From d41afe91ee59daf6b5f5037cecac52900fe2ccb2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 31 Jan 2020 20:41:54 +0100 Subject: a lot of more OpenSAML3 refactoring staff This version is also NOT stable! --- .../InvalidAssertionConsumerServiceException.java | 7 +-- .../InvalidAssertionEncryptionException.java | 5 ++- .../pvp2/idp/exception/RequestDeniedException.java | 5 ++- .../idp/exception/ResponderErrorException.java | 7 +-- .../exception/SamlRequestNotSignedException.java | 7 +-- .../idp/exception/SamlRequestNotSupported.java | 10 ++--- .../exception/UnprovideableAttributeException.java | 5 ++- .../pvp2/idp/impl/AbstractPvp2XProtocol.java | 40 ++++++++--------- .../pvp2/idp/impl/AuthenticationAction.java | 23 +++++----- .../pvp2/idp/impl/builder/AuthResponseBuilder.java | 46 +++++++++---------- .../idp/impl/builder/Pvp2AssertionBuilder.java | 52 +++++++++++----------- 11 files changed, 108 insertions(+), 99 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_idp/src') diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java index 6d868558..0003b829 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionConsumerServiceException.java @@ -20,7 +20,8 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import org.opensaml.saml2.core.StatusCode; + +import org.opensaml.saml.saml2.core.StatusCode; public class InvalidAssertionConsumerServiceException extends Pvp2Exception { @@ -28,7 +29,7 @@ public class InvalidAssertionConsumerServiceException extends Pvp2Exception { public InvalidAssertionConsumerServiceException(final int idx) { super("pvp2.28", new Object[] {idx}); - this.statusCodeValue = StatusCode.REQUESTER_URI; + this.statusCodeValue = StatusCode.REQUESTER; } /** @@ -38,7 +39,7 @@ public class InvalidAssertionConsumerServiceException extends Pvp2Exception { */ public InvalidAssertionConsumerServiceException(final String wrongUrl) { super("pvp2.23", new Object[] {wrongUrl}); - this.statusCodeValue = StatusCode.REQUESTER_URI; + this.statusCodeValue = StatusCode.REQUESTER; } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java index 0d75616a..89179ff6 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/InvalidAssertionEncryptionException.java @@ -20,7 +20,8 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import org.opensaml.saml2.core.StatusCode; + +import org.opensaml.saml.saml2.core.StatusCode; public class InvalidAssertionEncryptionException extends Pvp2Exception { @@ -28,7 +29,7 @@ public class InvalidAssertionEncryptionException extends Pvp2Exception { public InvalidAssertionEncryptionException() { super("pvp2.16", new Object[] {}); - this.statusCodeValue = StatusCode.RESPONDER_URI; + this.statusCodeValue = StatusCode.RESPONDER; } } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java index ecceea12..cf4ac8d1 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/RequestDeniedException.java @@ -20,7 +20,8 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import org.opensaml.saml2.core.StatusCode; + +import org.opensaml.saml.saml2.core.StatusCode; public class RequestDeniedException extends Pvp2Exception { @@ -28,7 +29,7 @@ public class RequestDeniedException extends Pvp2Exception { public RequestDeniedException() { super("pvp2.14", null); - this.statusCodeValue = StatusCode.REQUEST_DENIED_URI; + this.statusCodeValue = StatusCode.REQUEST_DENIED; } } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java index 331e11cd..e6cdf8f1 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/ResponderErrorException.java @@ -20,7 +20,8 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import org.opensaml.saml2.core.StatusCode; + +import org.opensaml.saml.saml2.core.StatusCode; public class ResponderErrorException extends Pvp2Exception { @@ -29,11 +30,11 @@ public class ResponderErrorException extends Pvp2Exception { public ResponderErrorException(final String messageId, final Object[] parameters, final Throwable wrapped) { super(messageId, parameters, wrapped); - this.statusCodeValue = StatusCode.RESPONDER_URI; + this.statusCodeValue = StatusCode.RESPONDER; } public ResponderErrorException(final String messageId, final Object[] parameters) { super(messageId, parameters); - this.statusCodeValue = StatusCode.RESPONDER_URI; + this.statusCodeValue = StatusCode.RESPONDER; } } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java index 4650506d..c02e534c 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSignedException.java @@ -20,7 +20,8 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import org.opensaml.saml2.core.StatusCode; + +import org.opensaml.saml.saml2.core.StatusCode; public class SamlRequestNotSignedException extends Pvp2Exception { @@ -28,12 +29,12 @@ public class SamlRequestNotSignedException extends Pvp2Exception { public SamlRequestNotSignedException() { super("pvp2.07", null); - this.statusCodeValue = StatusCode.REQUESTER_URI; + this.statusCodeValue = StatusCode.REQUESTER; } public SamlRequestNotSignedException(final Throwable e) { super("pvp2.07", null, e); - this.statusCodeValue = StatusCode.REQUESTER_URI; + this.statusCodeValue = StatusCode.REQUESTER; } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java index 58a493b9..b0dcdb2e 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/SamlRequestNotSupported.java @@ -11,7 +11,7 @@ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. - * + * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. @@ -19,18 +19,18 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.exception; -import org.opensaml.saml2.core.StatusCode; - import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import