Metadata generation for IDP

1 files changed, 184 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
new file mode 100644
index 000000000..75fc6197f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -0,0 +1,184 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.metadata.ArtifactResolutionService;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory.BasicKeyInfoGenerator;
+import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.Signer;
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+
+public class MetadataAction implements IAction {
+
+	public void processRequest(IRequest req, HttpServletRequest httpReq,
+			HttpServletResponse httpResp) throws MOAIDException {
+		try {
+
+			EntityDescriptor idpEntityDescriptor = SAML2Utils
+					.createSAMLObject(EntityDescriptor.class);
+
+			idpEntityDescriptor.setEntityID("https://localhost:8443/moa-id-auth");
+			
+			List<ContactPerson> persons = PVPConfiguration.getInstance().getIDPContacts();
+			
+			idpEntityDescriptor.getContactPersons().addAll(persons);
+
+			idpEntityDescriptor.setOrganization(PVPConfiguration.getInstance().getIDPOrganisation());
+			
+			BasicKeyInfoGeneratorFactory keyInfoFactory = new BasicKeyInfoGeneratorFactory();
+			keyInfoFactory.setEmitPublicKeyValue(true);
+			keyInfoFactory.setEmitEntityIDAsKeyName(true);
+			KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
+			
+			Credential credential = CredentialProvider
+					.getIDPSigningCredential();
+			
+			KeyDescriptor signKeyDescriptor = SAML2Utils
+					.createSAMLObject(KeyDescriptor.class);
+			signKeyDescriptor.setUse(UsageType.SIGNING);
+			signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(credential));
+
+			Signature signature = CredentialProvider
+					.getIDPSignature(credential);
+
+			idpEntityDescriptor.setSignature(signature);
+
+			IDPSSODescriptor idpSSODescriptor = SAML2Utils.createSAMLObject(IDPSSODescriptor.class);
+			
+			idpSSODescriptor.setWantAuthnRequestsSigned(true);
+			
+			SingleSignOnService postSingleSignOnService = 
+					SAML2Utils.createSAMLObject(SingleSignOnService.class);
+			
+			postSingleSignOnService.setLocation("https://enter.post.url");
+			postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+			
+			idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
+			
+			SingleSignOnService redirectSingleSignOnService = 
+					SAML2Utils.createSAMLObject(SingleSignOnService.class);
+			
+			redirectSingleSignOnService.setLocation("https://enter.redirect.url");
+			redirectSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+			
+			ArtifactResolutionService artifactResolutionService = SAML2Utils.createSAMLObject(
+					ArtifactResolutionService.class);
+			
+			artifactResolutionService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+			artifactResolutionService.setLocation("https://enter.soap.url");
+			
+			idpSSODescriptor.getArtifactResolutionServices().add(artifactResolutionService);
+			
+			idpSSODescriptor.getSingleSignOnServices().add(redirectSingleSignOnService);
+			
+			idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+			
+			idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor);
+			
+			DocumentBuilder builder;
+			DocumentBuilderFactory factory = DocumentBuilderFactory
+					.newInstance();
+
+			builder = factory.newDocumentBuilder();
+			Document document = builder.newDocument();
+			Marshaller out = Configuration.getMarshallerFactory()
+					.getMarshaller(idpEntityDescriptor);
+			out.marshall(idpEntityDescriptor, document);
+
+			Signer.signObject(signature);
+
+			Transformer transformer = TransformerFactory.newInstance()
+					.newTransformer();
+
+			StringWriter sw = new StringWriter();
+			StreamResult sr = new StreamResult(sw);
+			DOMSource source = new DOMSource(document);
+			transformer.transform(source, sr);
+			sw.close();
+
+			String metadataXML = sw.toString();
+
+			System.out.println("METADATA: " + metadataXML);
+
+			httpResp.setContentType("text/xml");
+			httpResp.getOutputStream().write(metadataXML.getBytes());
+
+			httpResp.getOutputStream().close();
+
+		} catch (CredentialsNotAvailableException e) {
+			e.printStackTrace();
+		} catch (SecurityException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (ParserConfigurationException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (MarshallingException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (SignatureException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (TransformerConfigurationException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (TransformerFactoryConfigurationError e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (IOException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (TransformerException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+	}
+
+	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+			HttpServletResponse httpResp) {
+		return false;
+	}
+
+	public String getDefaultActionName() {
+		return (PVP2XProtocol.METADATA);
+	}
+
+}