aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorFlorian Reimair <florian.reimair@iaik.tugraz.at>2015-08-10 16:35:14 +0200
committerFlorian Reimair <florian.reimair@iaik.tugraz.at>2015-08-10 16:45:26 +0200
commit496ba9bb6e150ad67c5c628c1c97f30d6da81dfb (patch)
tree1dbe494358ab717b2bf94bae9fd3c3f90f4dbd58 /id/server
parentf71531346c6be197957311712ba093e024545e37 (diff)
downloadmoa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.tar.gz
moa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.tar.bz2
moa-id-spss-496ba9bb6e150ad67c5c628c1c97f30d6da81dfb.zip
approved changes
Diffstat (limited to 'id/server')
-rw-r--r--id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java6
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java11
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java18
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java14
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java4
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java49
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java7
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java23
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java31
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java12
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java25
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java6
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java57
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java88
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java8
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java35
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java16
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java9
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java99
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java2
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java3
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java26
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java7
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java7
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java78
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java45
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java96
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java6
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java8
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java18
-rw-r--r--id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java12
-rw-r--r--id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java12
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml124
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml28
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml14
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml14
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml14
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml13
47 files changed, 685 insertions, 405 deletions
diff --git a/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java b/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java
index 9ed726a32..49ef68cb9 100644
--- a/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java
+++ b/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java
@@ -76,10 +76,4 @@ public class EIDSectorShareImpl extends AbstractSAMLObject implements
public final List<XMLObject> getOrderedChildren() {
return null;
}
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
} \ No newline at end of file
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java
index f47cca6be..28115ae62 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java
@@ -1,13 +1,20 @@
package eu.stork.peps.auth.commons;
+import java.io.Serializable;
+
/**
* This class is a bean used to store information relative to Attribute Names.
- *
+ *
* @author Stelios Lelis (stelios.lelis@aegean.gr), Elias Pastos (ilias@aegean.gr)
*
* @version $Revision: 1.00 $, $Date: 2013-11-26 $
*/
-public final class AttributeName {
+public final class AttributeName implements Serializable {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3537736618869722308L;
/**
* Attribute Id.
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java
index 24d93f9bb..c59109092 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java
@@ -91,4 +91,22 @@ public class AttributeProvidersMap extends LinkedHashMap<AttributeSource, IPerso
}
LOG.trace("END\n=======================");
}
+
+ public void mergeWith(IAttributeProvidersMap aPMap) {
+ Iterator<AttributeSource> maKeys = aPMap.keyIterator();
+ while (maKeys.hasNext()) {
+ AttributeSource key = maKeys.next();
+ IPersonalAttributeList l2 = aPMap.get(key);
+ if (containsKey(key)) {
+ IPersonalAttributeList l1 = get(key);
+ for (PersonalAttribute pa : l2) {
+ if (!l1.containsKey(pa.getName())) {
+ l1.add(pa);
+ }
+ }
+ } else {
+ put(key, l2);
+ }
+ }
+ }
}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java
index 8064131a7..eb5e3ded4 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java
@@ -148,10 +148,11 @@ public final class AttributeSource implements Serializable {
LOG.debug("Calling equals with Object.");
if (obj instanceof AttributeSource) {
LOG.debug("Calling equals with AttributeSource.");
- outcome = this.equals((AttributeSource) obj);
+ outcome = this.innerEquals((AttributeSource) obj);
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Object equals outcome: " + outcome);
}
-
- LOG.debug("Object equals outcome: " + outcome);
return outcome;
}
@@ -163,7 +164,7 @@ public final class AttributeSource implements Serializable {
*
* @return true if the two objects are equal
*/
- public boolean equals(AttributeSource obj) {
+ public boolean innerEquals(AttributeSource obj) {
boolean outcome = false;
if (this.sourceType == obj.getSourceType()) {
@@ -175,8 +176,9 @@ public final class AttributeSource implements Serializable {
outcome = true;
}
}
-
- LOG.debug("AttributeSource equals outcome: " + outcome);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("AttributeSource equals outcome: " + outcome);
+ }
return outcome;
}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java
index 18218dce4..f49986aaf 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java
@@ -108,7 +108,7 @@ public final class AttributeUtil {
strBuilder.append(AttributeUtil.escape(s) + separator);
}
}
- return strBuilder.toString();
+ return strBuilder.substring(0, strBuilder.length() - 1).toString();
}
/**
@@ -132,7 +132,7 @@ public final class AttributeUtil {
strBuilder.append(AttributeUtil.escape(entry.getValue()));
strBuilder.append(separator);
}
- return strBuilder.toString();
+ return strBuilder.substring(0, strBuilder.length() - 1).toString();
}
/**
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java
index ffae4ae67..bdcf58fec 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java
@@ -109,6 +109,18 @@ public interface IAttributeListProcessor {
IPersonalAttributeList removeAPMandatoryAttributes(IPersonalAttributeList attrList, Map<String, Boolean> attributes);
/**
+ * Removes from attribute list the Stork list of attributes.
+ *
+ * @param attrList
+ * the requested attribute list
+ *
+ * @return the attribute list without rejected attributes.
+ *
+ * @see IPersonalAttributeList
+ */
+ IPersonalAttributeList removeAPRejectedAttributes(IPersonalAttributeList attrList);
+
+ /**
* Checks if mandate attribute exist in the requested Attribute List. Power attribute name to lookup is loaded by implementation.
*
* @param attrList
@@ -153,4 +165,39 @@ public interface IAttributeListProcessor {
*/
Map<String, Boolean> getNormalAttributesAdded();
-} \ No newline at end of file
+ /**
+ * Adds normal attributes to personal attribute list if exist in original list (allAttrList).
+ *
+ * @param attrList
+ * the list which will be updated
+ * @param allAttrList
+ * the list to check if attributes are to be included.
+ *
+ *
+ * @return the attributes list updated.
+ */
+ IPersonalAttributeList addNormalAttributes(IPersonalAttributeList attrList, IPersonalAttributeList allAttrList);
+
+ /**
+ * Updates list by filtering any attribute that must be requested instead of using a value obtained from cache (business and legal attrs)
+ *
+ * @param attrList
+ * the list which will be updated
+ * @return the filtered list
+ */
+ IPersonalAttributeList filterAttrList(IPersonalAttributeList attrList);
+
+ /**
+ * Updates the list of cached attrs by inserting the business and/or legal attrs requested by the user
+ *
+ * @param cachedAttrList
+ * @param requestedAttrsList
+ */
+ void updateAttrList(IPersonalAttributeList cachedAttrList, IPersonalAttributeList requestedAttrsList);
+
+ /**
+ * Verifies if normal attribute list contains any attribute that we must always request (usually business attributes)
+ */
+ boolean hasAlwaysRequestAttributes(IPersonalAttributeList attributeList);
+
+}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java
index aa0ddf85b..cc5fe977f 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java
@@ -78,4 +78,11 @@ public interface IAttributeProvidersMap {
* @return an iterator of the keys contained in this map
*/
Iterator<AttributeSource> keyIterator();
+
+ /**
+ * Merges this Attribute Providers Map with another providers map changes the contents of this map so it returns null
+ *
+ * @param aPMap
+ */
+ void mergeWith(IAttributeProvidersMap aPMap);
}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java
index 71b3400b4..7eb788461 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java
@@ -43,6 +43,20 @@ public interface IPersonalAttributeList extends Iterable<PersonalAttribute>, Clo
PersonalAttribute put(String key, PersonalAttribute value);
/**
+ * Replaces the specified value with the specified key in this Personal Attribute List.
+ *
+ * @param key
+ * with which the specified value is to be replaced.
+ * @param value
+ * to be associated with the specified key.
+ *
+ * @return the previous value associated with key, or null if there was no mapping for key.
