10,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IGenericSignatureVerificationResponse;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceParserException;
+import iaik.x509.X509Certificate;
public class GenericSignatureVerificationResponse
implements IGenericSignatureVerificationResponse, Serializable {
@@ -19,32 +19,31 @@ public class GenericSignatureVerificationResponse
private static final Logger log =
LoggerFactory.getLogger(GenericSignatureVerificationResponse.class);
-
- /** The signing time */
+ /** The signing time. */
private Date signingDateTime;
- /** The signatureCheckCode to be stored */
+ /** The signatureCheckCode to be stored. */
private int signatureCheckCode;
- /** The certificateCheckCode to be stored */
+ /** The certificateCheckCode to be stored. */
private int certificateCheckCode;
- /** The publicAuthority to be stored */
+ /** The publicAuthority to be stored. */
private boolean publicAuthority;
- /** The publicAuthorityCode to be stored */
+ /** The publicAuthorityCode to be stored. */
private String publicAuthorityCode;
- /** The qualifiedCertificate to be stored */
+ /** The qualifiedCertificate to be stored. */
private boolean qualifiedCertificate;
private byte[] x509CertificateEncoded;
@Override
public Date getSigningDateTime() {
- if (this.signingDateTime != null) {
- return new Date(this.signingDateTime.getTime());
- }
+ if (this.signingDateTime != null) {
+ return new Date(this.signingDateTime.getTime());
+ }
return null;
}
@@ -87,11 +86,11 @@ public class GenericSignatureVerificationResponse
@Override
public byte[] getX509CertificateEncoded() {
- if (this.x509CertificateEncoded != null) {
- return this.x509CertificateEncoded.clone();
-
- }
- return null;
+ if (this.x509CertificateEncoded != null) {
+ return this.x509CertificateEncoded.clone();
+
+ }
+ return null;
}
@@ -107,10 +106,15 @@ public class GenericSignatureVerificationResponse
}
+ /**
+ * Set signature creation timestramp.
+ *
+ * @param signingDateTime timestamp
+ */
public void setSigningDateTime(final Date signingDateTime) {
- if (signingDateTime != null) {
- this.signingDateTime = new Date(signingDateTime.getTime());
- }
+ if (signingDateTime != null) {
+ this.signingDateTime = new Date(signingDateTime.getTime());
+ }
}
public void setSignatureCheckCode(final int signatureCheckCode) {
@@ -133,13 +137,16 @@ public class GenericSignatureVerificationResponse
this.qualifiedCertificate = qualifiedCertificate;
}
+ /**
+ * Set encoded signer certificate.
+ *
+ * @param x509CertificateEncoded signer cerificate
+ */
public void setX509CertificateEncoded(final byte[] x509CertificateEncoded) {
- if (x509CertificateEncoded != null) {
- this.x509CertificateEncoded = x509CertificateEncoded.clone();
-
- }
- }
-
+ if (x509CertificateEncoded != null) {
+ this.x509CertificateEncoded = x509CertificateEncoded.clone();
+ }
+ }
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCMSSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java
index 0583a29e..ed679828 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCMSSignatureResponse.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java
@@ -1,9 +1,9 @@
package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
-public class VerifyCMSSignatureResponse extends GenericSignatureVerificationResponse
- implements ICMSSignatureVerificationResponse {
+public class VerifyCmsSignatureResponse extends GenericSignatureVerificationResponse
+ implements ICmsSignatureVerificationResponse {
private static final long serialVersionUID = 708260904158070696L;
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXMLSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXMLSignatureResponse.java
deleted file mode 100644
index 003d2c46..00000000
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXMLSignatureResponse.java
+++ /dev/null
@@ -1,119 +0,0 @@
-package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data;
-
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse;
-
-/**
- *
- *
- * @author tlenz
- *
- */
-
-public class VerifyXMLSignatureResponse extends GenericSignatureVerificationResponse
- implements IXMLSignatureVerificationResponse {
-
- private static final long serialVersionUID = 8386070769565711601L;
-
- /** The xmlDsigSubjectName to be stored */
- private String xmlDsigSubjectName;
-
- /** The xmlDSIGManifestCheckCode to be stored */
- private int xmlDSIGManifestCheckCode;
- /** The xmlDSIGManigest to be stored */
- private boolean xmlDSIGManigest;
-
- /**
- * The result of the signature manifest check. The default value <code>-1</code> indicates that
- * the signature manifest has not been checked.
- */
- private int signatureManifestCheckCode = -1;
-
-
- /*
- * (non-Javadoc)
- *
- * @see
- * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDSIGManifestCheckCode()
- */
- @Override
- public int getXmlDSIGManifestCheckCode() {
- return xmlDSIGManifestCheckCode;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDsigSubjectName()
- */
- @Override
- public String getXmlDsigSubjectName() {
- return xmlDsigSubjectName;
- }
-
-
- /*
- * (non-Javadoc)
- *
- * @see
- * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManifestCheckCode(
- * int)
- */
- public void setXmlDSIGManifestCheckCode(final int xmlDSIGManifestCheckCode) {
- this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDsigSubjectName(java.lang
- * .String)
- */
- public void setXmlDsigSubjectName(final String xmlDsigSubjectName) {
- this.xmlDsigSubjectName = xmlDsigSubjectName;
- }
-
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isXmlDSIGManigest()
- */
- @Override
- public boolean isXmlDSIGManigest() {
- return xmlDSIGManigest;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManigest(boolean)
- */
- public void setXmlDSIGManigest(final boolean xmlDSIGManigest) {
- this.xmlDSIGManigest = xmlDSIGManigest;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureManifestCheckCode()
- */
- @Override
- public int getSignatureManifestCheckCode() {
- return signatureManifestCheckCode;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureManifestCheckCode(
- * int)
- */
- public void setSignatureManifestCheckCode(final int signatureManifestCheckCode) {
- this.signatureManifestCheckCode = signatureManifestCheckCode;
- }
-
-}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java
new file mode 100644
index 00000000..4b0632b1
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java
@@ -0,0 +1,115 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
+
+/**
+ * MOA-Sig signature verification response for XML based signatures.
+ *
+ * @author tlenz
+ *
+ */
+
+public class VerifyXmlSignatureResponse extends GenericSignatureVerificationResponse
+ implements IXmlSignatureVerificationResponse {
+
+ private static final long serialVersionUID = 8386070769565711601L;
+
+ /** The xmlDsigSubjectName to be stored. */
+ private String xmlDsigSubjectName;
+
+ /** The xmlDSIGManifestCheckCode to be stored. */
+ private int xmlDsigManifestCheckCode;
+ /** The xmlDSIGManigest to be stored. */
+ private boolean xmlDsigManigest;
+
+ /**
+ * The result of the signature manifest check. The default value <code>-1</code>
+ * indicates that the signature manifest has not been checked.
+ */
+ private int signatureManifestCheckCode = -1;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
+ * getXmlDSIGManifestCheckCode()
+ */
+ @Override
+ public int getXmlDsigManifestCheckCode() {
+ return xmlDsigManifestCheckCode;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
+ * getXmlDsigSubjectName()
+ */
+ @Override
+ public String getXmlDsigSubjectName() {
+ return xmlDsigSubjectName;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
+ * setXmlDSIGManifestCheckCode( int)
+ */
+ public void setXmlDsigManifestCheckCode(final int xmlDsigManifestCheckCode) {
+ this.xmlDsigManifestCheckCode = xmlDsigManifestCheckCode;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
+ * setXmlDsigSubjectName(java.lang .String)
+ */
+ public void setXmlDsigSubjectName(final String xmlDsigSubjectName) {
+ this.xmlDsigSubjectName = xmlDsigSubjectName;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
+ * isXmlDSIGManigest()
+ */
+ @Override
+ public boolean isXmlDsigManigest() {
+ return xmlDsigManigest;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
+ * setXmlDSIGManigest(boolean)
+ */
+ public void setXmlDsigManigest(final boolean xmlDsigManigest) {
+ this.xmlDsigManigest = xmlDsigManigest;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
+ * getSignatureManifestCheckCode()
+ */
+ @Override
+ public int getSignatureManifestCheckCode() {
+ return signatureManifestCheckCode;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
+ * setSignatureManifestCheckCode( int)
+ */
+ public void setSignatureManifestCheckCode(final int signatureManifestCheckCode) {
+ this.signatureManifestCheckCode = signatureManifestCheckCode;
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java
index aa094f1e..231cb94f 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java
@@ -2,23 +2,24 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceParserException;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moaspss.util.Constants;
-import at.gv.egovernment.moaspss.util.DOMUtils;
-import at.gv.egovernment.moaspss.util.XPathUtils;
+
import org.joda.time.DateTime;
import org.joda.time.format.ISODateTimeFormat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.lang.NonNull;
import org.w3c.dom.Element;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceParserException;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyXmlSignatureResponse;
+import at.gv.egovernment.moaspss.util.Constants;
+import at.gv.egovernment.moaspss.util.DOMUtils;
+import at.gv.egovernment.moaspss.util.XPathUtils;
import iaik.utils.Base64InputStream;
import iaik.x509.X509Certificate;
-
public class VerifyXmlSignatureResponseParser {
private static final Logger log = LoggerFactory.getLogger(VerifyXmlSignatureResponseParser.class);
@@ -63,13 +64,15 @@ public class VerifyXmlSignatureResponseParser {
private static final String SIGNING_TIME_XPATH = ROOT + MOA + "SigningTime";
-
- /** This is the root element of the XML-Document provided by the Security Layer Card. */
+ /**
+ * This is the root element of the XML-Document provided by the Security Layer
+ * Card.
+ */
private Element verifyXmlSignatureResponse;
/**
- * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the incoming String
- * will be created
+ * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the
+ * incoming String will be created
*
* @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
* @throws MoaSigServiceParserException on any parsing error
@@ -82,14 +85,14 @@ public class VerifyXmlSignatureResponseParser {
} catch (final Throwable t) {
log.warn("Can not parse MOA-Sig response.", t);
- throw new MoaSigServiceParserException("service.moasig.02", new Object[] {t.toString()}, t);
+ throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t);
}
}
/**
- * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the incoming
- * Inputstream will be created
+ * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the
+ * incoming Inputstream will be created
*
* @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
* @throws MoaSigServiceParserException on any parsing error
@@ -101,14 +104,14 @@ public class VerifyXmlSignatureResponseParser {
} catch (final Throwable t) {
log.warn("Can not parse MOA-Sig response.", t);
- throw new MoaSigServiceParserException("service.moasig.02", new Object[] {t.toString()}, t);
+ throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t);
}
}
/**
- * Constructor for VerifyXMLSignatureResponseParser. The incoming Element will be used for further
- * operations
+ * Constructor for VerifyXMLSignatureResponseParser. The incoming Element will
+ * be used for further operations
*
* @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as Element
*/
@@ -118,15 +121,16 @@ public class VerifyXmlSignatureResponseParser {
}
/**
- * Parse MOA-Sig signatur-verification result into {@link IXMLSignatureVerificationResponse}.
+ * Parse MOA-Sig signatur-verification result into
+ * {@link IXmlSignatureVerificationResponse}.
