diff options
author | Florian Reimair <florian.reimair@iaik.tugraz.at> | 2015-08-10 16:35:14 +0200 |
---|---|---|
committer | Florian Reimair <florian.reimair@iaik.tugraz.at> | 2015-08-10 16:45:26 +0200 |
commit | 496ba9bb6e150ad67c5c628c1c97f30d6da81dfb (patch) | |
tree | 1dbe494358ab717b2bf94bae9fd3c3f90f4dbd58 /id/server | |
parent | f71531346c6be197957311712ba093e024545e37 (diff) | |
download | moa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.tar.gz moa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.tar.bz2 moa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.zip |
approved changes
Diffstat (limited to 'id/server')
47 files changed, 685 insertions, 405 deletions
diff --git a/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java b/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java index 9ed726a32..49ef68cb9 100644 --- a/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java +++ b/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java @@ -76,10 +76,4 @@ public class EIDSectorShareImpl extends AbstractSAMLObject implements public final List<XMLObject> getOrderedChildren() { return null; } - - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } }
\ No newline at end of file diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java index f47cca6be..28115ae62 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java @@ -1,13 +1,20 @@ package eu.stork.peps.auth.commons;
+import java.io.Serializable;
+
/**
* This class is a bean used to store information relative to Attribute Names.
- *
+ *
* @author Stelios Lelis (stelios.lelis@aegean.gr), Elias Pastos (ilias@aegean.gr)
*
* @version $Revision: 1.00 $, $Date: 2013-11-26 $
*/
-public final class AttributeName {
+public final class AttributeName implements Serializable {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3537736618869722308L;
/**
* Attribute Id.
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java index 24d93f9bb..c59109092 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java @@ -91,4 +91,22 @@ public class AttributeProvidersMap extends LinkedHashMap<AttributeSource, IPerso }
LOG.trace("END\n=======================");
}
+
+ public void mergeWith(IAttributeProvidersMap aPMap) {
+ Iterator<AttributeSource> maKeys = aPMap.keyIterator();
+ while (maKeys.hasNext()) {
+ AttributeSource key = maKeys.next();
+ IPersonalAttributeList l2 = aPMap.get(key);
+ if (containsKey(key)) {
+ IPersonalAttributeList l1 = get(key);
+ for (PersonalAttribute pa : l2) {
+ if (!l1.containsKey(pa.getName())) {
+ l1.add(pa);
+ }
+ }
+ } else {
+ put(key, l2);
+ }
+ }
+ }
}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java index 8064131a7..eb5e3ded4 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java @@ -148,10 +148,11 @@ public final class AttributeSource implements Serializable { LOG.debug("Calling equals with Object.");
if (obj instanceof AttributeSource) {
LOG.debug("Calling equals with AttributeSource.");
- outcome = this.equals((AttributeSource) obj);
+ outcome = this.innerEquals((AttributeSource) obj);
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Object equals outcome: " + outcome);
}
-
- LOG.debug("Object equals outcome: " + outcome);
return outcome;
}
@@ -163,7 +164,7 @@ public final class AttributeSource implements Serializable { *
* @return true if the two objects are equal
*/
- public boolean equals(AttributeSource obj) {
+ public boolean innerEquals(AttributeSource obj) {
boolean outcome = false;
if (this.sourceType == obj.getSourceType()) {
@@ -175,8 +176,9 @@ public final class AttributeSource implements Serializable { outcome = true;
}
}
-
- LOG.debug("AttributeSource equals outcome: " + outcome);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("AttributeSource equals outcome: " + outcome);
+ }
return outcome;
}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java index 18218dce4..f49986aaf 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java @@ -108,7 +108,7 @@ public final class AttributeUtil { strBuilder.append(AttributeUtil.escape(s) + separator); } } - return strBuilder.toString(); + return strBuilder.substring(0, strBuilder.length() - 1).toString(); } /** @@ -132,7 +132,7 @@ public final class AttributeUtil { strBuilder.append(AttributeUtil.escape(entry.getValue())); strBuilder.append(separator); } - return strBuilder.toString(); + return strBuilder.substring(0, strBuilder.length() - 1).toString(); } /** diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java index ffae4ae67..bdcf58fec 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java @@ -109,6 +109,18 @@ public interface IAttributeListProcessor { IPersonalAttributeList removeAPMandatoryAttributes(IPersonalAttributeList attrList, Map<String, Boolean> attributes); /** + * Removes from attribute list the Stork list of attributes. + * + * @param attrList + * the requested attribute list + * + * @return the attribute list without rejected attributes. + * + * @see IPersonalAttributeList + */ + IPersonalAttributeList removeAPRejectedAttributes(IPersonalAttributeList attrList); + + /** * Checks if mandate attribute exist in the requested Attribute List. Power attribute name to lookup is loaded by implementation. * * @param attrList @@ -153,4 +165,39 @@ public interface IAttributeListProcessor { */ Map<String, Boolean> getNormalAttributesAdded(); -}
\ No newline at end of file + /** + * Adds normal attributes to personal attribute list if exist in original list (allAttrList). + * + * @param attrList + * the list which will be updated + * @param allAttrList + * the list to check if attributes are to be included. + * + * + * @return the attributes list updated. + */ + IPersonalAttributeList addNormalAttributes(IPersonalAttributeList attrList, IPersonalAttributeList allAttrList); + + /** + * Updates list by filtering any attribute that must be requested instead of using a value obtained from cache (business and legal attrs) + * + * @param attrList + * the list which will be updated + * @return the filtered list + */ + IPersonalAttributeList filterAttrList(IPersonalAttributeList attrList); + + /** + * Updates the list of cached attrs by inserting the business and/or legal attrs requested by the user + * + * @param cachedAttrList + * @param requestedAttrsList + */ + void updateAttrList(IPersonalAttributeList cachedAttrList, IPersonalAttributeList requestedAttrsList); + + /** + * Verifies if normal attribute list contains any attribute that we must always request (usually business attributes) + */ + boolean hasAlwaysRequestAttributes(IPersonalAttributeList attributeList); + +} diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java index aa0ddf85b..cc5fe977f 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java @@ -78,4 +78,11 @@ public interface IAttributeProvidersMap { * @return an iterator of the keys contained in this map
*/
Iterator<AttributeSource> keyIterator();
+
+ /**
+ * Merges this Attribute Providers Map with another providers map changes the contents of this map so it returns null
+ *
+ * @param aPMap
+ */
+ void mergeWith(IAttributeProvidersMap aPMap);
}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java index 71b3400b4..7eb788461 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java @@ -43,6 +43,20 @@ public interface IPersonalAttributeList extends Iterable<PersonalAttribute>, Clo PersonalAttribute put(String key, PersonalAttribute value); /** + * Replaces the specified value with the specified key in this Personal Attribute List. + * + * @param key + * with which the specified value is to be replaced. + * @param value + * to be associated with the specified key. + * + * @return the previous value associated with key, or null if there was no mapping for key. + * + * @see PersonalAttribute + */ + PersonalAttribute replace(String key, PersonalAttribute value); + + /** * Returns the value to which the specified key is mapped, or null if this map contains no mapping for the key. * * @param key @@ -147,6 +161,13 @@ public interface IPersonalAttributeList extends Iterable<PersonalAttribute>, Clo IPersonalAttributeList getMandatoryAttributes(); /** + * Returns a IPersonalAttributeList merged with provided one. + * + * @return an IPersonalAttributeList the attribute list to merge with. + */ + IPersonalAttributeList merge(IPersonalAttributeList attrList); + + /** * Returns a IPersonalAttributeList of the optional attributes in this map. * * @return an IPersonalAttributeList of the optional attributes contained in this map. @@ -172,6 +193,6 @@ public interface IPersonalAttributeList extends Iterable<PersonalAttribute>, Clo * * @return The copy of this IPersonalAttributeList. */ - Object clone() throws CloneNotSupportedException; + Object clone(); } diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java index f82f6fbcc..87ab4275f 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java @@ -5,6 +5,7 @@ import java.util.ArrayList; import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
+import java.util.Map;
import org.apache.log4j.Logger;
@@ -36,7 +37,7 @@ public final class Linker implements Serializable { /**
* Assertion map.
