From e915685e22c7c084f7fd0c4870ff20d3f0194a91 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 31 Aug 2023 20:37:42 +0200
Subject: feat(core): refactor to openSAML 5 for Java 17

---
 .../eaaf_module_pvp2_sp/checks/spotbugs-exclude.xml     | 12 ++++++++++++
 eaaf_modules/eaaf_module_pvp2_sp/pom.xml                | 12 ++++++++++++
 .../modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java    |  5 ++---
 .../pvp2/sp/impl/utils/AssertionAttributeExtractor.java | 17 +++++------------
 4 files changed, 31 insertions(+), 15 deletions(-)
 create mode 100644 eaaf_modules/eaaf_module_pvp2_sp/checks/spotbugs-exclude.xml

(limited to 'eaaf_modules/eaaf_module_pvp2_sp')

diff --git a/eaaf_modules/eaaf_module_pvp2_sp/checks/spotbugs-exclude.xml b/eaaf_modules/eaaf_module_pvp2_sp/checks/spotbugs-exclude.xml
new file mode 100644
index 00000000..ff7f96e0
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_sp/checks/spotbugs-exclude.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter>
+    <Match>
+	  <OR>
+        <Class name="at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor" />
+      </OR>      
+      <OR>
+    	<Bug pattern="EI_EXPOSE_REP" />
+    	<Bug pattern="EI_EXPOSE_REP2" />
+      </OR>
+    </Match>    
+</FindBugsFilter>
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index ea7f29fe..90e4866f 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -52,6 +52,18 @@
   <build>
     <finalName>eaaf_module_pvp2_sp</finalName>
     
+    <plugins>      
+      <plugin>
+        <groupId>com.github.spotbugs</groupId>
+        <artifactId>spotbugs-maven-plugin</artifactId>
+        <version>${spotbugs-maven-plugin.version}</version>
+        <configuration>
+          <failOnError>true</failOnError>
+          <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile>
+        </configuration>
+      </plugin>      
+    </plugins>
+    
   </build>
   
 </project>
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
index bac90451..13a9cc7a 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
@@ -23,8 +23,6 @@ import java.security.NoSuchAlgorithmException;
 import java.time.Instant;
 import java.util.List;
 
-import javax.servlet.http.HttpServletResponse;
-
 import org.apache.commons.lang3.StringUtils;
 import org.opensaml.messaging.encoder.MessageEncodingException;
 import org.opensaml.saml.common.xml.SAMLConstants;
@@ -60,7 +58,8 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBui
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
-import net.shibboleth.utilities.java.support.security.impl.SecureRandomIdentifierGenerationStrategy;
+import jakarta.servlet.http.HttpServletResponse;
+import net.shibboleth.shared.security.impl.SecureRandomIdentifierGenerationStrategy;
 
 /**
  * PVP2 S-Profil Authentication-Request builder-implementation.
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
index 4d8c8993..71421aae 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java
@@ -316,13 +316,8 @@ public class AssertionAttributeExtractor {
    * @return Date, when the SAML2 assertion was issued, otherwise null
    */
   public Instant getAssertionIssuingDate() {
-    try {
-      return getFullAssertion().getIssueInstant();
+    return getFullAssertion() != null ? getFullAssertion().getIssueInstant() : null;
 
-    } catch (final NullPointerException e) {
-      return null;
-
-    }
   }
 
   /**
@@ -335,13 +330,11 @@ public class AssertionAttributeExtractor {
    * @return Date, after this SAML2 assertion is valid, otherwise null
    */
   public Date getAssertionNotBefore() {
-    try {
-      return Date.from(getFullAssertion().getConditions().getNotBefore());
+    return getFullAssertion() != null && getFullAssertion().getConditions() != null
+        && getFullAssertion().getConditions().getNotBefore() != null
+        ? Date.from(getFullAssertion().getConditions().getNotBefore())
+        : null;
 
-    } catch (final NullPointerException e) {
-      return null;
-
-    }
   }
 
   private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
-- 
cgit v1.2.3