*
- * @return {@link IXMLSignatureVerificationResponse}
+ * @return {@link IXmlSignatureVerificationResponse}
* @throws MoaSigServiceException on any parsing error
*/
@NonNull
- public IXMLSignatureVerificationResponse parseData() throws MoaSigServiceException {
+ public IXmlSignatureVerificationResponse parseData() throws MoaSigServiceException {
try {
- final VerifyXMLSignatureResponse respData = new VerifyXMLSignatureResponse();
+ final VerifyXmlSignatureResponse respData = new VerifyXmlSignatureResponse();
respData.setXmlDsigSubjectName(
XPathUtils.getElementValue(verifyXmlSignatureResponse, DSIG_SUBJECT_NAME_XPATH, ""));
final Element e = (Element) XPathUtils.selectSingleNode(verifyXmlSignatureResponse,
@@ -151,11 +155,11 @@ public class VerifyXmlSignatureResponseParser {
final String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXmlSignatureResponse,
XMLDSIG_MANIFEST_CHECK_CODE_XPATH, null);
if (xmlDsigCheckCode != null) {
- respData.setXmlDSIGManigest(true);
- respData.setXmlDSIGManifestCheckCode(Integer.parseInt(xmlDsigCheckCode));
+ respData.setXmlDsigManigest(true);
+ respData.setXmlDsigManifestCheckCode(Integer.parseInt(xmlDsigCheckCode));
} else {
- respData.setXmlDSIGManigest(false);
+ respData.setXmlDsigManigest(false);
}
@@ -181,10 +185,9 @@ public class VerifyXmlSignatureResponseParser {
} catch (final Throwable t) {
log.warn("Can not parse MOA-Sig response.", t);
- throw new MoaSigServiceParserException("service.moasig.02", new Object[] {t.toString()}, t);
+ throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t);
}
}
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java
index c0482c9d..2779ee1d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java
@@ -11,7 +11,7 @@
* is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the Licence for the specific language governing permissions and limitations under
* the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text file for details on the
* various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
* works that you distribute must include a readable copy of the "NOTICE" text file.
@@ -42,7 +42,7 @@ public class Pvp2SProfileCoreSpringResourceProvider implements SpringResourcePro
final ClassPathResource sl20AuthConfig =
new ClassPathResource("/eaaf_pvp.beans.xml", Pvp2SProfileCoreSpringResourceProvider.class);
- return new Resource[] {sl20AuthConfig};
+ return new Resource[] { sl20AuthConfig };
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
index 8bd2f024..b271b46d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java
@@ -22,13 +22,16 @@ package at.gv.egiz.eaaf.modules.pvp2;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+
import javax.xml.namespace.QName;
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
-import at.gv.egiz.eaaf.core.impl.data.Trible;
+
import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.signature.SignatureConstants;
-public interface PvpConstants extends PVPAttributeDefinitions {
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+
+public interface PvpConstants extends PvpAttributeDefinitions {
String DEFAULT_SIGNING_METHODE =
SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
@@ -53,13 +56,14 @@ public interface PvpConstants extends PVPAttributeDefinitions {
String SINGLELOGOUT = "SingleLogOut";
/**
- * Get required PVP attributes for egovtoken First : PVP attribute name (OID) Second: FriendlyName
- * Third: Required.
+ * Get required PVP attributes for egovtoken First : PVP attribute name (OID)
+ * Second: FriendlyName Third: Required.
*
*/
List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES =
Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
private static final long serialVersionUID = 1L;
+
{
// currently supported attributes
add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
@@ -73,18 +77,18 @@ public interface PvpConstants extends PVPAttributeDefinitions {
add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
-
}
});
/**
- * Get required PVP attributes for citizenToken First : PVP attribute name (OID) Second:
- * FriendlyName Third: Required.
+ * Get required PVP attributes for citizenToken First : PVP attribute name (OID)
+ * Second: FriendlyName Third: Required.
*
*/
List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES =
Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = -5947165770657082581L;
+
{
// required attributes - eIDAS minimal-data set
add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
@@ -93,7 +97,6 @@ public interface PvpConstants extends PVPAttributeDefinitions {
add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
-
// not required attributes
add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
@@ -123,8 +126,6 @@ public interface PvpConstants extends PVPAttributeDefinitions {
add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME,
MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
-
-
}
});
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java
index 39c0baff..ec806f07 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java
@@ -20,10 +20,12 @@
package at.gv.egiz.eaaf.modules.pvp2.api;
import java.util.List;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.Organization;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
public interface IPvo2BasicConfiguration {
String getIdpEntityId(String authUrl) throws EaafException;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
index 677028a5..89e6a384 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java
@@ -21,13 +21,14 @@ package at.gv.egiz.eaaf.modules.pvp2.api.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+
import org.opensaml.common.binding.decoding.URIComparator;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.security.SecurityException;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
public interface IDecoder {
InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp,
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
index 9d8b0105..fcab5fd8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java
@@ -21,30 +21,32 @@ package at.gv.egiz.eaaf.modules.pvp2.api.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+
public interface IEncoder {
/**
* SAML2 Request encoder.
*
- * @param req The http request
- * @param resp The http response
- * @param request The SAML2 request object
+ * @param req The http request
+ * @param resp The http response
+ * @param request The SAML2 request object
* @param targetLocation URL, where the request should be transmit
- * @param relayState token for session handling
- * @param credentials Credential to sign the request object
- * @param pendingReq Internal MOA-ID request object that contains session-state informations but
- * never null
+ * @param relayState token for session handling
+ * @param credentials Credential to sign the request object
+ * @param pendingReq Internal MOA-ID request object that contains
+ * session-state informations but never null
* @throws MessageEncodingException In case of an error
- * @throws SecurityException In case of an error
- * @throws Pvp2Exception In case of an error
+ * @throws SecurityException In case of an error
+ * @throws Pvp2Exception In case of an error
*/
void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
RequestAbstractType request, String targetLocation, String relayState, Credential credentials,
@@ -53,16 +55,16 @@ public interface IEncoder {
/**
* Encoder SAML Response.
*
- * @param req The http request
- * @param resp The http response
- * @param response The SAML2 repsonse object
+ * @param req The http request
+ * @param resp The http response
+ * @param response The SAML2 repsonse object
* @param targetLocation URL, where the request should be transmit
- * @param relayState token for session handling
- * @param credentials Credential to sign the response object
- * @param pendingReq Internal MOA-ID request object that contains session-state informations but
- * never null
- * @throws MessageEncodingException In case of an error
- * @throws SecurityException In case of an error
+ * @param relayState token for session handling
+ * @param credentials Credential to sign the response object
+ * @param pendingReq Internal MOA-ID request object that contains
+ * session-state informations but never null
+ * @throws MessageEncodingException In case of an error
+ * @throws SecurityException In case of an error
*/
void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
StatusResponseType response, String targetLocation, String relayState, Credential credentials,
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java
index f06a1684..ab39fefb 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java
@@ -21,13 +21,15 @@ package at.gv.egiz.eaaf.modules.pvp2.api.metadata;
import java.util.Collection;
import java.util.List;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.Organization;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.xml.security.credential.Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+
/**
* PVP Metadata builder configuration.
*
@@ -36,9 +38,9 @@ import org.opensaml.xml.security.credential.Credential;
*/
public interface IPvpMetadataBuilderConfiguration {
-
/**
- * Defines a unique name for this PVP Service-provider, which is used for logging.
+ * Defines a unique name for this PVP Service-provider, which is used for
+ * logging.
*
* @return
*/
@@ -73,8 +75,8 @@ public interface IPvpMetadataBuilderConfiguration {
boolean buildSpSsoDescriptor();
/**
- * Set the PVP entityID for this SAML2 metadata. The entityID must be an URL and must be start
- * with the public-URL prefix of the server.
+ * Set the PVP entityID for this SAML2 metadata. The entityID must be an URL and
+ * must be start with the public-URL prefix of the server.
*
* @return PVP entityID postfix as String
*/
@@ -101,7 +103,6 @@ public interface IPvpMetadataBuilderConfiguration {
*/
Organization getOrgansiationInformation();
-
/**
* Set the credential for metadata signing.
*
@@ -111,11 +112,12 @@ public interface IPvpMetadataBuilderConfiguration {
Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
/**
- * Set the credential for request/response signing IDP metadata: this credential is used for SAML2
- * response signing SP metadata: this credential is used for SAML2 response signing.
+ * Set the credential for request/response signing IDP metadata: this credential
+ * is used for SAML2 response signing SP metadata: this credential is used for
+ * SAML2 response signing.
*
* @return Credentials
- * @throws CredentialsNotAvailableException In case of an error
+ * @throws CredentialsNotAvailableException In case of an error
*/
Credential getRequestorResponseSigningCredentials()
throws CredentialsNotAvailableException;
@@ -124,7 +126,7 @@ public interface IPvpMetadataBuilderConfiguration {
* Set the credential for response encryption.
*
* @return Credentials
- * @throws CredentialsNotAvailableException In case of an error
+ * @throws CredentialsNotAvailableException In case of an error
*/
Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
@@ -191,7 +193,6 @@ public interface IPvpMetadataBuilderConfiguration {
*/
String getSpSloSoapBindingUrl();
-
/**
* Set all SAML2 attributes which could be provided by this IDP.
*
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java
index 4207d860..0cf7e293 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java
@@ -23,7 +23,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
public interface IPvpMetadataConfigurationFactory {
-
IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authUrl,
AbstractCredentialProvider pvpIdpCredentials);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java
index bc90ff3f..25b2d250 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java
@@ -11,7 +11,7 @@
* is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the Licence for the specific language governing permissions and limitations under
* the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text file for details on the
* various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
* works that you distribute must include a readable copy of the "NOTICE" text file.
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java
index f44a545d..fe908869 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java
@@ -20,13 +20,16 @@
package at.gv.egiz.eaaf.modules.pvp2.api.reqattr;
import java.util.List;
+
import javax.xml.namespace.QName;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+
import org.opensaml.common.SAMLObject;
import org.opensaml.xml.AttributeExtensibleXMLObject;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.schema.XSBooleanValue;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+
public interface EaafRequestedAttribute extends SAMLObject, AttributeExtensibleXMLObject,
org.opensaml.saml2.metadata.RequestedAttribute {
@@ -36,7 +39,6 @@ public interface EaafRequestedAttribute extends SAMLObject, AttributeExtensibleX
/** Local name of the XSI type. */
String TYPE_LOCAL_NAME = "RequestedAttributeAbstractType";
-
/** Default element name. */
QName DEFAULT_ELEMENT_NAME =
new QName(PvpConstants.EIDAT10_SAML_NS, DEF_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX);
@@ -45,8 +47,6 @@ public interface EaafRequestedAttribute extends SAMLObject, AttributeExtensibleX
QName TYPE_NAME =
new QName(PvpConstants.EIDAT10_SAML_NS, TYPE_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX);
-
-
/** NAME_ATTRIB_NAME attribute name. */
String NAME_ATTRIB_NAME = "Name";
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java
index 98f118b0..4c168b31 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java
@@ -11,7 +11,7 @@
* is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the Licence for the specific language governing permissions and limitations under
* the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text file for details on the
* various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
* works that you distribute must include a readable copy of the "NOTICE" text file.
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java
index 41dcd3b9..90195f1d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java
@@ -20,11 +20,13 @@
package at.gv.egiz.eaaf.modules.pvp2.api.validation;
import javax.servlet.http.HttpServletRequest;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+
public interface IAuthnRequestValidator {
void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq,
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java
index 3cbe59da..3454e890 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java
@@ -11,7 +11,7 @@
* is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the Licence for the specific language governing permissions and limitations under
* the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text file for details on the
* various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
* works that you distribute must include a readable copy of the "NOTICE" text file.