*/
- private LinkedHashMap<AttributeSource, STORKAttrQueryResponse> assertions;
+ private Map<AttributeSource, List<STORKAttrQueryResponse>> assertions;
/**
* The current index of local (domestic) Attribute Providers.
@@ -55,7 +56,7 @@ public final class Linker implements Serializable { localIndex = 0;
remoteIndex = 0;
- assertions = new LinkedHashMap<AttributeSource, STORKAttrQueryResponse>();
+ assertions = new LinkedHashMap<AttributeSource, List<STORKAttrQueryResponse>>();
}
/**
@@ -143,13 +144,19 @@ public final class Linker implements Serializable { localIndex++;
// Assertion storage
- this.assertions.put(source, attrResponse);
- // previously: getTotalPersonalAttributeList() in both cases
- if (source.getSourceType() == AttributeSource.SOURCE_REMOTE_COUNTRY)
+ if (this.assertions.containsKey(source)) {
+ this.assertions.get(source).add(attrResponse);
+ } else {
+ List<STORKAttrQueryResponse> temp = new ArrayList<STORKAttrQueryResponse>();
+ temp.add(attrResponse);
+ this.assertions.put(source, temp);
+ }
+
+ if (source.getSourceType() == AttributeSource.SOURCE_REMOTE_COUNTRY) {
this.attributeProvidersMap.put(source, attrResponse.getTotalPersonalAttributeList());
- else
+ } else {
this.attributeProvidersMap.put(source, attrResponse.getPersonalAttributeList());
- // this.attributeProvidersMap.put(source, attrResponse.getTotalPersonalAttributeList());
+ }
}
/**
@@ -312,5 +319,13 @@ public final class Linker implements Serializable { LOG.debug("The attributeProvidersMap after the merge.");
((AttributeProvidersMap) this.attributeProvidersMap).trace();
}
+
+ for (AttributeSource as : previous.assertions.keySet()) {
+ if (!assertions.containsKey(as)) {
+ assertions.put(as, previous.assertions.get(as));
+ } else {
+ assertions.get(as).addAll(previous.assertions.get(as));
+ }
+ }
}
-}
\ No newline at end of file +}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java index ac83d5ddf..7d758d754 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java @@ -314,7 +314,17 @@ public enum PEPSErrors { /** * Represents the 'invalid.attr.country.code' constant error identifier. */ - INVALID_COUNTRY_CODE("invalid.attr.country.code"); + INVALID_COUNTRY_CODE("invalid.attr.country.code"), + /** + * DTL error codes. + */ + DTL_ERROR_ADD("dtl.error.adding.doc"), DTL_ERROR_GET("dtl.error.getting.doc"), DTL_ERROR_REQUEST("dtl.error.request.attribute"), DTL_INVALID_XML("dtl.invalid.xml"), DTL_EMPTY_REQUEST( + "dtl.empty.request"), DTL_ERROR_DOCUMENT_URL("dtl.error.no.document.url"), DTL_ERROR_NO_DOCUMENT("dtl.error.no.document"), DTL_ERROR_MARSHALL_SIGNREQUEST("dtl.error.marshall.signrequest"), DTL_ERROR_MARSHALL_SIGNRESPONSE( + "dtl.error.marshall.signresponse"), + /** + * Represents the 'colleagueAttributeRequest.invalidSAML' constant error identifier. + */ + COLLEAGUE_LOGOUT_INVALID_SAML("colleagueLogoutRequest.invalidSAML"); /** * Represents the constant's value. diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java index ec967a2ee..6b876b680 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java @@ -69,6 +69,10 @@ public enum PEPSParameters { */ ATTRIBUTE_LIST("attrList"), /** + * Represents the 'allAttrList' parameter constant. + */ + ALL_ATTRIBUTE_LIST("allAttrList"), + /** * Represents the 'apMandAttrList' parameter constant. */ AP_MANDATORY_ATTRIBUTE_LIST("apMandAttrList"), @@ -106,7 +110,7 @@ public enum PEPSParameters { /** * Represents the complex attributes parameter constant. */ - COMPLEX_ADDRESS_VALUE("canonicalResidenceAddress"), COMPLEX_NEWATTRIBUTE_VALUE("newAttribute2"), COMPLEX_HASDEGREE_VALUE("hasDegree"), COMPLEX_MANDATECONTENT_VALUE("mandateContent"), + COMPLEX_ADDRESS_VALUE("canonicalResidenceAddress"), COMPLEX_NEWATTRIBUTE_VALUE("newAttribute2"), COMPLEX_HASDEGREE_VALUE("hasDegree"), COMPLEX_MANDATECONTENT_VALUE("mandate"), /** * Represents the 'consent-type' parameter constant. */ @@ -603,8 +607,23 @@ public enum PEPSParameters { /** * Represents the 'idPDerivedAttrList' parameter constant. */ - - IDP_DERIVED_ATTR_LIST("idPDerivedAttrList"); + IDP_DERIVED_ATTR_LIST("idPDerivedAttrList"), + /** + * Represents the 'apRejectedAttrsList' parameter constant. + */ + AP_REJECTED_ATTRS_LIST("apRejectedAttrsList"), + /** + * Represents the 'logoutRequest' parameter constant. + */ + LOGOUT_REQUEST("logoutRequest"), + /** + * Represents the 'logoutRequest' parameter constant. + */ + LOGOUT_RESPONSE("logoutResponse"), + /** + * Represents the 'logoutRequest' parameter constant. + */ + LOGOUT_DEST_URL("speps.logout.destination.url"); /** * Represents the constant's value. diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java index 9cc587d7f..a63db12e1 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java @@ -246,7 +246,11 @@ public enum PEPSValues { /** * Represents the 'attr-filter' constant value. */ - AP_ATTRFILTER_PREFIX("attr-filter"); + AP_ATTRFILTER_PREFIX("attr-filter"), + /** + * Represents the 'save-session' constant value. + */ + SAVED_SESSION("saved-session"); /** * Represents the constant's value. diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java index 49ea3e695..8d1482f05 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java @@ -18,7 +18,7 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; +import java.util.Vector; import org.apache.log4j.Logger; @@ -60,7 +60,7 @@ public final class PersonalAttribute implements Serializable, Cloneable { /** * Complex values of the personal attribute. */ - private Map<String, String> complexValue = new ConcurrentHashMap<String, String>(); + private List<Map<String, String>> complexValue = new Vector<Map<String, String>>(); /** * Is the personal attribute mandatory? @@ -138,8 +138,7 @@ public final class PersonalAttribute implements Serializable, Cloneable { personalAttr.setValue(val); } if (!isEmptyComplexValue()) { - final Map<String, String> complexVal = (Map<String, String>) ((HashMap<String, String>) this.getComplexValue()).clone(); - personalAttr.setComplexValue(complexVal); + personalAttr.addComplexValues(this.getComplexValues()); } return personalAttr; } catch (final CloneNotSupportedException e) { @@ -209,6 +208,18 @@ public final class PersonalAttribute implements Serializable, Cloneable { } /** + * Add new value to list of values. + * + * @param attrValue + * The personal attribute value. + */ + public void addValue(final String attrValue) { + if (attrValue != null) { + this.value.add(attrValue); + } + } + + /** * Getter for the type value. * * @return The name value. @@ -252,6 +263,19 @@ public final class PersonalAttribute implements Serializable, Cloneable { * @return The complex value. */ public Map<String, String> getComplexValue() { + if (complexValue.size() > 0) { + return complexValue.get(0); + } else { + return new HashMap<String, String>(); + } + } + + /** + * Getter for the complex values. + * + * @return The complex value. + */ + public List<Map<String, String>> getComplexValues() { return complexValue; } @@ -263,11 +287,21 @@ public final class PersonalAttribute implements Serializable, Cloneable { */ public void setComplexValue(final Map<String, String> complexVal) { if (complexVal != null) { - this.complexValue = complexVal; + this.complexValue.add(complexVal); } } /** + * Setter for the complex values. + * + * @param complexVal + * The personal attribute Complex values. + */ + public void addComplexValues(final List<Map<String, String>> complexVals) { + this.complexValue.addAll(complexVals); + } + + /** * Getter for the personal's friendly name. * * @return The personal's friendly name value. @@ -301,7 +335,7 @@ public final class PersonalAttribute implements Serializable, Cloneable { * @return True if the Complex Value is empty; */ public boolean isEmptyComplexValue() { - return complexValue.isEmpty(); + return complexValue.isEmpty() || complexValue.get(0).isEmpty(); } /** @@ -343,4 +377,15 @@ public final class PersonalAttribute implements Serializable, Cloneable { return strBuild.toString(); } + /** + * Empties the Value or ComplexValue field of a PersonalAttribute + */ + public void setEmptyValue() { + if (this.isEmptyValue()) { + this.complexValue = new Vector<Map<String, String>>(); + } else { + this.value = new ArrayList<String>(); + } + } + } diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java index 8f60bdc0d..233cdebd0 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java @@ -13,7 +13,6 @@ */ package eu.stork.peps.auth.commons; -import java.io.Serializable; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; @@ -34,7 +33,7 @@ import org.apache.log4j.Logger; * @see PersonalAttribute */ @SuppressWarnings("PMD") -public final class PersonalAttributeList extends ConcurrentHashMap<String, PersonalAttribute> implements IPersonalAttributeList, Serializable { +public final class PersonalAttributeList extends ConcurrentHashMap<String, PersonalAttribute> implements IPersonalAttributeList { /** * Logger object. @@ -88,10 +87,17 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso String attrName = (String) key; if (this.latestAttrAlias.containsKey(key)) { - attrName = attrName + this.latestAttrAlias.get(key); + int index = this.latestAttrAlias.get(key); + if ((index + 1) > this.attrAliasNumber.get(key).size()) { + index = 0; + } + + attrName = this.attrAliasNumber.get(key).get(index); + this.latestAttrAlias.put((String) key, Integer.valueOf(++index)); } else { if (this.attrAliasNumber.containsKey(key)) { - this.latestAttrAlias.put(attrName, this.attrAliasNumber.get(key)); + this.latestAttrAlias.put((String) key, Integer.valueOf(0)); + attrName = this.attrAliasNumber.get(key).get(0); } } return super.get(attrName); @@ -109,6 +115,13 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso /** * {@inheritDoc} */ + public PersonalAttribute replace(final String key, final PersonalAttribute val) { + return super.put(key, val); + } + + /** + * {@inheritDoc} + */ public PersonalAttribute put(final String key, final PersonalAttribute val) { if (StringUtils.isNotEmpty(key) && val != null) { // Validate if attribute name already exists! @@ -135,10 +148,56 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso } /** - * {@inheritDoc} + * Escape method for attributes with double comma + * + * @return escaped attribute list + * + */ + private String attrListEncoder(String attrList) { + StringBuilder finalAttr = new StringBuilder(); + String boolAttr = PEPSValues.TRUE.toString(); + String reqRegex = PEPSValues.ATTRIBUTE_TUPLE_SEP.toString() + PEPSValues.TRUE.toString() + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString(); + + String reqRegexSeparator = PEPSValues.ATTRIBUTE_TUPLE_SEP.toString() + PEPSValues.TRUE.toString() + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString() + "|" + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString() + + PEPSValues.FALSE.toString() + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString(); + + for (String s : attrList.split(PEPSValues.ATTRIBUTE_SEP.toString())) { + StringBuilder tempBuilder = new StringBuilder(s); + if (s.split(PEPSValues.ATTRIBUTE_TUPLE_SEP.toString()).length > 4) { + LOG.info("Found attributes with special characters, escaping special characters"); + + if (s.split(reqRegex) == null) { + boolAttr = PEPSValues.FALSE.toString(); + } + + tempBuilder.setLength(0); + tempBuilder.append(AttributeUtil.escape(s.split(reqRegexSeparator)[0])); + tempBuilder.append(PEPSValues.ATTRIBUTE_TUPLE_SEP.toString()); + tempBuilder.append(boolAttr); + tempBuilder.append(PEPSValues.ATTRIBUTE_TUPLE_SEP.toString()); + tempBuilder.append(s.split(reqRegexSeparator)[1]); + + } + + finalAttr.append(tempBuilder.toString()); + finalAttr.append(PEPSValues.ATTRIBUTE_SEP.toString()); + } + return finalAttr.toString(); + } + + /** + * Unescape a string + * + * @see PersonalAttributeList#attrListEncoder + * */ + private String attrListDecoder(String string) { + return AttributeUtil.unescape(string); + } + public void populate(final String attrList) { - final StringTokenizer strToken = new StringTokenizer(attrList, PEPSValues.ATTRIBUTE_SEP.toString()); + + final StringTokenizer strToken = new StringTokenizer(attrListEncoder(attrList), PEPSValues.ATTRIBUTE_SEP.toString()); while (strToken.hasMoreTokens()) { final PersonalAttribute persAttr = new PersonalAttribute(); @@ -163,6 +222,9 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso } if (tuples.length == AttributeConstants.NUMBER_TUPLES.intValue()) { + tuples[0] = attrListDecoder(tuples[0]); + persAttr.setName(attrListDecoder(persAttr.getName())); + persAttr.setStatus(tuples[AttributeConstants.ATTR_STATUS_INDEX.intValue()]); } this.put(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()], persAttr); @@ -180,6 +242,7 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso * @return The copy of this IPersonalAttributeList. */ public Object clone() { + // This implementation may have an bug! try { return (PersonalAttributeList) super.clone(); } catch (CloneNotSupportedException e) { @@ -310,6 +373,17 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso } /** + * {@inheritDoc} + */ + public IPersonalAttributeList merge(IPersonalAttributeList attrList1) { + + for (PersonalAttribute attr : attrList1) { + this.add(attr); + } + return this; + } + + /** * Returns a IPersonalAttributeList of the mandatory attributes in this map. * * @return an IPersonalAttributeList of the mandatory attributes contained in this map. @@ -318,7 +392,7 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso LOG.info("get simple attributes"); IPersonalAttributeList attrList = new PersonalAttributeList(); for (PersonalAttribute attr : this) { - if (attr.getComplexValue().isEmpty()) { + if (!attr.getValue().isEmpty()) { attrList.put(attr.getName(), attr); LOG.info("adding simple attribute:" + attr.getName()); } diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java index 6f39ebeeb..c3223ec40 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java @@ -331,13 +331,7 @@ public final class STORKAuthnRequest implements Serializable, Cloneable { * @see IPersonalAttributeList */ public IPersonalAttributeList getPersonalAttributeList() { - IPersonalAttributeList personnalAttributeList = null; - try { - personnalAttributeList = (IPersonalAttributeList) attributeList.clone(); - } catch (CloneNotSupportedException e1) { - LOG.trace("[PersonalAttribute] Nothing to do."); - } - return personnalAttributeList; + return (IPersonalAttributeList) attributeList.clone(); } /** diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java index 4b415bbcf..32bfd0df0 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java @@ -14,6 +14,7 @@ package eu.stork.peps.auth.commons; import java.io.Serializable; +import java.util.ArrayList; import java.util.List; import org.apache.log4j.Logger; @@ -26,7 +27,7 @@ import org.opensaml.saml2.core.Assertion; * @author ricardo.ferreira@multicert.com, renato.portela@multicert.com, luis.felix@multicert.com, hugo.magalhaes@multicert.com, paulo.ribeiro@multicert.com * @version $Revision: 1.15 $, $Date: 2010-11-17 05:15:28 $ */ -public final class STORKAuthnResponse implements Serializable { +public final class STORKAuthnResponse implements Serializable, Cloneable { /** The Constant serialVersionUID. */ private static final long serialVersionUID = -9100982727074068660L; @@ -167,13 +168,7 @@ public final class STORKAuthnResponse implements Serializable { * @see PersonalAttributeList */ public IPersonalAttributeList getPersonalAttributeList() { - IPersonalAttributeList personnalAttributeList = null; - try { - personnalAttributeList = (IPersonalAttributeList) attributeList.clone(); - } catch (CloneNotSupportedException e1) { - LOG.trace("[PersonalAttribute] Nothing to do."); - } - return personnalAttributeList; + return (IPersonalAttributeList) attributeList.clone(); } /** @@ -347,13 +342,25 @@ public final class STORKAuthnResponse implements Serializable { * @see PersonalAttributeList */ public IPersonalAttributeList getTotalPersonalAttributeList() { - IPersonalAttributeList personnalAttributeList = null; - try { - personnalAttributeList = (IPersonalAttributeList) totalAttributeList.clone(); - } catch (CloneNotSupportedException e1) { - LOG.trace("[PersonalAttribute] Nothing to do."); + return (IPersonalAttributeList) totalAttributeList.clone(); + } + + public List<PersonalAttribute> getNormalizedPersonalAttributeList() { + List<PersonalAttribute> returnAttrList = new ArrayList<PersonalAttribute>(); + + if (this.totalAttributeList.isEmpty()) { + this.totalAttributeList = this.attributeList; + } + + for (PersonalAttribute pa : this.totalAttributeList) { + // Get the shortname of the attribute by removing + // the attached assertionId, if there is one and + // put the shortname as the attribute name + pa.setName(pa.getName().split("_")[0]); + // We add it to the return list. + returnAttrList.add(pa); } - return personnalAttributeList; + return returnAttrList; } /** diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java index 6eaa63c5a..82ec6d3b4 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java @@ -71,19 +71,19 @@ public class ObjectFactory { } /** - * Create an instance of {@link MandateType } - * + * Create an instance of {@link RequestedAttributeType } + * */ - public MandateType createMandateType() { - return new MandateType(); + public RequestedAttributeType createRequestedAttributeType() { + return new RequestedAttributeType(); } /** - * Create an instance of {@link RequestedAttributeType } - * + * Create an instance of {@link MandateType } + * */ - public RequestedAttributeType createRequestedAttributeType() { - return new RequestedAttributeType(); + public MandateType createMandateType() { + return new MandateType(); } /** diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java index f4d084a79..1dcaf4c95 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java @@ -97,7 +97,14 @@ public class SAMLEngine { /** The Constant SAML_ENGINE_FILE_CONF. */ private static final String SAML_ENGINE_FILE_CONF = "fileConfiguration"; - /** The codification of characters. */ + /** + * Additional trust store for HW signing + */ + private static final String HW_TRUST_STORE_CONF = "softTrustStoreConfig"; + + /** + * The codification of characters. + */ private static final String CHARACTER_ENCODING = "UTF-8"; /** The SAML core. */ diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java index 6a7e1f7c0..7bf5d5ca8 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java @@ -202,8 +202,7 @@ public final class STORKSAMLEngine extends SAMLEngine { try { engine = new STORKSAMLEngine(nameInstance.trim()); } catch (Exception e) { - LOG.error("Error getting instance: " + nameInstance); - e.printStackTrace(); + LOG.error("Error get instance: " + nameInstance); } return engine; } @@ -389,15 +388,9 @@ public final class STORKSAMLEngine extends SAMLEngine { final Subject subject = SAMLEngineUtils.generateSubject(); - // Mandatory STORK verified - // String format = NameID.UNSPECIFIED - // specification: 'SAML:2.0' exist - // opensaml: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" - // opensaml "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" - final String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"; + final String format = super.getSamlCoreProperties().getFormat(); final String nameQualifier = ""; - LOG.debug("Generate NameID"); final NameID nameId = SAMLEngineUtils.generateNameID(super.getSamlCoreProperties().getResponder(), format, nameQualifier); nameId.setValue(format); @@ -1102,7 +1095,6 @@ public final class STORKSAMLEngine extends SAMLEngine { // Validate Parameters mandatories validateParamAttrQueryReq(request); - // final AttributeQuery attrQueryRequestAux = SAMLEngineUtils final CustomAttributeQuery attrQueryRequestAux = SAMLEngineUtils.generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime()); // Set name spaces. @@ -1930,6 +1922,8 @@ public final class STORKSAMLEngine extends SAMLEngine { citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils.createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME); citizenCountryCode.setCitizenCountryCode(request.getCitizenCountryCode().toUpperCase()); + + extensions.getUnknownXMLObjects().add(citizenCountryCode); } SPID spid = null; @@ -1938,6 +1932,8 @@ public final class STORKSAMLEngine extends SAMLEngine { spid = (SPID) SAMLEngineUtils.createSamlObject(SPID.DEF_ELEMENT_NAME); spid.setSPID(request.getSPID().toUpperCase()); + + extensions.getUnknownXMLObjects().add(spid); } return extensions; @@ -2493,11 +2489,6 @@ public final class STORKSAMLEngine extends SAMLEngine { throw new STORKSAMLEngineException("StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); } - // Destination of the request - not mandatory - /* - * if (StringUtils.isBlank(request.getDestination())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Destination is mandatory."); } - */ - // SP country is empty if (StringUtils.isBlank(request.getSpCountry())) { throw new STORKSAMLEngineException("StorkSamlEngine: SP country is mandatory."); @@ -2525,12 +2516,7 @@ public final class STORKSAMLEngine extends SAMLEngine { */ private void validateParamLogoutReq(final STORKLogoutRequest request) throws STORKSAMLEngineException { LOG.info("Validate parameters from logout request."); - // URL to which AP Response must be sent. - /* - * if (StringUtils.isBlank(request.get())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); } - */ - // Destination of the request if (StringUtils.isBlank(request.getDestination())) { throw new STORKSAMLEngineException("StorkSamlEngine: Destination is mandatory."); @@ -2591,9 +2577,9 @@ public final class STORKSAMLEngine extends SAMLEngine { throw new STORKSAMLEngineException("Issuer must be not empty or null."); } - if (responseAuthReq.getPersonalAttributeList() == null || responseAuthReq.getPersonalAttributeList().isEmpty()) { - LOG.error("PersonalAttributeList is null or empty."); - throw new STORKSAMLEngineException("PersonalAttributeList is null or empty."); + if (responseAuthReq.getPersonalAttributeList() == null) { + LOG.error("PersonalAttributeList is null."); + throw new STORKSAMLEngineException("PersonalAttributeList is null."); } if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { @@ -2627,10 +2613,6 @@ public final class STORKSAMLEngine extends SAMLEngine { throw new STORKSAMLEngineException("PersonalAttributeList is null or empty."); } - /* - * if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { throw new STORKSAMLEngineException( "assertionConsumerServiceURL is null or empty."); } - */ - if (StringUtils.isBlank(request.getSamlId())) { throw new STORKSAMLEngineException("request ID is null or empty."); } @@ -2840,7 +2822,6 @@ public final class STORKSAMLEngine extends SAMLEngine { attrRequest.setDestination(samlRequest.getDestination()); attrRequest.setAssertionConsumerServiceURL(samlRequest.getAssertionConsumerServiceURL()); - /* authnRequest.setProviderName(samlRequest.getProviderName()); */ attrRequest.setIssuer(samlRequest.getIssuer().getValue()); // Delete unknown elements from requested ones @@ -2881,13 +2862,15 @@ public final class STORKSAMLEngine extends SAMLEngine { final LogoutRequest samlRequest = (LogoutRequest) validateStorkSaml(tokenSaml); - LOG.debug("Validate Extensions."); - final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator(); - try { - validatorExt.validate(samlRequest.getExtensions()); - } catch (ValidationException e) { - LOG.error("ValidationException: validate Extensions.", e); - throw new STORKSAMLEngineException(e); + if (samlRequest.getExtensions() != null) { + LOG.debug("Validate Extensions."); + final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator(); + try { + validatorExt.validate(samlRequest.getExtensions()); + } catch (ValidationException e) { + LOG.error("ValidationException: validate Extensions.", e); + throw new STORKSAMLEngineException(e); + } } LOG.debug("Generate STORKLogoutRequest."); @@ -2909,6 +2892,43 @@ public final class STORKSAMLEngine extends SAMLEngine { } /** + * Validate stork logout response. + * + * @param tokenSaml + * The SAML token + * + * @return the STORK logout response + * + * @throws STORKSAMLEngineException + * the STORKSAML engine exception + */ + public STORKLogoutResponse validateSTORKLogoutResponse(final byte[] tokenSaml) throws STORKSAMLEngineException { + + LOG.info("validate STORK Logout Response"); + + final LogoutResponse samlRes = (LogoutResponse) validateStorkSaml(tokenSaml); + + LOG.debug("Generate STORKLogoutResponse."); + final STORKLogoutResponse logoutRes = new STORKLogoutResponse(); + + try { + logoutRes.setTokenSaml(super.signAndMarshall(samlRes)); + } catch (SAMLEngineException e) { + LOG.error("Sign and Marshall.", e); + throw new STORKSAMLEngineException(e); + } + + logoutRes.setAlias(this.getAlias(samlRes.getSignature().getKeyInfo(), super.getSigner().getTrustStore())); + logoutRes.setSamlId(samlRes.getID()); + logoutRes.setDestination(samlRes.getDestination()); + logoutRes.setIssuer(samlRes.getIssuer().getValue()); + logoutRes.setStatusCode(samlRes.getStatus().getStatusCode().getValue().toString()); + logoutRes.setStatusMessage(samlRes.getStatus().getStatusMessage().getMessage().toString()); + logoutRes.setInResponseTo(samlRes.getInResponseTo()); + return logoutRes; + } + + /** * Validate stork authentication response. * * @param tokenSaml @@ -3060,16 +3080,15 @@ public final class STORKSAMLEngine extends SAMLEngine { authnResponse.setAssertions(samlResponse.getAssertions()); if (samlResponse.getAssertions().size() > 1) { PersonalAttributeList