From d36b616fb95f5ce3e425ca367447bab9bd91618a Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 10 Jan 2022 16:55:19 +0100 Subject: refactor(SAML2): change SAML2 implementation to openSAML4.x API --- .../auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java | 2 +- .../auth/idaustria/tasks/RequestIdAustriaSystemTask.java | 2 +- .../controller/IdAustriaAuthMetadataControllerFirstTest.java | 11 +++++++---- .../idaustria/test/task/ReceiveAuthnResponseTaskTest.java | 6 +++--- .../idaustria/test/task/RequestIdAustriaSystemTaskTest.java | 6 ++++++ .../test/utils/IdAustriaAuthMetadataProviderFirstTest.java | 5 +++-- .../test/protocol/EidasProxyServiceControllerTest.java | 2 +- 7 files changed, 22 insertions(+), 12 deletions(-) diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java index f044c259..bd735a9d 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java @@ -368,7 +368,7 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask { new Object[] { IdAustriaAuthConstants.MODULE_NAME_FOR_LOGGING, samlResp.getIssuer().getValue(), samlResp.getStatus().getStatusCode().getValue(), - samlResp.getStatus().getStatusMessage().getMessage() }); + samlResp.getStatus().getStatusMessage().getValue() }); } diff --git a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java index 282b452b..797e4063 100644 --- a/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java +++ b/eidas_modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java @@ -38,7 +38,7 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.resolver.ResolverException; -import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy; +import net.shibboleth.utilities.java.support.security.impl.SecureRandomIdentifierGenerationStrategy; /** * eIDAS Authentication task that generates PVP2 S-Profile request to central diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java index d2a2556b..b8d8bd83 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java @@ -18,6 +18,7 @@ import org.opensaml.core.xml.io.UnmarshallingException; import org.opensaml.core.xml.util.XMLObjectSupport; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.metadata.resolver.filter.FilterException; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilterContext; import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.opensaml.saml.saml2.metadata.SPSSODescriptor; import org.opensaml.security.x509.BasicX509Credential; @@ -137,15 +138,17 @@ public class IdAustriaAuthMetadataControllerFirstTest { "http://localhost/authhandler" + IdAustriaAuthConstants.ENDPOINT_METADATA, metadata.getEntityID()); + MetadataFilterContext filterContext = new MetadataFilterContext(); + //check XML scheme final SchemaValidationFilter schemaFilter = new SchemaValidationFilter(); - schemaFilter.filter(metadata); + schemaFilter.filter(metadata, filterContext); //check signature final SimpleMetadataSignatureVerificationFilter sigFilter = new SimpleMetadataSignatureVerificationFilter(credProvider.getKeyStore().getFirst(), metadata.getEntityID()); - sigFilter.filter(metadata); + sigFilter.filter(metadata, filterContext); //check content final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -163,12 +166,12 @@ public class IdAustriaAuthMetadataControllerFirstTest { Assert.assertFalse("NameIDFormats", spSsoDesc.getNameIDFormats().isEmpty()); Assert.assertEquals("wrong NameIDFormats", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - spSsoDesc.getNameIDFormats().get(0).getFormat()); + spSsoDesc.getNameIDFormats().get(0).getURI()); Assert.assertFalse("AttributeConsumingServices", spSsoDesc.getAttributeConsumingServices().isEmpty()); Assert.assertEquals("#RequestAttributes", numberOfRequestedAttributes, - spSsoDesc.getAttributeConsumingServices().get(0).getRequestAttributes().size()); + spSsoDesc.getAttributeConsumingServices().get(0).getRequestedAttributes().size()); } diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java index b3a5130f..25525c0d 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java @@ -6,6 +6,7 @@ import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import java.io.IOException; +import java.time.Instant; import java.util.Arrays; import java.util.Base64; import java.util.HashMap; @@ -15,7 +16,6 @@ import javax.xml.transform.TransformerException; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; -import org.joda.time.DateTime; import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; @@ -777,13 +777,13 @@ public class ReceiveAuthnResponseTaskTest { final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), ReceiveAuthnResponseTaskTest.class.getResourceAsStream(responsePath)); - response.setIssueInstant(DateTime.now()); + response.setIssueInstant(Instant.now()); final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); issuer.setValue(idpEntityId); response.setIssuer(issuer); if (validConditions) { - response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5)); + response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plusSeconds(5*60)); } diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java index 92aece46..abdc7462 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java @@ -444,6 +444,12 @@ public class RequestIdAustriaSystemTaskTest { return null; } + + @Override + public boolean isWriteAsynch() { + return false; + + } }; } } diff --git a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderFirstTest.java b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderFirstTest.java index fa0d95a6..ef1b7cf1 100644 --- a/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderFirstTest.java +++ b/eidas_modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderFirstTest.java @@ -1,9 +1,10 @@ package at.asitplus.eidas.specific.modules.auth.idaustria.test.utils; import java.io.IOException; +import java.time.Instant; +import java.time.temporal.ChronoUnit; import org.apache.commons.lang3.RandomStringUtils; -import org.joda.time.DateTime; import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; @@ -213,7 +214,7 @@ public class IdAustriaAuthMetadataProviderFirstTest { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), IdAustriaAuthMetadataProviderFirstTest.class.getResourceAsStream("/data/idp_metadata_no_sig.xml")); - metadata.setValidUntil(DateTime.now().plusDays(1)); + metadata.setValidUntil(Instant.now().plus(1, ChronoUnit.DAYS)); metadata.setSignature(null); metadata.setEntityID(dynEntityId); Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); diff --git a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java index bea8db98..d3a4881d 100644 --- a/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java +++ b/eidas_modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java @@ -140,7 +140,7 @@ public class EidasProxyServiceControllerTest { assertTrue("wrong redirect URL", httpResp.getHeader("Location").startsWith("http://eidas.proxy/endpoint?token=")); String token = httpResp.getHeader("Location").substring("http://eidas.proxy/endpoint?token=".length()); - ILightResponse resp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(URLDecoder.decode(token), + ILightResponse resp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(URLDecoder.decode(token, "UTF-8"), ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); assertNotNull("responseId", resp.getId()); -- cgit v1.2.3