aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-06-20 15:11:13 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-06-20 15:11:13 +0200
commit139926faa31ae3ed34dc0083fee503d439112281 (patch)
treebf69a673df4a222653b47c0b8da88588065e2271 /id/server/idserverlib/src/main/java/at
parent1f8f686bee862ae95e32fc79664d82dcc21f708f (diff)
downloadmoa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.gz
moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.bz2
moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.zip
refactor PVP2 S-Profile implementation and perform first tests
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java114
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java108
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java190
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java114
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java75
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java60
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java151
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java835
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java99
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java133
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java53
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java240
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java244
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java176
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java147
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java171
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java207
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java221
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java442
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java543
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java88
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java162
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java238
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java64
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java152
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java87
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html851
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java116
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java615
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java257
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java218
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java292
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java145
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java187
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java81
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java158
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java197
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java87
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java138
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java230
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java54
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java106
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java73
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java57
115 files changed, 568 insertions, 10747 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index 54e459db1..2c1e47009 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -35,10 +35,7 @@ import at.gv.egiz.components.eventlog.api.EventConstants;
public interface MOAIDEventConstants extends EventConstants {
//auth protocol specific information
- public static final int AUTHPROTOCOL_TYPE = 3000;
- public static final int AUTHPROTOCOL_PVP_METADATA = 3100;
- public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101;
public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102;
public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103;
public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index e630455b4..8298b082b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -34,6 +34,7 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -63,8 +64,8 @@ public class MOAReversionLogger implements IRevisionLogger {
MOAIDEventConstants.TRANSACTION_DESTROYED,
MOAIDEventConstants.TRANSACTION_ERROR,
MOAIDEventConstants.TRANSACTION_IP,
- MOAIDEventConstants.AUTHPROTOCOL_TYPE,
- MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA,
+ IRevisionLogger.AUTHPROTOCOL_TYPE,
+ PVPEventConstants.AUTHPROTOCOL_PVP_METADATA,
MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER,
MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
deleted file mode 100644
index 6f98357e2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-/**
- * @author tlenz
- *
- */
-public interface IDestroyableObject {
- /**
- * Manually deep destroy a Java object with all child objects like timers and threads
- *
- */
- public void fullyDestroy();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
deleted file mode 100644
index 27d142f2c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-/**
- * @author tlenz
- *
- */
-public interface IGarbageCollectorProcessing {
-
- /**
- * This method gets executed by the MOA garbage collector at regular intervals.
- *
- */
- public void runGarbageCollector();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
deleted file mode 100644
index d918be463..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-
-/**
- *
- * @author tlenz
- *
- * Interface initialize a Object when the MOA-ID-Auth start-up process is fully completed
- *
- */
-public interface IPostStartupInitializable {
-
- /**
- * This method is called once when MOA-ID-Auth start-up process is fully completed
- *
- */
- public void executeAfterStartup();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
index 52e30a2f0..f88267ad7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
@@ -33,6 +33,7 @@ import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.logging.Logger;
@Service("MOAGarbageCollector")
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 738f733a8..998817b19 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -50,6 +50,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -73,9 +74,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
-import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.id.util.LoALevelMapper;
@@ -100,6 +99,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
@Autowired protected AuthConfiguration authConfig;
+ @Autowired private LoALevelMapper loaLevelMapper;
@Override
public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -124,7 +124,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
try {
//check if SAML1 authentication module is in Classpath
Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
- IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();
+ //IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();
+ IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").getConstructor(LoALevelMapper.class).newInstance(loaLevelMapper);
if (saml1RequstTemplate != null &&
saml1RequstTemplate.isInstance(pendingReq)) {
//request is SAML1 --> invoke SAML1 protocol specific methods
@@ -138,12 +139,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
authdata = (MOAAuthenticationData) saml1authdata;
} else {
- authdata = new MOAAuthenticationData();
+ authdata = new MOAAuthenticationData(loaLevelMapper);
}
} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {
- authdata = new MOAAuthenticationData();
+ authdata = new MOAAuthenticationData(loaLevelMapper);
}
@@ -162,13 +163,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq);
Boolean isMinimalFrontChannelResp = pendingReq.getGenericData(
- PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
+ MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) {
//only set minimal response attributes
authdata.setQAALevel(
- pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, String.class));
+ pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
authdata.setBPK(
- pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, String.class));
+ pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
} else {
//build AuthenticationData from MOASession
@@ -297,18 +298,18 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
if (MiscUtil.isNotEmpty(currentLoA)) {
if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
authData.setQAALevel(currentLoA);
- authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+ authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
- authData.setQAALevel(LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(currentLoA));
+ authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
authData.seteIDASLoA(currentLoA);
- } else {
- Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");
- String mappedStorkQAA = LoALevelMapper.getInstance().mapToQAALevel(currentLoA);
+ } else {
+ Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");
+ String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
- authData.setQAALevel(currentLoA);
- authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+ authData.setQAALevel(mappedStorkQAA);
+ authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index a7f6e873f..4bc4a7e81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -59,9 +59,9 @@ import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index a1d31f5ae..e600505a2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -28,7 +28,7 @@ import java.util.List;
import org.opensaml.saml2.core.Attribute;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -50,7 +50,7 @@ public class DynamicOAAuthParameterBuilder {
for (Attribute attr : reqAttributes) {
//get Target or BusinessService from request
- if (attr.getName().equals(PVPAttributeConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+ if (attr.getName().equals(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent();
if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) {
//dynamicOA.setBusinessService(false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
new file mode 100644
index 000000000..aa462c480
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Service;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+@Service("MOASAML2SubjectNameIDGenerator")
+public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator {
+
+ @Override
+ public Pair<String, String> generateSubjectNameId(IAuthData authData, ISPConfiguration spConfig) throws PVP2Exception {
+ //build nameID and nameID Format from moasessio
+ if (authData instanceof IMOAAuthData &&
+ ((IMOAAuthData)authData).isUseMandate()) {
+ String bpktype = null;
+ String bpk = null;
+
+ Element mandate = ((IMOAAuthData)authData).getMandate();
+ if(mandate != null) {
+ Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
+ Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+ if(mandateObject == null) {
+ throw new NoMandateDataAvailableException();
+ }
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+ PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
+
+ IdentificationType id;
+ if(corporation != null && corporation.getIdentification().size() > 0)
+ id = corporation.getIdentification().get(0);
+
+
+ else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
+ id = pysicalperson.getIdentification().get(0);
+
+ else {
+ Logger.error("Failed to generate IdentificationType");
+ throw new NoMandateDataAvailableException();
+ }
+
+ bpktype = id.getType();
+ bpk = id.getValue().getValue();
+
+ } else {
+ Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
+ bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
+ bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);
+
+ if (StringUtils.isEmpty(bpk)) {
+ //no sourcePin is included --> search for bPK
+ bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
+
+ try {
+ if (bpk.contains(":"))
+ bpk = bpk.split(":")[1];
+
+ } catch (Exception e) {
+ Logger.warn("Can not split bPK from mandator attribute!", e);
+
+ }
+
+ //set bPK-Type from configuration, because it MUST be equal to service-provider type
+ bpktype = spConfig.getAreaSpecificTargetIdentifier();
+
+ } else {
+ //sourcePin is include --> check sourcePinType
+ if (StringUtils.isEmpty(bpktype))
+ bpktype = Constants.URN_PREFIX_BASEID;
+
+ }
+ }
+
+ if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(bpktype)) {
+ throw new NoMandateDataAvailableException();
+
+ }
+
+ if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {
+ try {
+ return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier());
+
+ } catch (BuildException e) {
+ Logger.warn("Can NOT generate SubjectNameId." , e);
+ throw new ResponderErrorException("pvp2.01", null);
+
+ }
+
+ } else
+ return Pair.newInstance(bpk, bpktype);
+
+ } else
+ return Pair.newInstance(authData.getBPK(), authData.getBPKType());
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
deleted file mode 100644
index 8def0f860..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Component("RestartAuthProzessManagement")
-public class RestartAuthProzessManagement extends AbstractAuthServletTask {
-
- @Autowired ProcessEngine processEngine;
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
- */
- @Override
- public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws TaskExecutionException {
- try {
- //create a new execution context and copy all elements to new context
- ExecutionContext newec = new ExecutionContextImpl();
- Set<String> entries = executionContext.keySet();
- for (String key : entries) {
- newec.put(key, executionContext.get(key));
-
- }
-
- Logger.debug("Select new auth.-process and restart restart process-engine ... ");
-
- // select and create new process instance
- String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec);
- if (processDefinitionId == null) {
- Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getPendingRequestId());
- throw new MOAIDException("process.02", new Object[] { pendingReq.getPendingRequestId() });
- }
-
- String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec);
-
- // keep process instance id in moa session
- ((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId);
-
- // make sure pending request has been persisted before running the process
- try {
- requestStoreage.storePendingRequest(pendingReq);
-
- } catch (MOAIDException e) {
- Logger.error("Database Error! MOASession is not stored!");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getPendingRequestId() });
-
- }
-
- Logger.info("Restart process-engine with auth.process:" + processDefinitionId);
-
- // start process
- processEngine.start(pendingReq);
-
-
- } catch (MOAIDException e) {
- throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-
- } catch (Exception e) {
- Logger.warn("RestartAuthProzessManagement has an internal error", e);
- throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-
- }
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 10c271b6a..0e1e1bf12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -33,6 +33,7 @@ import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -43,7 +44,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index f9aa1b83c..448e2a0f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -44,6 +44,8 @@ import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -52,10 +54,8 @@ import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -169,11 +169,11 @@ public class IDPSingleLogOutServlet extends AbstractController {
String redirectURL = null;
IRequest sloReq = sloContainer.getSloRequest();
- if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+ if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
//send SLO response to SLO request issuer
- SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloContainer.getSloRequest());
- LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
- redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPTargetConfiguration)sloContainer.getSloRequest()).getRequest().getRelayState());
+ SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest());
+ LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
+ redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPSProfilePendingRequest)sloContainer.getSloRequest()).getRequest().getRelayState());
} else {
//print SLO information directly
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
index 9380d3b64..a9be3f51d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
@@ -53,10 +53,10 @@ import java.util.Properties;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.SpringProfileConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.util.config.EgovUtilPropertiesConfiguration;
@@ -187,7 +187,7 @@ public abstract class ConfigurationProviderImpl extends AbstractConfigurationImp
//Initialize OpenSAML for STORK
Logger.info("Starting initialization of OpenSAML...");
- MOADefaultBootstrap.bootstrap();
+ EAAFDefaultSAML2Bootstrap.bootstrap();
//DefaultBootstrap.bootstrap();
Logger.debug("OpenSAML successfully initialized");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
deleted file mode 100644
index 38f6948d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-
-/**
- * @author tlenz
- *
- */
-public interface ISLOInformationContainer {
-
- boolean hasFrontChannelOA();
-
- Set<Entry<String, SLOInformationImpl>> getFrontChannelOASessionDescriptions();
-
- void removeFrontChannelOA(String oaID);
-
- Iterator<String> getNextBackChannelOA();
-
- SLOInformationImpl getBackChannelOASessionDescripten(String oaID);
-
- void removeBackChannelOA(String oaID);
-
- /**
- * @return the sloRequest
- */
- PVPTargetConfiguration getSloRequest();
-
- /**
- * @param sloRequest the sloRequest to set
- */
- void setSloRequest(PVPTargetConfiguration sloRequest);
-
- /**
- * @return the sloFailedOAs
- */
- List<String> getSloFailedOAs();
-
- void putFailedOA(String oaID);
-
- public String getTransactionID();
-
- public String getSessionID();
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index ba3eba2e6..e0dd30db3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -29,10 +29,10 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.id.util.LoALevelMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -68,6 +68,12 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
private boolean interfederatedSSOSession;
private String interfederatedIDP;
+ private LoALevelMapper loaMapper;
+
+ public MOAAuthenticationData(LoALevelMapper loaMapper) {
+ this.loaMapper = loaMapper;
+
+ }
/**
* @return
@@ -76,7 +82,7 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
public String getQAALevel() {
if (this.QAALevel != null &&
this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
- String mappedQAA = LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+ String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
if (MiscUtil.isNotEmpty(mappedQAA))
return mappedQAA;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
deleted file mode 100644
index 0b46345d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.data;
-
-public class Pair<P1, P2> {
- private final P1 first;
- private final P2 second;
-
- private Pair(final P1 newFirst, final P2 newSecond) {
- this.first = newFirst;
- this.second = newSecond;
- }
-
- public P1 getFirst() {
- return this.first;
- }
-
- public P2 getSecond() {
- return this.second;
- }
-
- public static <P1, P2> Pair<P1, P2> newInstance(final P1 newFirst, final P2 newSecond) {
- return new Pair<P1, P2>(newFirst, newSecond);
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
deleted file mode 100644
index 5ff923bce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.io.Serializable;
-
-import org.opensaml.saml2.metadata.SingleLogoutService;
-
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-
-
-/**
- * @author tlenz
- *
- */
-public class SLOInformationImpl implements SLOInformationInterface, Serializable {
-
- private static final long serialVersionUID = 295577931870512387L;
- private String sessionIndex = null;
- private String nameID = null;
- private String protocolType = null;
- private String nameIDFormat = null;
- private String binding = null;
- private String serviceURL = null;
- private String authURL = null;
- private String spEntityID = null;
-
- public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType) {
- new SLOInformationImpl(authURL, spEntityID, sessionID, nameID, nameIDFormat, protocolType, null);
- }
-
- public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
- this.sessionIndex = sessionID;
- this.nameID = nameID;
- this.nameIDFormat = nameIDFormat;
- this.protocolType = protocolType;
- this.spEntityID = spEntityID;
-
- if (authURL.endsWith("/"))
- this.authURL = authURL.substring(0, authURL.length()-1);
- else
- this.authURL = authURL;
-
- if (sloService != null) {
- this.binding = sloService.getBinding();
- this.serviceURL = sloService.getLocation();
-
- }
- }
-
-
- /**
- *
- */
- public SLOInformationImpl() {
-
- }
-
-
-
- /**
- * @return the spEntityID
- */
- public String getSpEntityID() {
- return spEntityID;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex()
- */
- @Override
- public String getSessionIndex() {
- return sessionIndex;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier()
- */
- @Override
- public String getUserNameIdentifier() {
- return nameID;
-
- }
-
-
- /**
- * @param sessionIndex the sessionIndex to set
- */
- public void setSessionIndex(String sessionIndex) {
- this.sessionIndex = sessionIndex;
- }
-
-
- /**
- * @param nameID the nameID to set
- */
- public void setUserNameIdentifier(String nameID) {
- this.nameID = nameID;
- }
-
-
-
- /**
- * @param protocolType the protocolType to set
- */
- public void setProtocolType(String protocolType) {
- this.protocolType = protocolType;
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType()
- */
- @Override
- public String getProtocolType() {
- return protocolType;
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat()
- */
- @Override
- public String getUserNameIDFormat() {
- return this.nameIDFormat;
- }
-
-
- /**
- * @param nameIDFormat the nameIDFormat to set
- */
- public void setNameIDFormat(String nameIDFormat) {
- this.nameIDFormat = nameIDFormat;
- }
-
- /**
- * @return the binding
- */
- public String getBinding() {
- return binding;
- }
-
- /**
- * @return the serviceURL
- */
- public String getServiceURL() {
- return serviceURL;
- }
-
- /**
- * @return the authURL from requested IDP without ending /
- */
- public String getAuthURL() {
- return authURL;
- }
-
- /**
- * @param spEntityID the spEntityID to set
- */
- public void setSpEntityID(String spEntityID) {
- this.spEntityID = spEntityID;
- }
-
-
-
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
deleted file mode 100644
index 78e8be452..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.data;
-
-public class Trible<P1, P2, P3> {
- private final P1 first;
- private final P2 second;
- private final P3 third;
-
- private Trible(final P1 newFirst, final P2 newSecond, final P3 newThird) {
- this.first = newFirst;
- this.second = newSecond;
- this.third = newThird;
- }
-
- public P1 getFirst() {
- return this.first;
- }
-
- public P2 getSecond() {
- return this.second;
- }
-
- public P3 getThird() {
- return this.third;
- }
-
- public static <P1, P2, P3> Trible<P1, P2, P3> newInstance(final P1 newFirst, final P2 newSecond, final P3 newThird) {
- return new Trible<P1, P2, P3>(newFirst, newSecond, newThird);
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 72b350991..c2dd7b4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -41,6 +41,8 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -49,9 +51,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -79,7 +79,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
String pvpSLOIssuer = null;
String uniqueSessionIdentifier = "notSet";
String uniqueTransactionIdentifier = "notSet";
- PVPTargetConfiguration pvpReq = null;
+ PVPSProfilePendingRequest pvpReq = null;
Logger.debug("Start technical Single LogOut process ... ");
@@ -87,9 +87,9 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier();
uniqueTransactionIdentifier = pendingReq.getUniqueTransactionIdentifier();
- if (pendingReq instanceof PVPTargetConfiguration) {
- pvpReq = ((PVPTargetConfiguration)pendingReq);
- MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+ if (pendingReq instanceof PVPSProfileRequest) {
+ pvpReq = ((PVPSProfilePendingRequest)pendingReq);
+ PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest();
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
pvpSLOIssuer = logOutReq.getIssuer().getValue();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
deleted file mode 100644
index dbfeb5e90..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HTTPTransportUtils;
-
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAIDHTTPPostEncoder extends HTTPPostEncoder {
-
- private VelocityEngine velocityEngine;
- private IGUIBuilderConfiguration guiConfig;
- private GUIFormBuilderImpl guiBuilder;
-
- /**
- * @param engine
- * @param templateId
- */
- public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) {
- super(engine, null);
- this.velocityEngine = engine;
- this.guiConfig = guiConfig;
- this.guiBuilder = guiBuilder;
-
- }
-
- /**
- * Base64 and POST encodes the outbound message and writes it to the outbound transport.
- *
- * @param messageContext current message context
- * @param endpointURL endpoint URL to which to encode message
- *
- * @throws MessageEncodingException thrown if there is a problem encoding the message
- */
- protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
- Logger.debug("Invoking Velocity template to create POST body");
- InputStream is = null;
- try {
- //build Velocity Context from GUI input paramters
- VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig);
-
- //load template
- is = guiBuilder.getTemplateInputStream(guiConfig);
-
- //populate velocity context with SAML2 parameters
- populateVelocityContext(context, messageContext, endpointURL);
-
- //populate transport parameter
- HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
- HTTPTransportUtils.addNoCacheHeaders(outTransport);
- HTTPTransportUtils.setUTF8Encoding(outTransport);
- HTTPTransportUtils.setContentType(outTransport, "text/html");
-
- //evaluate template and write content to response
- Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");
- velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is)));
- out.flush();
-
- } catch (Exception e) {
- Logger.error("Error invoking Velocity template", e);
- throw new MessageEncodingException("Error creating output document", e);
-
- } finally {
- if (is != null) {
- try {
- is.close();
-
- } catch (IOException e) {
- Logger.error("Can NOT close GUI-Template InputStream.", e);
- }
- }
-
- }
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
deleted file mode 100644
index 81afcfbc1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import java.security.KeyStore;
-
-import org.opensaml.xml.security.x509.X509Credential;
-
-
-/**
- * @author tlenz
- *
- */
-public class MOAKeyStoreX509CredentialAdapter extends
- org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter {
-
- /**
- * @param store
- * @param alias
- * @param password
- */
- public MOAKeyStoreX509CredentialAdapter(KeyStore store, String alias,
- char[] password) {
- super(store, alias, password);
- }
-
- public Class<? extends X509Credential> getCredentialType() {
- return X509Credential.class;
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
deleted file mode 100644
index acbb67b34..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.ws.message.MessageContext;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAStringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
-
- private String redirectURL = null;
-
- public void encode(MessageContext messageContext)
- throws MessageEncodingException {
- if (!(messageContext instanceof SAMLMessageContext)) {
- Logger.error("Invalid message context type, this encoder only support SAMLMessageContext");
- throw new MessageEncodingException(
- "Invalid message context type, this encoder only support SAMLMessageContext");
- }
-
- //load default PVP security configurations
- MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-
- SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
-
- String endpointURL = getEndpointURL(samlMsgCtx).buildURL();
-
- setResponseDestination(samlMsgCtx.getOutboundSAMLMessage(), endpointURL);
-
- removeSignature(samlMsgCtx);
-
- String encodedMessage = deflateAndBase64Encode(samlMsgCtx
- .getOutboundSAMLMessage());
-
- redirectURL = buildRedirectURL(samlMsgCtx, endpointURL,
- encodedMessage);
- }
-
- /**
- * @return the redirectURL
- */
- public String getRedirectURL() {
- return redirectURL;
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index ac3828750..b2a2aad88 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -33,12 +33,12 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index c17f1a4dd..9e7f18842 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -51,6 +51,20 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -62,22 +76,11 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -98,6 +101,8 @@ public class AttributQueryAction implements IAction {
@Autowired private AttributQueryBuilder attributQueryBuilder;
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+ @Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
+ @Autowired(required=true) PVP2AssertionBuilder assertionBuilder;
private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
@@ -114,11 +119,11 @@ public class AttributQueryAction implements IAction {
@Override
public SLOInformationInterface processRequest(IRequest pendingReq,
HttpServletRequest httpReq, HttpServletResponse httpResp,
- IAuthData authData) throws MOAIDException {
+ IAuthData authData) throws EAAFException {
- if (pendingReq instanceof PVPTargetConfiguration &&
- ((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
- ((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) {
+ if (pendingReq instanceof PVPSProfilePendingRequest &&
+ ((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest &&
+ ((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) {
//set time reference
DateTime date = new DateTime();
@@ -136,7 +141,7 @@ public class AttributQueryAction implements IAction {
authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID());
AttributeQuery attrQuery =
- (AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest();
+ (AttributeQuery)((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest();
//build PVP 2.1 response-attribute information for this AttributQueryRequest
Trible<List<Attribute>, Date, String> responseInfo =
@@ -148,10 +153,9 @@ public class AttributQueryAction implements IAction {
//build PVP 2.1 assertion
- String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
- pendingReq.getAuthURL());
+ String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pendingReq.getAuthURL());
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID,
+ Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID,
attrQuery, responseInfo.getFirst(), date, new DateTime(responseInfo.getSecond().getTime()),
responseInfo.getThird(), authData.getSessionIndex());
@@ -201,16 +205,16 @@ public class AttributQueryAction implements IAction {
*/
@Override
public String getDefaultActionName() {
- return PVP2XProtocol.ATTRIBUTEQUERY;
+ return at.gv.egiz.eaaf.modules.pvp2.PVPConstants.ATTRIBUTEQUERY;
}
private Trible<List<Attribute>, Date, String> buildResponseInformationForAttributQuery(IRequest pendingReq,
- AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException {
+ AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException, AssertionAttributeExtractorExeption, AttributQueryException, AssertionValidationExeption {
try {
//mark AttributeQuery as used if it exists
- if ( pendingReq instanceof PVPTargetConfiguration &&
- ((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
- ((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {
+ if ( pendingReq instanceof PVPSProfileRequest &&
+ ((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest &&
+ ((PVPSProfilePendingRequest) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {
authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
}
@@ -218,7 +222,7 @@ public class AttributQueryAction implements IAction {
//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration
IOAAuthParameters spConfig = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes);
- //search federated IDP information for this MOASession
+ //search federated IDP information for this MOASession
if (nextIDPInformation != null) {
Logger.info("Find active federated IDP information."
