diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-15 13:29:20 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-15 13:29:20 +0200 |
commit | c1b2382fcecd5bc47935ad46e16824802cfadeb2 (patch) | |
tree | ebeb43a02d12c263cbb03f73a94341710188ca96 /id/server/idserverlib/src | |
parent | 25de471cd8bf27d0cfa084edd29018596c804861 (diff) | |
download | moa-id-spss-c1b2382fcecd5bc47935ad46e16824802cfadeb2.tar.gz moa-id-spss-c1b2382fcecd5bc47935ad46e16824802cfadeb2.tar.bz2 moa-id-spss-c1b2382fcecd5bc47935ad46e16824802cfadeb2.zip |
add pvp2.1 configuration fpr assertion encryption key in moa-id.properties
update handbook pvp2.1 configuration
Diffstat (limited to 'id/server/idserverlib/src')
2 files changed, 41 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 9f2ad2e1b..c189d44a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -69,9 +69,9 @@ public class PVPConfiguration { return instance; } - public static final String PVP2_METADATA = "/pvp2/metadata"; - public static final String PVP2_REDIRECT = "/pvp2/redirect"; - public static final String PVP2_POST = "/pvp2/post"; + public static final String PVP2_METADATA = "/pvp2/metadata"; + public static final String PVP2_REDIRECT = "/pvp2/redirect"; + public static final String PVP2_POST = "/pvp2/post"; public static final String PVP_CONFIG_FILE = "pvp2config.properties"; @@ -84,6 +84,9 @@ public class PVPConfiguration { public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias"; public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword"; + public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias"; + public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword"; + public static final String IDP_ISSUER_NAME = "idp.issuer.name"; public static final String METADATA_FILE = "md.dir"; @@ -173,6 +176,14 @@ public class PVPConfiguration { return props.getProperty(IDP_KEY_PASSASSERTION); } + public String getIDPKeyAliasAssertionEncryption() { + return props.getProperty(IDP_KEYALIASASSERTION); + } + + public String getIDPKeyPasswordAssertionEncryption() { + return props.getProperty(IDP_KEY_PASSASSERTION); + } + public String getIDPIssuerName() throws ConfigurationException { if (moaIDVersion == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java index d95e21a0e..48e435777 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.KeyStoreUtils; +import at.gv.egovernment.moa.util.MiscUtil; public class CredentialProvider { @@ -86,7 +87,32 @@ public class CredentialProvider { throw new CredentialsNotAvailableException(e.getMessage(), null); } } - + + public static X509Credential getIDPAssertionEncryptionCredential() + throws CredentialsNotAvailableException { + PVPConfiguration config = PVPConfiguration.getInstance(); + try { + if (keyStore == null) + keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), + config.getIDPKeyStorePassword()); + + //if no encryption key is configured return null + if (MiscUtil.isEmpty(config.getIDPKeyAliasAssertionEncryption())) + return null; + + MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( + keyStore, config.getIDPKeyAliasAssertionEncryption(), config + .getIDPKeyPasswordAssertionEncryption().toCharArray()); + + credentials.setUsageType(UsageType.ENCRYPTION); + return (X509Credential) credentials; + } catch (Exception e) { + Logger.error("Failed to generate IDP Assertion Encryption credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException(e.getMessage(), null); + } + } + public static Signature getIDPSignature(Credential credentials) { PrivateKey privatekey = credentials.getPrivateKey(); |