refactor PVP protocol implementation to resuse code in other modules

2 files changed, 505 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
new file mode 100644
index 000000000..e0994ff19
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
@@ -0,0 +1,288 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfiguration {
+
+	private static final int VALIDUNTIL_IN_HOURS = 24;
+	
+	private String authURL;
+	private IDPCredentialProvider credentialProvider;
+	
+	public IDPPVPMetadataConfiguration(String authURL, IDPCredentialProvider credentialProvider) {
+		this.authURL = authURL;
+		this.credentialProvider = credentialProvider;
+				
+	}
+	
+	public String getDefaultActionName() {
+		return (PVP2XProtocol.METADATA);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil()
+	 */
+	@Override
+	public int getMetadataValidUntil() {
+		return VALIDUNTIL_IN_HOURS;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement()
+	 */
+	@Override
+	public boolean buildEntitiesDescriptorAsRootElement() {
+		return true;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor()
+	 */
+	@Override
+	public boolean buildIDPSSODescriptor() {
+		return true;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor()
+	 */
+	@Override
+	public boolean buildSPSSODescriptor() {
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityID()
+	 */
+	@Override
+	public String getEntityID() {
+		return authURL;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName()
+	 */
+	@Override
+	public String getEntityFriendlyName() {
+		try {
+			return PVPConfiguration.getInstance().getIDPIssuerName();
+			
+		} catch (ConfigurationException e) {
+			Logger.error("Can not load Metadata entry: EntityID friendlyName.", e);
+			return null;
+			
+		}
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation()
+	 */
+	@Override
+	public List<ContactPerson> getContactPersonInformation() {
+		try {
+			return PVPConfiguration.getInstance().getIDPContacts();
+			
+		} catch (ConfigurationException e) {
+			Logger.warn("Can not load Metadata entry: Contect Person", e);
+			return null;
+			
+		}
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation()
+	 */
+	@Override
+	public Organization getOrgansiationInformation() {
+		try {
+			return PVPConfiguration.getInstance().getIDPOrganisation();
+			
+		} catch (ConfigurationException e) {
+			Logger.warn("Can not load Metadata entry: Organisation", e);
+			return null;
+			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials()
+	 */
+	@Override
+	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPMetaDataSigningCredential();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials()
+	 */
+	@Override
+	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPAssertionSigningCredential();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials()
+	 */
+	@Override
+	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPAssertionEncryptionCredential();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL()
+	 */
+	@Override
+	public String getIDPWebSSOPostBindingURL() {
+		return authURL + PVPConfiguration.PVP2_IDP_POST;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL()
+	 */
+	@Override
+	public String getIDPWebSSORedirectBindingURL() {
+		return authURL + PVPConfiguration.PVP2_IDP_REDIRECT;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL()
+	 */
+	@Override
+	public String getIDPSLOPostBindingURL() {
+		return authURL + PVPConfiguration.PVP2_IDP_POST;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL()
+	 */
+	@Override
+	public String getIDPSLORedirectBindingURL() {
+		return authURL + PVPConfiguration.PVP2_IDP_REDIRECT;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL()
+	 */
+	@Override
+	public String getSPAssertionConsumerServicePostBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL()
+	 */
+	@Override
+	public String getSPAssertionConsumerServiceRedirectBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL()
+	 */
+	@Override
+	public String getSPSLOPostBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL()
+	 */
+	@Override
+	public String getSPSLORedirectBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL()
+	 */
+	@Override
+	public String getSPSLOSOAPBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes()
+	 */
+	@Override
+	public List<Attribute> getIDPPossibleAttributes() {
+		return PVPAttributeBuilder.buildSupportedEmptyAttributes();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes()
+	 */
+	@Override
+	public List<String> getIDPPossibleNameITTypes() {
+		return Arrays.asList(NameIDType.PERSISTENT, 
+							 NameIDType.TRANSIENT,
+							 NameIDType.UNSPECIFIED);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes()
+	 */
+	@Override
+	public List<RequestedAttribute> getSPRequiredAttributes() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes()
+	 */
+	@Override
+	public List<String> getSPAllowedNameITTypes() {
+		return null;
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
new file mode 100644
index 000000000..52096fd19
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
@@ -0,0 +1,217 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IPVPMetadataBuilderConfiguration {
+
+	
+	/**
+	 * Set metadata valid area
+	 * 
+	 * @return valid until in hours [h]
+	 */
+	public int getMetadataValidUntil();
+	
+	/**
+	 * Build a SAML2 Entities element as metadata root element
+	 * 
+	 * @return true, if the metadata should start with entities element 
+	 */
+	public boolean buildEntitiesDescriptorAsRootElement();
+	
+	/**
+	 * 
+	 * 
+	 * @return true, if an IDP SSO-descriptor element should be generated 
+	 */
+	public boolean buildIDPSSODescriptor();
+	
+	/**
+	 * 
+	 * 
+	 * @return true, if an SP SSO-descriptor element should be generated 
+	 */
+	public boolean buildSPSSODescriptor();
+	
+	/**
+	 * Set the PVP entityID for this SAML2 metadata.