+ *
+ * @see PersonalAttribute
+ */
+ PersonalAttribute replace(String key, PersonalAttribute value);
+
+ /**
* Returns the value to which the specified key is mapped, or null if this map contains no mapping for the key.
*
* @param key
@@ -147,6 +161,13 @@ public interface IPersonalAttributeList extends Iterable<PersonalAttribute>, Clo
IPersonalAttributeList getMandatoryAttributes();
/**
+ * Returns a IPersonalAttributeList merged with provided one.
+ *
+ * @return an IPersonalAttributeList the attribute list to merge with.
+ */
+ IPersonalAttributeList merge(IPersonalAttributeList attrList);
+
+ /**
* Returns a IPersonalAttributeList of the optional attributes in this map.
*
* @return an IPersonalAttributeList of the optional attributes contained in this map.
@@ -172,6 +193,6 @@ public interface IPersonalAttributeList extends Iterable<PersonalAttribute>, Clo
*
* @return The copy of this IPersonalAttributeList.
*/
- Object clone() throws CloneNotSupportedException;
+ Object clone();
}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java
index f82f6fbcc..87ab4275f 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java
@@ -5,6 +5,7 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
+import java.util.Map;
import org.apache.log4j.Logger;
@@ -36,7 +37,7 @@ public final class Linker implements Serializable {
/**
* Assertion map.
*/
- private LinkedHashMap<AttributeSource, STORKAttrQueryResponse> assertions;
+ private Map<AttributeSource, List<STORKAttrQueryResponse>> assertions;
/**
* The current index of local (domestic) Attribute Providers.
@@ -55,7 +56,7 @@ public final class Linker implements Serializable {
localIndex = 0;
remoteIndex = 0;
- assertions = new LinkedHashMap<AttributeSource, STORKAttrQueryResponse>();
+ assertions = new LinkedHashMap<AttributeSource, List<STORKAttrQueryResponse>>();
}
/**
@@ -143,13 +144,19 @@ public final class Linker implements Serializable {
localIndex++;
// Assertion storage
- this.assertions.put(source, attrResponse);
- // previously: getTotalPersonalAttributeList() in both cases
- if (source.getSourceType() == AttributeSource.SOURCE_REMOTE_COUNTRY)
+ if (this.assertions.containsKey(source)) {
+ this.assertions.get(source).add(attrResponse);
+ } else {
+ List<STORKAttrQueryResponse> temp = new ArrayList<STORKAttrQueryResponse>();
+ temp.add(attrResponse);
+ this.assertions.put(source, temp);
+ }
+
+ if (source.getSourceType() == AttributeSource.SOURCE_REMOTE_COUNTRY) {
this.attributeProvidersMap.put(source, attrResponse.getTotalPersonalAttributeList());
- else
+ } else {
this.attributeProvidersMap.put(source, attrResponse.getPersonalAttributeList());
- // this.attributeProvidersMap.put(source, attrResponse.getTotalPersonalAttributeList());
+ }
}
/**
@@ -312,5 +319,13 @@ public final class Linker implements Serializable {
LOG.debug("The attributeProvidersMap after the merge.");
((AttributeProvidersMap) this.attributeProvidersMap).trace();
}
+
+ for (AttributeSource as : previous.assertions.keySet()) {
+ if (!assertions.containsKey(as)) {
+ assertions.put(as, previous.assertions.get(as));
+ } else {
+ assertions.get(as).addAll(previous.assertions.get(as));
+ }
+ }
}
-} \ No newline at end of file
+}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java
index ac83d5ddf..7d758d754 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java
@@ -314,7 +314,17 @@ public enum PEPSErrors {
/**
* Represents the 'invalid.attr.country.code' constant error identifier.
*/
- INVALID_COUNTRY_CODE("invalid.attr.country.code");
+ INVALID_COUNTRY_CODE("invalid.attr.country.code"),
+ /**
+ * DTL error codes.
+ */
+ DTL_ERROR_ADD("dtl.error.adding.doc"), DTL_ERROR_GET("dtl.error.getting.doc"), DTL_ERROR_REQUEST("dtl.error.request.attribute"), DTL_INVALID_XML("dtl.invalid.xml"), DTL_EMPTY_REQUEST(
+ "dtl.empty.request"), DTL_ERROR_DOCUMENT_URL("dtl.error.no.document.url"), DTL_ERROR_NO_DOCUMENT("dtl.error.no.document"), DTL_ERROR_MARSHALL_SIGNREQUEST("dtl.error.marshall.signrequest"), DTL_ERROR_MARSHALL_SIGNRESPONSE(
+ "dtl.error.marshall.signresponse"),
+ /**
+ * Represents the 'colleagueAttributeRequest.invalidSAML' constant error identifier.
+ */
+ COLLEAGUE_LOGOUT_INVALID_SAML("colleagueLogoutRequest.invalidSAML");
/**
* Represents the constant's value.
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java
index ec967a2ee..6b876b680 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java
@@ -69,6 +69,10 @@ public enum PEPSParameters {
*/
ATTRIBUTE_LIST("attrList"),
/**
+ * Represents the 'allAttrList' parameter constant.
+ */
+ ALL_ATTRIBUTE_LIST("allAttrList"),
+ /**
* Represents the 'apMandAttrList' parameter constant.
*/
AP_MANDATORY_ATTRIBUTE_LIST("apMandAttrList"),
@@ -106,7 +110,7 @@ public enum PEPSParameters {
/**
* Represents the complex attributes parameter constant.
*/
- COMPLEX_ADDRESS_VALUE("canonicalResidenceAddress"), COMPLEX_NEWATTRIBUTE_VALUE("newAttribute2"), COMPLEX_HASDEGREE_VALUE("hasDegree"), COMPLEX_MANDATECONTENT_VALUE("mandateContent"),
+ COMPLEX_ADDRESS_VALUE("canonicalResidenceAddress"), COMPLEX_NEWATTRIBUTE_VALUE("newAttribute2"), COMPLEX_HASDEGREE_VALUE("hasDegree"), COMPLEX_MANDATECONTENT_VALUE("mandate"),
/**
* Represents the 'consent-type' parameter constant.
*/
@@ -603,8 +607,23 @@ public enum PEPSParameters {
/**
* Represents the 'idPDerivedAttrList' parameter constant.
*/
-
- IDP_DERIVED_ATTR_LIST("idPDerivedAttrList");
+ IDP_DERIVED_ATTR_LIST("idPDerivedAttrList"),
+ /**
+ * Represents the 'apRejectedAttrsList' parameter constant.
+ */
+ AP_REJECTED_ATTRS_LIST("apRejectedAttrsList"),
+ /**
+ * Represents the 'logoutRequest' parameter constant.
+ */
+ LOGOUT_REQUEST("logoutRequest"),
+ /**
+ * Represents the 'logoutRequest' parameter constant.
+ */
+ LOGOUT_RESPONSE("logoutResponse"),
+ /**
+ * Represents the 'logoutRequest' parameter constant.
+ */
+ LOGOUT_DEST_URL("speps.logout.destination.url");
/**
* Represents the constant's value.
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java
index 9cc587d7f..a63db12e1 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java
@@ -246,7 +246,11 @@ public enum PEPSValues {
/**
* Represents the 'attr-filter' constant value.
*/
- AP_ATTRFILTER_PREFIX("attr-filter");
+ AP_ATTRFILTER_PREFIX("attr-filter"),
+ /**
+ * Represents the 'save-session' constant value.
+ */
+ SAVED_SESSION("saved-session");
/**
* Represents the constant's value.
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
index 49ea3e695..8d1482f05 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
@@ -18,7 +18,7 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
+import java.util.Vector;
import org.apache.log4j.Logger;
@@ -60,7 +60,7 @@ public final class PersonalAttribute implements Serializable, Cloneable {
/**
* Complex values of the personal attribute.
