approved changes

author: Florian Reimair <florian.reimair@iaik.tugraz.at> 2015-08-10 16:35:14 +0200
committer: Florian Reimair <florian.reimair@iaik.tugraz.at> 2015-08-10 16:45:26 +0200
commit: 496ba9bb6e150ad67c5c628c1c97f30d6da81dfb (patch)
tree: 1dbe494358ab717b2bf94bae9fd3c3f90f4dbd58 /id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
parent: f71531346c6be197957311712ba093e024545e37 (diff)
download: moa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.tar.gz
moa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.tar.bz2
moa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.zip
1 files changed, 59 insertions, 40 deletions
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
index 6a7e1f7c0..7bf5d5ca8 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
@@ -202,8 +202,7 @@ public final class STORKSAMLEngine extends SAMLEngine {
 		try {
 			engine = new STORKSAMLEngine(nameInstance.trim());
 		} catch (Exception e) {
-			LOG.error("Error getting instance: " + nameInstance);
-			e.printStackTrace();
+			LOG.error("Error get instance: " + nameInstance);
 		}
 		return engine;
 	}
@@ -389,15 +388,9 @@ public final class STORKSAMLEngine extends SAMLEngine {
 
 		final Subject subject = SAMLEngineUtils.generateSubject();
 
-		// Mandatory STORK verified
-		// String format = NameID.UNSPECIFIED
-		// specification: 'SAML:2.0' exist
-		// opensaml: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
-		// opensaml "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
-		final String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
+		final String format = super.getSamlCoreProperties().getFormat();
 
 		final String nameQualifier = "";
-
 		LOG.debug("Generate NameID");
 		final NameID nameId = SAMLEngineUtils.generateNameID(super.getSamlCoreProperties().getResponder(), format, nameQualifier);
 		nameId.setValue(format);
@@ -1102,7 +1095,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
 		// Validate Parameters mandatories
 		validateParamAttrQueryReq(request);
 
-		// final AttributeQuery attrQueryRequestAux = SAMLEngineUtils
 		final CustomAttributeQuery attrQueryRequestAux = SAMLEngineUtils.generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime());
 
 		// Set name spaces.
@@ -1930,6 +1922,8 @@ public final class STORKSAMLEngine extends SAMLEngine {
 			citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils.createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME);
 
 			citizenCountryCode.setCitizenCountryCode(request.getCitizenCountryCode().toUpperCase());
+
+			extensions.getUnknownXMLObjects().add(citizenCountryCode);
 		}
 
 		SPID spid = null;
@@ -1938,6 +1932,8 @@ public final class STORKSAMLEngine extends SAMLEngine {
 			spid = (SPID) SAMLEngineUtils.createSamlObject(SPID.DEF_ELEMENT_NAME);
 
 			spid.setSPID(request.getSPID().toUpperCase());
+
+			extensions.getUnknownXMLObjects().add(spid);
 		}
 
 		return extensions;
@@ -2493,11 +2489,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
 			throw new STORKSAMLEngineException("StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");
 		}
 
-		// Destination of the request - not mandatory
-		/*
-		 * if (StringUtils.isBlank(request.getDestination())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Destination is mandatory."); }
-		 */
-
 		// SP country is empty
 		if (StringUtils.isBlank(request.getSpCountry())) {
 			throw new STORKSAMLEngineException("StorkSamlEngine: SP country is mandatory.");
@@ -2525,12 +2516,7 @@ public final class STORKSAMLEngine extends SAMLEngine {
 	 */
 	private void validateParamLogoutReq(final STORKLogoutRequest request) throws STORKSAMLEngineException {
 		LOG.info("Validate parameters from logout request.");
-
 		// URL to which AP Response must be sent.
-		/*
-		 * if (StringUtils.isBlank(request.get())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); }
-		 */
-
 		// Destination of the request
 		if (StringUtils.isBlank(request.getDestination())) {
 			throw new STORKSAMLEngineException("StorkSamlEngine: Destination is mandatory.");
@@ -2591,9 +2577,9 @@ public final class STORKSAMLEngine extends SAMLEngine {
 			throw new STORKSAMLEngineException("Issuer must be not empty or null.");
 		}
 
-		if (responseAuthReq.getPersonalAttributeList() == null || responseAuthReq.getPersonalAttributeList().isEmpty()) {
-			LOG.error("PersonalAttributeList is null or empty.");
-			throw new STORKSAMLEngineException("PersonalAttributeList is null or empty.");
+		if (responseAuthReq.getPersonalAttributeList() == null) {
+			LOG.error("PersonalAttributeList is null.");
+			throw new STORKSAMLEngineException("PersonalAttributeList is null.");
 		}
 
 		if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
@@ -2627,10 +2613,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
 			throw new STORKSAMLEngineException("PersonalAttributeList is null or empty.");
 		}
 
