diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-03-02 11:20:36 +0100 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-03-02 11:20:36 +0100 |
| commit | 48fd33725c53136fe505067b93390b39e19c41b7 (patch) | |
| tree | 94753d1d8d9e7757dab191183d4c8a87c2c95fb9 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols | |
| parent | ad25761f481988ef6e52fbecc28606e0897ecb9c (diff) | |
| download | moa-id-spss-48fd33725c53136fe505067b93390b39e19c41b7.tar.gz moa-id-spss-48fd33725c53136fe505067b93390b39e19c41b7.tar.bz2 moa-id-spss-48fd33725c53136fe505067b93390b39e19c41b7.zip | |
temporarily commit to save state
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols')
30 files changed, 771 insertions, 378 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java index 7144ebe6d..67eb92d9b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java @@ -27,12 +27,12 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttributeBuilder { @@ -43,22 +43,32 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { if (authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); - if (corporation == null) { - Logger.error("No corporation mandate"); - throw new NoMandateDataAttributeException(); - } + //get PVP attribute directly, if exists + String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class); + + if (MiscUtil.isEmpty(fullName)) { + Element mandate = authData.getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if (corporation == null) { + Logger.error("No corporation mandate"); + throw new NoMandateDataAttributeException(); + + } + fullName = corporation.getFullName(); + } return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME, - corporation.getFullName()); + fullName); + } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java index 12dc8877b..9474cd832 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java @@ -26,14 +26,13 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder { @@ -44,36 +43,39 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { if(authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if(mandate == null) { - throw new NoMandateDataAttributeException(); + + //get PVP attribute directly, if exists + String sourcePin = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class); + + if (MiscUtil.isEmpty(sourcePin)) { + Element mandate = authData.getMandate(); + if(mandate == null) { + throw new NoMandateDataAttributeException(); + + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAttributeException(); + + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if(corporation == null) { + Logger.error("No corporation mandate"); + throw new NoMandateDataAttributeException(); + + } + if(corporation.getIdentification().size() == 0) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + + } + + sourcePin = corporation.getIdentification().get(0).getValue().getValue(); + } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); - if(corporation == null) { - Logger.error("No corporation mandate"); - throw new NoMandateDataAttributeException(); - } - IdentificationType id = null; - if(corporation.getIdentification().size() == 0) { - Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); - } - id = corporation.getIdentification().get(0); - /*if(authSession.getBusinessService()) { - id = MandateBuilder.getWBPKIdentification(corporation); - } else { - id = MandateBuilder.getBPKIdentification(corporation); - }*/ - /*if(id == null) { - Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); - }*/ + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, id.getValue().getValue()); + MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePin); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java index a7a9a757b..8391c8230 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java @@ -26,14 +26,13 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder { @@ -44,32 +43,37 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { if (authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); + //get PVP attribute directly, if exists + String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); + + if (MiscUtil.isEmpty(sourcePinType)) { + Element mandate = authData.getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if (corporation == null) { + Logger.error("No corporate mandate"); + throw new NoMandateDataAttributeException(); + + } + if (corporation.getIdentification().size() == 0) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + + } + sourcePinType = corporation.getIdentification().get(0).getType(); + } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); - if (corporation == null) { - Logger.error("No corporate mandate"); - throw new NoMandateDataAttributeException(); - } - IdentificationType id = null; - if (corporation.getIdentification().size() == 0) { - Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); - } - id = corporation.getIdentification().get(0); - /* - * id = MandateBuilder.getBPKIdentification(corporate); if (id == null) { - * Logger.error("Failed to generate IdentificationType"); throw new - * NoMandateDataAttributeException(); } - */ + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, - id.getType()); + sourcePinType); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index be6372913..df077a631 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -30,13 +30,13 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder { @@ -45,49 +45,53 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui } public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if (physicalPerson == null) { - Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - IdentificationType id = null; - id = physicalPerson.getIdentification().get(0); - if (id == null) { - Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); - } + IAttributeGenerator<ATT> g) throws AttributeException { + if (authData.isUseMandate()) { - String bpk; - try { + //get PVP attribute directly, if exists + String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class); + + if (MiscUtil.isEmpty(bpk)) { + //read bPK from mandate if it is not directly included + Element mandate = authData.getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + if (id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); + } - if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { - if (oaParam.getBusinessService()) { - bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); + try { + if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { + if (oaParam.getBusinessService()) { + bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); + + } else { + bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget()); + + } - } + } else + bpk = id.getValue().getValue(); - else { - bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget()); - - } + } + catch (BuildException e) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAttributeException(); - } else - bpk = id.getValue().getValue(); - - } - catch (BuildException e) { - Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAttributeException(); + } } return g.buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME, bpk); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java index e644f49e4..663e927fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -32,13 +32,13 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttributeBuilder { @@ -49,33 +49,56 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { if (authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if (physicalPerson == null) { - Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - String dateOfBirth = physicalPerson.getDateOfBirth(); - try { - DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); - Date date = mandateFormat.parse(dateOfBirth); - DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); - String dateString = pvpDateFormat.format(date); + //get PVP attribute directly, if exists + String birthDayString = authData.getGenericData(MANDATE_NAT_PER_BIRTHDATE_NAME, String.class); + + if (MiscUtil.isEmpty(birthDayString)) { + //read bPK from mandate if it is not directly included + Element mandate = authData.getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + + String dateOfBirth = physicalPerson.getDateOfBirth(); + try { + DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); + mandateFormat.setLenient(false); + Date date = mandateFormat.parse(dateOfBirth); + DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); + birthDayString = pvpDateFormat.format(date); + + } + catch (ParseException e) { + Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e); + throw new InvalidDateFormatAttributeException(); + + } + + } else { + try { + DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); + pvpDateFormat.setLenient(false); + pvpDateFormat.parse(birthDayString); + + } catch (ParseException e) { + Logger.warn("Format of direct included PVP Attribute " + MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME + + " has an incorrect formt. (Value:" + birthDayString, e); + throw new InvalidDateFormatAttributeException(); + } - return g.buildStringAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, MANDATE_NAT_PER_BIRTHDATE_NAME, dateString); - } - catch (ParseException e) { - e.printStackTrace(); - throw new InvalidDateFormatAttributeException(); } + + return g.buildStringAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, MANDATE_NAT_PER_BIRTHDATE_NAME, birthDayString); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java index fa3ad691d..dd49b2a1e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -30,12 +30,12 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttributeBuilder { @@ -46,29 +46,38 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttr public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { if(authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if(mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if(physicalPerson == null) { - Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - StringBuilder sb = new StringBuilder(); - Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator(); + //get PVP attribute directly, if exists + String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class); - while(fNamesit.hasNext()) { - sb.append(" " + fNamesit.next().getValue()); + if (MiscUtil.isEmpty(familyName)) { + //read mandator familyName from mandate if it is not directly included + Element mandate = authData.getMandate(); + if(mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if(physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator(); + + while(fNamesit.hasNext()) + sb.append(" " + fNamesit.next().getValue()); + + familyName = sb.toString(); + } return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, - MANDATE_NAT_PER_FAMILY_NAME_NAME, sb.toString()); + MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java index 4c725c1c5..8948f1227 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -29,12 +29,12 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttributeBuilder { @@ -44,29 +44,36 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); - if (physicalPerson == null) { - Logger.error("No physicalPerson mandate"); - throw new NoMandateDataAttributeException(); - } - - StringBuilder sb = new StringBuilder(); - Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator(); + if (authData.isUseMandate()) { + //get PVP attribute