+ ". --> Request next IDP:" + nextIDPInformation.getIdpurlprefix()
@@ -354,9 +358,11 @@ public class AttributQueryAction implements IAction {
* @return
* @return PVP attribute DAO, which contains all received information
* @throws MOAIDException
+ * @throws AttributQueryException
+ * @throws AssertionValidationExeption
*/
public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
- String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
+ String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException, AttributQueryException, AssertionValidationExeption{
String idpEnityID = idpConfig.getPublicURLPrefix();
try {
@@ -407,7 +413,7 @@ public class AttributQueryAction implements IAction {
new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
}
-
+
} catch (SOAPException e) {
throw new BuildException("builder.06", null, e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
deleted file mode 100644
index 43c860488..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IAction;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("PVPAuthenticationRequestAction")
-public class AuthenticationAction implements IAction {
- @Autowired IDPCredentialProvider pvpCredentials;
- @Autowired AuthConfiguration authConfig;
- @Autowired(required=true) private MOAMetadataProvider metadataProvider;
- @Autowired(required=true) ApplicationContext springContext;
-
- public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-
- PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
-
- //get basic information
- MOARequest moaRequest = (MOARequest) pvpRequest.getRequest();
- AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
- EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);
-
- AssertionConsumerService consumerService =
- SAML2Utils.createSAMLObject(AssertionConsumerService.class);
- consumerService.setBinding(pvpRequest.getBinding());
- consumerService.setLocation(pvpRequest.getConsumerURL());
-
- DateTime date = new DateTime();
-
- SLOInformationImpl sloInformation = new SLOInformationImpl();
-
- //change to entity value from entity name to IDP EntityID (URL)
-// String issuerEntityID = pvpRequest.getAuthURL();
-// if (issuerEntityID.endsWith("/"))
-// issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1);
-
- String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
- pvpRequest.getAuthURL());
-
- //build Assertion
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData,
- peerEntity, date, consumerService, sloInformation);
-
- Response authResponse = AuthResponseBuilder.buildResponse(
- metadataProvider, issuerEntityID, authnRequest,
- date, assertion, authConfig.isPVP2AssertionEncryptionActive());
-
- IEncoder binding = null;
-
- if (consumerService.getBinding().equals(
- SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-
- } else if (consumerService.getBinding().equals(
- SAMLConstants.SAML2_POST_BINDING_URI)) {
- binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
-
- }
-
- if (binding == null) {
- throw new BindingNotSupportedException(consumerService.getBinding());
- }
-
- try {
- binding.encodeRespone(httpReq, httpResp, authResponse,
- consumerService.getLocation(), moaRequest.getRelayState(),
- pvpCredentials.getIDPAssertionSigningCredential(), req);
-
- //set protocol type
- sloInformation.setProtocolType(req.requestedModule());
- sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
- return sloInformation;
-
- } catch (MessageEncodingException e) {
- Logger.error("Message Encoding exception", e);
- throw new MOAIDException("pvp2.01", null, e);
-
- } catch (SecurityException e) {
- Logger.error("Security exception", e);
- throw new MOAIDException("pvp2.01", null, e);
-
- }
-
- }
-
- public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp) {
- return true;
- }
-
- public String getDefaultActionName() {
- return "PVPAuthenticationRequestAction";
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
deleted file mode 100644
index 76956b5a8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import com.google.common.net.MediaType;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IAction;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IDPPVPMetadataConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("pvpMetadataService")
-public class MetadataAction implements IAction {
-
-
-
- @Autowired private IRevisionLogger revisionsLogger;
- @Autowired private IDPCredentialProvider credentialProvider;
- @Autowired private PVPMetadataBuilder metadatabuilder;
-
- public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
- try {
- revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
-
- //build metadata
- IPVPMetadataBuilderConfiguration metadataConfig =
- new IDPPVPMetadataConfiguration(req.getAuthURLWithOutSlash(), credentialProvider);
-
- String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig);
- Logger.debug("METADATA: " + metadataXML);
-
- byte[] content = metadataXML.getBytes("UTF-8");
- httpResp.setStatus(HttpServletResponse.SC_OK);
- httpResp.setContentLength(content.length);
- httpResp.setContentType(MediaType.XML_UTF_8.toString());
- httpResp.getOutputStream().write(content);
- return null;
-
- } catch (Exception e) {
- Logger.error("Failed to generate metadata", e);
- throw new MOAIDException("pvp2.13", null);
- }
- }
-
- public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp) {
- return false;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
- */
- @Override
- public String getDefaultActionName() {
- return "IDP - PVP Metadata action";
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
deleted file mode 100644
index 176b1af43..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ /dev/null
@@ -1,835 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Arrays;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.SignableXMLObject;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
-import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
-import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Controller
-public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
-
- @Autowired IDPCredentialProvider pvpCredentials;
- @Autowired SAMLVerificationEngineSP samlVerificationEngine;
- @Autowired(required=true) private MOAMetadataProvider metadataProvider;
-
- @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
-
- public static final String NAME = PVP2XProtocol.class.getName();
- public static final String PATH = "id_pvp2x";
-
- public static final String REDIRECT = "Redirect";
- public static final String POST = "Post";
- public static final String SOAP = "Soap";
- public static final String METADATA = "Metadata";
- public static final String ATTRIBUTEQUERY = "AttributeQuery";
- public static final String SINGLELOGOUT = "SingleLogOut";
-
- public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
- new String[] {
- PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
- });
-
- static {
- new VelocityLogAdapter();
-
- }
-
- public String getName() {
- return NAME;
- }
-
- public String getPath() {
- return PATH;
- }
-
- public PVP2XProtocol() {
- super();
- }
-
- //PVP2.x metadata end-point
- @RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
- public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-// if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-// Logger.info("PVP2.1 is deaktivated!");
-// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//
-// }
-
- //create pendingRequest object
- PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
- pendingReq.initialize(req, authConfig);
- pendingReq.setModule(NAME);
-
- revisionsLogger.logEvent(
- pendingReq.getUniqueSessionIdentifier(),
- pendingReq.getUniqueTransactionIdentifier(),
- MOAIDEventConstants.TRANSACTION_IP,
- req.getRemoteAddr());
-
- MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class);
- metadataAction.processRequest(pendingReq,
- req, resp, null);
-
- }
-
- //PVP2.x IDP POST-Binding end-point
- @RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
- public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-// if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-// Logger.info("PVP2.1 is deaktivated!");
-// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//
-// }
-
- PVPTargetConfiguration pendingReq = null;
-
- try {
- //create pendingRequest object
- pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
- pendingReq.initialize(req, authConfig);
- pendingReq.setModule(NAME);
-
- revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
- revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());
- revisionsLogger.logEvent(
- pendingReq.getUniqueSessionIdentifier(),
- pendingReq.getUniqueTransactionIdentifier(),
- MOAIDEventConstants.TRANSACTION_IP,
- req.getRemoteAddr());
-
- //get POST-Binding decoder implementation
- InboundMessage msg = (InboundMessage) new PostBinding().decode(
- req, resp, metadataProvider, false,
- new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
- pendingReq.setRequest(msg);
-
- //preProcess Message
- preProcess(req, resp, pendingReq);
-
- } catch (SecurityPolicyException e) {
- String samlRequest = req.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-
- } catch (SecurityException e) {
- String samlRequest = req.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-
- } catch (MOAIDException e) {
-
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw e;
-
- } catch (Throwable e) {
- String samlRequest = req.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
- }
- }
-
- //PVP2.x IDP Redirect-Binding end-point
- @RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
- public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
- if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
- Logger.info("PVP2.1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-
- }
- PVPTargetConfiguration pendingReq = null;
- try {
- //create pendingRequest object
- pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
- pendingReq.initialize(req, authConfig);
- pendingReq.setModule(NAME);
-
- revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
- revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());
- revisionsLogger.logEvent(
- pendingReq.getUniqueSessionIdentifier(),
- pendingReq.getUniqueTransactionIdentifier(),
- MOAIDEventConstants.TRANSACTION_IP,
- req.getRemoteAddr());
-
- //get POST-Binding decoder implementation
- InboundMessage msg = (InboundMessage) new RedirectBinding().decode(
- req, resp, metadataProvider, false,
- new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(pendingReq.getAuthURL())));
- pendingReq.setRequest(msg);
-
- //preProcess Message
- preProcess(req, resp, pendingReq);
-
- } catch (SecurityPolicyException e) {
- String samlRequest = req.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-
- } catch (SecurityException e) {
- String samlRequest = req.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-
- } catch (MOAIDException e) {
- String samlRequest = req.getParameter("SAMLRequest");
- Logger.info("Receive INVALID protocol request: " + samlRequest);
-
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw e;
-
- } catch (Throwable e) {
- String samlRequest = req.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
- }
- }
-
-
- //PVP2.x IDP SOAP-Binding end-point
- @RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
- public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-// if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-// Logger.info("PVP2.1 is deaktivated!");
-// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//
-// }
-
- PVPTargetConfiguration pendingReq = null;
- try {
- //create pendingRequest object
- pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
- pendingReq.initialize(req, authConfig);
- pendingReq.setModule(NAME);
-
- revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
- revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());
- revisionsLogger.logEvent(
- pendingReq.getUniqueSessionIdentifier(),
- pendingReq.getUniqueTransactionIdentifier(),
- MOAIDEventConstants.TRANSACTION_IP,
- req.getRemoteAddr());
-
- //get POST-Binding decoder implementation
- InboundMessage msg = (InboundMessage) new SoapBinding().decode(
- req, resp, metadataProvider, false,
- new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
- pendingReq.setRequest(msg);
-
- //preProcess Message
- preProcess(req, resp, pendingReq);
-
- } catch (SecurityPolicyException e) {
- String samlRequest = req.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-
- } catch (SecurityException e) {
- String samlRequest = req.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-
- } catch (MOAIDException e) {
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw e;
-
- } catch (Throwable e) {
- String samlRequest = req.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
- //write revision log entries
- if (pendingReq != null)
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-
- throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
- }
- }
-
-
-
- private void preProcess(HttpServletRequest request,
- HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-
- InboundMessage msg = pendingReq.getRequest();
-
- if (MiscUtil.isEmpty(msg.getEntityID())) {
- throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty");
-
- }
-
- if(!msg.isVerified()) {
- samlVerificationEngine.verify(msg,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
- msg.setVerified(true);
-
- }
-
- if (msg instanceof MOARequest &&
- ((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
- preProcessAuthRequest(request, response, pendingReq);
-
- else if (msg instanceof MOARequest &&
- ((MOARequest)msg).getSamlRequest() instanceof AttributeQuery)
- preProcessAttributQueryRequest(request, response, pendingReq);
-
- else if (msg instanceof MOARequest &&
- ((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
- preProcessLogOut(request, response, pendingReq);
-
- else if (msg instanceof MOAResponse &&
- ((MOAResponse)msg).getResponse() instanceof LogoutResponse)
- preProcessLogOut(request, response, pendingReq);
-
- else {
- Logger.error("Receive unsupported PVP21 message");
- throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
- }
-
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
-
- //switch to session authentication
- performAuthentication(request, response, pendingReq);
- }
-
- public boolean generateErrorMessage(Throwable e,
- HttpServletRequest request, HttpServletResponse response,
- IRequest protocolRequest) throws Throwable {
-
- if(protocolRequest == null) {
- throw e;
- }
-
- if(!(protocolRequest instanceof PVPTargetConfiguration) ) {
- throw e;
- }
- PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest;
-
- Response samlResponse =
- SAML2Utils.createSAMLObject(Response.class);
- Status status = SAML2Utils.createSAMLObject(Status.class);
- StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
- StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
-
- String moaError = null;
-
- if(e instanceof NoPassivAuthenticationException) {
- statusCode.setValue(StatusCode.NO_PASSIVE_URI);
- statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-
- } else if (e instanceof NameIDFormatNotSupportedException) {
- statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI);
- statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-
- } else if (e instanceof SLOException) {
- //SLOExecpetions only occurs if session information is lost
- return false;
-
- } else if(e instanceof PVP2Exception) {
- PVP2Exception ex = (PVP2Exception) e;
- statusCode.setValue(ex.getStatusCodeValue());
- String statusMessageValue = ex.getStatusMessageValue();
- if(statusMessageValue != null) {
- statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
- }
- moaError = statusMessager.mapInternalErrorToExternalError(ex.getMessageId());
-
- } else {
- statusCode.setValue(StatusCode.RESPONDER_URI);
- statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
- moaError = statusMessager.getResponseErrorCode(e);
- }
-
-
- if (MiscUtil.isNotEmpty(moaError)) {
- StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class);
- moaStatusCode.setValue(moaError);
- statusCode.setStatusCode(moaStatusCode);
- }
-
- status.setStatusCode(statusCode);
- if(statusMessage.getMessage() != null) {
- status.setStatusMessage(statusMessage);
- }
- samlResponse.setStatus(status);
- String remoteSessionID = SAML2Utils.getSecureIdentifier();
- samlResponse.setID(remoteSessionID);
-
- samlResponse.setIssueInstant(new DateTime());
- Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
- nissuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
- pvpRequest.getAuthURL()));
- nissuer.setFormat(NameID.ENTITY);
- samlResponse.setIssuer(nissuer);
-
- IEncoder encoder = null;
-
- if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-
- } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
- encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class);
-
- } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
- encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class);
- }
-
- if(encoder == null) {
- // default to redirect binding
- encoder = new RedirectBinding();
- }
-
- String relayState = null;
- if (pvpRequest.getRequest() != null)
- relayState = pvpRequest.getRequest().getRelayState();
-
- X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential();
-
- encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(),
- relayState, signCred, protocolRequest);
- return true;
- }
-
- public boolean validate(HttpServletRequest request,
- HttpServletResponse response, IRequest pending) {
-
- return true;
- }
-
-
- /**
- * PreProcess Single LogOut request
- * @param request
- * @param response
- * @param msg
- * @return
- * @throws EAAFException
- * @throws MOAIDException
- */
- private void preProcessLogOut(HttpServletRequest request,
- HttpServletResponse response, PVPTargetConfiguration pendingReq) throws EAAFException {
-
- InboundMessage inMsg = pendingReq.getRequest();
- MOARequest msg;
- if (inMsg instanceof MOARequest &&
- ((MOARequest)inMsg).getSamlRequest() instanceof LogoutRequest) {
- //preProcess single logout request from service provider
-
- msg = (MOARequest) inMsg;
-
- EntityDescriptor metadata = msg.getEntityMetadata(metadataProvider);
- if(metadata == null) {
- throw new NoMetadataInformationException();
- }
-
- String oaURL = metadata.getEntityID();
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-
- Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
-
- pendingReq.setSPEntityId(oaURL);
- pendingReq.setOnlineApplicationConfiguration(oa);
- pendingReq.setBinding(msg.getRequestBinding());
-
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
-
-
-
- } else if (inMsg instanceof MOAResponse &&
- ((MOAResponse)inMsg).getResponse() instanceof LogoutResponse) {
- //preProcess single logour response from service provider
-
- LogoutResponse resp = (LogoutResponse) (((MOAResponse)inMsg).getResponse());
-
- Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
-
-// List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
-// AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
-
- boolean isAllowedDestination = false;
- try {
- isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
-
- } catch (MalformedURLException e) {
- Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
-
- }
-
-// for (String prefix : allowedPublicURLPrefix) {
-// if (resp.getDestination().startsWith(
-// prefix)) {
-// isAllowedDestination = true;
-// break;
-// }
-// }
-
- if (!isAllowedDestination) {
- Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
- throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
-
- }
-
- //TODO: check if relayState exists
- inMsg.getRelayState();
-
-
- } else
- throw new EAAFException("Unsupported request");
-
-
- pendingReq.setRequest(inMsg);
- pendingReq.setAction(SINGLELOGOUT);
-
- //Single LogOut Request needs no authentication
- pendingReq.setNeedAuthentication(false);
-
- //set protocol action, which should be executed
- pendingReq.setAction(SingleLogOutAction.class.getName());
- }
-
- /**
- * PreProcess AttributeQuery request
- * @param request
- * @param response
- * @param pendingReq
- * @throws Throwable
- */
- private void preProcessAttributQueryRequest(HttpServletRequest request,
- HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
- MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());
- AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
- moaRequest.setEntityID(attrQuery.getIssuer().getValue());
-
- //validate destination
- String destinaten = attrQuery.getDestination();
- if (!PVPConfiguration.getInstance().getIDPSSOSOAPService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) {
- Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
- throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
-
- }
-
- //check if Issuer is an interfederation IDP
- IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
- if (!oa.isInderfederationIDP()) {
- Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
- throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
-
- }
-
- if (!oa.isOutboundSSOInterfederationAllowed()) {
- Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation.");
- throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null);
-
- }
-
- //check active MOASession
- String nameID = attrQuery.getSubject().getNameID().getValue();
- IAuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID);
- if (session == null) {
- Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
- throw new AttributQueryException("auth.31", null);
-
- }
-
- //set preProcessed information into pending-request
- pendingReq.setRequest(moaRequest);
- pendingReq.setSPEntityId(moaRequest.getEntityID());
- pendingReq.setOnlineApplicationConfiguration(oa);
- pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
-
- //Attribute-Query Request needs authentication, because session MUST be already authenticated
- pendingReq.setNeedAuthentication(false);
-
- //set protocol action, which should be executed after authentication
- pendingReq.setAction(AttributQueryAction.class.getName());
-
- //add moasession
- pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
-
- //write revisionslog entry
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
-
-
- }
-
- /**
- * PreProcess Authn request
- * @param request
- * @param response
- * @param pendingReq
- * @throws Throwable
- */
- private void preProcessAuthRequest(HttpServletRequest request,
- HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-
- MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());
- SignableXMLObject samlReq = moaRequest.getSamlRequest();
-
- if(!(samlReq instanceof AuthnRequest)) {
- throw new MOAIDException("Unsupported request", new Object[] {});
- }
-
- EntityDescriptor metadata = moaRequest.getEntityMetadata(metadataProvider);
- if(metadata == null) {
- throw new NoMetadataInformationException();
- }
- SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
- AuthnRequest authnRequest = (AuthnRequest)samlReq;
-
- if (authnRequest.getIssueInstant() == null) {
- Logger.warn("Unsupported request: No IssueInstant Attribute found.");
- throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {},
- "Unsupported request: No IssueInstant Attribute found", pendingReq);
-
- }
-
- if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
- Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
- throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {},
- "Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq);
-
- }
-
- //parse AssertionConsumerService
- AssertionConsumerService consumerService = null;
- if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) &&
- MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) {
- //use AssertionConsumerServiceURL from request
-
- //check requested AssertionConsumingService URL against metadata
- List<AssertionConsumerService> metadataAssertionServiceList = spSSODescriptor.getAssertionConsumerServices();
- for (AssertionConsumerService service : metadataAssertionServiceList) {
- if (authnRequest.getProtocolBinding().equals(service.getBinding())
- && authnRequest.getAssertionConsumerServiceURL().equals(service.getLocation())) {
- consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
- consumerService.setBinding(authnRequest.getProtocolBinding());
- consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL());
- Logger.debug("Requested AssertionConsumerServiceURL is valid.");
- }
- }
-
- if (consumerService == null) {
- throw new InvalidAssertionConsumerServiceException(authnRequest.getAssertionConsumerServiceURL());
-
- }
-
-
- } else {
- //use AssertionConsumerServiceIndex and select consumerService from metadata
- Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
- int assertionidx = 0;
-
- if(aIdx != null) {
- assertionidx = aIdx.intValue();
-
- } else {
- assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
-
- }
- consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
-
- if (consumerService == null) {
- throw new InvalidAssertionConsumerServiceException(aIdx);
-
- }
- }
-
-
- //select AttributeConsumingService from request
- AttributeConsumingService attributeConsumer = null;
- Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
- int attributeIdx = 0;
-
- if(aIdx != null) {
- attributeIdx = aIdx.intValue();
- }
-
- if (spSSODescriptor.getAttributeConsumingServices() != null &&
- spSSODescriptor.getAttributeConsumingServices().size() > 0) {
- attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
- }
-
- //validate AuthnRequest
- AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
- AuthnRequestValidator.validate(authReq);
-
-// String useMandate = request.getParameter(PARAM_USEMANDATE);
-// if(useMandate != null) {
-// if(useMandate.equals("true") && attributeConsumer != null) {
-// if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-// throw new MandateAttributesNotHandleAbleException();
-// }
-// }
-// }
-
- String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-
- Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
-
- pendingReq.setSPEntityId(oaURL);
- pendingReq.setOnlineApplicationConfiguration(oa);
- pendingReq.setBinding(consumerService.getBinding());
- pendingReq.setRequest(moaRequest);
- pendingReq.setConsumerURL(consumerService.getLocation());
-
- //parse AuthRequest
- pendingReq.setPassiv(authReq.isPassive());
- pendingReq.setForce(authReq.isForceAuthn());
-
- //AuthnRequest needs authentication
- pendingReq.setNeedAuthentication(true);
-
- //set protocol action, which should be executed after authentication
- pendingReq.setAction(AuthenticationAction.class.getName());
-
- //write revisionslog entry
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
-
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 67e7a47f3..cdd0b659e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -22,25 +22,9 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
-import at.gv.egovernment.moa.id.data.Trible;
-
-public interface PVPConstants extends PVPAttributeConstants {
+public interface PVPConstants extends at.gv.egiz.eaaf.modules.pvp2.PVPConstants {
public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
-
- public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
- public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
- public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
- public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
-
public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/";
public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
@@ -52,84 +36,5 @@ public interface PVPConstants extends PVPAttributeConstants {
public static final String EIDAS_QAA_LOW = EIDAS_QAA_PREFIX + "low";
public static final String EIDAS_QAA_SUBSTANTIAL = EIDAS_QAA_PREFIX + "substantial";
public static final String EIDAS_QAA_HIGH = EIDAS_QAA_PREFIX + "high";
-
- public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
-
-
-
-
- public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
- public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
- public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
-
- /**
- *
- * Get required PVP attributes for egovtoken
- * First : PVP attribute name (OID)
- * Second: FriendlyName
- * Third: Required
- *
- */
- public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES =
- Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
- private static final long serialVersionUID = 1L;
- {
- //currently supported attributes
- add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
- add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
-
- //currently not supported attributes
- add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false));
- add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false));
- add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false));
- add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false));
- add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
- add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
-
-
- }
- });
-
- /**
- *
- * Get required PVP attributes for citizenToken
- * First : PVP attribute name (OID)
- * Second: FriendlyName
- * Third: Required
- *
- */
- public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES =
- Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
- private static final long serialVersionUID = 1L;
- {
- //required attributes - eIDAS minimal-data set
- add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
- add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
- add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
- add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
- add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
-
-
- //not required attributes
- add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
- add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
- add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
- add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
-
-
-
- }
- });
-
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
deleted file mode 100644
index 279d88860..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.context.annotation.Scope;
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-
-@Component("PVPTargetConfiguration")
-@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
-public class PVPTargetConfiguration extends RequestImpl {
-
-
- public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
- public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
- public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";
-
- public static final String DATAID_INTERFEDERATION_REQUESTID = "authnReqID";
-
- private static final long serialVersionUID = 4889919265919638188L;
-
-
-
- InboundMessage request;
- String binding;
- String consumerURL;
-
- public InboundMessage getRequest() {
- return request;
- }
-
- public void setRequest(InboundMessage request) {
- this.request = request;
- }
-
- public String getBinding() {
- return binding;
- }
-
- public void setBinding(String binding) {
- this.binding = binding;
- }
-
- public String getConsumerURL() {
- return consumerURL;
- }
-
- public void setConsumerURL(String consumerURL) {
- this.consumerURL = consumerURL;
-
- }
-
-// /* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-// */
-// @Override
-// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-//
-// Map<String, String> reqAttr = new HashMap<String, String>();
-// for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
-// reqAttr.put(el, "");
-//
-// try {
-// SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-// if (spSSODescriptor.getAttributeConsumingServices() != null &&
-// spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-//
-// Integer aIdx = null;
-// if (getRequest() instanceof MOARequest &&
-// ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {
-// AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();
-// aIdx = authnRequest.getAttributeConsumingServiceIndex();
-//
-// } else {
-// Logger.error("MOARequest is NOT of type AuthnRequest");
-// }
-//
-// int idx = 0;
-//
-// AttributeConsumingService attributeConsumingService = null;
-//
-// if (aIdx != null) {
-// idx = aIdx.intValue();
-// attributeConsumingService = spSSODescriptor
-// .getAttributeConsumingServices().get(idx);
-//
-// } else {
-// List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-// for (AttributeConsumingService el : attrConsumingServiceList) {
-// if (el.isDefault())
-// attributeConsumingService = el;
-// }
-// }
-//
-// for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
-// reqAttr.put(attr.getName(), "");
-// }
-//
-// //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
-// return reqAttr.keySet();
-//
-// } catch (NoMetadataInformationException e) {
-// Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
-// return null;
-//
-// }
-//
-// }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 6b945d692..ab88a765e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -44,7 +44,11 @@ import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.SLOException;
import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -55,9 +59,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -86,12 +87,12 @@ public class SingleLogOutAction implements IAction {
HttpServletRequest httpReq, HttpServletResponse httpResp,
IAuthData authData) throws EAAFException {
- PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;
+ PVPSProfilePendingRequest pvpReq = (PVPSProfilePendingRequest) req;
- if (pvpReq.getRequest() instanceof MOARequest &&
- ((MOARequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
+ if (pvpReq.getRequest() instanceof PVPSProfileRequest &&
+ ((PVPSProfileRequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
Logger.debug("Process Single LogOut request");
- MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+ PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest();
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
String ssoSessionId =
@@ -141,10 +142,10 @@ public class SingleLogOutAction implements IAction {
Logger.debug("Starting technical SLO process ... ");
sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null);
- } else if (pvpReq.getRequest() instanceof MOAResponse &&
- ((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
+ } else if (pvpReq.getRequest() instanceof PVPSProfileResponse &&
+ ((PVPSProfileResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
Logger.debug("Process Single LogOut response");
- LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
+ LogoutResponse logOutResp = (LogoutResponse) ((PVPSProfileResponse)pvpReq.getRequest()).getResponse();
//Transaction tx = null;
@@ -236,11 +237,11 @@ public class SingleLogOutAction implements IAction {
storageSuccess = true;
String redirectURL = null;
IRequest sloReq = sloContainer.getSloRequest();
- if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+ if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
//send SLO response to SLO request issuer
- SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloReq);
- LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloReq, sloContainer.getSloFailedOAs());
- redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPTargetConfiguration)sloReq).getRequest().getRelayState());
+ SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloReq);
+ LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloReq, sloContainer.getSloFailedOAs());
+ redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPSProfilePendingRequest)sloReq).getRequest().getRelayState());
} else {
//print SLO information directly
@@ -324,7 +325,7 @@ public class SingleLogOutAction implements IAction {
*/
@Override
public String getDefaultActionName() {
- return PVP2XProtocol.SINGLELOGOUT;
+ return PVPConstants.SINGLELOGOUT;
}
protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
deleted file mode 100644
index 71c5a46a4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.xml.security.SecurityException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-
-public interface IDecoder {
- public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator)
- throws MessageDecodingException, SecurityException, PVP2Exception;
-
- public boolean handleDecode(String action, HttpServletRequest req);
-
- public String getSAML2BindingName();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
deleted file mode 100644
index 409f995fc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-
-public interface IEncoder {
-
- /**
- *
- * @param req The http request
- * @param resp The http response
- * @param request The SAML2 request object
