From 3fada6cef21c9b16467177d866df778203b51b4d Mon Sep 17 00:00:00 2001 From: Thomas Date: Thu, 5 Dec 2019 09:52:48 +0100 Subject: some code code-style modifications active code-quality checks! --- .../Pvp2SProfileCoreSpringResourceProvider.java | 4 +- .../at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java | 25 ++++--- .../modules/pvp2/api/IPvo2BasicConfiguration.java | 4 +- .../eaaf/modules/pvp2/api/binding/IDecoder.java | 5 +- .../eaaf/modules/pvp2/api/binding/IEncoder.java | 42 ++++++----- .../metadata/IPvpMetadataBuilderConfiguration.java | 23 +++--- .../metadata/IPvpMetadataConfigurationFactory.java | 1 - .../pvp2/api/metadata/IPvpMetadataProvider.java | 2 +- .../pvp2/api/reqattr/EaafRequestedAttribute.java | 8 +- .../pvp2/api/reqattr/EaafRequestedAttributes.java | 2 +- .../api/validation/IAuthnRequestValidator.java | 6 +- .../pvp2/api/validation/ISamlValidator.java | 2 +- .../pvp2/exception/AttributQueryException.java | 1 - .../exception/BindingNotSupportedException.java | 7 +- .../CredentialsNotAvailableException.java | 3 - .../pvp2/exception/InvalidDateFormatException.java | 2 - .../NameIdFormatNotSupportedException.java | 8 +- .../exception/NoMetadataInformationException.java | 3 - .../eaaf/modules/pvp2/exception/Pvp2Exception.java | 9 +-- .../pvp2/exception/Pvp2MetadataException.java | 2 +- .../pvp2/exception/QaaNotAllowedException.java | 3 +- .../pvp2/exception/QaaNotSupportedException.java | 6 +- .../exception/SamlMetadataSignatureException.java | 3 - .../pvp2/exception/SchemaValidationException.java | 1 - .../exception/SignatureValidationException.java | 2 - .../modules/pvp2/impl/binding/PostBinding.java | 37 ++++----- .../modules/pvp2/impl/binding/RedirectBinding.java | 27 +++---- .../modules/pvp2/impl/binding/SoapBinding.java | 21 +++--- .../pvp2/impl/builder/CitizenTokenBuilder.java | 7 +- .../pvp2/impl/builder/PvpAttributeBuilder.java | 46 ++++++------ .../pvp2/impl/builder/PvpMetadataBuilder.java | 40 +++++----- .../pvp2/impl/builder/SamlAttributeGenerator.java | 5 +- .../reqattr/EaafRequestExtensionBuilder.java | 5 +- .../reqattr/EaafRequestedAttributeBuilder.java | 3 +- .../reqattr/EaafRequestedAttributeMarshaller.java | 5 +- .../EaafRequestedAttributeUnmarshaller.java | 2 +- .../reqattr/EaafRequestedAttributesBuilder.java | 2 +- .../reqattr/EaafRequestedAttributesMarshaller.java | 2 +- .../EaafRequestedAttributesUnmarshaller.java | 5 +- .../modules/pvp2/impl/message/InboundMessage.java | 61 ++++++++------- .../pvp2/impl/message/PvpSProfileRequest.java | 3 +- .../metadata/AbstractChainingMetadataProvider.java | 87 +++++++++++----------- .../pvp2/impl/metadata/MetadataFilterChain.java | 8 +- .../pvp2/impl/metadata/SimpleMetadataProvider.java | 52 ++++++------- .../EaafKeyStoreX509CredentialAdapter.java | 7 +- .../opensaml/HttpPostEncoderWithOwnTemplate.java | 19 +++-- .../opensaml/StringRedirectDeflateEncoder.java | 4 +- .../initialize/EaafDefaultSaml2Bootstrap.java | 5 +- .../EaafDefaultSecurityConfigurationBootstrap.java | 2 - .../impl/reqattr/EaafRequestedAttributeImpl.java | 18 ++--- .../impl/reqattr/EaafRequestedAttributesImpl.java | 6 +- .../impl/utils/AbstractCredentialProvider.java | 33 ++++---- .../modules/pvp2/impl/utils/QaaLevelVerifier.java | 33 ++++---- .../eaaf/modules/pvp2/impl/utils/Saml2Utils.java | 22 +++--- .../pvp2/impl/validation/EaafUriCompare.java | 1 - .../pvp2/impl/validation/TrustEngineFactory.java | 1 + .../metadata/AbstractMetadataSignatureFilter.java | 28 ++++--- .../metadata/PvpEntityCategoryFilter.java | 32 ++++---- .../metadata/SchemaValidationFilter.java | 11 ++- .../AbstractRequestSignedSecurityPolicyRule.java | 15 ++-- .../verification/PvpAuthRequestSignedRole.java | 1 + .../verification/PvpSignedRequestPolicyRule.java | 16 ++-- .../impl/verification/SamlVerificationEngine.java | 39 +++++----- 63 files changed, 439 insertions(+), 446 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_core') diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java index c0482c9d..2779ee1d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/Pvp2SProfileCoreSpringResourceProvider.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. @@ -42,7 +42,7 @@ public class Pvp2SProfileCoreSpringResourceProvider implements SpringResourcePro final ClassPathResource sl20AuthConfig = new ClassPathResource("/eaaf_pvp.beans.xml", Pvp2SProfileCoreSpringResourceProvider.class); - return new Resource[] {sl20AuthConfig}; + return new Resource[] { sl20AuthConfig }; } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java index 8bd2f024..b271b46d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/PvpConstants.java @@ -22,13 +22,16 @@ package at.gv.egiz.eaaf.modules.pvp2; import java.util.ArrayList; import java.util.Collections; import java.util.List; + import javax.xml.namespace.QName; -import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; -import at.gv.egiz.eaaf.core.impl.data.Trible; + import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.signature.SignatureConstants; -public interface PvpConstants extends PVPAttributeDefinitions { +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.impl.data.Trible; + +public interface PvpConstants extends PvpAttributeDefinitions { String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; @@ -53,13 +56,14 @@ public interface PvpConstants extends PVPAttributeDefinitions { String SINGLELOGOUT = "SingleLogOut"; /** - * Get required PVP attributes for egovtoken First : PVP attribute name (OID) Second: FriendlyName - * Third: Required. + * Get required PVP attributes for egovtoken First : PVP attribute name (OID) + * Second: FriendlyName Third: Required. * */ List> EGOVTOKEN_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList>() { private static final long serialVersionUID = 1L; + { // currently supported attributes add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); @@ -73,18 +77,18 @@ public interface PvpConstants extends PVPAttributeDefinitions { add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false)); add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false)); - } }); /** - * Get required PVP attributes for citizenToken First : PVP attribute name (OID) Second: - * FriendlyName Third: Required. + * Get required PVP attributes for citizenToken First : PVP attribute name (OID) + * Second: FriendlyName Third: Required. * */ List> CITIZENTOKEN_PVP_ATTRIBUTES = Collections.unmodifiableList(new ArrayList>() { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = -5947165770657082581L; + { // required attributes - eIDAS minimal-data set add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); @@ -93,7 +97,6 @@ public interface PvpConstants extends PVPAttributeDefinitions { add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true)); add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true)); - // not required attributes add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false)); @@ -123,8 +126,6 @@ public interface PvpConstants extends PVPAttributeDefinitions { add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); - - } }); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java index 39c0baff..ec806f07 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/IPvo2BasicConfiguration.java @@ -20,10 +20,12 @@ package at.gv.egiz.eaaf.modules.pvp2.api; import java.util.List; -import at.gv.egiz.eaaf.core.exceptions.EaafException; + import org.opensaml.saml2.metadata.ContactPerson; import org.opensaml.saml2.metadata.Organization; +import at.gv.egiz.eaaf.core.exceptions.EaafException; + public interface IPvo2BasicConfiguration { String getIdpEntityId(String authUrl) throws EaafException; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java index 677028a5..89e6a384 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IDecoder.java @@ -21,13 +21,14 @@ package at.gv.egiz.eaaf.modules.pvp2.api.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; + import org.opensaml.common.binding.decoding.URIComparator; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.xml.security.SecurityException; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; public interface IDecoder { InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java index 9d8b0105..fcab5fd8 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/binding/IEncoder.java @@ -21,30 +21,32 @@ package at.gv.egiz.eaaf.modules.pvp2.api.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; + import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; + public interface IEncoder { /** * SAML2 Request encoder. * - * @param req The http request - * @param resp The http response - * @param request The SAML2 request object + * @param req The http request + * @param resp The http response + * @param request The SAML2 request object * @param targetLocation URL, where the request should be transmit - * @param relayState token for session handling - * @param credentials Credential to sign the request object - * @param pendingReq Internal MOA-ID request object that contains session-state informations but - * never null + * @param relayState token for session handling + * @param credentials Credential to sign the request object + * @param pendingReq Internal MOA-ID request object that contains + * session-state informations but never null * @throws MessageEncodingException In case of an error - * @throws SecurityException In case of an error - * @throws Pvp2Exception In case of an error + * @throws SecurityException In case of an error + * @throws Pvp2Exception In case of an error */ void encodeRequest(HttpServletRequest req, HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, @@ -53,16 +55,16 @@ public interface IEncoder { /** * Encoder SAML Response. * - * @param req The http request - * @param resp The http response - * @param response The SAML2 repsonse object + * @param req The http request + * @param resp The http response + * @param response The SAML2 repsonse object * @param targetLocation URL, where the request should be transmit - * @param relayState token for session handling - * @param credentials Credential to sign the response object - * @param pendingReq Internal MOA-ID request object that contains session-state informations but - * never null - * @throws MessageEncodingException In case of an error - * @throws SecurityException In case of an error + * @param relayState token for session handling + * @param