*/
- private Map<String, String> complexValue = new ConcurrentHashMap<String, String>();
+ private List<Map<String, String>> complexValue = new Vector<Map<String, String>>();
/**
* Is the personal attribute mandatory?
@@ -138,8 +138,7 @@ public final class PersonalAttribute implements Serializable, Cloneable {
personalAttr.setValue(val);
}
if (!isEmptyComplexValue()) {
- final Map<String, String> complexVal = (Map<String, String>) ((HashMap<String, String>) this.getComplexValue()).clone();
- personalAttr.setComplexValue(complexVal);
+ personalAttr.addComplexValues(this.getComplexValues());
}
return personalAttr;
} catch (final CloneNotSupportedException e) {
@@ -209,6 +208,18 @@ public final class PersonalAttribute implements Serializable, Cloneable {
}
/**
+ * Add new value to list of values.
+ *
+ * @param attrValue
+ * The personal attribute value.
+ */
+ public void addValue(final String attrValue) {
+ if (attrValue != null) {
+ this.value.add(attrValue);
+ }
+ }
+
+ /**
* Getter for the type value.
*
* @return The name value.
@@ -252,6 +263,19 @@ public final class PersonalAttribute implements Serializable, Cloneable {
* @return The complex value.
*/
public Map<String, String> getComplexValue() {
+ if (complexValue.size() > 0) {
+ return complexValue.get(0);
+ } else {
+ return new HashMap<String, String>();
+ }
+ }
+
+ /**
+ * Getter for the complex values.
+ *
+ * @return The complex value.
+ */
+ public List<Map<String, String>> getComplexValues() {
return complexValue;
}
@@ -263,11 +287,21 @@ public final class PersonalAttribute implements Serializable, Cloneable {
*/
public void setComplexValue(final Map<String, String> complexVal) {
if (complexVal != null) {
- this.complexValue = complexVal;
+ this.complexValue.add(complexVal);
}
}
/**
+ * Setter for the complex values.
+ *
+ * @param complexVal
+ * The personal attribute Complex values.
+ */
+ public void addComplexValues(final List<Map<String, String>> complexVals) {
+ this.complexValue.addAll(complexVals);
+ }
+
+ /**
* Getter for the personal's friendly name.
*
* @return The personal's friendly name value.
@@ -301,7 +335,7 @@ public final class PersonalAttribute implements Serializable, Cloneable {
* @return True if the Complex Value is empty;
*/
public boolean isEmptyComplexValue() {
- return complexValue.isEmpty();
+ return complexValue.isEmpty() || complexValue.get(0).isEmpty();
}
/**
@@ -343,4 +377,15 @@ public final class PersonalAttribute implements Serializable, Cloneable {
return strBuild.toString();
}
+ /**
+ * Empties the Value or ComplexValue field of a PersonalAttribute
+ */
+ public void setEmptyValue() {
+ if (this.isEmptyValue()) {
+ this.complexValue = new Vector<Map<String, String>>();
+ } else {
+ this.value = new ArrayList<String>();
+ }
+ }
+
}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java
index 8f60bdc0d..233cdebd0 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java
@@ -13,7 +13,6 @@
*/
package eu.stork.peps.auth.commons;
-import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
@@ -34,7 +33,7 @@ import org.apache.log4j.Logger;
* @see PersonalAttribute
*/
@SuppressWarnings("PMD")
-public final class PersonalAttributeList extends ConcurrentHashMap<String, PersonalAttribute> implements IPersonalAttributeList, Serializable {
+public final class PersonalAttributeList extends ConcurrentHashMap<String, PersonalAttribute> implements IPersonalAttributeList {
/**
* Logger object.
@@ -88,10 +87,17 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso
String attrName = (String) key;
if (this.latestAttrAlias.containsKey(key)) {
- attrName = attrName + this.latestAttrAlias.get(key);
+ int index = this.latestAttrAlias.get(key);
+ if ((index + 1) > this.attrAliasNumber.get(key).size()) {
+ index = 0;
+ }
+
+ attrName = this.attrAliasNumber.get(key).get(index);
+ this.latestAttrAlias.put((String) key, Integer.valueOf(++index));
} else {
if (this.attrAliasNumber.containsKey(key)) {
- this.latestAttrAlias.put(attrName, this.attrAliasNumber.get(key));
+ this.latestAttrAlias.put((String) key, Integer.valueOf(0));
+ attrName = this.attrAliasNumber.get(key).get(0);
}
}
return super.get(attrName);
@@ -109,6 +115,13 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso
/**
* {@inheritDoc}
*/
+ public PersonalAttribute replace(final String key, final PersonalAttribute val) {
+ return super.put(key, val);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
public PersonalAttribute put(final String key, final PersonalAttribute val) {
if (StringUtils.isNotEmpty(key) && val != null) {
// Validate if attribute name already exists!
@@ -135,10 +148,56 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso
}
/**
- * {@inheritDoc}
+ * Escape method for attributes with double comma
+ *
+ * @return escaped attribute list
+ *
+ */
+ private String attrListEncoder(String attrList) {
+ StringBuilder finalAttr = new StringBuilder();
+ String boolAttr = PEPSValues.TRUE.toString();
+ String reqRegex = PEPSValues.ATTRIBUTE_TUPLE_SEP.toString() + PEPSValues.TRUE.toString() + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString();
+
+ String reqRegexSeparator = PEPSValues.ATTRIBUTE_TUPLE_SEP.toString() + PEPSValues.TRUE.toString() + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString() + "|" + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString()
+ + PEPSValues.FALSE.toString() + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString();
+
+ for (String s : attrList.split(PEPSValues.ATTRIBUTE_SEP.toString())) {
+ StringBuilder tempBuilder = new StringBuilder(s);
+ if (s.split(PEPSValues.ATTRIBUTE_TUPLE_SEP.toString()).length > 4) {
+ LOG.info("Found attributes with special characters, escaping special characters");
+
+ if (s.split(reqRegex) == null) {
+ boolAttr = PEPSValues.FALSE.toString();
+ }
+
+ tempBuilder.setLength(0);
+ tempBuilder.append(AttributeUtil.escape(s.split(reqRegexSeparator)[0]));
+ tempBuilder.append(PEPSValues.ATTRIBUTE_TUPLE_SEP.toString());
+ tempBuilder.append(boolAttr);
+ tempBuilder.append(PEPSValues.ATTRIBUTE_TUPLE_SEP.toString());
+ tempBuilder.append(s.split(reqRegexSeparator)[1]);
+
+ }
+
+ finalAttr.append(tempBuilder.toString());
+ finalAttr.append(PEPSValues.ATTRIBUTE_SEP.toString());
+ }
+ return finalAttr.toString();
+ }
+
+ /**
+ * Unescape a string
+ *
+ * @see PersonalAttributeList#attrListEncoder
+ *
*/
+ private String attrListDecoder(String string) {
+ return AttributeUtil.unescape(string);
+ }
+
public void populate(final String attrList) {
- final StringTokenizer strToken = new StringTokenizer(attrList, PEPSValues.ATTRIBUTE_SEP.toString());
+
+ final StringTokenizer strToken = new StringTokenizer(attrListEncoder(attrList), PEPSValues.ATTRIBUTE_SEP.toString());
while (strToken.hasMoreTokens()) {
final PersonalAttribute persAttr = new PersonalAttribute();
@@ -163,6 +222,9 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso
}
if (tuples.length == AttributeConstants.NUMBER_TUPLES.intValue()) {
+ tuples[0] = attrListDecoder(tuples[0]);
+ persAttr.setName(attrListDecoder(persAttr.getName()));
+
persAttr.setStatus(tuples[AttributeConstants.ATTR_STATUS_INDEX.intValue()]);
}
this.put(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()], persAttr);
@@ -180,6 +242,7 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso
* @return The copy of this IPersonalAttributeList.
