diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-03-21 14:45:05 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-03-21 14:45:05 +0100 |
commit | f3f35663f362ce6722eaa26598fb5aa8c4c6d962 (patch) | |
tree | bc9d66ebe1b5b840c6e3bf0087a8dd58040528a1 /id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java | |
parent | 05212e955f2c44bd3150b47d9d534c5a73eb71d1 (diff) | |
parent | 658cb68c445d5b73815c43b66dd717483a425ea5 (diff) | |
download | moa-id-spss-f3f35663f362ce6722eaa26598fb5aa8c4c6d962.tar.gz moa-id-spss-f3f35663f362ce6722eaa26598fb5aa8c4c6d962.tar.bz2 moa-id-spss-f3f35663f362ce6722eaa26598fb5aa8c4c6d962.zip |
Merge remote-tracking branch 'remotes/origin/vidp' into moa2_0_tlenz
Conflicts:
id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
id/server/moa-id-commons/pom.xml
id/server/stork2-saml-engine/pom.xml
pom.xml
repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.jar
repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.pom
Diffstat (limited to 'id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java')
-rw-r--r-- | id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java | 836 |
1 files changed, 415 insertions, 421 deletions
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java index e993c0e46..26635e337 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java @@ -1,421 +1,415 @@ -/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine;
-
-import java.io.ByteArrayInputStream;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.xml.ConfigurationException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallerFactory;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.parse.XMLParserException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.auth.engine.core.STORKSAMLCore;
-import eu.stork.peps.auth.engine.core.impl.CustomAttributeQueryMarshaller;
-import eu.stork.peps.auth.engine.core.impl.CustomAttributeQueryUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SignModuleFactory;
-import eu.stork.peps.configuration.ConfigurationCreator;
-import eu.stork.peps.configuration.ConfigurationReader;
-import eu.stork.peps.configuration.InstanceEngine;
-import eu.stork.peps.exceptions.SAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
-
-/**
- * Class that wraps the operations over SAML tokens, both generation and
- * validation of SAML requests and SAML responses. Compliant with "OASIS Secure
- * Assertion Markup Language (SAML) 2.0, May 2005", but taking into account
- * STORK specific requirements.
- *
- * @author fjquevedo
- * @author iinigo
- */
-
-public class SAMLEngine {
-
- /** The Document Builder Factory. */
- private static javax.xml.parsers.DocumentBuilderFactory dbf = null;
-
- /** The instance of every engine SAML. */
- private static Map<String, InstanceEngine> instanceConfigs;
-
- /** The instances of SAML engine. */
- private static Map<String, Map<String, Object>> instances;
-
- /** The logger. */
- private static final Logger LOG = LoggerFactory.getLogger(SAMLEngine.class
- .getName());
-
- /** The Constant MODULE_SIGN_CONF. */
- private static final String MODULE_SIGN_CONF = "SignatureConf";
-
- /** The Constant SAML_ENGINE_SIGN_CLASS. */
- private static final String SAML_ENGINE_SIGN_CLASS = "class";
-
- /** The Constant SAML_ENGINE_CONF. */
- private static final String SAML_ENGINE_CONF = "SamlEngineConf";
-
- /** The Constant SAML_ENGINE_FILE_CONF. */
- private static final String SAML_ENGINE_FILE_CONF = "fileConfiguration";
-
- /** The codification of characters. */
- private static final String CHARACTER_ENCODING = "UTF-8";
-
- /** The SAML core. */
- private STORKSAMLCore samlCore;
-
- /** The Module of Signature. */
- private SAMLEngineSignI signer;
-
-
- /** Initializes the SAML engine. */
- /** Configure Document Builder Factory. */
-
- static {
- startUp();
- loadDocumentFactory();
- }
-
- /**
- * Load document factory.
- */
- private static void loadDocumentFactory() {
-
- try {
- dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance();
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
- dbf.setNamespaceAware(true);
- dbf.setIgnoringComments(true);
- } catch (ParserConfigurationException e) {
- LOG.error("Error parser configuration.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
-
- }
-
- /**
- * Method that initializes the basic services for the SAML Engine, like the
- * OpenSAML library and the BouncyCastle provider.
