From e7610325ee2f1d1f4e97e1e7a9b212e692836b5a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 4 Feb 2020 17:37:34 +0100 Subject: first stable version that uses OpenSAML 3.x --- .../pvp2/impl/builder/PvpMetadataBuilder.java | 53 ++++++++++++++-------- 1 file changed, 35 insertions(+), 18 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java') diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java index d5893d4a..92922e09 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java @@ -20,6 +20,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder; import java.io.IOException; +import java.text.MessageFormat; import java.util.Collection; import java.util.List; @@ -28,6 +29,13 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactoryConfigurationError; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.opensaml.core.xml.io.MarshallingException; @@ -57,14 +65,8 @@ import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory; import org.opensaml.xmlsec.signature.support.SignatureException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; import org.w3c.dom.Element; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import net.shibboleth.utilities.java.support.xml.SerializeSupport; /** @@ -74,9 +76,10 @@ import net.shibboleth.utilities.java.support.xml.SerializeSupport; * */ -@Service("PVPMetadataBuilder") public class PvpMetadataBuilder { + private static final String ERROR_ROLE_DESCR = "Can not build {0}"; + private static final Logger log = LoggerFactory.getLogger(PvpMetadataBuilder.class); X509KeyInfoGeneratorFactory keyInfoFactory = null; @@ -133,6 +136,12 @@ public class PvpMetadataBuilder { final RoleDescriptor idpSsoDesc = generateIdpMetadata(config); if (idpSsoDesc != null) { entityDescriptor.getRoleDescriptors().add(idpSsoDesc); + + } else { + final String msg = MessageFormat.format(ERROR_ROLE_DESCR, + IDPSSODescriptor.DEFAULT_ELEMENT_LOCAL_NAME); + throw new EaafBuilderException("internal.pvp.13", new Object[] { msg }, msg); + } } @@ -142,12 +151,17 @@ public class PvpMetadataBuilder { final RoleDescriptor spSsoDesc = generateSpMetadata(config); if (spSsoDesc != null) { entityDescriptor.getRoleDescriptors().add(spSsoDesc); + + } else { + final String msg = MessageFormat.format(ERROR_ROLE_DESCR, SPSSODescriptor.DEFAULT_ELEMENT_LOCAL_NAME); + throw new EaafBuilderException("internal.pvp.13", new Object[] { msg }, msg); + } } - + SignableSAMLObject metadataToSign; - + // build entities descriptor if (config.buildEntitiesDescriptorAsRootElement()) { final EntitiesDescriptor entitiesDescriptor = @@ -157,24 +171,24 @@ public class PvpMetadataBuilder { entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil())); entitiesDescriptor.getEntityDescriptors().add(entityDescriptor); metadataToSign = entitiesDescriptor; - + } else { entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil())); entityDescriptor.setID(Saml2Utils.getSecureIdentifier()); metadataToSign = entityDescriptor; - + } // sign metadata final EaafX509Credential metadataSignCred = config.getMetadataSigningCredentials(); - SignableSAMLObject signedMetadata = Saml2Utils.signSamlObject(metadataToSign, metadataSignCred, true); - - + final SignableSAMLObject signedMetadata = Saml2Utils.signSamlObject(metadataToSign, metadataSignCred, + true); + // Serialize metadata - final Element document =XMLObjectSupport.marshall(signedMetadata); - String serializedMetadata = SerializeSupport.nodeToString(document); + final Element document = XMLObjectSupport.marshall(signedMetadata); + final String serializedMetadata = SerializeSupport.nodeToString(document); return serializedMetadata; - + } private RoleDescriptor generateSpMetadata(final IPvpMetadataBuilderConfiguration config) @@ -402,7 +416,10 @@ public class PvpMetadataBuilder { idpSsoDescriptor.getKeyDescriptors().add(signKeyDescriptor); // set IDP attribute set - idpSsoDescriptor.getAttributes().addAll(config.getIdpPossibleAttributes()); + if (config.getIdpPossibleAttributes() != null) { + idpSsoDescriptor.getAttributes().addAll(config.getIdpPossibleAttributes()); + + } // set providable nameID formats for (final String format : config.getIdpPossibleNameIdTypes()) { -- cgit v1.2.3