*/
public Object clone() {
+ // This implementation may have an bug!
try {
return (PersonalAttributeList) super.clone();
} catch (CloneNotSupportedException e) {
@@ -310,6 +373,17 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso
}
/**
+ * {@inheritDoc}
+ */
+ public IPersonalAttributeList merge(IPersonalAttributeList attrList1) {
+
+ for (PersonalAttribute attr : attrList1) {
+ this.add(attr);
+ }
+ return this;
+ }
+
+ /**
* Returns a IPersonalAttributeList of the mandatory attributes in this map.
*
* @return an IPersonalAttributeList of the mandatory attributes contained in this map.
@@ -318,7 +392,7 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso
LOG.info("get simple attributes");
IPersonalAttributeList attrList = new PersonalAttributeList();
for (PersonalAttribute attr : this) {
- if (attr.getComplexValue().isEmpty()) {
+ if (!attr.getValue().isEmpty()) {
attrList.put(attr.getName(), attr);
LOG.info("adding simple attribute:" + attr.getName());
}
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java
index 6f39ebeeb..c3223ec40 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java
@@ -331,13 +331,7 @@ public final class STORKAuthnRequest implements Serializable, Cloneable {
* @see IPersonalAttributeList
*/
public IPersonalAttributeList getPersonalAttributeList() {
- IPersonalAttributeList personnalAttributeList = null;
- try {
- personnalAttributeList = (IPersonalAttributeList) attributeList.clone();
- } catch (CloneNotSupportedException e1) {
- LOG.trace("[PersonalAttribute] Nothing to do.");
- }
- return personnalAttributeList;
+ return (IPersonalAttributeList) attributeList.clone();
}
/**
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java
index 4b415bbcf..32bfd0df0 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java
@@ -14,6 +14,7 @@
package eu.stork.peps.auth.commons;
import java.io.Serializable;
+import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
@@ -26,7 +27,7 @@ import org.opensaml.saml2.core.Assertion;
* @author ricardo.ferreira@multicert.com, renato.portela@multicert.com, luis.felix@multicert.com, hugo.magalhaes@multicert.com, paulo.ribeiro@multicert.com
* @version $Revision: 1.15 $, $Date: 2010-11-17 05:15:28 $
*/
-public final class STORKAuthnResponse implements Serializable {
+public final class STORKAuthnResponse implements Serializable, Cloneable {
/** The Constant serialVersionUID. */
private static final long serialVersionUID = -9100982727074068660L;
@@ -167,13 +168,7 @@ public final class STORKAuthnResponse implements Serializable {
* @see PersonalAttributeList
*/
public IPersonalAttributeList getPersonalAttributeList() {
- IPersonalAttributeList personnalAttributeList = null;
- try {
- personnalAttributeList = (IPersonalAttributeList) attributeList.clone();
- } catch (CloneNotSupportedException e1) {
- LOG.trace("[PersonalAttribute] Nothing to do.");
- }
- return personnalAttributeList;
+ return (IPersonalAttributeList) attributeList.clone();
}
/**
@@ -347,13 +342,25 @@ public final class STORKAuthnResponse implements Serializable {
* @see PersonalAttributeList
*/
public IPersonalAttributeList getTotalPersonalAttributeList() {
- IPersonalAttributeList personnalAttributeList = null;
- try {
- personnalAttributeList = (IPersonalAttributeList) totalAttributeList.clone();
- } catch (CloneNotSupportedException e1) {
- LOG.trace("[PersonalAttribute] Nothing to do.");
+ return (IPersonalAttributeList) totalAttributeList.clone();
+ }
+
+ public List<PersonalAttribute> getNormalizedPersonalAttributeList() {
+ List<PersonalAttribute> returnAttrList = new ArrayList<PersonalAttribute>();
+
+ if (this.totalAttributeList.isEmpty()) {
+ this.totalAttributeList = this.attributeList;
+ }
+
+ for (PersonalAttribute pa : this.totalAttributeList) {
+ // Get the shortname of the attribute by removing
+ // the attached assertionId, if there is one and
+ // put the shortname as the attribute name
+ pa.setName(pa.getName().split("_")[0]);
+ // We add it to the return list.
+ returnAttrList.add(pa);
}
- return personnalAttributeList;
+ return returnAttrList;
}
/**
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java
index 6eaa63c5a..82ec6d3b4 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java
@@ -71,19 +71,19 @@ public class ObjectFactory {
}
/**
- * Create an instance of {@link MandateType }
- *
+ * Create an instance of {@link RequestedAttributeType }
+ *
*/
- public MandateType createMandateType() {
- return new MandateType();
+ public RequestedAttributeType createRequestedAttributeType() {
+ return new RequestedAttributeType();
}
/**
- * Create an instance of {@link RequestedAttributeType }
- *
+ * Create an instance of {@link MandateType }
+ *
*/
- public RequestedAttributeType createRequestedAttributeType() {
- return new RequestedAttributeType();
+ public MandateType createMandateType() {
+ return new MandateType();
}
/**
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
index f4d084a79..1dcaf4c95 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
@@ -97,7 +97,14 @@ public class SAMLEngine {
/** The Constant SAML_ENGINE_FILE_CONF. */
private static final String SAML_ENGINE_FILE_CONF = "fileConfiguration";
- /** The codification of characters. */
+ /**
+ * Additional trust store for HW signing
+ */
+ private static final String HW_TRUST_STORE_CONF = "softTrustStoreConfig";
+
+ /**
+ * The codification of characters.
+ */
private static final String CHARACTER_ENCODING = "UTF-8";
/** The SAML core. */
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
index 6a7e1f7c0..7bf5d5ca8 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
@@ -202,8 +202,7 @@ public final class STORKSAMLEngine extends SAMLEngine {
try {
engine = new STORKSAMLEngine(nameInstance.trim());
} catch (Exception e) {
- LOG.error("Error getting instance: " + nameInstance);
- e.printStackTrace();
+ LOG.error("Error get instance: " + nameInstance);
}
return engine;
}
@@ -389,15 +388,9 @@ public final class STORKSAMLEngine extends SAMLEngine {
final Subject subject = SAMLEngineUtils.generateSubject();
- // Mandatory STORK verified
- // String format = NameID.UNSPECIFIED
- // specification: 'SAML:2.0' exist
- // opensaml: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- // opensaml "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
- final String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
+ final String format = super.getSamlCoreProperties().getFormat();
final String nameQualifier = "";
-
LOG.debug("Generate NameID");
final NameID nameId = SAMLEngineUtils.generateNameID(super.getSamlCoreProperties().getResponder(), format, nameQualifier);
nameId.setValue(format);
@@ -1102,7 +1095,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
// Validate Parameters mandatories
validateParamAttrQueryReq(request);
- // final AttributeQuery attrQueryRequestAux = SAMLEngineUtils
final CustomAttributeQuery attrQueryRequestAux = SAMLEngineUtils.generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime());
// Set name spaces.
@@ -1930,6 +1922,8 @@ public final class STORKSAMLEngine extends SAMLEngine {
citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils.createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME);
citizenCountryCode.setCitizenCountryCode(request.getCitizenCountryCode().toUpperCase());
+
+ extensions.getUnknownXMLObjects().add(citizenCountryCode);
}
SPID spid = null;
@@ -1938,6 +1932,8 @@ public final class STORKSAMLEngine extends SAMLEngine {
spid = (SPID) SAMLEngineUtils.createSamlObject(SPID.DEF_ELEMENT_NAME);
spid.setSPID(request.getSPID().toUpperCase());
+
+ extensions.getUnknownXMLObjects().add(spid);
}
return extensions;
@@ -2493,11 +2489,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
throw new STORKSAMLEngineException("StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");
}
- // Destination of the request - not mandatory
- /*
- * if (StringUtils.isBlank(request.getDestination())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Destination is mandatory."); }
- */
-
// SP country is empty
if (StringUtils.isBlank(request.getSpCountry())) {
throw new STORKSAMLEngineException("StorkSamlEngine: SP country is mandatory.");
@@ -2525,12 +2516,7 @@ public final class STORKSAMLEngine extends SAMLEngine {
*/
private void validateParamLogoutReq(final STORKLogoutRequest request) throws STORKSAMLEngineException {
LOG.info("Validate parameters from logout request.");
-
// URL to which AP Response must be sent.