- */
- private static void startUp() {
-
- LOG.info("SAMLEngine: Initialize OpenSAML");
-
- //TLenz: MOA-ID uses an own Bootstrap
-// try {
-// DefaultBootstrap.bootstrap();
-// } catch (ConfigurationException e) {
-// LOG.error("Problem initializing the OpenSAML library.");
-// throw new STORKSAMLEngineRuntimeException(e);
-// }
-
- LOG.debug("Read all file configurations. (instances of SAMLEngine)");
- try {
- instanceConfigs = ConfigurationReader.readConfiguration();
- } catch (SAMLEngineException e) {
- LOG.error("Error read configuration file.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
-
- LOG.debug("Create all instaces of saml engine. (instances of SAMLEngine)");
- try {
- instances = ConfigurationCreator
- .createConfiguration(instanceConfigs);
- } catch (STORKSAMLEngineException e) {
- LOG.error("Error initializing instances from Stork SAML engine.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
- }
-
- /**
- * Instantiates a new SAML engine.
- */
- private SAMLEngine() {
-
- }
-
- /**
- * Instantiates a new SAML engine.
- *
- * @param nameInstance the name instance
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- protected SAMLEngine(final String nameInstance)
- throws STORKSAMLEngineException {
- LOG.info("Loading Specific Configuration.");
-
- LOG.debug("Create intance of saml messages.");
-
- Map<String, Object> instance = instances.get(nameInstance);
-
- if (instance == null || instance.isEmpty()) {
- LOG.error("Instance: " + nameInstance + " not exist.");
- throw new STORKSAMLEngineException("Instance: " + nameInstance
- + " not exist.");
- }
-
- Properties properties = (Properties) instance.get(SAML_ENGINE_CONF);
-
- if (properties == null) {
- LOG.error("SamlEngine.xml: not exist.");
- throw new STORKSAMLEngineException("SamlEngine.xml: not exist.");
- }
-
- samlCore = new STORKSAMLCore(properties);
-
- final HashMap<String, String> propertiesSign = (HashMap<String, String>) instance
- .get(MODULE_SIGN_CONF);
-
- LOG.debug("Loading Module of sign.");
- signer = SignModuleFactory.getInstance(propertiesSign
- .get(SAML_ENGINE_SIGN_CLASS));
-
- try {
- LOG.info("Initialize module of sign.");
- signer.init(propertiesSign.get(SAML_ENGINE_FILE_CONF));
- LOG.info("Load cryptographic service provider of module of sign.");
- signer.loadCryptServiceProvider();
- } catch (SAMLEngineException e) {
- LOG.error("Error create signature module: "
- + propertiesSign.get(SAML_ENGINE_FILE_CONF));
- LOG.info("Exception" + e);
- throw new STORKSAMLEngineException(e);
- }
- }
-
- /**
- * Gets the Signer properties.
- *
- * @return the SAML Sign properties
- */
- protected SAMLEngineSignI getSigner() {
- return signer;
- }
-
- /**
- * Gets the SAML core properties.
- *
- * @return the SAML core properties
- */
- protected final STORKSAMLCore getSamlCoreProperties() {
- return samlCore;
- }
-
- /**
- * Method that transform the received SAML object into a byte array
- * representation.
- *
- * @param samlToken the SAML token.
- *
- * @return the byte[] of the SAML token.