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java
index 82fb2c79..78529e23 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java
@@ -21,7 +21,6 @@ package at.gv.egiz.eaaf.modules.pvp2.exception;
public class AttributQueryException extends Pvp2Exception {
-
private static final long serialVersionUID = -4302422507173728748L;
public AttributQueryException(final String messageId, final Object[] parameters) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java
index 97971d3a..2273d343 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java
@@ -26,13 +26,8 @@ public class BindingNotSupportedException extends Pvp2Exception {
private static final long serialVersionUID = -7227603941387879360L;
public BindingNotSupportedException(final String binding) {
- super("pvp2.11", new Object[] {binding});
+ super("pvp2.11", new Object[] { binding });
this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
}
-
-
-
-
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java
index ae64e134..ede00366 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java
@@ -34,7 +34,4 @@ public class CredentialsNotAvailableException extends EaafException {
super(messageId, parameters, e);
}
-
-
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java
index 8ca373c4..538279b5 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java
@@ -30,6 +30,4 @@ public class InvalidDateFormatException extends Pvp2Exception {
this.statusCodeValue = StatusCode.REQUESTER_URI;
}
-
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java
index b43db603..a5b5ed33 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java
@@ -19,9 +19,10 @@
package at.gv.egiz.eaaf.modules.pvp2.exception;
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
import org.opensaml.saml2.core.StatusCode;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+
public class NameIdFormatNotSupportedException extends AuthnRequestValidatorException {
private static final long serialVersionUID = -2270762519437873336L;
@@ -32,12 +33,9 @@ public class NameIdFormatNotSupportedException extends AuthnRequestValidatorExce
* @param nameIdFormat requested NameIdFormat
*/
public NameIdFormatNotSupportedException(final String nameIdFormat) {
- super("pvp2.12", new Object[] {nameIdFormat});
+ super("pvp2.12", new Object[] { nameIdFormat });
statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
}
-
-
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java
index f22d2d17..002a946c 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java
@@ -30,7 +30,4 @@ public class NoMetadataInformationException extends Pvp2Exception {
this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
}
-
-
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java
index 0ea909e2..dcbda8b5 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java
@@ -19,9 +19,10 @@
package at.gv.egiz.eaaf.modules.pvp2.exception;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
import org.opensaml.saml2.core.StatusCode;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
public abstract class Pvp2Exception extends EaafException {
private static final long serialVersionUID = 7669537952484421069L;
@@ -38,7 +39,6 @@ public abstract class Pvp2Exception extends EaafException {
this.statusMessageValue = this.getMessage();
}
-
public String getStatusCodeValue() {
return this.statusCodeValue;
}
@@ -47,9 +47,4 @@ public abstract class Pvp2Exception extends EaafException {
return this.statusMessageValue;
}
-
-
-
-
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java
index ab0e8871..5ed7c99d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java
@@ -11,7 +11,7 @@
* is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the Licence for the specific language governing permissions and limitations under
* the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text file for details on the
* various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
* works that you distribute must include a readable copy of the "NOTICE" text file.
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java
index 9edba3f2..9620a5ea 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java
@@ -21,13 +21,12 @@ package at.gv.egiz.eaaf.modules.pvp2.exception;
import org.opensaml.saml2.core.StatusCode;
-
public class QaaNotAllowedException extends Pvp2Exception {
private static final long serialVersionUID = -3964192953884089323L;
public QaaNotAllowedException(final String qaaAuth, final String qaaRequest, final String mode) {
- super("pvp2.17", new Object[] {qaaAuth, qaaRequest, mode});
+ super("pvp2.17", new Object[] { qaaAuth, qaaRequest, mode });
this.statusCodeValue = StatusCode.REQUESTER_URI;
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java
index dc48508d..8824ca63 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java
@@ -21,17 +21,13 @@ package at.gv.egiz.eaaf.modules.pvp2.exception;
import org.opensaml.saml2.core.StatusCode;
-
public class QaaNotSupportedException extends Pvp2Exception {
private static final long serialVersionUID = -3964192953884089323L;
public QaaNotSupportedException(final String qaa) {
- super("pvp2.05", new Object[] {qaa});
+ super("pvp2.05", new Object[] { qaa });
this.statusCodeValue = StatusCode.REQUESTER_URI;
}
-
-
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java
index ede310f0..e27c5b1d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java
@@ -34,7 +34,4 @@ public class SamlMetadataSignatureException extends Pvp2Exception {
this.statusCodeValue = StatusCode.REQUESTER_URI;
}
-
-
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java
index 39cf148b..14ad34a5 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java
@@ -23,7 +23,6 @@ public class SchemaValidationException extends Pvp2Exception {
private static final long serialVersionUID = 1L;
-
public SchemaValidationException(final String messageId, final Object[] parameters) {
super(messageId, parameters);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java
index 410686f6..0abfa5b2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java
@@ -38,6 +38,4 @@ public class SignatureValidationException extends FilterException {
super(string, e);
}
-
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
index 2734c859..4e642a8a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java
@@ -21,23 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HttpPostEncoderWithOwnTemplate;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSignedRequestPolicyRule;
+
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
@@ -66,6 +50,24 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HttpPostEncoderWithOwnTemplate;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSignedRequestPolicyRule;
+
@Service("PVPPOSTBinding")
public class PostBinding implements IDecoder, IEncoder {
private static final Logger log = LoggerFactory.getLogger(PostBinding.class);
@@ -220,7 +222,6 @@ public class PostBinding implements IDecoder, IEncoder {
}
}
-
msg.setVerified(true);
msg.setRelayState(messageContext.getRelayState());
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
index 7b8525ce..eca1a072 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
@@ -21,18 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpAuthRequestSignedRole;
+
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
@@ -62,6 +51,19 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpAuthRequestSignedRole;
+
@Service("PVPRedirectBinding")
public class RedirectBinding implements IDecoder, IEncoder {
@@ -203,7 +205,6 @@ public class RedirectBinding implements IDecoder, IEncoder {
(RequestAbstractType) messageContext.getInboundMessage();
msg = new PvpSProfileRequest(inboundMessage, getSaml2BindingName());
-
} else if (messageContext.getInboundMessage() instanceof StatusResponseType) {
final StatusResponseType inboundMessage =
(StatusResponseType) messageContext.getInboundMessage();
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
index 2e19f259..f56078e5 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
@@ -20,17 +20,10 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
+
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
@@ -56,6 +49,16 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
+
@Service("PVPSOAPBinding")
public class SoapBinding implements IDecoder, IEncoder {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
index 9765f520..8c7fa2fc 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java
@@ -19,7 +19,6 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeValue;
import org.opensaml.xml.Configuration;
@@ -29,6 +28,8 @@ import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSIntegerBuilder;
import org.opensaml.xml.schema.impl.XSStringBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
/**
* Build all attributes from PVP2 citizen-token.
*
@@ -71,7 +72,7 @@ public class CitizenTokenBuilder {
* Build simple attribute.
*
* @param friendlyName attribute friendly-name
- * @param value Attributevalue
+ * @param value Attributevalue
* @return XML attribute
*/
public static Attribute buildStringAttribute(final String friendlyName, final String name,
@@ -87,7 +88,7 @@ public class CitizenTokenBuilder {
* Build simple attribute.
*
* @param friendlyName attribute friendly-name
- * @param value Attributevalue
+ * @param value Attributevalue
* @return XML attribute
*/
public static Attribute buildIntegerAttribute(final String friendlyName, final String name,
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java
index 73ba73c7..39d2a493 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java
@@ -25,10 +25,16 @@ import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ServiceLoader;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IspConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
@@ -36,10 +42,6 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata;
import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidDateFormatException;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
public class PvpAttributeBuilder {
@@ -78,7 +80,6 @@ public class PvpAttributeBuilder {
}
-
/**
* Get a specific attribute builder.
*
@@ -94,7 +95,7 @@ public class PvpAttributeBuilder {
/**
* Build an SAML2 attribute.
*
- * @param name attribute name
+ * @param name attribute name
* @param value attribute value
* @return SAML2 attribute
*/
@@ -110,14 +111,14 @@ public class PvpAttributeBuilder {
/**
* Build a SAML2 attribute.
*
- * @param name attribute name
- * @param oaParam Service-Provider configuration
+ * @param name attribute name
+ * @param oaParam Service-Provider configuration
* @param authData serice-provider specific authentication data
* @return SAML2 attribute
- * @throws Pvp2Exception In case of a general error
+ * @throws Pvp2Exception In case of a general error
* @throws AttributeBuilderException In case of an attribute builder error
*/
- public static Attribute buildAttribute(final String name, final IspConfiguration oaParam,
+ public static Attribute buildAttribute(final String name, final ISpConfiguration oaParam,
final IAuthData authData) throws Pvp2Exception, AttributeBuilderException {
if (builders.containsKey(name)) {
try {
@@ -151,10 +152,6 @@ public class PvpAttributeBuilder {
return null;
}
-
-
-
-
/**
* Return all attributes that has a {@link PvpMetadata} annotation.
*
@@ -182,9 +179,9 @@ public class PvpAttributeBuilder {
/**
* Build a requested attribute.
*
- * @param name attribute name
+ * @param name attribute name
* @param friendlyName attribute friendlyname
- * @param required is attribute mandatory
+ * @param required is attribute mandatory
* @return SAML2 requested attribute
*/
public static RequestedAttribute buildReqAttribute(final String name, final String friendlyName,
@@ -200,13 +197,15 @@ public class PvpAttributeBuilder {
/**
* Build a set of PVP Response-Attributes <br>
* <br>
- * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but no execpetion is
- * thrown. Therefore, the return List must not include all requested attributes.
+ * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but
+ * no execpetion is thrown. Therefore, the return List must not include all
+ * requested attributes.
*
- * @param authData AuthenticationData <code>IAuthData</code> which is used to build the attribute
- * values, but never <code>null</code>
- * @param reqAttributenName List of PVP attribute names which are requested, but never
- * <code>null</code>
+ * @param authData AuthenticationData <code>IAuthData</code> which is
+ * used to build the attribute values, but never
+ * <code>null</code>
+ * @param reqAttributenName List of PVP attribute names which are requested, but
+ * never <code>null</code>
* @return List of PVP attributes, but never <code>null</code>
*/
public static List<Attribute> buildSetOfResponseAttributes(final IAuthData authData,
@@ -240,5 +239,4 @@ public class PvpAttributeBuilder {
return attrList;
}
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
index 1efa8745..b543a5dc 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
@@ -23,6 +23,7 @@ import java.io.IOException;
import java.io.StringWriter;
import java.util.Collection;
import java.util.List;
+
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
@@ -32,11 +33,7 @@ import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
import org.apache.commons.httpclient.auth.CredentialsNotAvailableException;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
@@ -73,6 +70,12 @@ import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
/**
* PVP metadata builder implementation.
*
@@ -98,21 +101,20 @@ public class PvpMetadataBuilder {
}
-
/**
* Build PVP 2.1 conform SAML2 metadata.