credentials Credential to sign the response object + * @param pendingReq Internal MOA-ID request object that contains + * session-state informations but never null + * @throws MessageEncodingException In case of an error + * @throws SecurityException In case of an error */ void encodeRespone(HttpServletRequest req, HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java index f06a1684..ab39fefb 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java @@ -21,13 +21,15 @@ package at.gv.egiz.eaaf.modules.pvp2.api.metadata; import java.util.Collection; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; + import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.ContactPerson; import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; + /** * PVP Metadata builder configuration. * @@ -36,9 +38,9 @@ import org.opensaml.xml.security.credential.Credential; */ public interface IPvpMetadataBuilderConfiguration { - /** - * Defines a unique name for this PVP Service-provider, which is used for logging. + * Defines a unique name for this PVP Service-provider, which is used for + * logging. * * @return */ @@ -73,8 +75,8 @@ public interface IPvpMetadataBuilderConfiguration { boolean buildSpSsoDescriptor(); /** - * Set the PVP entityID for this SAML2 metadata. The entityID must be an URL and must be start - * with the public-URL prefix of the server. + * Set the PVP entityID for this SAML2 metadata. The entityID must be an URL and + * must be start with the public-URL prefix of the server. * * @return PVP entityID postfix as String */ @@ -101,7 +103,6 @@ public interface IPvpMetadataBuilderConfiguration { */ Organization getOrgansiationInformation(); - /** * Set the credential for metadata signing. * @@ -111,11 +112,12 @@ public interface IPvpMetadataBuilderConfiguration { Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException; /** - * Set the credential for request/response signing IDP metadata: this credential is used for SAML2 - * response signing SP metadata: this credential is used for SAML2 response signing. + * Set the credential for request/response signing IDP metadata: this credential + * is used for SAML2 response signing SP metadata: this credential is used for + * SAML2 response signing. * * @return Credentials - * @throws CredentialsNotAvailableException In case of an error + * @throws CredentialsNotAvailableException In case of an error */ Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException; @@ -124,7 +126,7 @@ public interface IPvpMetadataBuilderConfiguration { * Set the credential for response encryption. * * @return Credentials - * @throws CredentialsNotAvailableException In case of an error + * @throws CredentialsNotAvailableException In case of an error */ Credential getEncryptionCredentials() throws CredentialsNotAvailableException; @@ -191,7 +193,6 @@ public interface IPvpMetadataBuilderConfiguration { */ String getSpSloSoapBindingUrl(); - /** * Set all SAML2 attributes which could be provided by this IDP. * diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java index 4207d860..0cf7e293 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataConfigurationFactory.java @@ -23,7 +23,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; public interface IPvpMetadataConfigurationFactory { - IPvpMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authUrl, AbstractCredentialProvider pvpIdpCredentials); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java index bc90ff3f..25b2d250 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataProvider.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java index f44a545d..fe908869 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttribute.java @@ -20,13 +20,16 @@ package at.gv.egiz.eaaf.modules.pvp2.api.reqattr; import java.util.List; + import javax.xml.namespace.QName; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; + import org.opensaml.common.SAMLObject; import org.opensaml.xml.AttributeExtensibleXMLObject; import org.opensaml.xml.XMLObject; import org.opensaml.xml.schema.XSBooleanValue; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; + public interface EaafRequestedAttribute extends SAMLObject, AttributeExtensibleXMLObject, org.opensaml.saml2.metadata.RequestedAttribute { @@ -36,7 +39,6 @@ public interface EaafRequestedAttribute extends SAMLObject, AttributeExtensibleX /** Local name of the XSI type. */ String TYPE_LOCAL_NAME = "RequestedAttributeAbstractType"; - /** Default element name. */ QName DEFAULT_ELEMENT_NAME = new QName(PvpConstants.EIDAT10_SAML_NS, DEF_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX); @@ -45,8 +47,6 @@ public interface EaafRequestedAttribute extends SAMLObject, AttributeExtensibleX QName TYPE_NAME = new QName(PvpConstants.EIDAT10_SAML_NS, TYPE_LOCAL_NAME, PvpConstants.EIDAT10_PREFIX); - - /** NAME_ATTRIB_NAME attribute name. */ String NAME_ATTRIB_NAME = "Name"; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java index 98f118b0..4c168b31 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/reqattr/EaafRequestedAttributes.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java index 41dcd3b9..90195f1d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/IAuthnRequestValidator.java @@ -20,11 +20,13 @@ package at.gv.egiz.eaaf.modules.pvp2.api.validation; import javax.servlet.http.HttpServletRequest; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; + import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.metadata.SPSSODescriptor; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; + public interface IAuthnRequestValidator { void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java index 3cbe59da..3454e890 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/validation/ISamlValidator.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java index 82fb2c79..78529e23 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/AttributQueryException.java @@ -21,7 +21,6 @@ package at.gv.egiz.eaaf.modules.pvp2.exception; public class AttributQueryException extends Pvp2Exception { - private static final long serialVersionUID = -4302422507173728748L; public AttributQueryException(final String messageId, final Object[] parameters) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java index 97971d3a..2273d343 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/BindingNotSupportedException.java @@ -26,13 +26,8 @@ public class BindingNotSupportedException extends Pvp2Exception { private static final long serialVersionUID = -7227603941387879360L; public BindingNotSupportedException(final String binding) { - super("pvp2.11", new Object[] {binding}); + super("pvp2.11", new Object[] { binding }); this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI; } - - - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java index ae64e134..ede00366 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/CredentialsNotAvailableException.java @@ -34,7 +34,4 @@ public class CredentialsNotAvailableException extends EaafException { super(messageId, parameters, e); } - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java index 8ca373c4..538279b5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/InvalidDateFormatException.java @@ -30,6 +30,4 @@ public class InvalidDateFormatException extends Pvp2Exception { this.statusCodeValue = StatusCode.REQUESTER_URI; } - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java index b43db603..a5b5ed33 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NameIdFormatNotSupportedException.java @@ -19,9 +19,10 @@ package at.gv.egiz.eaaf.modules.pvp2.exception; -import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; import org.opensaml.saml2.core.StatusCode; +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; + public class NameIdFormatNotSupportedException extends AuthnRequestValidatorException { private static final long serialVersionUID = -2270762519437873336L; @@ -32,12 +33,9 @@ public class NameIdFormatNotSupportedException extends AuthnRequestValidatorExce * @param nameIdFormat requested NameIdFormat */ public NameIdFormatNotSupportedException(final String nameIdFormat) { - super("pvp2.12", new Object[] {nameIdFormat}); + super("pvp2.12", new Object[] { nameIdFormat }); statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI; } - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java index f22d2d17..002a946c 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/NoMetadataInformationException.java @@ -30,7 +30,4 @@ public class NoMetadataInformationException extends Pvp2Exception { this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI; } - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java index 0ea909e2..dcbda8b5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2Exception.java @@ -19,9 +19,10 @@ package at.gv.egiz.eaaf.modules.pvp2.exception; -import at.gv.egiz.eaaf.core.exceptions.EaafException; import org.opensaml.saml2.core.StatusCode; +import at.gv.egiz.eaaf.core.exceptions.EaafException; + public abstract class Pvp2Exception extends EaafException { private static final long serialVersionUID = 7669537952484421069L; @@ -38,7 +39,6 @@ public abstract class Pvp2Exception extends EaafException { this.statusMessageValue = this.getMessage(); } - public String getStatusCodeValue() { return this.statusCodeValue; } @@ -47,9 +47,4 @@ public abstract class Pvp2Exception extends EaafException { return this.statusMessageValue; } - - - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java index ab0e8871..5ed7c99d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/Pvp2MetadataException.