diff options
| author | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-01-27 17:42:51 +0100 |
|---|---|---|
| committer | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-01-27 17:42:51 +0100 |
| commit | aba2defe8f95cf960395158f6eb2ad7b1fb6e150 (patch) | |
| tree | 298a0165a30b8538b89abb93a399c615f91702d3 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x | |
| parent | ed9ad9b0c13ee0de3231bab038f35b01beeb0d0b (diff) | |
| parent | cea2f395ec773b386ec628d60120752cf320f6b6 (diff) | |
| download | moa-id-spss-aba2defe8f95cf960395158f6eb2ad7b1fb6e150.tar.gz moa-id-spss-aba2defe8f95cf960395158f6eb2ad7b1fb6e150.tar.bz2 moa-id-spss-aba2defe8f95cf960395158f6eb2ad7b1fb6e150.zip | |
merging
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x')
51 files changed, 861 insertions, 622 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index e6a8c9661..c80dbf321 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -27,9 +27,12 @@ import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.keyinfo.KeyInfoHelper; import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.opensaml.xml.signature.KeyInfo; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.Signer; +import org.opensaml.xml.signature.impl.KeyInfoBuilder; import org.w3c.dom.Document; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -78,17 +81,15 @@ public class MetadataAction implements IAction { keyInfoFactory.setEmitEntityIDAsKeyName(true); keyInfoFactory.setEmitEntityCertificate(true); KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - - Credential credential = CredentialProvider - .getIDPSigningCredential(); - - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(credential)); - + + Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential(); Signature signature = CredentialProvider - .getIDPSignature(credential); + .getIDPSignature(metadataSigningCredential); + +// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder(); +// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject(); +// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.); +// signature.setKeyInfo(metadataKeyInfo ); idpEntitiesDescriptor.setSignature(signature); @@ -139,9 +140,17 @@ public class MetadataAction implements IAction { idpSSODescriptor.getArtifactResolutionServices().add( artifactResolutionService); }*/ + + //set assertion signing key + Credential assertionSigingCredential = CredentialProvider + .getIDPAssertionSigningCredential(); + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential)); idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - + idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes()); NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); @@ -184,7 +193,7 @@ public class MetadataAction implements IAction { String metadataXML = sw.toString(); - System.out.println("METADATA: " + metadataXML); + //System.out.println("METADATA: " + metadataXML); httpResp.setContentType("text/xml"); httpResp.getOutputStream().write(metadataXML.getBytes()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index bef58ab59..dc2330f40 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -124,7 +124,6 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { RequestAbstractType samlReq = moaRequest.getSamlRequest(); //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq)); - //Logger.info("SAML : " + xml); if(!moaRequest.isVerified()) { @@ -137,6 +136,12 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { throw new MOAIDException("Unsupported request", new Object[] {}); } + EntityDescriptor metadata = moaRequest.getEntityMetadata(); + if(metadata == null) { + throw new NoMetadataInformationException(); + } + SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + AuthnRequest authnRequest = (AuthnRequest)samlReq; Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); @@ -144,6 +149,9 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { if(aIdx != null) { assertionidx = aIdx.intValue(); + + } else { + assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor); } aIdx = authnRequest.getAttributeConsumingServiceIndex(); @@ -153,13 +161,14 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { attributeIdx = aIdx.intValue(); } - EntityDescriptor metadata = moaRequest.getEntityMetadata(); - if(metadata == null) { - throw new NoMetadataInformationException(); - } - SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); - AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); + + AttributeConsumingService attributeConsumer = null; + + if (spSSODescriptor.getAttributeConsumingServices() != null && + spSSODescriptor.getAttributeConsumingServices().size() > 0) { + attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); + } String oaURL = moaRequest.getEntityMetadata().getEntityID(); String binding = consumerService.getBinding(); @@ -176,7 +185,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { String useMandate = request.getParameter(PARAM_USEMANDATE); if(useMandate != null) { - if(useMandate.equals("true")) { + if(useMandate.equals("true") && attributeConsumer != null) { if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { throw new MandateAttributesNotHandleAbleException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java index c486d3ff2..57fa50384 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java @@ -37,7 +37,7 @@ public class ArtifactBinding implements IDecoder, IEncoder { throws MessageEncodingException, SecurityException { try { Credential credentials = CredentialProvider - .getIDPSigningCredential(); + .getIDPAssertionSigningCredential(); Signature signer = CredentialProvider.getIDPSignature(credentials); response.setSignature(signer); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 232ad315f..625782cab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -27,6 +27,7 @@ import org.opensaml.xml.security.credential.Credential; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger; public class PostBinding implements IDecoder, IEncoder { @@ -43,8 +44,10 @@ public class PostBinding implements IDecoder, IEncoder { try { Credential credentials = CredentialProvider - .getIDPSigningCredential(); + .getIDPAssertionSigningCredential(); + Logger.debug("create SAML POSTBinding response"); + // VelocityEngine engine = // VelocityProvider.getClassPathVelocityEngine(); VelocityEngine engine = new VelocityEngine(); @@ -67,7 +70,7 @@ public class PostBinding implements IDecoder, IEncoder { .buildObject(); service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); service.setLocation(targetLocation); - context.setOutboundSAMLMessageSigningCredential(credentials); + context.setOutboundSAMLMessageSigningCredential(credentials); context.setPeerEntityEndpoint(service); // context.setOutboundMessage(authReq); context.setOutboundSAMLMessage(response); @@ -100,7 +103,7 @@ public class PostBinding implements IDecoder, IEncoder { RequestAbstractType inboundMessage = (RequestAbstractType) messageContext .getInboundMessage(); - + MOARequest request = new MOARequest(inboundMessage); request.setVerified(false); request.setEntityMetadata(messageContext.getPeerEntityMetadata()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 418c4a60c..0fd639c1b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -3,11 +3,13 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.jcp.xml.dsig.internal.dom.DOMURIDereferencer; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; +import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.Response; @@ -31,6 +33,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; public class RedirectBinding implements IDecoder, IEncoder { @@ -45,8 +49,10 @@ public class RedirectBinding implements IDecoder, IEncoder { throws MessageEncodingException, SecurityException { try { Credential credentials = CredentialProvider - .getIDPSigningCredential(); + .getIDPAssertionSigningCredential(); + Logger.debug("create SAML RedirectBinding response"); + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); @@ -84,13 +90,18 @@ public class RedirectBinding implements IDecoder, IEncoder { SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); + + BasicSecurityPolicy policy = new BasicSecurityPolicy(); policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); + SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( policy); messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); messageContext.setSecurityPolicyResolver(resolver); - + decode.decode(messageContext); signatureRule.evaluate(messageContext); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index 