directly, if exists + String givenName = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class); - while (gNamesit.hasNext()) { - sb.append(" " + gNamesit.next()); + if (MiscUtil.isEmpty(givenName)) { + Element mandate = authData.getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAttributeException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator(); + + while (gNamesit.hasNext()) + sb.append(" " + gNamesit.next()); + + givenName = sb.toString(); + } - return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, sb.toString()); + return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java index e70326114..d1da36aa3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -26,7 +26,6 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -42,35 +41,37 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { - String text = null; + if(authData.isUseMandate()) { + String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class); - MISMandate misMandate = authData.getMISMandate(); - - if(misMandate == null) { - throw new NoMandateDataAttributeException(); - } - - text = misMandate.getTextualDescriptionOfOID(); - - if (MiscUtil.isEmpty(text)) { - Element mandate = authData.getMandate(); - if (mandate == null) { + if (MiscUtil.isEmpty(profRepName)) { + MISMandate misMandate = authData.getMISMandate(); + + if(misMandate == null) { throw new NoMandateDataAttributeException(); } - Mandate mandateObject = MandateBuilder.buildMandate(authData.getMandate()); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - - text = mandateObject.getAnnotation(); + profRepName = misMandate.getTextualDescriptionOfOID(); + + if (MiscUtil.isEmpty(profRepName)) { + Element mandate = authData.getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(authData.getMandate()); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + } + + profRepName = mandateObject.getAnnotation(); + + } } - if(MiscUtil.isNotEmpty(text)) + if(MiscUtil.isNotEmpty(profRepName)) return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, - MANDATE_PROF_REP_DESC_NAME, text); + MANDATE_PROF_REP_DESC_NAME, profRepName); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java index 89e9198b6..3cfc40d22 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -38,19 +37,23 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { + if (authData.isUseMandate()) { + String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class); - MISMandate mandate = authData.getMISMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); + if (MiscUtil.isEmpty(profRepOID)) { + MISMandate mandate = authData.getMISMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + } + + profRepOID = mandate.getProfRep(); + } - - String oid = mandate.getProfRep(); - if(MiscUtil.isEmpty(oid)) + if(MiscUtil.isEmpty(profRepOID)) return null; else - return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid); + return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java index 040174e26..573f0584a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java @@ -26,11 +26,11 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder { @@ -40,17 +40,26 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder { public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } + if (authData.isUseMandate()) { + //get PVP attribute directly, if exists + String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class); - return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation()); + if (MiscUtil.isEmpty(mandateType)) { + Element mandate = authData.getMandate(); + if (mandate == null) { + throw new NoMandateDataAttributeException(); + + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAttributeException(); + + } + mandateType = mandateObject.getAnnotation(); + + } + + return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index bd6399377..c733e662a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -50,7 +50,6 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; @@ -80,31 +79,29 @@ public class AttributQueryAction implements IAction { * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) */ @Override - public SLOInformationInterface processRequest(IRequest req, + public SLOInformationInterface processRequest(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - if (req instanceof PVPTargetConfiguration && - ((PVPTargetConfiguration) req).getRequest() instanceof MOARequest && - ((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest() instanceof AttributeQuery) { + if (pendingReq instanceof PVPTargetConfiguration && + ((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest && + ((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) { - AttributeQuery attrQuery = (AttributeQuery)((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest(); + //set time reference + DateTime date = new DateTime(); - //load moaSession - String nameID = attrQuery.getSubject().getNameID().getValue(); + //load session and request information + AuthenticationSession moaSession = + pendingReq.getGenericData(PVPTargetConfiguration.DATAID_MOASESSION, AuthenticationSession.class); + + AttributeQuery attrQuery = + (AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest(); - AuthenticationSession session = authenticationSessionStorage.getSessionWithUserNameID(nameID); - if (session == null) { - Logger.warn("AttributeQuery nameID does not match to an active single sign-on session."); - throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null); - - } - - DateTime date = new DateTime(); - //generate authData - authData = authDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes()); + //generate authData for AttributQueryRequest + authData = authDataBuilder.buildAuthenticationDataForAttributQuery(pendingReq, moaSession, attrQuery.getAttributes()); + //add default attributes in case of mandates or STORK is in use List<String> attrList = addDefaultAttributes(attrQuery, authData); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 08d9f67b6..57c1aa8af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -57,11 +57,15 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; @@ -83,6 +87,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; @@ -188,7 +193,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { req.getRemoteAddr()); //get POST-Binding decoder implementation - InboundMessage msg = (InboundMessage) new PostBinding().decode(req, resp, false); + InboundMessage msg = (InboundMessage) new PostBinding().decode(req, resp, MOAMetadataProvider.getInstance(), false); pendingReq.setRequest(msg); //preProcess Message @@ -236,7 +241,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { req.getRemoteAddr()); //get POST-Binding decoder implementation - InboundMessage msg = (InboundMessage) new RedirectBinding().decode(req, resp, false); + InboundMessage msg = (InboundMessage) new RedirectBinding().decode(req, resp, MOAMetadataProvider.getInstance(), false); pendingReq.setRequest(msg); //preProcess Message @@ -261,9 +266,57 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { } + //PVP2.x IDP SOAP-Binding end-point + @RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST}) + public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + if (!authConfig.getAllowedProtocols().isPVP21Active()) { + Logger.info("PVP2.1 is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } + + try { + //create pendingRequest object + PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); + pendingReq.initialize(req); + pendingReq.setModule(NAME); + + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //get POST-Binding decoder implementation + InboundMessage msg = (InboundMessage) new SoapBinding().decode(req, resp, MOAMetadataProvider.getInstance(), false); + pendingReq.setRequest(msg); + + //preProcess Message + preProcess(req, resp, pendingReq); + + } catch (SecurityPolicyException e) { + String samlRequest = req.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + + } catch (SecurityException e) { + String samlRequest = req.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + + } catch (Throwable e) { + String samlRequest = req.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + + throw new MOAIDException(e.getMessage(), new Object[] {}); + } + } + - public void preProcess(HttpServletRequest request, + private void preProcess(HttpServletRequest request, HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable { InboundMessage msg = pendingReq.getRequest(); @@ -274,7 +327,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { } if(!msg.isVerified()) { - samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + samlVerificationEngine.verify(msg, + TrustEngineFactory.getSignatureKnownKeysTrustEngine(MOAMetadataProvider.getInstance())); msg.setVerified(true); } @@ -521,7 +575,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID()); + OAAuthParameter oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID()); if (!oa.isInderfederationIDP()) { Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs."); throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null); @@ -533,17 +587,39 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null); } + + //check active MOASession + String nameID = attrQuery.getSubject().getNameID().getValue(); + AuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID); + if (session == null) { + Logger.warn("AttributeQuery nameID does not match to an active single sign-on session."); + throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null); + } + + //search federated IDP information for this MOASession + + + InterfederationSessionStore interfIDP = + authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session); + + //build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration + IOAAuthParameters spConfig = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(oa, attrQuery.getAttributes(), interfIDP); + + //set preProcessed information into pending-request pendingReq.setRequest(moaRequest); pendingReq.setOAURL(moaRequest.getEntityID()); - pendingReq.setOnlineApplicationConfiguration(oa); + pendingReq.setOnlineApplicationConfiguration(spConfig); pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - //Attribute-Query Request needs authentication - pendingReq.setNeedAuthentication(true); - + //Attribute-Query Request needs authentication, because session MUST be already authenticated + pendingReq.setNeedAuthentication(false); + //set protocol action, which should be executed after authentication pendingReq.setAction(AttributQueryAction.class.getName()); + + //add moasession + pendingReq.setGenericDataToSession(PVPTargetConfiguration.DATAID_MOASESSION, session); //write revisionslog entry revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 1d2754e3f..c2b61aaa7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -276,6 +276,6 @@ public interface PVPConstants { public static final int CHARGE_CODE_MAX_LENGTH = 32767; public static final String PVP_HOLDEROFKEY_OID = "1.2.40.0.10.2.1.1.261.xx.xx"; - public static final String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_VERSION_OID; + public static final String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_HOLDEROFKEY_OID; public static final String PVP_HOLDEROFKEY_FRIENDLY_NAME = "HOLDER-OF-KEY-CERTIFICATE"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 27773a248..a8e02c317 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -46,6 +46,12 @@ import at.gv.egovernment.moa.logging.Logger; @Scope(value = BeanDefinition.SCOPE_PROTOTYPE) public class PVPTargetConfiguration extends RequestImpl { + public static final String DATAID_MOASESSION = "moasession"; + public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse"; + public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID"; + public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel"; + public static final String DATAID_INTERFEDERATION_ATTRQUERYCONTAINERID = "attrQueryContainerID"; + private static final long serialVersionUID = 4889919265919638188L; InboundMessage request; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java index 6619876dc..86b31f1eb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.xml.security.SecurityException; @@ -33,7 +34,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface public interface IDecoder { public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, boolean isSPEndPoint) + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint) throws MessageDecodingException, SecurityException, PVP2Exception; public boolean handleDecode(String action, HttpServletRequest req); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index ebb4b2991..6d376faa0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -37,6 +37,7 @@ import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.ws.security.SecurityPolicyResolver; @@ -56,7 +57,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -146,7 +146,7 @@ public class PostBinding implements IDecoder, IEncoder { } public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException, + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint) throws MessageDecodingException, SecurityException { HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); @@ -168,13 +168,13 @@ public class PostBinding implements IDecoder, IEncoder { throw new SecurityException(e); } - messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); + messageContext.setMetadataProvider(metadataProvider); //set security policy context BasicSecurityPolicy policy = new BasicSecurityPolicy(); policy.getPolicyRules().add( new MOAPVPSignedRequestPolicyRule( - TrustEngineFactory.getSignatureKnownKeysTrustEngine(), + TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider), messageContext.getPeerEntityRole())); SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy); messageContext.setSecurityPolicyResolver(secResolver); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 0ff18d903..683a72e67 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -38,6 +38,7 @@ import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.ws.security.SecurityPolicyResolver; @@ -133,7 +134,7 @@ public class RedirectBinding implements IDecoder, IEncoder { } public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException, + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint) throws MessageDecodingException, SecurityException { HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( @@ -159,10 +160,10 @@ public class RedirectBinding implements IDecoder, IEncoder { } - messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); + messageContext.setMetadataProvider(metadataProvider); SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); BasicSecurityPolicy policy = new BasicSecurityPolicy(); policy.getPolicyRules().add(signatureRule); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index cc3553551..12b571ed1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -34,6 +34,7 @@ import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.ws.soap.soap11.Envelope; @@ -63,7 +64,7 @@ public class SoapBinding implements IDecoder, IEncoder { @Autowired private IDPCredentialProvider credentialProvider; public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException, + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint) throws MessageDecodingException, SecurityException, PVP2Exception { HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = @@ -71,7 +72,7 @@ public class SoapBinding implements IDecoder, IEncoder { messageContext .setInboundMessageTransport(new HttpServletRequestAdapter( req)); - messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); + messageContext.setMetadataProvider(metadataProvider); //TODO: update in a futher version: // requires a special SignedSOAPRequestPolicyRole because diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 23ea4d7ee..164583f77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -29,24 +29,22 @@ import java.util.List; import java.util.ServiceLoader; import org.opensaml.saml2.core.Attribute; - -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import org.opensaml.saml2.metadata.RequestedAttribute; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; - +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; - import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; - import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; public class PVPAttributeBuilder { @@ -148,4 +146,13 @@ public class PVPAttributeBuilder { return attributes; } + public static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) { + RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class); + attribute.setIsRequired(required); + attribute.setName(name); + attribute.setFriendlyName(friendlyName); + attribute.setNameFormat(Attribute.URI_REFERENCE); + return attribute; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java index 312bb823d..0a0be2a2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java @@ -33,9 +33,11 @@ import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDPolicy; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.ws.message.encoder.MessageEncodingException; @@ -51,6 +53,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildExce import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -98,7 +101,7 @@ public class PVPAuthnRequestBuilder { if (endpoint == null) { Logger.