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java index 9edba3f2..9620a5ea 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotAllowedException.java @@ -21,13 +21,12 @@ package at.gv.egiz.eaaf.modules.pvp2.exception; import org.opensaml.saml2.core.StatusCode; - public class QaaNotAllowedException extends Pvp2Exception { private static final long serialVersionUID = -3964192953884089323L; public QaaNotAllowedException(final String qaaAuth, final String qaaRequest, final String mode) { - super("pvp2.17", new Object[] {qaaAuth, qaaRequest, mode}); + super("pvp2.17", new Object[] { qaaAuth, qaaRequest, mode }); this.statusCodeValue = StatusCode.REQUESTER_URI; } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java index dc48508d..8824ca63 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/QaaNotSupportedException.java @@ -21,17 +21,13 @@ package at.gv.egiz.eaaf.modules.pvp2.exception; import org.opensaml.saml2.core.StatusCode; - public class QaaNotSupportedException extends Pvp2Exception { private static final long serialVersionUID = -3964192953884089323L; public QaaNotSupportedException(final String qaa) { - super("pvp2.05", new Object[] {qaa}); + super("pvp2.05", new Object[] { qaa }); this.statusCodeValue = StatusCode.REQUESTER_URI; } - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java index ede310f0..e27c5b1d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SamlMetadataSignatureException.java @@ -34,7 +34,4 @@ public class SamlMetadataSignatureException extends Pvp2Exception { this.statusCodeValue = StatusCode.REQUESTER_URI; } - - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java index 39cf148b..14ad34a5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SchemaValidationException.java @@ -23,7 +23,6 @@ public class SchemaValidationException extends Pvp2Exception { private static final long serialVersionUID = 1L; - public SchemaValidationException(final String messageId, final Object[] parameters) { super(messageId, parameters); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java index 410686f6..0abfa5b2 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/exception/SignatureValidationException.java @@ -38,6 +38,4 @@ public class SignatureValidationException extends FilterException { super(string, e); } - - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java index 2734c859..4e642a8a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java @@ -21,23 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HttpPostEncoderWithOwnTemplate; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSignedRequestPolicyRule; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -66,6 +50,24 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HttpPostEncoderWithOwnTemplate; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSignedRequestPolicyRule; + @Service("PVPPOSTBinding") public class PostBinding implements IDecoder, IEncoder { private static final Logger log = LoggerFactory.getLogger(PostBinding.class); @@ -220,7 +222,6 @@ public class PostBinding implements IDecoder, IEncoder { } } - msg.setVerified(true); msg.setRelayState(messageContext.getRelayState()); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java index 7b8525ce..eca1a072 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java @@ -21,18 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpAuthRequestSignedRole; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -62,6 +51,19 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpAuthRequestSignedRole; + @Service("PVPRedirectBinding") public class RedirectBinding implements IDecoder, IEncoder { @@ -203,7 +205,6 @@ public class RedirectBinding implements IDecoder, IEncoder { (RequestAbstractType) messageContext.getInboundMessage(); msg = new PvpSProfileRequest(inboundMessage, getSaml2BindingName()); - } else if (messageContext.getInboundMessage() instanceof StatusResponseType) { final StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage(); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java index 2e19f259..f56078e5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java @@ -20,17 +20,10 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.binding; import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -56,6 +49,16 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; + @Service("PVPSOAPBinding") public class SoapBinding implements IDecoder, IEncoder { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java index 9765f520..8c7fa2fc 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java @@ -19,7 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeValue; import org.opensaml.xml.Configuration; @@ -29,6 +28,8 @@ import org.opensaml.xml.schema.XSString; import org.opensaml.xml.schema.impl.XSIntegerBuilder; import org.opensaml.xml.schema.impl.XSStringBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + /** * Build all attributes from PVP2 citizen-token. * @@ -71,7 +72,7 @@ public class CitizenTokenBuilder { * Build simple attribute. * * @param friendlyName attribute friendly-name - * @param value Attributevalue + * @param value Attributevalue * @return XML attribute */ public static Attribute buildStringAttribute(final String friendlyName, final String name, @@ -87,7 +88,7 @@ public class CitizenTokenBuilder { * Build simple attribute. * * @param friendlyName attribute friendly-name - * @param value Attributevalue + * @param value Attributevalue * @return XML attribute */ public static Attribute buildIntegerAttribute(final String friendlyName, final String name, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java index 73ba73c7..39d2a493 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java @@ -25,10 +25,16 @@ import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.ServiceLoader; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; @@ -36,10 +42,6 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidDateFormatException; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; public class PvpAttributeBuilder { @@ -78,7 +80,6 @@ public class PvpAttributeBuilder { } - /** * Get a specific attribute builder. * @@ -94,7 +95,7 @@ public class PvpAttributeBuilder { /** * Build an SAML2 attribute. * - * @param name attribute name + * @param name attribute name * @param value attribute value * @return SAML2 attribute */ @@ -110,14 +111,14 @@ public class PvpAttributeBuilder { /** * Build a SAML2 attribute. * - * @param name attribute name - * @param oaParam Service-Provider configuration + * @param name attribute name + * @param oaParam Service-Provider configuration * @param authData serice-provider specific authentication data * @return SAML2 attribute - * @throws Pvp2Exception In case of a general error + * @throws Pvp2Exception In case of a general error * @throws AttributeBuilderException In case of an attribute builder error */ - public static Attribute buildAttribute(final String name, final IspConfiguration oaParam, + public static Attribute buildAttribute(final String name, final ISpConfiguration oaParam, final IAuthData authData) throws Pvp2Exception, AttributeBuilderException { if (builders.containsKey(name)) { try { @@ -151,10 +152,6 @@ public class PvpAttributeBuilder { return null; } - - - - /** * Return all attributes that has a {@link PvpMetadata} annotation. * @@ -182,9 +179,9 @@ public class PvpAttributeBuilder { /** * Build a requested attribute. * - * @param name attribute name + * @param name attribute name * @param friendlyName attribute friendlyname - * @param required is attribute mandatory + * @param required is attribute mandatory * @return SAML2 requested attribute */ public static RequestedAttribute buildReqAttribute(final String name, final String friendlyName, @@ -200,13 +197,15 @@ public class PvpAttributeBuilder { /** * Build a set of PVP Response-Attributes
*
- * INFO: If a specific attribute can not be build, a info is logged, but no execpetion is - * thrown. Therefore, the return List must not include all requested attributes. + * INFO: If a specific attribute can not be build, a info is logged, but + * no execpetion is thrown. Therefore, the return List must not include all + * requested attributes. * - * @param authData AuthenticationData IAuthData which is used to build the attribute - * values, but never null - * @param reqAttributenName List of PVP attribute names which are requested, but never - * null + * @param authData AuthenticationData IAuthData which is + * used to build the attribute values, but never + * null + * @param reqAttributenName List of PVP attribute names which are requested, but + * never null * @return List of PVP attributes, but never null */ public static List buildSetOfResponseAttributes(final IAuthData authData, @@ -240,5 +239,4 @@ public class PvpAttributeBuilder { return attrList; } - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java index 1efa8745..b543a5dc 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java @@ -23,6 +23,7 @@ import java.io.IOException; import java.io.StringWriter; import java.util.Collection; import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -32,11 +33,7 @@ import javax.xml.transform.TransformerFactory; import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + import org.apache.commons.httpclient.auth.CredentialsNotAvailableException; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; @@ -73,6 +70,12 @@ import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; import org.w3c.dom.Document; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + /** * PVP metadata builder implementation. * @@ -98,21 +101,20 @@ public class PvpMetadataBuilder { } - /** * Build PVP 2.1 conform SAML2 metadata. * * @param config PVPMetadataBuilder configuration* * @return PVP metadata as XML String - * @throws SecurityException In case of an error - * @throws ConfigurationException In case of an error - * @throws CredentialsNotAvailableException In case of an error + * @throws SecurityException In case of an error + * @throws ConfigurationException In case of an error + * @throws CredentialsNotAvailableException In case of an error * @throws TransformerFactoryConfigurationError In case of an error - * @throws MarshallingException In case of an error - * @throws TransformerException In case of an error - * @throws ParserConfigurationException In case of an error - * @throws IOException In case of an error - * @throws SignatureException In case of an error + * @throws MarshallingException In case of an error + * @throws TransformerException In case of an error + * @throws ParserConfigurationException In case of an error + * @throws IOException In case of an error + * @throws SignatureException In case of an error */ public String buildPvpMetadata(final IPvpMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, EaafException, SecurityException, @@ -165,7 +167,6 @@ public class PvpMetadataBuilder { builder = factory.newDocumentBuilder(); final Document document = builder.newDocument(); - // build entities descriptor if (config.buildEntitiesDescriptorAsRootElement()) { final EntitiesDescriptor entitiesDescriptor = @@ -179,7 +180,6 @@ public class PvpMetadataBuilder { EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration(); entitiesDescriptor.setSignature(signature); - // marshall