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- private byte[] marshall(final XMLObject samlToken)
- throws SAMLEngineException {
-
- try {
- javax.xml.parsers.DocumentBuilder docBuilder = null;
-
- final MarshallerFactory marshallerFactory = Configuration
- .getMarshallerFactory();
-
- final Marshaller marshaller;
- if (samlToken.getElementQName().toString().endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
- marshaller = new CustomAttributeQueryMarshaller();
- else
- marshaller = marshallerFactory
- .getMarshaller(samlToken);
-
- docBuilder = dbf.newDocumentBuilder();
-
- final Document doc = docBuilder.newDocument();
-
- marshaller.marshall(samlToken, doc);
-
- // Obtain a byte array representation of the marshalled SAML object
- final DOMSource domSource = new DOMSource(doc);
- final StringWriter writer = new StringWriter();
- final StreamResult result = new StreamResult(writer);
- final TransformerFactory transFactory = TransformerFactory
- .newInstance();
- Transformer transformer;
-
- transformer = transFactory.newTransformer();
- transformer.transform(domSource, result);
- LOG.debug("SAML request \n"+ writer.toString());
- return writer.toString().getBytes(CHARACTER_ENCODING);
-
- } catch (ParserConfigurationException e) {
- LOG.error("ParserConfigurationException.");
- throw new SAMLEngineException(e);
- } catch (MarshallingException e) {
- LOG.error("MarshallingException.");
- throw new SAMLEngineException(e);
- } catch (TransformerConfigurationException e) {
- LOG.error("TransformerConfigurationException.");
- throw new SAMLEngineException(e);
- } catch (TransformerException e) {
- LOG.error("TransformerException.");
- throw new SAMLEngineException(e);
- } catch (UnsupportedEncodingException e) {
- LOG.error("UnsupportedEncodingException: " + CHARACTER_ENCODING);
- throw new SAMLEngineException(e);
- }
- }
-
- /**
- * Method that signs a SAML Token.
- *
- * @param tokenSaml the token SAML
- *
- * @return the SAML object sign
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- private SignableSAMLObject sign(final SignableSAMLObject tokenSaml)
- throws SAMLEngineException {
- LOG.debug("Sign SamlToken.");
- signer.sign(tokenSaml);
- return tokenSaml;
- }
-
- /**
- * Sign and transform to byte array.
- *
- * @param samlToken the SAML token
- *
- * @return the byte[] of the SAML token
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- protected final byte[] signAndMarshall(final SignableSAMLObject samlToken)
- throws SAMLEngineException {
- LOG.debug("Marshall Saml Token.");
- SignableSAMLObject signElement = sign(samlToken);
- return marshall(signElement);
- }
-
- /**
- * Method that unmarshalls a SAML Object from a byte array representation to
- * an XML Object.
- *
- * @param samlToken Byte array representation of a SAML Object
- *
- * @return XML Object (superclass of SAMLObject)
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- protected final XMLObject unmarshall(final byte[] samlToken)
- throws SAMLEngineException {
- try {
- // Get parser pool manager
- final BasicParserPool ppMgr = new BasicParserPool();
- // Note: this is necessary due to an unresolved Xerces deferred DOM
- // issue/bug
- final HashMap<String, Boolean> features = new HashMap<String, Boolean>();
- features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- ppMgr.setBuilderFeatures(features);
-
- ppMgr.setNamespaceAware(true);
-
- // Parse SAMLToken
- Document document = ppMgr.parse(new ByteArrayInputStream(samlToken));
- if (document != null){
- final Element root = document.getDocumentElement();
- // Get appropriate unmarshaller
- final UnmarshallerFactory unmarshallerFact = Configuration.getUnmarshallerFactory();
- // Unmarshall using the SAML Token root element
- if (unmarshallerFact != null && root != null){
- final Unmarshaller unmarshaller;
- if (root.getLocalName().equals(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
- unmarshaller = new CustomAttributeQueryUnmarshaller();
- else
- unmarshaller = unmarshallerFact.getUnmarshaller(root);
- try {
- return unmarshaller.unmarshall(root);
- } catch (NullPointerException e){
- LOG.error("Error element tag incomplet or null.");
- throw new SAMLEngineException("NullPointerException", e);
- }
- } else {
- LOG.error("Error element tag incomplet or null.");
- throw new SAMLEngineException("NullPointerException : unmarshallerFact or root is null");
- }
- } else {
- LOG.error("Error element tag incomplet or null.");
- throw new SAMLEngineException("NullPointerException : document is null");
- }
- } catch (XMLParserException e) {
- LOG.error("XML Parsing Error.", e);
- throw new SAMLEngineException(e);
- } catch (UnmarshallingException e) {
- LOG.error("TransformerException.", e);
- throw new SAMLEngineException(e);
- } catch (NullPointerException e) {
- LOG.error("Error element tag incomplet or null.", e);
- throw new SAMLEngineException(e);
- }
- }
-
- /**
- * Method that validates an XML Signature contained in a SAML Token.