*
* @param config PVPMetadataBuilder configuration*
* @return PVP metadata as XML String
- * @throws SecurityException In case of an error
- * @throws ConfigurationException In case of an error
- * @throws CredentialsNotAvailableException In case of an error
+ * @throws SecurityException In case of an error
+ * @throws ConfigurationException In case of an error
+ * @throws CredentialsNotAvailableException In case of an error
* @throws TransformerFactoryConfigurationError In case of an error
- * @throws MarshallingException In case of an error
- * @throws TransformerException In case of an error
- * @throws ParserConfigurationException In case of an error
- * @throws IOException In case of an error
- * @throws SignatureException In case of an error
+ * @throws MarshallingException In case of an error
+ * @throws TransformerException In case of an error
+ * @throws ParserConfigurationException In case of an error
+ * @throws IOException In case of an error
+ * @throws SignatureException In case of an error
*/
public String buildPvpMetadata(final IPvpMetadataBuilderConfiguration config)
throws CredentialsNotAvailableException, EaafException, SecurityException,
@@ -165,7 +167,6 @@ public class PvpMetadataBuilder {
builder = factory.newDocumentBuilder();
final Document document = builder.newDocument();
-
// build entities descriptor
if (config.buildEntitiesDescriptorAsRootElement()) {
final EntitiesDescriptor entitiesDescriptor =
@@ -179,7 +180,6 @@ public class PvpMetadataBuilder {
EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration();
entitiesDescriptor.setSignature(signature);
-
// marshall document
final Marshaller out =
org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(entitiesDescriptor);
@@ -191,8 +191,6 @@ public class PvpMetadataBuilder {
entityDescriptor.setSignature(signature);
-
-
// marshall document
final Marshaller out =
org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(entityDescriptor);
@@ -215,7 +213,6 @@ public class PvpMetadataBuilder {
return sw.toString();
}
-
private RoleDescriptor generateSpMetadata(final IPvpMetadataBuilderConfiguration config)
throws CredentialsNotAvailableException, SecurityException, EaafException {
final SPSSODescriptor spSsoDescriptor = Saml2Utils.createSamlObject(SPSSODescriptor.class);
@@ -268,7 +265,6 @@ public class PvpMetadataBuilder {
}
}
-
// add POST-Binding assertion consumer services
if (StringUtils.isNotEmpty(config.getSpAssertionConsumerServicePostBindingUrl())) {
final AssertionConsumerService postassertionConsumerService =
@@ -332,7 +328,6 @@ public class PvpMetadataBuilder {
}
-
// add required attributes
final Collection<RequestedAttribute> reqSpAttr = config.getSpRequiredAttributes();
final AttributeConsumingService attributeService =
@@ -382,7 +377,8 @@ public class PvpMetadataBuilder {
idpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
- // set ass default value, because PVP 2.x specification defines this feature as MUST
+ // set ass default value, because PVP 2.x specification defines this feature as
+ // MUST
idpSsoDescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned());
// add WebSSO descriptor for POST-Binding
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java
index 559a3959..d697f3d4 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java
@@ -19,8 +19,6 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeValue;
import org.opensaml.xml.Configuration;
@@ -30,6 +28,9 @@ import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSIntegerBuilder;
import org.opensaml.xml.schema.impl.XSStringBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
private XMLObject buildAttributeStringValue(final String value) {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java
index d8ea35a0..25cbc6ef 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java
@@ -11,7 +11,7 @@
* is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the Licence for the specific language governing permissions and limitations under
* the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text file for details on the
* various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
* works that you distribute must include a readable copy of the "NOTICE" text file.
@@ -33,7 +33,8 @@ public class EaafRequestExtensionBuilder extends AbstractSAMLObjectBuilder<Exten
}
@Override
- public Extensions buildObject(final String namespaceUri, final String localName, final String namespacePrefix) {
+ public Extensions buildObject(final String namespaceUri, final String localName,
+ final String namespacePrefix) {
return new EaafExtensionImplementation(namespaceUri, localName, namespacePrefix);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java
index 4f91f267..81d8d192 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeBuilder.java
@@ -19,9 +19,10 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
import at.gv.egiz.eaaf.modules.pvp2.impl.reqattr.EaafRequestedAttributeImpl;
-import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
public class EaafRequestedAttributeBuilder
extends AbstractSAMLObjectBuilder<EaafRequestedAttribute> {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java
index a370818e..749310f2 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java
@@ -20,8 +20,9 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
import java.util.Map.Entry;
+
import javax.xml.namespace.QName;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.MarshallingException;
@@ -29,6 +30,8 @@ import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
public class EaafRequestedAttributeMarshaller extends AbstractSAMLObjectMarshaller {
@Override
protected final void marshallAttributes(final XMLObject samlElement, final Element domElement)
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java
index 25baed16..35532e77 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java
@@ -11,7 +11,7 @@
* is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the Licence for the specific language governing permissions and limitations under
* the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text file for details on the
* various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
* works that you distribute must include a readable copy of the "NOTICE" text file.
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java
index 1f68747f..db08f87f 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java
@@ -11,7 +11,7 @@
* is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the Licence for the specific language governing permissions and limitations under
* the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text file for details on the
* various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
* works that you distribute must include a readable copy of the "NOTICE" text file.
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java
index 2fff64b3..8aa70e5a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java
@@ -11,7 +11,7 @@
* is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the Licence for the specific language governing permissions and limitations under
* the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text file for details on the
* various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
* works that you distribute must include a readable copy of the "NOTICE" text file.
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java
index b2cf7a82..f616bbb0 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java
@@ -19,12 +19,13 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.UnmarshallingException;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+
public class EaafRequestedAttributesUnmarshaller extends AbstractSAMLObjectUnmarshaller {
@Override
protected final void processChildElement(final XMLObject parentObject,
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
index c21524dd..cd22bba7 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java
@@ -25,10 +25,6 @@ import java.io.Serializable;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.slf4j.Logger;
@@ -36,6 +32,11 @@ import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+
public class InboundMessage implements InboundMessageInterface, Serializable {
private static final Logger log = LoggerFactory.getLogger(InboundMessage.class);
@@ -100,18 +101,19 @@ public class InboundMessage implements InboundMessageInterface, Serializable {
public void setSamlMessage(final Element msg) {
this.samlMessage = msg;
try {
- this.serializedSamlMessage = DomUtils.serializeNode(msg);
-
- } catch (TransformerException | IOException e) {
- log.warn("Can not serialize message",e );
-
- }
+ this.serializedSamlMessage = DomUtils.serializeNode(msg);
+
+ } catch (TransformerException | IOException e) {
+ log.warn("Can not serialize message", e);
+
+ }
}
/*
* (non-Javadoc)
*
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#
+ * getRelayState()
*/
@Override
public String getRelayState() {
@@ -121,7 +123,8 @@ public class InboundMessage implements InboundMessageInterface, Serializable {
/*
* (non-Javadoc)
*
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#
+ * getEntityID()
*/
@Override
public String getEntityID() {
@@ -131,7 +134,8 @@ public class InboundMessage implements InboundMessageInterface, Serializable {
/*
* (non-Javadoc)
*
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#
+ * isVerified()
*/
@Override
public boolean isVerified() {
@@ -141,24 +145,25 @@ public class InboundMessage implements InboundMessageInterface, Serializable {
/*
* (non-Javadoc)
*
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#
+ * getInboundMessage()
*/
@Override
public Element getInboundMessage() {
- if (this.samlMessage != null) {
- return samlMessage;
-
- } else {
- try {
- return (Element) DomUtils.parseDocument(serializedSamlMessage, false, null, null);
-
- } catch (SAXException | IOException | ParserConfigurationException e) {
- throw new RuntimeException(e);
-
- }
-
- }
-
+ if (this.samlMessage != null) {
+ return samlMessage;
+
+ } else {
+ try {
+ return (Element) DomUtils.parseDocument(serializedSamlMessage, false, null, null);
+
+ } catch (SAXException | IOException | ParserConfigurationException e) {
+ throw new RuntimeException(e);
+
+ }
+
+ }
+
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java
index dce2dd04..8a2cce3e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java
@@ -19,7 +19,6 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.message;
-
import org.opensaml.xml.io.Unmarshaller;
import org.opensaml.xml.io.UnmarshallerFactory;
import org.opensaml.xml.io.UnmarshallingException;
@@ -38,7 +37,7 @@ public class PvpSProfileRequest extends InboundMessage {
* PVP2 S-Profil request DAO.
*
* @param inboundMessage SAML2 request object
- * @param binding Used SAML2 binding
+ * @param binding Used SAML2 binding
*/
public PvpSProfileRequest(final SignableXMLObject inboundMessage, final String binding) {
setSamlMessage(inboundMessage.getDOM());
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
index 8a6105bc..4a9bb89a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -28,12 +28,9 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Timer;
+
import javax.xml.namespace.QName;
-import at.gv.egiz.components.spring.api.IDestroyableObject;
-import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+
import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -48,6 +45,12 @@ import org.opensaml.xml.XMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+
public abstract class AbstractChainingMetadataProvider extends SimpleMetadataProvider
implements ObservableMetadataProvider, IGarbageCollectorProcessing,
IRefreshableMetadataProvider, IDestroyableObject, IPvpMetadataProvider {
@@ -58,7 +61,6 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
private static Object mutex = new Object();
private Timer timer = null;
-
public AbstractChainingMetadataProvider() {
internalProvider = new ChainingMetadataProvider();
@@ -72,12 +74,16 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
/*
* (non-Javadoc)
*
- * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
+ * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#
+ * runGarbageCollector()
*/
@Override
public void runGarbageCollector() {
synchronized (mutex) {
- /* add new Metadataprovider or remove Metadataprovider which are not in use any more. */
+ /*
+ * add new Metadataprovider or remove Metadataprovider which are not in use any
+ * more.
+ */
try {
log.trace("Check consistence of PVP2X metadata");
addAndRemoveMetadataProvider();
@@ -110,7 +116,6 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
}
-
// reload metadata provider
final String metadataUrl = getMetadataUrl(entityID);
if (StringUtils.isNotEmpty(metadataUrl)) {
@@ -195,12 +200,11 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
}
}
-
/*
* (non-Javadoc)
*
- * @see
- * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#requireValidMetadata()
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#
+ * requireValidMetadata()
*/
@Override
public boolean requireValidMetadata() {
@@ -210,9 +214,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
/*
* (non-Javadoc)
*
- * @see
- * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setRequireValidMetadata
- * (boolean)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#
+ * setRequireValidMetadata (boolean)
*/
@Override
public void setRequireValidMetadata(final boolean requireValidMetadata) {
@@ -222,8 +225,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
/*
* (non-Javadoc)
*
- * @see
- * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadataFilter()
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#
+ * getMetadataFilter()
*/
@Override
public MetadataFilter getMetadataFilter() {
@@ -233,9 +236,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
/*
* (non-Javadoc)
*
- * @see
- * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setMetadataFilter(org.
- * opensaml.saml2.metadata.provider.MetadataFilter)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#
+ * setMetadataFilter(org. opensaml.saml2.metadata.provider.MetadataFilter)
*/
@Override
public void setMetadataFilter(final MetadataFilter newFilter) throws MetadataProviderException {
@@ -245,7 +247,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
/*
* (non-Javadoc)
*
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadata()
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#
+ * getMetadata()
*/
@Override
public XMLObject getMetadata() throws MetadataProviderException {
@@ -255,9 +258,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
/*
* (non-Javadoc)
*
- * @see
- * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntitiesDescriptor(
- * java.lang.String)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#
+ * getEntitiesDescriptor( java.lang.String)
*/
@Override
public EntitiesDescriptor getEntitiesDescriptor(final String entitiesID)
@@ -290,9 +292,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
/*
* (non-Javadoc)
*
- * @see
- * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntityDescriptor(
- * java.lang.String)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#
+ * getEntityDescriptor( java.lang.String)
*/
@Override
public EntityDescriptor getEntityDescriptor(final String entityID)
@@ -327,8 +328,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
/*
* (non-Javadoc)
*
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.