document final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(entitiesDescriptor); @@ -191,8 +191,6 @@ public class PvpMetadataBuilder { entityDescriptor.setSignature(signature); - - // marshall document final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(entityDescriptor); @@ -215,7 +213,6 @@ public class PvpMetadataBuilder { return sw.toString(); } - private RoleDescriptor generateSpMetadata(final IPvpMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, EaafException { final SPSSODescriptor spSsoDescriptor = Saml2Utils.createSamlObject(SPSSODescriptor.class); @@ -268,7 +265,6 @@ public class PvpMetadataBuilder { } } - // add POST-Binding assertion consumer services if (StringUtils.isNotEmpty(config.getSpAssertionConsumerServicePostBindingUrl())) { final AssertionConsumerService postassertionConsumerService = @@ -332,7 +328,6 @@ public class PvpMetadataBuilder { } - // add required attributes final Collection reqSpAttr = config.getSpRequiredAttributes(); final AttributeConsumingService attributeService = @@ -382,7 +377,8 @@ public class PvpMetadataBuilder { idpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - // set ass default value, because PVP 2.x specification defines this feature as MUST + // set ass default value, because PVP 2.x specification defines this feature as + // MUST idpSsoDescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned()); // add WebSSO descriptor for POST-Binding diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java index 559a3959..d697f3d4 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/SamlAttributeGenerator.java @@ -19,8 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder; -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeValue; import org.opensaml.xml.Configuration; @@ -30,6 +28,9 @@ import org.opensaml.xml.schema.XSString; import org.opensaml.xml.schema.impl.XSIntegerBuilder; import org.opensaml.xml.schema.impl.XSStringBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + public class SamlAttributeGenerator implements IAttributeGenerator { private XMLObject buildAttributeStringValue(final String value) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java index d8ea35a0..25cbc6ef 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestExtensionBuilder.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. @@ -33,7 +33,8 @@ public class EaafRequestExtensionBuilder extends AbstractSAMLObjectBuilder { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java index a370818e..749310f2 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeMarshaller.java @@ -20,8 +20,9 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr; import java.util.Map.Entry; + import javax.xml.namespace.QName; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + import org.opensaml.common.impl.AbstractSAMLObjectMarshaller; import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.MarshallingException; @@ -29,6 +30,8 @@ import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Attr; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + public class EaafRequestedAttributeMarshaller extends AbstractSAMLObjectMarshaller { @Override protected final void marshallAttributes(final XMLObject samlElement, final Element domElement) diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java index 25baed16..35532e77 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributeUnmarshaller.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java index 1f68747f..db08f87f 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesBuilder.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java index 2fff64b3..8aa70e5a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesMarshaller.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java index b2cf7a82..f616bbb0 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/reqattr/EaafRequestedAttributesUnmarshaller.java @@ -19,12 +19,13 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller; import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.UnmarshallingException; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; + public class EaafRequestedAttributesUnmarshaller extends AbstractSAMLObjectUnmarshaller { @Override protected final void processChildElement(final XMLObject parentObject, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java index c21524dd..cd22bba7 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/InboundMessage.java @@ -25,10 +25,6 @@ import java.io.Serializable; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.slf4j.Logger; @@ -36,6 +32,11 @@ import org.slf4j.LoggerFactory; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; + public class InboundMessage implements InboundMessageInterface, Serializable { private static final Logger log = LoggerFactory.getLogger(InboundMessage.class); @@ -100,18 +101,19 @@ public class InboundMessage implements InboundMessageInterface, Serializable { public void setSamlMessage(final Element msg) { this.samlMessage = msg; try { - this.serializedSamlMessage = DomUtils.serializeNode(msg); - - } catch (TransformerException | IOException e) { - log.warn("Can not serialize message",e ); - - } + this.serializedSamlMessage = DomUtils.serializeNode(msg); + + } catch (TransformerException | IOException e) { + log.warn("Can not serialize message", e); + + } } /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage# + * getRelayState() */ @Override public String getRelayState() { @@ -121,7 +123,8 @@ public class InboundMessage implements InboundMessageInterface, Serializable { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage# + * getEntityID() */ @Override public String getEntityID() { @@ -131,7 +134,8 @@ public class InboundMessage implements InboundMessageInterface, Serializable { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage# + * isVerified() */ @Override public boolean isVerified() { @@ -141,24 +145,25 @@ public class InboundMessage implements InboundMessageInterface, Serializable { /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage# + * getInboundMessage() */ @Override public Element getInboundMessage() { - if (this.samlMessage != null) { - return samlMessage; - - } else { - try { - return (Element) DomUtils.parseDocument(serializedSamlMessage, false, null, null); - - } catch (SAXException | IOException | ParserConfigurationException e) { - throw new RuntimeException(e); - - } - - } - + if (this.samlMessage != null) { + return samlMessage; + + } else { + try { + return (Element) DomUtils.parseDocument(serializedSamlMessage, false, null, null); + + } catch (SAXException | IOException | ParserConfigurationException e) { + throw new RuntimeException(e); + + } + + } + } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java index dce2dd04..8a2cce3e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/message/PvpSProfileRequest.java @@ -19,7 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.message; - import org.opensaml.xml.io.Unmarshaller; import org.opensaml.xml.io.UnmarshallerFactory; import org.opensaml.xml.io.UnmarshallingException; @@ -38,7 +37,7 @@ public class PvpSProfileRequest extends InboundMessage { * PVP2 S-Profil request DAO. * * @param inboundMessage SAML2 request object - * @param binding Used SAML2 binding + * @param binding Used SAML2 binding */ public PvpSProfileRequest(final SignableXMLObject inboundMessage, final String binding) { setSamlMessage(inboundMessage.getDOM()); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java index 8a6105bc..4a9bb89a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java @@ -28,12 +28,9 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Timer; + import javax.xml.namespace.QName; -import at.gv.egiz.components.spring.api.IDestroyableObject; -import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + import org.apache.commons.lang3.StringUtils; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; @@ -48,6 +45,12 @@ import org.opensaml.xml.XMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.components.spring.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + public abstract class AbstractChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing, IRefreshableMetadataProvider, IDestroyableObject, IPvpMetadataProvider { @@ -58,7 +61,6 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro private static Object mutex = new Object(); private Timer timer = null; - public AbstractChainingMetadataProvider() { internalProvider = new ChainingMetadataProvider(); @@ -72,12 +74,16 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector() + * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing# + * runGarbageCollector() */ @Override public void runGarbageCollector() { synchronized (mutex) { - /* add new Metadataprovider or remove Metadataprovider which are not in use any more. */ + /* + * add new Metadataprovider or remove Metadataprovider which are not in use any + * more. + */ try { log.trace("Check consistence of PVP2X metadata"); addAndRemoveMetadataProvider(); @@ -110,7 +116,6 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro } - // reload metadata provider final String metadataUrl = getMetadataUrl(entityID); if (StringUtils.isNotEmpty(metadataUrl)) { @@ -195,12 +200,11 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro } } - /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#requireValidMetadata() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * requireValidMetadata() */ @Override public boolean requireValidMetadata() { @@ -210,9 +214,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setRequireValidMetadata - * (boolean) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * setRequireValidMetadata (boolean) */ @Override public void setRequireValidMetadata(final boolean requireValidMetadata) { @@ -222,8 +225,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadataFilter() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getMetadataFilter() */ @Override public MetadataFilter getMetadataFilter() { @@ -233,9 +236,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setMetadataFilter(org. - * opensaml.saml2.metadata.provider.MetadataFilter) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * setMetadataFilter(org. opensaml.saml2.metadata.provider.MetadataFilter) */ @Override public void setMetadataFilter(final MetadataFilter newFilter) throws MetadataProviderException { @@ -245,7 +247,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadata() + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getMetadata() */ @Override public XMLObject getMetadata() throws MetadataProviderException { @@ -255,9 +258,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntitiesDescriptor( - * java.lang.String) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getEntitiesDescriptor( java.lang.String) */ @Override public EntitiesDescriptor getEntitiesDescriptor(final String entitiesID) @@ -290,9 +292,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntityDescriptor( - * java.lang.String) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getEntityDescriptor( java.lang.String) */ @Override public EntityDescriptor getEntityDescriptor(final String entityID) @@ -327,8 +328,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang. - * String, javax.xml.namespace.QName) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getRole(java.lang. String, javax.xml.namespace.QName) */ @Override public List getRole(final String entityID, final QName roleName) @@ -344,8 +345,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang. - * String, javax.xml.namespace.QName, java.lang.String) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider# + * getRole(java.lang. String, javax.xml.namespace.QName, java.lang.String) */ @Override public RoleDescriptor getRole(final String entityID, final QName roleName, @@ -361,14 +362,15 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro /* * (non-Javadoc) * - * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers() + * @see + * org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers( + * ) */ @Override public List getObservers() { return ((ChainingMetadataProvider) internalProvider).getObservers(); } - /** * Get the URL to metadata for a specific entityID. * @@ -384,9 +386,9 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro * @param entityId EntityId * @return MetadataProvider * @throws EaafConfigurationException In case of an error - * @throws IOException In case of an error - * @throws CertificateException In case of an error - * @throws ConfigurationException In case of an error + * @throws IOException In case of an error + * @throws CertificateException In case of an error + * @throws ConfigurationException In case of an error */ protected abstract MetadataProvider createNewMetadataProvider(String entityId) throws EaafConfigurationException, IOException, CertificateException; @@ -399,7 +401,6 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro protected abstract List getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException; - protected void emitChangeEvent() { if (getObservers() == null || getObservers().size() == 0) { return; @@ -447,9 +448,10 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro final Map loadedproviders = getAllActuallyLoadedProviders(); /* - * TODO: maybe add metadata provider destroy after timeout. But could be a problem if one - * Metadataprovider load an EntitiesDescriptor with more the multiple EntityDescriptors. If - * one of this EntityDesciptors are expired the full EntitiesDescriptor is removed. + * TODO: maybe add metadata provider destroy after timeout. But could be a + * problem if one Metadataprovider load an EntitiesDescriptor with more the + * multiple EntityDescriptors. If one of this EntityDesciptors are expired the + * full EntitiesDescriptor is removed. * * Timeout requires a better solution in this case! */ @@ -464,7 +466,7 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro final String metadataurl = metadataUrlInterator.next(); try { if (StringUtils.isNotEmpty(metadataurl) - && loadedproviders.containsKey(metadataurl)) { + && loadedproviders.containsKey(metadataurl)) { // SAML2 SP is actually loaded, to nothing providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); loadedproviders.remove(metadataurl); @@ -477,7 +479,8 @@ public abstract class AbstractChainingMetadataProvider extends SimpleMetadataPro } } - // remove all actually loaded MetadataProviders with are not in ConfigurationDB any more + // remove all actually loaded MetadataProviders with are not in ConfigurationDB + // any more final Collection notusedproviders = loadedproviders.values(); for (final HTTPMetadataProvider provider : notusedproviders) { final String metadataurl = provider.getMetadataURI(); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java index 04c1dcb8..ebc057df 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java @@ -21,13 +21,13 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.metadata; import java.util.ArrayList; import java.util.List; + import org.opensaml.saml2.metadata.provider.FilterException; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; - /** * Metadata filter-chain implementation. * @@ -37,7 +37,6 @@ import org.slf4j.LoggerFactory; public class MetadataFilterChain implements MetadataFilter { private static final Logger log = LoggerFactory.getLogger(MetadataFilterChain.class); - private final List filters = new ArrayList<>(); /** @@ -58,11 +57,12 @@ public class MetadataFilterChain implements MetadataFilter { filters.add(filter); } - /* * (non-Javadoc) * - * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + * @see + * org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml + * .XMLObject) */ @Override public void doFilter(final XMLObject arg0) throws FilterException { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java index 67dd1d35..d63950cb 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java @@ -22,11 +22,9 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.metadata; import java.io.File; import java.net.MalformedURLException; import java.util.Timer; + import javax.net.ssl.SSLHandshakeException; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; + import org.apache.commons.httpclient.HttpClient; import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; @@ -37,6 +35,11 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; + /** * Simple SAML2 metadata provider. * @@ -50,23 +53,26 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { private static final String URI_PREFIX_HTTPS = "https:"; private static final String URI_PREFIX_FILE = "file:"; - @Autowired protected IConfiguration authConfig; - /** * Create a single SAML2 metadata provider. * - * @param metadataLocation where the metadata should be loaded, but never null. If the location - * starts with http(s):, than a http based metadata provider is used. If the location - * starts with file:, than a filesystem based metadata provider is used - * @param filter Filters, which should be used to validate the metadata - * @param idForLogging Id, which is used for Logging - * @param timer {@link Timer} which is used to schedule metadata refresh operations - * @param httpClient Apache commons 3.x http client + * @param metadataLocation where the metadata should be loaded, but never null. + * If the location starts with http(s):, than a http + * based metadata provider is used. If the location + * starts with file:, than a filesystem based metadata + * provider is used + * @param filter Filters, which should be used to validate the + * metadata + * @param idForLogging Id, which is used for Logging + * @param timer {@link Timer} which is used to schedule metadata + * refresh operations + * @param httpClient Apache commons 3.x http client * - * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized + * @return SAML2 Metadata Provider, or null if the metadata provider can not + * initialized */ protected MetadataProvider createNewSimpleMetadataProvider(final String metadataLocation, final MetadataFilter filter, final String idForLogging, final Timer timer, @@ -100,7 +106,6 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { } - } catch (final MalformedURLException e) { log.warn("SAML2 metadata URL is invalid: " + metadataLocation, e); @@ -113,14 +118,14 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { } - /** * Create a single SAML2 filesystem based metadata provider. * * @param metadataFile File, where the metadata should be loaded - * @param filter Filters, which should be used to validate the metadata + * @param filter Filters, which should be used to validate the metadata * @param idForLogging Id, which is used for Logging - * @param timer {@link Timer} which is used to schedule metadata refresh operations + * @param timer {@link Timer} which is used to schedule metadata refresh + * operations * @param pool * * @return SAML2 Metadata Provider @@ -148,7 +153,6 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { log.warn("Failed to load Metadata file for " + idForLogging + "[ " + "File: " + metadataFile.getAbsolutePath() + " Msg: " + e.getMessage() + " ]", e); - log.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath() + " Reason: " + e.getMessage(), e); @@ -162,15 +166,14 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { } - - /** * Create a single SAML2 HTTP metadata provider. * - * @param metadataUrl URL, where the metadata should be loaded - * @param filter Filters, which should be used to validate the metadata + * @param metadataUrl URL, where the metadata should be loaded + * @param filter Filters, which should be used to validate the metadata * @param idForLogging Id, which is used for Logging - * @param timer {@link Timer} which is used to schedule metadata refresh operations + * @param timer {@link Timer} which is used to schedule metadata refresh + * operations * @param pool * * @return SAML2 Metadata Provider @@ -220,7 +223,6 @@ public abstract class SimpleMetadataProvider implements MetadataProvider { // timer.cancel(); // } - } return null; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java index a6d2508d..92d8f4b9 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java @@ -20,8 +20,8 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; import java.security.KeyStore; -import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.security.x509.X509Credential; /** * OpenSAML2 KeyStore adapter. @@ -35,8 +35,8 @@ public class EaafKeyStoreX509CredentialAdapter /** * Get an OpenSAML2 keystore. * - * @param store Java KeyStore - * @param alias Key alias + * @param store Java KeyStore + * @param alias Key alias * @param password key Password */ public EaafKeyStoreX509CredentialAdapter(final KeyStore store, final String