- /*
- * if (StringUtils.isBlank(request.get())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); }
- */
-
// Destination of the request
if (StringUtils.isBlank(request.getDestination())) {
throw new STORKSAMLEngineException("StorkSamlEngine: Destination is mandatory.");
@@ -2591,9 +2577,9 @@ public final class STORKSAMLEngine extends SAMLEngine {
throw new STORKSAMLEngineException("Issuer must be not empty or null.");
}
- if (responseAuthReq.getPersonalAttributeList() == null || responseAuthReq.getPersonalAttributeList().isEmpty()) {
- LOG.error("PersonalAttributeList is null or empty.");
- throw new STORKSAMLEngineException("PersonalAttributeList is null or empty.");
+ if (responseAuthReq.getPersonalAttributeList() == null) {
+ LOG.error("PersonalAttributeList is null.");
+ throw new STORKSAMLEngineException("PersonalAttributeList is null.");
}
if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
@@ -2627,10 +2613,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
throw new STORKSAMLEngineException("PersonalAttributeList is null or empty.");
}
- /*
- * if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { throw new STORKSAMLEngineException( "assertionConsumerServiceURL is null or empty."); }
- */
-
if (StringUtils.isBlank(request.getSamlId())) {
throw new STORKSAMLEngineException("request ID is null or empty.");
}
@@ -2840,7 +2822,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
attrRequest.setDestination(samlRequest.getDestination());
attrRequest.setAssertionConsumerServiceURL(samlRequest.getAssertionConsumerServiceURL());
- /* authnRequest.setProviderName(samlRequest.getProviderName()); */
attrRequest.setIssuer(samlRequest.getIssuer().getValue());
// Delete unknown elements from requested ones
@@ -2881,13 +2862,15 @@ public final class STORKSAMLEngine extends SAMLEngine {
final LogoutRequest samlRequest = (LogoutRequest) validateStorkSaml(tokenSaml);
- LOG.debug("Validate Extensions.");
- final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
- try {
- validatorExt.validate(samlRequest.getExtensions());
- } catch (ValidationException e) {
- LOG.error("ValidationException: validate Extensions.", e);
- throw new STORKSAMLEngineException(e);
+ if (samlRequest.getExtensions() != null) {
+ LOG.debug("Validate Extensions.");
+ final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
+ try {
+ validatorExt.validate(samlRequest.getExtensions());
+ } catch (ValidationException e) {
+ LOG.error("ValidationException: validate Extensions.", e);
+ throw new STORKSAMLEngineException(e);
+ }
}
LOG.debug("Generate STORKLogoutRequest.");
@@ -2909,6 +2892,43 @@ public final class STORKSAMLEngine extends SAMLEngine {
}
/**
+ * Validate stork logout response.
+ *
+ * @param tokenSaml
+ * The SAML token
+ *
+ * @return the STORK logout response
+ *
+ * @throws STORKSAMLEngineException
+ * the STORKSAML engine exception
+ */
+ public STORKLogoutResponse validateSTORKLogoutResponse(final byte[] tokenSaml) throws STORKSAMLEngineException {
+
+ LOG.info("validate STORK Logout Response");
+
+ final LogoutResponse samlRes = (LogoutResponse) validateStorkSaml(tokenSaml);
+
+ LOG.debug("Generate STORKLogoutResponse.");
+ final STORKLogoutResponse logoutRes = new STORKLogoutResponse();
+
+ try {
+ logoutRes.setTokenSaml(super.signAndMarshall(samlRes));
+ } catch (SAMLEngineException e) {
+ LOG.error("Sign and Marshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ logoutRes.setAlias(this.getAlias(samlRes.getSignature().getKeyInfo(), super.getSigner().getTrustStore()));
+ logoutRes.setSamlId(samlRes.getID());
+ logoutRes.setDestination(samlRes.getDestination());
+ logoutRes.setIssuer(samlRes.getIssuer().getValue());
+ logoutRes.setStatusCode(samlRes.getStatus().getStatusCode().getValue().toString());
+ logoutRes.setStatusMessage(samlRes.getStatus().getStatusMessage().getMessage().toString());
+ logoutRes.setInResponseTo(samlRes.getInResponseTo());
+ return logoutRes;
+ }
+
+ /**
* Validate stork authentication response.
*
* @param tokenSaml
@@ -3060,16 +3080,15 @@ public final class STORKSAMLEngine extends SAMLEngine {
authnResponse.setAssertions(samlResponse.getAssertions());
if (samlResponse.getAssertions().size() > 1) {
PersonalAttributeList total = new PersonalAttributeList();
- List<IPersonalAttributeList> attrList = new ArrayList();
+ List<IPersonalAttributeList> attrList = new ArrayList<IPersonalAttributeList>();
for (int i = 0; i < samlResponse.getAssertions().size(); i++) {
Assertion tempAssertion = (Assertion) samlResponse.getAssertions().get(i);
IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion);
if (temp != null) {
attrList.add(temp);
- for (PersonalAttribute attribute : temp) {
- PersonalAttribute attr = (PersonalAttribute) attribute.clone();
- attr.setName(attr.getName() + tempAssertion.getID());
- total.add(attr);
+ for (PersonalAttribute attribute : (IPersonalAttributeList) temp.clone()) {
+ attribute.setName(attribute.getName() + tempAssertion.getID());
+ total.add(attribute);
}
}
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java
index 175084048..73d7e4f62 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java
@@ -25,7 +25,7 @@ public final class X509PrincipalUtil {
* @param principal2
* @return true if arguments are not null and equals
*/
- public static boolean equals(X509Principal principal1, X509Principal principal2) {
+ public static boolean X509equals(X509Principal principal1, X509Principal principal2) {
boolean continueProcess = true;
if (principal1 == null || principal2 == null) {
return false;
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java
index 922e7e61e..16b9afd18 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java
@@ -55,6 +55,9 @@ public enum SAMLCore {
/** The RESPONDE r_ tag. */
RESPONDER_TAG("responder"),
+
+ /** The format r_tag. */
+ FORMAT_TAG("format"),
/** The STOR k10_ ns. */
STORK10_NS("urn:eu:stork:names:tc:STORK:1.0:assertion"),
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java
index 13d2f0af4..2a548ca6f 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java
@@ -73,7 +73,11 @@ public final class STORKSAMLCore {
/** The responder. */
private String responder = null;
- /** The SAML core properties. */
+ private String format = null;
+
+ /**
+ * The SAML core properties.
+ */
private Properties samlCoreProp = null;
/** The time not on or after. */
@@ -189,6 +193,15 @@ public final class STORKSAMLCore {
}
/**
+ * return the format string.
+ *
+ * @return
+ */
+ public String getFormat() {
+ return this.format;
+ }
+
+ /**
* Gets the time not on or after.
*
* @return the time not on or after
@@ -330,6 +343,8 @@ public final class STORKSAMLCore {
requester = samlCoreProp.getProperty(SAMLCore.REQUESTER_TAG.getValue());
responder = samlCoreProp.getProperty(SAMLCore.RESPONDER_TAG.getValue());
+ format = samlCoreProp.getProperty(SAMLCore.FORMAT_TAG.getValue(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
+
} catch (SAMLEngineException e) {
LOGGER.error("SAMLCore: error loadConfiguration. ", e);
throw new STORKSAMLEngineRuntimeException(e);
@@ -492,6 +507,15 @@ public final class STORKSAMLCore {
}
/**
+ * Sets the format string
+ *
+ * @param newFormat
+ */
+ public void setFormat(final String newFormat) {
+ this.format = newFormat;
+ }
+
+ /**
* Sets the time not on or after.