- *
- * @param samlToken the SAML token
- *
- * @return the SAML object
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- protected final SAMLObject validateSignature(
- final SignableSAMLObject samlToken) throws SAMLEngineException {
-
- LOG.info("Validate Signature");
- signer.validateSignature(samlToken);
-
- return samlToken;
- }
-}
+/* + * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. You may + * obtain a copy of the Licence at: + * + * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * Licence for the specific language governing permissions and limitations under + * the Licence. + */ + +package eu.stork.peps.auth.engine; + +import java.io.ByteArrayInputStream; +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +import javax.xml.XMLConstants; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.opensaml.Configuration; +import org.opensaml.DefaultBootstrap; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.xml.ConfigurationException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallerFactory; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.parse.XMLParserException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import eu.stork.peps.auth.engine.core.CustomAttributeQuery; +import eu.stork.peps.auth.engine.core.SAMLEngineSignI; +import eu.stork.peps.auth.engine.core.STORKSAMLCore; +import eu.stork.peps.auth.engine.core.impl.CustomAttributeQueryMarshaller; +import eu.stork.peps.auth.engine.core.impl.CustomAttributeQueryUnmarshaller; +import eu.stork.peps.auth.engine.core.impl.SignModuleFactory; +import eu.stork.peps.configuration.ConfigurationCreator; +import eu.stork.peps.configuration.ConfigurationReader; +import eu.stork.peps.configuration.InstanceEngine; +import eu.stork.peps.exceptions.SAMLEngineException; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException; + +/** + * Class that wraps the operations over SAML tokens, both generation and + * validation of SAML requests and SAML responses. Compliant with "OASIS Secure + * Assertion Markup Language (SAML) 2.0, May 2005", but taking into account + * STORK specific requirements. + * + * @author fjquevedo + * @author iinigo + */ + +public class SAMLEngine { + + /** The Document Builder Factory. */ + private static javax.xml.parsers.DocumentBuilderFactory dbf = null; + + /** The instance of every engine SAML. */ + private static Map<String, InstanceEngine> instanceConfigs; + + /** The instances of SAML engine. */ + private static Map<String, Map<String, Object>> instances; + + /** The logger. */ + private static final Logger LOG = LoggerFactory.getLogger(SAMLEngine.class + .getName()); + + /** The Constant MODULE_SIGN_CONF. */ + private static final String MODULE_SIGN_CONF = "SignatureConf"; + + /** The Constant SAML_ENGINE_SIGN_CLASS. */ + private static final String SAML_ENGINE_SIGN_CLASS = "class"; + + /** The Constant SAML_ENGINE_CONF. */ + private static final String SAML_ENGINE_CONF = "SamlEngineConf"; + + /** The Constant SAML_ENGINE_FILE_CONF. */ + private static final String SAML_ENGINE_FILE_CONF = "fileConfiguration"; + + /** The codification of characters. */ + private static final String CHARACTER_ENCODING = "UTF-8"; + + /** The SAML core. */ + private STORKSAMLCore samlCore; + + /** The Module of Signature. */ + private SAMLEngineSignI signer; + + + /** Initializes the SAML engine. */ + /** Configure Document Builder Factory. */ + + static { + startUp(); + loadDocumentFactory(); + } + + /** + * Load document factory. + */ + private static void loadDocumentFactory() { + try { + dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); + dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + dbf.setNamespaceAware(true); + dbf.setIgnoringComments(true); + } catch (ParserConfigurationException e) { + LOG.error("Error parser configuration."); + throw new STORKSAMLEngineRuntimeException(e); + } + } + + /** + * Method that initializes the basic services for the SAML Engine, like the + * OpenSAML library and the BouncyCastle provider. + */ + private static void startUp() { + + LOG.info("SAMLEngine: Initialize OpenSAML"); + + + +/* Commented because it makes a