From 5a1eca23a9b35541b7b1955b83b47e0af983d5dd Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 5 Feb 2020 09:02:13 +0100 Subject: add Trusted-Certificates method to AbstractCredentialProvider add jUnit tests for AbstractCredentialProvider change method names in AbstractCredentialProvider --- .../pvp2/idp/impl/AbstractPvp2XProtocol.java | 2 +- .../pvp2/idp/impl/AuthenticationAction.java | 2 +- .../pvp2/idp/impl/builder/AuthResponseBuilder.java | 35 +++++----------------- 3 files changed, 10 insertions(+), 29 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_idp/src/main') diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index 1ef7da29..29bbac1e 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -194,7 +194,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement relayState = pvpRequest.getRequest().getRelayState(); } - final EaafX509Credential signCred = pvpIdpCredentials.getIdpAssertionSigningCredential(); + final EaafX509Credential signCred = pvpIdpCredentials.getMessageSigningCredential(); encoder.encodeResponse(request, response, samlResponse, pvpRequest.getConsumerUrl(), relayState, signCred, protocolRequest); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index c0190959..d138ba3a 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -129,7 +129,7 @@ public class AuthenticationAction implements IAction { } binding.encodeResponse(httpReq, httpResp, authResponse, consumerService.getLocation(), - moaRequest.getRelayState(), pvpIdpCredentials.getIdpAssertionSigningCredential(), req); + moaRequest.getRelayState(), pvpIdpCredentials.getMessageSigningCredential(), req); revisionsLogger.logEvent(req, 3105, authResponse.getID()); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java index 55e3e8b4..565f28fb 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java @@ -19,9 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder; -import java.security.PublicKey; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; import java.util.List; @@ -134,7 +131,14 @@ public class AuthResponseBuilder { X509Credential encryptionCredentials, IConfiguration authConfig) throws InvalidAssertionEncryptionException { try { - final String keyEncAlg = selectKeyEncryptionAlgorithm(encryptionCredentials, authConfig); + final String keyEncAlg = Saml2Utils.getKeyOperationAlgorithmFromCredential( + encryptionCredentials, + authConfig.getBasicConfiguration( + PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA), + authConfig.getBasicConfiguration( + PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, + PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC)); final DataEncryptionParameters dataEncParams = new DataEncryptionParameters(); dataEncParams.setAlgorithm(authConfig.getBasicConfiguration( @@ -164,29 +168,6 @@ public class AuthResponseBuilder { } - private static String selectKeyEncryptionAlgorithm(X509Credential encryptionCredentials, - IConfiguration authConfig) throws SamlSigningException { - final PublicKey privatekey = encryptionCredentials.getPublicKey(); - if (privatekey instanceof RSAPublicKey) { - return authConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, - PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); - - } else if (privatekey instanceof ECPublicKey) { - return authConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, - PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC); - - } else { - log.warn("Could NOT evaluate the Private-Key type from " + encryptionCredentials.getEntityId() - + " credential."); - throw new SamlSigningException("internal.pvp.97", - new Object[] { encryptionCredentials.getEntityId(), privatekey.getClass().getName() }); - - } - - } - private static X509Credential resolveEncryptionCredential(RequestAbstractType req, IPvp2MetadataProvider metadataProvider) throws InvalidAssertionEncryptionException { try { -- cgit v1.2.3