From 0e60708e5915eb858d5931c45f807329bd365c11 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Sun, 9 Jan 2022 21:30:56 +0100 Subject: chore(SAML2): update implementation to remove usage of deprecated openSAML4.x API --- .../metadata/IPvpMetadataBuilderConfiguration.java | 8 ++++---- .../pvp2/impl/builder/PvpMetadataBuilder.java | 4 ++-- .../impl/verification/SamlVerificationEngine.java | 4 ++-- .../modules/pvp2/test/CredentialProviderTest.java | 22 +++++++++++----------- 4 files changed, 19 insertions(+), 19 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_core') diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java index 3d9125fe..6e718385 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java @@ -22,15 +22,15 @@ package at.gv.egiz.eaaf.modules.pvp2.api.metadata; import java.util.Collection; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; - import org.opensaml.saml.saml2.core.Attribute; import org.opensaml.saml.saml2.metadata.ContactPerson; import org.opensaml.saml.saml2.metadata.Organization; import org.opensaml.saml.saml2.metadata.RequestedAttribute; import org.opensaml.security.credential.Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; + /** * PVP Metadata builder configuration. * @@ -43,7 +43,7 @@ public interface IPvpMetadataBuilderConfiguration { * Defines a unique name for this PVP Service-provider, which is used for * logging. * - * @return + * @return Name of this SAML2 SP */ String getSpNameForLogging(); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java index 05a7360b..da3db0a8 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java @@ -237,7 +237,7 @@ public class PvpMetadataBuilder { } else { for (final String format : config.getSpAllowedNameIdTypes()) { final NameIDFormat nameIdFormat = Saml2Utils.createSamlObject(NameIDFormat.class); - nameIdFormat.setFormat(format); + nameIdFormat.setURI(format); spSsoDescriptor.getNameIDFormats().add(nameIdFormat); } @@ -424,7 +424,7 @@ public class PvpMetadataBuilder { // set providable nameID formats for (final String format : config.getIdpPossibleNameIdTypes()) { final NameIDFormat nameIdFormat = Saml2Utils.createSamlObject(NameIDFormat.class); - nameIdFormat.setFormat(format); + nameIdFormat.setURI(format); idpSsoDescriptor.getNameIDFormats().add(nameIdFormat); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java index 2257eba9..60800eb2 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java @@ -325,7 +325,7 @@ public class SamlVerificationEngine { } else { for (final AudienceRestriction el : audienceRest) { for (final Audience audience : el.getAudiences()) { - if (!urlCompare(spEntityId, audience.getAudienceURI())) { + if (!urlCompare(spEntityId, audience.getURI())) { log.info("Assertion with ID:{} 'AudienceRestriction' is not valid.", saml2assertion.getID()); isAssertionValid = false; @@ -520,7 +520,7 @@ public class SamlVerificationEngine { samlResp.getIssuer().getValue(), samlResp.getStatus().getStatusCode().getValue(), samlResp.getStatus().getStatusMessage() != null - ? samlResp.getStatus().getStatusMessage().getMessage() + ? samlResp.getStatus().getStatusMessage().getValue() : " no status message" }); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java index c784e392..b44d70e3 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java @@ -3,16 +3,6 @@ package at.gv.egiz.eaaf.modules.pvp2.test; import java.security.cert.X509Certificate; import java.util.List; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; - import org.apache.commons.lang3.RandomStringUtils; import org.apache.xml.security.algorithms.JCEMapper; import org.junit.Assert; @@ -26,13 +16,23 @@ import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; + @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_core_map_config.beans.xml", "/spring/SpringTest-context_lazy.xml", "/spring/eaaf_utils.beans.xml" - }) + }) public class CredentialProviderTest { private static final String HSM_FACASE_HOST = "eid.a-sit.at"; -- cgit v1.2.3