From d41afe91ee59daf6b5f5037cecac52900fe2ccb2 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 31 Jan 2020 20:41:54 +0100
Subject: a lot of more OpenSAML3 refactoring staff This version is also NOT
stable!
---
.../InvalidAssertionConsumerServiceException.java | 7 +--
.../InvalidAssertionEncryptionException.java | 5 ++-
.../pvp2/idp/exception/RequestDeniedException.java | 5 ++-
.../idp/exception/ResponderErrorException.java | 7 +--
.../exception/SamlRequestNotSignedException.java | 7 +--
.../idp/exception/SamlRequestNotSupported.java | 10 ++---
.../exception/UnprovideableAttributeException.java | 5 ++-
.../pvp2/idp/impl/AbstractPvp2XProtocol.java | 40 ++++++++---------
.../pvp2/idp/impl/AuthenticationAction.java | 23 +++++-----
.../pvp2/idp/impl/builder/AuthResponseBuilder.java | 46 +++++++++----------
.../idp/impl/builder/Pvp2AssertionBuilder.java | 52 +++++++++++-----------
11 files changed, 108 insertions(+), 99 deletions(-)
(limited to 'eaaf_modules/eaaf_module_pvp2_idp/src/main/java')
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java
index 6d868558..0003b829 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java
@@ -20,7 +20,8 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import org.opensaml.saml2.core.StatusCode;
+
+import org.opensaml.saml.saml2.core.StatusCode;
public class InvalidAssertionConsumerServiceException extends Pvp2Exception {
@@ -28,7 +29,7 @@ public class InvalidAssertionConsumerServiceException extends Pvp2Exception {
public InvalidAssertionConsumerServiceException(final int idx) {
super("pvp2.28", new Object[] {idx});
- this.statusCodeValue = StatusCode.REQUESTER_URI;
+ this.statusCodeValue = StatusCode.REQUESTER;
}
/**
@@ -38,7 +39,7 @@ public class InvalidAssertionConsumerServiceException extends Pvp2Exception {
*/
public InvalidAssertionConsumerServiceException(final String wrongUrl) {
super("pvp2.23", new Object[] {wrongUrl});
- this.statusCodeValue = StatusCode.REQUESTER_URI;
+ this.statusCodeValue = StatusCode.REQUESTER;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java
index 0d75616a..89179ff6 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java
@@ -20,7 +20,8 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import org.opensaml.saml2.core.StatusCode;
+
+import org.opensaml.saml.saml2.core.StatusCode;
public class InvalidAssertionEncryptionException extends Pvp2Exception {
@@ -28,7 +29,7 @@ public class InvalidAssertionEncryptionException extends Pvp2Exception {
public InvalidAssertionEncryptionException() {
super("pvp2.16", new Object[] {});
- this.statusCodeValue = StatusCode.RESPONDER_URI;
+ this.statusCodeValue = StatusCode.RESPONDER;
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java
index ecceea12..cf4ac8d1 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java
@@ -20,7 +20,8 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import org.opensaml.saml2.core.StatusCode;
+
+import org.opensaml.saml.saml2.core.StatusCode;
public class RequestDeniedException extends Pvp2Exception {
@@ -28,7 +29,7 @@ public class RequestDeniedException extends Pvp2Exception {
public RequestDeniedException() {
super("pvp2.14", null);
- this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
+ this.statusCodeValue = StatusCode.REQUEST_DENIED;
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java
index 331e11cd..e6cdf8f1 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java
@@ -20,7 +20,8 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import org.opensaml.saml2.core.StatusCode;
+
+import org.opensaml.saml.saml2.core.StatusCode;
public class ResponderErrorException extends Pvp2Exception {
@@ -29,11 +30,11 @@ public class ResponderErrorException extends Pvp2Exception {
public ResponderErrorException(final String messageId, final Object[] parameters,
final Throwable wrapped) {
super(messageId, parameters, wrapped);
- this.statusCodeValue = StatusCode.RESPONDER_URI;
+ this.statusCodeValue = StatusCode.RESPONDER;
}
public ResponderErrorException(final String messageId, final Object[] parameters) {
super(messageId, parameters);
- this.statusCodeValue = StatusCode.RESPONDER_URI;
+ this.statusCodeValue = StatusCode.RESPONDER;
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java
index 4650506d..c02e534c 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java
@@ -20,7 +20,8 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import org.opensaml.saml2.core.StatusCode;
+
+import org.opensaml.saml.saml2.core.StatusCode;
public class SamlRequestNotSignedException extends Pvp2Exception {
@@ -28,12 +29,12 @@ public class SamlRequestNotSignedException extends Pvp2Exception {
public SamlRequestNotSignedException() {
super("pvp2.07", null);