*
* @param newTimeNotOnOrAft
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
index 907b9bf68..9f602aba1 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
@@ -102,9 +102,4 @@ public final class AuthenticationAttributesImpl extends AbstractSignableSAMLObje
vIDPAuthenAttr = prepareForAssignment(this.vIDPAuthenAttr, newVIDPAuthenAttr);
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
index 003d56b46..aa4c725f1 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
@@ -77,9 +77,4 @@ public class CitizenCountryCodeImpl extends AbstractSAMLObject implements Citize
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
index b5d194c7f..13cc3d287 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
@@ -77,9 +77,4 @@ public class EIDCrossBorderShareImpl extends AbstractSAMLObject implements EIDCr
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-} \ No newline at end of file
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
index f2762e327..2e3f6ab7e 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
@@ -78,9 +78,4 @@ public class EIDCrossSectorShareImpl extends AbstractSAMLObject implements EIDCr
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-} \ No newline at end of file
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
index 423cf8b25..e74ce1fec 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
@@ -77,9 +77,4 @@ public class QAAAttributeImpl extends AbstractSAMLObject implements QAAAttribute
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
index e7ac7213b..2537d3794 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
@@ -213,9 +213,4 @@ public class RequestedAttributeImpl extends AbstractSAMLObject implements Reques
this.unknownAttributes = newUnknownAttr;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
index 276697d6a..7f09d611f 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
@@ -77,9 +77,4 @@ public class SPApplicationImpl extends AbstractSAMLObject implements SPApplicati
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
index 404a90079..ea9085867 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
@@ -77,9 +77,4 @@ public class SPCountryImpl extends AbstractSAMLObject implements SPCountry {
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
index cea51a5a8..03dea20ed 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
@@ -77,9 +77,4 @@ public class SPIDImpl extends AbstractSAMLObject implements SPID {
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
index 4089f0862..41b3d8998 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
@@ -101,9 +101,4 @@ public final class SPInformationImpl extends AbstractSignableSAMLObject implemen
this.spId = prepareForAssignment(this.spId, newSPId);
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
index 054481744..ed0a75f35 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
@@ -77,9 +77,4 @@ public class SPInstitutionImpl extends AbstractSAMLObject implements SPInstituti
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
index 6e23d7f24..1cd5fb761 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
@@ -72,6 +72,7 @@ import eu.stork.peps.exceptions.SAMLEngineException;
* The Class HWSign. Module of sign.
*
* @author fjquevedo
+ * @author advania
*/
public final class SignHW implements SAMLEngineSignI {
@@ -79,14 +80,19 @@ public final class SignHW implements SAMLEngineSignI {
private static final String CONF_FILE = "configurationFile";
/**
- * The Constant KEYSTORE_TYPE. private static final String KEYSTORE_TYPE = "keystoreType"
+ * The Constant KEYSTORE_TYPE.
*/
+ private static final String KEYSTORE_TYPE = "keystoreType";
/** The logger. */
private static final Logger LOG = LoggerFactory.getLogger(SignHW.class.getName());
/** The stork own key store. */
private KeyStore storkOwnKeyStore = null;
+ /**
+ * The soft trust key store.
+ */
+ private SignSW swTrustStore = null;
/**
* Gets the stork own key store.
@@ -160,6 +166,12 @@ public final class SignHW implements SAMLEngineSignI {
throw new SAMLEngineException(e);
} finally {
IOUtils.closeQuietly(inputStr);
+ /**
+ * Init the soft keystore to validate with. trustStoreConfig is read from the SignModule config file and should refer to the keystore containing trusted certificates.
+ */
+ swTrustStore = new SignSW();
+ swTrustStore.init(properties.getProperty("trustStoreConfig"));
+ swTrustStore.loadCryptServiceProvider();
}
}
@@ -204,7 +216,7 @@ public final class SignHW implements SAMLEngineSignI {
X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
X509Principal issuerDNConf = new X509Principal(issuer);
- if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
+ if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {
alias = aliasCert;
find = true;
}
@@ -339,56 +351,14 @@ public final class SignHW implements SAMLEngineSignI {
* exception in validate signature
*/
public SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException {
- LOG.info("Start signature validation.");
+ LOG.info("Start signature validation HW.");
+ /*
+ * we are using the soft signature class to validate the signatures. This way we use the same key store code and validation that is used there.
+ */
try {
-
- // Validate structure signature
- final SAMLSignatureProfileValidator signProfValidator = new SAMLSignatureProfileValidator();
-
- // Indicates signature id conform to SAML Signature profile
- signProfValidator.validate(tokenSaml.getSignature());
-
- String aliasCert;
- X509Certificate certificate;
-
- final List<Credential> trustedCred = new ArrayList<Credential>();
-
- for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements();) {
- aliasCert = e.nextElement();
- final BasicX509Credential credential = new BasicX509Credential();
- certificate = (X509Certificate) storkOwnKeyStore.getCertificate(aliasCert);
- credential.setEntityCertificate(certificate);
- trustedCred.add(credential);
- }
-
- final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
- final List<X509Certificate> listCertificates = KeyInfoHelper.getCertificates(keyInfo);
-
- if (listCertificates.size() != 1) {
- throw new SAMLEngineException("Only must be one certificate");
- }
-
- // Exist only one certificate
- final BasicX509Credential entityX509Cred = new BasicX509Credential();
- entityX509Cred.setEntityCertificate(listCertificates.get(0));
-
- final ExplicitKeyTrustEvaluator keyTrustEvaluator = new ExplicitKeyTrustEvaluator();
- if (!keyTrustEvaluator.validate(entityX509Cred, trustedCred)) {
- throw new SAMLEngineException("Certificate it is not trusted.");
- }
-
- final SignatureValidator sigValidator = new SignatureValidator(entityX509Cred);
-
- sigValidator.validate(tokenSaml.getSignature());
-
- } catch (final ValidationException e) {
- LOG.error("ValidationException.", e);
- throw new SAMLEngineException(e);
- } catch (final KeyStoreException e) {
- LOG.error("ValidationException.", e);
- throw new SAMLEngineException(e);
- } catch (final CertificateException e) {
- LOG.error("CertificateException.", e);
+ swTrustStore.validateSignature(tokenSaml);
+ } catch (Exception e) {
+ LOG.error("SW ValidationException.", e);
throw new SAMLEngineException(e);
}
return tokenSaml;
@@ -408,6 +378,12 @@ public final class SignHW implements SAMLEngineSignI {
try {
inputStream = SignHW.class.getResourceAsStream("/" + properties.getProperty(CONF_FILE));
+ final Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(inputStream);
+ if (Security.getProperty(pkcs11Provider.getName()) == null) {
+ Security.insertProviderAt(pkcs11Provider, Security.getProviders().length);
+ }
+
+ storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE), pkcs11Provider);
} catch (final Exception e) {
throw new SAMLEngineException("Error loading CryptographicServiceProvider", e);
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
index c91f11444..d5f01a4cc 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
@@ -41,6 +41,7 @@ import eu.stork.peps.auth.engine.X509PrincipalUtil;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.NotImplementedException;
import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
@@ -166,25 +167,25 @@ public final class SignP12 implements SAMLEngineSignI {
properties = new Properties();
try {
try {
- LOG.debug("Fichero a cargar " + fileConf);
+ LOG.debug("Loading " + fileConf);
fileProperties = new FileInputStream(fileConf);
properties.loadFromXML(fileProperties);
} catch (Exception e) {
- LOG.error("Fallo al cargar el recurso externo. Se reintenta como fichero interno.");
+ LOG.error("Failed to load external resource. Retrieving internal file.");
fileProperties = SignP12.class.getResourceAsStream("/" + fileConf);
if (fileProperties == null) {
fileProperties = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileConf);
if (fileProperties == null) {
Enumeration<URL> files = ClassLoader.getSystemClassLoader().getResources(fileConf);
if (files != null && files.hasMoreElements()) {
- LOG.info("Se han encontrado recurso/s. Se toma el primero.");
+ LOG.info("Found /s.");
fileProperties = ClassLoader.getSystemClassLoader().getResourceAsStream(files.nextElement().getFile());
} else {
- throw new IOException("No se pudo recuperar el fichero: " + fileConf, e);
+ throw new IOException("Could not load file: " + fileConf, e);
}
}
}
- LOG.debug("Recuperados " + fileProperties.available() + " bytes");
+ LOG.debug("Recovered " + fileProperties.available() + " bytes");
properties.loadFromXML(fileProperties);
}
} catch (InvalidPropertiesFormatException e) {
@@ -243,7 +244,7 @@ public final class SignP12 implements SAMLEngineSignI {
X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
X509Principal issuerDNConf = new X509Principal(issuer);
- if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
+ if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {
alias = aliasCert;
find = true;
}
@@ -455,23 +456,21 @@ public final class SignP12 implements SAMLEngineSignI {
FileInputStream fisTrustStore = null;
try {
- // // Dynamically register Bouncy Castle provider.