- * @param targetLocation URL, where the request should be transmit
- * @param relayState token for session handling
- * @param credentials Credential to sign the request object
- * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
- * @throws MessageEncodingException
- * @throws SecurityException
- * @throws PVP2Exception
- */
- public void encodeRequest(HttpServletRequest req,
- HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException, PVP2Exception;
-
- /**
- * Encoder SAML Response
- * @param req The http request
- * @param resp The http response
- * @param response The SAML2 repsonse object
- * @param targetLocation URL, where the request should be transmit
- * @param relayState token for session handling
- * @param credentials Credential to sign the response object
- * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
- * @throws MessageEncodingException
- * @throws SecurityException
- */
- public void encodeRespone(HttpServletRequest req,
- HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException, PVP2Exception;
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
deleted file mode 100644
index 7bb64a106..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAURICompare implements URIComparator {
-
- /**
- * @param idpssoPostService
- */
-
- private String serviceURL = "";
-
- public MOAURICompare(String serviceURL) {
- this.serviceURL = serviceURL;
- }
-
- public boolean compare(String uri1, String uri2) {
- if (this.serviceURL.equals(uri1))
- return true;
-
- else {
- Logger.warn("PVP request destination-endpoint: " + uri1
- + " does not match to IDP endpoint:" + serviceURL);
- return false;
-
- }
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
deleted file mode 100644
index 998249028..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ /dev/null
@@ -1,240 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.ws.security.provider.BasicSecurityPolicy;
-import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPPOSTBinding")
-public class PostBinding implements IDecoder, IEncoder {
-
- @Autowired(required=true) AuthConfiguration authConfig;
- @Autowired(required=true) GUIFormBuilderImpl guiBuilder;
-
- public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException {
-
- try {
-// X509Credential credentials = credentialProvider
-// .getIDPAssertionSigningCredential();
-
- //load default PVP security configurations
- MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-
- //initialize POST binding encoder with template decoration
- IGUIBuilderConfiguration guiConfig =
- new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
- pendingReq,
- "pvp_postbinding_template.html",
- MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL,
- null,
- authConfig.getRootConfigFileDir());
- MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
- VelocityProvider.getClassPathVelocityEngine());
-
- //set OpenSAML2 process parameter into binding context dao
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
- service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- service.setLocation(targetLocation);;
-
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(request);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
-
- encoder.encode(context);
-
-// } catch (CredentialsNotAvailableException e) {
-// e.printStackTrace();
-// throw new SecurityException(e);
- } catch (Exception e) {
- e.printStackTrace();
- throw new SecurityException(e);
- }
- }
-
- public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException {
-
- try {
- //load default PVP security configurations
- MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-
- Logger.debug("create SAML POSTBinding response");
-
- //initialize POST binding encoder with template decoration
- IGUIBuilderConfiguration guiConfig =
- new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
- pendingReq,
- "pvp_postbinding_template.html",
- MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL,
- null,
- authConfig.getRootConfigFileDir());
- MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
- VelocityProvider.getClassPathVelocityEngine());
-
- //set OpenSAML2 process parameter into binding context dao
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- service.setLocation(targetLocation);
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
- // context.setOutboundMessage(authReq);
- context.setOutboundSAMLMessage(response);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
-
- encoder.encode(context);
-// } catch (CredentialsNotAvailableException e) {
-// e.printStackTrace();
-// throw new SecurityException(e);
- } catch (Exception e) {
- e.printStackTrace();
- throw new SecurityException(e);
- }
- }
-
- public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
- SecurityException {
-
- HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
- //set metadata descriptor type
- if (isSPEndPoint) {
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(comparator);
-
- } else {
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(comparator);
- }
-
- messageContext.setMetadataProvider(metadataProvider);
-
- //set security policy context
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(
- new MOAPVPSignedRequestPolicyRule(metadataProvider,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider),
- messageContext.getPeerEntityRole()));
- SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
- messageContext.setSecurityPolicyResolver(secResolver);
-
- decode.decode(messageContext);
-
- InboundMessage msg = null;
- if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
- msg = new MOARequest(inboundMessage, getSAML2BindingName());
- msg.setEntityID(inboundMessage.getIssuer().getValue());
-
- } else if (messageContext.getInboundMessage() instanceof StatusResponseType){
- StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
- msg = new MOAResponse(inboundMessage);
- msg.setEntityID(inboundMessage.getIssuer().getValue());
-
- } else
- //create empty container if request type is unknown
- msg = new InboundMessage();
-
- if (messageContext.getPeerEntityMetadata() != null)
- msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-
- else {
- if (MiscUtil.isEmpty(msg.getEntityID()))
- Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
- }
-
-
- msg.setVerified(true);
- msg.setRelayState(messageContext.getRelayState());
-
- return msg;
- }
-
- public boolean handleDecode(String action, HttpServletRequest req) {
- return (req.getMethod().equals("POST") && action.equals(PVP2XProtocol.POST));
- }
-
- public String getSAML2BindingName() {
- return SAMLConstants.SAML2_POST_BINDING_URI;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
deleted file mode 100644
index caebd456b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
-import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.ws.security.provider.BasicSecurityPolicy;
-import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOASAML2AuthRequestSignedRole;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPRedirectBinding")
-public class RedirectBinding implements IDecoder, IEncoder {
-
- public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException {
-
-// try {
-// X509Credential credentials = credentialProvider
-// .getIDPAssertionSigningCredential();
-
- //load default PVP security configurations
- MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-
- Logger.debug("create SAML RedirectBinding response");
-
- HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- service.setLocation(targetLocation);
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(request);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
-
- encoder.encode(context);
-// } catch (CredentialsNotAvailableException e) {
-// e.printStackTrace();
-// throw new SecurityException(e);
-// }
- }
-
- public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState,
- Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException {
-// try {
-// X509Credential credentials = credentialProvider
-// .getIDPAssertionSigningCredential();
-
- //load default PVP security configurations
- MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-
- Logger.debug("create SAML RedirectBinding response");
-
- HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- service.setLocation(targetLocation);
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(response);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
-
- encoder.encode(context);
-// } catch (CredentialsNotAvailableException e) {
-// e.printStackTrace();
-// throw new SecurityException(e);
-// }
- }
-
- public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
- SecurityException {
-
- HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
- new BasicParserPool());
-
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
- //set metadata descriptor type
- if (isSPEndPoint) {
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(comparator);
-
- } else {
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(comparator);
- }
-
- messageContext.setMetadataProvider(metadataProvider);
-
- SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
- MOASAML2AuthRequestSignedRole signedRole = new MOASAML2AuthRequestSignedRole();
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(signedRole);
- policy.getPolicyRules().add(signatureRule);
- SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setSecurityPolicyResolver(resolver);
-
- //set metadata descriptor type
- if (isSPEndPoint)
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- else
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- try {
- decode.decode(messageContext);
-
- //check signature
- signatureRule.evaluate(messageContext);
-
- } catch (SecurityException e) {
- if (MiscUtil.isEmpty(messageContext.getInboundMessageIssuer())) {
- throw e;
-
- }
-
- if (metadataProvider instanceof IMOARefreshableMetadataProvider) {
- Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer());
- if (!((IMOARefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer()))
- throw e;
-
- else {
- Logger.trace("PVP2X metadata reload finished. Check validate message again.");
- decode.decode(messageContext);
-
- //check signature
- signatureRule.evaluate(messageContext);
-
- }
- Logger.trace("Second PVP2X message validation finished");
-
- } else {
- throw e;
-
- }
- }
-
- InboundMessage msg = null;
- if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
- msg = new MOARequest(inboundMessage, getSAML2BindingName());
-
-
- } else if (messageContext.getInboundMessage() instanceof StatusResponseType){
- StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
- msg = new MOAResponse(inboundMessage);
-
- } else
- //create empty container if request type is unknown
- msg = new InboundMessage();
-
- if (messageContext.getPeerEntityMetadata() != null)
- msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-
- else
- Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-
- msg.setVerified(true);
- msg.setRelayState(messageContext.getRelayState());
-
- return msg;
- }
-
- public boolean handleDecode(String action, HttpServletRequest req) {
- return ((action.equals(PVP2XProtocol.REDIRECT) || action.equals(PVP2XProtocol.SINGLELOGOUT))
- && req.getMethod().equals("GET"));
- }
-
- public String getSAML2BindingName() {
- return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
deleted file mode 100644
index 2b4374a64..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.signature.SignableXMLObject;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPSOAPBinding")
-public class SoapBinding implements IDecoder, IEncoder {
-
- @Autowired(required=true) private MOAMetadataProvider metadataProvider;
- @Autowired private IDPCredentialProvider credentialProvider;
-
- public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
- SecurityException, PVP2Exception {
- HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
- new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(
- req));
- messageContext.setMetadataProvider(metadataProvider);
-
- //TODO: update in a futher version:
- // requires a special SignedSOAPRequestPolicyRole because
- // messageContext.getInboundMessage() is not directly signed
-
- //set security context
-// BasicSecurityPolicy policy = new BasicSecurityPolicy();
-// policy.getPolicyRules().add(
-// new MOAPVPSignedRequestPolicyRule(
-// TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
-// SPSSODescriptor.DEFAULT_ELEMENT_NAME));
-// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-// policy);
-// messageContext.setSecurityPolicyResolver(resolver);
-
- //decode message
- soapDecoder.decode(messageContext);
-
- Envelope inboundMessage = (Envelope) messageContext
- .getInboundMessage();
-
- if (inboundMessage.getBody() != null) {
- List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
-
- if (!xmlElemList.isEmpty()) {
- SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);
- MOARequest request = new MOARequest(attrReq, getSAML2BindingName());
-
- if (messageContext.getPeerEntityMetadata() != null)
- request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-
- else if (attrReq instanceof RequestAbstractType) {
- RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
- try {
- if (MiscUtil.isNotEmpty(attributeRequest.getIssuer().getValue()) &&
- metadataProvider.getRole(
- attributeRequest.getIssuer().getValue(),
- SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
- request.setEntityID(attributeRequest.getIssuer().getValue());
-
- } catch (Exception e) {
- Logger.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
- }
- }
-
- request.setVerified(false);
- return request;
-
- }
- }
-
- Logger.error("Receive empty PVP 2.1 attributequery request.");
- throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
- }
-
- public boolean handleDecode(String action, HttpServletRequest req) {
- return (req.getMethod().equals("POST") &&
- (action.equals(PVP2XProtocol.SOAP) || action.equals(PVP2XProtocol.ATTRIBUTEQUERY)));
- }
-
- public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException, PVP2Exception {
-
- }
-
- public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException, PVP2Exception {
-// try {
-// Credential credentials = credentialProvider
-// .getIDPAssertionSigningCredential();
-
- //load default PVP security configurations
- MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-
- HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setOutboundSAMLMessage(response);
- context.setOutboundMessageTransport(responseAdapter);
-
- encoder.encode(context);
-// } catch (CredentialsNotAvailableException e) {
-// e.printStackTrace();
-// throw new SecurityException(e);
-// }
- }
-
- public String getSAML2BindingName() {
- return SAMLConstants.SAML2_SOAP11_BINDING_URI;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index f3af12a2c..b5f77ce1a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,14 +49,15 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.SamlAttributeGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -104,7 +105,7 @@ public class AttributQueryBuilder {
String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException {
- try {
+ try {
AttributeQuery query = new AttributeQueryBuilder().buildObject();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
deleted file mode 100644
index 78ddab488..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.EncryptedAssertion;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.encryption.Encrypter;
-import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.xml.encryption.EncryptionException;
-import org.opensaml.xml.encryption.EncryptionParameters;
-import org.opensaml.xml.encryption.KeyEncryptionParameters;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.X509Credential;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class AuthResponseBuilder {
-
- public static Response buildResponse(MetadataProvider metadataProvider, String issuerEntityID, RequestAbstractType req, DateTime date, Assertion assertion, boolean enableEncryption) throws InvalidAssertionEncryptionException, ConfigurationException {
- Response authResponse = SAML2Utils.createSAMLObject(Response.class);
-
- Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- nissuer.setValue(issuerEntityID);
- nissuer.setFormat(NameID.ENTITY);
- authResponse.setIssuer(nissuer);
- authResponse.setInResponseTo(req.getID());
-
- //set responseID
- String remoteSessionID = SAML2Utils.getSecureIdentifier();
- authResponse.setID(remoteSessionID);
-
-
- //SAML2 response required IssueInstant
- authResponse.setIssueInstant(date);
-
- authResponse.setStatus(SAML2Utils.getSuccessStatus());
-
- //check, if metadata includes an encryption key
- MetadataCredentialResolver mdCredResolver =
- new MetadataCredentialResolver(metadataProvider);
-
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
- criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
-
- X509Credential encryptionCredentials = null;
- try {
- encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
-
- } catch (SecurityException e2) {
- Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
- throw new InvalidAssertionEncryptionException();
-
- }
-
- if (encryptionCredentials != null && enableEncryption) {
- //encrypt SAML2 assertion
-
- try {
-
- EncryptionParameters dataEncParams = new EncryptionParameters();
- dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
-
- List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
- KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
-
- keyEncParam.setEncryptionCredential(encryptionCredentials);
- keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
- KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
- .getKeyInfoGeneratorManager().getDefaultManager()
- .getFactory(encryptionCredentials);
- keyEncParam.setKeyInfoGenerator(kigf.newInstance());
- keyEncParamList.add(keyEncParam);
-
- Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
- //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
- samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
-
- EncryptedAssertion encryptAssertion = null;
-
- encryptAssertion = samlEncrypter.encrypt(assertion);
-
- authResponse.getEncryptedAssertions().add(encryptAssertion);
-
- } catch (EncryptionException e1) {
- Logger.warn("Can not encrypt the PVP2 assertion", e1);
- throw new InvalidAssertionEncryptionException();
-
- }
-
- } else {
- authResponse.getAssertions().add(assertion);
-
- }
-
- return authResponse;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
deleted file mode 100644
index d2a63c72f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSInteger;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSIntegerBuilder;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-
-public class CitizenTokenBuilder {
-
- public static XMLObject buildAttributeStringValue(String value) {
- XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
- XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
- stringValue.setValue(value);
- return stringValue;
- }
-
- public static XMLObject buildAttributeIntegerValue(int value) {
- XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
- XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
- integerValue.setValue(value);
- return integerValue;
- }
-
- public static Attribute buildStringAttribute(String friendlyName,
- String name, String value) {
- Attribute attribute =
- SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.getAttributeValues().add(buildAttributeStringValue(value));
- return attribute;
- }
-
- public static Attribute buildIntegerAttribute(String friendlyName,
- String name, int value) {
- Attribute attribute =
- SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
- return attribute;
- }
-
- public static Attribute buildPVPVersion(String value) {
- return buildStringAttribute("PVP-VERSION",
- "urn:oid:1.2.40.0.10.2.1.1.261.10", value);
- }
-
- public static Attribute buildSecClass(int value) {
- return buildIntegerAttribute("SECCLASS",
- "", value);
- }
-
- public static Attribute buildPrincipalName(String value) {
- return buildStringAttribute("PRINCIPAL-NAME",
- "urn:oid:1.2.40.0.10.2.1.1.261.20", value);
- }
-
- public static Attribute buildGivenName(String value) {
- return buildStringAttribute("GIVEN-NAME",
- "urn:oid:2.5.4.42", value);
- }
-
- public static Attribute buildBirthday(String value) {
- return buildStringAttribute("BIRTHDATE",
- "urn:oid:1.2.40.0.10.2.1.1.55", value);
- }
-
- public static Attribute buildBPK(String value) {
- return buildStringAttribute("BPK",
- "urn:oid:1.2.40.0.10.2.1.1.149", value);
- }
-
- public static Attribute buildEID_CITIZEN_QAALEVEL(int value) {
- return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL",
- "urn:oid:1.2.40.0.10.2.1.1.261.94", value);
- }
-
- public static Attribute buildEID_ISSUING_NATION(String value) {
- return buildStringAttribute("EID-ISSUING-NATION",
- "urn:oid:1.2.40.0.10.2.1.1.261.32", value);
- }
-
- public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) {
- return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER",
- "urn:oid:1.2.40.0.10.2.1.1.261.34", value);
- }
-
-
-// public static AttributeStatement buildCitizenToken(MOARequest obj,
-// AuthenticationSession authSession) {
-// AttributeStatement statement =
-// SAML2Utils.createSAMLObject(AttributeStatement.class);
-//
-// //TL: AuthData generation is moved out from VerifyAuthBlockServlet
-// try {
-//
-// //TODO: LOAD oaParam from request and not from MOASession in case of SSO
-// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-// .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
-//
-// AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
-// oaParam,
-// authSession.getTarget());
-//
-// Attribute pvpVersion = buildPVPVersion("2.1");
-// Attribute secClass = buildSecClass(3);
-// Attribute principalName = buildPrincipalName(authData.getFamilyName());
-// Attribute givenName = buildGivenName(authData.getGivenName());
-// Attribute birthdate = buildBirthday(authData.getDateOfBirth());
-//
-// //TL: getIdentificationValue holds the baseID --> change to pBK
-// Attribute bpk = buildBPK(authData.getBPK());
-//
-// Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
-// Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
-// Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType());
-//
-// statement.getAttributes().add(pvpVersion);
-// statement.getAttributes().add(secClass);
-// statement.getAttributes().add(principalName);
-// statement.getAttributes().add(givenName);
-// statement.getAttributes().add(birthdate);
-// statement.getAttributes().add(bpk);
-// statement.getAttributes().add(eid_citizen_qaa);
-// statement.getAttributes().add(eid_issuing_nation);
-// statement.getAttributes().add(eid_sector_for_id);
-//
-// return statement;
-//
-// } catch (ConfigurationException e) {
-//
-// // TODO: check Exception Handling
-// return null;
-// } catch (BuildException e) {
-//
-// // TODO: check Exception Handling
-// return null;
-// }
-//
-//
-// }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
deleted file mode 100644
index 07da57d2a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ServiceLoader;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class PVPAttributeBuilder {
-
- private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator();
-
- private static HashMap<String, IAttributeBuilder> builders;
-
- private static ServiceLoader<IAttributeBuilder> attributBuilderLoader =
- ServiceLoader.load(IAttributeBuilder.class);
-
- private static void addBuilder(IAttributeBuilder builder) {
- builders.put(builder.getName(), builder);
- }
-
- static {
- builders = new HashMap<String, IAttributeBuilder>();
-
- Logger.info("Loading protocol attribut-builder modules:");
- if (attributBuilderLoader != null ) {
- Iterator<IAttributeBuilder> moduleLoaderInterator = attributBuilderLoader.iterator();
- while (moduleLoaderInterator.hasNext()) {
- try {
- IAttributeBuilder modul = moduleLoaderInterator.next();
- Logger.info("Loading attribut-builder Modul Information: " + modul.getName());
- addBuilder(modul);
-
- } catch(Throwable e) {
- Logger.error("Check configuration! " + "Some attribute-builder modul" +
- " is not a valid IAttributeBuilder", e);
- }
- }
- }
-
- Logger.info("Loading attribute-builder modules done");
-
- }
-
-
- /**
- * Get a specific attribute builder
- *
- * @param name Attribute-builder friendly name
- *
- * @return Attribute-builder with this name or null if builder does not exists
- */
- public static IAttributeBuilder getAttributeBuilder(String name) {
- return builders.get(name);
-
- }
-
- public static Attribute buildAttribute(String name, ISPConfiguration oaParam,
- IAuthData authData) throws PVP2Exception, AttributeBuilderException {
- if (builders.containsKey(name)) {
- try {
- return builders.get(name).build(oaParam, authData, generator);
- }
- catch (AttributeBuilderException e) {
- if (e instanceof UnavailableAttributeException) {
- throw e;
- } else if (e instanceof InvalidDateFormatAttributeException) {
- throw new InvalidDateFormatException();
- } else if (e instanceof NoMandateDataAttributeException) {
- throw new NoMandateDataAvailableException();
- } else {
- throw new UnprovideableAttributeException(name);
- }
- }
- }
- return null;
- }
-
- public static Attribute buildEmptyAttribute(String name) {
- if (builders.containsKey(name)) {
- return builders.get(name).buildEmpty(generator);
- }
- return null;
- }
-
- public static Attribute buildAttribute(String name, String value) {
- if (builders.containsKey(name)) {
- return builders.get(name).buildEmpty(generator);
- }
- return null;
- }
-
-
-
- public static List<Attribute> buildSupportedEmptyAttributes() {
- List<Attribute> attributes = new ArrayList<Attribute>();
- Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
- while (builderIt.hasNext()) {
- IAttributeBuilder builder = builderIt.next();
- Attribute emptyAttribute = builder.buildEmpty(generator);
- if (emptyAttribute != null) {
- attributes.add(emptyAttribute);
- }
- }
- return attributes;
- }
-
- public static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
- RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
- attribute.setIsRequired(required);
- attribute.setName(name);
- attribute.setFriendlyName(friendlyName);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- return attribute;
- }
-
- /**
- * Build a set of PVP Response-Attributes
- * <br><br>
- * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but no execpetion is thrown.
- * Therefore, the return List must not include all requested attributes.
- *
- * @param authData AuthenticationData <code>IAuthData</code> which is used to build the attribute values, but never <code>null</code>
- * @param reqAttributenName List of PVP attribute names which are requested, but never <code>null</code>
- * @return List of PVP attributes, but never <code>null</code>
- */
- public static List<Attribute> buildSetOfResponseAttributes(IAuthData authData,
- Collection<String> reqAttributenName) {
- List<Attribute> attrList = new ArrayList<Attribute>();
- if (reqAttributenName != null) {
- Iterator<String> it = reqAttributenName.iterator();
- while (it.hasNext()) {
- String reqAttributName = it.next();
- try {
- Attribute attr = PVPAttributeBuilder.buildAttribute(
- reqAttributName, null, authData);
- if (attr == null) {
- Logger.info(
- "Attribute generation failed! for "
- + reqAttributName);
-
- } else {
- attrList.add(attr);
-
- }
-
- } catch (PVP2Exception e) {
- Logger.info(
- "Attribute generation failed! for "
- + reqAttributName);
-
- } catch (Exception e) {
- Logger.warn(
- "General Attribute generation failed! for "
- + reqAttributName, e);
-
- }
- }
- }
-
- return attrList;
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
deleted file mode 100644
index a55e873b5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.security.NoSuchAlgorithmException;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-@Service("PVPAuthnRequestBuilder")
-public class PVPAuthnRequestBuilder {
-
- @Autowired(required=true) ApplicationContext springContext;
-
- /**
- * Build a PVP2.x specific authentication request
- *
- * @param pendingReq Currently processed pendingRequest
- * @param config AuthnRequest builder configuration, never null
- * @param idpEntity SAML2 EntityDescriptor of the IDP, which receive this AuthnRequest, never null
- * @param httpResp
- * @throws NoSuchAlgorithmException
- * @throws SecurityException
- * @throws PVP2Exception
- * @throws MessageEncodingException
- */
- public void buildAuthnRequest(IRequest pendingReq, IPVPAuthnRequestBuilderConfiguruation config,
- HttpServletResponse httpResp) throws NoSuchAlgorithmException, MessageEncodingException, PVP2Exception, SecurityException {
- //get IDP Entity element from config
- EntityDescriptor idpEntity = config.getIDPEntityDescriptor();
-
- AuthnRequest authReq = SAML2Utils
- .createSAMLObject(AuthnRequest.class);
-
- //select SingleSignOn Service endpoint from IDP metadata
- SingleSignOnService endpoint = null;
- for (SingleSignOnService sss :
- idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-
- // use POST binding as default if it exists
- if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
- endpoint = sss;
-
- } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
- && endpoint == null )
- endpoint = sss;
-
- }
-
- if (endpoint == null) {
- Logger.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID()
- + " does not support POST or Redirect Binding.");
- throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{config.getSPNameForLogging(), idpEntity.getEntityID()});
-
- } else
- authReq.setDestination(endpoint.getLocation());
-
-
- //set basic AuthnRequest information
- String reqID = config.getRequestID();
- if (MiscUtil.isNotEmpty(reqID))
- authReq.setID(reqID);
-
- else {
- SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
- authReq.setID(gen.generateIdentifier());
-
- }
-
- authReq.setIssueInstant(new DateTime());
-
- //set isPassive flag
- if (config.isPassivRequest() == null)
- authReq.setIsPassive(false);
- else
- authReq.setIsPassive(config.isPassivRequest());
-
- //set EntityID of the service provider
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setFormat(NameIDType.ENTITY);
- issuer.setValue(config.getSPEntityID());
- authReq.setIssuer(issuer);
-
- //set AssertionConsumerService ID
- if (config.getAssertionConsumerServiceId() != null)
- authReq.setAssertionConsumerServiceIndex(config.getAssertionConsumerServiceId());
-
- //set NameIDPolicy
- if (config.getNameIDPolicyFormat() != null) {
- NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class);
- policy.setAllowCreate(config.getNameIDPolicyAllowCreation());
- policy.setFormat(config.getNameIDPolicyFormat());
- authReq.setNameIDPolicy(policy);
- }
-
- //set requested QAA level
- if (config.getAuthnContextClassRef() != null) {
- RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
- AuthnContextClassRef authnClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-
- authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRef());
-
- if (config.getAuthnContextComparison() == null)
- reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
- else
- reqAuthContext.setComparison(config.getAuthnContextComparison());
-
- reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
- authReq.setRequestedAuthnContext(reqAuthContext);
- }
-
- //set request Subject element
- if (MiscUtil.isNotEmpty(config.getSubjectNameID())) {
- Subject reqSubject = SAML2Utils.createSAMLObject(Subject.class);
- NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-
- subjectNameID.setValue(config.getSubjectNameID());
- if (MiscUtil.isNotEmpty(config.getSubjectNameIDQualifier()))
- subjectNameID.setNameQualifier(config.getSubjectNameIDQualifier());
-
- if (MiscUtil.isNotEmpty(config.getSubjectNameIDFormat()))
- subjectNameID.setFormat(config.getSubjectNameIDFormat());
- else
- subjectNameID.setFormat(NameID.TRANSIENT);
-
- reqSubject.setNameID(subjectNameID);
-
- if (config.getSubjectConformationDate() != null) {
- SubjectConfirmation subjectConformation = SAML2Utils.createSAMLObject(SubjectConfirmation.class);
- SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);
- subjectConformation.setSubjectConfirmationData(subjectConformDate);
- reqSubject.getSubjectConfirmations().add(subjectConformation );
-
- if (config.getSubjectConformationMethode() != null)
- subjectConformation.setMethod(config.getSubjectConformationMethode());
-
- subjectConformDate.setDOM(config.getSubjectConformationDate());
-
- }
-
- authReq.setSubject(reqSubject );
-
- }
-
- //TODO: implement requested attributes
- //maybe: config.getRequestedAttributes();
-
- //select message encoder
- IEncoder binding = null;
- if (endpoint.getBinding().equals(
- SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-
- } else if (endpoint.getBinding().equals(
- SAMLConstants.SAML2_POST_BINDING_URI)) {
- binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
-
- }
-
- //encode message
- binding.encodeRequest(null, httpResp, authReq,
- endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
deleted file mode 100644
index e2ac50e5e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ /dev/null
@@ -1,442 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.KeyDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.SecurityHelper;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.Signer;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Document;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-
-@Service("PVPMetadataBuilder")
-public class PVPMetadataBuilder {
-
- X509KeyInfoGeneratorFactory keyInfoFactory = null;
-
- /**
- *
- */
- public PVPMetadataBuilder() {
- keyInfoFactory = new X509KeyInfoGeneratorFactory();
- keyInfoFactory.setEmitEntityIDAsKeyName(true);
- keyInfoFactory.setEmitEntityCertificate(true);
-
- }
-
-
- /**
- *
- * Build PVP 2.1 conform SAML2 metadata
- *
- * @param config
- * PVPMetadataBuilder configuration
- *
- * @return PVP metadata as XML String
- * @throws SecurityException
- * @throws ConfigurationException
- * @throws CredentialsNotAvailableException
- * @throws TransformerFactoryConfigurationError
- * @throws MarshallingException
- * @throws TransformerException
- * @throws ParserConfigurationException
- * @throws IOException
- * @throws SignatureException
- */
- public String buildPVPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, ConfigurationException, SecurityException, TransformerFactoryConfigurationError, MarshallingException, TransformerException, ParserConfigurationException, IOException, SignatureException {
- DateTime date = new DateTime();
- EntityDescriptor entityDescriptor = SAML2Utils
- .createSAMLObject(EntityDescriptor.class);
-
- //set entityID
- entityDescriptor.setEntityID(config.getEntityID());
-
- //set contact and organisation information
- List<ContactPerson> contactPersons = config.getContactPersonInformation();
- if (contactPersons != null)
- entityDescriptor.getContactPersons().addAll(contactPersons);
-
- Organization organisation = config.getOrgansiationInformation();
- if (organisation != null)
- entityDescriptor.setOrganization(organisation);
-
- //set IDP metadata
- if (config.buildIDPSSODescriptor()) {
- RoleDescriptor idpSSODesc = generateIDPMetadata(config);
- if (idpSSODesc != null)
- entityDescriptor.getRoleDescriptors().add(idpSSODesc);
-
- }
-
- //set SP metadata for interfederation
- if (config.buildSPSSODescriptor()) {
- RoleDescriptor spSSODesc = generateSPMetadata(config);
- if (spSSODesc != null)
- entityDescriptor.getRoleDescriptors().add(spSSODesc);
-
- }
-
- //set metadata signature parameters
- Credential metadataSignCred = config.getMetadataSigningCredentials();
- Signature signature = AbstractCredentialProvider.getIDPSignature(metadataSignCred);
- SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
-
- //initialize XML document builder
- DocumentBuilder builder;
- DocumentBuilderFactory factory = DocumentBuilderFactory
- .newInstance();
-
- builder = factory.newDocumentBuilder();
- Document document = builder.newDocument();
-
-
- //build entities descriptor
- if (config.buildEntitiesDescriptorAsRootElement()) {
- EntitiesDescriptor entitiesDescriptor =
- SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
- entitiesDescriptor.setName(config.getEntityFriendlyName());
- entitiesDescriptor.setID(SAML2Utils.getSecureIdentifier());
- entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
- entitiesDescriptor.getEntityDescriptors().add(entityDescriptor);
-