total = new PersonalAttributeList(); - List<IPersonalAttributeList> attrList = new ArrayList(); + List<IPersonalAttributeList> attrList = new ArrayList<IPersonalAttributeList>(); for (int i = 0; i < samlResponse.getAssertions().size(); i++) { Assertion tempAssertion = (Assertion) samlResponse.getAssertions().get(i); IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion); if (temp != null) { attrList.add(temp); - for (PersonalAttribute attribute : temp) { - PersonalAttribute attr = (PersonalAttribute) attribute.clone(); - attr.setName(attr.getName() + tempAssertion.getID()); - total.add(attr); + for (PersonalAttribute attribute : (IPersonalAttributeList) temp.clone()) { + attribute.setName(attribute.getName() + tempAssertion.getID()); + total.add(attribute); } } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java index 175084048..73d7e4f62 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java @@ -25,7 +25,7 @@ public final class X509PrincipalUtil { * @param principal2 * @return true if arguments are not null and equals */ - public static boolean equals(X509Principal principal1, X509Principal principal2) { + public static boolean X509equals(X509Principal principal1, X509Principal principal2) { boolean continueProcess = true; if (principal1 == null || principal2 == null) { return false; diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java index 922e7e61e..16b9afd18 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java @@ -55,6 +55,9 @@ public enum SAMLCore { /** The RESPONDE r_ tag. */ RESPONDER_TAG("responder"), + + /** The format r_tag. */ + FORMAT_TAG("format"), /** The STOR k10_ ns. */ STORK10_NS("urn:eu:stork:names:tc:STORK:1.0:assertion"), diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java index 13d2f0af4..2a548ca6f 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java @@ -73,7 +73,11 @@ public final class STORKSAMLCore { /** The responder. */ private String responder = null; - /** The SAML core properties. */ + private String format = null; + + /** + * The SAML core properties. + */ private Properties samlCoreProp = null; /** The time not on or after. */ @@ -189,6 +193,15 @@ public final class STORKSAMLCore { } /** + * return the format string. + * + * @return + */ + public String getFormat() { + return this.format; + } + + /** * Gets the time not on or after. * * @return the time not on or after @@ -330,6 +343,8 @@ public final class STORKSAMLCore { requester = samlCoreProp.getProperty(SAMLCore.REQUESTER_TAG.getValue()); responder = samlCoreProp.getProperty(SAMLCore.RESPONDER_TAG.getValue()); + format = samlCoreProp.getProperty(SAMLCore.FORMAT_TAG.getValue(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"); + } catch (SAMLEngineException e) { LOGGER.error("SAMLCore: error loadConfiguration. ", e); throw new STORKSAMLEngineRuntimeException(e); @@ -492,6 +507,15 @@ public final class STORKSAMLCore { } /** + * Sets the format string + * + * @param newFormat + */ + public void setFormat(final String newFormat) { + this.format = newFormat; + } + + /** * Sets the time not on or after. * * @param newTimeNotOnOrAft diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java index 907b9bf68..9f602aba1 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java @@ -102,9 +102,4 @@ public final class AuthenticationAttributesImpl extends AbstractSignableSAMLObje vIDPAuthenAttr = prepareForAssignment(this.vIDPAuthenAttr, newVIDPAuthenAttr); } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java index 003d56b46..aa4c725f1 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java @@ -77,9 +77,4 @@ public class CitizenCountryCodeImpl extends AbstractSAMLObject implements Citize return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java index b5d194c7f..13cc3d287 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java @@ -77,9 +77,4 @@ public class EIDCrossBorderShareImpl extends AbstractSAMLObject implements EIDCr return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } -}
\ No newline at end of file +} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java index f2762e327..2e3f6ab7e 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java @@ -78,9 +78,4 @@ public class EIDCrossSectorShareImpl extends AbstractSAMLObject implements EIDCr return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } -}
\ No newline at end of file +} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java index 423cf8b25..e74ce1fec 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java @@ -77,9 +77,4 @@ public class QAAAttributeImpl extends AbstractSAMLObject implements QAAAttribute return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java index e7ac7213b..2537d3794 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java @@ -213,9 +213,4 @@ public class RequestedAttributeImpl extends AbstractSAMLObject implements Reques this.unknownAttributes = newUnknownAttr; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java index 276697d6a..7f09d611f 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java @@ -77,9 +77,4 @@ public class SPApplicationImpl extends AbstractSAMLObject implements SPApplicati return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java index 404a90079..ea9085867 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java @@ -77,9 +77,4 @@ public class SPCountryImpl extends AbstractSAMLObject implements SPCountry { return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java index cea51a5a8..03dea20ed 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java @@ -77,9 +77,4 @@ public class SPIDImpl extends AbstractSAMLObject implements SPID { return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java index 4089f0862..41b3d8998 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java @@ -101,9 +101,4 @@ public final class SPInformationImpl extends AbstractSignableSAMLObject implemen this.spId = prepareForAssignment(this.spId, newSPId); } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java index 054481744..ed0a75f35 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java @@ -77,9 +77,4 @@ public class SPInstitutionImpl extends AbstractSAMLObject implements SPInstituti return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java index 6e23d7f24..1cd5fb761 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java @@ -72,6 +72,7 @@ import eu.stork.peps.exceptions.SAMLEngineException; * The Class HWSign. Module of sign. * * @author fjquevedo + * @author advania */ public final class SignHW implements SAMLEngineSignI { @@ -79,14 +80,19 @@ public final class SignHW implements SAMLEngineSignI { private static final String CONF_FILE = "configurationFile"; /** - * The Constant KEYSTORE_TYPE. private static final String KEYSTORE_TYPE = "keystoreType" + * The Constant KEYSTORE_TYPE. */ + private static final String KEYSTORE_TYPE = "keystoreType"; /** The logger. */ private static final Logger LOG = LoggerFactory.getLogger(SignHW.class.getName()); /** The stork own key store. */ private KeyStore storkOwnKeyStore = null; + /** + * The soft trust key store. + */ + private SignSW swTrustStore = null; /** * Gets the stork own key store. @@ -160,6 +166,12 @@ public final class SignHW implements SAMLEngineSignI { throw new SAMLEngineException(e); } finally { IOUtils.closeQuietly(inputStr); + /** + * Init the soft keystore to validate with. trustStoreConfig is read from the SignModule config file and should refer to the keystore containing trusted certificates. + */ + swTrustStore = new SignSW(); + swTrustStore.init(properties.getProperty("trustStoreConfig")); + swTrustStore.loadCryptServiceProvider(); } } @@ -204,7 +216,7 @@ public final class SignHW implements SAMLEngineSignI { X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); X509Principal issuerDNConf = new X509Principal(issuer); - if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) { + if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) { alias = aliasCert; find = true; } @@ -339,56 +351,14 @@ public final class SignHW implements SAMLEngineSignI { * exception in validate signature */ public SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException { - LOG.info("Start signature validation."); + LOG.info("Start signature validation HW."); + /* + * we are using the soft signature class to validate the signatures. This way we use the same key store code and validation that is used there. + */ try { - - // Validate structure signature - final SAMLSignatureProfileValidator signProfValidator = new