problems with PVP2 MOA-ID + try { + DefaultBootstrap.bootstrap(); + } catch (ConfigurationException e) { + LOG.error("Problem initializing the OpenSAML library."); + throw new STORKSAMLEngineRuntimeException(e); + } +*/ + + LOG.debug("Read all file configurations. (instances of SAMLEngine)"); + try { + instanceConfigs = ConfigurationReader.readConfiguration(); + } catch (SAMLEngineException e) { + LOG.error("Error read configuration file."); + throw new STORKSAMLEngineRuntimeException(e); + } + + LOG.debug("Create all instances of saml engine. (instances of SAMLEngine)"); + try { + instances = ConfigurationCreator + .createConfiguration(instanceConfigs); + } catch (STORKSAMLEngineException e) { + LOG.error("Error initializing instances from Stork SAML engine."); + throw new STORKSAMLEngineRuntimeException(e); + } + } + + /** + * Instantiates a new SAML engine. + * + * @param nameInstance the name instance + * + * @throws STORKSAMLEngineException the STORKSAML engine exception + */ + protected SAMLEngine(final String nameInstance) + throws STORKSAMLEngineException { + LOG.info("Loading Specific Configuration."); + + LOG.debug("Create intance of saml messages."); + + Map<String, Object> instance = instances.get(nameInstance); + + if (instance == null || instance.isEmpty()) { + LOG.error("Instance: " + nameInstance + " not exist."); + throw new STORKSAMLEngineException("Instance: " + nameInstance + + " not exist."); + } + + Properties properties = (Properties) instance.get(SAML_ENGINE_CONF); + + if (properties == null) { + LOG.error("SamlEngine.xml: not exist."); + throw new STORKSAMLEngineException("SamlEngine.xml: not exist."); + } + + samlCore = new STORKSAMLCore(properties); + + final HashMap<String, String> propertiesSign = (HashMap<String, String>) instance + .get(MODULE_SIGN_CONF); + + LOG.debug("Loading Module of sign."); + signer = SignModuleFactory.getInstance(propertiesSign + .get(SAML_ENGINE_SIGN_CLASS)); + + try { + LOG.info("Initialize module of sign."); + signer.init(propertiesSign.get(SAML_ENGINE_FILE_CONF)); + LOG.info("Load cryptographic service provider of module of sign."); + signer.loadCryptServiceProvider(); + } catch (SAMLEngineException e) { + LOG.error("Error create signature module: " + + propertiesSign.get(SAML_ENGINE_FILE_CONF)); + LOG.info("Exception" + e); + throw new STORKSAMLEngineException(e); + } + } + + /** + * Gets the Signer properties. + * + * @return the SAML Sign properties + */ + protected SAMLEngineSignI getSigner() { + return signer; + } + + /** + * Gets the SAML core properties. + * + * @return the SAML core properties + */ + protected final STORKSAMLCore getSamlCoreProperties() { + return samlCore; + } + + /** + * Method that transform the received SAML object into a byte array + * representation. + * + * @param samlToken the SAML token. + * + * @return the byte[] of the SAML token. + * + * @throws SAMLEngineException the SAML engine exception + */ + private byte[] marshall(final XMLObject samlToken) + throws SAMLEngineException { + + try { + javax.xml.parsers.DocumentBuilder docBuilder = null; + + final MarshallerFactory marshallerFactory = Configuration + .getMarshallerFactory(); + + final Marshaller marshaller; + if (samlToken.getElementQName().toString().endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME)) + marshaller = new CustomAttributeQueryMarshaller(); + else + marshaller = marshallerFactory + .getMarshaller(samlToken); + + docBuilder = dbf.newDocumentBuilder(); + + final Document doc = docBuilder.newDocument(); + + marshaller.marshall(samlToken, doc); + + // Obtain a byte array representation of the marshalled SAML object + final DOMSource domSource = new DOMSource(doc); + final StringWriter writer = new StringWriter(); + final StreamResult result = new StreamResult(writer); + final TransformerFactory transFactory = TransformerFactory + .newInstance(); + Transformer transformer; + + transformer = transFactory.newTransformer(); + transformer.transform(domSource, result); + LOG.debug("SAML request \n"+ writer.toString()); + return writer.toString().getBytes(CHARACTER_ENCODING); + + } catch (ParserConfigurationException