alias, @@ -49,5 +49,4 @@ public class EaafKeyStoreX509CredentialAdapter return X509Credential.class; } - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java index 957def02..404b4e8e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java @@ -25,8 +25,7 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStreamWriter; import java.io.Writer; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder; + import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.opensaml.common.binding.SAMLMessageContext; @@ -37,6 +36,9 @@ import org.opensaml.ws.transport.http.HTTPTransportUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiFormBuilder; + /** * OpenSAML2 Post-Binding encoder that uses dynamic loaded templates. * @@ -46,7 +48,6 @@ import org.slf4j.LoggerFactory; public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder { private static final Logger log = LoggerFactory.getLogger(HttpPostEncoderWithOwnTemplate.class); - private final VelocityEngine velocityEngine; private final IVelocityGuiBuilderConfiguration guiConfig; private final IVelocityGuiFormBuilder guiBuilder; @@ -54,9 +55,9 @@ public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder { /** * Own Post-Binding encoder. * - * @param guiConfig GUI configuration + * @param guiConfig GUI configuration * @param guiBuilder GUI builder implementation - * @param engine velocity engine + * @param engine velocity engine */ public HttpPostEncoderWithOwnTemplate(final IVelocityGuiBuilderConfiguration guiConfig, final IVelocityGuiFormBuilder guiBuilder, final VelocityEngine engine) { @@ -68,12 +69,14 @@ public class HttpPostEncoderWithOwnTemplate extends HTTPPostEncoder { } /** - * Base64 and POST encodes the outbound message and writes it to the outbound transport. + * Base64 and POST encodes the outbound message and writes it to the outbound + * transport. * * @param messageContext current message context - * @param endpointUrl endpoint URL to which to encode message + * @param endpointUrl endpoint URL to which to encode message * - * @throws MessageEncodingException thrown if there is a problem encoding the message + * @throws MessageEncodingException thrown if there is a problem encoding the + * message */ @Override protected void postEncode(final SAMLMessageContext messageContext, final String endpointUrl) diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java index 2def1446..8838daec 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java @@ -19,7 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; import org.opensaml.ws.message.MessageContext; @@ -27,6 +26,8 @@ import org.opensaml.ws.message.encoder.MessageEncodingException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; + /** * Create deflate encoded SAML2 redirect-binding informations. * @@ -71,5 +72,4 @@ public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder { return redirectUrl; } - } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java index 9db8e5e7..9625b591 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSaml2Bootstrap.java @@ -19,6 +19,9 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize; +import org.opensaml.DefaultBootstrap; +import org.opensaml.xml.ConfigurationException; + import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributeBuilder; @@ -27,8 +30,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributeU import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesBuilder; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesMarshaller; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestedAttributesUnmarshaller; -import org.opensaml.DefaultBootstrap; -import org.opensaml.xml.ConfigurationException; /** * EAAF specific OpenSAML Initializer. diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java index a1a7e9d2..f3e50e4e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafDefaultSecurityConfigurationBootstrap.java @@ -84,7 +84,6 @@ public class EaafDefaultSecurityConfigurationBootstrap // use SHA256 instead of SHA1 config.registerSignatureAlgorithmURI("AES", SignatureConstants.ALGO_ID_MAC_HMAC_SHA256); - config.registerSignatureAlgorithmURI("DESede", SignatureConstants.ALGO_ID_MAC_HMAC_SHA256); config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#"); @@ -112,7 +111,6 @@ public class EaafDefaultSecurityConfigurationBootstrap config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM); - config.registerDataEncryptionAlgorithmURI("DESede", Integer.valueOf(168), "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"); config.registerDataEncryptionAlgorithmURI("DESede", Integer.valueOf(192), diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java index 1ceb5adc..e91ee19c 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributeImpl.java @@ -22,13 +22,15 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr; import java.util.ArrayList; import java.util.Collections; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + import org.opensaml.common.impl.AbstractSAMLObject; import org.opensaml.xml.XMLObject; import org.opensaml.xml.schema.XSBooleanValue; import org.opensaml.xml.util.AttributeMap; import org.opensaml.xml.util.XMLObjectChildrenList; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + public class EaafRequestedAttributeImpl extends AbstractSAMLObject implements EaafRequestedAttribute { @@ -42,9 +44,9 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject /** * Build an EAAF specific requested attribute. * - * @param namespaceUri Attribute namespace + * @param namespaceUri Attribute namespace * @param elementLocalName Attribute name - * @param namespacePrefix Attribute namespace prefix + * @param namespacePrefix Attribute namespace prefix */ public EaafRequestedAttributeImpl(final String namespaceUri, final String elementLocalName, final String namespacePrefix) { @@ -86,19 +88,16 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject return Collections.unmodifiableList(children); } - @Override public final AttributeMap getUnknownAttributes() { return unknownAttributes; } - @Override public final void setFriendlyName(final String newFriendlyName) { this.friendlyName = prepareForAssignment(this.friendlyName, newFriendlyName); } - @Override public void setIsRequired(final Boolean aboolean) { this.isRequired = String.valueOf(aboolean); @@ -115,19 +114,16 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject } - @Override public final void setName(final String newName) { this.name = prepareForAssignment(this.name, newName); } - @Override public final void setNameFormat(final String newNameFormat) { this.nameFormat = prepareForAssignment(this.nameFormat, newNameFormat); } - public final void setUnknownAttributes(final AttributeMap newUnknownAttr) { this.unknownAttributes = newUnknownAttr; } @@ -137,10 +133,6 @@ public class EaafRequestedAttributeImpl extends AbstractSAMLObject return XSBooleanValue.valueOf(isRequired); } - - - - @Override public Boolean isRequired() { return Boolean.parseBoolean(isRequired); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java index 3b447538..eefc166b 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/reqattr/EaafRequestedAttributesImpl.java @@ -22,12 +22,14 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.reqattr; import java.util.ArrayList; import java.util.Collections; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; + import org.opensaml.common.impl.AbstractSAMLObject; import org.opensaml.xml.XMLObject; import org.opensaml.xml.util.IndexedXMLObjectChildrenList; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; + public class EaafRequestedAttributesImpl extends AbstractSAMLObject implements EaafRequestedAttributes { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index ec4009f0..5c9bb6be 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -23,10 +23,7 @@ import java.security.KeyStore; import java.security.PrivateKey; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.RSAPrivateKey; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; + import org.apache.commons.lang3.StringUtils; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; @@ -36,6 +33,11 @@ import org.opensaml.xml.signature.SignatureConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; + public abstract class AbstractCredentialProvider { private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class); @@ -43,7 +45,8 @@ public abstract class AbstractCredentialProvider { private KeyStore keyStore = null; /** - * Get a friendlyName for this keyStore implementation This friendlyName is used for logging. + * Get a friendlyName for this keyStore implementation This friendlyName is used + * for logging. * * @return keyStore friendlyName */ @@ -106,7 +109,6 @@ public abstract class AbstractCredentialProvider { */ public abstract String getEncryptionKeyPassword(); - /** * Get Credentials to sign metadata. * @@ -128,15 +130,15 @@ public abstract class AbstractCredentialProvider { log.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey."); throw new CredentialsNotAvailableException("config.27", - new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: " - + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."}); + new Object[] { getFriendlyName() + " Assertion Signing credentials (Alias: " + + getMetadataKeyAlias() + ") is not found or contains no PrivateKey." }); } return credentials; } catch (final Exception e) { log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e); + throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -160,8 +162,8 @@ public abstract class AbstractCredentialProvider { log.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey."); throw new CredentialsNotAvailableException("config.27", - new Object[] {getFriendlyName() + " Assertion Signing credentials (Alias: " - + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."}); + new Object[] { getFriendlyName() + " Assertion Signing credentials (Alias: " + + getSignatureKeyAlias() + ") is not found or contains no PrivateKey." }); } @@ -169,7 +171,7 @@ public abstract class AbstractCredentialProvider { } catch (final Exception e) { log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e); + throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -200,8 +202,8 @@ public abstract class AbstractCredentialProvider { log.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey."); throw new CredentialsNotAvailableException("config.27", - new Object[] {getFriendlyName() + " Assertion Encryption credentials (Alias: " - + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."