SAMLSignatureProfileValidator(); - - // Indicates signature id conform to SAML Signature profile - signProfValidator.validate(tokenSaml.getSignature()); - - String aliasCert; - X509Certificate certificate; - - final List<Credential> trustedCred = new ArrayList<Credential>(); - - for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements();) { - aliasCert = e.nextElement(); - final BasicX509Credential credential = new BasicX509Credential(); - certificate = (X509Certificate) storkOwnKeyStore.getCertificate(aliasCert); - credential.setEntityCertificate(certificate); - trustedCred.add(credential); - } - - final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo(); - final List<X509Certificate> listCertificates = KeyInfoHelper.getCertificates(keyInfo); - - if (listCertificates.size() != 1) { - throw new SAMLEngineException("Only must be one certificate"); - } - - // Exist only one certificate - final BasicX509Credential entityX509Cred = new BasicX509Credential(); - entityX509Cred.setEntityCertificate(listCertificates.get(0)); - - final ExplicitKeyTrustEvaluator keyTrustEvaluator = new ExplicitKeyTrustEvaluator(); - if (!keyTrustEvaluator.validate(entityX509Cred, trustedCred)) { - throw new SAMLEngineException("Certificate it is not trusted."); - } - - final SignatureValidator sigValidator = new SignatureValidator(entityX509Cred); - - sigValidator.validate(tokenSaml.getSignature()); - - } catch (final ValidationException e) { - LOG.error("ValidationException.", e); - throw new SAMLEngineException(e); - } catch (final KeyStoreException e) { - LOG.error("ValidationException.", e); - throw new SAMLEngineException(e); - } catch (final CertificateException e) { - LOG.error("CertificateException.", e); + swTrustStore.validateSignature(tokenSaml); + } catch (Exception e) { + LOG.error("SW ValidationException.", e); throw new SAMLEngineException(e); } return tokenSaml; @@ -408,6 +378,12 @@ public final class SignHW implements SAMLEngineSignI { try { inputStream = SignHW.class.getResourceAsStream("/" + properties.getProperty(CONF_FILE)); + final Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(inputStream); + if (Security.getProperty(pkcs11Provider.getName()) == null) { + Security.insertProviderAt(pkcs11Provider, Security.getProviders().length); + } + + storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE), pkcs11Provider); } catch (final Exception e) { throw new SAMLEngineException("Error loading CryptographicServiceProvider", e); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java index c91f11444..d5f01a4cc 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java @@ -41,6 +41,7 @@ import eu.stork.peps.auth.engine.X509PrincipalUtil; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.NotImplementedException; import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.opensaml.Configuration; import org.opensaml.common.SAMLObject; import org.opensaml.common.SignableSAMLObject; @@ -166,25 +167,25 @@ public final class SignP12 implements SAMLEngineSignI { properties = new Properties(); try { try { - LOG.debug("Fichero a cargar " + fileConf); + LOG.debug("Loading " + fileConf); fileProperties = new FileInputStream(fileConf); properties.loadFromXML(fileProperties); } catch (Exception e) { - LOG.error("Fallo al cargar el recurso externo. Se reintenta como fichero interno."); + LOG.error("Failed to load external resource. Retrieving internal file."); fileProperties = SignP12.class.getResourceAsStream("/" + fileConf); if (fileProperties == null) { fileProperties = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileConf); if (fileProperties == null) { Enumeration<URL> files = ClassLoader.getSystemClassLoader().getResources(fileConf); if (files != null && files.hasMoreElements()) { - LOG.info("Se han encontrado recurso/s. Se toma el primero."); + LOG.info("Found /s."); fileProperties = ClassLoader.getSystemClassLoader().getResourceAsStream(files.nextElement().getFile()); } else { - throw new IOException("No se pudo recuperar el fichero: " + fileConf, e); + throw new IOException("Could not load file: " + fileConf, e); } } } - LOG.debug("Recuperados " + fileProperties.available() + " bytes"); + LOG.debug("Recovered " + fileProperties.available() + " bytes"); properties.loadFromXML(fileProperties); } } catch (InvalidPropertiesFormatException e) { @@ -243,7 +244,7 @@ public final class SignP12 implements SAMLEngineSignI { X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); X509Principal issuerDNConf = new X509Principal(issuer); - if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) { + if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) { alias = aliasCert; find = true; } @@ -455,23 +456,21 @@ public final class SignP12 implements SAMLEngineSignI { FileInputStream fisTrustStore = null; try { - // // Dynamically register Bouncy Castle provider. - // boolean found = false; - // // Check if BouncyCastle is already registered as a provider - // final Provider[] providers = Security.getProviders(); - // for (int i = 0; i < providers.length; i++) { - // if (providers[i].getName().equals( - // BouncyCastleProvider.PROVIDER_NAME)) { - // found = true; - // } - // } - // - // // Register only if the provider has not been previously registered - // if (!found) { - // LOG.debug("SAMLCore: Register Bouncy Castle provider."); - // Security.insertProviderAt(new BouncyCastleProvider(), Security - // .getProviders().length); - // } + // Dynamically register Bouncy Castle provider. + boolean found = false; + // Check if BouncyCastle is already registered as a provider + final Provider[] providers = Security.getProviders(); + for (int i = 0; i < providers.length; i++) { + if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) { + found = true; + } + } + + // Register only if the provider has not been previously registered + if (!found) { + LOG.debug("SAMLCore: Register Bouncy Castle provider."); + Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length); + } p12Store = KeyStore.getInstance(properties.getProperty("keystoreType")); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java index e1ae2b8e2..1ca857e9e 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java @@ -12,17 +12,34 @@ * Licence for the specific language governing permissions and limitations under * the Licence. */ - package eu.stork.peps.auth.engine.core.impl; -import eu.stork.peps.auth.engine.X509PrincipalUtil; -import eu.stork.peps.auth.engine.core.CustomAttributeQuery; -import eu.stork.peps.auth.engine.core.SAMLEngineSignI; -import eu.stork.peps.exceptions.SAMLEngineException; +import java.io.ByteArrayInputStream; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.Security; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.InvalidPropertiesFormatException; +import java.util.List; +import java.util.Properties; + import org.apache.commons.io.IOUtils; import org.apache.commons.lang.NotImplementedException; import org.bouncycastle.jce.X509Principal; -//import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.opensaml.Configuration; import org.opensaml.common.SAMLObject; import org.opensaml.common.SignableSAMLObject; @@ -41,25 +58,22 @@ import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager; import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator; import org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEvaluator; import org.opensaml.xml.security.x509.BasicX509Credential; -import org.opensaml.xml.signature.*; +import org.opensaml.xml.signature.KeyInfo; import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.SignatureValidator; import org.opensaml.xml.signature.Signer; import org.opensaml.xml.util.Base64; import org.opensaml.xml.validation.ValidationException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.*; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.