+	 * The entityID must be an URL and must be start with the public-URL prefix of the server
+	 * 
+	 * @return PVP entityID postfix as String
+	 */
+	public String getEntityID();
+	
+	/**
+	 * Set a friendlyName for this PVP entity
+	 * 
+	 * @return 
+	 */
+	public String getEntityFriendlyName();
+	
+	/**
+	 * Set the contact information for this metadata entity
+	 * 
+	 * @return
+	 */
+	public List<ContactPerson> getContactPersonInformation();
+	
+	/**
+	 * Set organisation information for this metadata entity
+	 * 
+	 * @return
+	 */
+	public Organization getOrgansiationInformation();
+	
+
+	/**
+	 * Set the credential for metadata signing
+	 * 
+	 * @return
+	 * @throws CredentialsNotAvailableException 
+	 */
+	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
+	
+	/**
+	 * Set the credential for request/response signing
+	 * IDP metadata: this credential is used for SAML2 response signing
+	 * SP metadata: this credential is used for SAML2 response signing
+	 * 
+	 * @return
+	 * @throws CredentialsNotAvailableException 
+	 */
+	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException;
+	
+	/**
+	 * Set the credential for response encryption
+	 * 
+	 * @return
+	 * @throws CredentialsNotAvailableException 
+	 */
+	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
+	
+	/**
+	 * Set the IDP Post-Binding URL for WebSSO 
+	 * 
+	 * @return
+	 */
+	public String getIDPWebSSOPostBindingURL();
+	
+	/**
+	 * Set the IDP Redirect-Binding URL for WebSSO 
+	 * 
+	 * @return
+	 */
+	public String getIDPWebSSORedirectBindingURL();
+	
+	/**
+	 * Set the IDP Post-Binding URL for Single LogOut 
+	 * 
+	 * @return
+	 */
+	public String getIDPSLOPostBindingURL();
+	
+	/**
+	 * Set the IDP Redirect-Binding URL for Single LogOut 
+	 * 
+	 * @return
+	 */
+	public String getIDPSLORedirectBindingURL();
+	
+	/**
+	 * Set the SP Post-Binding URL for for the Assertion-Consumer Service
+	 * 
+	 * @return
+	 */
+	public String getSPAssertionConsumerServicePostBindingURL();
+	
+	/**
+	 * Set the SP Redirect-Binding URL for the Assertion-Consumer Service 
+	 * 
+	 * @return
+	 */
+	public String getSPAssertionConsumerServiceRedirectBindingURL();
+	
+	/**
+	 * Set the SP Post-Binding URL for Single LogOut 
+	 * 
+	 * @return
+	 */
+	public String getSPSLOPostBindingURL();
+	
+	/**
+	 * Set the SP Redirect-Binding URL for Single LogOut 
+	 * 
+	 * @return
+	 */
+	public String getSPSLORedirectBindingURL();
+	
+	/**
+	 * Set the SP SOAP-Binding URL for Single LogOut 
+	 * 
+	 * @return
+	 */
+	public String getSPSLOSOAPBindingURL();
+	
+	
+	/**
+	 * Set all SAML2 attributes which could be provided by this IDP
+	 * 
+	 * @return
+	 */
+	public List<Attribute> getIDPPossibleAttributes();
+	
+	/**
+	 * Set all nameID types which could be provided by this IDP
+	 * 
+	 * @return a List of SAML2 nameID types
+	 */
+	public List<String> getIDPPossibleNameITTypes();
+	
+	/**
+	 * Set all SAML2 attributes which are required by the SP
+	 * 
+	 * @return
+	 */
+	public List<RequestedAttribute> getSPRequiredAttributes();
+	
+	/**
+	 * Set all nameID types which allowed from the SP
+	 * 
+	 * @return a List of SAML2 nameID types
+	 */
+	public List<String> getSPAllowedNameITTypes();
+}