From e7610325ee2f1d1f4e97e1e7a9b212e692836b5a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 4 Feb 2020 17:37:34 +0100
Subject: first stable version that uses OpenSAML 3.x

---
 .../eaaf/modules/pvp2/impl/utils/Saml2Utils.java   | 80 ++++++++++++----------
 1 file changed, 44 insertions(+), 36 deletions(-)

(limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java')

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
index 763c07f6..dc7e9338 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
@@ -37,6 +37,14 @@ import javax.xml.transform.dom.DOMSource;
 import javax.xml.validation.Schema;
 import javax.xml.validation.Validator;
 
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.opensaml.core.xml.XMLObject;
@@ -82,13 +90,6 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
 import net.shibboleth.utilities.java.support.xml.QNameSupport;
 import net.shibboleth.utilities.java.support.xml.SerializeSupport;
 
@@ -114,13 +115,14 @@ public class Saml2Utils {
   }
 
   /**
-   * Sign a OpenSAML 3.x object with a {@link X509Credential}.
-   * <br>
-   * <p>This method used {@link PvpConstants.DEFAULT_SIGNING_METHODE_RSA}
-   * or {@link PvpConstants.DEFAULT_SIGNING_METHODE_EC} as algorithm</p>
+   * Sign a OpenSAML 3.x object with a {@link X509Credential}. <br>
+   * <p>
+   * This method used {@link PvpConstants.DEFAULT_SIGNING_METHODE_RSA} or
+   * {@link PvpConstants.DEFAULT_SIGNING_METHODE_EC} as algorithm
+   * </p>
    *
-   * @param <T> {@link SignableXMLObject}
-   * @param toSign object that should be signed
+   * @param <T>               {@link SignableXMLObject}
+   * @param toSign            object that should be signed
    * @param signingCredential Credentials that should be used for signing
    * @param injectCertificate true, if certificate should be part of the signature
    * @return Signed object
@@ -157,18 +159,20 @@ public class Saml2Utils {
 
     } catch (final SignatureException | MarshallingException | SecurityException e) {
       throw new SamlSigningException("internal.pvp.96",
-          new Object[] {signingCredential.getEntityId(), e.getMessage()}, e);
+          new Object[] { signingCredential.getEntityId(), e.getMessage() }, e);
 
     }
 
   }
 
   /**
-   * SAML2 message unmarshaller that performs schema validation before unmarshall the message.
-   * 
+   * SAML2 message unmarshaller that performs schema validation before unmarshall
+   * the message.
+   *
    * @param messageStream SAML2 message that shoulld be unmarshalled
    * @return OpenSAML XML object
-   * @throws MessageDecodingException In case of a schema-validation or unmarshalling error
+   * @throws MessageDecodingException In case of a schema-validation or
+   *                                  unmarshalling error
    */
   public static XMLObject unmarshallMessage(final InputStream messageStream) throws MessageDecodingException {
     try {
@@ -201,22 +205,24 @@ public class Saml2Utils {
 
     } catch (ParserConfigurationException | SAXException e) {
       log.warn("Message schema-validation failed.");
-      throw new MessageDecodingException("Message schema-validation failed.", 
+      throw new MessageDecodingException("Message schema-validation failed.",
           new SchemaValidationException("internal.pvp.03", new Object[] { e.getMessage() }, e));
 
     } catch (final IOException e) {
       log.error("Error read message from input stream", e);
       throw new MessageDecodingException("Error read message from input stream", e);
-      
+
     }
   }
-  
+
   /**
    * Select signature algorithm for a given credential.
    *
-   * @param credentials {@link X509Credential} that will be used for signing
-   * @param rsaSigAlgorithm RSA based signing algorithm that should be used in case of RSA credential
-   * @param ecSigAlgorithm EC based signing algorithm that should be used in case of RSA credential
+   * @param credentials     {@link X509Credential} that will be used for signing
+   * @param rsaSigAlgorithm RSA based signing algorithm that should be used in
+   *                        case of RSA credential
+   * @param ecSigAlgorithm  EC based signing algorithm that should be used in case
+   *                        of RSA credential
    * @return either the rsaSigAlgorithm or the ecSigAlgorithm
    * @throws SamlSigningException In case of an unsupported credential
    */
@@ -233,7 +239,7 @@ public class Saml2Utils {
       log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId()
           + " credential.");
       throw new SamlSigningException("internal.pvp.97",
-          new Object[] {credentials.getEntityId(), privatekey.getClass().getName()});
+          new Object[] { credentials.getEntityId(), privatekey.getClass().getName() });
 