*; +import eu.stork.peps.auth.engine.X509PrincipalUtil; +import eu.stork.peps.auth.engine.core.CustomAttributeQuery; +import eu.stork.peps.auth.engine.core.SAMLEngineSignI; +import eu.stork.peps.exceptions.SAMLEngineException; + /** * The Class SWSign. Class responsible for signing and validating of messages SAML with a certificate store software. @@ -215,16 +229,12 @@ public class SignSW implements SAMLEngineSignI { final String serialNum = certificate.getSerialNumber().toString(16); - try { - X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); - X509Principal issuerDNConf = new X509Principal(issuer); + X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); + X509Principal issuerDNConf = new X509Principal(issuer); - if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) { - alias = aliasCert; - find = true; - } - } catch (Exception ex) { - LOG.error("Exception during signing: " + ex.getMessage()); // Added as a workaround for Bouncycastle email error + if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) { + alias = aliasCert; + find = true; } } if (!find) { @@ -344,7 +354,7 @@ public class SignSW implements SAMLEngineSignI { * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(org.opensaml.common.SignableSAMLObject) */ public final SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException { - LOG.info("Start signature validation."); + LOG.info("Start signature validation SW."); try { // Validate structure signature @@ -440,23 +450,21 @@ public class SignSW implements SAMLEngineSignI { LOG.info("Load Cryptographic Service Provider"); FileInputStream fis = null; try { - // // Dynamically register Bouncy Castle provider. - // boolean found = false; - // // Check if BouncyCastle is already registered as a provider - // final Provider[] providers = Security.getProviders(); - // for (int i = 0; i < providers.length; i++) { - // if (providers[i].getName().equals( - // BouncyCastleProvider.PROVIDER_NAME)) { - // found = true; - // } - // } - // - // // Register only if the provider has not been previously registered - // if (!found) { - // LOG.info("SAMLCore: Register Bouncy Castle provider."); - // Security.insertProviderAt(new BouncyCastleProvider(), Security - // .getProviders().length); - // } + // Dynamically register Bouncy Castle provider. + boolean found = false; + // Check if BouncyCastle is already registered as a provider + final Provider[] providers = Security.getProviders(); + for (int i = 0; i < providers.length; i++) { + if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) { + found = true; + } + } + + // Register only if the provider has not been previously registered + if (!found) { + LOG.info("SAMLCore: Register Bouncy Castle provider."); + Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length); + } storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE)); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java index d7d92ea74..bfb85e357 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java @@ -125,10 +125,4 @@ public final class VIDPAuthenticationAttributesImpl extends AbstractSignableSAML public void setSPInformation(SPInformation newSPInformation) { this.spInformation = prepareForAssignment(this.spInformation, newSPInformation); } - - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java index bf7626dc5..04ff153d3 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java @@ -54,8 +54,12 @@ public class QAAAttributeSchemaValidator implements Validator<QAAAttribute> { if (DatatypeHelper.isEmpty(qaaAttribute.getQaaLevel())) { throw new ValidationException("QAALevel label must be specified."); } - - final int qaa = Integer.valueOf(qaaAttribute.getQaaLevel()); + int qaa = 0; + try { + qaa = Integer.valueOf(qaaAttribute.getQaaLevel()); + } catch (Exception e) { + throw new ValidationException("QAALevel is not a valid number!"); + } if (qaa < QAAAttribute.MIN_VALUE || qaa > QAAAttribute.MAX_VALUE) { throw new ValidationException("QAALevel label must be greater than 0."); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java index 6e76c52a6..c0197b9db 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java @@ -12,15 +12,8 @@ * Licence for the specific language governing permissions and limitations under * the Licence. */ - package eu.stork.peps.configuration; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.commons.io.IOUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.util.HashMap; @@ -28,6 +21,12 @@ import java.util.InvalidPropertiesFormatException; import java.util.Map; import java.util.Properties; +import org.apache.commons.io.IOUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import eu.stork.peps.exceptions.STORKSAMLEngineException; + /** * The Class InstanceCreator. * @@ -90,6 +89,7 @@ public final class ConfigurationCreator { * the STORKSAML engine runtime exception */ private static Properties getNewInstance(final String fileName) throws STORKSAMLEngineException { + LOGGER.info("Create file configuration properties to Stork Saml Engine: " + fileName); InputStream fileEngineProp = null; // fetch base from system properties, give a default if there is nothing configured @@ -115,10 +115,10 @@ public final class ConfigurationCreator { configuration.loadFromXML(fileEngineProp); return configuration; } catch (InvalidPropertiesFormatException e) { - LOGGER.error("Invalid properties format."); + LOGGER.error("Invalid properties format: " + fileName); throw new STORKSAMLEngineException(e); } catch (IOException e) { - LOGGER.error("Error read file: " + base + fileName); + LOGGER.error("Error read file: " + fileName); throw new STORKSAMLEngineException(e); } finally { IOUtils.closeQuietly(fileEngineProp); diff --git a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java index 502e0e461..4f22df7fb 100644 --- a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java +++ b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java @@ -59,6 +59,18 @@ public class StorkAttrQueryRequestTest { givenName.setValue(Arrays.asList("Sveinbjorn")); pal.add(givenName); + final PersonalAttribute fiscalNumber = new PersonalAttribute(); + fiscalNumber.setName("fiscalNumber"); + fiscalNumber.setIsRequired(true); + fiscalNumber.setValue(Arrays.asList("fiscalNumber")); + pal.add(fiscalNumber); + + final PersonalAttribute LPFiscalNumber = new PersonalAttribute(); + LPFiscalNumber.setName("LPFiscalNumber"); + LPFiscalNumber.setIsRequired(true); + LPFiscalNumber.setValue(Arrays.asList("LPFiscalNumber")); + pal.add(LPFiscalNumber); + destination = "http://A-PEPS.gov.xx/PEPS/AttributeColleagueRequest"; assertConsumerUrl = "http://S-PEPS.gov.xx/PEPS/ColleagueResponse"; // spName = "University of Oxford"; diff --git a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java index beca213ac..d476ad26e 100644 --- a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java +++ b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java @@ -21,15 +21,12 @@ import java.util.ArrayList; import org.junit.Ignore; import org.junit.Test; - import org.opensaml.xml.parse.BasicParserPool; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.*; +import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -68,6 +65,11 @@ public class StorkAuthRequestTest { eIDNumber.setIsRequired(true); pal.add(eIDNumber); + final PersonalAttribute LPFiscalNumber = new PersonalAttribute(); + LPFiscalNumber.setName("LPFiscalNumber"); + LPFiscalNumber.setIsRequired(true); + pal.add(LPFiscalNumber); + destination = "http://C-PEPS.gov.xx/PEPS/ColleagueRequest"; assertConsumerUrl = "http://S-PEPS.gov.xx/PEPS/ColleagueResponse"; diff --git a/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml b/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml index 171e05f12..fadef82b2 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml @@ -1,67 +1,85 @@ <?xml version="1.0" encoding="UTF-8"?> <instances> - <!-- Configuration name --> - <instance name="CONF0"> - <!-- Configurations parameters StorkSamlEngine --> - <configuration name="SamlEngineConf"> - <parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" /> - </configuration> + <!-- Configuration name --> + <instance name="CONF0"> + <!-- Configurations parameters StorkSamlEngine --> + <configuration name="SamlEngineConf"> + <parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" /> + </configuration> - <!-- Settings module signature --> - <configuration name="SignatureConf"> - <!-- Specific signature module --> - <parameter name="class" - value="eu.stork.peps.auth.engine.core.impl.SignSW" /> - <!-- Settings specific module --> - <parameter name="fileConfiguration" value="SignModule_Conf0.xml" /> - </configuration> - </instance> + <!-- Settings module signature --> + <configuration name="SignatureConf"> + <!-- Specific signature module --> + <parameter name="class" + value="eu.stork.peps.auth.engine.core.impl.SignSW" /> + <!-- Settings specific module --> + <parameter name="fileConfiguration" value="SignModule_Conf0.xml" /> + <parameter name="softTrustStoreConfig" value="SignModule_Conf0.xml" /> + </configuration> + </instance> - <!-- ******************** CONF1 ******************** --> - <!-- Configuration name --> - <instance name="CONF1"> - <!