aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-11-16 16:03:23 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-11-16 16:03:23 +0100
commit9a1114a1ba64e0236b09c1a9e94b4da7507d3411 (patch)
tree36e8035e522387914cf8dc6078543b64f0232a49 /id/server
parentf21e806fb7f377ba89f2e4b168fe5945f1ea1668 (diff)
downloadmoa-id-spss-9a1114a1ba64e0236b09c1a9e94b4da7507d3411.tar.gz
moa-id-spss-9a1114a1ba64e0236b09c1a9e94b4da7507d3411.tar.bz2
moa-id-spss-9a1114a1ba64e0236b09c1a9e94b4da7507d3411.zip
fix some more bugs in eIDAS SAML-engine
* different problems with SAML metadata generation
Diffstat (limited to 'id/server')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java47
1 files changed, 39 insertions, 8 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
index ab41c2369..dd14972e3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
@@ -53,6 +53,7 @@ import org.opensaml.saml2.metadata.LocalizedString;
import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.Organization;
import org.opensaml.saml2.metadata.OrganizationDisplayName;
+import org.opensaml.saml2.metadata.OrganizationName;
import org.opensaml.saml2.metadata.OrganizationURL;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SSODescriptor;
@@ -77,6 +78,7 @@ import com.google.common.collect.ImmutableSortedSet;
import com.google.common.collect.Ordering;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.commons.EidasStringUtil;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -127,8 +129,17 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
entityDescriptor.setEntityID(params.getEntityID());
entityDescriptor.setOrganization(buildOrganization());
- entityDescriptor.getContactPersons().add(buildContact(ContactPersonTypeEnumeration.SUPPORT));
- entityDescriptor.getContactPersons().add(buildContact(ContactPersonTypeEnumeration.TECHNICAL));
+
+ /**FIXME:
+ * HOTFIX: do not add empty contactPerson elements
+ */
+ ContactPerson contactSupport = buildContact(ContactPersonTypeEnumeration.SUPPORT);
+ if (contactSupport != null)
+ entityDescriptor.getContactPersons().add(contactSupport);
+ ContactPerson contactTech = buildContact(ContactPersonTypeEnumeration.TECHNICAL);
+ if (contactTech != null)
+ entityDescriptor.getContactPersons().add(contactTech);
+
entityDescriptor.setValidUntil(getExpireDate());
X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
@@ -165,8 +176,15 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
//the node has SP role
spSSODescriptor.setWantAssertionsSigned(params.isWantAssertionsSigned());
spSSODescriptor.setAuthnRequestsSigned(true);
- spSSODescriptor.setID(idpSSODescriptor == null ? params.getEntityID()
- : ("SP" + params.getEntityID()));
+
+
+ /**FIXME:
+ * "SP" + params.getEntityID()) is not a valid XML ID attribute value
+ */
+ //spSSODescriptor.setID(idpSSODescriptor == null ? params.getEntityID() : ("SP" + params.getEntityID()));
+ spSSODescriptor.setID(SAML2Utils.getSecureIdentifier());
+
+
if (params.getSPSignature() != null) {
spSSODescriptor.setSignature(params.getSPSignature());
}
@@ -221,8 +239,13 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
SAMLEngineException, EIDASSAMLEngineException {
//the node has IDP role
idpSSODescriptor.setWantAuthnRequestsSigned(true);
- idpSSODescriptor.setID(spSSODescriptor == null ? params.getEntityID()
- : ("IDP" + params.getEntityID()));
+
+ /**FIXME:
+ * "IDP" + params.getEntityID()) is not a valid XML ID attribute value
+ */
+ //idpSSODescriptor.setID(spSSODescriptor == null ? params.getEntityID() : ("IDP" + params.getEntityID()));
+ idpSSODescriptor.setID(SAML2Utils.getSecureIdentifier());
+
if (params.getIDPSignature() != null) {
idpSSODescriptor.setSignature(params.getIDPSignature());
}
@@ -342,8 +365,16 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
private Organization buildOrganization() {
Organization organization = null;
- try {
+ try {
organization = BuilderFactoryUtil.buildXmlObject(Organization.class);
+
+ /**FIXME:
+ * set correct OrganizationName value if it is not fixed in next eIDAS node version
+ */
+ OrganizationName orgName = BuilderFactoryUtil.buildXmlObject(OrganizationName.class);
+ orgName.setName(new LocalizedString(params.getNodeUrl(), "en"));
+ organization.getOrganizationNames().add(orgName);
+
OrganizationDisplayName odn = BuilderFactoryUtil.buildXmlObject(OrganizationDisplayName.class);
odn.setName(new LocalizedString(params.getCountryName(), "en"));
organization.getDisplayNames().add(odn);
@@ -374,7 +405,7 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
contact = BuilderFactoryUtil.buildXmlObject(ContactPerson.class);
if (currentContact == null) {
LOGGER.error("ERROR: cannot retrieve contact from the configuration");
- return contact;
+ return null;
}
EmailAddress emailAddressObj = BuilderFactoryUtil.buildXmlObject(EmailAddress.class);