e) { + LOG.error("ParserConfigurationException."); + throw new SAMLEngineException(e); + } catch (MarshallingException e) { + LOG.error("MarshallingException."); + throw new SAMLEngineException(e); + } catch (TransformerConfigurationException e) { + LOG.error("TransformerConfigurationException."); + throw new SAMLEngineException(e); + } catch (TransformerException e) { + LOG.error("TransformerException."); + throw new SAMLEngineException(e); + } catch (UnsupportedEncodingException e) { + LOG.error("UnsupportedEncodingException: " + CHARACTER_ENCODING); + throw new SAMLEngineException(e); + } + } + + /** + * Method that signs a SAML Token. + * + * @param tokenSaml the token SAML + * + * @return the SAML object sign + * + * @throws SAMLEngineException the SAML engine exception + */ + private SignableSAMLObject sign(final SignableSAMLObject tokenSaml) + throws SAMLEngineException { + LOG.debug("Sign SamlToken."); + signer.sign(tokenSaml); + return tokenSaml; + } + + /** + * Sign and transform to byte array. + * + * @param samlToken the SAML token + * + * @return the byte[] of the SAML token + * + * @throws SAMLEngineException the SAML engine exception + */ + protected final byte[] signAndMarshall(final SignableSAMLObject samlToken) + throws SAMLEngineException { + LOG.debug("Marshall Saml Token."); + SignableSAMLObject signElement = sign(samlToken); + return marshall(signElement); + } + + /** + * Method that unmarshalls a SAML Object from a byte array representation to + * an XML Object. + * + * @param samlToken Byte array representation of a SAML Object + * + * @return XML Object (superclass of SAMLObject) + * + * @throws SAMLEngineException the SAML engine exception + */ + protected final XMLObject unmarshall(final byte[] samlToken) + throws SAMLEngineException { + try { + // Get parser pool manager + final BasicParserPool ppMgr = new BasicParserPool(); + // Note: this is necessary due to an unresolved Xerces deferred DOM + // issue/bug + final HashMap<String, Boolean> features = new HashMap<String, Boolean>(); + features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + ppMgr.setBuilderFeatures(features); + + ppMgr.setNamespaceAware(true); + + // Parse SAMLToken + Document document = ppMgr.parse(new ByteArrayInputStream(samlToken)); + if (document != null){ + final Element root = document.getDocumentElement(); + // Get appropriate unmarshaller + final UnmarshallerFactory unmarshallerFact = Configuration.getUnmarshallerFactory(); + // Unmarshall using the SAML Token root element + if (unmarshallerFact != null && root != null){ + final Unmarshaller unmarshaller; + if (root.getLocalName().equals(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME)) + unmarshaller = new CustomAttributeQueryUnmarshaller(); + else + unmarshaller = unmarshallerFact.getUnmarshaller(root); + try { + return unmarshaller.unmarshall(root); + } catch (NullPointerException e){ + LOG.error("Error element tag incomplet or null."); + throw new SAMLEngineException("NullPointerException", e); + } + } else { + LOG.error("Error element tag incomplet or null."); + throw new SAMLEngineException("NullPointerException : unmarshallerFact or root is null"); + } + } else { + LOG.error("Error element tag incomplet or null."); + throw new SAMLEngineException("NullPointerException : document is null"); + } + } catch (XMLParserException e) { + LOG.error("XML Parsing Error.", e); + throw new SAMLEngineException(e); + } catch (UnmarshallingException e) { + LOG.error("TransformerException.", e); + throw new SAMLEngineException(e); + } catch (NullPointerException e) { + LOG.error("Error element tag incomplet or null.", e); + throw new SAMLEngineException(e); + } + } + + /** + * Method that validates an XML Signature contained in a SAML Token. + * + * @param samlToken the SAML token + * + * @return the SAML object + * + * @throws SAMLEngineException the SAML engine exception + */ + protected final SAMLObject validateSignature( + final SignableSAMLObject samlToken) throws SAMLEngineException { + + LOG.info("Validate Signature"); + signer.validateSignature(samlToken); + + return samlToken; + } +} |