From d41afe91ee59daf6b5f5037cecac52900fe2ccb2 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 31 Jan 2020 20:41:54 +0100
Subject: a lot of more OpenSAML3 refactoring staff This version is also NOT
 stable!

---
 .../impl/utils/AbstractCredentialProvider.java     | 109 ++++++++++-----------
 1 file changed, 52 insertions(+), 57 deletions(-)

(limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java')

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index c0b015be..336741a0 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -29,18 +29,21 @@ import java.security.interfaces.RSAPrivateKey;
 
 import javax.annotation.PostConstruct;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
 import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
 import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
 
 import org.apache.commons.lang3.StringUtils;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.security.credential.Credential;
+import org.opensaml.security.credential.UsageType;
+import org.opensaml.xmlsec.signature.Signature;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -50,7 +53,10 @@ import org.springframework.core.io.ResourceLoader;
 
 public abstract class AbstractCredentialProvider {
 
-  @Autowired protected ResourceLoader resourceLoader;
+  @Autowired
+  protected ResourceLoader resourceLoader;
+  @Autowired
+  protected IConfiguration basicConfig;
 
   private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class);
 
@@ -127,24 +133,26 @@ public abstract class AbstractCredentialProvider {
    * @return Credentials
    * @throws CredentialsNotAvailableException In case of a credential error
    */
-  public X509Credential getIdpMetaDataSigningCredential() throws CredentialsNotAvailableException {
+  public EaafX509Credential getIdpMetaDataSigningCredential() throws CredentialsNotAvailableException {
     try {
       final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
-          getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
+          getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray(), getFriendlyName());
 
       credentials.setUsageType(UsageType.SIGNING);
-      if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-        log.error(getFriendlyName()
-            + " Metadata Signing credentials is not found or contains no PrivateKey.");
-        throw new CredentialsNotAvailableException("config.27",
-            new Object[] { getFriendlyName() + " Assertion Signing credentials (Alias: "
-                + getMetadataKeyAlias() + ") is not found or contains no PrivateKey." });
-
-      }
+      credentials.setSignatureAlgorithmForSigning(Saml2Utils.getSignatureAlgorithm(
+          credentials,
+          basicConfig.getBasicConfiguration(
+              PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
+              PvpConstants.DEFAULT_SIGNING_METHODE_RSA),
+          basicConfig.getBasicConfiguration(
+              PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
+              PvpConstants.DEFAULT_SIGNING_METHODE_EC)));
       return credentials;
-    } catch (final Exception e) {
-      log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials", e);
-      throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e);
+
+    } catch (final SamlSigningException e) {
+      throw new CredentialsNotAvailableException("internal.pvp.01",
+          new Object[] { getFriendlyName(), getMetadataKeyAlias() }, e);
+
     }
   }
 
@@ -154,25 +162,27 @@ public abstract class AbstractCredentialProvider {
    * @return Credentials
    * @throws CredentialsNotAvailableException In case of a credential error
    */
-  public X509Credential getIdpAssertionSigningCredential() throws CredentialsNotAvailableException {
+  public EaafX509Credential getIdpAssertionSigningCredential() throws CredentialsNotAvailableException {
     try {
       final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
-          getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
+          getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray(), getFriendlyName());
 
       credentials.setUsageType(UsageType.SIGNING);
-      if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-        log.error(getFriendlyName()
-            + " Assertion Signing credentials is not found or contains no PrivateKey.");
-        throw new CredentialsNotAvailableException("config.27",
-            new Object[] { getFriendlyName() + " Assertion Signing credentials (Alias: "
-                + getSignatureKeyAlias() + ") is not found or contains no PrivateKey." });
-
-      }
+      credentials.setSignatureAlgorithmForSigning(Saml2Utils.getSignatureAlgorithm(
+          credentials,
+          basicConfig.getBasicConfiguration(
+              PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
+              PvpConstants.DEFAULT_SIGNING_METHODE_RSA),
+          basicConfig.getBasicConfiguration(
+              PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
+              PvpConstants.DEFAULT_SIGNING_METHODE_EC)));
 
       return credentials;
+
     } catch (final Exception e) {
-      log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials", e);
-      throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e);
+      throw new CredentialsNotAvailableException("internal.pvp.01",
+          new Object[] { getFriendlyName(), getSignatureKeyAlias() }, e);
+
     }
   }
 
@@ -182,34 +192,18 @@ public abstract class AbstractCredentialProvider {
    * @return Credentials
    * @throws CredentialsNotAvailableException In case of a credential error
    */
-  public X509Credential getIdpAssertionEncryptionCredential()
+  public EaafX509Credential getIdpAssertionEncryptionCredential()
       throws CredentialsNotAvailableException {
-    try {
-      // if no encryption key is configured return null
-      if (StringUtils.isEmpty(getEncryptionKeyAlias())) {
-        return null;
-      }
-
-      final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
-          getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
-
-      credentials.setUsageType(UsageType.ENCRYPTION);
-
-      if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-        log.error(getFriendlyName()
-            + " Assertion Encryption credentials is not found or contains no PrivateKey.");
-        throw new CredentialsNotAvailableException("config.27",
-            new Object[] { getFriendlyName() + " Assertion Encryption credentials (Alias: "
-                + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey." });
-
-      }
+    // if no encryption key is configured return null
+    if (StringUtils.isEmpty(getEncryptionKeyAlias())) {
+      return null;
+    }
 
-      return credentials;
+    final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
+        getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray(), getFriendlyName());
+    credentials.setUsageType(UsageType.ENCRYPTION);
+    return credentials;
 
-    } catch (final Exception e) {
-      log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials", e);
-      throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e);
-    }
   }
 
   /**
@@ -218,6 +212,7 @@ public abstract class AbstractCredentialProvider {
    * @param credentials Credentials for signing
    * @return OpenSAML Signature object
    */
+  @Deprecated
   public static Signature getIdpSignature(final Credential credentials) {
     final PrivateKey privatekey = credentials.getPrivateKey();
     final Signature signer = Saml2Utils.createSamlObject(Signature.class);
@@ -250,7 +245,7 @@ public abstract class AbstractCredentialProvider {
 
       if (keyStore == null) {
         throw new EaafConfigurationException("module.00",
-            new Object[] {getFriendlyName(), "KeyStore initialization failed. Maybe wrong password"});
+            new Object[] { getFriendlyName(), "KeyStore initialization failed. Maybe wrong password" });
 
       }
 
-- 
cgit v1.2.3