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID() + " does not support POST or Redirect Binding."); - throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{idpEntity.getEntityID()}); + throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{config.getSPNameForLogging(), idpEntity.getEntityID()}); } else authReq.setDestination(endpoint.getLocation()); @@ -148,7 +151,23 @@ public class PVPAuthnRequestBuilder { reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); authReq.setRequestedAuthnContext(reqAuthContext); } - + + //set request Subject element + if (MiscUtil.isNotEmpty(config.getSubjectNameID())) { + Subject reqSubject = SAML2Utils.createSAMLObject(Subject.class); + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + + subjectNameID.setValue(config.getSubjectNameID()); + if (MiscUtil.isNotEmpty(config.getSubjectNameIDFormat())) + subjectNameID.setFormat(config.getSubjectNameIDFormat()); + else + subjectNameID.setFormat(NameID.TRANSIENT); + + reqSubject.setNameID(subjectNameID); + authReq.setSubject(reqSubject ); + + } + //TODO: implement requested attributes //maybe: config.getRequestedAttributes(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index af22a2d7e..03cfe27d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -284,6 +284,7 @@ public class PVP2AssertionBuilder implements PVPConstants { NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); //build nameID and nameID Format from moasession + //TODO: nameID generation if (authData.isUseMandate()) { Element mandate = authData.getMandate(); if(mandate == null) { @@ -395,7 +396,10 @@ public class PVP2AssertionBuilder implements PVPConstants { subjectNameID.setValue(authData.getNameID()); sessionIndex = authData.getSessionIndex(); - } else + } + + // + if (MiscUtil.isEmpty(sessionIndex)) sessionIndex = SAML2Utils.getSecureIdentifier(); SubjectConfirmationData subjectConfirmationData = SAML2Utils diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java index e0994ff19..9a51e75e4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java @@ -285,4 +285,12 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#getSPNameForLogging() + */ + @Override + public String getSPNameForLogging() { + return "MOA-ID-Auth"; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java index d51231044..e209d0bc5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java @@ -33,6 +33,13 @@ import org.opensaml.xml.security.credential.Credential; public interface IPVPAuthnRequestBuilderConfiguruation { /** + * Defines a unique name for this PVP Service-provider, which is used for logging + * + * @return + */ + public String getSPNameForLogging(); + + /** * If true, the SAML2 isPassive flag is set in the AuthnRequest * * @return @@ -110,5 +117,13 @@ public interface IPVPAuthnRequestBuilderConfiguruation { * @return SubjectNameID, or null if no SubjectNameID should be used */ public String getSubjectNameID(); + + /** + * Define the format of the subjectNameID, which is included in authn-request + * + * + * @return nameIDFormat, of SAML2 'transient' if nothing is defined + */ + public String getSubjectNameIDFormat(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java index 52096fd19..56274535b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java @@ -40,6 +40,13 @@ public interface IPVPMetadataBuilderConfiguration { /** + * Defines a unique name for this PVP Service-provider, which is used for logging + * + * @return + */ + public String getSPNameForLogging(); + + /** * Set metadata valid area * * @return valid until in hours [h] diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 03fa686f9..6e87abb06 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -31,12 +31,9 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import java.util.Timer; -import javax.net.ssl.SSLHandshakeException; import javax.xml.namespace.QName; -import org.apache.commons.httpclient.MOAHttpClient; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -47,20 +44,13 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; import org.opensaml.xml.XMLObject; -import org.opensaml.xml.parse.BasicParserPool; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; -import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing; import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; @@ -68,7 +58,8 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; -public class MOAMetadataProvider implements ObservableMetadataProvider, IGarbageCollectorProcessing { +public class MOAMetadataProvider extends SimpleMOAMetadataProvider + implements ObservableMetadataProvider, IGarbageCollectorProcessing { private static MOAMetadataProvider instance = null; private static Object mutex = new Object(); @@ -151,10 +142,9 @@ public class MOAMetadataProvider implements ObservableMetadataProvider, IGarbage String oaFriendlyName = oaParam.getFriendlyName(); ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider; - HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL, - cert, oaFriendlyName, - buildMetadataFilterChain(oaParam, metadataURL, - cert)); + HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL, + buildMetadataFilterChain(oaParam, metadataURL, cert), + oaFriendlyName); chainProvider.addMetadataProvider(newMetadataProvider); @@ -264,11 +254,9 @@ public class MOAMetadataProvider implements ObservableMetadataProvider, IGarbage Logger.info("Loading metadata for: " + oaFriendlyName); httpProvider = createNewHTTPMetaDataProvider( - metadataurl, - cert, - oaFriendlyName, - buildMetadataFilterChain(oaParam, metadataurl, - cert)); + metadataurl, + buildMetadataFilterChain(oaParam, metadataurl, cert), + oaFriendlyName); if (httpProvider != null) providersinuse.put(metadataurl, httpProvider); @@ -389,10 +377,8 @@ public class MOAMetadataProvider implements ObservableMetadataProvider, IGarbage if (!providersinuse.containsKey(metadataurl)) { httpProvider = createNewHTTPMetaDataProvider( metadataurl, - cert, - oaFriendlyName, - buildMetadataFilterChain(oaParam, metadataurl, - cert)); + buildMetadataFilterChain(oaParam, metadataurl, cert), + oaFriendlyName); if (httpProvider != null) providersinuse.put(metadataurl, httpProvider); @@ -450,86 +436,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider, IGarbage return filterChain; } - - private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, PVPMetadataFilterChain filter) { - HTTPMetadataProvider httpProvider = null; - Timer timer= null; - MOAHttpClient httpClient = null; - try { - httpClient = new MOAHttpClient(); - - if (metadataURL.startsWith("https:")) { - try { - MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, - AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(), - AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), - null, - AuthConfiguration.DEFAULT_X509_CHAININGMODE, - AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking()); - - httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); - - } catch (MOAHttpProtocolSocketFactoryException e) { - Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); - - } - } - - timer = new Timer(); - httpProvider = new HTTPMetadataProvider(timer, httpClient, - metadataURL); - httpProvider.setParserPool(new BasicParserPool()); - httpProvider.setRequireValidMetadata(true); - httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes - httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours - //httpProvider.setRefreshDelayFactor(0.1F); - - if (filter == null) { - filter = new PVPMetadataFilterChain(metadataURL, certificate); - } - httpProvider.setMetadataFilter(filter); - httpProvider.initialize(); - - httpProvider.setRequireValidMetadata(true); - - return httpProvider; - - } catch (Throwable e) { - if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { - Logger.warn("SSL-Server certificate for metadata " - + metadataURL + " not trusted.", e); - - } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { - Logger.warn("Signature verification for metadata" - + metadataURL + " FAILED.", e); - - } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { - Logger.warn("Schema validation for metadata " - + metadataURL + " FAILED.", e); - } - - Logger.error( - "Failed to add Metadata file for " - + oaName + "[ " - + e.getMessage() + " ]", e); - - if (httpProvider != null) { - Logger.debug("Destroy failed Metadata provider"); - httpProvider.destroy(); - } - - if (timer != null) { - Logger.debug("Destroy Timer."); - timer.cancel(); - } - - - } - return null; - } - public boolean requireValidMetadata() { return internalProvider.requireValidMetadata(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java new file mode 100644 index 000000000..6d646c609 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java @@ -0,0 +1,135 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; + +import java.util.Timer; + +import javax.net.ssl.SSLHandshakeException; + +import org.apache.commons.httpclient.MOAHttpClient; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.xml.parse.BasicParserPool; + +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public abstract class SimpleMOAMetadataProvider implements MetadataProvider{ + + /** + * Create a single SAML2 HTTP metadata provider + * + * @param metadataURL URL, where the metadata should be loaded + * @param filter Filters, which should be used to validate the metadata + * @param IdForLogging Id, which is used for Logging + * + * @return SAML2 Metadata Provider + */ + protected HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging ) { + HTTPMetadataProvider httpProvider = null; + Timer timer= null; + MOAHttpClient httpClient = null; + try { + httpClient = new MOAHttpClient(); + + if (metadataURL.startsWith("https:")) { + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(), + AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking()); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } + } + + timer = new Timer(); + httpProvider = new HTTPMetadataProvider(timer, httpClient, + metadataURL); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes + httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + //httpProvider.setRefreshDelayFactor(0.1F); + + httpProvider.setMetadataFilter(filter); + httpProvider.initialize(); + + httpProvider.setRequireValidMetadata(true); + + return httpProvider; + + } catch (Throwable e) { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + Logger.warn("SSL-Server certificate for metadata " + + metadataURL + " not trusted.", e); + + } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + Logger.warn("Signature verification for metadata" + + metadataURL + " FAILED.", e); + + } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + Logger.warn("Schema validation for metadata " + + metadataURL + " FAILED.", e); + } + + Logger.error( + "Failed to load Metadata file for " + + IdForLogging + "[ " + + e.getMessage() + " ]", e); + + if (httpProvider != null) { + Logger.debug("Destroy failed Metadata provider"); + httpProvider.destroy(); + } + + if (timer != null) { + Logger.debug("Destroy Timer."); + timer.cancel(); + } + + + } + + return null; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index 9c294245f..8787df82d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -24,9 +24,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.utils; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Attribute; @@ -111,7 +113,7 @@ public class AssertionAttributeExtractor { * * @return */ - public boolean containsAllRequiredAttributes(List<String> attributeNameList) { + public boolean containsAllRequiredAttributes(Collection<String> attributeNameList) { //first check if a bPK or an encrypted bPK is available if (attributs.containsKey(PVPConstants.ENC_BPK_LIST_NAME) || @@ -152,6 +154,16 @@ public class AssertionAttributeExtractor { } + /** + * Return all include PVP attribute names + * + * @return + */ + public Set<String> getAllIncludeAttributeNames() { + return attributs.keySet(); + + } + // public PersonalAttributeList getSTORKAttributes() { // return storkAttributes; // } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java index 67a91f6e1..3ea124db6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; import java.util.ArrayList; import java.util.List; +import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.security.MetadataCredentialResolver; import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver; import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; @@ -35,8 +36,6 @@ import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider; import org.opensaml.xml.signature.SignatureTrustEngine; import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; //import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine; - -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; //import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver; public class TrustEngineFactory { @@ -65,11 +64,10 @@ public class TrustEngineFactory { // } // } - public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() { + public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(MetadataProvider provider) { MetadataCredentialResolver resolver; - resolver = new MetadataCredentialResolver( - MOAMetadataProvider.getInstance()); + resolver = new MetadataCredentialResolver(provider); List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); keyInfoProvider.add(new DSAKeyValueProvider()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java new file mode 100644 index 000000000..f67c475bb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java @@ -0,0 +1,130 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; + +import java.io.IOException; +import java.io.StringWriter; + +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; + +import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class MOASPMetadataSignatureFilter implements MetadataFilter { + + private String trustProfileID = null; + + /** + * + */ + public MOASPMetadataSignatureFilter(String trustProfileID) { + this.trustProfileID = trustProfileID; + + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject metadata) throws FilterException { + if (metadata instanceof EntityDescriptor) { + if (((EntityDescriptor) metadata).isSigned()) { + EntityDescriptor entityDes = (EntityDescriptor) metadata; + //check signature; + try { + Transformer transformer = TransformerFactory.newInstance() + .newTransformer(); + StringWriter sw = new StringWriter(); + StreamResult sr = new StreamResult(sw); + DOMSource source = new DOMSource(metadata.getDOM()); + transformer.transform(source, sr); + sw.close(); + String metadataXML = sw.toString(); + + SignatureVerificationUtils sigVerify = + new SignatureVerificationUtils(); + VerifyXMLSignatureResponse result = sigVerify.verify( + metadataXML.getBytes(), trustProfileID); + + //check signature-verification result + if (result.getSignatureCheckCode() != 0) { + Logger.warn("Metadata signature-verification FAILED!" + + " Metadata: " + entityDes.getEntityID() + + " StatusCode:" + result.getSignatureCheckCode()); + throw new FilterException("Metadata signature-verification FAILED!" + + " Metadata: " + entityDes.getEntityID() + + " StatusCode:" + result.getSignatureCheckCode()); + + } + + if (result.getCertificateCheckCode() != 0) { + Logger.warn("Metadata certificate-verification FAILED!" + + " Metadata: " + entityDes.getEntityID() + + " StatusCode:" + result.getCertificateCheckCode()); + throw new FilterException("Metadata certificate-verification FAILED!" + + " Metadata: " + entityDes.getEntityID() + + " StatusCode:" + result.getCertificateCheckCode()); + + } + + + } catch (MOAIDException | TransformerFactoryConfigurationError | TransformerException | IOException e) { + Logger.error("Metadata verification has an interal error.", e); + throw new FilterException("Metadata verification has an interal error." + + " Message:" + e.getMessage()); + + } + + + } else { + Logger.warn("Metadata root-element MUST be signed."); + throw new FilterException("Metadata root-element MUST be signed.'"); + + } + + } else { + Logger.warn("Metadata root-element is not of type 'EntityDescriptor'"); + throw new FilterException("Metadata root-element is not of type 'EntityDescriptor'"); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java index 1aca587c9..69fe0ee6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java @@ -22,16 +22,13 @@ */ package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; -import org.opensaml.saml2.metadata.provider.FilterException; -import org.opensaml.saml2.metadata.provider.MetadataFilter; -import org.opensaml.xml.XMLObject; - import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; import org.opensaml.common.xml.SAMLSchemaBuilder; - +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.config.ConfigurationException; |