3974e7fd5..1cfb0103e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -65,7 +65,7 @@ public class SoapBinding implements IDecoder, IEncoder { throws MessageEncodingException, SecurityException, PVP2Exception { try { Credential credentials = CredentialProvider - .getIDPSigningCredential(); + .getIDPAssertionSigningCredential(); HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 9403cb205..054f87e18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -23,6 +23,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePIN; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePINType; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; @@ -39,16 +40,26 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateRefere import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PVPVersionAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PrincipalNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; public class PVPAttributeBuilder { - + + private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator(); + private static HashMap<String, IAttributeBuilder> builders; - + private static void addBuilder(IAttributeBuilder builder) { builders.put(builder.getName(), builder); } - + static { builders = new HashMap<String, IAttributeBuilder>(); // Citizen Token normal @@ -84,27 +95,39 @@ public class PVPAttributeBuilder { addBuilder(new MandateReferenceValueAttributeBuilder()); addBuilder(new MandateFullMandateAttributeBuilder()); } - - public static Attribute buildAttribute(String name, - AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + + public static Attribute buildAttribute(String name, AuthenticationSession authSession, OAAuthParameter oaParam, + AuthenticationData authData) throws PVP2Exception { if (builders.containsKey(name)) { - return builders.get(name).build(authSession, oaParam, authData); + try { + return builders.get(name).build(authSession, oaParam, authData, generator); + } + catch (AttributeException e) { + if (e instanceof UnavailableAttributeException) { + throw new UnprovideableAttributeException(((UnavailableAttributeException) e).getAttributeName()); + } else if (e instanceof InvalidDateFormatAttributeException) { + throw new InvalidDateFormatException(); + } else if (e instanceof NoMandateDataAttributeException) { + throw new NoMandateDataAvailableException(); + } else { + throw new UnprovideableAttributeException(name); + } + } } return null; } - + public static List<Attribute> buildSupportedEmptyAttributes() { List<Attribute> attributes = new ArrayList<Attribute>(); Iterator<IAttributeBuilder> builderIt = builders.values().iterator(); while (builderIt.hasNext()) { IAttributeBuilder builder = builderIt.next(); - Attribute emptyAttribute = builder.buildEmpty(); + Attribute emptyAttribute = builder.buildEmpty(generator); if (emptyAttribute != null) { attributes.add(emptyAttribute); } } return attributes; } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index f21567245..9e2c89583 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -57,53 +57,55 @@ import at.gv.egovernment.moa.util.Constants; public class PVP2AssertionBuilder implements PVPConstants { public static Assertion buildAssertion(AuthnRequest authnRequest, - AuthenticationSession authSession, EntityDescriptor peerEntity) + AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date) throws MOAIDException { Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); RequestedAuthnContext reqAuthnContext = authnRequest .getRequestedAuthnContext(); - if (reqAuthnContext == null) { - throw new NoAuthContextException(); - } - - boolean stork_qaa_1_4_found = false; - AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); - - List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext - .getAuthnContextClassRefs(); - if (reqAuthnContextClassRefIt.size() == 0) { - stork_qaa_1_4_found = true; + if (reqAuthnContext == null) { authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); - - } else { - for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { - String qaa_uri = authnClassRef.getAuthnContextClassRef(); - if (qaa_uri.trim().equals(STORK_QAA_1_4) - || qaa_uri.trim().equals(STORK_QAA_1_3) - || qaa_uri.trim().equals(STORK_QAA_1_2) - || qaa_uri.trim().equals(STORK_QAA_1_1)) { - - if (authSession.isForeigner()) { - //TODO: insert QAA check - - stork_qaa_1_4_found = false; - - } else { - stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + + } else { + + boolean stork_qaa_1_4_found = false; + + List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext + .getAuthnContextClassRefs(); + + if (reqAuthnContextClassRefIt.size() == 0) { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + + } else { + for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { + String qaa_uri = authnClassRef.getAuthnContextClassRef(); + if (qaa_uri.trim().equals(STORK_QAA_1_4) + || qaa_uri.trim().equals(STORK_QAA_1_3) + || qaa_uri.trim().equals(STORK_QAA_1_2) + || qaa_uri.trim().equals(STORK_QAA_1_1)) { + + if (authSession.isForeigner()) { + //TODO: insert QAA check + + stork_qaa_1_4_found = false; + + } else { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + } + break; } - break; } } - } - - if (!stork_qaa_1_4_found) { - throw new QAANotSupportedException(STORK_QAA_1_4); + + if (!stork_qaa_1_4_found) { + throw new QAANotSupportedException(STORK_QAA_1_4); + } } // reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() @@ -135,7 +137,7 @@ public class PVP2AssertionBuilder implements PVPConstants { AuthnStatement authnStatement = SAML2Utils .createSAMLObject(AuthnStatement.class); String remoteSessionID = SAML2Utils.getSecureIdentifier(); - authnStatement.setAuthnInstant(new DateTime()); + authnStatement.setAuthnInstant(date); // currently dummy id ... authnStatement.setSessionIndex(remoteSessionID); authnStatement.setAuthnContext(authnContext); @@ -144,16 +146,14 @@ public class PVP2AssertionBuilder implements PVPConstants { SPSSODescriptor spSSODescriptor = peerEntity .getSPSSODescriptor(SAMLConstants.SAML20P_NS); - + Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); int idx = 0; if (aIdx != null) { idx = aIdx.intValue(); - } - - AttributeConsumingService attributeConsumingService = spSSODescriptor - .getAttributeConsumingServices().get(idx); + + } AttributeStatement attributeStatement = SAML2Utils .createSAMLObject(AttributeStatement.class); @@ -197,32 +197,38 @@ public class PVP2AssertionBuilder implements PVPConstants { .buildAuthenticationData(authSession, oaParam, oaParam.getTarget()); - Iterator<RequestedAttribute> it = attributeConsumingService - .getRequestAttributes().iterator(); - while (it.hasNext()) { - RequestedAttribute reqAttribut = it.next(); - try { - Attribute attr = PVPAttributeBuilder.buildAttribute( - reqAttribut.getName(), authSession, oaParam, authData); - if (attr == null) { + if (spSSODescriptor.getAttributeConsumingServices() != null && + spSSODescriptor.getAttributeConsumingServices().size() > 0) { + + AttributeConsumingService attributeConsumingService = spSSODescriptor + .getAttributeConsumingServices().get(idx); + + Iterator<RequestedAttribute> it = attributeConsumingService + .getRequestAttributes().iterator(); + while (it.hasNext()) { + RequestedAttribute reqAttribut = it.next(); + try { + Attribute attr = PVPAttributeBuilder.buildAttribute( + reqAttribut.getName(), authSession, oaParam, authData); + if (attr == null) { + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + } else { + attributeStatement.getAttributes().add(attr); + } + } catch (PVP2Exception e) { + Logger.error( + "Attribute generation failed! for " + + reqAttribut.getFriendlyName(), e); if (reqAttribut.isRequired()) { throw new UnprovideableAttributeException( reqAttribut.getName()); } - } else { - attributeStatement.getAttributes().add(attr); - } - } catch (PVP2Exception e) { - Logger.error( - "Attribute generation failed! for " - + reqAttribut.getFriendlyName(), e); - if (reqAttribut.isRequired()) { - throw new UnprovideableAttributeException( - reqAttribut.getName()); } } } - if (attributeStatement.getAttributes().size() > 0) { assertion.getAttributeStatements().add(attributeStatement); } @@ -294,7 +300,7 @@ public class PVP2AssertionBuilder implements PVPConstants { SubjectConfirmationData subjectConfirmationData = SAML2Utils .createSAMLObject(SubjectConfirmationData.class); subjectConfirmationData.setInResponseTo(authnRequest.getID()); - subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20)); + subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5)); //TL: change from entityID to destination URL AssertionConsumerService consumerService = spSSODescriptor @@ -317,9 +323,9 @@ public class PVP2AssertionBuilder implements PVPConstants { audience.setAudienceURI(peerEntity.getEntityID()); audienceRestriction.getAudiences().add(audience); - conditions.setNotBefore(new DateTime()); + conditions.setNotBefore(date); - conditions.setNotOnOrAfter(new DateTime().plusMinutes(20)); + conditions.setNotOnOrAfter(date.plusMinutes(5)); // conditions.setNotOnOrAfter(new DateTime()); conditions.getAudienceRestrictions().add(audienceRestriction); @@ -336,7 +342,7 @@ public class PVP2AssertionBuilder implements PVPConstants { assertion.setIssuer(issuer); assertion.setSubject(subject); assertion.setID(SAML2Utils.getSecureIdentifier()); - assertion.setIssueInstant(new DateTime()); + assertion.setIssueInstant(date); return assertion; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java index bb568cd90..f5f84a322 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java @@ -1,41 +1,38 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -public class BPKAttributeBuilder extends BaseAttributeBuilder { - +public class BPKAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return BPK_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { String bpk = authData.getBPK(); String type = authData.getBPKType(); if (type.startsWith(Constants.URN_PREFIX_WBPK)) - type = type.substring((Constants.URN_PREFIX_WBPK+"+").length()); - else if (type.startsWith(Constants.URN_PREFIX_CDID)) - type = type.substring((Constants.URN_PREFIX_CDID+"+").length()); - - if(bpk.length() > BPK_MAX_LENGTH) { + type = type.substring((Constants.URN_PREFIX_WBPK + "+").length()); + else if (type.startsWith(Constants.URN_PREFIX_CDID)) type = type.substring((Constants.URN_PREFIX_CDID + "+").length()); + + if (bpk.length() > BPK_MAX_LENGTH) { bpk = bpk.substring(0, BPK_MAX_LENGTH); } Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type); - return buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk); + return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk); } - - public Attribute buildEmpty() { - return buildemptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java index fa42fc54f..ef594b91c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java @@ -5,41 +5,39 @@ import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class BirthdateAttributeBuilder extends BaseAttributeBuilder { - +public class BirthdateAttributeBuilder implements IPVPAttributeBuilder { + public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; - + public String getName() { return BIRTHDATE_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { try { - DateFormat identityLinkFormat = new SimpleDateFormat( - IDENTITY_LINK_DATE_FORMAT); - Date date = identityLinkFormat.parse(authSession.getIdentityLink() - .getDateOfBirth()); - DateFormat pvpDateFormat = new SimpleDateFormat( - BIRTHDATE_FORMAT_PATTERN); + DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth()); + DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); String dateString = pvpDateFormat.format(date); - return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, - BIRTHDATE_NAME, dateString); - } catch (ParseException e) { + + return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); + + //return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); + } + catch (ParseException e) { e.printStackTrace(); return null; } } - public Attribute buildEmpty() { - return buildemptyAttribute(BIRTHDATE_FRIENDLY_NAME, - BIRTHDATE_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java index 16d05842a..d2532fc28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java @@ -4,42 +4,40 @@ import iaik.util.logging.Log; import java.io.IOException; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; -public class EIDAuthBlock extends BaseAttributeBuilder { - +public class EIDAuthBlock implements IPVPAttributeBuilder { + public String getName() { return EID_AUTH_BLOCK_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { try { String authblock = authSession.getAuthBlock(); if (MiscUtil.isNotEmpty(authblock)) { - return buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, - EID_AUTH_BLOCK_NAME, Base64Utils.encode(authblock.getBytes())); + return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, + Base64Utils.encode(authblock.getBytes())); } - } catch (IOException e) { + } + catch (IOException e) { Log.info("Encode AuthBlock BASE64 failed."); } - throw new UnprovideableAttributeException(EID_AUTH_BLOCK_NAME); - + throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME); + } - - public Attribute buildEmpty() { - return buildemptyAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME); + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java index 0d96d4817..470dc11fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java @@ -1,33 +1,30 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.MiscUtil; -public class EIDCcsURL extends BaseAttributeBuilder{ +public class EIDCcsURL implements IPVPAttributeBuilder { public String getName() { return EID_CCS_URL_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { String bkuurl = authSession.getBkuURL(); if (MiscUtil.isNotEmpty(bkuurl)) - return buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); + return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); else - throw new UnprovideableAttributeException(EID_CCS_URL_NAME); + throw new UnavailableAttributeException(EID_CCS_URL_NAME); } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java index 5ddd87c7b..770609e7a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java @@ -1,26 +1,25 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class EIDCitizenQAALevelAttributeBuilder extends BaseAttributeBuilder { +public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return EID_CITIZEN_QAA_LEVEL_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { - return buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, EID_CITIZEN_QAA_LEVEL_NAME, 4); } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, EID_CITIZEN_QAA_LEVEL_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java index d8be65f53..ea1ed0470 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java @@ -4,28 +4,26 @@ import java.io.IOException; import javax.xml.transform.TransformerException; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; -public class EIDIdentityLinkBuilder extends BaseAttributeBuilder { +public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { public String getName() { return EID_IDENTITY_LINK_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { try { String ilAssertion = null; if (oaParam.getBusinessService()) { @@ -43,27 +41,27 @@ public class EIDIdentityLinkBuilder extends BaseAttributeBuilder { ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - return buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes())); } catch (MOAIDException e) { Logger.warn("IdentityLink serialization error.", e); - return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME); } catch (TransformerException e) { Logger.warn("IdentityLink serialization error.", e); - return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME); } catch (IOException e) { Logger.warn("IdentityLink serialization error.", e); - return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME); } } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java index 08e4e67b3..7d6173ee2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java @@ -5,21 +5,20 @@ import iaik.x509.X509Certificate; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; -public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder { +public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return EID_ISSUING_NATION_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { String countryCode = "AT"; @@ -48,12 +47,12 @@ public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder { } } - return buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, EID_ISSUING_NATION_NAME, countryCode); } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, EID_ISSUING_NATION_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java index 8cb2b5be6..43e052644 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java @@ -1,26 +1,25 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder { +public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return EID_SECTOR_FOR_IDENTIFIER_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { String bpktype = authData.getBPKType(); - return buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, EID_SECTOR_FOR_IDENTIFIER_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java index f5cb51228..93ddd3506 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java @@ -4,29 +4,26 @@ import iaik.util.logging.Log; import java.io.IOException; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.Base64Utils; -public class EIDSignerCertificate extends BaseAttributeBuilder { +public class EIDSignerCertificate implements IPVPAttributeBuilder { public String getName() { return EID_SIGNER_CERTIFICATE_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { try { byte[] signerCertificate = authSession.getEncodedSignerCertificate(); if (signerCertificate != null) { - return buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils + return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils .encode(signerCertificate)); } @@ -34,12 +31,12 @@ public class EIDSignerCertificate extends BaseAttributeBuilder { Log.info("Signer certificate BASE64 encoding error"); } - throw new UnprovideableAttributeException(EID_SIGNER_CERTIFICATE_NAME); + throw new UnavailableAttributeException(EID_SIGNER_CERTIFICATE_NAME); } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java index d21d264f6..a8ec0bfb4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java @@ -1,33 +1,30 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -public class EIDSourcePIN extends BaseAttributeBuilder { +public class EIDSourcePIN implements IPVPAttributeBuilder { public String getName() { return EID_SOURCE_PIN_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if (oaParam.getBusinessService()) - throw new UnprovideableAttributeException(EID_SOURCE_PIN_NAME); + throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME); else { - return buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue()); + return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue()); } } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java index 9bc9716cf..858a53bed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java @@ -1,33 +1,30 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -public class EIDSourcePINType extends BaseAttributeBuilder { +public class EIDSourcePINType implements IPVPAttributeBuilder { public String getName() { return EID_SOURCE_PIN_TYPE_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if (oaParam.getBusinessService()) - throw new UnprovideableAttributeException(EID_SOURCE_PIN_TYPE_NAME); + throw new UnavailableAttributeException(EID_SOURCE_PIN_TYPE_NAME); else { - return buildStringAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME, authData.getIdentificationType()); + return g.buildStringAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME, authData.getIdentificationType()); } } - public Attribute buildEmpty() { - return buildemptyAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java index 5c8151c01..648ea6d25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java @@ -1,24 +1,23 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class GivenNameAttributeBuilder extends BaseAttributeBuilder { +public class GivenNameAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return GIVEN_NAME_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { - return buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName()); + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName()); } - public Attribute buildEmpty() { - return buildemptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java index 173fbd52f..29f612961 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java @@ -1,15 +1,15 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public interface IAttributeBuilder { public String getName(); - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception; - public Attribute buildEmpty(); + + public <ATT> ATT build(final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData, + final IAttributeGenerator<ATT> g) throws AttributeException; + + public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeGenerator.java new file mode 100644 index 000000000..48502b77b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeGenerator.java @@ -0,0 +1,11 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +public interface IAttributeGenerator<ATT> { + public abstract ATT buildStringAttribute(final String friendlyName, final String name, final String value); + + public abstract ATT buildIntegerAttribute(final String friendlyName, final String name, final int value); + + public abstract ATT buildLongAttribute(final String friendlyName, final String name, final long value); + + public abstract ATT buildEmptyAttribute(final String friendlyName, final String name); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java new file mode 100644 index 000000000..cf40f96f4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java @@ -0,0 +1,8 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +interface IPVPAttributeBuilder extends PVPConstants, MOAIDAuthConstants, IAttributeBuilder { + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java index 0afd71bc1..7d5f1d998 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -4,32 +4,29 @@ import java.io.IOException; import javax.xml.transform.TransformerException; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; -public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder { +public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_FULL_MANDATE_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if (authSession.getUseMandate()) { if (authSession.getMandate() != null) { String fullMandate; try { fullMandate = DOMUtils.serializeNode(authSession .getMandate()); - return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, MANDATE_FULL_MANDATE_NAME, Base64Utils.encode(fullMandate.getBytes())); } catch (TransformerException e) { Logger.error("Failed to generate Full Mandate", e); @@ -42,8 +39,8 @@ public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder { } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, MANDATE_FULL_MANDATE_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java index 15059c036..c49f72315 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -8,44 +7,43 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateLegalPersonFullNameAttributeBuilder extends BaseAttributeBuilder { - +public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_LEG_PER_FULL_NAME_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { - if(authSession.getUseMandate()) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); - if(mandate == null) { - throw new NoMandateDataAvailableException(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); } CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); - if(corporation == null) { + if (corporation == null) { Logger.error("No corporation mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - return buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, - MANDATE_LEG_PER_FULL_NAME_NAME, corporation.getFullName()); + return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME, + corporation.getFullName()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, - MANDATE_LEG_PER_FULL_NAME_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java index 820efb209..9b1ed0520 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -9,37 +8,37 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBuilder { +public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_LEG_PER_SOURCE_PIN_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if(authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if(mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); if(corporation == null) { Logger.error("No corporation mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } IdentificationType id = null; if(corporation.getIdentification().size() == 0) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } id = corporation.getIdentification().get(0); /*if(authSession.getBusinessService()) { @@ -49,16 +48,16 @@ public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBu }*/ /*if(id == null) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); }*/ - return buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME, id.getValue().getValue()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java index 