- * String, javax.xml.namespace.QName)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#
+ * getRole(java.lang. String, javax.xml.namespace.QName)
*/
@Override
public List<RoleDescriptor> getRole(final String entityID, final QName roleName)
@@ -344,8 +345,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
/*
* (non-Javadoc)
*
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.
- * String, javax.xml.namespace.QName, java.lang.String)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#
+ * getRole(java.lang. String, javax.xml.namespace.QName, java.lang.String)
*/
@Override
public RoleDescriptor getRole(final String entityID, final QName roleName,
@@ -361,14 +362,15 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
/*
* (non-Javadoc)
*
- * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
+ * @see
+ * org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers(
+ * )
*/
@Override
public List<Observer> getObservers() {
return ((ChainingMetadataProvider) internalProvider).getObservers();
}
-
/**
* Get the URL to metadata for a specific entityID.
*
@@ -384,9 +386,9 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
* @param entityId EntityId
* @return MetadataProvider
* @throws EaafConfigurationException In case of an error
- * @throws IOException In case of an error
- * @throws CertificateException In case of an error
- * @throws ConfigurationException In case of an error
+ * @throws IOException In case of an error
+ * @throws CertificateException In case of an error
+ * @throws ConfigurationException In case of an error
*/
protected abstract MetadataProvider createNewMetadataProvider(String entityId)
throws EaafConfigurationException, IOException, CertificateException;
@@ -399,7 +401,6 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
protected abstract List<String> getAllMetadataUrlsFromConfiguration()
throws EaafConfigurationException;
-
protected void emitChangeEvent() {
if (getObservers() == null || getObservers().size() == 0) {
return;
@@ -447,9 +448,10 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
final Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
/*
- * TODO: maybe add metadata provider destroy after timeout. But could be a problem if one
- * Metadataprovider load an EntitiesDescriptor with more the multiple EntityDescriptors. If
- * one of this EntityDesciptors are expired the full EntitiesDescriptor is removed.
+ * TODO: maybe add metadata provider destroy after timeout. But could be a
+ * problem if one Metadataprovider load an EntitiesDescriptor with more the
+ * multiple EntityDescriptors. If one of this EntityDesciptors are expired the
+ * full EntitiesDescriptor is removed.
*
* Timeout requires a better solution in this case!
*/
@@ -464,7 +466,7 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
final String metadataurl = metadataUrlInterator.next();
try {
if (StringUtils.isNotEmpty(metadataurl)
- && loadedproviders.containsKey(metadataurl)) {
+ && loadedproviders.containsKey(metadataurl)) {
// SAML2 SP is actually loaded, to nothing
providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
loadedproviders.remove(metadataurl);
@@ -477,7 +479,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro
}
}
- // remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
+ // remove all actually loaded MetadataProviders with are not in ConfigurationDB
+ // any more
final Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
for (final HTTPMetadataProvider provider : notusedproviders) {
final String metadataurl = provider.getMetadataURI();
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
index 04c1dcb8..ebc057df 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
@@ -21,13 +21,13 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
import java.util.ArrayList;
import java.util.List;
+
import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-
/**
* Metadata filter-chain implementation.
*
@@ -37,7 +37,6 @@ import org.slf4j.LoggerFactory;
public class MetadataFilterChain implements MetadataFilter {
private static final Logger log = LoggerFactory.getLogger(MetadataFilterChain.class);
-
private final List<MetadataFilter> filters = new ArrayList<>();
/**
@@ -58,11 +57,12 @@ public class MetadataFilterChain implements MetadataFilter {
filters.add(filter);
}
-
/*
* (non-Javadoc)
*
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ * @see
+ * org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml
+ * .XMLObject)
*/
@Override
public void doFilter(final XMLObject arg0) throws FilterException {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
index 67dd1d35..d63950cb 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
@@ -22,11 +22,9 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
import java.io.File;
import java.net.MalformedURLException;
import java.util.Timer;
+
import javax.net.ssl.SSLHandshakeException;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
+
import org.apache.commons.httpclient.HttpClient;
import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
@@ -37,6 +35,11 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
+
/**
* Simple SAML2 metadata provider.
*
@@ -50,23 +53,26 @@ public abstract class SimpleMetadataProvider implements MetadataProvider {
private static final String URI_PREFIX_HTTPS = "https:";
private static final String URI_PREFIX_FILE = "file:";
-
@Autowired
protected IConfiguration authConfig;
-
/**
* Create a single SAML2 metadata provider.
*
- * @param metadataLocation where the metadata should be loaded, but never null. If the location
- * starts with http(s):, than a http based metadata provider is used. If the location
- * starts with file:, than a filesystem based metadata provider is used
- * @param filter Filters, which should be used to validate the metadata
- * @param idForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
- * @param httpClient Apache commons 3.x http client
+ * @param metadataLocation where the metadata should be loaded, but never null.
+ * If the location starts with http(s):, than a http
+ * based metadata provider is used. If the location
+ * starts with file:, than a filesystem based metadata
+ * provider is used
+ * @param filter Filters, which should be used to validate the
+ * metadata
+ * @param idForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata
+ * refresh operations
+ * @param httpClient Apache commons 3.x http client
*
- * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
+ * @return SAML2 Metadata Provider, or null if the metadata provider can not
+ * initialized
*/
protected MetadataProvider createNewSimpleMetadataProvider(final String metadataLocation,
final MetadataFilter filter, final String idForLogging, final Timer timer,
@@ -100,7 +106,6 @@ public abstract class SimpleMetadataProvider implements MetadataProvider {
}
-
} catch (final MalformedURLException e) {
log.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
@@ -113,14 +118,14 @@ public abstract class SimpleMetadataProvider implements MetadataProvider {
}
-
/**
* Create a single SAML2 filesystem based metadata provider.
*
* @param metadataFile File, where the metadata should be loaded
- * @param filter Filters, which should be used to validate the metadata
+ * @param filter Filters, which should be used to validate the metadata
* @param idForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param timer {@link Timer} which is used to schedule metadata refresh
+ * operations
* @param pool
*
* @return SAML2 Metadata Provider
@@ -148,7 +153,6 @@ public abstract class SimpleMetadataProvider implements MetadataProvider {
log.warn("Failed to load Metadata file for " + idForLogging + "[ " + "File: "
+ metadataFile.getAbsolutePath() + " Msg: " + e.getMessage() + " ]", e);
-
log.warn("Can not initialize SAML2 metadata provider from filesystem: "
+ metadataFile.getAbsolutePath() + " Reason: " + e.getMessage(), e);
@@ -162,15 +166,14 @@ public abstract class SimpleMetadataProvider implements MetadataProvider {
}
-
-
/**
* Create a single SAML2 HTTP metadata provider.
*
- * @param metadataUrl URL, where the metadata should be loaded
- * @param filter Filters, which should be used to validate the metadata
+ * @param metadataUrl URL, where the metadata should be loaded
+ * @param filter Filters, which should be used to validate the metadata
* @param idForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param timer {@link Timer} which is used to schedule metadata refresh
+ * operations
* @param pool
*
* @return SAML2 Metadata Provider
@@ -220,7 +223,6 @@ public abstract class SimpleMetadataProvider implements MetadataProvider {
// timer.cancel();
// }
-
}
return null;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
index a6d2508d..92d8f4b9 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
@@ -20,8 +20,8 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml;
import java.security.KeyStore;
-import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.security.x509.X509Credential;
/**
* OpenSAML2 KeyStore adapter.
@@ -35,8 +35,8 @@ public class EaafKeyStoreX509CredentialAdapter
/**
* Get an OpenSAML2 keystore.
*
- * @param store Java KeyStore
- * @param alias Key alias
+ * @param store Java KeyStore
+ * @param alias Key alias
* @param password key Password
*/
public EaafKeyStoreX509CredentialAdapter(final KeyStore store, final String alias,
@@ -49,5 +49,4 @@ public class EaafKeyStoreX509CredentialAdapter
return X509Credential.class;
}
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
index 957def02..404b4e8e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
@@ -25,8 +25,7 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.Writer;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder;
+
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.binding.SAMLMessageContext;
@@ -37,6 +36,9 @@ import org.opensaml.ws.transport.http.HTTPTransportUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder;
+
/**
* OpenSAML2 Post-Binding encoder that uses dynamic loaded templates.
*
@@ -46,7 +48,6 @@ import org.slf4j.LoggerFactory;
public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder {
private static final Logger log = LoggerFactory.getLogger(HttpPostEncoderWithOwnTemplate.class);
-
private final VelocityEngine velocityEngine;
private final IVelocityGuiBuilderConfiguration guiConfig;
private final IVelocityGuiFormBuilder guiBuilder;
@@ -54,9 +55,9 @@ public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder {
/**
* Own Post-Binding encoder.
*
- * @param guiConfig GUI configuration
+ * @param guiConfig GUI configuration
* @param guiBuilder GUI builder implementation
- * @param engine velocity engine
+ * @param engine velocity engine
*/
public HttpPostEncoderWithOwnTemplate(final IVelocityGuiBuilderConfiguration guiConfig,
final IVelocityGuiFormBuilder guiBuilder, final VelocityEngine engine) {
@@ -68,12 +69,14 @@ public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder {
}
/**
- * Base64 and POST encodes the outbound message and writes it to the outbound transport.
+ * Base64 and POST encodes the outbound message and writes it to the outbound
+ * transport.
*
* @param messageContext current message context
- * @param endpointUrl endpoint URL to which to encode message
+ * @param endpointUrl endpoint URL to which to encode message
*
- * @throws MessageEncodingException thrown if there is a problem encoding the message
+ * @throws MessageEncodingException thrown if there is a problem encoding the
+ * message
*/
@Override
protected void postEncode(final SAMLMessageContext messageContext, final String endpointUrl)
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
index 2def1446..8838daec 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
@@ -19,7 +19,6 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
import org.opensaml.ws.message.MessageContext;
@@ -27,6 +26,8 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
+
/**
* Create deflate encoded SAML2 redirect-binding informations.
*
@@ -71,5 +72,4 @@ public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
return redirectUrl;
}
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java
index 9db8e5e7..9625b591 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java
@@ -19,6 +19,9 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.xml.ConfigurationException;
+
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributeBuilder;
@@ -27,8 +30,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributeU
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesMarshaller;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesUnmarshaller;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.xml.ConfigurationException;
/**
* EAAF specific OpenSAML Initializer.