- //load default PVP security configurations
- MOADefaultBootstrap.initializeDefaultPVPConfiguration();
- entitiesDescriptor.setSignature(signature);
-
-
- //marshall document
- Marshaller out = Configuration.getMarshallerFactory()
- .getMarshaller(entitiesDescriptor);
- out.marshall(entitiesDescriptor, document);
-
- } else {
- entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
- entityDescriptor.setID(SAML2Utils.getSecureIdentifier());
-
- entityDescriptor.setSignature(signature);
-
-
-
- //marshall document
- Marshaller out = Configuration.getMarshallerFactory()
- .getMarshaller(entityDescriptor);
- out.marshall(entityDescriptor, document);
-
- }
-
- //sign metadata
- Signer.signObject(signature);
-
- //transform metadata object to XML string
- Transformer transformer = TransformerFactory.newInstance()
- .newTransformer();
-
- StringWriter sw = new StringWriter();
- StreamResult sr = new StreamResult(sw);
- DOMSource source = new DOMSource(document);
- transformer.transform(source, sr);
- sw.close();
-
- return sw.toString();
- }
-
-
- private RoleDescriptor generateSPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, ConfigurationException {
- SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class);
- spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
- spSSODescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned());
- spSSODescriptor.setWantAssertionsSigned(config.wantAssertionSigned());
-
- KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-
- //Set AuthRequest Signing certificate
- Credential authcredential = config.getRequestorResponseSigningCredentials();
- if (authcredential == null) {
- Logger.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. ");
- return null;
-
- } else {
- KeyDescriptor signKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- signKeyDescriptor.setUse(UsageType.SIGNING);
- signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
- spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
- }
-
- //Set assertion encryption credentials
- Credential authEncCredential = config.getEncryptionCredentials();
-
- if (authEncCredential != null) {
- KeyDescriptor encryKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
- encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));
- spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
-
- } else {
- Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
-
- }
-
- //check nameID formates
- if (config.getSPAllowedNameITTypes() == null || config.getSPAllowedNameITTypes().size() == 0) {
- Logger.warn("SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
- return null;
-
- } else {
- for (String format : config.getSPAllowedNameITTypes()) {
- NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- nameIDFormat.setFormat(format);
- spSSODescriptor.getNameIDFormats().add(nameIDFormat);
-
- }
- }
-
-
- //add POST-Binding assertion consumer services
- if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServicePostBindingURL())) {
- AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
- postassertionConsumerService.setIndex(0);
- postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- postassertionConsumerService.setLocation(config.getSPAssertionConsumerServicePostBindingURL());
- postassertionConsumerService.setIsDefault(true);
- spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
-
- }
-
- //add POST-Binding assertion consumer services
- if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServiceRedirectBindingURL())) {
- AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
- redirectassertionConsumerService.setIndex(1);
- redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- redirectassertionConsumerService.setLocation(config.getSPAssertionConsumerServiceRedirectBindingURL());
- spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
-
- }
-
- //validate WebSSO endpoints
- if (spSSODescriptor.getAssertionConsumerServices().size() == 0) {
- Logger.warn("SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. ");
- return null;
-
- }
-
- //add POST-Binding SLO descriptor
- if (MiscUtil.isNotEmpty(config.getSPSLOPostBindingURL())) {
- SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- postSLOService.setLocation(config.getSPSLOPostBindingURL());
- postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- spSSODescriptor.getSingleLogoutServices().add(postSLOService);
-
- }
-
- //add POST-Binding SLO descriptor
- if (MiscUtil.isNotEmpty(config.getSPSLORedirectBindingURL())) {
- SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- redirectSLOService.setLocation(config.getSPSLORedirectBindingURL());
- redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-
- }
-
- //add POST-Binding SLO descriptor
- if (MiscUtil.isNotEmpty(config.getSPSLOSOAPBindingURL())) {
- SingleLogoutService soapSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- soapSLOService.setLocation(config.getSPSLOSOAPBindingURL());
- soapSLOService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
- spSSODescriptor.getSingleLogoutServices().add(soapSLOService);
-
- }
-
-
- //add required attributes
- List<RequestedAttribute> reqSPAttr = config.getSPRequiredAttributes();
- AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);
-
- attributeService.setIndex(0);
- attributeService.setIsDefault(true);
- ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
- serviceName.setName(new LocalizedString("Default Service", "en"));
- attributeService.getNames().add(serviceName);
-
- if (reqSPAttr != null && reqSPAttr.size() > 0) {
- Logger.debug("Add " + reqSPAttr.size() + " attributes to SP metadata");
- attributeService.getRequestAttributes().addAll(reqSPAttr);
-
- } else {
- Logger.debug("SP metadata contains NO requested attributes.");
-
- }
-
- spSSODescriptor.getAttributeConsumingServices().add(attributeService);
-
- return spSSODescriptor;
- }
-
- private IDPSSODescriptor generateIDPMetadata(IPVPMetadataBuilderConfiguration config) throws ConfigurationException, CredentialsNotAvailableException, SecurityException {
- //check response signing credential
- Credential responseSignCred = config.getRequestorResponseSigningCredentials();
- if (responseSignCred == null) {
- Logger.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. ");
- return null;
-
- }
-
- //check nameID formates
- if (config.getIDPPossibleNameITTypes() == null || config.getIDPPossibleNameITTypes().size() == 0) {
- Logger.warn("IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
- return null;
-
- }
-
- // build SAML2 IDP-SSO descriptor element
- IDPSSODescriptor idpSSODescriptor = SAML2Utils
- .createSAMLObject(IDPSSODescriptor.class);
-
- idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-
- //set ass default value, because PVP 2.x specification defines this feature as MUST
- idpSSODescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned());
-
- // add WebSSO descriptor for POST-Binding
- if (MiscUtil.isNotEmpty(config.getIDPWebSSOPostBindingURL())) {
- SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
- postSingleSignOnService.setLocation(config.getIDPWebSSOPostBindingURL());
- postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-
- }
-
- // add WebSSO descriptor for Redirect-Binding
- if (MiscUtil.isNotEmpty(config.getIDPWebSSORedirectBindingURL())) {
- SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
- postSingleSignOnService.setLocation(config.getIDPWebSSORedirectBindingURL());
- postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-
- }
-
- //add Single LogOut POST-Binding endpoing
- if (MiscUtil.isNotEmpty(config.getIDPSLOPostBindingURL())) {
- SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- postSLOService.setLocation(config.getIDPSLOPostBindingURL());
- postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- idpSSODescriptor.getSingleLogoutServices().add(postSLOService);
-
- }
-
- //add Single LogOut Redirect-Binding endpoing
- if (MiscUtil.isNotEmpty(config.getIDPSLORedirectBindingURL())) {
- SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- redirectSLOService.setLocation(config.getIDPSLORedirectBindingURL());
- redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-
- }
-
- //validate WebSSO endpoints
- if (idpSSODescriptor.getSingleSignOnServices().size() == 0) {
- Logger.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. ");
- return null;
-
- }
-
- //set assertion signing key
- KeyDescriptor signKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- signKeyDescriptor.setUse(UsageType.SIGNING);
- KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
- signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(config.getRequestorResponseSigningCredentials()));
- idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
- //set IDP attribute set
- idpSSODescriptor.getAttributes().addAll(config.getIDPPossibleAttributes());
-
- //set providable nameID formats
- for (String format : config.getIDPPossibleNameITTypes()) {
- NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- nameIDFormat.setFormat(format);
- idpSSODescriptor.getNameIDFormats().add(nameIDFormat);
-
- }
-
- return idpSSODescriptor;
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index a1d7f5d3a..53606b341 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -75,37 +75,39 @@ import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.StringRedirectDeflateEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -120,14 +122,15 @@ public class SingleLogOutBuilder {
@Autowired(required=true) ApplicationContext springContext;
@Autowired private IDPCredentialProvider credentialProvider;
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
- @Autowired private IGUIFormBuilder guiBuilder;
+ @Autowired private IGUIFormBuilder guiBuilder;
@Autowired(required=true) protected IRevisionLogger revisionsLogger;
@Autowired private ITransactionStorage transactionStorage;
+ @Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
public static final int SLOTIMEOUT = 30 * 1000; //30 sec
public void toTechnicalLogout(ISLOInformationContainer sloContainer,
- HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException {
+ HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws EAAFException {
Logger.trace("Starting Service-Provider logout process ... ");
revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);
@@ -174,7 +177,7 @@ public class SingleLogOutBuilder {
}
IRequest pendingReq = null;
- PVPTargetConfiguration pvpReq = null;
+ PVPSProfilePendingRequest pvpReq = null;
//start service provider front channel logout process
try {
if (sloContainer.hasFrontChannelOA()) {
@@ -221,9 +224,9 @@ public class SingleLogOutBuilder {
} else {
pendingReq = sloContainer.getSloRequest();
- if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) {
+ if (pendingReq != null && pendingReq instanceof PVPSProfilePendingRequest) {
//send SLO response to SLO request issuer
- pvpReq = (PVPTargetConfiguration)pendingReq;
+ pvpReq = (PVPSProfilePendingRequest)pendingReq;
SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
@@ -321,10 +324,11 @@ public class SingleLogOutBuilder {
* @param httpResp
* @param relayState
* @return
+ * @throws CredentialsNotAvailableException
*/
public String getFrontChannelSLOMessageURL(String serviceURL, String bindingType,
RequestAbstractType sloReq, HttpServletRequest httpReq,
- HttpServletResponse httpResp, String relayState) throws MOAIDException {
+ HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
try {
X509Credential credentials = credentialProvider
@@ -332,7 +336,7 @@ public class SingleLogOutBuilder {
Logger.debug("create SAML RedirectBinding response");
- MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();
+ StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
SingleLogoutService service = new SingleLogoutServiceBuilder()
.buildObject();
@@ -356,7 +360,7 @@ public class SingleLogOutBuilder {
public String getFrontChannelSLOMessageURL(SingleLogoutService service,
StatusResponseType sloResp, HttpServletRequest httpReq,
- HttpServletResponse httpResp, String relayState) throws MOAIDException {
+ HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
try {
X509Credential credentials = credentialProvider
@@ -364,7 +368,7 @@ public class SingleLogOutBuilder {
Logger.debug("create SAML RedirectBinding response");
- MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();
+ StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
context.setOutboundSAMLMessageSigningCredential(credentials);
context.setPeerEntityEndpoint(service);
@@ -384,7 +388,7 @@ public class SingleLogOutBuilder {
public void sendFrontChannelSLOMessage(SingleLogoutService consumerService,
LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp,
- String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException {
+ String relayState, PVPSProfilePendingRequest pvpReq) throws MOAIDException, PVP2Exception, CredentialsNotAvailableException {
IEncoder binding = null;
if (consumerService.getBinding().equals(
SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
@@ -417,7 +421,7 @@ public class SingleLogOutBuilder {
}
- public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException {
+ public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws EAAFException {
LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
SecureRandomIdentifierGenerator gen;
@@ -433,7 +437,7 @@ public class SingleLogOutBuilder {
DateTime now = new DateTime();
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL()));
+ issuer.setValue(pvpBasicConfiguration.getIDPEntityId(sloDescr.getAuthURL()));
issuer.setFormat(NameID.ENTITY);
sloReq.setIssuer(issuer);
sloReq.setIssueInstant(now);
@@ -477,7 +481,7 @@ public class SingleLogOutBuilder {
return sloReq;
}
- public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException {
+ public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, String firstLevelStatusCode) throws EAAFException {
LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
Status status = SAML2Utils.createSAMLObject(Status.class);
@@ -494,7 +498,7 @@ public class SingleLogOutBuilder {
return sloResp;
}
- public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws MOAIDException {
+ public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, List<String> failedOAs) throws EAAFException {
LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
Status status;
@@ -519,11 +523,10 @@ public class SingleLogOutBuilder {
}
- private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException {
+ private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest) throws EAAFException {
LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
- spRequest.getAuthURLWithOutSlash()));
+ issuer.setValue(pvpBasicConfiguration.getIDPEntityId(spRequest.getAuthURLWithOutSlash()));
issuer.setFormat(NameID.ENTITY);
sloResp.setIssuer(issuer);
sloResp.setIssueInstant(new DateTime());
@@ -540,9 +543,9 @@ public class SingleLogOutBuilder {
}
- if (spRequest.getRequest() instanceof MOARequest &&
- ((MOARequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
- LogoutRequest sloReq = (LogoutRequest) ((MOARequest)spRequest.getRequest()).getSamlRequest();
+ if (spRequest.getRequest() instanceof PVPSProfileRequest &&
+ ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
+ LogoutRequest sloReq = (LogoutRequest) ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest();
sloResp.setInResponseTo(sloReq.getID());
}
@@ -592,8 +595,8 @@ public class SingleLogOutBuilder {
}
- public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
- MOARequest moaReq = (MOARequest) spRequest.getRequest();
+ public SingleLogoutService getResponseSLODescriptor(PVPSProfilePendingRequest spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
+ PVPSProfileRequest moaReq = (PVPSProfileRequest) spRequest.getRequest();
EntityDescriptor metadata = moaReq.getEntityMetadata(metadataProvider);
SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
@@ -655,7 +658,8 @@ public class SingleLogOutBuilder {
oa.getUserNameID(),
oa.getUserNameIDFormat(),
oa.getProtocolType(),
- sloDesc));
+ sloDesc.getBinding(),
+ sloDesc.getLocation()));
else
container.getActiveFrontChannalOAs().put(oa.getOaurlprefix(),
@@ -666,7 +670,8 @@ public class SingleLogOutBuilder {
oa.getUserNameID(),
oa.getUserNameIDFormat(),
oa.getProtocolType(),
- sloDesc));
+ sloDesc.getBinding(),
+ sloDesc.getLocation()));
} catch (NOSLOServiceDescriptorException e) {
container.putFailedOA(oa.getOaurlprefix());
@@ -707,7 +712,8 @@ public class SingleLogOutBuilder {
el.getUserNameID(),
NameID.TRANSIENT,
PVP2XProtocol.NAME,
- sloDesc));
+ sloDesc.getBinding(),
+ sloDesc.getLocation()));
} catch (NOSLOServiceDescriptorException e) {
container.putFailedOA(el.getIdpurlprefix());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
deleted file mode 100644
index 056e2bba0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ /dev/null
@@ -1,543 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
-
-import java.security.MessageDigest;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.w3c.dom.Element;
-
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.util.LoALevelMapper;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
-import at.gv.egovernment.moa.id.util.QAALevelVerifier;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class PVP2AssertionBuilder implements PVPConstants {
-
- /**
- * Build a PVP assertion as response for a SAML2 AttributeQuery request
- *
- * @param issuerEntityID EnitiyID, which should be used for this IDP response
- * @param attrQuery AttributeQuery request from Service-Provider
- * @param attrList List of PVP response attributes
- * @param now Current time
- * @param validTo ValidTo time of the assertion
- * @param qaaLevel QAA level of the authentication
- * @param sessionIndex SAML2 SessionIndex, which should be included *
- * @return PVP 2.1 Assertion
- * @throws ConfigurationException
- */
- public static Assertion buildAssertion(String issuerEntityID, AttributeQuery attrQuery,
- List<Attribute> attrList, DateTime now, DateTime validTo, String qaaLevel, String sessionIndex) throws ConfigurationException {
-
- AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
- authnContextClassRef.setAuthnContextClassRef(qaaLevel);
-
- NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
- subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
- subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue());
-
- SubjectConfirmationData subjectConfirmationData = null;
-
- return buildGenericAssertion(issuerEntityID, attrQuery.getIssuer().getValue(), now,
- authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex,
- validTo);
- }
-
-
- /**
- * Build a PVP 2.1 assertion as response of a SAML2 AuthnRequest
- *
- * @param issuerEntityID EnitiyID, which should be used for this IDP response
- * @param pendingReq Current processed pendingRequest DAO
- * @param authnRequest Current processed PVP AuthnRequest
- * @param authData AuthenticationData of the user, which is already authenticated
- * @param peerEntity SAML2 EntityDescriptor of the service-provider, which receives the response
- * @param date TimeStamp
- * @param assertionConsumerService SAML2 endpoint of the service-provider, which should be used
- * @param sloInformation Single LogOut information DAO
- * @return
- * @throws MOAIDException
- */
- public static Assertion buildAssertion(String issuerEntityID, PVPTargetConfiguration pendingReq, AuthnRequest authnRequest,
- IAuthData authData, EntityDescriptor peerEntity, DateTime date,
- AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
- throws MOAIDException {
-
- RequestedAuthnContext reqAuthnContext = authnRequest
- .getRequestedAuthnContext();
-
- AuthnContextClassRef authnContextClassRef = SAML2Utils
- .createSAMLObject(AuthnContextClassRef.class);
-
- ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
-
- if (reqAuthnContext == null) {
- authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-
- } else {
-
- boolean eIDAS_qaa_found = false;
-
- List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
- .getAuthnContextClassRefs();
-
- if (reqAuthnContextClassRefIt.size() == 0) {
- QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH);
-
- eIDAS_qaa_found = true;
- authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH);
-
- } else {
- for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
- String qaa_uri = authnClassRef.getAuthnContextClassRef();
-
- if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) {
- Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... ");
- qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim());
-
- }
-
- if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH)
- || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL)
- || qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) {
-
- if (authData.isForeigner()) {
- QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence());
-
- eIDAS_qaa_found = true;
- authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-
- } else {
-
- QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(),
- qaa_uri.trim());
-
- eIDAS_qaa_found = true;
- authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-
- }
- break;
- }
- }
- }
-
- if (!eIDAS_qaa_found)
- throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH);
-
- }
-
-
-
- SPSSODescriptor spSSODescriptor = peerEntity
- .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
- //add Attributes to Assertion
- List<Attribute> attrList = new ArrayList<Attribute>();
- if (spSSODescriptor.getAttributeConsumingServices() != null &&
- spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-
- Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
- int idx = 0;
-
- AttributeConsumingService attributeConsumingService = null;
- if (aIdx != null) {
- idx = aIdx.intValue();
- attributeConsumingService = spSSODescriptor
- .getAttributeConsumingServices().get(idx);
-
- } else {
- List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
- for (AttributeConsumingService el : attrConsumingServiceList) {
- if (el.isDefault())
- attributeConsumingService = el;
- }
- }
-
- /*
- * TODO: maybe use first AttributeConsumingService if no is selected
- * in request or on service is marked as default
- *
- */
- if (attributeConsumingService == null ) {
- List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
- if (attrConsumingServiceList != null && !attrConsumingServiceList.isEmpty())
- attributeConsumingService = attrConsumingServiceList.get(0);
-
- }
-
-
- if (attributeConsumingService != null) {
- Iterator<RequestedAttribute> it = attributeConsumingService
- .getRequestAttributes().iterator();
- while (it.hasNext()) {
- RequestedAttribute reqAttribut = it.next();
- try {
- Attribute attr = PVPAttributeBuilder.buildAttribute(
- reqAttribut.getName(), oaParam, authData);
- if (attr == null) {
- if (reqAttribut.isRequired()) {
- throw new UnprovideableAttributeException(
- reqAttribut.getName());
- }
- } else {
- attrList.add(attr);
- }
-
- } catch (UnavailableAttributeException e) {
- Logger.info(
- "Attribute generation for "
- + reqAttribut.getFriendlyName() + " not possible.");
- if (reqAttribut.isRequired()) {
- throw new UnprovideableAttributeException(
- reqAttribut.getName());
- }
-
-
- } catch (PVP2Exception e) {
- Logger.info(
- "Attribute generation failed! for "
- + reqAttribut.getFriendlyName());
- if (reqAttribut.isRequired()) {
- throw new UnprovideableAttributeException(
- reqAttribut.getName());
- }
-
- } catch (Exception e) {
- Logger.warn(
- "General Attribute generation failed! for "
- + reqAttribut.getFriendlyName(), e);
- if (reqAttribut.isRequired()) {
- throw new UnprovideableAttributeException(
- reqAttribut.getName());
- }
-
- }
- }
- }
- }
-
- NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-
- //build nameID and nameID Format from moasession
- //TODO: nameID generation
- if (authData instanceof IMOAAuthData &&
- ((IMOAAuthData)authData).isUseMandate()) {
- String bpktype = null;
- String bpk = null;
-
- Element mandate = ((IMOAAuthData)authData).getMandate();
- if(mandate != null) {
- Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
- }
- CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
- PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
-
- IdentificationType id;
- if(corporation != null && corporation.getIdentification().size() > 0)
- id = corporation.getIdentification().get(0);
-
-
- else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
- id = pysicalperson.getIdentification().get(0);
-
- else {
- Logger.error("Failed to generate IdentificationType");
- throw new NoMandateDataAvailableException();
- }
-
- bpktype = id.getType();
- bpk = id.getValue().getValue();
-
- } else {
- Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
- bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
- bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);
-
- if (MiscUtil.isEmpty(bpk)) {
- //no sourcePin is included --> search for bPK
- bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
-
- try {
- if (bpk.contains(":"))
- bpk = bpk.split(":")[1];
-
- } catch (Exception e) {
- Logger.warn("Can not split bPK from mandator attribute!", e);
-
- }
-
- //set bPK-Type from configuration, because it MUST be equal to service-provider type
- bpktype = oaParam.getAreaSpecificTargetIdentifier();
-
- } else {
- //sourcePin is include --> check sourcePinType
- if (MiscUtil.isEmpty(bpktype))
- bpktype = Constants.URN_PREFIX_BASEID;
-
- }
- }
-
- if (MiscUtil.isEmpty(bpk) || MiscUtil.isEmpty(bpktype)) {
- throw new NoMandateDataAvailableException();
-
- }
-
- if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {
- Pair<String, String> calcbPK = new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, oaParam.getAreaSpecificTargetIdentifier());
- subjectNameID.setValue(calcbPK.getFirst());
- subjectNameID.setNameQualifier(calcbPK.getSecond());
-
-
- } else {
- subjectNameID.setNameQualifier(bpktype);
- subjectNameID.setValue(bpk);
- }
-
- } else {
- subjectNameID.setNameQualifier(authData.getBPKType());
- subjectNameID.setValue(authData.getBPK());
- }
-
- String nameIDFormat = NameID.TRANSIENT;
-
- //get NameIDFormat from request
- AuthnRequest authnReq = (AuthnRequestImpl) authnRequest;
- if (authnReq.getNameIDPolicy() != null &&
- MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) {
- nameIDFormat = authnReq.getNameIDPolicy().getFormat();
-
- } else {
- //get NameIDFormat from metadata
- List<NameIDFormat> metadataNameIDFormats = spSSODescriptor.getNameIDFormats();
-
- if (metadataNameIDFormats != null) {
-
- for (NameIDFormat el : metadataNameIDFormats) {
- if (NameID.PERSISTENT.equals(el.getFormat())) {
- nameIDFormat = NameID.PERSISTENT;
- break;
-
- } else if (NameID.TRANSIENT.equals(el.getFormat()) ||
- NameID.UNSPECIFIED.equals(el.getFormat()))
- break;
-
- }
- }
- }
-
- if (NameID.TRANSIENT.equals(nameIDFormat) || NameID.UNSPECIFIED.equals(nameIDFormat)) {
- String random = Random.nextRandom();
- String nameID = subjectNameID.getValue();
-
- try {
- MessageDigest md = MessageDigest.getInstance("SHA-1");
- byte[] hash = md.digest((nameID + random).getBytes("ISO-8859-1"));
- subjectNameID.setValue(Base64Utils.encode(hash));
- subjectNameID.setNameQualifier(null);
- subjectNameID.setFormat(NameID.TRANSIENT);
-
- } catch (Exception e) {
- Logger.warn("PVP2 subjectNameID error", e);
- throw new MOAIDException("pvp2.13", null, e);
- }
-
- } else
- subjectNameID.setFormat(nameIDFormat);
-
-
- String sessionIndex = null;
-
- //if request is a reauthentication and NameIDFormat match reuse old session information
- if (MiscUtil.isNotEmpty(authData.getNameID()) &&
- MiscUtil.isNotEmpty(authData.getNameIDFormat()) &&
- nameIDFormat.equals(authData.getNameIDFormat())) {
- subjectNameID.setValue(authData.getNameID());
- sessionIndex = authData.getSessionIndex();
-
- }
-
- //
- if (MiscUtil.isEmpty(sessionIndex))
- sessionIndex = SAML2Utils.getSecureIdentifier();
-
- SubjectConfirmationData subjectConfirmationData = SAML2Utils
- .createSAMLObject(SubjectConfirmationData.class);
- subjectConfirmationData.setInResponseTo(authnRequest.getID());
- subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
-// subjectConfirmationData.setNotBefore(date);
-
- //set 'recipient' attribute in subjectConformationData
- subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
-
- //set IP address of the user machine as 'Address' attribute in subjectConformationData
- String usersIPAddress = pendingReq.getGenericData(
- PVPTargetConfiguration.DATAID_REQUESTER_IP_ADDRESS, String.class);
- if (MiscUtil.isNotEmpty(usersIPAddress))
- subjectConfirmationData.setAddress(usersIPAddress);
-
- //set SLO information
- sloInformation.setUserNameIdentifier(subjectNameID.getValue());
- sloInformation.setNameIDFormat(subjectNameID.getFormat());
- sloInformation.setSessionIndex(sessionIndex);
-
- return buildGenericAssertion(issuerEntityID, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
- }
-
- /**
- *
- * @param issuer IDP EntityID
- * @param entityID Service Provider EntityID
- * @param date
- * @param authnContextClassRef
- * @param attrList
- * @param subjectNameID
- * @param subjectConfirmationData
- * @param sessionIndex
- * @param isValidTo
- * @return
- * @throws ConfigurationException
- */
-
- public static Assertion buildGenericAssertion(String issuer, String entityID, DateTime date,
- AuthnContextClassRef authnContextClassRef, List<Attribute> attrList,
- NameID subjectNameID, SubjectConfirmationData subjectConfirmationData,
- String sessionIndex, DateTime isValidTo) throws ConfigurationException {
- Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
-
- AuthnContext authnContext = SAML2Utils
- .createSAMLObject(AuthnContext.class);
- authnContext.setAuthnContextClassRef(authnContextClassRef);
-
- AuthnStatement authnStatement = SAML2Utils
- .createSAMLObject(AuthnStatement.class);
-
- authnStatement.setAuthnInstant(date);
- authnStatement.setSessionIndex(sessionIndex);
- authnStatement.setAuthnContext(authnContext);
-
- assertion.getAuthnStatements().add(authnStatement);
-
- AttributeStatement attributeStatement = SAML2Utils
- .createSAMLObject(AttributeStatement.class);
- attributeStatement.getAttributes().addAll(attrList);
- if (attributeStatement.getAttributes().size() > 0) {
- assertion.getAttributeStatements().add(attributeStatement);
- }
-
- Subject subject = SAML2Utils.createSAMLObject(Subject.class);
- subject.setNameID(subjectNameID);
-
- SubjectConfirmation subjectConfirmation = SAML2Utils
- .createSAMLObject(SubjectConfirmation.class);
- subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
- subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
-
- subject.getSubjectConfirmations().add(subjectConfirmation);
-
- Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
- AudienceRestriction audienceRestriction = SAML2Utils
- .createSAMLObject(AudienceRestriction.class);
- Audience audience = SAML2Utils.createSAMLObject(Audience.class);
-
- audience.setAudienceURI(entityID);
- audienceRestriction.getAudiences().add(audience);
- conditions.setNotBefore(date);
- conditions.setNotOnOrAfter(isValidTo);
-
- conditions.getAudienceRestrictions().add(audienceRestriction);
-
- assertion.setConditions(conditions);
-
- Issuer issuerObj = SAML2Utils.createSAMLObject(Issuer.class);
-
- if (issuer.endsWith("/"))
- issuer = issuer.substring(0, issuer.length()-1);
- issuerObj.setValue(issuer);
- issuerObj.setFormat(NameID.ENTITY);
-
- assertion.setIssuer(issuerObj);
- assertion.setSubject(subject);
- assertion.setID(SAML2Utils.getSecureIdentifier());
- assertion.setIssueInstant(date);
-
- return assertion;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
deleted file mode 100644
index 6ccacd6c8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSInteger;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSIntegerBuilder;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-
-public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
-
- private XMLObject buildAttributeStringValue(String value) {
- XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
- XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
- stringValue.setValue(value);
- return stringValue;
- }
-
- private XMLObject buildAttributeIntegerValue(int value) {
- XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
- XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
- integerValue.setValue(value);
- return integerValue;
- }
-
- public Attribute buildStringAttribute(final String friendlyName, final String name, final String value) {
- Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- attribute.getAttributeValues().add(buildAttributeStringValue(value));
- return attribute;
- }
-
- public Attribute buildIntegerAttribute(final String friendlyName, final String name, final int value) {
- Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
- return attribute;
- }
-
- public Attribute buildEmptyAttribute(final String friendlyName, final String name) {
- Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- return attribute;
- }
-
- public Attribute buildLongAttribute(String friendlyName, String name, long value) {
- Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value));
- return attribute;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
index c0fb5bf5b..d4c94e5c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
@@ -32,11 +32,12 @@ import org.opensaml.saml2.metadata.Organization;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.xml.security.credential.Credential;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -48,16 +49,18 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
private static final int VALIDUNTIL_IN_HOURS = 24;
private String authURL;
- private IDPCredentialProvider credentialProvider;
+ private AbstractCredentialProvider credentialProvider;
+ private PVPConfiguration pvpBasicConfiguration;
- public IDPPVPMetadataConfiguration(String authURL, IDPCredentialProvider credentialProvider) {
+ public IDPPVPMetadataConfiguration(String authURL, AbstractCredentialProvider pvpIDPCredentials, PVPConfiguration pvpBasicConfiguration) {
this.authURL = authURL;
- this.credentialProvider = credentialProvider;
+ this.credentialProvider = pvpIDPCredentials;
+ this.pvpBasicConfiguration = pvpBasicConfiguration;
}
public String getDefaultActionName() {
- return (PVP2XProtocol.METADATA);
+ return (PVPConstants.METADATA);
}
/* (non-Javadoc)
@@ -98,7 +101,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
@Override
public String getEntityID() {
try {
- return PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
+ return pvpBasicConfiguration.getIDPSSOMetadataService(authURL);
} catch (ConfigurationException e) {
Logger.error("Can not load Metadata entry: EntityID", e);
@@ -113,7 +116,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
@Override
public String getEntityFriendlyName() {
try {
- return PVPConfiguration.getInstance().getIDPIssuerName();
+ return pvpBasicConfiguration.getIDPIssuerName();
} catch (ConfigurationException e) {
Logger.error("Can not load Metadata entry: EntityID friendlyName.", e);
@@ -129,7 +132,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
@Override
public List<ContactPerson> getContactPersonInformation() {
try {
- return PVPConfiguration.getInstance().getIDPContacts();
+ return pvpBasicConfiguration.getIDPContacts();
} catch (ConfigurationException e) {
Logger.warn("Can not load Metadata entry: Contect Person", e);
@@ -145,7 +148,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
@Override
public Organization getOrgansiationInformation() {
try {
- return PVPConfiguration.getInstance().getIDPOrganisation();
+ return pvpBasicConfiguration.getIDPOrganisation();
} catch (ConfigurationException e) {
Logger.warn("Can not load Metadata entry: Organisation", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
deleted file mode 100644
index 814a2387d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.xml.security.credential.Credential;
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPAuthnRequestBuilderConfiguruation {
-
- /**
- * Defines a unique name for this PVP Service-provider, which is used for logging
- *
- * @return
- */
- public String getSPNameForLogging();
-
- /**
- * If true, the SAML2 isPassive flag is set in the AuthnRequest
- *
- * @return
- */
- public Boolean isPassivRequest();
-
- /**
- * Define the ID of the AssertionConsumerService,
- * which defines the required attributes in service-provider metadata.
- *
- * @return
- */
- public Integer getAssertionConsumerServiceId();
-
- /**
- * Define the SAML2 EntityID of the service provider.