- this.statusCodeValue = StatusCode.REQUESTER_URI;
+ this.statusCodeValue = StatusCode.REQUESTER;
}
public SamlRequestNotSignedException(final Throwable e) {
super("pvp2.07", null, e);
- this.statusCodeValue = StatusCode.REQUESTER_URI;
+ this.statusCodeValue = StatusCode.REQUESTER;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java
index 58a493b9..b0dcdb2e 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java
@@ -11,7 +11,7 @@
* is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the Licence for the specific language governing permissions and limitations under
* the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text file for details on the
* various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
* works that you distribute must include a readable copy of the "NOTICE" text file.
@@ -19,18 +19,18 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.exception;
-import org.opensaml.saml2.core.StatusCode;
-
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import org.opensaml.saml.saml2.core.StatusCode;
+
public class SamlRequestNotSupported extends Pvp2Exception {
private static final long serialVersionUID = 1244883178458802767L;
-
+
public SamlRequestNotSupported() {
super("pvp2.09", null);
- this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI;
+ this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java
index 41252b78..0f84b8fb 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java
@@ -20,7 +20,8 @@
package at.gv.egiz.eaaf.modules.pvp2.idp.exception;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import org.opensaml.saml2.core.StatusCode;
+
+import org.opensaml.saml.saml2.core.StatusCode;
public class UnprovideableAttributeException extends Pvp2Exception {
@@ -28,6 +29,6 @@ public class UnprovideableAttributeException extends Pvp2Exception {
public UnprovideableAttributeException(final String attributeName) {
super("pvp2.10", new Object[] {attributeName});
- this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI;
+ this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE;
}
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index f8a39b61..f86fd883 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -39,7 +39,8 @@ import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egiz.eaaf.modules.pvp2.PvpEventConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPvpRequestException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException;
@@ -60,20 +61,19 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.NameIDType;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
+import org.opensaml.saml.saml2.core.StatusCode;
+import org.opensaml.saml.saml2.core.StatusMessage;
+import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.SignableXMLObject;
+import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -84,7 +84,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
@Autowired(required = true)
protected IPvp2BasicConfiguration pvpBasicConfiguration;
@Autowired(required = true)
- protected IPvpMetadataProvider metadataProvider;
+ protected IPvp2MetadataProvider metadataProvider;
@Autowired(required = true)
protected SamlVerificationEngine samlVerificationEngine;
@Autowired(required = false)
@@ -125,11 +125,11 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
String moaError = null;
if (e instanceof NoPassivAuthenticationException) {
- statusCode.setValue(StatusCode.NO_PASSIVE_URI);
+ statusCode.setValue(StatusCode.NO_PASSIVE);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
} else if (e instanceof NameIdFormatNotSupportedException) {
- statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI);
+ statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
} else if (e instanceof SloException) {
@@ -146,7 +146,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
moaError = statusMessager.mapInternalErrorToExternalError(ex.getErrorId());
} else {
- statusCode.setValue(StatusCode.RESPONDER_URI);
+ statusCode.setValue(StatusCode.RESPONDER);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
moaError = statusMessager.getResponseErrorCode(e);
}
@@ -194,9 +194,9 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
relayState = pvpRequest.getRequest().getRelayState();
}
- final X509Credential signCred = pvpIdpCredentials.getIdpAssertionSigningCredential();
+ final EaafX509Credential signCred = pvpIdpCredentials.getIdpAssertionSigningCredential();
- encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerUrl(), relayState,
+ encoder.encodeResponse(request, response, samlResponse, pvpRequest.getConsumerUrl(), relayState,
signCred, protocolRequest);
return true;
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