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java
index a1a7e9d2..f3e50e4e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java
@@ -84,7 +84,6 @@ public class EaafDefaultSecurityConfigurationBootstrap
// use SHA256 instead of SHA1
config.registerSignatureAlgorithmURI("AES", SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-
config.registerSignatureAlgorithmURI("DESede", SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
@@ -112,7 +111,6 @@ public class EaafDefaultSecurityConfigurationBootstrap
config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
-
config.registerDataEncryptionAlgorithmURI("DESede", Integer.valueOf(168),
"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
config.registerDataEncryptionAlgorithmURI("DESede", Integer.valueOf(192),
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java
index 1ceb5adc..e91ee19c 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java
@@ -22,13 +22,15 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
import org.opensaml.common.impl.AbstractSAMLObject;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.schema.XSBooleanValue;
import org.opensaml.xml.util.AttributeMap;
import org.opensaml.xml.util.XMLObjectChildrenList;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
public class EaafRequestedAttributeImpl extends AbstractSAMLObject
implements EaafRequestedAttribute {
@@ -42,9 +44,9 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject
/**
* Build an EAAF specific requested attribute.
*
- * @param namespaceUri Attribute namespace
+ * @param namespaceUri Attribute namespace
* @param elementLocalName Attribute name
- * @param namespacePrefix Attribute namespace prefix
+ * @param namespacePrefix Attribute namespace prefix
*/
public EaafRequestedAttributeImpl(final String namespaceUri, final String elementLocalName,
final String namespacePrefix) {
@@ -86,19 +88,16 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject
return Collections.unmodifiableList(children);
}
-
@Override
public final AttributeMap getUnknownAttributes() {
return unknownAttributes;
}
-
@Override
public final void setFriendlyName(final String newFriendlyName) {
this.friendlyName = prepareForAssignment(this.friendlyName, newFriendlyName);
}
-
@Override
public void setIsRequired(final Boolean aboolean) {
this.isRequired = String.valueOf(aboolean);
@@ -115,19 +114,16 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject
}
-
@Override
public final void setName(final String newName) {
this.name = prepareForAssignment(this.name, newName);
}
-
@Override
public final void setNameFormat(final String newNameFormat) {
this.nameFormat = prepareForAssignment(this.nameFormat, newNameFormat);
}
-
public final void setUnknownAttributes(final AttributeMap newUnknownAttr) {
this.unknownAttributes = newUnknownAttr;
}
@@ -137,10 +133,6 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject
return XSBooleanValue.valueOf(isRequired);
}
-
-
-
-
@Override
public Boolean isRequired() {
return Boolean.parseBoolean(isRequired);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java
index 3b447538..eefc166b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java
@@ -22,12 +22,14 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+
import org.opensaml.common.impl.AbstractSAMLObject;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.util.IndexedXMLObjectChildrenList;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+
public class EaafRequestedAttributesImpl extends AbstractSAMLObject
implements EaafRequestedAttributes {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index ec4009f0..5c9bb6be 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -23,10 +23,7 @@ import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
+
import org.apache.commons.lang3.StringUtils;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
@@ -36,6 +33,11 @@ import org.opensaml.xml.signature.SignatureConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
+
public abstract class AbstractCredentialProvider {
private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class);
@@ -43,7 +45,8 @@ public abstract class AbstractCredentialProvider {
private KeyStore keyStore = null;
/**
- * Get a friendlyName for this keyStore implementation This friendlyName is used for logging.
+ * Get a friendlyName for this keyStore implementation This friendlyName is used
+ * for logging.
*
* @return keyStore friendlyName
*/
@@ -106,7 +109,6 @@ public abstract class AbstractCredentialProvider {
*/
public abstract String getEncryptionKeyPassword();
-
/**
* Get Credentials to sign metadata.
*
@@ -128,15 +130,15 @@ public abstract class AbstractCredentialProvider {
log.error(getFriendlyName()
+ " Metadata Signing credentials is not found or contains no PrivateKey.");
throw new CredentialsNotAvailableException("config.27",
- new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: "
- + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
+ new Object[] { getFriendlyName() + " Assertion Signing credentials (Alias: "
+ + getMetadataKeyAlias() + ") is not found or contains no PrivateKey." });
}
return credentials;
} catch (final Exception e) {
log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
e.printStackTrace();
- throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e);
+ throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e);
}
}
@@ -160,8 +162,8 @@ public abstract class AbstractCredentialProvider {
log.error(getFriendlyName()
+ " Assertion Signing credentials is not found or contains no PrivateKey.");
throw new CredentialsNotAvailableException("config.27",
- new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: "
- + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
+ new Object[] { getFriendlyName() + " Assertion Signing credentials (Alias: "
+ + getSignatureKeyAlias() + ") is not found or contains no PrivateKey." });
}
@@ -169,7 +171,7 @@ public abstract class AbstractCredentialProvider {
} catch (final Exception e) {
log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
e.printStackTrace();
- throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e);
+ throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e);
}
}
@@ -200,8 +202,8 @@ public abstract class AbstractCredentialProvider {
log.error(getFriendlyName()
+ " Assertion Encryption credentials is not found or contains no PrivateKey.");
throw new CredentialsNotAvailableException("config.27",
- new Object[] {getFriendlyName() + " Assertion Encryption credentials (Alias: "
- + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
+ new Object[] { getFriendlyName() + " Assertion Encryption credentials (Alias: "
+ + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey." });
}
@@ -210,7 +212,7 @@ public abstract class AbstractCredentialProvider {
} catch (final Exception e) {
log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
e.printStackTrace();
- throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e);
+ throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e);
}
}
@@ -234,7 +236,6 @@ public abstract class AbstractCredentialProvider {
log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId()
+ " credential.");
-
}
signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java
index 876fa744..31ffd5a7 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java
@@ -20,14 +20,17 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
import java.util.List;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException;
+
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException;
+
/**
- * EAAF LoA Level verifier checks if requested LoA matchs to LoA of authentication.
+ * EAAF LoA Level verifier checks if requested LoA matchs to LoA of
+ * authentication.
*
*
* @author tlenz
@@ -40,23 +43,23 @@ public class QaaLevelVerifier {
private static boolean verifyQaaLevel(final String qaaAuth, final String requiredLoA,
final String matchingMode) throws QaaNotAllowedException {
// to MINIMUM machting
- if (EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) {
+ if (EaafConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) {
log.trace("Perfom LoA matching in 'MINIMUM' mode ... ");
- if (EAAFConstants.EIDAS_LOA_LOW.equals(requiredLoA)
- && (EAAFConstants.EIDAS_LOA_LOW.equals(qaaAuth)
- || EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth)
- || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) {
+ if (EaafConstants.EIDAS_LOA_LOW.equals(requiredLoA)
+ && (EaafConstants.EIDAS_LOA_LOW.equals(qaaAuth)
+ || EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth)
+ || EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) {
return true;
- } else if (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA)
- && (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth)
- || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) {
+ } else if (EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA)
+ && (EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth)
+ || EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) {
return true;
- } else if (EAAFConstants.EIDAS_LOA_HIGH.equals(requiredLoA)
- && EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) {
+ } else if (EaafConstants.EIDAS_LOA_HIGH.equals(requiredLoA)
+ && EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) {
return true;
}
- } else if (EAAFConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) {
+ } else if (EaafConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) {
// to EXACT matching
log.trace("Perfom LoA matching in 'EXACT' mode ... ");
if (qaaAuth.equals(requiredLoA)) {
@@ -78,7 +81,7 @@ public class QaaLevelVerifier {
/**
* Check LoA level.
*
- * @param qaaAuth LoA of authentication
+ * @param qaaAuth LoA of authentication
* @param requiredLoAs List of allowed LoA levels
* @param matchingMode LoA matching mode
* @throws QaaNotAllowedException If LoA does not match
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
index 8bcc3e74..1a282b55 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
@@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
import java.io.IOException;
import java.util.List;
+
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -29,9 +30,7 @@ import javax.xml.transform.TransformerException;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.core.Attribute;
@@ -51,6 +50,10 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
public class Saml2Utils {
private static final Logger log = LoggerFactory.getLogger(Saml2Utils.class);
@@ -66,13 +69,13 @@ public class Saml2Utils {
} catch (final ParserConfigurationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- }
+ }
}
/**
* Create a SAML2 object.
*
- * @param <T> SAML2 object class
+ * @param <T> SAML2 object class
* @param clazz object class
* @return SAML2 object
*/
@@ -103,14 +106,13 @@ public class Saml2Utils {
}
-
/**
* Transform SAML2 Object to Element.
*
* @param object SAML2 object
* @return Element
- * @throws IOException In case of an transformation error
- * @throws MarshallingException In case of an transformation error
+ * @throws IOException In case of an transformation error
+ * @throws MarshallingException In case of an transformation error
* @throws TransformerException In case of an transformation error
*/
public static Document asDomDocument(final XMLObject object)
@@ -178,9 +180,9 @@ public class Saml2Utils {
/**
* Generate EAAF specific requested attribute.
*
- * @param attr SAML2 attribute definition
+ * @param attr SAML2 attribute definition
* @param isRequired is-mandatory flag
- * @param value Attribute value
+ * @param value Attribute value
* @return
*/
public static EaafRequestedAttribute generateReqAuthnAttributeSimple(final Attribute attr,
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java
index fcee2382..ca37d6e5 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java
@@ -23,7 +23,6 @@ import org.opensaml.common.binding.decoding.URIComparator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-
public class EaafUriCompare implements URIComparator {
private static final Logger log = LoggerFactory.getLogger(EaafUriCompare.class);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java
index d8ae95a0..6497ce06 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java
@@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation;
import java.util.ArrayList;
import java.util.List;
+
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java
index 40cbdeb0..d1eb66a3 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java
@@ -22,9 +22,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
+
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
@@ -32,6 +30,10 @@ import org.opensaml.xml.XMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
+
public abstract class AbstractMetadataSignatureFilter implements MetadataFilter {
private static final Logger log = LoggerFactory.getLogger(AbstractMetadataSignatureFilter.class);
@@ -42,28 +44,24 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter
final EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
if (entitiesDescriptor.getSignature() == null) {
throw new Pvp2MetadataException("pvp2.26",
- new Object[] {"Root element of metadata file has to be signed"});
+ new Object[] { "Root element of metadata file has to be signed" });
}
processEntitiesDescriptor(entitiesDescriptor);
-
if (entitiesDescriptor.getEntityDescriptors().size() == 0) {
throw new Pvp2MetadataException("pvp2.26",
- new Object[] {"No valid entity in metadata " + entitiesDescriptor.getName()});
+ new Object[] { "No valid entity in metadata " + entitiesDescriptor.getName() });
}
-
} else if (metadata instanceof EntityDescriptor) {
final EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
processEntityDescriptorr(entityDescriptor);
} else {
throw new Pvp2MetadataException("pvp2.26",
- new Object[] {"Invalid Metadata file Root element is unknown"});
+ new Object[] { "Invalid Metadata file Root element is unknown" });
}
-
-
log.info("Metadata signature policy check done OK");
} catch (final EaafException e) {
log.warn("Metadata signature policy check FAILED.", e);
@@ -76,7 +74,8 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter
* Signature verification of a SAML2 EntityDescriptor element.
*
* @param desc EntityDescriptor
- * @throws Pvp2MetadataException if the signature is not valid or can not verified
+ * @throws Pvp2MetadataException if the signature is not valid or can not
+ * verified
*/
protected abstract void verify(EntityDescriptor desc) throws Pvp2MetadataException;
@@ -84,7 +83,8 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter
* Signature verification of a SAML2 EntitiesDescriptor element.