44b58d04f..d40cb2f99 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -9,59 +8,53 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateLegalPersonSourcePinTypeAttributeBuilder extends - BaseAttributeBuilder { - +public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if (mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if (mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - CorporateBodyType corporation = mandateObject.getMandator() - .getCorporateBody(); + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); if (corporation == null) { Logger.error("No corporate mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } IdentificationType id = null; - if(corporation.getIdentification().size() == 0) { + if (corporation.getIdentification().size() == 0) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - id = corporation.getIdentification().get(0); - /*id = MandateBuilder.getBPKIdentification(corporate); - if (id == null) { - Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); - }*/ - return buildStringAttribute( - MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, id.getType()); + id = corporation.getIdentification().get(0); + /* + * id = MandateBuilder.getBPKIdentification(corporate); if (id == null) { + * Logger.error("Failed to generate IdentificationType"); throw new + * NoMandateDataAttributeException(); } + */ + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, + id.getType()); } return null; - + } - - public Attribute buildEmpty() { - return buildemptyAttribute( - MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME); + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index dc4e9dd49..b6c7389e0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -11,52 +10,51 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder { - +public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_NAT_PER_BPK_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { - if(authSession.getUseMandate()) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); - if(mandate == null) { - throw new NoMandateDataAvailableException(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); } - PhysicalPersonType physicalPerson = mandateObject.getMandator() - .getPhysicalPerson(); + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); if (physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); -// if(authSession.getBusinessService()) { -// id = MandateBuilder.getWBPKIdentification(physicalPerson); -// } else { -// id = MandateBuilder.getBPKIdentification(physicalPerson); -// } - if(id == null) { + // if(authSession.getBusinessService()) { + // id = MandateBuilder.getWBPKIdentification(physicalPerson); + // } else { + // id = MandateBuilder.getBPKIdentification(physicalPerson); + // } + if (id == null) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } String bpk; try { - + if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { - if (authSession.getBusinessService()) { + if (authSession.getBusinessService()) { bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); } @@ -65,26 +63,24 @@ public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilde bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget()); } - - } else + + } else bpk = id.getValue().getValue(); - } catch (BuildException e ){ + } + catch (BuildException e) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - - return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, - MANDATE_NAT_PER_BPK_NAME, bpk); + + return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, - MANDATE_NAT_PER_BPK_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME); } - - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java index a87d4d25c..bc719afeb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -5,7 +5,6 @@ import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -13,62 +12,55 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateNaturalPersonBirthDateAttributeBuilder extends - BaseAttributeBuilder { - +public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_NAT_PER_BIRTHDATE_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if (mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if (mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - PhysicalPersonType physicalPerson = mandateObject.getMandator() - .getPhysicalPerson(); + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); if (physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - + String dateOfBirth = physicalPerson.getDateOfBirth(); try { - DateFormat mandateFormat = new SimpleDateFormat( - MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); + DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); Date date = mandateFormat.parse(dateOfBirth); - DateFormat pvpDateFormat = new SimpleDateFormat( - MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); + DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); String dateString = pvpDateFormat.format(date); - - return buildStringAttribute( - MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, - MANDATE_NAT_PER_BIRTHDATE_NAME, dateString); - } catch (ParseException e) { + + return g.buildStringAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, MANDATE_NAT_PER_BIRTHDATE_NAME, dateString); + } + catch (ParseException e) { e.printStackTrace(); - throw new InvalidDateFormatException(); + throw new InvalidDateFormatAttributeException(); } } return null; - + } - - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, - MANDATE_NAT_PER_BIRTHDATE_NAME); + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, MANDATE_NAT_PER_BIRTHDATE_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java index 6744e5d20..0e40f9e04 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import java.util.Iterator; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -11,32 +10,32 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttributeBuilder { +public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_FAMILY_NAME_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if(authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if(mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); if(physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } StringBuilder sb = new StringBuilder(); @@ -46,15 +45,15 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttribu sb.append(" " + fNamesit.next().getValue()); } - return buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_FAMILY_NAME_NAME, sb.toString()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_FAMILY_NAME_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java index 67aa8df0e..88efc3717 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import java.util.Iterator; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -10,51 +9,49 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateNaturalPersonGivenNameAttributeBuilder extends BaseAttributeBuilder { - +public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_NAT_PER_GIVEN_NAME_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { - if(authSession.getUseMandate()) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); - if(mandate == null) { - throw new NoMandateDataAvailableException(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); } PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if(physicalPerson == null) { + if (physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } StringBuilder sb = new StringBuilder(); Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator(); - while(gNamesit.hasNext()) { + while (gNamesit.hasNext()) { sb.append(" " + gNamesit.next()); } - return buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, - MANDATE_NAT_PER_GIVEN_NAME_NAME, sb.toString()); + return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, sb.toString()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, - MANDATE_NAT_PER_GIVEN_NAME_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index aa8061506..7c59faeb2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -9,56 +8,56 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateNaturalPersonSourcePinAttributeBuilder extends - BaseAttributeBuilder { +public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_SOURCE_PIN_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if(authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if(mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } PhysicalPersonType physicalPerson = mandateObject.getMandator() .getPhysicalPerson(); if (physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); - /*if(authSession.getBusinessService()) { + + if(authSession.getBusinessService()) { id = MandateBuilder.getWBPKIdentification(physicalPerson); - } else { - id = MandateBuilder.getBPKIdentification(physicalPerson); - }*/ + +// } else { +// id = MandateBuilder.getBPKIdentification(physicalPerson); + } if(id == null) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_NAT_PER_SOURCE_PIN_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index 6ef2f5fa5..54b0b8d74 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; @@ -9,35 +8,33 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; -public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends - BaseAttributeBuilder { +public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) - throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if(authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if(mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); if(mandateObject == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } PhysicalPersonType physicalPerson = mandateObject.getMandator() .getPhysicalPerson(); if (physicalPerson == null) { Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); @@ -48,17 +45,17 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends }*/ if(id == null) { Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } - return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java index 66ac56d00..80393fb50 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -1,27 +1,26 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; -public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { +public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_PROF_REP_DESC_NAME; } - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { if(authSession.getUseMandate()) { Element mandate = authSession.getMandate(); if(mandate == null) { - throw new NoMandateDataAvailableException(); + throw new NoMandateDataAttributeException(); } String text = AttributeExtractor.extractSAMLAttributeOA( @@ -32,7 +31,7 @@ public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { return null; } - return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, MANDATE_PROF_REP_DESC_NAME, text); } @@ -40,8 +39,8 @@ public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, MANDATE_PROF_REP_DESC_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java index d708cba95..e3bfda252 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -1,48 +1,42 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; -public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder { - +public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_PROF_REP_OID_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { - if(authSession.getUseMandate()) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); - if(mandate == null) { - throw new NoMandateDataAvailableException(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); } - String oid = AttributeExtractor.extractSAMLAttributeOA( - EXT_SAML_MANDATE_OID, - authSession); + String oid = AttributeExtractor.extractSAMLAttributeOA(EXT_SAML_MANDATE_OID, authSession); - if(oid == null) { + if (oid == null) { return null; } - return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, - MANDATE_PROF_REP_OID_NAME, oid); + return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, - MANDATE_PROF_REP_OID_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME); } } -
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java index 46c6ffb78..dc1a4f04b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -1,44 +1,28 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; -import org.w3c.dom.Element; - -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; -import at.gv.egovernment.moa.id.util.MandateBuilder; - -public class MandateReferenceValueAttributeBuilder extends BaseAttributeBuilder { +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_REFERENCE_VALUE_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { - if(authSession.getUseMandate()) { - -// Element mandate = authSession.getMandate(); -// if(mandate == null) { -// throw new NoMandateDataAvailableException(); -// } -// Mandate mandateObject = MandateBuilder.buildMandate(mandate); -// if(mandateObject == null) { -// throw new NoMandateDataAvailableException(); -// } - - return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, - MANDATE_REFERENCE_VALUE_NAME, authSession.getMandateReferenceValue()); + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { + + return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME, + authSession.getMandateReferenceValue()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, - MANDATE_REFERENCE_VALUE_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java index bc7fdaf73..76dc1cb83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java @@ -1,41 +1,41 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.ResponderErrorException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; -public class MandateTypeAttributeBuilder extends BaseAttributeBuilder { - +public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return MANDATE_TYPE_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws ResponderErrorException { - if(authSession.getUseMandate()) { + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + if (authSession.getUseMandate()) { Element mandate = authSession.getMandate(); - if(mandate == null) { - throw new ResponderErrorException("No mandate data available", null); + if (mandate == null) { + throw new NoMandateDataAttributeException(); } Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new ResponderErrorException("No mandate data available", null); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); } - return buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation()); + return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation()); } return null; } - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME); + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java index 545d70d76..149513764 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java @@ -1,24 +1,23 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class PVPVersionAttributeBuilder extends BaseAttributeBuilder { - +public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return PVP_VERSION_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { - return buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1); + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1); } - - public Attribute buildEmpty() { - return buildemptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME); + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java index 7ca7eb829..2de5ae79a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java @@ -1,24 +1,23 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.opensaml.saml2.core.Attribute; - import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -public class PrincipalNameAttributeBuilder extends BaseAttributeBuilder { - +public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder { + public String getName() { return PRINCIPAL_NAME_NAME; } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) { - return buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName()); + + public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + IAttributeGenerator<ATT> g) throws AttributeException { + return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName()); } - - public Attribute buildEmpty() { - return buildemptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME); + + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java index 4accca580..170c72fb4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java @@ -9,31 +9,26 @@ import org.opensaml.xml.schema.XSString; import org.opensaml.xml.schema.impl.XSIntegerBuilder; import org.opensaml.xml.schema.impl.XSStringBuilder; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -public abstract class BaseAttributeBuilder implements PVPConstants, MOAIDAuthConstants, IAttributeBuilder { - +public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> { - protected static XMLObject buildAttributeStringValue(String value) { + private XMLObject buildAttributeStringValue(String value) { XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); stringValue.setValue(value); return stringValue; } - protected static XMLObject buildAttributeIntegerValue(int value) { + private XMLObject buildAttributeIntegerValue(int value) { XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); integerValue.setValue(value); return integerValue; } - protected static Attribute buildStringAttribute(String friendlyName, - String name, String value) { - Attribute attribute = - SAML2Utils.createSAMLObject(Attribute.class); + public Attribute buildStringAttribute(final String friendlyName, final String name, final String value) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); attribute.setFriendlyName(friendlyName); attribute.setName(name); attribute.setNameFormat(Attribute.URI_REFERENCE); @@ -41,10 +36,8 @@ public abstract class BaseAttributeBuilder implements PVPConstants, MOAIDAuthCon return attribute; } - protected static Attribute buildIntegerAttribute(String friendlyName, - String name, int value) { - Attribute attribute = - SAML2Utils.createSAMLObject(Attribute.class); + public Attribute buildIntegerAttribute(final String friendlyName, final String name, final int value) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); attribute.setFriendlyName(friendlyName); attribute.setName(name); attribute.setNameFormat(Attribute.URI_REFERENCE); @@ -52,12 +45,21 @@ public abstract class BaseAttributeBuilder implements PVPConstants, MOAIDAuthCon return attribute; } - protected static Attribute buildemptyAttribute(String friendlyName, String name) { - Attribute attribute = - SAML2Utils.createSAMLObject(Attribute.class); + public Attribute buildEmptyAttribute(final String friendlyName, final String name) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + return attribute; + } + + public Attribute buildLongAttribute(String friendlyName, String name, long value) { + Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class); attribute.setFriendlyName(friendlyName); attribute.setName(name); attribute.setNameFormat(Attribute.URI_REFERENCE); + attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value)); return attribute; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java new file mode 100644 index 000000000..245858ad1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java @@ -0,0 +1,11 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; + +public class AttributeException extends Exception { + + private static final long serialVersionUID = 1L; + + public AttributeException(String message) { + super(message); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java new file mode 100644 index 000000000..61540d53f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java @@ -0,0 +1,13 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; + +public class InvalidDateFormatAttributeException extends AttributeException { + + private static final long serialVersionUID = 1L; + + public InvalidDateFormatAttributeException() { + super("Date format is invalid."); + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java new file mode 100644 index 000000000..7bb09fd85 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java @@ -0,0 +1,10 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; + +public class NoMandateDataAttributeException extends AttributeException { + + private static final long serialVersionUID = 1L; + + public NoMandateDataAttributeException() { + super("Mandate data is not available."); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java new file mode 100644 index 000000000..df3933774 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java @@ -0,0 +1,18 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; + +public class UnavailableAttributeException extends AttributeException { + + private static final long serialVersionUID = 1L; + + private String attributeName; + + public UnavailableAttributeException(String attributeName) { + super("Attribute " + attributeName + " is not available."); + this.attributeName = attributeName; + } + + public String getAttributeName() { + return attributeName; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 116d3b740..b41331dab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -46,10 +46,15 @@ public class PVPConfiguration { public static final String PVP2_POST = "/pvp2/post"; public static final String PVP_CONFIG_FILE = "pvp2config.properties"; + public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; - public static final String IDP_KEYALIAS = "idp.ks.alias"; public static final String IDP_KS_PASS = "idp.ks.kspassword"; - public static final String IDP_KEY_PASS = "idp.ks.keypassword"; + + public static final String IDP_KEYALIASMETADATA = "idp.ks.metadata.alias"; + public static final String IDP_KEY_PASSMETADATA = "idp.ks.metadata.keypassword"; + + public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias"; + public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword"; public static final String IDP_ISSUER_NAME = "idp.issuer.name"; @@ -115,17 +120,25 @@ public class PVPConfiguration { public String getIDPKeyStoreFilename() { return props.getProperty(IDP_JAVAKEYSTORE); } - + public String getIDPKeyStorePassword() { return props.getProperty(IDP_KS_PASS); } - public String getIDPKeyAlias() { - return props.getProperty(IDP_KEYALIAS); + public String getIDPKeyAliasMetadata() { + return props.getProperty(IDP_KEYALIASMETADATA); + } + + public String getIDPKeyPasswordMetadata() { + return props.getProperty(IDP_KEY_PASSMETADATA); + } + + public String getIDPKeyAliasAssertionSign() { + return props.getProperty(IDP_KEYALIASASSERTION); } - public String getIDPKeyPassword() { - return props.getProperty(IDP_KEY_PASS); + public String getIDPKeyPasswordAssertionSign() { + return props.getProperty(IDP_KEY_PASSASSERTION); } public String getIDPIssuerName() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java new file mode 100644 index 000000000..142227a59 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java @@ -0,0 +1,14 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class InvalidAssertionEncryptionException extends PVP2Exception { + + private static final long serialVersionUID = 6513388841485355549L; + + public InvalidAssertionEncryptionException() { + super("pvp2.16", new Object[]{}); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index fec21df9e..9de385307 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -1,22 +1,48 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; +import java.io.IOException; +import java.util.ArrayList; import java.util.Date; +import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; import org.joda.time.DateTime; +import org.opensaml.Configuration; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.EncryptedAssertion; import org.opensaml.saml2.core.Issuer; import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.impl.EncryptedAssertionBuilder; +import org.opensaml.saml2.encryption.Encrypter; +import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.KeyDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.security.MetadataCriteria; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.encryption.EncryptionConstants; +import org.opensaml.xml.encryption.EncryptionException; +import org.opensaml.xml.encryption.EncryptionParameters; +import org.opensaml.xml.encryption.KeyEncryptionParameters; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.CriteriaSet; import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.KeyInfo; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -30,6 +56,9 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionB import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.PrettyPrinter; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; @@ -48,46 +77,110 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest(); EntityDescriptor peerEntity = obj.getEntityMetadata(); - Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity); - + DateTime date = new DateTime(); + + Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date); + Response authResponse = SAML2Utils.createSAMLObject(Response.class); - Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - - //TODO: check! - //change to entity value from entity name to IDP EntityID (URL) - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); - //nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); nissuer.setFormat(NameID.ENTITY); - authResponse.setIssuer(nissuer); authResponse.setInResponseTo(authnRequest.getID()); + //SAML2 response required IssueInstant - authResponse.setIssueInstant(new DateTime()); + authResponse.setIssueInstant(date); - authResponse.getAssertions().add(assertion); authResponse.setStatus(SAML2Utils.getSuccessStatus()); + SPSSODescriptor