}); + new Object[] { getFriendlyName() + " Assertion Encryption credentials (Alias: " + + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey." }); } @@ -210,7 +212,7 @@ public abstract class AbstractCredentialProvider { } catch (final Exception e) { log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException("config.27", new Object[] {e.getMessage()}, e); + throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -234,7 +236,6 @@ public abstract class AbstractCredentialProvider { log.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential."); - } signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java index 876fa744..31ffd5a7 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QaaLevelVerifier.java @@ -20,14 +20,17 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; import java.util.List; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; -import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException; + import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotAllowedException; + /** - * EAAF LoA Level verifier checks if requested LoA matchs to LoA of authentication. + * EAAF LoA Level verifier checks if requested LoA matchs to LoA of + * authentication. * * * @author tlenz @@ -40,23 +43,23 @@ public class QaaLevelVerifier { private static boolean verifyQaaLevel(final String qaaAuth, final String requiredLoA, final String matchingMode) throws QaaNotAllowedException { // to MINIMUM machting - if (EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) { + if (EaafConstants.EIDAS_LOA_MATCHING_MINIMUM.equals(matchingMode)) { log.trace("Perfom LoA matching in 'MINIMUM' mode ... "); - if (EAAFConstants.EIDAS_LOA_LOW.equals(requiredLoA) - && (EAAFConstants.EIDAS_LOA_LOW.equals(qaaAuth) - || EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) - || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { + if (EaafConstants.EIDAS_LOA_LOW.equals(requiredLoA) + && (EaafConstants.EIDAS_LOA_LOW.equals(qaaAuth) + || EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) + || EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { return true; - } else if (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA) - && (EAAFConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) - || EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { + } else if (EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(requiredLoA) + && (EaafConstants.EIDAS_LOA_SUBSTANTIAL.equals(qaaAuth) + || EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth))) { return true; - } else if (EAAFConstants.EIDAS_LOA_HIGH.equals(requiredLoA) - && EAAFConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) { + } else if (EaafConstants.EIDAS_LOA_HIGH.equals(requiredLoA) + && EaafConstants.EIDAS_LOA_HIGH.equals(qaaAuth)) { return true; } - } else if (EAAFConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) { + } else if (EaafConstants.EIDAS_LOA_MATCHING_EXACT.equals(matchingMode)) { // to EXACT matching log.trace("Perfom LoA matching in 'EXACT' mode ... "); if (qaaAuth.equals(requiredLoA)) { @@ -78,7 +81,7 @@ public class QaaLevelVerifier { /** * Check LoA level. * - * @param qaaAuth LoA of authentication + * @param qaaAuth LoA of authentication * @param requiredLoAs List of allowed LoA levels * @param matchingMode LoA matching mode * @throws QaaNotAllowedException If LoA does not match diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java index 8bcc3e74..1a282b55 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java @@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; import java.io.IOException; import java.util.List; + import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -29,9 +30,7 @@ import javax.xml.transform.TransformerException; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.core.Attribute; @@ -51,6 +50,10 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Document; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; + public class Saml2Utils { private static final Logger log = LoggerFactory.getLogger(Saml2Utils.class); @@ -66,13 +69,13 @@ public class Saml2Utils { } catch (final ParserConfigurationException e) { // TODO Auto-generated catch block e.printStackTrace(); - } + } } /** * Create a SAML2 object. * - * @param SAML2 object class + * @param SAML2 object class * @param clazz object class * @return SAML2 object */ @@ -103,14 +106,13 @@ public class Saml2Utils { } - /** * Transform SAML2 Object to Element. * * @param object SAML2 object * @return Element - * @throws IOException In case of an transformation error - * @throws MarshallingException In case of an transformation error + * @throws IOException In case of an transformation error + * @throws MarshallingException In case of an transformation error * @throws TransformerException In case of an transformation error */ public static Document asDomDocument(final XMLObject object) @@ -178,9 +180,9 @@ public class Saml2Utils { /** * Generate EAAF specific requested attribute. * - * @param attr SAML2 attribute definition + * @param attr SAML2 attribute definition * @param isRequired is-mandatory flag - * @param value Attribute value + * @param value Attribute value * @return */ public static EaafRequestedAttribute generateReqAuthnAttributeSimple(final Attribute attr, diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java index fcee2382..ca37d6e5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/EaafUriCompare.java @@ -23,7 +23,6 @@ import org.opensaml.common.binding.decoding.URIComparator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; - public class EaafUriCompare implements URIComparator { private static final Logger log = LoggerFactory.getLogger(EaafUriCompare.class); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java index d8ae95a0..6497ce06 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java @@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation; import java.util.ArrayList; import java.util.List; + import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.security.MetadataCredentialResolver; import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java index 40cbdeb0..d1eb66a3 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java @@ -22,9 +22,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; + import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.MetadataFilter; @@ -32,6 +30,10 @@ import org.opensaml.xml.XMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; + public abstract class AbstractMetadataSignatureFilter implements MetadataFilter { private static final Logger log = LoggerFactory.getLogger(AbstractMetadataSignatureFilter.class); @@ -42,28 +44,24 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter final EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; if (entitiesDescriptor.getSignature() == null) { throw new Pvp2MetadataException("pvp2.26", - new Object[] {"Root element of metadata file has to be signed"}); + new Object[] { "Root element of metadata file has to be signed" }); } processEntitiesDescriptor(entitiesDescriptor); - if (entitiesDescriptor.getEntityDescriptors().size() == 0) { throw new Pvp2MetadataException("pvp2.26", - new Object[] {"No valid entity in metadata " + entitiesDescriptor.getName()}); + new Object[] { "No valid entity in metadata " + entitiesDescriptor.getName() }); } - } else if (metadata instanceof EntityDescriptor) { final EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; processEntityDescriptorr(entityDescriptor); } else { throw new Pvp2MetadataException("pvp2.26", - new Object[] {"Invalid Metadata file Root element is unknown"}); + new Object[] { "Invalid Metadata file Root element is unknown" }); } - - log.info("Metadata signature policy check done OK"); } catch (final EaafException e) { log.warn("Metadata signature policy check FAILED.", e); @@ -76,7 +74,8 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter * Signature verification of a SAML2 EntityDescriptor element. * * @param desc EntityDescriptor - * @throws Pvp2MetadataException if the signature is not valid or can not verified + * @throws Pvp2MetadataException if the signature is not valid or can not + * verified */ protected abstract void verify(EntityDescriptor desc) throws Pvp2MetadataException; @@ -84,7 +83,8 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter * Signature verification of a SAML2 EntitiesDescriptor element. * * @param desc EntitiesDescriptor - * @throws Pvp2MetadataException if the signature is not valid or can not verified + * @throws Pvp2MetadataException if the signature is not valid or can not + * verified */ protected abstract void verify(EntitiesDescriptor desc) throws Pvp2MetadataException; @@ -92,13 +92,12 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter * Verify a EntityDescriptor element of an EntitiesDescriptor. * * @param entity EntityDescriptor to verify - * @param desc Full EntitiesDescriptor that contains the EntityDescriptor + * @param desc Full EntitiesDescriptor that contains the EntityDescriptor * @throws Pvp2MetadataException In case of an verification error */ protected abstract void verify(EntityDescriptor entity, EntitiesDescriptor desc) throws Pvp2MetadataException; - private void processEntityDescriptorr(final EntityDescriptor desc) throws EaafException { verify(desc); @@ -130,7 +129,6 @@ public abstract class AbstractMetadataSignatureFilter implements MetadataFilter verifiedEntIT.add(entity); log.debug("Metadata for entityID: " + entity.getEntityID() + " valid"); - } catch (final Exception e) { // remove entity of signature can not be verified. log.info("Entity " + entity.getEntityID() + " is removed from metadata " + desc.getName() diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java index 2d81b1f8..797335d8 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PvpEntityCategoryFilter.java @@ -21,11 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; import java.util.ArrayList; import java.util.List; -import at.gv.egiz.eaaf.core.impl.data.Trible; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.common.Extensions; import org.opensaml.saml2.core.Attribute; @@ -43,8 +39,15 @@ import org.opensaml.xml.XMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + /** - * Metadata filter that inject requested attributes based on Metadata EntityCategories. + * Metadata filter that inject requested attributes based on Metadata + * EntityCategories. * * @author tlenz * @@ -57,18 +60,20 @@ public class PvpEntityCategoryFilter implements MetadataFilter { /** * Filter to map PVP EntityCategories into a set of single PVP attributes. * - * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored + * @param isUsed if true PVP EntityCategories are mapped, otherwise they are + * ignored * */ public PvpEntityCategoryFilter(final boolean isUsed) { this.isUsed = isUsed; } - /* * (non-Javadoc) * - * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + * @see + * org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml + * .XMLObject) */ @Override public void doFilter(final XMLObject metadata) throws FilterException { @@ -91,14 +96,11 @@ public class PvpEntityCategoryFilter implements MetadataFilter { log.trace("Find EntityDescriptor"); resolveEntityCategoriesToAttributes((EntityDescriptor) metadata); - } else { throw new Pvp2MetadataException("pvp2.26", new Object[] { - "Invalid Metadata file Root element is no Entities- or EntityDescriptor"}); + "Invalid Metadata file Root element is no Entities- or EntityDescriptor" }); } - - } catch (final Exception e) { log.