From 0e60708e5915eb858d5931c45f807329bd365c11 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Sun, 9 Jan 2022 21:30:56 +0100 Subject: chore(SAML2): update implementation to remove usage of deprecated openSAML4.x API --- .../metadata/IPvpMetadataBuilderConfiguration.java | 8 ++++---- .../pvp2/impl/builder/PvpMetadataBuilder.java | 4 ++-- .../impl/verification/SamlVerificationEngine.java | 4 ++-- .../modules/pvp2/test/CredentialProviderTest.java | 22 +++++++++++----------- .../pvp2/idp/impl/AbstractPvp2XProtocol.java | 10 +++++----- .../idp/impl/builder/Pvp2AssertionBuilder.java | 18 +++++++++--------- .../pvp2/sp/impl/PvpAuthnRequestBuilder.java | 4 ++-- .../sp/impl/utils/AssertionAttributeExtractor.java | 4 ++-- 8 files changed, 37 insertions(+), 37 deletions(-) (limited to 'eaaf_modules') diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java index 3d9125fe..6e718385 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvpMetadataBuilderConfiguration.java @@ -22,15 +22,15 @@ package at.gv.egiz.eaaf.modules.pvp2.api.metadata; import java.util.Collection; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; - import org.opensaml.saml.saml2.core.Attribute; import org.opensaml.saml.saml2.metadata.ContactPerson; import org.opensaml.saml.saml2.metadata.Organization; import org.opensaml.saml.saml2.metadata.RequestedAttribute; import org.opensaml.security.credential.Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; + /** * PVP Metadata builder configuration. * @@ -43,7 +43,7 @@ public interface IPvpMetadataBuilderConfiguration { * Defines a unique name for this PVP Service-provider, which is used for * logging. * - * @return + * @return Name of this SAML2 SP */ String getSpNameForLogging(); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java index 05a7360b..da3db0a8 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpMetadataBuilder.java @@ -237,7 +237,7 @@ public class PvpMetadataBuilder { } else { for (final String format : config.getSpAllowedNameIdTypes()) { final NameIDFormat nameIdFormat = Saml2Utils.createSamlObject(NameIDFormat.class); - nameIdFormat.setFormat(format); + nameIdFormat.setURI(format); spSsoDescriptor.getNameIDFormats().add(nameIdFormat); } @@ -424,7 +424,7 @@ public class PvpMetadataBuilder { // set providable nameID formats for (final String format : config.getIdpPossibleNameIdTypes()) { final NameIDFormat nameIdFormat = Saml2Utils.createSamlObject(NameIDFormat.class); - nameIdFormat.setFormat(format); + nameIdFormat.setURI(format); idpSsoDescriptor.getNameIDFormats().add(nameIdFormat); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java index 2257eba9..60800eb2 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java @@ -325,7 +325,7 @@ public class SamlVerificationEngine { } else { for (final AudienceRestriction el : audienceRest) { for (final Audience audience : el.getAudiences()) { - if (!urlCompare(spEntityId, audience.getAudienceURI())) { + if (!urlCompare(spEntityId, audience.getURI())) { log.info("Assertion with ID:{} 'AudienceRestriction' is not valid.", saml2assertion.getID()); isAssertionValid = false; @@ -520,7 +520,7 @@ public class SamlVerificationEngine { samlResp.getIssuer().getValue(), samlResp.getStatus().getStatusCode().getValue(), samlResp.getStatus().getStatusMessage() != null - ? samlResp.getStatus().getStatusMessage().getMessage() + ? samlResp.getStatus().getStatusMessage().getValue() : " no status message" }); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java index c784e392..b44d70e3 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java @@ -3,16 +3,6 @@ package at.gv.egiz.eaaf.modules.pvp2.test; import java.security.cert.X509Certificate; import java.util.List; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; - import org.apache.commons.lang3.RandomStringUtils; import org.apache.xml.security.algorithms.JCEMapper; import org.junit.Assert; @@ -26,13 +16,23 @@ import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; + @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_core_map_config.beans.xml", "/spring/SpringTest-context_lazy.xml", "/spring/eaaf_utils.beans.xml" - }) + }) public class CredentialProviderTest { private static final String HSM_FACASE_HOST = "eid.a-sit.at"; diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index 63c8c99a..a2611165 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -134,11 +134,11 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement if (e instanceof NoPassivAuthenticationException) { statusCode.setValue(StatusCode.NO_PASSIVE); - statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage())); + statusMessage.setValue(StringEscapeUtils.escapeXml11(e.getLocalizedMessage())); } else if (e instanceof NameIdFormatNotSupportedException) { statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY); - statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage())); + statusMessage.setValue(StringEscapeUtils.escapeXml11(e.getLocalizedMessage())); } else if (e instanceof SloException) { // SLOExecpetions only occurs if session information is lost @@ -149,7 +149,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement statusCode.setValue(ex.getStatusCodeValue()); final String statusMessageValue = ex.getStatusMessageValue(); if (statusMessageValue != null) { - statusMessage.setMessage(StringEscapeUtils.escapeXml11(statusMessageValue)); + statusMessage.setValue(StringEscapeUtils.escapeXml11(statusMessageValue)); } @@ -157,7 +157,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement } else { statusCode.setValue(StatusCode.RESPONDER); - statusMessage.setMessage(StringEscapeUtils.escapeXml11(e.getLocalizedMessage())); + statusMessage.setValue(StringEscapeUtils.escapeXml11(e.getLocalizedMessage())); internalErrorCode = statusMessager.getResponseErrorCode(e); } @@ -172,7 +172,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement } //set status-message if availabe - if (statusMessage.getMessage() != null) { + if (statusMessage.getValue() != null) { status.setStatusMessage(statusMessage); } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java index 21912592..88ff2206 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java @@ -107,7 +107,7 @@ public class Pvp2AssertionBuilder implements PvpConstants { final AuthnContextClassRef authnContextClassRef = Saml2Utils.createSamlObject(AuthnContextClassRef.class); - authnContextClassRef.setAuthnContextClassRef(qaaLevel); + authnContextClassRef.setURI(qaaLevel); final NameID subjectNameID = Saml2Utils.createSamlObject(NameID.class); subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat()); @@ -151,7 +151,7 @@ public class Pvp2AssertionBuilder implements PvpConstants { // check if authn. request contains LoA final RequestedAuthnContext reqAuthnContext = authnRequest.getRequestedAuthnContext(); if (reqAuthnContext == null) { - authnContextClassRef.setAuthnContextClassRef(authData.getEidasQaaLevel()); + authnContextClassRef.setURI(authData.getEidasQaaLevel()); } else { // authn. request requests LoA levels. To LoA validation @@ -169,12 +169,12 @@ public class Pvp2AssertionBuilder implements PvpConstants { if (reqAuthnContextClassRefIt.size() == 0) { QaaLevelVerifier.verifyQaaLevel(authData.getEidasQaaLevel(), oaParam.getRequiredLoA(), loaMatchingMode); - authnContextClassRef.setAuthnContextClassRef(authData.getEidasQaaLevel()); + authnContextClassRef.setURI(authData.getEidasQaaLevel()); } else { final List eidasLoaFromRequest = new ArrayList<>(); for (final AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { - final String qaa_uri = authnClassRef.getAuthnContextClassRef(); + final String qaa_uri = authnClassRef.getURI(); if (!qaa_uri.trim().startsWith(EaafConstants.EIDAS_LOA_PREFIX)) { if (loaLevelMapper != null) { @@ -202,7 +202,7 @@ public class Pvp2AssertionBuilder implements PvpConstants { // verifiy LoAs from request to authentication LoA QaaLevelVerifier.verifyQaaLevel(authData.getEidasQaaLevel(), eidasLoaFromRequest, loaMatchingMode); - authnContextClassRef.setAuthnContextClassRef(authData.getEidasQaaLevel()); + authnContextClassRef.setURI(authData.getEidasQaaLevel()); } } @@ -309,12 +309,12 @@ public class Pvp2AssertionBuilder implements PvpConstants { if (metadataNameIdFormats != null) { for (final NameIDFormat el : metadataNameIdFormats) { - if (NameIDType.PERSISTENT.equals(el.getFormat())) { + if (NameIDType.PERSISTENT.equals(el.getURI())) { nameIdFormat = NameIDType.PERSISTENT; break; - } else if (NameIDType.TRANSIENT.equals(el.getFormat()) - || NameIDType.UNSPECIFIED.equals(el.getFormat())) { + } else if (NameIDType.TRANSIENT.equals(el.getURI()) + || NameIDType.UNSPECIFIED.equals(el.getURI())) { break; } @@ -442,7 +442,7 @@ public class Pvp2AssertionBuilder implements PvpConstants { Saml2Utils.createSamlObject(AudienceRestriction.class); final Audience audience = Saml2Utils.createSamlObject(Audience.class); - audience.setAudienceURI(entityID); + audience.setURI(entityID); audienceRestriction.getAudiences().add(audience); conditions.setNotBefore(date); conditions.setNotOnOrAfter(isValidTo); diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java index c48a0fd4..bac90451 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java @@ -185,7 +185,7 @@ public class PvpAuthnRequestBuilder { final AuthnContextClassRef authnClassRef = Saml2Utils.createSamlObject(AuthnContextClassRef.class); - authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRef()); + authnClassRef.setURI(config.getAuthnContextClassRef()); if (config.getAuthnContextComparison() == null) { reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); @@ -244,7 +244,7 @@ public class PvpAuthnRequestBuilder { if (StringUtils.isNotEmpty(config.getScopeRequesterId())) { final Scoping scope = Saml2Utils.createSamlObject(Scoping.class); final RequesterID requesterId = Saml2Utils.createSamlObject(RequesterID.class); - requesterId.setRequesterID(config.getScopeRequesterId()); + requesterId.setURI(config.getScopeRequesterId()); scope.getRequesterIDs().add(requesterId); authReq.setScoping(scope); diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java index d59012a5..f87096fb 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java @@ -265,8 +265,8 @@ public class AssertionAttributeExtractor { && authn.getAuthnContext().getAuthnContextClassRef() != null) { final AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef(); - if (StringUtils.isNotEmpty(qaaClass.getAuthnContextClassRef())) { - return qaaClass.getAuthnContextClassRef(); + if (StringUtils.isNotEmpty(qaaClass.getURI())) { + return qaaClass.getURI(); } else { throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)"); } -- cgit v1.2.3