spSSODescriptor = peerEntity + .getSPSSODescriptor(SAMLConstants.SAML20P_NS); + Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); int idx = 0; if (aIdx != null) { idx = aIdx.intValue(); + + } else { + idx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor); } - - SPSSODescriptor spSSODescriptor = peerEntity - .getSPSSODescriptor(SAMLConstants.SAML20P_NS); AssertionConsumerService consumerService = spSSODescriptor .getAssertionConsumerServices().get(idx); if (consumerService == null) { + //TODO: maybe use default ConsumerService + throw new InvalidAssertionConsumerServiceException(idx); + } String oaURL = consumerService.getLocation(); + //check, if metadata includes an encryption key + MetadataCredentialResolver mdCredResolver = + new MetadataCredentialResolver(MOAMetadataProvider.getInstance()); + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(obj.getSamlRequest().getIssuer().getValue()) ); + criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) ); + + X509Credential encryptionCredentials = null; + try { + encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet); + + } catch (SecurityException e2) { + Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2); + throw new InvalidAssertionEncryptionException(); + + } + + if (encryptionCredentials != null) { + //encrypt SAML2 assertion + + try { + + EncryptionParameters dataEncParams = new EncryptionParameters(); + dataEncParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128); + + List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>(); + KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); + + keyEncParam.setEncryptionCredential(encryptionCredentials); + keyEncParam.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); + KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() + .getKeyInfoGeneratorManager().getDefaultManager() + .getFactory(encryptionCredentials); + keyEncParam.setKeyInfoGenerator(kigf.newInstance()); + keyEncParamList.add(keyEncParam); + + Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); + //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); + samlEncrypter.setKeyPlacement(KeyPlacement.PEER); + + EncryptedAssertion encryptAssertion = null; + + encryptAssertion = samlEncrypter.encrypt(assertion); + + authResponse.getEncryptedAssertions().add(encryptAssertion); + + } catch (EncryptionException e1) { + Logger.warn("Can not encrypt the PVP2 assertion", e1); + throw new InvalidAssertionEncryptionException(); + + } + + } else { + authResponse.getAssertions().add(assertion); + + } + + + + IEncoder binding = null; if (consumerService.getBinding().equals( @@ -113,6 +206,10 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { binding.encodeRespone(req, resp, authResponse, oaURL); // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore +// Logger logger = new Logger(); +// logger.debug("Redirect Binding Request = " + PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(authResponse))); + + return assertion.getID(); } catch (MessageEncodingException e) { @@ -121,6 +218,15 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { } catch (SecurityException e) { Logger.error("Security exception", e); throw new MOAIDException("pvp2.01", null, e); +// } catch (TransformerException e) { +// Logger.error("Security exception", e); +// throw new MOAIDException("pvp2.01", null, e); +// } catch (IOException e) { +// Logger.error("Security exception", e); +// throw new MOAIDException("pvp2.01", null, e); +// } catch (MarshallingException e) { +// Logger.error("Security exception", e); +// throw new MOAIDException("pvp2.01", null, e); } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java index cf0f48f1c..511caa908 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -1,6 +1,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer; import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.interfaces.RSAPrivateKey; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; @@ -13,35 +15,73 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.KeyStoreUtils; +import at.gv.egovernment.moa.util.MiscUtil; public class CredentialProvider { - public static Credential getIDPSigningCredential() + + private static KeyStore keyStore = null; + + public static Credential getIDPMetaDataSigningCredential() throws CredentialsNotAvailableException { - KeyStore keyStore; PVPConfiguration config = PVPConfiguration.getInstance(); try { - keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), - config.getIDPKeyStorePassword()); + + if (keyStore == null) + keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), + config.getIDPKeyStorePassword()); KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter( - keyStore, config.getIDPKeyAlias(), config - .getIDPKeyPassword().toCharArray()); + keyStore, config.getIDPKeyAliasMetadata(), config + .getIDPKeyPasswordMetadata().toCharArray()); credentials.setUsageType(UsageType.SIGNING); return credentials; } catch (Exception e) { - Logger.error("Failed to generate IDP Signing credentials"); + Logger.error("Failed to generate IDP Metadata Signing credentials"); e.printStackTrace(); throw new CredentialsNotAvailableException(e.getMessage(), null); } } + public static Credential getIDPAssertionSigningCredential() + throws CredentialsNotAvailableException { + PVPConfiguration config = PVPConfiguration.getInstance(); + try { + if (keyStore == null) + keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), + config.getIDPKeyStorePassword()); + + KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter( + keyStore, config.getIDPKeyAliasAssertionSign(), config + .getIDPKeyPasswordAssertionSign().toCharArray()); + + credentials.setUsageType(UsageType.SIGNING); + return credentials; + } catch (Exception e) { + Logger.error("Failed to generate IDP Assertion Signing credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException(e.getMessage(), null); + } + } + public static Signature getIDPSignature(Credential credentials) { + + PrivateKey privatekey = credentials.getPrivateKey(); + Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + + if (privatekey instanceof RSAPrivateKey) { + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + + } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) { + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1); + + } + + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); signer.setSigningCredential(credentials); return signer; + } public static Credential getSPTrustedCredential(String entityID) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java index 7bb5b052f..373bca902 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.utils; import java.io.IOException; import java.security.NoSuchAlgorithmException; +import java.util.List; import javax.xml.namespace.QName; import javax.xml.parsers.DocumentBuilder; @@ -13,6 +14,8 @@ import org.opensaml.Configuration; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.saml2.core.Status; import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.xml.XMLObject; import org.opensaml.xml.XMLObjectBuilderFactory; import org.opensaml.xml.io.Marshaller; @@ -77,4 +80,17 @@ public class SAML2Utils { status.setStatusCode(statusCode); return status; } + + public static int getDefaultAssertionConsumerServiceIndex(SPSSODescriptor spSSODescriptor) { + + List<AssertionConsumerService> assertionConsumerList = spSSODescriptor.getAssertionConsumerServices(); + + for (AssertionConsumerService el : assertionConsumerList) { + if (el.isDefault()) + return el.getIndex(); + + } + + return 0; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java index e85d87aa3..e9d41b7ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java @@ -91,12 +91,10 @@ public class MetadataSignatureFilter implements MetadataFilter { throw new MOAIDException("Root element of metadata file has to be signed", null); } processEntitiesDescriptor(entitiesDescriptor); - - } else if (metadata instanceof EntityDescriptor) { + } /*else if (metadata instanceof EntityDescriptor) { EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; processEntityDescriptorr(entityDescriptor); - - } else { + } */else { throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index 628da6773..4823d7629 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -41,6 +41,7 @@ public class SAMLVerificationEngine { public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + try { profileValidator.validate(samlObj.getSignature()); } catch (ValidationException e) { |