- *
- * @return
- */
- public String getSPEntityID();
-
- /**
- * Define the SAML2 NameIDPolicy
- *
- * @return Service-Provider EntityID, but never null
- */
- public String getNameIDPolicyFormat();
-
- /**
- * Define the AuthnContextClassRefernece of this request
- *
- * Example:
- * http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3
- * http://www.stork.gov.eu/1.0/citizenQAALevel/4
- *
- *
- * @return
- */
- public String getAuthnContextClassRef();
-
- /**
- * Define the AuthnContextComparison model, which should be used
- *
- * @return
- */
- public AuthnContextComparisonTypeEnumeration getAuthnContextComparison();
-
-
- /**
- * Define the credential, which should be used to sign the AuthnRequest
- *
- * @return
- */
- public Credential getAuthnRequestSigningCredential();
-
-
- /**
- * Define the SAML2 EntityDescriptor of the IDP, which should receive the AuthnRequest
- *
- * @return Credential, but never null.
- */
- public EntityDescriptor getIDPEntityDescriptor();
-
- /**
- * Set the SAML2 NameIDPolicy allow-creation flag
- *
- * @return EntityDescriptor, but never null.
- */
- public boolean getNameIDPolicyAllowCreation();
-
-
- /**
- * Set the requested SubjectNameID
- *
- * @return SubjectNameID, or null if no SubjectNameID should be used
- */
- public String getSubjectNameID();
-
- /**
- * Define the qualifier of the <code>SubjectNameID</code>
- * <br><br>
- * Like: 'urn:publicid:gv.at:cdid+BF'
- *
- * @return qualifier, or null if no qualifier should be set
- */
- public String getSubjectNameIDQualifier();
-
- /**
- * Define the format of the subjectNameID, which is included in authn-request
- *
- *
- * @return nameIDFormat, of SAML2 'transient' if nothing is defined
- */
- public String getSubjectNameIDFormat();
-
- /**
- * Define a SP specific SAML2 requestID
- *
- * @return requestID, or null if the requestID should be generated automatically
- */
- public String getRequestID();
-
- /**
- * Defines the 'method' attribute in 'SubjectConformation' element
- *
- * @return method, or null if no method should set
- */
- public String getSubjectConformationMethode();
-
- /**
- * Define the information, which should be added as 'subjectConformationDate'
- * in 'SubjectConformation' element
- *
- * @return subjectConformation information or null if no subjectConformation should be set
- */
- public Element getSubjectConformationDate();
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
deleted file mode 100644
index 3a8404cae..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPMetadataBuilderConfiguration {
-
-
- /**
- * Defines a unique name for this PVP Service-provider, which is used for logging
- *
- * @return
- */
- public String getSPNameForLogging();
-
- /**
- * Set metadata valid area
- *
- * @return valid until in hours [h]
- */
- public int getMetadataValidUntil();
-
- /**
- * Build a SAML2 Entities element as metadata root element
- *
- * @return true, if the metadata should start with entities element
- */
- public boolean buildEntitiesDescriptorAsRootElement();
-
- /**
- *
- *
- * @return true, if an IDP SSO-descriptor element should be generated
- */
- public boolean buildIDPSSODescriptor();
-
- /**
- *
- *
- * @return true, if an SP SSO-descriptor element should be generated
- */
- public boolean buildSPSSODescriptor();
-
- /**
- * Set the PVP entityID for this SAML2 metadata.
- * The entityID must be an URL and must be start with the public-URL prefix of the server
- *
- * @return PVP entityID postfix as String
- */
- public String getEntityID();
-
- /**
- * Set a friendlyName for this PVP entity
- *
- * @return
- */
- public String getEntityFriendlyName();
-
- /**
- * Set the contact information for this metadata entity
- *
- * @return
- */
- public List<ContactPerson> getContactPersonInformation();
-
- /**
- * Set organisation information for this metadata entity
- *
- * @return
- */
- public Organization getOrgansiationInformation();
-
-
- /**
- * Set the credential for metadata signing
- *
- * @return
- * @throws CredentialsNotAvailableException
- */
- public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
-
- /**
- * Set the credential for request/response signing
- * IDP metadata: this credential is used for SAML2 response signing
- * SP metadata: this credential is used for SAML2 response signing
- *
- * @return
- * @throws CredentialsNotAvailableException
- */
- public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException;
-
- /**
- * Set the credential for response encryption
- *
- * @return
- * @throws CredentialsNotAvailableException
- */
- public Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
-
- /**
- * Set the IDP Post-Binding URL for WebSSO
- *
- * @return
- */
- public String getIDPWebSSOPostBindingURL();
-
- /**
- * Set the IDP Redirect-Binding URL for WebSSO
- *
- * @return
- */
- public String getIDPWebSSORedirectBindingURL();
-
- /**
- * Set the IDP Post-Binding URL for Single LogOut
- *
- * @return
- */
- public String getIDPSLOPostBindingURL();
-
- /**
- * Set the IDP Redirect-Binding URL for Single LogOut
- *
- * @return
- */
- public String getIDPSLORedirectBindingURL();
-
- /**
- * Set the SP Post-Binding URL for for the Assertion-Consumer Service
- *
- * @return
- */
- public String getSPAssertionConsumerServicePostBindingURL();
-
- /**
- * Set the SP Redirect-Binding URL for the Assertion-Consumer Service
- *
- * @return
- */
- public String getSPAssertionConsumerServiceRedirectBindingURL();
-
- /**
- * Set the SP Post-Binding URL for Single LogOut
- *
- * @return
- */
- public String getSPSLOPostBindingURL();
-
- /**
- * Set the SP Redirect-Binding URL for Single LogOut
- *
- * @return
- */
- public String getSPSLORedirectBindingURL();
-
- /**
- * Set the SP SOAP-Binding URL for Single LogOut
- *
- * @return
- */
- public String getSPSLOSOAPBindingURL();
-
-
- /**
- * Set all SAML2 attributes which could be provided by this IDP
- *
- * @return
- */
- public List<Attribute> getIDPPossibleAttributes();
-
- /**
- * Set all nameID types which could be provided by this IDP
- *
- * @return a List of SAML2 nameID types
- */
- public List<String> getIDPPossibleNameITTypes();
-
- /**
- * Set all SAML2 attributes which are required by the SP
- *
- * @return
- */
- public List<RequestedAttribute> getSPRequiredAttributes();
-
- /**
- * Set all nameID types which allowed from the SP
- *
- * @return a List of SAML2 nameID types
- */
- public List<String> getSPAllowedNameITTypes();
-
- /**
- * Set the 'wantAssertionSigned' attribute in SP metadata
- *
- * @return
- */
- public boolean wantAssertionSigned();
-
- /**
- * Set the 'wantAuthnRequestSigned' attribute
- *
- * @return
- */
- public boolean wantAuthnRequestSigned();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
deleted file mode 100644
index b731e2a95..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder;
-import org.opensaml.xml.ConfigurationException;
-
-/**
- * @author tlenz
- *
- */
-public class MOADefaultBootstrap extends DefaultBootstrap {
-
- public static synchronized void bootstrap() throws ConfigurationException {
-
- initializeXMLSecurity();
-
- initializeXMLTooling();
-
- initializeArtifactBuilderFactories();
-
- initializeGlobalSecurityConfiguration();
-
- initializeParserPool();
-
- initializeESAPI();
-
- }
-
- public static void initializeDefaultPVPConfiguration() {
- initializeGlobalSecurityConfiguration();
-
- }
-
- /**
- * Initializes the default global security configuration.
- */
- protected static void initializeGlobalSecurityConfiguration() {
- Configuration.setGlobalSecurityConfiguration(MOADefaultSecurityConfigurationBootstrap.buildDefaultConfig());
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
deleted file mode 100644
index f878b95d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.security.BasicSecurityConfiguration;
-import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
-import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
-import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.SignatureConstants;
-
-/**
- * @author tlenz
- *
- */
-public class MOADefaultSecurityConfigurationBootstrap extends
- DefaultSecurityConfigurationBootstrap {
-
- public static BasicSecurityConfiguration buildDefaultConfig() {
- BasicSecurityConfiguration config = new BasicSecurityConfiguration();
-
- populateSignatureParams(config);
- populateEncryptionParams(config);
- populateKeyInfoCredentialResolverParams(config);
- populateKeyInfoGeneratorManager(config);
- populateKeyParams(config);
-
- return config;
- }
-
- protected static void populateKeyInfoGeneratorManager(
- BasicSecurityConfiguration config) {
- NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
- config.setKeyInfoGeneratorManager(namedManager);
-
- namedManager.setUseDefaultManager(true);
- KeyInfoGeneratorManager defaultManager = namedManager
- .getDefaultManager();
-
- BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory();
- basicFactory.setEmitPublicKeyValue(true);
-
- X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
- x509Factory.setEmitEntityCertificate(true);
-
- defaultManager.registerFactory(basicFactory);
- defaultManager.registerFactory(x509Factory);
- }
-
- protected static void populateSignatureParams(
- BasicSecurityConfiguration config) {
-
- //use SHA256 instead of SHA1
- config.registerSignatureAlgorithmURI("RSA",
- SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
- config.registerSignatureAlgorithmURI("DSA",
- "http://www.w3.org/2000/09/xmldsig#dsa-sha1");
-
- //use SHA256 instead of SHA1
- config.registerSignatureAlgorithmURI("EC",
- SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
- //use SHA256 instead of SHA1
- config.registerSignatureAlgorithmURI("AES",
- SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-
-
- config.registerSignatureAlgorithmURI("DESede",
- SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-
- config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
- config.setSignatureHMACOutputLength(null);
-
- //use SHA256 instead of SHA1
- config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
- }
-
- protected static void populateEncryptionParams(
- BasicSecurityConfiguration config) {
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
- "http://www.w3.org/2001/04/xmlenc#aes128-cbc");
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
- "http://www.w3.org/2001/04/xmlenc#aes192-cbc");
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
- "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
-
- //support GCM mode
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
-
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM);
-
- config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
- EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
-
-
- config.registerDataEncryptionAlgorithmURI("DESede",
- Integer.valueOf(168),
- "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
- config.registerDataEncryptionAlgorithmURI("DESede",
- Integer.valueOf(192),
- "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
-
- config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES",
- "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-
- config.registerKeyTransportEncryptionAlgorithmURI("RSA", null,
- "DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-
- config.registerKeyTransportEncryptionAlgorithmURI("AES",
- Integer.valueOf(128), null,
- "http://www.w3.org/2001/04/xmlenc#kw-aes128");
- config.registerKeyTransportEncryptionAlgorithmURI("AES",
- Integer.valueOf(192), null,
- "http://www.w3.org/2001/04/xmlenc#kw-aes192");
- config.registerKeyTransportEncryptionAlgorithmURI("AES",
- Integer.valueOf(256), null,
- "http://www.w3.org/2001/04/xmlenc#kw-aes256");
- config.registerKeyTransportEncryptionAlgorithmURI("DESede",
- Integer.valueOf(168), null,
- "http://www.w3.org/2001/04/xmlenc#kw-tripledes");
- config.registerKeyTransportEncryptionAlgorithmURI("DESede",
- Integer.valueOf(192), null,
- "http://www.w3.org/2001/04/xmlenc#kw-tripledes");
-
- config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
new file mode 100644
index 000000000..54940a9d3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataConfigurationFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+
+@Service("MOAPVPMetadataConfigurationFactory")
+public class MOAPVPMetadataConfigurationFactory implements IPVPMetadataConfigurationFactory {
+
+ @Autowired(required=true) PVPConfiguration pvpBasicConfiguration;
+
+ @Override
+ public IPVPMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL,
+ AbstractCredentialProvider pvpIDPCredentials) {
+ return new IDPPVPMetadataConfiguration(authURL, pvpIDPCredentials, pvpBasicConfiguration);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 81eca3765..5f39af7a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -22,9 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-import java.io.IOException;
import java.net.URL;
-import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
@@ -43,29 +41,19 @@ import org.opensaml.saml2.metadata.OrganizationName;
import org.opensaml.saml2.metadata.OrganizationURL;
import org.opensaml.saml2.metadata.SurName;
import org.opensaml.saml2.metadata.TelephoneNumber;
+import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
-import iaik.x509.X509Certificate;
-public class PVPConfiguration {
+@Service("MOAPVP2Configuration")
+public class PVPConfiguration implements IPVP2BasicConfiguration {
- private static PVPConfiguration instance;
-
- public static PVPConfiguration getInstance() {
- if (instance == null) {
- instance = new PVPConfiguration();
- }
- return instance;
- }
-
public static final String PVP2_METADATA = "/pvp2/metadata";
public static final String PVP2_IDP_REDIRECT = "/pvp2/redirect";
public static final String PVP2_IDP_POST = "/pvp2/post";
@@ -90,22 +78,7 @@ public class PVPConfiguration {
public static final String IDP_CONTACT_PHONE = "phone";
private static String moaIDVersion = null;
-
- //PVP2 generalpvpconfigdb;
- //Properties props;
- //String rootDir = null;
-
- private PVPConfiguration() {
-// try {
-// //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
-// //props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig();
-// //rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();
-//
-// } catch (ConfigurationException e) {
-// e.printStackTrace();
-// }
- }
-
+
public List<String> getIDPPublicPath() throws ConfigurationException {
List<String> publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
List<String> returnvalue = new ArrayList<String>();
@@ -144,6 +117,12 @@ public class PVPConfiguration {
return publicURLPrefix + PVP2_METADATA;
}
+ @Override
+ public String getIDPEntityId(String authURL) throws ConfigurationException {
+ return getIDPSSOMetadataService(authURL);
+
+ }
+
public String getIDPIssuerName() throws ConfigurationException {
if (moaIDVersion == null) {
@@ -153,47 +132,6 @@ public class PVPConfiguration {
return AuthConfigurationProviderFactory.getInstance().getConfigurationWithKey(
MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME) + moaIDVersion;
}
-
- public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
-
- try {
- Logger.trace("Load metadata signing certificate for online application " + entityID);
- ISPConfiguration oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
- if (oaParam == null) {
- Logger.info("Online Application with ID " + entityID + " not found!");
- return null;
- }
-
- String pvp2MetadataCertificateString =
- oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
- if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) {
- Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!");
- return null;
-
- }
-
- X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false));
- Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded.");
- return cert;
-
- } catch (CertificateException e) {
- Logger.warn("Metadata signer certificate is not parsed.", e);
- return null;
-
- } catch (ConfigurationException e) {
- Logger.error("Configuration is not accessable.", e);
- return null;
-
- } catch (IOException e) {
- Logger.warn("Metadata signer certificate is not decodeable.", e);
- return null;
-
- } catch (EAAFConfigurationException e) {
- Logger.error("Configuration is not accessable.", e);
- return null;
-
- }
- }
public List<ContactPerson> getIDPContacts() throws ConfigurationException {
List<ContactPerson> list = new ArrayList<ContactPerson>();
@@ -356,4 +294,5 @@ public class PVPConfiguration {
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
deleted file mode 100644
index 69ca4e8f5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AssertionAttributeExtractorExeption extends PVP2Exception {
-
- /**
- *
- */
- private static final long serialVersionUID = -6459000942830951492L;
-
- public AssertionAttributeExtractorExeption(String attributeName) {
- super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName
- + " can not extract.", null);
- }
-
- public AssertionAttributeExtractorExeption(String messageId,
- Object[] parameters) {
- super(messageId, parameters);
- }
-
- public AssertionAttributeExtractorExeption() {
- super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
deleted file mode 100644
index 1e029f567..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-
-/**
- * @author tlenz
- *
- */
-public class AssertionValidationExeption extends PVP2Exception {
-
- private static final long serialVersionUID = -3987805399122286259L;
-
- public AssertionValidationExeption(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * @param string
- * @param object
- * @param e
- */
- public AssertionValidationExeption(String string, Object[] parameters,
- Throwable e) {
- super(string, parameters, e);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
deleted file mode 100644
index 9008a7183..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AttributQueryException extends PVP2Exception {
-
- /**
- *
- */
- private static final long serialVersionUID = -4302422507173728748L;
-
- public AttributQueryException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- public AttributQueryException(String messageId, Object[] parameters, Throwable e) {
- super(messageId, parameters, e);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
deleted file mode 100644
index eebaf6c9e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestBuildException extends PVP2Exception {
-
- /**
- *
- */
- private static final long serialVersionUID = -1375451065455859354L;
-
- /**
- * @param messageId
- * @param parameters
- */
- public AuthnRequestBuildException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- public AuthnRequestBuildException(String messageId, Object[] parameters, Throwable e) {
- super(messageId, parameters, e);
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
deleted file mode 100644
index 957f9af1d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnResponseValidationException extends PVP2Exception {
-
- /**
- *
- */
- private static final long serialVersionUID = 8023812861029406575L;
-
- /**
- * @param messageId
- * @param parameters
- */
- public AuthnResponseValidationException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- public AuthnResponseValidationException(String messageId, Object[] parameters, Throwable e) {
- super(messageId, parameters, e);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
deleted file mode 100644
index 9f4c7fed3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class BindingNotSupportedException extends PVP2Exception {
-
- public BindingNotSupportedException(String binding) {
- super("pvp2.11", new Object[] {binding});
- this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
- }
-
- /**
- *
- */
- private static final long serialVersionUID = -7227603941387879360L;
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
deleted file mode 100644
index 392569366..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidAssertionConsumerServiceException extends PVP2Exception {
-
- public InvalidAssertionConsumerServiceException(int idx) {
- super("pvp2.00", new Object[]{idx});
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
-
- /**
- *
- */
- public InvalidAssertionConsumerServiceException(String wrongURL) {
- super("pvp2.23", new Object[]{wrongURL});
- this.statusCodeValue = StatusCode.REQUESTER_URI;
-
- }
-
- /**
- *
- */
- private static final long serialVersionUID = 7861790149343943091L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
deleted file mode 100644
index b49070bd6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidAssertionEncryptionException extends PVP2Exception {
-
- private static final long serialVersionUID = 6513388841485355549L;
-
- public InvalidAssertionEncryptionException() {
- super("pvp2.16", new Object[]{});
- this.statusCodeValue = StatusCode.RESPONDER_URI;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
deleted file mode 100644
index 252539bf5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidDateFormatException extends PVP2Exception {
-
- public InvalidDateFormatException() {
- super("pvp2.02", null);
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
-
- /**
- *
- */
- private static final long serialVersionUID = -6867976890237846085L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
index 15a0ccf72..0e48dfbd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
public class MandateAttributesNotHandleAbleException extends PVP2Exception {
public MandateAttributesNotHandleAbleException() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
index 204e1c2a5..94e1874a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
@@ -22,6 +22,8 @@
*/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
/**
* @author tlenz
*
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
deleted file mode 100644
index c82e6bdf1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-
-public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
-
- public NameIDFormatNotSupportedException(String nameIDFormat) {
- super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported");
- statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
-
- }
-
- /**
- *
- */
- private static final long serialVersionUID = -2270762519437873336L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
index 333ef9765..58c2a032d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
public class NoCredentialsException extends PVP2Exception {
public static final String MOA_IDP_TARGET = "MOA-ID";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
index ce80ac5cb..821813b69 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
@@ -22,6 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
public class NoMandateDataAvailableException extends PVP2Exception {
public NoMandateDataAvailableException() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
deleted file mode 100644
index 50a1af6ad..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class NoMetadataInformationException extends PVP2Exception {
-
- public NoMetadataInformationException() {
- super("pvp2.15", null);
- this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
- }
-
- /**
- *
- */
- private static final long serialVersionUID = -4608068445208032193L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
deleted file mode 100644
index 00fb97151..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public abstract class PVP2Exception extends MOAIDException {
-
- protected String statusCodeValue = StatusCode.RESPONDER_URI;
- protected String statusMessageValue = null;
-
- public PVP2Exception(String messageId, Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- this.statusMessageValue = this.getMessage();
- }
-
- public PVP2Exception(String messageId, Object[] parameters) {
- super(messageId, parameters);
- this.statusMessageValue = this.getMessage();
- }
-
-
- public String getStatusCodeValue() {
- return (this.statusCodeValue);
- }
-
- public String getStatusMessageValue() {
- return (this.statusMessageValue);
- }
-
- /**
- *
- */
- private static final long serialVersionUID = 7669537952484421069L;
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
deleted file mode 100644
index 63f42cbe5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotAllowedException extends PVP2Exception {
-
- public QAANotAllowedException(String qaa_auth, String qaa_request) {
- super("pvp2.17", new Object[] {qaa_auth, qaa_request});
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
-
- /**
- *
- */
- private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
deleted file mode 100644
index fdf1063c0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotSupportedException extends PVP2Exception {
-
- public QAANotSupportedException(String qaa) {
- super("pvp2.05", new Object[] {qaa});
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
-
- /**
- *
- */
- private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
deleted file mode 100644
index 8f12f3cce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class RequestDeniedException extends PVP2Exception {
-
- public RequestDeniedException() {
- super("pvp2.14", null);
- this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
- }
-
- /**
- *
- */
- private static final long serialVersionUID = 4415896615794730553L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
deleted file mode 100644
index fe921f8b5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class ResponderErrorException extends PVP2Exception {
-
- /**
- *
- */
- private static final long serialVersionUID = -425416760138285446L;
-
- public ResponderErrorException(String messageId, Object[] parameters,
- Throwable wrapped) {
- super(messageId, parameters, wrapped);
- this.statusCodeValue = StatusCode.RESPONDER_URI;
- }
-
- public ResponderErrorException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- this.statusCodeValue = StatusCode.RESPONDER_URI;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
deleted file mode 100644
index 65def4602..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class SAMLRequestNotSignedException extends PVP2Exception {
-
- public SAMLRequestNotSignedException() {
- super("pvp2.07", null);
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
-
- public SAMLRequestNotSignedException(Throwable e) {
- super("pvp2.07", null, e);
- this.statusCodeValue = StatusCode.REQUESTER_URI;
- }
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
deleted file mode 100644
index 8a386c951..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class SAMLRequestNotSupported extends PVP2Exception {
-
- public SAMLRequestNotSupported() {
- super("pvp2.09", null);
- this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI;
- }
-
- /**
- *
- */
- private static final long serialVersionUID = 1244883178458802767L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
deleted file mode 100644
index 9f1b6168e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class SLOException extends PVP2Exception {
- private static final long serialVersionUID = -5284624715788385022L;
-
- /**
- * @param messageId
- * @param parameters
- */
- public SLOException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- // TODO Auto-generated constructor stub
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
deleted file mode 100644
index fc4ed1f28..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationException extends PVP2Exception {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- /**
- * @param messageId
- * @param parameters
- */
- public SchemaValidationException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * @param messageId
- * @param parameters
- */
- public SchemaValidationException(String messageId, Object[] parameters, Throwable e) {
- super(messageId, parameters, e);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
deleted file mode 100644
index a8bfe1070..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class UnprovideableAttributeException extends PVP2Exception {
- /**
- *
- */
- private static final long serialVersionUID = 3972197758163647157L;
-
- public UnprovideableAttributeException(String attributeName) {
- super("pvp2.10", new Object[] {attributeName});
- this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
deleted file mode 100644
index 8da5edeed..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationException extends FilterException {
-
- /**
- * @param string
- */
- public SchemaValidationException(String string) {
- super(string);
-
- }
-
- private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
deleted file mode 100644
index 86a6a777b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-
-/**
- * @author tlenz
- *
- */
-public class SignatureValidationException extends FilterException {
-
- /**
- * @param string
- */
- public SignatureValidationException(String string) {
- super(string);
-
- }
-
- /**
- * @param e
- */
- public SignatureValidationException(Exception e) {
- super(e);
- }
-
- /**
- * @param string
- * @param object
- */
- public SignatureValidationException(String string, Exception e) {
- super(string, e);
- }
-
- private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
deleted file mode 100644
index 5ae76ed96..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
+++ /dev/null
@@ -1,851 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-
-<!-- MOA-ID 2.x BKUSelection Layout CSS -->
-<style type="text/css">
-@media screen and (min-width: 650px) {
- body {
- margin: 0;
- padding: 0;
- color: #000;
- background-color: #fff;
- text-align: center;
- background-color: #6B7B8B;
- }
- #localBKU p {
- font-size: 0.7em;
- }
- #localBKU input {
- font-size: 0.7em;
- /*border-radius: 5px;*/
- }
- #bkuselectionarea input[type=button] {
- font-size: 0.85em;
- /*border-radius: 7px;*/
- margin-bottom: 25px;
- min-width: 80px;
- }
- #mandateLogin {
- font-size: 0.85em;
- }
- #bku_header h2 {
- font-size: 0.8em;
- }
- #page {
- display: block;
- border: 2px solid rgb(0, 0, 0);
- width: 650px;
- height: 440px;
- margin: 0 auto;
- margin-top: 5%;
- position: relative;
- border-radius: 25px;
- background: rgb(255, 255, 255);
- }
- #page1 {
- text-align: center;
- }
- #main {
- /* clear:both; */
- position: relative;
- margin: 0 auto;
- width: 250px;
- text-align: center;
- }
- .OA_header {
- /* background-color: white;*/
- font-size: 20pt;
- margin-bottom: 25px;
- margin-top: 25px;
- }
- #leftcontent {
- /*float:left; */
- width: 250px;
- margin-bottom: 25px;
- text-align: left;
- border: 1px solid rgb(0, 0, 0);
- }
- #selectArea {
- font-size: 15px;
- padding-bottom: 65px;
- }
- #leftcontent {
- width: 300px;
- margin-top: 30px;
- }
- #bku_header {
- height: 5%;
- padding-bottom: 3px;
- padding-top: 3px;
- }
- #bkulogin {
- overflow: hidden;
- min-width: 190px;
- min-height: 180px;
- /*height: 260px;*/
- }
- h2#tabheader {
- font-size: 1.1em;
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- }
- .setAssertionButton_full {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 100px;
- height: 30px
- }
- #leftbutton {
- width: 30%;
- float: left;
- margin-left: 40px;
- }
- #rightbutton {
- width: 30%;
- float: right;
- margin-right: 45px;
- text-align: right;
- }
- button {
- height: 25px;
- width: 75px;
- margin-bottom: 10px;
- }
- #validation {
- position: absolute;
- bottom: 0px;
- margin-left: 270px;
- padding-bottom: 10px;
- }
-}
-
-@media screen and (max-width: 205px) {
- #localBKU p {
- font-size: 0.6em;
- }
- #localBKU input {
- font-size: 0.6em;
- min-width: 60px;
- /* max-width: 65px; */
- min-height: 1.0em;
- /* border-radius: 5px; */
- }
- #bkuselectionarea input[type=button] {
- font-size: 0.7em;
- min-width: 55px;
- /*min-height: 1.1em;
- border-radius: 5px;*/
- margin-bottom: 2%
- }