-		/*
-		 * if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { throw new STORKSAMLEngineException( "assertionConsumerServiceURL is null or empty."); }
-		 */
-
 		if (StringUtils.isBlank(request.getSamlId())) {
 			throw new STORKSAMLEngineException("request ID is null or empty.");
 		}
@@ -2840,7 +2822,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
 		attrRequest.setDestination(samlRequest.getDestination());
 		attrRequest.setAssertionConsumerServiceURL(samlRequest.getAssertionConsumerServiceURL());
 
-		/* authnRequest.setProviderName(samlRequest.getProviderName()); */
 		attrRequest.setIssuer(samlRequest.getIssuer().getValue());
 
 		// Delete unknown elements from requested ones
@@ -2881,13 +2862,15 @@ public final class STORKSAMLEngine extends SAMLEngine {
 
 		final LogoutRequest samlRequest = (LogoutRequest) validateStorkSaml(tokenSaml);
 
-		LOG.debug("Validate Extensions.");
-		final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
-		try {
-			validatorExt.validate(samlRequest.getExtensions());
-		} catch (ValidationException e) {
-			LOG.error("ValidationException: validate Extensions.", e);
-			throw new STORKSAMLEngineException(e);
+		if (samlRequest.getExtensions() != null) {
+			LOG.debug("Validate Extensions.");
+			final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
+			try {
+				validatorExt.validate(samlRequest.getExtensions());
+			} catch (ValidationException e) {
+				LOG.error("ValidationException: validate Extensions.", e);
+				throw new STORKSAMLEngineException(e);
+			}
 		}
 
 		LOG.debug("Generate STORKLogoutRequest.");
@@ -2909,6 +2892,43 @@ public final class STORKSAMLEngine extends SAMLEngine {
 	}
 
 	/**
+	 * Validate stork logout response.
+	 * 
+	 * @param tokenSaml
+	 *            The SAML token
+	 * 
+	 * @return the STORK logout response
+	 * 
+	 * @throws STORKSAMLEngineException
+	 *             the STORKSAML engine exception
+	 */
+	public STORKLogoutResponse validateSTORKLogoutResponse(final byte[] tokenSaml) throws STORKSAMLEngineException {
+
+		LOG.info("validate STORK Logout Response");
+
+		final LogoutResponse samlRes = (LogoutResponse) validateStorkSaml(tokenSaml);
+
+		LOG.debug("Generate STORKLogoutResponse.");
+		final STORKLogoutResponse logoutRes = new STORKLogoutResponse();
+
+		try {
+			logoutRes.setTokenSaml(super.signAndMarshall(samlRes));
+		} catch (SAMLEngineException e) {
+			LOG.error("Sign and Marshall.", e);
+			throw new STORKSAMLEngineException(e);
+		}
+
+		logoutRes.setAlias(this.getAlias(samlRes.getSignature().getKeyInfo(), super.getSigner().getTrustStore()));
+		logoutRes.setSamlId(samlRes.getID());
+		logoutRes.setDestination(samlRes.getDestination());
+		logoutRes.setIssuer(samlRes.getIssuer().getValue());
+		logoutRes.setStatusCode(samlRes.getStatus().getStatusCode().getValue().toString());
+		logoutRes.setStatusMessage(samlRes.getStatus().getStatusMessage().getMessage().toString());
+		logoutRes.setInResponseTo(samlRes.getInResponseTo());
+		return logoutRes;
+	}
+
+	/**
 	 * Validate stork authentication response.
 	 * 
 	 * @param tokenSaml
@@ -3060,16 +3080,15 @@ public final class STORKSAMLEngine extends SAMLEngine {
 		authnResponse.setAssertions(samlResponse.getAssertions());
 		if (samlResponse.getAssertions().size() > 1) {
 			PersonalAttributeList total = new PersonalAttributeList();
-			List<IPersonalAttributeList> attrList = new ArrayList();
+			List<IPersonalAttributeList> attrList = new ArrayList<IPersonalAttributeList>();
 			for (int i = 0; i < samlResponse.getAssertions().size(); i++) {
 				Assertion tempAssertion = (Assertion) samlResponse.getAssertions().get(i);
 				IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion);
 				if (temp != null) {
 					attrList.add(temp);
-					for (PersonalAttribute attribute : temp) {
-						PersonalAttribute attr = (PersonalAttribute) attribute.clone();
-						attr.setName(attr.getName() + tempAssertion.getID());
-						total.add(attr);
+					for (PersonalAttribute attribute : (IPersonalAttributeList) temp.clone()) {
+						attribute.setName(attribute.getName() + tempAssertion.getID());
+						total.add(attribute);
 					}
 				}
 			}
author	Florian Reimair <florian.reimair@iaik.tugraz.at>	2015-08-10 16:35:14 +0200
committer	Florian Reimair <florian.reimair@iaik.tugraz.at>	2015-08-10 16:45:26 +0200
commit	496ba9bb6e150ad67c5c628c1c97f30d6da81dfb (patch)
tree	1dbe494358ab717b2bf94bae9fd3c3f90f4dbd58 /id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
parent	f71531346c6be197957311712ba093e024545e37 (diff)
download	moa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.tar.gz moa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.tar.bz2 moa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.zip