*
* @param desc EntitiesDescriptor
- * @throws Pvp2MetadataException if the signature is not valid or can not verified
+ * @throws Pvp2MetadataException if the signature is not valid or can not
+ * verified
*/
protected abstract void verify(EntitiesDescriptor desc) throws Pvp2MetadataException;
@@ -92,13 +92,12 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter
* Verify a EntityDescriptor element of an EntitiesDescriptor.
*
* @param entity EntityDescriptor to verify
- * @param desc Full EntitiesDescriptor that contains the EntityDescriptor
+ * @param desc Full EntitiesDescriptor that contains the EntityDescriptor
* @throws Pvp2MetadataException In case of an verification error
*/
protected abstract void verify(EntityDescriptor entity, EntitiesDescriptor desc)
throws Pvp2MetadataException;
-
private void processEntityDescriptorr(final EntityDescriptor desc) throws EaafException {
verify(desc);
@@ -130,7 +129,6 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter
verifiedEntIT.add(entity);
log.debug("Metadata for entityID: " + entity.getEntityID() + " valid");
-
} catch (final Exception e) {
// remove entity of signature can not be verified.
log.info("Entity " + entity.getEntityID() + " is removed from metadata " + desc.getName()
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java
index 2d81b1f8..797335d8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java
@@ -21,11 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
import java.util.ArrayList;
import java.util.List;
-import at.gv.egiz.eaaf.core.impl.data.Trible;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.core.Attribute;
@@ -43,8 +39,15 @@ import org.opensaml.xml.XMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
/**
- * Metadata filter that inject requested attributes based on Metadata EntityCategories.
+ * Metadata filter that inject requested attributes based on Metadata
+ * EntityCategories.
*
* @author tlenz
*
@@ -57,18 +60,20 @@ public class PvpEntityCategoryFilter implements MetadataFilter {
/**
* Filter to map PVP EntityCategories into a set of single PVP attributes.
*
- * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
+ * @param isUsed if true PVP EntityCategories are mapped, otherwise they are
+ * ignored
*
*/
public PvpEntityCategoryFilter(final boolean isUsed) {
this.isUsed = isUsed;
}
-
/*
* (non-Javadoc)
*
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ * @see
+ * org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml
+ * .XMLObject)
*/
@Override
public void doFilter(final XMLObject metadata) throws FilterException {
@@ -91,14 +96,11 @@ public class PvpEntityCategoryFilter implements MetadataFilter {
log.trace("Find EntityDescriptor");
resolveEntityCategoriesToAttributes((EntityDescriptor) metadata);
-
} else {
throw new Pvp2MetadataException("pvp2.26", new Object[] {
- "Invalid Metadata file Root element is no Entities- or EntityDescriptor"});
+ "Invalid Metadata file Root element is no Entities- or EntityDescriptor" });
}
-
-
} catch (final Exception e) {
log.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: "
+ entityId, e);
@@ -136,7 +138,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter {
buildAttributeList(PvpConstants.EGOVTOKEN_PVP_ATTRIBUTES),
entityAttrValue);
-
} else if (PvpConstants.CITIZENTOKEN.equals(entityAttrValue)) {
log.debug(
"Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... ");
@@ -176,7 +177,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter {
}
-
private void addAttributesToEntityDescriptor(final EntityDescriptor metadata,
final List<RequestedAttribute> attrList, final String entityAttr) {
final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
@@ -212,7 +212,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter {
currentlyReqAttr.add(reqAttr.getName());
}
-
// check against EntityAttribute List
for (final RequestedAttribute entityAttrListEl : attrList) {
if (!currentlyReqAttr.contains(entityAttrListEl.getName())) {
@@ -245,7 +244,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter {
return requestedAttributes;
-
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
index 3ff78ca8..6dcc3234 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java
@@ -22,7 +22,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+
import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
@@ -31,6 +31,8 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+
public class SchemaValidationFilter implements MetadataFilter {
private static final Logger log = LoggerFactory.getLogger(SchemaValidationFilter.class);
private boolean isActive = true;
@@ -43,11 +45,12 @@ public class SchemaValidationFilter implements MetadataFilter {
this.isActive = useSchemaValidation;
}
-
/*
* (non-Javadoc)
*
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ * @see
+ * org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml
+ * .XMLObject)
*/
@Override
public void doFilter(final XMLObject arg0) throws FilterException {
@@ -84,7 +87,7 @@ public class SchemaValidationFilter implements MetadataFilter {
}
throw new FilterException(new SchemaValidationException("pvp2.26",
- new Object[] {"Metadata Schema validation FAILED with message: " + errString}));
+ new Object[] { "Metadata Schema validation FAILED with message: " + errString }));
} else {
log.info("Metadata Schema validation check is DEACTIVATED!");
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java
index fc1b6ea8..6d78b775 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java
@@ -23,7 +23,7 @@ import javax.xml.namespace.QName;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.xml.SAMLConstants;
@@ -45,6 +45,8 @@ import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+
/**
* Signature Policy for SAML2 redirect-binding.
*
@@ -56,7 +58,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit
private static final Logger log =
LoggerFactory.getLogger(AbstractRequestSignedSecurityPolicyRule.class);
-
private SignatureTrustEngine trustEngine = null;
private QName peerEntityRole = null;
@@ -73,7 +74,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit
}
-
/**
* Reload the PVP metadata for a given entity.
*
@@ -82,14 +82,14 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit
*/
protected abstract boolean refreshMetadataProvider(String entityID);
-
protected abstract SignableSAMLObject getSignedSamlObject(XMLObject inboundData);
/*
* (non-Javadoc)
*
* @see
- * org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext)
+ * org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.
+ * MessageContext)
*/
@Override
public void evaluate(final MessageContext context) throws SecurityPolicyException {
@@ -114,7 +114,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit
}
-
}
private void verifySignature(final MessageContext context) throws SecurityPolicyException {
@@ -136,8 +135,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit
}
-
-
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIDCriteria(context.getInboundMessageIssuer()));
criteriaSet.add(new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS));
@@ -191,7 +188,7 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit
}
- throw new SchemaValidationException("pvp2.22", new Object[] {err});
+ throw new SchemaValidationException("pvp2.22", new Object[] { err });
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java
index 8f042ae2..42d7d6a1 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java
@@ -20,6 +20,7 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
import java.util.List;
+
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
import org.opensaml.ws.transport.http.HTTPInTransport;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java
index 0d108596..c7a43b0b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java
@@ -20,12 +20,14 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
import javax.xml.namespace.QName;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.signature.SignatureTrustEngine;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+
public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPolicyRule {
private IRefreshableMetadataProvider metadataProvider = null;
@@ -34,8 +36,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol
* EAAF specific signature rule for OpenSAML2 redirect-binding.
*
* @param metadataProvider SAML2 metadata provider
- * @param trustEngine SAML2 TrustEngine
- * @param peerEntityRole Role of the Entity
+ * @param trustEngine SAML2 TrustEngine
+ * @param peerEntityRole Role of the Entity
*/
public PvpSignedRequestPolicyRule(final MetadataProvider metadataProvider,
final SignatureTrustEngine trustEngine, final QName peerEntityRole) {
@@ -49,8 +51,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol
/*
* (non-Javadoc)
*
- * @see
- * at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.
+ * AbstractRequestSignedSecurityPolicyRule#
* refreshMetadataProvider(java.lang.String)
*/
@Override
@@ -66,8 +68,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol
/*
* (non-Javadoc)
*
- * @see
- * at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.
+ * AbstractRequestSignedSecurityPolicyRule#
* getSignedSAMLObject(org.opensaml.xml.XMLObject)
*/
@Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
index 024c35d8..df91ce53 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
@@ -24,14 +24,6 @@ import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
-import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.common.xml.SAMLSchemaBuilder;
@@ -54,20 +46,29 @@ import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+
@Service("SAMLVerificationEngine")
public class SamlVerificationEngine {
private static final Logger log = LoggerFactory.getLogger(SamlVerificationEngine.class);
-
@Autowired(required = true)
IPvpMetadataProvider metadataProvider;
/**
* Verify signature of a signed SAML2 object.
*
- * @param msg SAML2 message
+ * @param msg SAML2 message
* @param sigTrustEngine TrustEngine
- * @throws org.opensaml.xml.security.SecurityException In case of invalid signature
+ * @throws org.opensaml.xml.security.SecurityException In case of
+ * invalid signature
* @throws Exception In case of a general error
*/
public void verify(final InboundMessage msg, final SignatureTrustEngine sigTrustEngine)
@@ -77,13 +78,13 @@ public class SamlVerificationEngine {
&& ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) {
verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(),
sigTrustEngine);
- } else if (msg instanceof PvpSProfileResponse){
+ } else if (msg instanceof PvpSProfileResponse) {
verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine);
-
+
} else {
- log.warn("SAML2 message type: {} not supported", msg.getClass().getName());
- throw new EaafProtocolException("9999", null);
-
+ log.warn("SAML2 message type: {} not supported", msg.getClass().getName());
+ throw new EaafProtocolException("9999", null);
+
}
} catch (final InvalidProtocolRequestException e) {
@@ -139,7 +140,7 @@ public class SamlVerificationEngine {
throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
} catch (final SchemaValidationException e) {
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() });
}
@@ -170,7 +171,7 @@ public class SamlVerificationEngine {
throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
} catch (final SchemaValidationException e) {
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() });
}
@@ -218,7 +219,7 @@ public class SamlVerificationEngine {
}
- throw new SchemaValidationException("pvp2.22", new Object[] {err});
+ throw new SchemaValidationException("pvp2.22", new Object[] { err });
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java
index e1c21ae7..fd04e38f 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/api/builder/ISubjectNameIdGenerator.java
@@ -20,7 +20,7 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.api.builder;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IspConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
@@ -34,6 +34,6 @@ public interface ISubjectNameIdGenerator {
* @return Pair of subjectNameId and NameIdFormat
* @throws Pvp2Exception In case of an error
*/
- Pair<String, String> generateSubjectNameId(IAuthData authData, IspConfiguration spConfig)
+ Pair<String, String> generateSubjectNameId(IAuthData authData, ISpConfiguration spConfig)
throws Pvp2Exception;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index 8c74c3fb..7ff2fe6a 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -25,7 +25,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egiz.components.eventlog.api.EventConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
@@ -459,7 +459,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
}
- if (authnRequest.getIssueInstant().minusMinutes(EAAFConstants.ALLOWED_TIME_JITTER)
+ if (authnRequest.getIssueInstant().minusMinutes(EaafConstants.ALLOWED_TIME_JITTER)
.isAfterNow()) {
log.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
throw new AuthnRequestValidatorException("pvp2.22",
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
index 9378b579..189e6128 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -29,7 +29,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
+import at.gv.egiz.eaaf.core.impl.data.SloInformationImpl;
import at.gv.egiz.eaaf.modules.pvp2.api.IPvo2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
@@ -106,7 +106,7 @@ public class AuthenticationAction implements IAction {
consumerService.setLocation(pvpRequest.getConsumerUrl());
final DateTime date = new DateTime();
- final SLOInformationImpl sloInformation = new SLOInformationImpl();
+ final SloInformationImpl sloInformation = new SloInformationImpl();
final String issuerEntityID = pvpBasicConfiguration.getIdpEntityId(pvpRequest.getAuthUrl());
// build Assertion
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
index 79de4567..f57f9db0 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
@@ -23,10 +23,10 @@ import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IspConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
@@ -138,7 +138,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
final AssertionConsumerService assertionConsumerService,
final SloInformationInterface sloInformation) throws Pvp2Exception {
- final IspConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
+ final ISpConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
final AuthnContextClassRef authnContextClassRef =
Saml2Utils.createSamlObject(AuthnContextClassRef.class);
@@ -153,7 +153,7 @@ public class Pvp2AssertionBuilder implements PvpConstants {
reqAuthnContext.getAuthnContextClassRefs();
// get matching mode from authn. request
- String loaMatchingMode = EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
+ String loaMatchingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM;
if (reqAuthnContext.getComparison() != null
&& StringUtils.isNotEmpty(reqAuthnContext.getComparison().toString())) {
loaMatchingMode = reqAuthnContext.getComparison().toString();
@@ -170,10 +170,10 @@ public class Pvp2AssertionBuilder implements PvpConstants {
for (final AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
final String qaa_uri = authnClassRef.getAuthnContextClassRef();
- if (!qaa_uri.trim().startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) {
+ if (!qaa_uri.trim().startsWith(EaafConstants.EIDAS_LOA_PREFIX)) {
if (loaLevelMapper != null) {
log.debug("Find no eIDAS LoA in AuthnReq. Start mapping process ... ");
- eidasLoaFromRequest.add(loaLevelMapper.mapToeIDASLoA(qaa_uri.trim()));
+ eidasLoaFromRequest.add(loaLevelMapper.mapToEidasLoa(qaa_uri.trim()));
} else {
log.debug("AuthnRequest contains no eIDAS LoA. NO LoA mapper FOUND, ignore " + "'"
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java
index 07e9c28d..2e747656 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPvpAuthnRequestBuilderConfiguruation.java
@@ -20,12 +20,14 @@
package at.gv.egiz.eaaf.modules.pvp2.sp.api;
import java.util.List;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.xml.security.credential.Credential;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+
/**
* Configuration of a PVP2 S-Profile authentication-request builder.