- #mandateLogin {
- font-size: 0.65em;
- }
- #bku_header h2 {
- font-size: 0.8em;
- margin-top: -0.4em;
- padding-top: 0.4em;
- }
- #bkulogin {
- min-height: 150px;
- }
-}
-
-@media screen and (max-width: 249px) and (min-width: 206px) {
- #localBKU p {
- font-size: 0.7em;
- }
- #localBKU input {
- font-size: 0.7em;
- min-width: 70px;
- /* max-width: 75px; */
- min-height: 0.95em;
- /* border-radius: 6px; */
- }
- #bkuselectionarea input[type=button] {
- font-size: 0.75em;
- min-width: 60px;
- /* min-height: 0.95em;
- border-radius: 6px; */
- margin-bottom: 5%
- }
- #mandateLogin {
- font-size: 0.75em;
- }
- #bku_header h2 {
- font-size: 0.9em;
- margin-top: -0.45em;
- padding-top: 0.45em;
- }
- #bkulogin {
- min-height: 180px;
- }
-}
-
-@media screen and (max-width: 299px) and (min-width: 250px) {
- #localBKU p {
- font-size: 0.9em;
- }
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
- #bkuselectionarea input[type=button] {
- font-size: 0.85em;
- /* min-height: 1.05em;
- border-radius: 7px; */
- margin-bottom: 10%;
- }
- #mandateLogin {
- font-size: 1em;
- }
- #bku_header h2 {
- font-size: 1.0em;
- margin-top: -0.50em;
- padding-top: 0.50em;
- }
-}
-
-@media screen and (max-width: 399px) and (min-width: 300px) {
- #localBKU p {
- font-size: 0.9em;
- }
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
- #bkuselectionarea input[type=button] {
- font-size: 0.9em;
- /* min-height: 1.2em;
- border-radius: 8px; */
- margin-bottom: 10%;
- max-width: 80px;
- }
- #mandateLogin {
- font-size: 1em;
- }
- #bku_header h2 {
- font-size: 1.1em;
- margin-top: -0.55em;
- padding-top: 0.55em;
- }
-}
-
-@media screen and (max-width: 649px) and (min-width: 400px) {
- #localBKU p {
- font-size: 0.9em;
- }
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 80px; */
- /* border-radius: 6px; */
- }
- #bkuselectionarea input[type=button] {
- font-size: 1.0em;
- /* min-height: 1.3em;
- border-radius: 10px; */
- margin-bottom: 10%;
- max-width: 85px;
- }
- #mandateLogin {
- font-size: 1.2em;
- }
- #bku_header h2 {
- font-size: 1.3em;
- margin-top: -0.65em;
- padding-top: 0.65em;
- }
-}
-
-@media screen and (max-width: 649px) {
- body {
- margin: 0;
- padding: 0;
- color: #000;
- text-align: center;
- font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
- }
- #page {
- visibility: hidden;
- margin-top: 0%;
- }
- #page1 {
- visibility: hidden;
- }
- #main {
- visibility: hidden;
- }
- #validation {
- visibility: hidden;
- display: none;
- }
- .OA_header {
- margin-bottom: 0px;
- margin-top: 0px;
- font-size: 0pt;
- visibility: hidden;
- }
- #leftcontent {
- visibility: visible;
- margin-bottom: 0px;
- text-align: left;
- border: none;
- vertical-align: middle;
- min-height: 173px;
- min-width: 204px;
- }
- #bku_header {
- height: 10%;
- min-height: 1.2em;
- margin-top: 1%;
- }
- h2#tabheader {
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- top: 50%;
- }
- #bkulogin {
- min-width: 190px;
- min-height: 155px;
- }
- .setAssertionButton_full {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
- input[type=button] {
- /* height: 11%; */
- width: 70%;
- }
-}
-
-
- @media screen and (max-width: 649px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- text-align: center;
- font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
- }
-
- #page {
- visibility: hidden;
- margin-top: 0%;
- }
-
- #page1 {
- visibility: hidden;
- }
-
- #main {
- visibility: hidden;
- }
-
- #validation {
- visibility: hidden;
- display: none;
- }
-
- .OA_header {
- margin-bottom: 0px;
- margin-top: 0px;
- font-size: 0pt;
- visibility: hidden;
- }
-
- #leftcontent {
- visibility: visible;
- margin-bottom: 0px;
- text-align: left;
- border:none;
- vertical-align: middle;
- min-height: 173px;
- min-width: 204px;
-
- }
-
- #bku_header {
- height: 10%;
- min-height: 1.2em;
- margin-top: 1%;
- }
-
- h2#tabheader{
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- top: 50%;
- }
-
- #bkulogin {
- min-width: 190px;
- min-height: 155px;
- }
-
- .setAssertionButton_full {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
-
- input[type=button] {
-/* height: 11%; */
- width: 70%;
- }
- }
-
- * {
- margin: 0;
- padding: 0;
- font-family: #FONTTYPE#;
- }
-
- #selectArea {
- padding-top: 10px;
- padding-bottom: 55px;
- padding-left: 10px;
- }
-
- .setAssertionButton {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
-
- #leftbutton {
- width: 35%;
- float:left;
- margin-left: 15px;
- }
-
- #rightbutton {
- width: 35%;
- float:right;
- margin-right: 25px;
- text-align: right;
- }
-
- #mandateLogin {
- padding-bottom: 4%;
- padding-top: 4%;
- height: 10%;
- position: relative;
- text-align: center;
- }
-
- .verticalcenter {
- vertical-align: middle;
- }
-
- #mandateLogin div {
- clear: both;
- margin-top: -1%;
- position: relative;
- top: 50%;
- }
-
- #bkuselectionarea {
- position: relative;
- display: block;
- }
-
- #localBKU {
- padding-left: 5%;
- padding-right: 2%;
- padding-bottom: 4%;
- padding-top: 4%;
- position: relative;
- clear: both;
- }
-
- #bkukarte {
- float:left;
- text-align:center;
- width:40%;
- min-height: 70px;
- padding-left: 5%;
- padding-top: 2%;
- }
-
- #bkuhandy {
- float:right;
- text-align:center;
- width:40%;
- min-height: 90px;
- padding-right: 5%;
- padding-top: 2%;
- }
-
- .bkuimage {
- width: 90%;
- height: auto;
- }
-
- #mandate{
- text-align:center;
- padding : 5px 5px 5px 5px;
- }
-
-/* input[type=button], .sendButton {
- background: #BUTTON_BACKGROUNDCOLOR#;
- color: #BUTTON_COLOR#;
-/* border:1px solid #000; */
-/* cursor: pointer;
-/* box-shadow: 3px 3px 3px #222222; */
-/* }
-
-/* button:hover, button:focus, button:active,
- .sendButton:hover , .sendButton:focus, .sendButton:active,
- #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
- background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
- color: #BUTTON_COLOR#;
-/* border:1px solid #000; */
-/* cursor: pointer;
-/* box-shadow: -1px -1px 3px #222222; */
-/* }
-
-*/
-input {
- /*border:1px solid #000;*/
- cursor: pointer;
-}
-
-#localBKU input {
- /* color: #BUTTON_COLOR#; */
- border: 0px;
- display: inline-block;
-}
-
-#localBKU input:hover,#localBKU input:focus,#localBKU input:active {
- text-decoration: underline;
-}
-
-#installJava,#BrowserNOK {
- clear: both;
- font-size: 0.8em;
- padding: 4px;
-}
-
-.selectText {
-
-}
-
-.selectTextHeader {
-
-}
-
-.sendButton {
- width: 30%;
- margin-bottom: 1%;
-}
-
-#leftcontent a {
- text-decoration: none;
- color: #000;
- /* display:block;*/
- padding: 4px;
-}
-
-#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active {
- text-decoration: underline;
- color: #000;
-}
-
-.infobutton {
- background-color: #005a00;
- color: white;
- font-family: serif;
- text-decoration: none;
- padding-top: 2px;
- padding-right: 4px;
- padding-bottom: 2px;
- padding-left: 4px;
- font-weight: bold;
-}
-
-.hell {
- background-color: #MAIN_BACKGOUNDCOLOR#;
- color: #MAIN_COLOR#;
-}
-
-.dunkel {
- background-color: #HEADER_BACKGROUNDCOLOR#;
- color: #HEADER_COLOR#;
-}
-
-.main_header {
- color: black;
- font-size: 32pt;
- position: absolute;
- right: 10%;
- top: 40px;
-}
-</style>
-<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-<script type="text/javascript">
- function isIE() {
- return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
- }
- function isFullscreen() {
- try {
- return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
- } catch (e) {
- return false;
- }
- }
- function isActivexEnabled() {
- var supported = null;
- try {
- supported = !!new ActiveXObject("htmlfile");
- } catch (e) {
- supported = false;
- }
- return supported;
- }
- function isMetro() {
- if (!isIE())
- return false;
- return !isActivexEnabled() && isFullscreen();
- }
- window.onload=function() {
- document.getElementById("localBKU").style.display="block";
- return;
- }
- function bkuOnlineClicked() {
- if (isMetro())
- document.getElementById("metroDetected").style.display="block";
- document.getElementById("localBKU").style.display="block";
-/* if (checkMandateSSO())
- return; */
-
- setMandateSelection();
-/* setSSOSelection(); */
-
- var iFrameURL = "#AUTH_URL#" + "?";
- iFrameURL += "bkuURI=" + "#ONLINE#";
- iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
- iFrameURL += "&MODUL=" + "#MODUL#";
- iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
- generateIFrame(iFrameURL);
- }
- function bkuHandyClicked() {
- document.getElementById("localBKU").style.display="none";
-/* if (checkMandateSSO())
- return; */
-
- setMandateSelection();
-/* setSSOSelection(); */
-
- var iFrameURL = "#AUTH_URL#" + "?";
- iFrameURL += "bkuURI=" + "#HANDY#";
- iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
- iFrameURL += "&MODUL=" + "#MODUL#";
- iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
- generateIFrame(iFrameURL);
- }
- function storkClicked() {
- document.getElementById("localBKU").style.display="none";
-/* if (checkMandateSSO())
- return; */
-
- setMandateSelection();
-/* setSSOSelection(); */
-
- var ccc = "AT";
- var countrySelection = document.getElementById("cccSelection");
- if (countrySelection != null) {
- ccc = document.getElementById("cccSelection").value;
- }
- var iFrameURL = "#AUTH_URL#" + "?";
- iFrameURL += "bkuURI=" + "#ONLINE#";
- iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
- iFrameURL += "&CCC=" + ccc;
-/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
- iFrameURL += "&MODUL=" + "#MODUL#";
- iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
- generateIFrame(iFrameURL);
- }
- function generateIFrame(iFrameURL) {
- var el = document.getElementById("bkulogin");
- var width = el.clientWidth;
- var heigth = el.clientHeight - 20;
- var parent = el.parentNode;
-
- iFrameURL += "&heigth=" + heigth;
- iFrameURL += "&width=" + width;
-
- var iframe = document.createElement("iframe");
- iframe.setAttribute("src", iFrameURL);
- iframe.setAttribute("width", el.clientWidth - 1);
- iframe.setAttribute("height", el.clientHeight - 1);
- iframe.setAttribute("frameborder", "0");
- iframe.setAttribute("scrolling", "no");
- iframe.setAttribute("title", "Login");
- parent.replaceChild(iframe, el);
- }
- function setMandateSelection() {
- document.getElementById("moaidform").action = "#AUTH_URL#";
- document.getElementById("useMandate").value = "false";
- var checkbox = document.getElementById("mandateCheckBox");
- if (checkbox != null) {
- if (document.getElementById("mandateCheckBox").checked) {
- document.getElementById("useMandate").value = "true";
- }
- }
- }
- function onChangeChecks() {
- if (top.innerWidth < 650) {
- document.getElementById("moaidform").setAttribute("target","_parent");
- } else {
- document.getElementById("moaidform").removeAttribute("target");
- }
-
- }
-/* function setSSOSelection() {
- document.getElementById("useSSO").value = "false";
- var checkbox = document.getElementById("SSOCheckBox");
- if (checkbox != null) {
- if (document.getElementById("SSOCheckBox").checked) {
- document.getElementById("useSSO").value = "true";
- }
- }
- } */
-
-/* function checkMandateSSO() {
- var sso = document.getElementById("SSOCheckBox");
- var mandate = document.getElementById("mandateCheckBox");
-
-
- if (sso.checked && mandate.checked) {
- alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
- mandate.checked = false;
- sso.checked = false;
- return true;
- } else {
- return false;
- }
- } */
- </script>
-<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
-</head>
-<body onload="onChangeChecks();" onresize="onChangeChecks();">
- <div id="page">
- <div id="page1" class="case selected-case" role="main">
- <h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
- <div id="main">
- <div id="leftcontent" class="hell" role="application">
- <div id="bku_header" class="dunkel">
- <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
- </div>
- <div id="bkulogin" class="hell" role="form">
- <div id="mandateLogin" style="">
- <div>
- <input tabindex="1" type="checkbox" name="Mandate"
- id="mandateCheckBox" class="verticalcenter" role="checkbox"
- onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
- <label for="mandateCheckBox" class="verticalcenter">in
- Vertretung anmelden</label>
- <!--a href="info_mandates.html"
- target="_blank"
- class="infobutton verticalcenter"
- tabindex="5">i</a-->
- </div>
- </div>
- <div id="bkuselectionarea">
- <div id="bkukarte">
- <img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
- alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
- onClick="bkuOnlineClicked();" tabindex="2" role="button"
- value="Karte" />
- </div>
- <div id="bkuhandy">
- <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
- alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
- onClick="bkuHandyClicked();" tabindex="3" role="button"
- value="HANDY" />
- </div>
- </div>
- <div id="localBKU">
- <form method="get" id="moaidform" action="#AUTH_URL#"
- class="verticalcenter" target="_parent">
- <input type="hidden" name="bkuURI" value="#LOCAL#"> <input
- type="hidden" name="useMandate" id="useMandate"> <input
- type="hidden" name="SSO" id="useSSO"> <input
- type="hidden" name="CCC" id="ccc"> <input type="hidden"
- name="MODUL" value="#MODUL#"> <input type="hidden"
- name="ACTION" value="#ACTION#"> <input type="hidden"
- name="MOASessionID" value="#SESSIONID#"> <input
- type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
- role="button" class="hell">
- <!--p>
- <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
- </p-->
- </form>
- </div>
- <div id="stork" align="center" style="#STORKVISIBLE#">
- <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
- <p>
- <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
- <option value="BE">Belgi&euml;/Belgique</option>
- <option value="EE">Eesti</option>
- <option value="ES">Espa&ntilde;a</option>
- <option value="IS">&Iacute;sland</option>
- <option value="IT">Italia</option>
- <option value="LI">Liechtenstein</option>
- <option value="LT">Lithuania</option>
- <option value="PT">Portugal</option>
- <option value="SI">Slovenija</option>
- <option value="FI">Suomi</option>
- <option value="SE">Sverige</option>
- </select>
- <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
- <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
- </p>
- </div>
-
- <div id="metroDetected" style="display: none">
- <p>Anscheinend verwenden Sie Internet Explorer im
- Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den
- Optionen um die Karten-Anmeldung starten zu können.</p>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div id="validation">
- <a href="http://validator.w3.org/check?uri="> <img
- style="border: 0; width: 88px; height: 31px"
- src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
- </a> <a href="http://jigsaw.w3.org/css-validator/"> <img
- style="border: 0; width: 88px; height: 31px"
- src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
- alt="CSS ist valide!" />
- </a>
- </div>
- </div>
-</body>
-</html> \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
deleted file mode 100644
index 8c8345bbf..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import java.io.Serializable;
-
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class InboundMessage implements InboundMessageInterface, Serializable{
-
- private static final long serialVersionUID = 2395131650841669663L;
-
- private Element samlMessage = null;
- private boolean verified = false;
- private String entityID = null;
- private String relayState = null;
-
-
- public EntityDescriptor getEntityMetadata(MetadataProvider metadataProvider) throws NoMetadataInformationException {
- try {
- if (metadataProvider == null)
- throw new NullPointerException("No PVP MetadataProvider found.");
-
- return metadataProvider.getEntityDescriptor(this.entityID);
-
- } catch (MetadataProviderException e) {
- Logger.warn("No Metadata for EntitiyID " + entityID);
- throw new NoMetadataInformationException();
- }
- }
-
- /**
- * @param entitiyID the entitiyID to set
- */
- public void setEntityID(String entitiyID) {
- this.entityID = entitiyID;
- }
-
- public void setVerified(boolean verified) {
- this.verified = verified;
- }
-
- /**
- * @param relayState the relayState to set
- */
- public void setRelayState(String relayState) {
- this.relayState = relayState;
- }
-
- public void setSAMLMessage(Element msg) {
- this.samlMessage = msg;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
- */
- @Override
- public String getRelayState() {
- return relayState;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
- */
- @Override
- public String getEntityID() {
- return entityID;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
- */
- @Override
- public boolean isVerified() {
- return verified;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
- */
- @Override
- public Element getInboundMessage() {
- return samlMessage;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
deleted file mode 100644
index 60a6f069a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface InboundMessageInterface {
-
- public String getRelayState();
- public String getEntityID();
- public boolean isVerified();
- public Element getInboundMessage();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
deleted file mode 100644
index 7679e74a6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.signature.SignableXMLObject;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOARequest extends InboundMessage{
-
- private static final long serialVersionUID = 8613921176727607896L;
-
- private String binding = null;
-
- public MOARequest(SignableXMLObject inboundMessage, String binding) {
- setSAMLMessage(inboundMessage.getDOM());
- this.binding = binding;
-
- }
-
- public String getRequestBinding() {
- return binding;
- }
-
- public SignableXMLObject getSamlRequest() {
- UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
- Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-
- try {
- return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage());
-
- } catch (UnmarshallingException e) {
- Logger.warn("AuthnRequest Unmarshaller error", e);
- return null;
- }
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
deleted file mode 100644
index f2512b122..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAResponse extends InboundMessage {
-
- private static final long serialVersionUID = -1133012928130138501L;
-
- public MOAResponse(StatusResponseType response) {
- setSAMLMessage(response.getDOM());
- }
-
- public StatusResponseType getResponse() {
- UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
- Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-
- try {
- return (StatusResponseType) unmashaller.unmarshall(getInboundMessage());
-
- } catch (UnmarshallingException e) {
- Logger.warn("AuthnResponse Unmarshaller error", e);
- return null;
- }
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
deleted file mode 100644
index 3da4dc18a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-
-/**
- * @author tlenz
- *
- */
-public interface IMOARefreshableMetadataProvider {
-
- /**
- * Refresh a entity or load a entity in a metadata provider
- *
- * @param entityID
- * @return true, if refresh is success, otherwise false
- */
- public boolean refreshMetadataProvider(String entityID);
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 7d43732a6..1fa17c683 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -23,401 +23,91 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
import java.io.IOException;
+import java.net.MalformedURLException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
-import java.util.Timer;
-import javax.xml.namespace.QName;
-
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.provider.BaseMetadataProvider;
-import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
-import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
-import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PVPEntityCategoryFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataSignatureFilter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
@Service("PVPMetadataProvider")
-public class MOAMetadataProvider extends SimpleMOAMetadataProvider
- implements ObservableMetadataProvider, IGarbageCollectorProcessing,
- IMOARefreshableMetadataProvider, IDestroyableObject {
+public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
- //private static final int METADATA_GARBAGE_TIMEOUT_SEC = 604800; //7 days
-
-// private static MOAMetadataProvider instance = null;
- MetadataProvider internalProvider = null;
- private Timer timer = null;
- private static Object mutex = new Object();
- //private Map<String, Date> lastAccess = null;
-
-
- public MOAMetadataProvider() {
- internalProvider = new ChainingMetadataProvider();
- //lastAccess = new HashMap<String, Date>();
+ @Autowired(required=true) AuthConfiguration moaAuthConfig;
- }
-
-// public static MOAMetadataProvider getInstance() {
-// if (instance == null) {
-// synchronized (mutex) {
-// if (instance == null) {
-// instance = new MOAMetadataProvider();
-//
-// //add this to MOA garbage collector
-// MOAGarbageCollector.addModulForGarbageCollection(instance);
-//
-// }
-// }
-// }
-// return instance;
-// }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
- */
@Override
- public void runGarbageCollector() {
- synchronized (mutex) {
-
- /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
- try {
- Logger.trace("Check consistence of PVP2X metadata");
- addAndRemoveMetadataProvider();
-
- } catch (ConfigurationException | EAAFConfigurationException e) {
- Logger.error("Access to MOA-ID configuration FAILED.", e);
-
- }
- }
+ protected String getMetadataURL(String entityId) throws EAAFConfigurationException {
+ ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+ if (oaParam != null)
+ return oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
- }
-
-
-// private static void reInitialize() {
-// synchronized (mutex) {
-//
-// /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
-// if (instance != null)
-// try {
-// Logger.trace("Check consistence of PVP2X metadata");
-// instance.addAndRemoveMetadataProvider();
-//
-// } catch (ConfigurationException e) {
-// Logger.error("Access to MOA-ID configuration FAILED.", e);
-//
-// }
-// else
-// Logger.info("MOAMetadataProvider is not loaded.");
-// }
-// }
-
- public void fullyDestroy() {
- internalDestroy();
+ else {
+ Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId);
+ return null;
+ }
+
}
-
-
@Override
- public synchronized boolean refreshMetadataProvider(String entityID) {
- try {
- //check if metadata provider is already loaded
- try {
- if (internalProvider.getEntityDescriptor(entityID) != null)
- return true;
-
- } catch (MetadataProviderException e) {}
-
+ protected MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException {
+ ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+ if (oaParam != null) {
+ String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
+ String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+ if (MiscUtil.isNotEmpty(certBase64)) {
+ byte[] cert = Base64Utils.decode(certBase64, false);
+ String oaFriendlyName = oaParam.getUniqueIdentifier();
+
+ return createNewSimpleMetadataProvider(metadataURL,
+ buildMetadataFilterChain(oaParam, metadataURL, cert),
+ oaFriendlyName,
+ getTimer(),
+ new BasicParserPool(),
+ createHttpClient(metadataURL));
- //reload metadata provider
- ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityID);
- if (oaParam != null) {
- String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
- if (MiscUtil.isNotEmpty(metadataURL)) {
- Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
-
- // check if MetadataProvider is actually loaded
- if (actuallyLoadedProviders.containsKey(metadataURL)) {
- actuallyLoadedProviders.get(metadataURL).refresh();
- Logger.info("PVP2X metadata for onlineApplication: "
- + entityID + " is refreshed.");
- return true;
-
- } else {
- //load new Metadata Provider
- String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
- if (MiscUtil.isNotEmpty(certBase64)) {
- byte[] cert = Base64Utils.decode(certBase64, false);
- String oaFriendlyName = oaParam.getUniqueIdentifier();
-
- if (timer == null)
- timer = new Timer(true);
-
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
- MetadataProvider newMetadataProvider = createNewMoaMetadataProvider(metadataURL,
- buildMetadataFilterChain(oaParam, metadataURL, cert),
- oaFriendlyName,
- timer,
- new BasicParserPool());
-
- chainProvider.addMetadataProvider(newMetadataProvider);
-
- emitChangeEvent();
-
- Logger.info("PVP2X metadata for onlineApplication: "
- + entityID + " is added.");
- return true;
-
- } else
- Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityID);
-
- }
-
- } else
- Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata URL for OA with Id: " + entityID);
-
} else
- Logger.debug("Can not refresh PVP2X metadata: NO onlineApplication with Id: " + entityID);
-
-
- } catch (MetadataProviderException e) {
- Logger.warn("Refresh PVP2X metadata for onlineApplication: "
- + entityID + " FAILED.", e);
-
- } catch (IOException e) {
- Logger.warn("Refresh PVP2X metadata for onlineApplication: "
- + entityID + " FAILED.", e);
-
- } catch (CertificateException e) {
- Logger.warn("Refresh PVP2X metadata for onlineApplication: "
- + entityID + " FAILED.", e);
+ Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityId);
- } catch (ConfigurationException e) {
- Logger.warn("Refresh PVP2X metadata for onlineApplication: "
- + entityID + " FAILED.", e);
-
- } catch (EAAFConfigurationException e) {
- Logger.warn("Refresh PVP2X metadata for onlineApplication: "
- + entityID + " FAILED.", e);
- }
-
- return false;
-
- }
-
- private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
- Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-
- //make a Map of all actually loaded HTTPMetadataProvider
- List<MetadataProvider> providers = chainProvider.getProviders();
- for (MetadataProvider provider : providers) {
- if (provider instanceof HTTPMetadataProvider) {
- HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
- loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
-
- }
}
- return loadedproviders;
- }
-
-
- private void addAndRemoveMetadataProvider() throws ConfigurationException, EAAFConfigurationException {
- if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
- Logger.info("Reload MOAMetaDataProvider.");
-
- /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
- *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
- Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-
- //get all actually loaded metadata providers
- Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+ Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId);
+ return null;
- /* TODO: maybe add metadata provider destroy after timeout.
- * But could be a problem if one Metadataprovider load an EntitiesDescriptor
- * with more the multiple EntityDescriptors. If one of this EntityDesciptors
- * are expired the full EntitiesDescriptor is removed.
- *
- * Timeout requires a better solution in this case!
- */
-// Date now = new Date();
-// Date expioredate = new Date(now.getTime() - (METADATA_GARBAGE_TIMEOUT_SEC * 1000));
-// Logger.debug("Starting PVP Metadata garbag collection (Expioredate:"
-// + expioredate + ")");
-
- //load all PVP2 OAs form ConfigurationDatabase and
- //compare actually loaded Providers with configured PVP2 OAs
- Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
- MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
- + ".%."
- + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
-
- if (allOAs != null) {
- Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator();
- while (oaInterator.hasNext()) {
- Entry<String, String> oaKeyPair = oaInterator.next();
-
- ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
- if (oaParam != null) {
- String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-
- HTTPMetadataProvider httpProvider = null;
- try {
- if (MiscUtil.isNotEmpty(metadataurl)) {
- if (loadedproviders.containsKey(metadataurl)) {
- // PVP2 OA is actually loaded, to nothing
- providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
- loadedproviders.remove(metadataurl);
-
-
- //INFO: load metadata dynamically if they are requested
-// } else if ( MiscUtil.isNotEmpty(metadataurl) &&
-// !providersinuse.containsKey(metadataurl) ) {
-// //PVP2 OA is new, add it to MOAMetadataProvider
-// String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-// if (MiscUtil.isNotEmpty(certBase64)) {
-// byte[] cert = Base64Utils.decode(certBase64, false);
-// String oaFriendlyName = oaParam.getFriendlyName();
-//
-//
-// Logger.info("Loading metadata for: " + oaFriendlyName);
-// httpProvider = createNewHTTPMetaDataProvider(
-// metadataurl,
-// buildMetadataFilterChain(oaParam, metadataurl, cert),
-// oaFriendlyName);
-//
-// if (httpProvider != null)
-// providersinuse.put(metadataurl, httpProvider);
-// }
-
- }
- }
- } catch (Throwable e) {
- Logger.error(
- "Failed to add Metadata (unhandled reason: "
- + e.getMessage(), e);
-
- if (httpProvider != null) {
- Logger.debug("Destroy failed Metadata provider");
- httpProvider.destroy();
- }
-
- }
- }
- }
- }
-
- //remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
- Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
- for (HTTPMetadataProvider provider : notusedproviders) {
- String metadataurl = provider.getMetadataURI();
-
- try {
-
- provider.destroy();
-
- /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
- *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
- //chainProvider.removeMetadataProvider(provider);
-
- Logger.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
-
- } catch (Throwable e) {
- Logger.error("HTTPMetadataProvider with URL " + metadataurl
- + " can not be removed from the list of actually loaded Providers.", e);
-
- }
-
- }
-
- try {
- chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
-
- emitChangeEvent();
-
- } catch (MetadataProviderException e) {
- Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
-
- }
-
-
-
- } else {
- Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
- }
-
}
-
- public void internalDestroy() {
- if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
- Logger.info("Destrorying PVP-Authentication MetaDataProvider.");
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-
- List<MetadataProvider> providers = chainProvider.getProviders();
- for (MetadataProvider provider : providers) {
- if (provider instanceof HTTPMetadataProvider) {
- HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
- Logger.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
- httpprovider.destroy();
-
- } else {
- Logger.warn("MetadataProvider can not be destroyed.");
- }
- }
-
- internalProvider = new ChainingMetadataProvider();
-
- if (timer != null)
- timer.cancel();
-
- } else {
- Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
- }
- }
-
- @Deprecated
- /**
- * Load all PVP metadata from OA configuration
- *
- * This method is deprecated because OA metadata should be loaded dynamically
- * if the corresponding OA is requested.
- */
- private void loadAllPVPMetadataFromKonfiguration() throws EAAFConfigurationException {
- ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
- Logger.info("Loading metadata");
- Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
- Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
+ @Override
+ protected List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException {
+ List<String> metadataURLs = new ArrayList<String>();
+
+ Map<String, String> allOAs = moaAuthConfig.getConfigurationWithWildCard(
MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
+ ".%."
