From 41ea2fdf782cd64d7d29f73c2e83f9c255810818 Mon Sep 17 00:00:00 2001
From: Thomas <thomas.lenz@egiz.gv.at>
Date: Sun, 2 Feb 2020 19:32:21 +0100
Subject: some more OpenSAML3 refactoring stuff

---
 .../pvp2/impl/builder/PvpMetadataBuilder.java      | 92 +++++++---------------
 1 file changed, 29 insertions(+), 63 deletions(-)

(limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java')

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
index 42f69a57..d5893d4a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java
@@ -20,31 +20,19 @@
 package at.gv.egiz.eaaf.modules.pvp2.impl.builder;
 
 import java.io.IOException;
-import java.io.StringWriter;
 import java.util.Collection;
 import java.util.List;
 
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
+import javax.naming.ConfigurationException;
 import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
 
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-
-import org.apache.commons.httpclient.auth.CredentialsNotAvailableException;
 import org.apache.commons.lang3.StringUtils;
 import org.joda.time.DateTime;
-import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
-import org.opensaml.core.xml.io.Marshaller;
 import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.common.SignableSAMLObject;
 import org.opensaml.saml.common.xml.SAMLConstants;
 import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml.saml2.metadata.AttributeConsumingService;
@@ -64,16 +52,20 @@ import org.opensaml.saml.saml2.metadata.SingleSignOnService;
 import org.opensaml.security.SecurityException;
 import org.opensaml.security.credential.Credential;
 import org.opensaml.security.credential.UsageType;
-import org.opensaml.xml.security.SecurityHelper;
 import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
 import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
-import org.opensaml.xmlsec.signature.Signature;
 import org.opensaml.xmlsec.signature.support.SignatureException;
-import org.opensaml.xmlsec.signature.support.Signer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
-import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import net.shibboleth.utilities.java.support.xml.SerializeSupport;
 
 /**
  * PVP metadata builder implementation.
@@ -153,19 +145,9 @@ public class PvpMetadataBuilder {
       }
 
     }
-
-    // set metadata signature parameters
-    final Credential metadataSignCred = config.getMetadataSigningCredentials();
-    final Signature signature = AbstractCredentialProvider.getIdpSignature(metadataSignCred);
-    SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
-
-    // initialize XML document builder
-    DocumentBuilder builder;
-    final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-
-    builder = factory.newDocumentBuilder();
-    final Document document = builder.newDocument();
-
+   
+    SignableSAMLObject metadataToSign;
+    
     // build entities descriptor
     if (config.buildEntitiesDescriptorAsRootElement()) {
       final EntitiesDescriptor entitiesDescriptor =
@@ -174,45 +156,29 @@ public class PvpMetadataBuilder {
       entitiesDescriptor.setID(Saml2Utils.getSecureIdentifier());
       entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
       entitiesDescriptor.getEntityDescriptors().add(entityDescriptor);
-
-      // load default PVP security configurations
-      entitiesDescriptor.setSignature(signature);
-
-      // marshall document
-      final Marshaller out =
-          XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(entitiesDescriptor);
-      out.marshall(entitiesDescriptor, document);
-
+      metadataToSign = entitiesDescriptor;
+     
     } else {
       entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
       entityDescriptor.setID(Saml2Utils.getSecureIdentifier());
-
-      entityDescriptor.setSignature(signature);
-
-      // marshall document
-      final Marshaller out =
-          XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(entityDescriptor);
-      out.marshall(entityDescriptor, document);
-
+      metadataToSign = entityDescriptor;
+      
     }
 
     // sign metadata
-    Signer.signObject(signature);
-
-    // transform metadata object to XML string
-    final Transformer transformer = TransformerFactory.newInstance().newTransformer();
-
-    final StringWriter sw = new StringWriter();
-    final StreamResult sr = new StreamResult(sw);
-    final DOMSource source = new DOMSource(document);
-    transformer.transform(source, sr);
-    sw.close();
-
-    return sw.toString();
+    final EaafX509Credential metadataSignCred = config.getMetadataSigningCredentials();
+    SignableSAMLObject signedMetadata = Saml2Utils.signSamlObject(metadataToSign, metadataSignCred, true);
+    
+   
+    // Serialize metadata
+    final Element document =XMLObjectSupport.marshall(signedMetadata);
+    String serializedMetadata = SerializeSupport.nodeToString(document);
+    return serializedMetadata;
+    
   }
 
   private RoleDescriptor generateSpMetadata(final IPvpMetadataBuilderConfiguration config)
-      throws CredentialsNotAvailableException, SecurityException, EaafException {
+      throws SecurityException, EaafException {
     final SPSSODescriptor spSsoDescriptor = Saml2Utils.createSamlObject(SPSSODescriptor.class);
     spSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
     spSsoDescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned());
@@ -353,7 +319,7 @@ public class PvpMetadataBuilder {
   }
 
   private IDPSSODescriptor generateIdpMetadata(final IPvpMetadataBuilderConfiguration config)
-      throws EaafException, CredentialsNotAvailableException, SecurityException {
+      throws EaafException, SecurityException {
     // check response signing credential
     final Credential responseSignCred = config.getRequestorResponseSigningCredentials();
     if (responseSignCred == null) {
-- 
cgit v1.2.3