-- Configurations parameters StorkSamlEngine --> - <configuration name="SamlEngineConf"> - <parameter name="fileConfiguration" value="StorkSamlEngine_Conf1.xml" /> - </configuration> + <!-- ******************** CONF1 ******************** --> + <!-- Configuration name --> + <instance name="CONF1"> + <!-- Configurations parameters StorkSamlEngine --> + <configuration name="SamlEngineConf"> + <parameter name="fileConfiguration" value="StorkSamlEngine_Conf1.xml" /> + </configuration> - <!-- Settings module signature --> - <configuration name="SignatureConf"> - <!-- Specific signature module --> - <parameter name="class" - value="eu.stork.peps.auth.engine.core.impl.SignSW" /> - <!-- Settings specific module --> - <parameter name="fileConfiguration" value="SignModule_Conf1.xml" /> - </configuration> - </instance> + <!-- Settings module signature --> + <configuration name="SignatureConf"> + <!-- Specific signature module --> + <parameter name="class" + value="eu.stork.peps.auth.engine.core.impl.SignSW" /> + <!-- Settings specific module --> + <parameter name="fileConfiguration" value="SignModule_Conf1.xml" /> + </configuration> + </instance> - <!-- ******************** CONF2 ******************** --> + <!-- ******************** CONF2 ******************** --> - <instance name="CONF2"> - <configuration name="SamlEngineConf"> - <parameter name="fileConfiguration" value="StorkSamlEngine_Conf2.xml" /> - </configuration> + <instance name="CONF2"> + <configuration name="SamlEngineConf"> + <parameter name="fileConfiguration" value="StorkSamlEngine_Conf2.xml" /> + </configuration> - <configuration name="SignatureConf"> - <parameter name="class" - value="eu.stork.peps.auth.engine.core.impl.SignSW" /> - <parameter name="fileConfiguration" value="SignModule_Conf2.xml" /> - </configuration> - </instance> + <configuration name="SignatureConf"> + <parameter name="class" + value="eu.stork.peps.auth.engine.core.impl.SignSW" /> + <parameter name="fileConfiguration" value="SignModule_Conf2.xml" /> + </configuration> + </instance> - <!-- ******************** CONF3 ******************** --> + <!-- ******************** CONF3 ******************** --> - <instance name="CONF3"> - <configuration name="SamlEngineConf"> - <parameter name="fileConfiguration" value="StorkSamlEngine_Conf3.xml" /> - </configuration> + <instance name="CONF3"> + <configuration name="SamlEngineConf"> + <parameter name="fileConfiguration" value="StorkSamlEngine_Conf3.xml" /> + </configuration> - <configuration name="SignatureConf"> - <parameter name="class" - value="eu.stork.peps.auth.engine.core.impl.SignSW" /> - <parameter name="fileConfiguration" value="SignModule_Conf3.xml" /> - </configuration> - </instance> + <configuration name="SignatureConf"> + <parameter name="class" + value="eu.stork.peps.auth.engine.core.impl.SignSW" /> + <parameter name="fileConfiguration" value="SignModule_Conf3.xml" /> + </configuration> + </instance> + + <!-- ******************** CONF4 ******************** --> + <instance name="CONF4"> + <!-- Configurations parameters StorkSamlEngine --> + <configuration name="SamlEngineConf"> + <parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" /> + </configuration> + + <!-- Settings module signature --> + <configuration name="SignatureConf"> + <!-- Specific signature module --> + <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignHW" /> + <!-- Settings specific module --> + <parameter name="fileConfiguration" value="SignModule_P11.xml" /> + <parameter name="softTrustStoreConfig" value="SignModule_Conf0.xml" /> + </configuration> + </instance> </instances>
\ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml index abb071044..295258bb2 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml @@ -1,17 +1,21 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> -<!-- properties> <comment>SWModule sign with JKS.</comment> <entry key="keystorePath">C:\opt\keystores\keyStoreCountry0.jks</entry> - <entry key="keyStorePassword">local-demo</entry> <entry key="keyPassword">local-demo</entry> - <entry key="issuer">CN=saml-demo-cert,OU=STORK2,O=Advania,L=Reykjavik,ST=Reykjavik,C=IS</entry> - <entry key="serialNumber">524D4C6C</entry> <entry key="keystoreType">JKS</entry> - </properties --> +<!-- properties> + <comment>SWModule sign with JKS.</comment> + <entry key="keystorePath">C:\opt\keystores\keyStoreCountry0.jks</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + <entry key="issuer">CN=saml-demo-cert,OU=STORK2,O=Advania,L=Reykjavik,ST=Reykjavik,C=IS</entry> + <entry key="serialNumber">524D4C6C</entry> + <entry key="keystoreType">JKS</entry> +</properties--> <properties> - <comment>SWModule sign with JKS.</comment> - <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry> - <entry key="keyStorePassword">local-demo</entry> - <entry key="keyPassword">local-demo</entry> - <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> - <entry key="serialNumber">4BA89DB2</entry> - <entry key="keystoreType">JKS</entry> + <comment>SWModule sign with JKS.</comment> + <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> + <entry key="serialNumber">4BA89DB2</entry> + <entry key="keystoreType">JKS</entry> </properties>
\ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml index e556a7331..ffd41cb61 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml @@ -2,11 +2,11 @@ <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> <properties> - <comment>SWModule sign with JKS.</comment> - <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry> - <entry key="keyStorePassword">local-demo</entry> - <entry key="keyPassword">local-demo</entry> - <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> - <entry key="serialNumber">4BA89DB2</entry> - <entry key="keystoreType">JKS</entry> + <comment>SWModule sign with JKS.</comment> + <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> + <entry key="serialNumber">4BA89DB2</entry> + <entry key="keystoreType">JKS</entry> </properties>
\ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml index 3da1e33df..21b73d49d 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml @@ -2,11 +2,11 @@ <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> <properties> - <comment>SWModule sign with JKS.</comment> - <entry key="keystorePath">C:\opt\keystores\keyStoreCountry2.jks</entry> - <entry key="keyStorePassword">local-demo</entry> - <entry key="keyPassword">local-demo</entry> - <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> - <entry key="serialNumber">4BA89DB2</entry> - <entry key="keystoreType">JKS</entry> + <comment>SWModule sign with JKS.</comment> + <entry key="keystorePath">C:\opt\keystores\keyStoreCountry2.jks</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> + <entry key="serialNumber">4BA89DB2</entry> + <entry key="keystoreType">JKS</entry> </properties>
\ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml index 4c14a1711..f9ebc85cc 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml @@ -2,11 +2,11 @@ <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> <properties> - <comment>SWModule sign with JKS.</comment> - <entry key="keystorePath">C:\opt\keystores\keyStoreCountry3.jks</entry> - <entry key="keyStorePassword">local-demo</entry> - <entry key="keyPassword">local-demo</entry> - <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> - <entry key="serialNumber">4BA89DB2</entry> - <entry key="keystoreType">JKS</entry> + <comment>SWModule sign with JKS.</comment> + <entry key="keystorePath">C:\opt\keystores\keyStoreCountry3.jks</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> + <entry key="serialNumber">4BA89DB2</entry> + <entry key="keystoreType">JKS</entry> </properties>
\ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml index c683d97c3..0e95da1f2 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml @@ -2,10 +2,11 @@ <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> <properties> - <comment>HWModule sign with interface PKCS11.</comment> - <entry key="configurationFile">p11Config.cfg</entry> - <entry key="keyPassword">*******</entry> - <entry key="issuer">CN=XXXXXXXXX</entry> - <entry key="serialNumber">xxxxxxxxxxxxxx</entry> - <entry key="keystoreType">PKCS11</entry> + <comment>HWModule sign with interface PKCS11.</comment> + <entry key="configurationFile">p11Conf.cfg</entry> + <entry key="keyPassword">12345</entry> + <entry key="issuer">CN=Test Certificate</entry> + <entry key="serialNumber">147d4b07db8</entry> + <entry key="keystoreType">PKCS11</entry> + <entry key="trustStoreConfig">SignModule_Conf0.xml</entry> </properties>
\ No newline at end of file |