- // boolean found = false;
- // // Check if BouncyCastle is already registered as a provider
- // final Provider[] providers = Security.getProviders();
- // for (int i = 0; i < providers.length; i++) {
- // if (providers[i].getName().equals(
- // BouncyCastleProvider.PROVIDER_NAME)) {
- // found = true;
- // }
- // }
- //
- // // Register only if the provider has not been previously registered
- // if (!found) {
- // LOG.debug("SAMLCore: Register Bouncy Castle provider.");
- // Security.insertProviderAt(new BouncyCastleProvider(), Security
- // .getProviders().length);
- // }
+ // Dynamically register Bouncy Castle provider.
+ boolean found = false;
+ // Check if BouncyCastle is already registered as a provider
+ final Provider[] providers = Security.getProviders();
+ for (int i = 0; i < providers.length; i++) {
+ if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) {
+ found = true;
+ }
+ }
+
+ // Register only if the provider has not been previously registered
+ if (!found) {
+ LOG.debug("SAMLCore: Register Bouncy Castle provider.");
+ Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length);
+ }
p12Store = KeyStore.getInstance(properties.getProperty("keystoreType"));
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
index e1ae2b8e2..1ca857e9e 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
@@ -12,17 +12,34 @@
* Licence for the specific language governing permissions and limitations under
* the Licence.
*/
-
package eu.stork.peps.auth.engine.core.impl;
-import eu.stork.peps.auth.engine.X509PrincipalUtil;
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.exceptions.SAMLEngineException;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.InvalidPropertiesFormatException;
+import java.util.List;
+import java.util.Properties;
+
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.NotImplementedException;
import org.bouncycastle.jce.X509Principal;
-//import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
@@ -41,25 +58,22 @@ import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
import org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEvaluator;
import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.*;
+import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.*;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.*;
+import eu.stork.peps.auth.engine.X509PrincipalUtil;
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.SAMLEngineException;
+
/**
* The Class SWSign. Class responsible for signing and validating of messages SAML with a certificate store software.
@@ -215,16 +229,12 @@ public class SignSW implements SAMLEngineSignI {
final String serialNum = certificate.getSerialNumber().toString(16);
- try {
- X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
- X509Principal issuerDNConf = new X509Principal(issuer);
+ X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
+ X509Principal issuerDNConf = new X509Principal(issuer);
- if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
- alias = aliasCert;
- find = true;
- }
- } catch (Exception ex) {
- LOG.error("Exception during signing: " + ex.getMessage()); // Added as a workaround for Bouncycastle email error
+ if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {
+ alias = aliasCert;
+ find = true;
}
}
if (!find) {
@@ -344,7 +354,7 @@ public class SignSW implements SAMLEngineSignI {
* @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(org.opensaml.common.SignableSAMLObject)
*/
public final SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException {
- LOG.info("Start signature validation.");
+ LOG.info("Start signature validation SW.");
try {
// Validate structure signature
@@ -440,23 +450,21 @@ public class SignSW implements SAMLEngineSignI {
LOG.info("Load Cryptographic Service Provider");
FileInputStream fis = null;
try {
- // // Dynamically register Bouncy Castle provider.
- // boolean found = false;
- // // Check if BouncyCastle is already registered as a provider
- // final Provider[] providers = Security.getProviders();
- // for (int i = 0; i < providers.length; i++) {
- // if (providers[i].getName().equals(
- // BouncyCastleProvider.PROVIDER_NAME)) {
- // found = true;
- // }
- // }
- //
- // // Register only if the provider has not been previously registered
- // if (!found) {
- // LOG.info("SAMLCore: Register Bouncy Castle provider.");
- // Security.insertProviderAt(new BouncyCastleProvider(), Security
- // .getProviders().length);
- // }
+ // Dynamically register Bouncy Castle provider.
+ boolean found = false;
+ // Check if BouncyCastle is already registered as a provider
+ final Provider[] providers = Security.getProviders();
+ for (int i = 0; i < providers.length; i++) {
+ if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) {
+ found = true;
+ }
+ }
+
+ // Register only if the provider has not been previously registered
+ if (!found) {
+ LOG.info("SAMLCore: Register Bouncy Castle provider.");
+ Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length);
+ }
storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE));
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
index d7d92ea74..bfb85e357 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
@@ -125,10 +125,4 @@ public final class VIDPAuthenticationAttributesImpl extends AbstractSignableSAML
public void setSPInformation(SPInformation newSPInformation) {
this.spInformation = prepareForAssignment(this.spInformation, newSPInformation);
}
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
index bf7626dc5..04ff153d3 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
@@ -54,8 +54,12 @@ public class QAAAttributeSchemaValidator implements Validator<QAAAttribute> {
if (DatatypeHelper.isEmpty(qaaAttribute.getQaaLevel())) {
throw new ValidationException("QAALevel label must be specified.");
}
-
- final int qaa = Integer.valueOf(qaaAttribute.getQaaLevel());
+ int qaa = 0;
+ try {
+ qaa = Integer.valueOf(qaaAttribute.getQaaLevel());
+ } catch (Exception e) {
+ throw new ValidationException("QAALevel is not a valid number!");
+ }
if (qaa < QAAAttribute.MIN_VALUE || qaa > QAAAttribute.MAX_VALUE) {
throw new ValidationException("QAALevel label must be greater than 0.");
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java
index 6e76c52a6..c0197b9db 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java
@@ -12,15 +12,8 @@
* Licence for the specific language governing permissions and limitations under
* the Licence.
*/
-
package eu.stork.peps.configuration;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
@@ -28,6 +21,12 @@ import java.util.InvalidPropertiesFormatException;
import java.util.Map;
import java.util.Properties;
+import org.apache.commons.io.IOUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
/**
* The Class InstanceCreator.