org.opensaml.saml.saml2.core.StatusCode; + public class SamlRequestNotSupported extends Pvp2Exception { private static final long serialVersionUID = 1244883178458802767L; - + public SamlRequestNotSupported() { super("pvp2.09", null); - this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI; + this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED; } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java index 41252b78..0f84b8fb 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/exception/UnprovideableAttributeException.java @@ -20,7 +20,8 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import org.opensaml.saml2.core.StatusCode; + +import org.opensaml.saml.saml2.core.StatusCode; public class UnprovideableAttributeException extends Pvp2Exception { @@ -28,6 +29,6 @@ public class UnprovideableAttributeException extends Pvp2Exception { public UnprovideableAttributeException(final String attributeName) { super("pvp2.10", new Object[] {attributeName}); - this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI; + this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE; } } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index f8a39b61..f86fd883 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -39,7 +39,8 @@ import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.modules.pvp2.PvpEventConstants; import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor; import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPvpRequestException; import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException; @@ -60,20 +61,19 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.Issuer; -import org.opensaml.saml2.core.NameIDType; -import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.core.Status; -import org.opensaml.saml2.core.StatusCode; -import org.opensaml.saml2.core.StatusMessage; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.core.Status; +import org.opensaml.saml.saml2.core.StatusCode; +import org.opensaml.saml.saml2.core.StatusMessage; +import org.opensaml.saml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; import org.opensaml.ws.security.SecurityPolicyException; -import org.opensaml.xml.security.x509.X509Credential; -import org.opensaml.xml.signature.SignableXMLObject; +import org.opensaml.xmlsec.signature.SignableXMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -84,7 +84,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement @Autowired(required = true) protected IPvp2BasicConfiguration pvpBasicConfiguration; @Autowired(required = true) - protected IPvpMetadataProvider metadataProvider; + protected IPvp2MetadataProvider metadataProvider; @Autowired(required = true) protected SamlVerificationEngine samlVerificationEngine; @Autowired(required = false) @@ -125,11 +125,11 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement String moaError = null; if (e instanceof NoPassivAuthenticationException) { - statusCode.setValue(StatusCode.NO_PASSIVE_URI); + statusCode.setValue(StatusCode.NO_PASSIVE); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); } else if (e instanceof NameIdFormatNotSupportedException) { - statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI); + statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); } else if (e instanceof SloException) { @@ -146,7 +146,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement moaError = statusMessager.mapInternalErrorToExternalError(ex.getErrorId()); } else { - statusCode.setValue(StatusCode.RESPONDER_URI); + statusCode.setValue(StatusCode.RESPONDER); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); moaError = statusMessager.getResponseErrorCode(e); } @@ -194,9 +194,9 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement relayState = pvpRequest.getRequest().getRelayState(); } - final X509Credential signCred = pvpIdpCredentials.getIdpAssertionSigningCredential(); + final EaafX509Credential signCred = pvpIdpCredentials.getIdpAssertionSigningCredential(); - encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerUrl(), relayState, + encoder.encodeResponse(request, response, samlResponse, pvpRequest.getConsumerUrl(), relayState, signCred, protocolRequest); return true; } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index d4981cd6..74224dbe 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -22,6 +22,7 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl; import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -32,7 +33,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.data.SloInformationImpl; import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException; import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException; import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder; @@ -42,15 +43,15 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + import org.joda.time.DateTime; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.xml.security.SecurityException; +import org.opensaml.messaging.encoder.MessageEncodingException; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.core.Assertion; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -65,7 +66,7 @@ public class AuthenticationAction implements IAction { "protocols.pvp2.assertion.encryption.active"; @Autowired(required = true) - private IPvpMetadataProvider metadataProvider; + private IPvp2MetadataProvider metadataProvider; @Autowired(required = true) ApplicationContext springContext; @Autowired(required = true) @@ -131,7 +132,7 @@ public class AuthenticationAction implements IAction { throw new BindingNotSupportedException(consumerService.getBinding()); } - binding.encodeRespone(httpReq, httpResp, authResponse, consumerService.getLocation(), + binding.encodeResponse(httpReq, httpResp, authResponse, consumerService.getLocation(), moaRequest.getRelayState(), pvpIdpCredentials.getIdpAssertionSigningCredential(), req); revisionsLogger.logEvent(req, 3105, authResponse.getID()); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java index bf51ac0f..ac551612 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/AuthResponseBuilder.java @@ -21,36 +21,36 @@ package at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder; import java.util.ArrayList; import java.util.List; + import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + import org.joda.time.DateTime; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.EncryptedAssertion; -import org.opensaml.saml2.core.Issuer; -import org.opensaml.saml2.core.NameIDType; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.encryption.Encrypter; -import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; -import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.core.criterion.EntityIdCriterion; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.core.Assertion; +import org.opensaml.saml.saml2.core.EncryptedAssertion; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.core.RequestAbstractType; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.encryption.Encrypter.KeyPlacement; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml.security.impl.MetadataCredentialResolver; import org.opensaml.saml2.metadata.provider.MetadataProvider; -import org.opensaml.security.MetadataCredentialResolver; import org.opensaml.security.MetadataCriteria; -import org.opensaml.xml.encryption.EncryptionException; -import org.opensaml.xml.encryption.EncryptionParameters; -import org.opensaml.xml.encryption.KeyEncryptionParameters; -import org.opensaml.xml.security.CriteriaSet; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.criteria.EntityIDCriteria; -import org.opensaml.xml.security.criteria.UsageCriteria; -import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; -import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.security.credential.UsageType; +import org.opensaml.security.criteria.UsageCriterion; +import org.opensaml.security.x509.X509Credential; +import org.opensaml.xmlsec.EncryptionParameters; +import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters; +import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import net.shibboleth.utilities.java.support.resolver.CriteriaSet; + /** * Authentication response builder. * @@ -101,10 +101,10 @@ public class AuthResponseBuilder { new MetadataCredentialResolver(metadataProvider); final CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add(new EntityIDCriteria(req.getIssuer().getValue())); + criteriaSet.add(new EntityIdCriterion(req.getIssuer().getValue())); criteriaSet .add(new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); - criteriaSet.add(new UsageCriteria(UsageType.ENCRYPTION)); + criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION)); X509Credential encryptionCredentials = null; try { diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java index f57f9db0..922e7efe 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java @@ -23,6 +23,7 @@ import java.security.MessageDigest; import java.util.ArrayList; import java.util.Iterator; import java.util.List; + import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -42,33 +43,34 @@ import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.QaaLevelVerifier; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.AttributeQuery; -import org.opensaml.saml2.core.AttributeStatement; -import org.opensaml.saml2.core.Audience; -import org.opensaml.saml2.core.AudienceRestriction; -import org.opensaml.saml2.core.AuthnContext; -import org.opensaml.saml2.core.AuthnContextClassRef; -import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.AuthnStatement; -import org.opensaml.saml2.core.Conditions; -import org.opensaml.saml2.core.Issuer; -import org.opensaml.saml2.core.NameID; -import org.opensaml.saml2.core.NameIDType; -import org.opensaml.saml2.core.RequestedAuthnContext; -import org.opensaml.saml2.core.Subject; -import org.opensaml.saml2.core.SubjectConfirmation; -import org.opensaml.saml2.core.SubjectConfirmationData; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.AttributeConsumingService; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.NameIDFormat; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.core.Assertion; +import org.opensaml.saml.saml2.core.Attribute; +import org.opensaml.saml.saml2.core.AttributeQuery; +import org.opensaml.saml.saml2.core.AttributeStatement; +import org.opensaml.saml.saml2.core.Audience; +import org.opensaml.saml.saml2.core.AudienceRestriction; +import org.opensaml.saml.saml2.core.AuthnContext; +import org.opensaml.saml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.opensaml.saml.saml2.core.AuthnStatement; +import org.opensaml.saml.saml2.core.Conditions; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.NameID; +import org.opensaml.saml.saml2.core.NameIDType; +import org.opensaml.saml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml.saml2.core.Subject; +import org.opensaml.saml.saml2.core.SubjectConfirmation; +import org.opensaml.saml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml.saml2.metadata.NameIDFormat; +import org.opensaml.saml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -- cgit v1.2.3