+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
@@ -430,71 +120,56 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
if (oaParam != null) {
String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
- String oaFriendlyName = oaParam.getUniqueIdentifier();
- MetadataProvider httpProvider = null;
-
- try {
- String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
- if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) {
- byte[] cert = Base64Utils.decode(certBase64, false);
-
-
- if (timer == null)
- timer = new Timer(true);
-
- Logger.info("Loading metadata for: " + oaFriendlyName);
- if (!providersinuse.containsKey(metadataurl)) {
- httpProvider = createNewMoaMetadataProvider(
- metadataurl,
- buildMetadataFilterChain(oaParam, metadataurl, cert),
- oaFriendlyName,
- timer,
- new BasicParserPool());
+ if (MiscUtil.isNotEmpty(metadataurl))
+ metadataURLs.add(metadataurl);
+ else
+ Logger.trace("OA: " + oaParam.getUniqueIdentifier() + " has NO PVP2 metadata URL");
- if (httpProvider != null)
- providersinuse.put(metadataurl, httpProvider);
-
- } else {
- Logger.info(metadataurl + " are already added.");
- }
-
- } else {
- Logger.info(oaFriendlyName
- + " is not a PVP2 Application skipping");
- }
- } catch (Throwable e) {
- Logger.error(
- "Failed to add Metadata (unhandled reason: "
- + e.getMessage(), e);
-
- if (httpProvider != null && httpProvider instanceof BaseMetadataProvider) {
- Logger.debug("Destroy failed Metadata provider");
- ((BaseMetadataProvider)httpProvider).destroy();
-
- }
- }
- }
+ } else
+ Logger.warn("Something is suspect! OA is in Set of OAs, but no specific OA configuration is found.");
}
- } else
- Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!");
-
- try {
- chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+ } else
+ Logger.debug("No OA configuration found.");
+
+ return metadataURLs;
+ }
- } catch (MetadataProviderException e) {
- Logger.error(
- "Failed to add Metadata (unhandled reason: "
- + e.getMessage(), e);
+ private HttpClient createHttpClient(String metadataURL) {
+ MOAHttpClient httpClient = new MOAHttpClient();
+ HttpClientParams httpClientParams = new HttpClientParams();
+ httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+ httpClient.setParams(httpClientParams);
+
+ if (metadataURL.startsWith("https:")) {
+ try {
+ //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ moaAuthConfig.getTrustedCACertificates(),
+ null,
+ AuthConfiguration.DEFAULT_X509_CHAININGMODE,
+ moaAuthConfig.isTrustmanagerrevoationchecking(),
+ moaAuthConfig.getRevocationMethodOrder(),
+ moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+
+ httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+ } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+
+ }
}
- internalProvider = chainProvider;
+ return httpClient;
}
-
- private PVPMetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
- PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
- filterChain.getFilters().add(new SchemaValidationFilter());
+
+ private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException{
+ MetadataFilterChain filterChain = new MetadataFilterChain();
+ filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive()));
+ filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate));
filterChain.getFilters().add(
new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER,
@@ -511,116 +186,4 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
return filterChain;
}
- public boolean requireValidMetadata() {
- return internalProvider.requireValidMetadata();
- }
-
- public void setRequireValidMetadata(boolean requireValidMetadata) {
- internalProvider.setRequireValidMetadata(requireValidMetadata);
- }
-
- public MetadataFilter getMetadataFilter() {
- return internalProvider.getMetadataFilter();
- }
-
- public void setMetadataFilter(MetadataFilter newFilter)
- throws MetadataProviderException {
- internalProvider.setMetadataFilter(newFilter);
- }
-
- public XMLObject getMetadata() throws MetadataProviderException {
- return internalProvider.getMetadata();
- }
-
- public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
- throws MetadataProviderException {
- EntitiesDescriptor entitiesDesc = null;
- try {
- entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
-
- if (entitiesDesc == null) {
- Logger.debug("Can not find PVP metadata for entityID: " + entitiesID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entitiesID))
- return internalProvider.getEntitiesDescriptor(entitiesID);
-
- }
-
- } catch (MetadataProviderException e) {
- Logger.debug("Can not find PVP metadata for entityID: " + entitiesID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entitiesID))
- return internalProvider.getEntitiesDescriptor(entitiesID);
-
- }
-
- return entitiesDesc;
- }
-
- public EntityDescriptor getEntityDescriptor(String entityID)
- throws MetadataProviderException {
- EntityDescriptor entityDesc = null;
- try {
- entityDesc = internalProvider.getEntityDescriptor(entityID);
- if (entityDesc == null) {
- Logger.debug("Can not find PVP metadata for entityID: " + entityID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entityID))
- return internalProvider.getEntityDescriptor(entityID);
-
- }
-
- } catch (MetadataProviderException e) {
- Logger.debug("Can not find PVP metadata for entityID: " + entityID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entityID))
- return internalProvider.getEntityDescriptor(entityID);
-
- }
-
-// if (entityDesc != null)
-// lastAccess.put(entityID, new Date());
-
- return entityDesc;
- }
-
- public List<RoleDescriptor> getRole(String entityID, QName roleName)
- throws MetadataProviderException {
- List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
-
-// if (result != null)
-// lastAccess.put(entityID, new Date());
-
- return result;
- }
-
- public RoleDescriptor getRole(String entityID, QName roleName,
- String supportedProtocol) throws MetadataProviderException {
- RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
-
-// if (result != null)
-// lastAccess.put(entityID, new Date());
-
- return result;
- }
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
- */
- @Override
- public List<Observer> getObservers() {
- return ((ChainingMetadataProvider) internalProvider).getObservers();
- }
-
- protected void emitChangeEvent() {
- if ((getObservers() == null) || (getObservers().size() == 0)) {
- return;
- }
-
- List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
- for (ObservableMetadataProvider.Observer observer : tempObserverList)
- if (observer != null)
- observer.onEvent(this);
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
deleted file mode 100644
index c87b7515f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-
-import java.io.File;
-import java.net.MalformedURLException;
-import java.util.Timer;
-
-import javax.net.ssl.SSLHandshakeException;
-
-import org.apache.commons.httpclient.MOAHttpClient;
-import org.apache.commons.httpclient.params.HttpClientParams;
-import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.parse.ParserPool;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
-import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
-
-/**
- * @author tlenz
- *
- */
-public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
-
- private static final String URI_PREFIX_HTTP = "http:";
- private static final String URI_PREFIX_HTTPS = "https:";
- private static final String URI_PREFIX_FILE = "file:";
-
-
- @Autowired
- //protected IConfiguration authConfig;
- protected AuthConfiguration authConfig;
-
- /**
- * Create a single SAML2 MOA specific metadata provider
- *
- * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http
- * based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used
- * @param filter Filters, which should be used to validate the metadata
- * @param IdForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
- *
- * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
- */
- protected MetadataProvider createNewMoaMetadataProvider(String metadataLocation, MetadataFilter filter,
- String IdForLogging, Timer timer, ParserPool pool) {
- if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS))
- return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool);
-
- else {
- String absoluteMetadataLocation;
- try {
- absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
- metadataLocation,
- authConfig.getConfigurationRootDirectory().toURL().toString());
-
- if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
- File metadataFile = new File(absoluteMetadataLocation);
- if (metadataFile.exists())
- return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
-
- else {
- Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
- return null;
- }
-
- }
-
-
- } catch (MalformedURLException e) {
- Logger.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
-
- }
-
- }
-
- Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);
- return null;
-
- }
-
-
- /**
- * Create a single SAML2 filesystem based metadata provider
- *
- * @param metadataFile File, where the metadata should be loaded
- * @param filter Filters, which should be used to validate the metadata
- * @param IdForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
- * @param pool
- *
- * @return SAML2 Metadata Provider
- */
- private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
- FilesystemMetadataProvider fileSystemProvider = null;
- try {
- fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
- fileSystemProvider.setParserPool(pool);
- fileSystemProvider.setRequireValidMetadata(true);
- fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes
- fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
- //httpProvider.setRefreshDelayFactor(0.1F);
-
- fileSystemProvider.setMetadataFilter(filter);
- fileSystemProvider.initialize();
-
- fileSystemProvider.setRequireValidMetadata(true);
-
- return fileSystemProvider;
-
- } catch (Exception e) {
- Logger.warn(
- "Failed to load Metadata file for "
- + IdForLogging + "[ "
- + "File: " + metadataFile.getAbsolutePath()
- + " Msg: " + e.getMessage() + " ]", e);
-
-
- Logger.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath()
- + " Reason: " + e.getMessage(), e);
-
- if (fileSystemProvider != null)
- fileSystemProvider.destroy();
-
- }
-
- return null;
-
- }
-
-
-
- /**
- * Create a single SAML2 HTTP metadata provider
- *
- * @param metadataURL URL, where the metadata should be loaded
- * @param filter Filters, which should be used to validate the metadata
- * @param IdForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
- * @param pool
- *
- * @return SAML2 Metadata Provider
- */
- private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
- HTTPMetadataProvider httpProvider = null;
- //Timer timer= null;
- MOAHttpClient httpClient = null;
- try {
- httpClient = new MOAHttpClient();
-
- HttpClientParams httpClientParams = new HttpClientParams();
- httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
- httpClient.setParams(httpClientParams);
-
- if (metadataURL.startsWith("https:")) {
- try {
- //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
- MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
- authConfig.getTrustedCACertificates(),
- null,
- AuthConfiguration.DEFAULT_X509_CHAININGMODE,
- authConfig.isTrustmanagerrevoationchecking(),
- authConfig.getRevocationMethodOrder(),
- authConfig.getBasicMOAIDConfigurationBoolean(
- AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
-
- httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
-
- } catch (MOAHttpProtocolSocketFactoryException e) {
- Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
-
- }
- }
-
-// timer = new Timer(true);
- httpProvider = new HTTPMetadataProvider(timer, httpClient,
- metadataURL);
- httpProvider.setParserPool(pool);
- httpProvider.setRequireValidMetadata(true);
- httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
- httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
- //httpProvider.setRefreshDelayFactor(0.1F);
-
- httpProvider.setMetadataFilter(filter);
- httpProvider.initialize();
-
- httpProvider.setRequireValidMetadata(true);
-
- return httpProvider;
-
- } catch (Throwable e) {
- if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
- Logger.warn("SSL-Server certificate for metadata "
- + metadataURL + " not trusted.", e);
-
- } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
- Logger.warn("Signature verification for metadata"
- + metadataURL + " FAILED.", e);
-
- } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
- Logger.warn("Schema validation for metadata "
- + metadataURL + " FAILED.", e);
- }
-
- Logger.warn(
- "Failed to load Metadata file for "
- + IdForLogging + "[ "
- + e.getMessage() + " ]", e);
-
- if (httpProvider != null) {
- Logger.debug("Destroy failed Metadata provider");
- httpProvider.destroy();
- }
-
-// if (timer != null) {
-// Logger.debug("Destroy Timer.");
-// timer.cancel();
-// }
-
-
- }
-
- return null;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
deleted file mode 100644
index dd94e0093..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ /dev/null
@@ -1,218 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public abstract class AbstractCredentialProvider {
-
- private KeyStore keyStore = null;
-
- /**
- * Get a friendlyName for this keyStore implementation
- * This friendlyName is used for logging
- *
- * @return keyStore friendlyName
- */
- public abstract String getFriendlyName();
-
- /**
- * Get KeyStore
- *
- * @return URL to the keyStore
- * @throws ConfigurationException
- */
- public abstract String getKeyStoreFilePath() throws ConfigurationException;
-
- /**
- * Get keyStore password
- *
- * @return Password of the keyStore
- */
- public abstract String getKeyStorePassword();
-
- /**
- * Get alias of key for metadata signing
- *
- * @return key alias
- */
- public abstract String getMetadataKeyAlias();
-
- /**
- * Get password of key for metadata signing
- *
- * @return key password
- */
- public abstract String getMetadataKeyPassword();
-
- /**
- * Get alias of key for request/response signing
- *
- * @return key alias
- */
- public abstract String getSignatureKeyAlias();
-
- /**
- * Get password of key for request/response signing
- *
- * @return key password
- */
- public abstract String getSignatureKeyPassword();
-
- /**
- * Get alias of key for IDP response encryption
- *
- * @return key alias
- */
- public abstract String getEncryptionKeyAlias();
-
- /**
- * Get password of key for IDP response encryption
- *
- * @return key password
- */
- public abstract String getEncryptionKeyPassword();
-
-
- public X509Credential getIDPMetaDataSigningCredential()
- throws CredentialsNotAvailableException {
- try {
-
- if (keyStore == null)
- keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(),
- getKeyStorePassword());
-
- MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
- keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
-
- credentials.setUsageType(UsageType.SIGNING);
- if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
- Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
- + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
-
- }
- return credentials;
- } catch (Exception e) {
- Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
- e.printStackTrace();
- throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
- }
- }
-
- public X509Credential getIDPAssertionSigningCredential()
- throws CredentialsNotAvailableException {
- try {
- if (keyStore == null)
- keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(),
- getKeyStorePassword());
-
- MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
- keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
-
- credentials.setUsageType(UsageType.SIGNING);
- if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
- Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
- + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
-
- }
-
- return (X509Credential) credentials;
- } catch (Exception e) {
- Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
- e.printStackTrace();
- throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
- }
- }
-
- public X509Credential getIDPAssertionEncryptionCredential()
- throws CredentialsNotAvailableException {
- try {
- if (keyStore == null)
- keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(),
- getKeyStorePassword());
-
- //if no encryption key is configured return null
- if (MiscUtil.isEmpty(getEncryptionKeyAlias()))
- return null;
-
- MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
- keyStore, getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
-
- credentials.setUsageType(UsageType.ENCRYPTION);
-
- if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
- Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: "
- + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
-
- }
-
- return (X509Credential) credentials;
-
- } catch (Exception e) {
- Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
- e.printStackTrace();
- throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
- }
- }
-
- public static Signature getIDPSignature(Credential credentials) {
- PrivateKey privatekey = credentials.getPrivateKey();
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
-
- if (privatekey instanceof RSAPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
- } else if (privatekey instanceof ECPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
- } else {
- Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential.");
-
-
- }
-
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
- return signer;
-
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
deleted file mode 100644
index 85de666c9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public class CredentialsNotAvailableException extends MOAIDException {
-
- public CredentialsNotAvailableException(String messageId,
- Object[] parameters) {
- super(messageId, parameters);
- }
-
- public CredentialsNotAvailableException(String messageId,
- Object[] parameters, Throwable e) {
- super(messageId, parameters, e);
- }
-
- /**
- *
- */
- private static final long serialVersionUID = -2564476345552842599L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index ebaef348c..389d97b18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -25,14 +25,14 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
import java.util.Properties;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
-@Service("IDPCredentialProvider")
+//@Service("PVPIDPCredentialProvider")
public class IDPCredentialProvider extends AbstractCredentialProvider {
public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
public static final String IDP_KS_PASS = "idp.ks.kspassword";
@@ -54,7 +54,7 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
* @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
*/
@Override
- public String getKeyStoreFilePath() throws ConfigurationException {
+ public String getKeyStoreFilePath() throws EAAFException {
if (props == null)
props = authConfig.getGeneralPVP2ProperiesConfig();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
deleted file mode 100644
index ef64efb56..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-public class SAMLSigner {
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
deleted file mode 100644
index 9d585bc86..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ /dev/null
@@ -1,292 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class AssertionAttributeExtractor {
-
- private Assertion assertion = null;
- private Map<String, List<String>> attributs = new HashMap<String, List<String>>();
- //private PersonalAttributeList storkAttributes = new PersonalAttributeList();
-
- private final List<String> minimalMDSAttributeNamesList = Arrays.asList(
- PVPConstants.PRINCIPAL_NAME_NAME,
- PVPConstants.GIVEN_NAME_NAME,
- PVPConstants.BIRTHDATE_NAME,
- PVPConstants.BPK_NAME);
-
- private final List<String> minimalIDLAttributeNamesList = Arrays.asList(
- PVPConstants.EID_IDENTITY_LINK_NAME,
- PVPConstants.EID_SOURCE_PIN_NAME,
- PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-
- /**
- * Parse the SAML2 Response element and extracts included information
- * <br><br>
- * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response is used!
- *
- * @param samlResponse SAML2 Response
- * @throws AssertionAttributeExtractorExeption
- */
- public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption {
- if (samlResponse != null && samlResponse instanceof Response) {
- List<Assertion> assertions = ((Response) samlResponse).getAssertions();
- if (assertions.size() == 0)
- throw new AssertionAttributeExtractorExeption("Assertion");
-
- else if (assertions.size() > 1)
- Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
-
- assertion = assertions.get(0);
-
- if (assertion.getAttributeStatements() != null &&
- assertion.getAttributeStatements().size() > 0) {
- AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
- for (Attribute attr : attrStat.getAttributes()) {
- if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {
- List<String> storkAttrValues = new ArrayList<String>();
- for (XMLObject el : attr.getAttributeValues())
- storkAttrValues.add(el.getDOM().getTextContent());
-
-// PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
-// false, storkAttrValues , "Available");
-// storkAttributes.put(attr.getName(), storkAttr );
-
- } else {
- List<String> attrList = new ArrayList<String>();
- for (XMLObject el : attr.getAttributeValues())
- attrList.add(el.getDOM().getTextContent());
-
- attributs.put(attr.getName(), attrList);
-
- }
- }
-
- }
-
- } else
- throw new AssertionAttributeExtractorExeption();
- }
-
- /**
- * Get all SAML2 attributes from first SAML2 AttributeStatement element
- *
- * @return List of SAML2 Attributes
- */
- public List<Attribute> getAllResponseAttributesFromFirstAttributeStatement() {
- return assertion.getAttributeStatements().get(0).getAttributes();
-
- }
-
- /**
- * Get all SAML2 attributes of specific SAML2 AttributeStatement element
- *
- * @param attrStatementID List ID of the AttributeStatement element
- * @return List of SAML2 Attributes
- */
- public List<Attribute> getAllResponseAttributes(int attrStatementID) {
- return assertion.getAttributeStatements().get(attrStatementID).getAttributes();
-
- }
-
- /**
- * check attributes from assertion with minimal required attribute list
- * @return
- */
- public boolean containsAllRequiredAttributes() {
- return containsAllRequiredAttributes(minimalMDSAttributeNamesList)
- || containsAllRequiredAttributes(minimalIDLAttributeNamesList);
-
- }
-
- /**
- * check attributes from assertion with attributeNameList
- * bPK or enc_bPK are always needed
- *
- * @param List of attributes which are required
- *
- * @return
- */
- public boolean containsAllRequiredAttributes(Collection<String> attributeNameList) {
-
- //first check if a bPK or an encrypted bPK is available
- boolean flag = true;
- for (String attr : attributeNameList) {
- if (!attributs.containsKey(attr)) {
- flag = false;
- Logger.debug("Assertion contains no Attribute " + attr);
-
- }
-
- }
-
- if (flag)
- return flag;
-
- else {
- Logger.debug("Assertion contains no all minimum attributes from: " + attributeNameList.toString());
- return false;
-
- }
- }
-
- public boolean containsAttribute(String attributeName) {
- return attributs.containsKey(attributeName);
-
- }
-
- public String getSingleAttributeValue(String attributeName) {
- if (attributs.containsKey(attributeName) && attributs.get(attributeName).size() > 0)
- return attributs.get(attributeName).get(0);
- else
- return null;
-
- }
-
- public List<String> getAttributeValues(String attributeName) {
- return attributs.get(attributeName);
-
- }
-
- /**
- * Return all include PVP attribute names
- *
- * @return
- */
- public Set<String> getAllIncludeAttributeNames() {
- return attributs.keySet();
-
- }
-
-// public PersonalAttributeList getSTORKAttributes() {
-// return storkAttributes;
-// }
-
-
- public String getNameID() throws AssertionAttributeExtractorExeption {
- if (assertion.getSubject() != null) {
- Subject subject = assertion.getSubject();
-
- if (subject.getNameID() != null) {
- if (MiscUtil.isNotEmpty(subject.getNameID().getValue()))
- return subject.getNameID().getValue();
-
- else
- Logger.error("SAML2 NameID Element is empty.");
- }
- }
-
- throw new AssertionAttributeExtractorExeption("nameID");
- }
-
- public String getSessionIndex() throws AssertionAttributeExtractorExeption {
- AuthnStatement authn = getAuthnStatement();
-
- if (MiscUtil.isNotEmpty(authn.getSessionIndex()))
- return authn.getSessionIndex();
-
- else
- throw new AssertionAttributeExtractorExeption("SessionIndex");
- }
-
- /**
- * @return
- * @throws AssertionAttributeExtractorExeption
- */
- public String getQAALevel() throws AssertionAttributeExtractorExeption {
- AuthnStatement authn = getAuthnStatement();
- if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) {
- AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef();
-
- if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef()))
- return qaaClass.getAuthnContextClassRef();
-
- else
- throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)");
- }
-
- throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");
- }
-
- public Assertion getFullAssertion() {
- return assertion;
- }
-
-
- /**
- * Get the Assertion validTo period
- *
- * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used.
- * If this is empty, this method returns value of SAML 'Conditions' element.
- *
- * @return Date, until this SAML2 assertion is valid
- */
- public Date getAssertionNotOnOrAfter() {
- if (getFullAssertion().getAuthnStatements() != null
- && getFullAssertion().getAuthnStatements().size() > 0) {
- for (AuthnStatement el : getFullAssertion().getAuthnStatements()) {
- if (el.getSessionNotOnOrAfter() != null)
- return (el.getSessionNotOnOrAfter().toDate());
- }
-
- }
-
- return getFullAssertion().getConditions().getNotOnOrAfter().toDate();
-
- }
-
- private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
- List<AuthnStatement> authnList = assertion.getAuthnStatements();
- if (authnList.size() == 0)
- throw new AssertionAttributeExtractorExeption("AuthnStatement");
-
- else if (authnList.size() > 1)
- Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used.");
-
- return authnList.get(0);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index e02ecb662..d7ada1f36 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -35,6 +35,7 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
deleted file mode 100644
index 29dd70545..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-
-import org.opensaml.Configuration;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.soap.soap11.Body;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.XMLObjectBuilderFactory;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.w3c.dom.Document;
-
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-
-public class SAML2Utils {
-
- public static <T> T createSAMLObject(final Class<T> clazz) {
- try {
- XMLObjectBuilderFactory builderFactory = Configuration
- .getBuilderFactory();
-
- QName defaultElementName = (QName) clazz.getDeclaredField(
- "DEFAULT_ELEMENT_NAME").get(null);
- @SuppressWarnings("unchecked")
- T object = (T) builderFactory.getBuilder(defaultElementName)
- .buildObject(defaultElementName);
- return object;
- } catch (Throwable e) {
- e.printStackTrace();
- return null;
- }
- }
-
- public static String getSecureIdentifier() {
- return "_".concat(Random.nextHexRandom16());
-
- /*Bug-Fix: There are open problems with RandomNumberGenerator via Java SPI and Java JDK 8.121
- * Generation of a 16bit Random identifier FAILES with an Caused by: java.lang.ArrayIndexOutOfBoundsException
- * Caused by: java.lang.ArrayIndexOutOfBoundsException
- at iaik.security.random.o.engineNextBytes(Unknown Source)
- at iaik.security.random.SecRandomSpi.engineNextBytes(Unknown Source)
- at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
- at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:62)
- at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56)
- at at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils.getSecureIdentifier(SAML2Utils.java:69)
- */
- //return idGenerator.generateIdentifier();
- }
-
- private static SecureRandomIdentifierGenerator idGenerator;
-
- private static DocumentBuilder builder;
- static {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- try {
- builder = factory.newDocumentBuilder();
- } catch (ParserConfigurationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- try {
- idGenerator = new SecureRandomIdentifierGenerator();
- } catch(NoSuchAlgorithmException e) {
- e.printStackTrace();
- }
- }
-
- public static Document asDOMDocument(XMLObject object) throws IOException,
- MarshallingException, TransformerException {
- Document document = builder.newDocument();
- Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
- object);
- out.marshall(object, document);
- return document;
- }
-
- public static Status getSuccessStatus() {
- Status status = SAML2Utils.createSAMLObject(Status.class);
- StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
- statusCode.setValue(StatusCode.SUCCESS_URI);
- status.setStatusCode(statusCode);
- return status;
- }
-
- public static int getDefaultAssertionConsumerServiceIndex(SPSSODescriptor spSSODescriptor) {
-
- List<AssertionConsumerService> assertionConsumerList = spSSODescriptor.getAssertionConsumerServices();
-
- for (AssertionConsumerService el : assertionConsumerList) {
- if (el.isDefault())
- return el.getIndex();
-
- }
-
- return 0;
- }
-
- public static Envelope buildSOAP11Envelope(XMLObject payload) {
- XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
- Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME);
- Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME);
-
- body.getUnknownXMLObjects().add(payload);
- envelope.setBody(body);
-
- return envelope;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
deleted file mode 100644
index 86ca591ee..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.ws.message.MessageContext;
-import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.ws.security.SecurityPolicyRule;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.validation.ValidationException;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule {
-
- private SignatureTrustEngine trustEngine = null;
- private QName peerEntityRole = null;
- /**
- * @param peerEntityRole
- *
- */
- public AbstractRequestSignedSecurityPolicyRule(SignatureTrustEngine trustEngine, QName peerEntityRole) {
- this.trustEngine = trustEngine;
- this.peerEntityRole = peerEntityRole;
-
- }
-
-
- /**
- * Reload the PVP metadata for a given entity
- *
- * @param entityID for which the metadata should be refreshed.
- * @return true if the refresh was successful, otherwise false
- */
- protected abstract boolean refreshMetadataProvider(String entityID);
-
-
- protected abstract SignableSAMLObject getSignedSAMLObject(XMLObject inboundData);
-
- /* (non-Javadoc)
- * @see org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext)
- */
- @Override
- public void evaluate(MessageContext context) throws SecurityPolicyException {
- try {
- verifySignature(context);
-
- } catch (SecurityPolicyException e) {
- if (MiscUtil.isEmpty(context.getInboundMessageIssuer())) {
- throw e;
-
- }
- Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer());
- if (!refreshMetadataProvider(context.getInboundMessageIssuer()))
- throw e;
-
- else {
- Logger.trace("PVP2X metadata reload finished. Check validate message again.");
- verifySignature(context);
-
- }
- Logger.trace("Second PVP2X message validation finished");
-
- }
-
-
- }
-
- private void verifySignature(MessageContext context) throws SecurityPolicyException {
- SignableSAMLObject samlObj = getSignedSAMLObject(context.getInboundMessage());
- if (samlObj != null && samlObj.getSignature() != null) {
-
- SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
- try {
- profileValidator.validate(samlObj.getSignature());
- performSchemaValidation(samlObj.getDOM());
-
- } catch (ValidationException e) {
- Logger.warn("Signature is not conform to SAML signature profile", e);
- throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-
- } catch (SchemaValidationException e) {
- Logger.warn("Signature is not conform to SAML signature profile", e);
- throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-
- }
-
-
-
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add( new EntityIDCriteria(context.getInboundMessageIssuer()) );
- criteriaSet.add( new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS) );
- criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
- try {
- if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new SecurityPolicyException("Signature validation FAILED.");
-
- }
- Logger.debug("PVP message signature valid.");
-
- } catch (org.opensaml.xml.security.SecurityException e) {
- Logger.info("PVP2x message signature validation FAILED. Message:" + e.getMessage());
- throw new SecurityPolicyException("Signature validation FAILED.");
-
- }
-
- } else {
- throw new SecurityPolicyException("PVP Message is not signed.");
-
- }
-
- }
-
- private void performSchemaValidation(Element source) throws SchemaValidationException {
-
- String err = null;
- try {
- Schema test = SAMLSchemaBuilder.getSAML11Schema();
- Validator val = test.newValidator();
- val.validate(new DOMSource(source));
- Logger.debug("Schema validation check done OK");
- return;
-
- } catch (SAXException e) {
- err = e.getMessage();
- if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
- Logger.warn("Schema validation FAILED with exception:", e);
- else
- Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-
- } catch (Exception e) {
- err = e.getMessage();
- if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
- Logger.warn("Schema validation FAILED with exception:", e);
- else
- Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-
- }
-
- throw new SchemaValidationException("pvp2.22", new Object[]{err});
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
deleted file mode 100644
index 7b7ba6883..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moaspss.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestValidator {
-
- public static void validate(AuthnRequest req) throws AuthnRequestValidatorException{
-
- //validate NameIDPolicy
- NameIDPolicy nameIDPolicy = req.getNameIDPolicy();
- if (nameIDPolicy != null) {
- String nameIDFormat = nameIDPolicy.getFormat();
- if (nameIDFormat != null) {
- if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
- NameID.PERSISTENT.equals(nameIDFormat) ||
- NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
-
- throw new NameIDFormatNotSupportedException(nameIDFormat);
-
- }
-
- } else
- Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");
- } else
- Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
-
-
-
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
index a9f9b206e..91de943d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
@@ -28,7 +28,8 @@ import java.util.List;
import org.opensaml.saml2.core.RequestAbstractType;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator;
public class ChainSAMLValidator implements ISAMLValidator {
@@ -39,7 +40,7 @@ private List<ISAMLValidator> validator = new ArrayList<ISAMLValidator>();
}
public void validateRequest(RequestAbstractType request)
- throws MOAIDException {
+ throws EAAFException {
Iterator<ISAMLValidator> validatorIterator = validator.iterator();
while(validatorIterator.hasNext()) {
ISAMLValidator validator = validatorIterator.next();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
deleted file mode 100644
index 4f697d986..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public interface ISAMLValidator {
- public void validateRequest(RequestAbstractType request) throws MOAIDException;
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
deleted file mode 100644
index 7b3f890e9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAPVPSignedRequestPolicyRule extends
- AbstractRequestSignedSecurityPolicyRule {
-
- private IMOARefreshableMetadataProvider metadataProvider = null;
-
- /**
- * @param metadataProvider
- * @param trustEngine
- * @param peerEntityRole
- */
- public MOAPVPSignedRequestPolicyRule(MetadataProvider metadataProvider, SignatureTrustEngine trustEngine,
- QName peerEntityRole) {
- super(trustEngine, peerEntityRole);
- if (metadataProvider instanceof IMOARefreshableMetadataProvider)
- this.metadataProvider = (IMOARefreshableMetadataProvider) metadataProvider;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String)
- */
- @Override
- protected boolean refreshMetadataProvider(String entityID) {
- if (metadataProvider != null)
- return metadataProvider.refreshMetadataProvider(entityID);
-
- return false;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject)
- */
- @Override
- protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) {
- if (inboundData instanceof SignableSAMLObject)
- return (SignableSAMLObject) inboundData;
-
- else
- return null;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
deleted file mode 100644
index efcf21b50..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
-import org.opensaml.ws.transport.http.HTTPInTransport;
-import org.opensaml.xml.util.DatatypeHelper;
-
-/**
- * @author tlenz
- *
- */
-public class MOASAML2AuthRequestSignedRole extends SAML2AuthnRequestsSignedRule {
-
- @Override
- protected boolean isMessageSigned(SAMLMessageContext messageContext) {
- // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings.
- HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport();
- String sigParam = inTransport.getParameterValue("Signature");
- boolean isSigned = !DatatypeHelper.isEmpty(sigParam);
-
- String sigAlgParam = inTransport.getParameterValue("SigAlg");
- boolean isSigAlgExists = !DatatypeHelper.isEmpty(sigAlgParam);
-
- return isSigned && isSigAlgExists;
-
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
index 952a6024a..9abaf9330 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -27,13 +27,14 @@ import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.xml.validation.ValidationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
public class SAMLSignatureValidator implements ISAMLValidator {
public void validateRequest(RequestAbstractType request)
- throws MOAIDException {
+ throws EAAFException {
if (request.getSignature() == null) {
throw new SAMLRequestNotSignedException();
}
@@ -48,7 +49,7 @@ public class SAMLSignatureValidator implements ISAMLValidator {
}
public static void validateSignable(SignableSAMLObject signableObject)
- throws MOAIDException {
+ throws EAAFException {
if (signableObject.getSignature() == null) {
throw new SAMLRequestNotSignedException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index d89d04664..e8aa93d43 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -23,7 +23,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import java.io.IOException;
-import java.util.List;
+import java.security.cert.CertificateException;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -36,79 +36,34 @@ import org.opensaml.xml.validation.ValidationException;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
public class EntityVerifier {
- public static byte[] fetchSavedCredential(String entityID) {
-// List<OnlineApplication> oaList = ConfigurationDBRead
-// .getAllActiveOnlineApplications();
- try {
- ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
-
- if (oa == null) {
- Logger.debug("No OnlineApplication with EntityID: " + entityID);
- return null;
-
- }
-
- String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
- if (MiscUtil.isNotEmpty(certBase64)) {
- return Base64Utils.decode(certBase64, false);
-
- }
-
- } catch (ConfigurationException | EAAFConfigurationException e) {
- Logger.error("Access MOA-ID configuration FAILED.", e);
-
- } catch (IOException e) {
- Logger.warn("Decoding PVP2X metadata certificate FAILED.", e);
-
- }
-
- return null;
- }
-
public static void verify(EntityDescriptor entityDescriptor)
- throws MOAIDException {
- if (entityDescriptor.getSignature() == null) {
- throw new SAMLRequestNotSignedException();
- }
-
- try {
- SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
- sigValidator.validate(entityDescriptor.getSignature());
- } catch (ValidationException e) {
- Logger.error("Failed to validate Signature", e);
- throw new SAMLRequestNotSignedException(e);
- }
-
+ throws EAAFException {
+
Credential credential = getSPTrustedCredential(entityDescriptor.getEntityID());
if (credential == null) {
throw new NoCredentialsException(entityDescriptor.getEntityID());
}
-
- SignatureValidator sigValidator = new SignatureValidator(credential);
- try {
- sigValidator.validate(entityDescriptor.getSignature());
- } catch (ValidationException e) {
- Logger.error("Failed to verfiy Signature", e);
- throw new SAMLRequestNotSignedException(e);
- }
+
+ verify(entityDescriptor, credential);
+
}
public static void verify(EntityDescriptor entityDescriptor, Credential cred)
- throws MOAIDException {
+ throws EAAFException {
if (entityDescriptor.getSignature() == null) {
throw new SAMLRequestNotSignedException();
}
@@ -131,7 +86,7 @@ public class EntityVerifier {
}
public static void verify(EntitiesDescriptor entityDescriptor,
- Credential cred) throws MOAIDException {
+ Credential cred) throws EAAFException {
if (entityDescriptor.getSignature() == null) {
throw new SAMLRequestNotSignedException();
}
@@ -153,55 +108,11 @@ public class EntityVerifier {
throw new SAMLRequestNotSignedException(e);
}
}
-
- public static void verify(EntitiesDescriptor entityDescriptor)
- throws MOAIDException {
- if (entityDescriptor.getSignature() == null) {
- throw new SAMLRequestNotSignedException();
- }
-
- try {
- SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
- sigValidator.validate(entityDescriptor.getSignature());
- } catch (ValidationException e) {
- Logger.error("Failed to validate Signature", e);
- throw new SAMLRequestNotSignedException(e);
- }
-
- List<EntityDescriptor> entities = entityDescriptor
- .getEntityDescriptors();
-
- if (entities.size() > 0) {
-
- if (entities.size() > 1) {
- Logger.warn("More then one EntityID in Metadatafile with Name "
- + entityDescriptor.getName()
- + " defined. Actually only the first"
- + " entryID is used to select the certificate to perform Metadata verification.");
- }
-
- Credential credential = getSPTrustedCredential(entities.get(0).getEntityID());
-
- if (credential == null) {
- throw new NoCredentialsException("moaID IDP");
- }
-
- SignatureValidator sigValidator = new SignatureValidator(credential);
- try {
- sigValidator.validate(entityDescriptor.getSignature());
-
- } catch (ValidationException e) {
- Logger.error("Failed to verfiy Signature", e);
- throw new SAMLRequestNotSignedException(e);
- }
- }
- }
-
+
public static Credential getSPTrustedCredential(String entityID)
throws CredentialsNotAvailableException {
- iaik.x509.X509Certificate cert = PVPConfiguration.getInstance()
- .getTrustEntityCertificate(entityID);
+ iaik.x509.X509Certificate cert = getTrustEntityCertificate(entityID);
if (cert == null) {
throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null);
@@ -214,5 +125,46 @@ public class EntityVerifier {
return credential;
}
+
+ private static iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
+
+ try {
+ Logger.trace("Load metadata signing certificate for online application " + entityID);
+ ISPConfiguration oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
+ if (oaParam == null) {
+ Logger.info("Online Application with ID " + entityID + " not found!");
+ return null;
+ }
+
+ String pvp2MetadataCertificateString =
+ oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+ if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) {
+ Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!");
+ return null;
+
+ }
+
+ X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false));
+ Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded.");
+ return cert;
+
+ } catch (CertificateException e) {
+ Logger.warn("Metadata signer certificate is not parsed.", e);
+ return null;
+
+ } catch (ConfigurationException e) {
+ Logger.error("Configuration is not accessable.", e);
+ return null;
+
+ } catch (IOException e) {
+ Logger.warn("Metadata signer certificate is not decodeable.", e);
+ return null;
+
+ } catch (EAAFConfigurationException e) {
+ Logger.error("Configuration is not accessable.", e);
+ return null;
+
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
deleted file mode 100644
index 50bc7fb68..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.validation.ValidationException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("SAMLVerificationEngine")
-public class SAMLVerificationEngine {
-
- @Autowired(required=true) MOAMetadataProvider metadataProvider;
-
- public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
- try {
- if (msg instanceof MOARequest &&
- ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
- verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
-
- else
- verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
-
- } catch (InvalidProtocolRequestException e) {
- if (MiscUtil.isEmpty(msg.getEntityID())) {
- throw e;
-
- }
- Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID());
-
- if (metadataProvider == null || !metadataProvider.refreshMetadataProvider(msg.getEntityID()))
- throw e;
-
- else {
- Logger.trace("PVP2X metadata reload finished. Check validate message again.");
-
- if (msg instanceof MOARequest &&
- ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
- verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
-
- else
- verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
-
- }
- Logger.trace("Second PVP2X message validation finished");
- }
- }
-
- public void verifyIDPResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException{
- verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- }
-
- public void verifySLOResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
- verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- }
-
- private void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine, QName defaultElementName) throws InvalidProtocolRequestException{
- SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
- try {
- profileValidator.validate(samlObj.getSignature());
- performSchemaValidation(samlObj.getDOM());
-
- } catch (ValidationException e) {
- Logger.warn("Signature is not conform to SAML signature profile", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile");
-
- } catch (SchemaValidationException e) {
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme");
-
- }
-
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS) );
- criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
- try {
- if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
- }
- } catch (org.opensaml.xml.security.SecurityException e) {
- Logger.warn("PVP2x message signature validation FAILED.", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
- }
- }
-
- public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
- SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
- try {
- profileValidator.validate(samlObj.getSignature());
- performSchemaValidation(samlObj.getDOM());
-
- } catch (ValidationException e) {
- Logger.warn("Signature is not conform to SAML signature profile", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request");
-
- } catch (SchemaValidationException e) {
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request");
-
- }
-
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
- criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
- try {
- if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
- }
- } catch (org.opensaml.xml.security.SecurityException e) {
- Logger.warn("PVP2x message signature validation FAILED.", e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
- }
- }
-
- protected void performSchemaValidation(Element source) throws SchemaValidationException {
-
- String err = null;
- try {
- Schema test = SAMLSchemaBuilder.getSAML11Schema();
- Validator val = test.newValidator();
- val.validate(new DOMSource(source));
- Logger.debug("Schema validation check done OK");
- return;
-
- } catch (SAXException e) {
- err = e.getMessage();
- if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
- Logger.warn("Schema validation FAILED with exception:", e);
- else
- Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-
- } catch (Exception e) {
- err = e.getMessage();
- if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
- Logger.warn("Schema validation FAILED with exception:", e);
- else
- Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-
- }
-
- throw new SchemaValidationException("pvp2.22", new Object[]{err});
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
index 385fe90fb..d1d8c9368 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
@@ -47,11 +47,12 @@ import org.opensaml.xml.validation.ValidationException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
import at.gv.egovernment.moa.logging.Logger;
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
deleted file mode 100644
index 3ea124db6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
-import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
-import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
-import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
-//import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
-//import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
-
-public class TrustEngineFactory {
-
-// public static SignatureTrustEngine getSignatureTrustEngine() {
-// try {
-// MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver(
-// MOAMetadataProvider.getInstance());
-//
-// List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
-// keyInfoProvider.add(new DSAKeyValueProvider());
-// keyInfoProvider.add(new RSAKeyValueProvider());
-// keyInfoProvider.add(new InlineX509DataProvider());
-//
-// KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
-// keyInfoProvider);
-//
-// PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(
-// mdResolver, keyInfoResolver);
-//
-// return engine;
-//
-// } catch (Exception e) {
-// e.printStackTrace();
-// return null;
-// }
-// }
-
- public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(MetadataProvider provider) {
- MetadataCredentialResolver resolver;
-
- resolver = new MetadataCredentialResolver(provider);
-
- List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
- keyInfoProvider.add(new DSAKeyValueProvider());
- keyInfoProvider.add(new RSAKeyValueProvider());
- keyInfoProvider.add(new InlineX509DataProvider());
-
- KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
- keyInfoProvider);
-
- ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
- resolver, keyInfoResolver);
-
- return engine;
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index 589713c4b..57f1c2f9a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -23,23 +23,20 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
import java.security.cert.CertificateException;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.BasicX509Credential;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.AbstractMetadataSignatureFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
import at.gv.egovernment.moa.logging.Logger;
import iaik.x509.X509Certificate;
-public class MetadataSignatureFilter implements MetadataFilter {
+public class MetadataSignatureFilter extends AbstractMetadataSignatureFilter {
private String metadataURL;
private BasicX509Credential savedCredential;
@@ -52,111 +49,52 @@ public class MetadataSignatureFilter implements MetadataFilter {
savedCredential.setEntityCertificate(cert);
}
- public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException {
-
-// String entityID = desc.getEntityID();
-
- EntityVerifier.verify(desc);
- }
-
- public void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
- Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
-
- if(desc.getSignature() != null) {
- EntityVerifier.verify(desc, this.savedCredential);
+ @Override
+ protected void verify(EntityDescriptor desc) throws PVP2MetadataException {
+ try {
+ EntityVerifier.verify(desc);
+
+ } catch (EAAFException e) {
+ Logger.info("PVP2 metadata verification FAILED for entity: " + desc.getEntityID()
+ + " Reason: " + e.getMessage());
+ throw new PVP2MetadataException("PVP2 metadata verification FAILED for entity: " + desc.getEntityID(), null, e);
}
- while(entID.hasNext()) {
- processEntitiesDescriptor(entID.next());
- }
-
- Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+ }
- List<EntityDescriptor> verifiedEntIT = new ArrayList<EntityDescriptor>();
-
- //check every Entity
-
- while(entIT.hasNext()) {
-
- EntityDescriptor entity = entIT.next();
-
- String entityID = entity.getEntityID();
-
- //CHECK if Entity also match MetaData signature.
- /*This check is necessary to prepend declaration of counterfeit OA metadata!!*/
- Logger.debug("Validate metadata for entityID: " + entityID + " ..... ");
- byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID);
-
- if (entityCert != null) {
+ @Override
+ protected void verify(EntitiesDescriptor desc) throws PVP2MetadataException {
+ try {
+ EntityVerifier.verify(desc, this.savedCredential);
- X509Certificate cert;
- try {
- cert = new X509Certificate(entityCert);
- BasicX509Credential entityCrendential = new BasicX509Credential();
- entityCrendential.setEntityCertificate(cert);
-
- EntityVerifier.verify(desc, entityCrendential);
-
- //add entity to verified entity-list
- verifiedEntIT.add(entity);
- Logger.debug("Metadata for entityID: " + entityID + " valid");
-
-
- } catch (Exception e) {
-
- //remove entity of signature can not be verified.
- Logger.info("Entity " + entityID + " is removed from metadata "
- + desc.getName() + ". Entity verification error: " + e.getMessage());
-// throw new MOAIDException("The App", null, e);
- }
-
- } else {
- //remove entity if it is not registrated as OA
- Logger.info("Entity " + entityID + " is removed from metadata "
- + desc.getName() + ". Entity is not registrated or no certificate is found!");
-// throw new NoCredentialsException("NO Certificate found for OA " + entityID);
- }
+ } catch (EAAFException e) {
+ Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL
+ + " Reason: " + e.getMessage());
+ throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e);
- //TODO: insert to support signed Entity-Elements
- //processEntityDescriptorr(entIT.next());
- }
+ }
- //set only verified entity elements
- desc.getEntityDescriptors().clear();
- desc.getEntityDescriptors().addAll(verifiedEntIT);
}
-
- public void doFilter(XMLObject metadata) throws SignatureValidationException {
+
+ @Override
+ protected void verify(EntityDescriptor entity, EntitiesDescriptor entities) throws PVP2MetadataException {
try {
- if (metadata instanceof EntitiesDescriptor) {
- EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
- if(entitiesDescriptor.getSignature() == null) {
- throw new MOAIDException("Root element of metadata file has to be signed", null);
- }
- processEntitiesDescriptor(entitiesDescriptor);
-
-
- if (entitiesDescriptor.getEntityDescriptors().size() == 0) {
- throw new MOAIDException("No valid entity in metadata "
- + entitiesDescriptor.getName() + ". Metadata is not loaded.", null);
- }
-
-
- } else if (metadata instanceof EntityDescriptor) {
- EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
- processEntityDescriptorr(entityDescriptor);
+ if (entity.isSigned()) {
+ Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is signed. Starting signature verification ... ");
+ EntityVerifier.verify(entity);
} else {
- throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+ Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is not signed. Verify EntitiesDescriptor by using 'Entity' certificate ... ");
+ Credential entityCredential = EntityVerifier.getSPTrustedCredential(entity.getEntityID());
+ EntityVerifier.verify(entities, entityCredential);
+
}
+ } catch (EAAFException e) {
+ Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL
+ + " Reason: " + e.getMessage());
+ throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e);
-
- Logger.info("Metadata signature policy check done OK");
- } catch (MOAIDException e) {
- Logger.warn("Metadata signature policy check FAILED.", e);
- throw new SignatureValidationException(e);
}
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
deleted file mode 100644
index caabfea30..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.samlext.saml2mdattr.EntityAttributes;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moaspss.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class PVPEntityCategoryFilter implements MetadataFilter {
-
-
- private boolean isUsed = false;
-
- /**
- * Filter to map PVP EntityCategories into a set of single PVP attributes
- *
- * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
- *
- */
- public PVPEntityCategoryFilter(boolean isUsed) {
- this.isUsed = isUsed;
- }
-
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
- */
- @Override
- public void doFilter(XMLObject metadata) throws FilterException {
-
- if (isUsed) {
- Logger.trace("Map PVP EntityCategory to single PVP Attributes ... ");
- String entityId = null;
- try {
- if (metadata instanceof EntitiesDescriptor) {
- Logger.trace("Find EnitiesDescriptor ... ");
- EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
- if (entitiesDesc.getEntityDescriptors() != null) {
- for (EntityDescriptor el : entitiesDesc.getEntityDescriptors())
- resolveEntityCategoriesToAttributes(el);
-
- }
-
- } else if (metadata instanceof EntityDescriptor) {
- Logger.trace("Find EntityDescriptor");
- resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
-
-
- } else
- throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
-
-
-
- } catch (Exception e) {
- Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
-
- }
-
- } else
- Logger.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
-
- }
-
- private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
- Logger.debug("Resolving EntityCategorie for Entity: " + metadata.getEntityID() + " ...");
- Extensions extensions = metadata.getExtensions();
- if (extensions != null) {
- List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
- if (listOfExt != null && !listOfExt.isEmpty()) {
- Logger.trace("Find #" + listOfExt.size() + " 'Extension' elements ");
- for (XMLObject el : listOfExt) {
- Logger.trace("Find ExtensionElement: " + el.getElementQName().toString());
- if (el instanceof EntityAttributes) {
- EntityAttributes entityAttrElem = (EntityAttributes)el;
- if (entityAttrElem.getAttributes() != null) {
- Logger.trace("Find EntityAttributes. Start attribute processing ...");
- for (Attribute entityAttr : entityAttrElem.getAttributes()) {
- if (entityAttr.getName().equals(PVPConstants.ENTITY_CATEGORY_ATTRIBITE)) {
- if (!entityAttr.getAttributeValues().isEmpty()) {
- String entityAttrValue = entityAttr.getAttributeValues().get(0).getDOM().getTextContent();
- if (PVPConstants.EGOVTOKEN.equals(entityAttrValue)) {
- Logger.debug("Find 'EGOVTOKEN' EntityAttribute. Adding single pvp attributes ... ");
- addAttributesToEntityDescriptor(metadata,
- buildAttributeList(PVPConstants.EGOVTOKEN_PVP_ATTRIBUTES),
- entityAttrValue);
-
-
- } else if (PVPConstants.CITIZENTOKEN.equals(entityAttrValue)) {
- Logger.debug("Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... ");
- addAttributesToEntityDescriptor(metadata,
- buildAttributeList(PVPConstants.CITIZENTOKEN_PVP_ATTRIBUTES),
- entityAttrValue);
-
- } else
- Logger.info("EntityAttributeValue: " + entityAttrValue + " is UNKNOWN!");
-
- } else
- Logger.info("EntityAttribute: No attribute value");
-
- } else
- Logger.info("EntityAttribute: " + entityAttr.getName() + " is NOT supported");
-
- }
-
- } else
- Logger.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
-
- }
- }
-
- } else
- Logger.trace("'Extension' element is 'null' or empty");
-
- } else
- Logger.trace("No 'Extension' element found");
-
- }
-
- /**
- * @param metadata
- * @param attrList
- */
- private void addAttributesToEntityDescriptor(EntityDescriptor metadata, List<RequestedAttribute> attrList, String entityAttr) {
- SPSSODescriptor spSSODesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
- if (spSSODesc != null) {
- if (spSSODesc.getAttributeConsumingServices() == null ||
- spSSODesc.getAttributeConsumingServices().isEmpty()) {
- Logger.trace("No 'AttributeConsumingServices' found. Added it ...");
-
- AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);
- attributeService.setIndex(0);
- attributeService.setIsDefault(true);
- ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
- serviceName.setName(new LocalizedString("Default Service", "en"));
- attributeService.getNames().add(serviceName);
-
- if (attrList != null && !attrList.isEmpty()) {
- attributeService.getRequestAttributes().addAll(attrList);
- Logger.info("Add " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr);
-
- }
-
- spSSODesc.getAttributeConsumingServices().add(attributeService);
-
- } else {
- Logger.debug("Find 'AttributeConsumingServices'. Starting updating process ... ");
- for (AttributeConsumingService el : spSSODesc.getAttributeConsumingServices()) {
- Logger.debug("Update 'AttributeConsumingService' with Index: " + el.getIndex());
-
- //load currently requested attributes
- List<String> currentlyReqAttr = new ArrayList<String>();
- for (RequestedAttribute reqAttr : el.getRequestAttributes())
- currentlyReqAttr.add(reqAttr.getName());
-
-
- //check against EntityAttribute List
- for (RequestedAttribute entityAttrListEl : attrList) {
- if (!currentlyReqAttr.contains(entityAttrListEl.getName())) {
- el.getRequestAttributes().add(entityAttrListEl);
-
- } else
- Logger.debug("'AttributeConsumingService' already contains attr: " + entityAttrListEl.getName());
-
- }
-
- }
-
- }
-
- } else
- Logger.info("Can ONLY add 'EntityAttributes' to 'SPSSODescriptor'");
-
- }
-
- private List<RequestedAttribute> buildAttributeList(List<Trible<String, String, Boolean>> attrSet) {
- List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
- for (Trible<String, String, Boolean> el : attrSet)
- requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));
-
- return requestedAttributes;
-
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
deleted file mode 100644
index 4c1da747b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import java.security.cert.CertificateException;
-
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
-
-/**
- * @author tlenz
- *
- */
-public class PVPMetadataFilterChain extends MetadataFilterChain {
-
-
- /**
- * @throws CertificateException
- *
- */
- public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException {
- addDefaultFilters(url, certificate);
- }
-
- public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
- addFilter(new MetadataSignatureFilter(url, certificate));
-
- }
-
-
-
-
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
deleted file mode 100644
index 83a2b61d2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationFilter implements MetadataFilter {
-
- private boolean isActive = true;
-
- public SchemaValidationFilter() {
- try {
- isActive = AuthConfigurationProviderFactory.getInstance().isPVPSchemaValidationActive();
-
- } catch (ConfigurationException e) {
- e.printStackTrace();
- }
- }
-
- /**
- *
- */
- public SchemaValidationFilter(boolean useSchemaValidation) {
- this.isActive = useSchemaValidation;
- }
-
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
- */
- @Override
- public void doFilter(XMLObject arg0) throws SchemaValidationException {
-
- String errString = null;
-
- if (isActive) {
- try {
- Schema test = SAMLSchemaBuilder.getSAML11Schema();
- Validator val = test.newValidator();
- DOMSource source = new DOMSource(arg0.getDOM());
- val.validate(source);
- Logger.info("Metadata Schema validation check done OK");
- return;
-
- } catch (SAXException e) {
- if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
- Logger.warn("Metadata Schema validation FAILED with exception:", e);
- else
- Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-
- errString = e.getMessage();
-
- } catch (Exception e) {
- if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
- Logger.warn("Metadata Schema validation FAILED with exception:", e);
- else
- Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-
- errString = e.getMessage();
-
- }
-
- throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString);
-
- } else
- Logger.info("Metadata Schema validation check is DEACTIVATED!");
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
deleted file mode 100644
index e7412a0fc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.saml2;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MetadataFilterChain implements MetadataFilter {
-
- private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
-
- /**
- * Return all actually used Metadata filters
- *
- * @return List of Metadata filters
- */
- public List<MetadataFilter> getFilters() {
- return filters;
- }
-
- /**
- * Add a new Metadata filter to filterchain
- *
- * @param filter
- */
- public void addFilter(MetadataFilter filter) {
- filters.add(filter);
- }
-
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
- */
- @Override
- public void doFilter(XMLObject arg0) throws FilterException {
- for (MetadataFilter filter : filters) {
- Logger.trace("Use MOAMetadataFilter " + filter.getClass().getName());
- filter.doFilter(arg0);
- }
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index c5f02e7de..f303adfe5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -44,6 +44,8 @@ import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -60,8 +62,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.EncryptedData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index ff9c4e358..5f2ec046a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -28,6 +28,8 @@ import java.util.List;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -38,8 +40,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
/**
* @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
index 3e3d9dafc..10e22c806 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
@@ -25,6 +25,9 @@ package at.gv.egovernment.moa.id.util;
import java.io.IOException;
import java.util.Properties;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
import at.gv.egovernment.moa.id.data.AuthenticationRole;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -33,7 +36,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
-public class LoALevelMapper {
+@Service("MOAIDLoALevelMapper")
+public class LoALevelMapper implements ILoALevelMapper{
private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
@@ -46,18 +50,8 @@ public class LoALevelMapper {
private static final String MAPPING_EIDAS_PREFIX = "eidas_";
private Properties mapping = null;
-
- private static LoALevelMapper instance = null;
-
- public static LoALevelMapper getInstance() {
- if (instance == null) {
- instance = new LoALevelMapper();
- }
-
- return instance;
- }
-
- private LoALevelMapper() {
+
+ public LoALevelMapper() {
try {
mapping = new Properties();
mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
@@ -72,6 +66,43 @@ public class LoALevelMapper {
}
+ public String mapToeIDASLoA(String qaa) {
+ if (qaa.startsWith(STORK_QAA_PREFIX))
+ return mapSTORKQAAToeIDASQAA(qaa);
+
+ else if (qaa.startsWith(PVP_SECCLASS_PREFIX))
+ return mapSTORKQAAToeIDASQAA(mapSecClassToQAALevel(qaa));
+
+ else if (qaa.startsWith(MAPPING_EIDAS_PREFIX))
+ return qaa;
+
+ else {
+ Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper");
+ return null;
+
+ }
+
+ }
+
+ public String mapToSecClass(String qaa) {
+ if (qaa.startsWith(STORK_QAA_PREFIX))
+ return mapStorkQAAToSecClass(qaa);
+
+ else if (qaa.startsWith(MAPPING_EIDAS_PREFIX))
+ return mapStorkQAAToSecClass(mapeIDASQAAToSTORKQAA(qaa));
+
+ else if (qaa.startsWith(PVP_SECCLASS_PREFIX))
+ return qaa;
+
+ else {
+ Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper");
+ return null;
+
+ }
+
+ }
+
+
/**
* Map STORK QAA level to eIDAS QAA level
*
@@ -118,7 +149,7 @@ public class LoALevelMapper {
* @param STORK-QAA level
* @return PVP SecClass pvpQAALevel
*/
- public String mapToSecClass(String storkQAALevel) {
+ public String mapStorkQAAToSecClass(String storkQAALevel) {
if (mapping != null) {
String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());
String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
@@ -137,7 +168,7 @@ public class LoALevelMapper {
* @param PVP SecClass pvpQAALevel
* @return STORK-QAA level
*/
- public String mapToQAALevel(String pvpQAALevel) {
+ public String mapSecClassToQAALevel(String pvpQAALevel) {
if (mapping != null) {
String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());
String mappedQAA = mapping.getProperty(input);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
deleted file mode 100644
index ca71ad946..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.util;
-
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotAllowedException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class QAALevelVerifier {
-
- public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException {
-
- if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) &&
- (EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) ||
- EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
- EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
- )
- Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-
- else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) &&
- (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
- EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
- )
- Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-
- else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
- Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-
- else
- throw new QAANotAllowedException(qaaAuth, qaaRequest);
-
- }
-}