*
@@ -90,6 +89,7 @@ public final class ConfigurationCreator {
* the STORKSAML engine runtime exception
*/
private static Properties getNewInstance(final String fileName) throws STORKSAMLEngineException {
+ LOGGER.info("Create file configuration properties to Stork Saml Engine: " + fileName);
InputStream fileEngineProp = null;
// fetch base from system properties, give a default if there is nothing configured
@@ -115,10 +115,10 @@ public final class ConfigurationCreator {
configuration.loadFromXML(fileEngineProp);
return configuration;
} catch (InvalidPropertiesFormatException e) {
- LOGGER.error("Invalid properties format.");
+ LOGGER.error("Invalid properties format: " + fileName);
throw new STORKSAMLEngineException(e);
} catch (IOException e) {
- LOGGER.error("Error read file: " + base + fileName);
+ LOGGER.error("Error read file: " + fileName);
throw new STORKSAMLEngineException(e);
} finally {
IOUtils.closeQuietly(fileEngineProp);
diff --git a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java
index 502e0e461..4f22df7fb 100644
--- a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java
+++ b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java
@@ -59,6 +59,18 @@ public class StorkAttrQueryRequestTest {
givenName.setValue(Arrays.asList("Sveinbjorn"));
pal.add(givenName);
+ final PersonalAttribute fiscalNumber = new PersonalAttribute();
+ fiscalNumber.setName("fiscalNumber");
+ fiscalNumber.setIsRequired(true);
+ fiscalNumber.setValue(Arrays.asList("fiscalNumber"));
+ pal.add(fiscalNumber);
+
+ final PersonalAttribute LPFiscalNumber = new PersonalAttribute();
+ LPFiscalNumber.setName("LPFiscalNumber");
+ LPFiscalNumber.setIsRequired(true);
+ LPFiscalNumber.setValue(Arrays.asList("LPFiscalNumber"));
+ pal.add(LPFiscalNumber);
+
destination = "http://A-PEPS.gov.xx/PEPS/AttributeColleagueRequest";
assertConsumerUrl = "http://S-PEPS.gov.xx/PEPS/ColleagueResponse";
// spName = "University of Oxford";
diff --git a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java
index beca213ac..d476ad26e 100644
--- a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java
+++ b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java
@@ -21,15 +21,12 @@ import java.util.ArrayList;
import org.junit.Ignore;
import org.junit.Test;
-
import org.opensaml.xml.parse.BasicParserPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.*;
+import eu.stork.peps.auth.commons.*;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
@@ -68,6 +65,11 @@ public class StorkAuthRequestTest {
eIDNumber.setIsRequired(true);
pal.add(eIDNumber);
+ final PersonalAttribute LPFiscalNumber = new PersonalAttribute();
+ LPFiscalNumber.setName("LPFiscalNumber");
+ LPFiscalNumber.setIsRequired(true);
+ pal.add(LPFiscalNumber);
+
destination = "http://C-PEPS.gov.xx/PEPS/ColleagueRequest";
assertConsumerUrl = "http://S-PEPS.gov.xx/PEPS/ColleagueResponse";
diff --git a/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml b/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml
index 171e05f12..fadef82b2 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml
@@ -1,67 +1,85 @@
<?xml version="1.0" encoding="UTF-8"?>
<instances>
- <!-- Configuration name -->
- <instance name="CONF0">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" />
- </configuration>
+ <!-- Configuration name -->
+ <instance name="CONF0">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" />
+ </configuration>
- <!-- Settings module signature -->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class"
- value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_Conf0.xml" />
- </configuration>
- </instance>
+ <!-- Settings module signature -->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class"
+ value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_Conf0.xml" />
+ <parameter name="softTrustStoreConfig" value="SignModule_Conf0.xml" />
+ </configuration>
+ </instance>
- <!-- ******************** CONF1 ******************** -->
- <!-- Configuration name -->
- <instance name="CONF1">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_Conf1.xml" />
- </configuration>
+ <!-- ******************** CONF1 ******************** -->
+ <!-- Configuration name -->
+ <instance name="CONF1">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_Conf1.xml" />
+ </configuration>
- <!-- Settings module signature -->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class"
- value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_Conf1.xml" />
- </configuration>
- </instance>
+ <!-- Settings module signature -->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class"
+ value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_Conf1.xml" />
+ </configuration>
+ </instance>
- <!-- ******************** CONF2 ******************** -->
+ <!-- ******************** CONF2 ******************** -->
- <instance name="CONF2">
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_Conf2.xml" />
- </configuration>
+ <instance name="CONF2">
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_Conf2.xml" />
+ </configuration>
- <configuration name="SignatureConf">
- <parameter name="class"
- value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <parameter name="fileConfiguration" value="SignModule_Conf2.xml" />
- </configuration>
- </instance>
+ <configuration name="SignatureConf">
+ <parameter name="class"
+ value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <parameter name="fileConfiguration" value="SignModule_Conf2.xml" />
+ </configuration>
+ </instance>
- <!-- ******************** CONF3 ******************** -->
+ <!-- ******************** CONF3 ******************** -->
- <instance name="CONF3">
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_Conf3.xml" />
- </configuration>
+ <instance name="CONF3">
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_Conf3.xml" />
+ </configuration>
- <configuration name="SignatureConf">
- <parameter name="class"
- value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <parameter name="fileConfiguration" value="SignModule_Conf3.xml" />
- </configuration>
- </instance>
+ <configuration name="SignatureConf">
+ <parameter name="class"
+ value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <parameter name="fileConfiguration" value="SignModule_Conf3.xml" />
+ </configuration>
+ </instance>
+
+ <!-- ******************** CONF4 ******************** -->
+ <instance name="CONF4">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" />
+ </configuration>
+
+ <!-- Settings module signature -->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignHW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_P11.xml" />
+ <parameter name="softTrustStoreConfig" value="SignModule_Conf0.xml" />
+ </configuration>
+ </instance>
</instances> \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml
index abb071044..295258bb2 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml
@@ -1,17 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-<!-- properties> <comment>SWModule sign with JKS.</comment> <entry key="keystorePath">C:\opt\keystores\keyStoreCountry0.jks</entry>
- <entry key="keyStorePassword">local-demo</entry> <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=saml-demo-cert,OU=STORK2,O=Advania,L=Reykjavik,ST=Reykjavik,C=IS</entry>
- <entry key="serialNumber">524D4C6C</entry> <entry key="keystoreType">JKS</entry>
- </properties -->
+<!-- properties>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">C:\opt\keystores\keyStoreCountry0.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=saml-demo-cert,OU=STORK2,O=Advania,L=Reykjavik,ST=Reykjavik,C=IS</entry>
+ <entry key="serialNumber">524D4C6C</entry>
+ <entry key="keystoreType">JKS</entry>
+</properties-->
<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
</properties> \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml
index e556a7331..ffd41cb61 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml
@@ -2,11 +2,11 @@
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
</properties> \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml
index 3da1e33df..21b73d49d 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml
@@ -2,11 +2,11 @@
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">C:\opt\keystores\keyStoreCountry2.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">C:\opt\keystores\keyStoreCountry2.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
</properties> \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml
index 4c14a1711..f9ebc85cc 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml
@@ -2,11 +2,11 @@
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">C:\opt\keystores\keyStoreCountry3.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">C:\opt\keystores\keyStoreCountry3.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
</properties> \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml
index c683d97c3..0e95da1f2 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml
@@ -2,10 +2,11 @@
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
- <comment>HWModule sign with interface PKCS11.</comment>
- <entry key="configurationFile">p11Config.cfg</entry>
- <entry key="keyPassword">*******</entry>
- <entry key="issuer">CN=XXXXXXXXX</entry>
- <entry key="serialNumber">xxxxxxxxxxxxxx</entry>
- <entry key="keystoreType">PKCS11</entry>
+ <comment>HWModule sign with interface PKCS11.</comment>
+ <entry key="configurationFile">p11Conf.cfg</entry>
+ <entry key="keyPassword">12345</entry>
+ <entry key="issuer">CN=Test Certificate</entry>
+ <entry key="serialNumber">147d4b07db8</entry>
+ <entry key="keystoreType">PKCS11</entry>
+ <entry key="trustStoreConfig">SignModule_Conf0.xml</entry>
</properties> \ No newline at end of file