index d4981cd6..74224dbe 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -22,6 +22,7 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAction;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
@@ -32,7 +33,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.data.SloInformationImpl;
import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
@@ -42,15 +43,15 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
+import org.opensaml.messaging.encoder.MessageEncodingException;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.Assertion;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -65,7 +66,7 @@ public class AuthenticationAction implements IAction {
"protocols.pvp2.assertion.encryption.active";
@Autowired(required = true)
- private IPvpMetadataProvider metadataProvider;
+ private IPvp2MetadataProvider metadataProvider;
@Autowired(required = true)
ApplicationContext springContext;
@Autowired(required = true)
@@ -131,7 +132,7 @@ public class AuthenticationAction implements IAction {
throw new BindingNotSupportedException(consumerService.getBinding());
}
- binding.encodeRespone(httpReq, httpResp, authResponse, consumerService.getLocation(),
+ binding.encodeResponse(httpReq, httpResp, authResponse, consumerService.getLocation(),
moaRequest.getRelayState(), pvpIdpCredentials.getIdpAssertionSigningCredential(), req);
revisionsLogger.logEvent(req, 3105, authResponse.getID());
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java
index bf51ac0f..ac551612 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java
@@ -21,36 +21,36 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder;
import java.util.ArrayList;
import java.util.List;
+
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.EncryptedAssertion;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.encryption.Encrypter;
-import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.core.criterion.EntityIdCriterion;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.Assertion;
+import org.opensaml.saml.saml2.core.EncryptedAssertion;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.NameIDType;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.encryption.Encrypter.KeyPlacement;
+import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml.security.impl.MetadataCredentialResolver;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.security.MetadataCriteria;
-import org.opensaml.xml.encryption.EncryptionException;
-import org.opensaml.xml.encryption.EncryptionParameters;
-import org.opensaml.xml.encryption.KeyEncryptionParameters;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.security.credential.UsageType;
+import org.opensaml.security.criteria.UsageCriterion;
+import org.opensaml.security.x509.X509Credential;
+import org.opensaml.xmlsec.EncryptionParameters;
+import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
+import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
+
/**
* Authentication response builder.
*
@@ -101,10 +101,10 @@ public class AuthResponseBuilder {
new MetadataCredentialResolver(metadataProvider);
final CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add(new EntityIDCriteria(req.getIssuer().getValue()));
+ criteriaSet.add(new EntityIdCriterion(req.getIssuer().getValue()));
criteriaSet
.add(new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
- criteriaSet.add(new UsageCriteria(UsageType.ENCRYPTION));
+ criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
X509Credential encryptionCredentials = null;
try {
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
index f57f9db0..922e7efe 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java
@@ -23,6 +23,7 @@ import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
+
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
@@ -42,33 +43,34 @@ import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.QaaLevelVerifier;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.Assertion;
+import org.opensaml.saml.saml2.core.Attribute;
+import org.opensaml.saml.saml2.core.AttributeQuery;
+import org.opensaml.saml.saml2.core.AttributeStatement;
+import org.opensaml.saml.saml2.core.Audience;
+import org.opensaml.saml.saml2.core.AudienceRestriction;
+import org.opensaml.saml.saml2.core.AuthnContext;
+import org.opensaml.saml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.AuthnStatement;
+import org.opensaml.saml.saml2.core.Conditions;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.NameID;
+import org.opensaml.saml.saml2.core.NameIDType;
+import org.opensaml.saml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml.saml2.core.Subject;
+import org.opensaml.saml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
--
cgit v1.2.3