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e); @@ -136,7 +138,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter { buildAttributeList(PvpConstants.EGOVTOKEN_PVP_ATTRIBUTES), entityAttrValue); - } else if (PvpConstants.CITIZENTOKEN.equals(entityAttrValue)) { log.debug( "Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... "); @@ -176,7 +177,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter { } - private void addAttributesToEntityDescriptor(final EntityDescriptor metadata, final List attrList, final String entityAttr) { final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -212,7 +212,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter { currentlyReqAttr.add(reqAttr.getName()); } - // check against EntityAttribute List for (final RequestedAttribute entityAttrListEl : attrList) { if (!currentlyReqAttr.contains(entityAttrListEl.getName())) { @@ -245,7 +244,6 @@ public class PvpEntityCategoryFilter implements MetadataFilter { return requestedAttributes; - } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java index 3ff78ca8..6dcc3234 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SchemaValidationFilter.java @@ -22,7 +22,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.metadata.provider.FilterException; import org.opensaml.saml2.metadata.provider.MetadataFilter; @@ -31,6 +31,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + public class SchemaValidationFilter implements MetadataFilter { private static final Logger log = LoggerFactory.getLogger(SchemaValidationFilter.class); private boolean isActive = true; @@ -43,11 +45,12 @@ public class SchemaValidationFilter implements MetadataFilter { this.isActive = useSchemaValidation; } - /* * (non-Javadoc) * - * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + * @see + * org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml + * .XMLObject) */ @Override public void doFilter(final XMLObject arg0) throws FilterException { @@ -84,7 +87,7 @@ public class SchemaValidationFilter implements MetadataFilter { } throw new FilterException(new SchemaValidationException("pvp2.26", - new Object[] {"Metadata Schema validation FAILED with message: " + errString})); + new Object[] { "Metadata Schema validation FAILED with message: " + errString })); } else { log.info("Metadata Schema validation check is DEACTIVATED!"); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java index fc1b6ea8..6d78b775 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/AbstractRequestSignedSecurityPolicyRule.java @@ -23,7 +23,7 @@ import javax.xml.namespace.QName; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + import org.apache.commons.lang3.StringUtils; import org.opensaml.common.SignableSAMLObject; import org.opensaml.common.xml.SAMLConstants; @@ -45,6 +45,8 @@ import org.slf4j.LoggerFactory; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; + /** * Signature Policy for SAML2 redirect-binding. * @@ -56,7 +58,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit private static final Logger log = LoggerFactory.getLogger(AbstractRequestSignedSecurityPolicyRule.class); - private SignatureTrustEngine trustEngine = null; private QName peerEntityRole = null; @@ -73,7 +74,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - /** * Reload the PVP metadata for a given entity. * @@ -82,14 +82,14 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit */ protected abstract boolean refreshMetadataProvider(String entityID); - protected abstract SignableSAMLObject getSignedSamlObject(XMLObject inboundData); /* * (non-Javadoc) * * @see - * org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext) + * org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message. + * MessageContext) */ @Override public void evaluate(final MessageContext context) throws SecurityPolicyException { @@ -114,7 +114,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - } private void verifySignature(final MessageContext context) throws SecurityPolicyException { @@ -136,8 +135,6 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - - final CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIDCriteria(context.getInboundMessageIssuer())); criteriaSet.add(new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS)); @@ -191,7 +188,7 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } - throw new SchemaValidationException("pvp2.22", new Object[] {err}); + throw new SchemaValidationException("pvp2.22", new Object[] { err }); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java index 8f042ae2..42d7d6a1 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpAuthRequestSignedRole.java @@ -20,6 +20,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.verification; import java.util.List; + import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; import org.opensaml.ws.transport.http.HTTPInTransport; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java index 0d108596..c7a43b0b 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/PvpSignedRequestPolicyRule.java @@ -20,12 +20,14 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.verification; import javax.xml.namespace.QName; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + import org.opensaml.common.SignableSAMLObject; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.xml.XMLObject; import org.opensaml.xml.signature.SignatureTrustEngine; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; + public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPolicyRule { private IRefreshableMetadataProvider metadataProvider = null; @@ -34,8 +36,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol * EAAF specific signature rule for OpenSAML2 redirect-binding. * * @param metadataProvider SAML2 metadata provider - * @param trustEngine SAML2 TrustEngine - * @param peerEntityRole Role of the Entity + * @param trustEngine SAML2 TrustEngine + * @param peerEntityRole Role of the Entity */ public PvpSignedRequestPolicyRule(final MetadataProvider metadataProvider, final SignatureTrustEngine trustEngine, final QName peerEntityRole) { @@ -49,8 +51,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule# + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation. + * AbstractRequestSignedSecurityPolicyRule# * refreshMetadataProvider(java.lang.String) */ @Override @@ -66,8 +68,8 @@ public class PvpSignedRequestPolicyRule extends AbstractRequestSignedSecurityPol /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule# + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation. + * AbstractRequestSignedSecurityPolicyRule# * getSignedSAMLObject(org.opensaml.xml.XMLObject) */ @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java index 024c35d8..df91ce53 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java @@ -24,14 +24,6 @@ import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; -import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; import org.apache.commons.lang3.StringUtils; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.common.xml.SAMLSchemaBuilder; @@ -54,20 +46,29 @@ import org.springframework.stereotype.Service; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; + @Service("SAMLVerificationEngine") public class SamlVerificationEngine { private static final Logger log = LoggerFactory.getLogger(SamlVerificationEngine.class); - @Autowired(required = true) IPvpMetadataProvider metadataProvider; /** * Verify signature of a signed SAML2 object. * - * @param msg SAML2 message + * @param msg SAML2 message * @param sigTrustEngine TrustEngine - * @throws org.opensaml.xml.security.SecurityException In case of invalid signature + * @throws org.opensaml.xml.security.SecurityException In case of + * invalid signature * @throws Exception In case of a general error */ public void verify(final InboundMessage msg, final SignatureTrustEngine sigTrustEngine) @@ -77,13 +78,13 @@ public class SamlVerificationEngine { && ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) { verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(), sigTrustEngine); - } else if (msg instanceof PvpSProfileResponse){ + } else if (msg instanceof PvpSProfileResponse) { verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine); - + } else { - log.warn("SAML2 message type: {} not supported", msg.getClass().getName()); - throw new EaafProtocolException("9999", null); - + log.warn("SAML2 message type: {} not supported", msg.getClass().getName()); + throw new EaafProtocolException("9999", null); + } } catch (final InvalidProtocolRequestException e) { @@ -139,7 +140,7 @@ public class SamlVerificationEngine { throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } catch (final SchemaValidationException e) { - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() }); } @@ -170,7 +171,7 @@ public class SamlVerificationEngine { throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } catch (final SchemaValidationException e) { - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() }); } @@ -218,7 +219,7 @@ public class SamlVerificationEngine { } - throw new SchemaValidationException("pvp2.22", new Object[] {err}); + throw new SchemaValidationException("pvp2.22", new Object[] { err }); } -- cgit v1.2.3