*
@@ -35,7 +37,8 @@ import org.w3c.dom.Element;
public interface IPvpAuthnRequestBuilderConfiguruation {
/**
- * Defines a unique name for this PVP Service-provider, which is used for logging.
+ * Defines a unique name for this PVP Service-provider, which is used for
+ * logging.
*
* @return
*/
@@ -49,8 +52,8 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
Boolean isPassivRequest();
/**
- * Define the ID of the AssertionConsumerService, which defines the required attributes in
- * service-provider metadata.
+ * Define the ID of the AssertionConsumerService, which defines the required
+ * attributes in service-provider metadata.
*
* @return
*/
@@ -73,10 +76,10 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
/**
* Define the AuthnContextClassRefernece of this request.
*
- *<p>
+ * <p>
* Example: http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3
* http://www.stork.gov.eu/1.0/citizenQAALevel/4
- *</p>
+ * </p>
*
* @return
*/
@@ -89,7 +92,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*/
AuthnContextComparisonTypeEnumeration getAuthnContextComparison();
-
/**
* Define the credential, which should be used to sign the AuthnRequest.
*
@@ -97,9 +99,9 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*/
Credential getAuthnRequestSigningCredential();
-
/**
- * Define the SAML2 EntityDescriptor of the IDP, which should receive the AuthnRequest.
+ * Define the SAML2 EntityDescriptor of the IDP, which should receive the
+ * AuthnRequest.
*
* @return Credential, but never null.
*/
@@ -112,7 +114,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*/
boolean getNameIdPolicyAllowCreation();
-
/**
* Set the requested SubjectNameID.
*
@@ -155,11 +156,11 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
* Define the information, which should be added as 'subjectConformationDate' in
* 'SubjectConformation' element.
*
- * @return subjectConformation information or null if no subjectConformation should be set
+ * @return subjectConformation information or null if no subjectConformation
+ * should be set
*/
Element getSubjectConformationDate();
-
/**
* Get the EntityId of the SP in case of a SAML2 proxy use-case.
*
@@ -167,7 +168,6 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*/
String getScopeRequesterId();
-
/**
* Get a FriendlyName for the SP that sends the request.
*
@@ -175,10 +175,11 @@ public interface IPvpAuthnRequestBuilderConfiguruation {
*/
String getProviderName();
-
/**
- * Get a Set of SAML2 attributes that are requested by using SAML2 requested attributes. <br>
- * <b>Info:</b> Attributes are requested by using eIDAS SAML2 extension for requested attributes
+ * Get a Set of SAML2 attributes that are requested by using SAML2 requested
+ * attributes. <br>
+ * <b>Info:</b> Attributes are requested by using eIDAS SAML2 extension for
+ * requested attributes
*
* @return
*/
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java
index 1096c535..03fae599 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AssertionValidationExeption.java
@@ -21,7 +21,6 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-
public class AssertionValidationExeption extends Pvp2Exception {
private static final long serialVersionUID = -3987805399122286259L;
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java
index 5ad42fb7..251ba759 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnRequestBuildException.java
@@ -21,10 +21,8 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-
public class AuthnRequestBuildException extends Pvp2Exception {
-
private static final long serialVersionUID = -1375451065455859354L;
public AuthnRequestBuildException(final String messageId, final Object[] parameters) {
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java
index d8d7683c..44fbf40f 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/exception/AuthnResponseValidationException.java
@@ -21,18 +21,16 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-
public class AuthnResponseValidationException extends Pvp2Exception {
-
private static final long serialVersionUID = 8023812861029406575L;
-
public AuthnResponseValidationException(final String messageId, final Object[] parameters) {
super(messageId, parameters);
}
- public AuthnResponseValidationException(final String messageId, final Object[] parameters, final Throwable e) {
+ public AuthnResponseValidationException(final String messageId, final Object[] parameters,
+ final Throwable e) {
super(messageId, parameters, e);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
index 11b1ecad..9b284c88 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
@@ -21,18 +21,9 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.impl;
import java.security.NoSuchAlgorithmException;
import java.util.List;
+
import javax.servlet.http.HttpServletResponse;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation;
-import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
@@ -61,6 +52,18 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+
/**
* PVP2 S-Profil Authentication-Request builder-implementation.
*
@@ -71,21 +74,19 @@ import org.springframework.stereotype.Service;
public class PvpAuthnRequestBuilder {
private static final Logger log = LoggerFactory.getLogger(PvpAuthnRequestBuilder.class);
-
@Autowired(required = true)
ApplicationContext springContext;
-
/**
* Build a PVP2.x specific authentication request
*
* @param pendingReq Currently processed pendingRequest
- * @param config AuthnRequest builder configuration, never null
- * @param httpResp http response object
+ * @param config AuthnRequest builder configuration, never null
+ * @param httpResp http response object
* @throws NoSuchAlgorithmException In case of error
- * @throws SecurityException In case of error
- * @throws Pvp2Exception In case of error
- * @throws MessageEncodingException In case of error
+ * @throws SecurityException In case of error
+ * @throws Pvp2Exception In case of error
+ * @throws MessageEncodingException In case of error
*/
public void buildAuthnRequest(final IRequest pendingReq,
final IPvpAuthnRequestBuilderConfiguruation config, final HttpServletResponse httpResp)
@@ -115,13 +116,12 @@ public class PvpAuthnRequestBuilder {
log.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID()
+ " does not support POST or Redirect Binding.");
throw new AuthnRequestBuildException("sp.pvp2.00",
- new Object[] {config.getSpNameForLogging(), idpEntity.getEntityID()});
+ new Object[] { config.getSpNameForLogging(), idpEntity.getEntityID() });
} else {
authReq.setDestination(endpoint.getLocation());
}
-
// set basic AuthnRequest information
final String reqID = config.getRequestID();
if (StringUtils.isNotEmpty(reqID)) {
@@ -217,7 +217,6 @@ public class PvpAuthnRequestBuilder {
}
-
// set ProviderName
if (StringUtils.isNotEmpty(config.getProviderName())) {
authReq.setProviderName(config.getProviderName());
@@ -254,10 +253,10 @@ public class PvpAuthnRequestBuilder {
binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
} else {
- log.warn("Binding: {} is not supported", endpoint.getBinding());
- throw new AuthnRequestBuildException("sp.pvp2.00",
- new Object[] {config.getSpNameForLogging(), idpEntity.getEntityID()});
-
+ log.warn("Binding: {} is not supported", endpoint.getBinding());
+ throw new AuthnRequestBuildException("sp.pvp2.00",
+ new Object[] { config.getSpNameForLogging(), idpEntity.getEntityID() });
+
}
// encode message
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
index 42d1c85e..fa2b9312 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
@@ -27,8 +27,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+
import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
@@ -42,6 +41,9 @@ import org.opensaml.xml.XMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+
public class AssertionAttributeExtractor {
private static final Logger log = LoggerFactory.getLogger(AssertionAttributeExtractor.class);
@@ -61,7 +63,8 @@ public class AssertionAttributeExtractor {
/**
* Parse the SAML2 Response element and extracts included information. <br>
* <br>
- * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response is used!
+ * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response
+ * is used!
*
* @param samlResponse SAML2 Response
* @throws AssertionAttributeExtractorExeption In case of an error
@@ -131,7 +134,8 @@ public class AssertionAttributeExtractor {
}
/**
- * check attributes from assertion with attributeNameList bPK or enc_bPK are always needed.
+ * check attributes from assertion with attributeNameList bPK or enc_bPK are
+ * always needed.
*
* @param attributeNameList List of attributes which are required
*
@@ -269,14 +273,14 @@ public class AssertionAttributeExtractor {
return assertion;
}
-
/**
* Get the Assertion validTo period.
*
- *<p>
- * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used. If
- * this is empty, this method returns value of SAML 'Conditions' element.
- *</p>
+ * <p>
+ * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment'
+ * element is used. If this is empty, this method returns value of SAML
+ * 'Conditions' element.
+ * </p>
*
* @return Date, until this SAML2 assertion is valid
*/
@@ -298,9 +302,9 @@ public class AssertionAttributeExtractor {
/**
* Get the Assertion validFrom period.
*
- *<p>
+ * <p>
* This method returns value of SAML 'Conditions' element.
- *</p>
+ * </p>
*
* @return Date, after this SAML2 assertion is valid, otherwise null
*/
@@ -331,21 +335,9 @@ public class AssertionAttributeExtractor {
&& assertion.getAttributeStatements().size() > 0) {
final AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
for (final Attribute attr : attrStat.getAttributes()) {
-// if (attr.getName().startsWith(PvpConstants.STORK_ATTRIBUTE_PREFIX)) {
-// final List<String> storkAttrValues = new ArrayList<>();
-// for (final XMLObject el : attr.getAttributeValues()) {
-// storkAttrValues.add(el.getDOM().getTextContent());
-// }
- // PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
- // false, storkAttrValues , "Available");
- // storkAttributes.put(attr.getName(), storkAttr );
-
-// } else {
- final List<String> attrList = new ArrayList<>();
- for (final XMLObject el : attr.getAttributeValues()) {
- attrList.add(el.getDOM().getTextContent());
- // }
-
+ final List<String> attrList = new ArrayList<>();
+ for (final XMLObject el : attr.getAttributeValues()) {
+ attrList.add(el.getDOM().getTextContent());
attributs.put(attr.getName(), attrList);
}