     }
   }
@@ -263,14 +269,16 @@ public class Saml2Utils {
   }
 
   /**
-   * Get a {@link KeyInfoGenerator} that injects key information into XML signature.
+   * Get a {@link KeyInfoGenerator} that injects key information into XML
+   * signature.
    *
-   * @param credential @link X509Credential} that will be used for signing
-   * @param injectCertificate Set <code>true</code> if the certificate should be added to KeyInfo
+   * @param credential        @link X509Credential} that will be used for signing
+   * @param injectCertificate Set <code>true</code> if the certificate should be
+   *                          added to KeyInfo
    * @return Generator for a XML signature key-information
    */
   public static KeyInfoGenerator getKeyInfoGenerator(X509Credential credential, boolean injectCertificate) {
-    //OpenSAML3 only support RSA and DSA for direct key injection
+    // OpenSAML3 only support RSA and DSA for direct key injection
     KeyInfoGeneratorFactory keyInfoGenFac = null;
     if (injectCertificate || credential.getPublicKey() instanceof ECPublicKey) {
       final SignatureSigningConfiguration secConfiguration = SecurityConfigurationSupport
@@ -280,7 +288,7 @@ public class Saml2Utils {
       keyInfoGenFac = keyInfoGenManager.getFactory(credential);
 
     } else {
-      keyInfoGenFac = createKeyInfoWithoutCertificate(credential);
+      keyInfoGenFac = createKeyInfoWithoutCertificate();
 
     }
 
@@ -288,7 +296,6 @@ public class Saml2Utils {
 
   }
 
-
   /**
    * Create a SAML2 object.
    *
@@ -462,19 +469,20 @@ public class Saml2Utils {
         .buildObject(Signature.DEFAULT_ELEMENT_NAME);
     signature.setSigningCredential(signingCredential);
     signature.setSignatureAlgorithm(usedSigAlg);
-    final KeyInfo keyInfo = getKeyInfoGenerator(signingCredential, injectCertificate).generate(signingCredential);
+    final KeyInfo keyInfo = getKeyInfoGenerator(signingCredential, injectCertificate).generate(
+        signingCredential);
     signature.setKeyInfo(keyInfo);
     signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
     return signature;
 
   }
 
-  private static KeyInfoGeneratorFactory createKeyInfoWithoutCertificate(X509Credential credential) {
+  private static KeyInfoGeneratorFactory createKeyInfoWithoutCertificate() {
     final KeyInfoGeneratorFactory keyInfoGenFac = new BasicKeyInfoGeneratorFactory();
-    ((BasicKeyInfoGeneratorFactory)keyInfoGenFac).setEmitPublicKeyValue(true);
-    ((BasicKeyInfoGeneratorFactory)keyInfoGenFac).setEmitEntityIDAsKeyName(true);
-    ((BasicKeyInfoGeneratorFactory)keyInfoGenFac).setEmitKeyNames(true);
-    ((BasicKeyInfoGeneratorFactory)keyInfoGenFac).setEmitPublicDEREncodedKeyValue(true);
+    ((BasicKeyInfoGeneratorFactory) keyInfoGenFac).setEmitPublicKeyValue(true);
+    ((BasicKeyInfoGeneratorFactory) keyInfoGenFac).setEmitEntityIDAsKeyName(true);
+    ((BasicKeyInfoGeneratorFactory) keyInfoGenFac).setEmitKeyNames(true);
+    ((BasicKeyInfoGeneratorFactory) keyInfoGenFac).setEmitPublicDEREncodedKeyValue(true);
     return keyInfoGenFac;
   }
 
-- 
cgit v1.2.3