diff options
47 files changed, 685 insertions, 405 deletions
| diff --git a/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java b/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java index 9ed726a32..49ef68cb9 100644 --- a/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java +++ b/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java @@ -76,10 +76,4 @@ public class EIDSectorShareImpl extends AbstractSAMLObject implements      public final List<XMLObject> getOrderedChildren() {  	return null;      } - -    @Override -    public int hashCode() { -        LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -        return super.hashCode(); -    }  }
\ No newline at end of file diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java index f47cca6be..28115ae62 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java @@ -1,13 +1,20 @@  package eu.stork.peps.auth.commons;
 +import java.io.Serializable;
 +
  /**
   * This class is a bean used to store information relative to Attribute Names.
 - * 
 + *
   * @author Stelios Lelis (stelios.lelis@aegean.gr), Elias Pastos (ilias@aegean.gr)
   *
   * @version $Revision: 1.00 $, $Date: 2013-11-26 $
   */
 -public final class AttributeName {
 +public final class AttributeName implements Serializable {
 +
 +	/**
 +     *
 +     */
 +	private static final long serialVersionUID = -3537736618869722308L;
  	/**
  	 * Attribute Id.
 diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java index 24d93f9bb..c59109092 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java @@ -91,4 +91,22 @@ public class AttributeProvidersMap extends LinkedHashMap<AttributeSource, IPerso  		}
  		LOG.trace("END\n=======================");
  	}
 +
 +	public void mergeWith(IAttributeProvidersMap aPMap) {
 +		Iterator<AttributeSource> maKeys = aPMap.keyIterator();
 +		while (maKeys.hasNext()) {
 +			AttributeSource key = maKeys.next();
 +			IPersonalAttributeList l2 = aPMap.get(key);
 +			if (containsKey(key)) {
 +				IPersonalAttributeList l1 = get(key);
 +				for (PersonalAttribute pa : l2) {
 +					if (!l1.containsKey(pa.getName())) {
 +						l1.add(pa);
 +					}
 +				}
 +			} else {
 +				put(key, l2);
 +			}
 +		}
 +	}
  }
 diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java index 8064131a7..eb5e3ded4 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java @@ -148,10 +148,11 @@ public final class AttributeSource implements Serializable {  		LOG.debug("Calling equals with Object.");
  		if (obj instanceof AttributeSource) {
  			LOG.debug("Calling equals with AttributeSource.");
 -			outcome = this.equals((AttributeSource) obj);
 +			outcome = this.innerEquals((AttributeSource) obj);
 +		}
 +		if (LOG.isDebugEnabled()) {
 +			LOG.debug("Object equals outcome: " + outcome);
  		}
 -
 -		LOG.debug("Object equals outcome: " + outcome);
  		return outcome;
  	}
 @@ -163,7 +164,7 @@ public final class AttributeSource implements Serializable {  	 * 
  	 * @return true if the two objects are equal
  	 */
 -	public boolean equals(AttributeSource obj) {
 +	public boolean innerEquals(AttributeSource obj) {
  		boolean outcome = false;
  		if (this.sourceType == obj.getSourceType()) {
 @@ -175,8 +176,9 @@ public final class AttributeSource implements Serializable {  					outcome = true;
  			}
  		}
 -
 -		LOG.debug("AttributeSource equals outcome: " + outcome);
 +		if (LOG.isDebugEnabled()) {
 +			LOG.debug("AttributeSource equals outcome: " + outcome);
 +		}
  		return outcome;
  	}
 diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java index 18218dce4..f49986aaf 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java @@ -108,7 +108,7 @@ public final class AttributeUtil {  				strBuilder.append(AttributeUtil.escape(s) + separator);  			}  		} -		return strBuilder.toString(); +		return strBuilder.substring(0, strBuilder.length() - 1).toString();  	}  	/** @@ -132,7 +132,7 @@ public final class AttributeUtil {  			strBuilder.append(AttributeUtil.escape(entry.getValue()));  			strBuilder.append(separator);  		} -		return strBuilder.toString(); +		return strBuilder.substring(0, strBuilder.length() - 1).toString();  	}  	/** diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java index ffae4ae67..bdcf58fec 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java @@ -109,6 +109,18 @@ public interface IAttributeListProcessor {  	IPersonalAttributeList removeAPMandatoryAttributes(IPersonalAttributeList attrList, Map<String, Boolean> attributes);  	/** +	 * Removes from attribute list the Stork list of attributes. +	 * +	 * @param attrList +	 *            the requested attribute list +	 * +	 * @return the attribute list without rejected attributes. +	 * +	 * @see IPersonalAttributeList +	 */ +	IPersonalAttributeList removeAPRejectedAttributes(IPersonalAttributeList attrList); + +	/**  	 * Checks if mandate attribute exist in the requested Attribute List. Power attribute name to lookup is loaded by implementation.  	 *   	 * @param attrList @@ -153,4 +165,39 @@ public interface IAttributeListProcessor {  	 */  	Map<String, Boolean> getNormalAttributesAdded(); -}
\ No newline at end of file +	/** +	 * Adds normal attributes to personal attribute list if exist in original list (allAttrList). +	 * +	 * @param attrList +	 *            the list which will be updated +	 * @param allAttrList +	 *            the list to check if attributes are to be included. +	 * +	 * +	 * @return the attributes list updated. +	 */ +	IPersonalAttributeList addNormalAttributes(IPersonalAttributeList attrList, IPersonalAttributeList allAttrList); + +	/** +	 * Updates list by filtering any attribute that must be requested instead of using a value obtained from cache (business and legal attrs) +	 * +	 * @param attrList +	 *            the list which will be updated +	 * @return the filtered list +	 */ +	IPersonalAttributeList filterAttrList(IPersonalAttributeList attrList); + +	/** +	 * Updates the list of cached attrs by inserting the business and/or legal attrs requested by the user +	 * +	 * @param cachedAttrList +	 * @param requestedAttrsList +	 */ +	void updateAttrList(IPersonalAttributeList cachedAttrList, IPersonalAttributeList requestedAttrsList); + +	/** +	 * Verifies if normal attribute list contains any attribute that we must always request (usually business attributes) +	 */ +	boolean hasAlwaysRequestAttributes(IPersonalAttributeList attributeList); + +} diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java index aa0ddf85b..cc5fe977f 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java @@ -78,4 +78,11 @@ public interface IAttributeProvidersMap {  	 * @return an iterator of the keys contained in this map
  	 */
  	Iterator<AttributeSource> keyIterator();
 +
 +	/**
 +	 * Merges this Attribute Providers Map with another providers map changes the contents of this map so it returns null
 +	 *
 +	 * @param aPMap
 +	 */
 +	void mergeWith(IAttributeProvidersMap aPMap);
  }
 diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java index 71b3400b4..7eb788461 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java @@ -43,6 +43,20 @@ public interface IPersonalAttributeList extends Iterable<PersonalAttribute>, Clo  	PersonalAttribute put(String key, PersonalAttribute value);  	/** +	 * Replaces the specified value with the specified key in this Personal Attribute List. +	 * +	 * @param key +	 *            with which the specified value is to be replaced. +	 * @param value +	 *            to be associated with the specified key. +	 * +	 * @return the previous value associated with key, or null if there was no mapping for key. +	 * +	 * @see PersonalAttribute +	 */ +	PersonalAttribute replace(String key, PersonalAttribute value); + +	/**  	 * Returns the value to which the specified key is mapped, or null if this map contains no mapping for the key.  	 *   	 * @param key @@ -147,6 +161,13 @@ public interface IPersonalAttributeList extends Iterable<PersonalAttribute>, Clo  	IPersonalAttributeList getMandatoryAttributes();  	/** +	 * Returns a IPersonalAttributeList merged with provided one. +	 * +	 * @return an IPersonalAttributeList the attribute list to merge with. +	 */ +	IPersonalAttributeList merge(IPersonalAttributeList attrList); + +	/**  	 * Returns a IPersonalAttributeList of the optional attributes in this map.  	 *   	 * @return an IPersonalAttributeList of the optional attributes contained in this map. @@ -172,6 +193,6 @@ public interface IPersonalAttributeList extends Iterable<PersonalAttribute>, Clo  	 *  	 * @return The copy of this IPersonalAttributeList.  	 */ -	Object clone() throws CloneNotSupportedException; +	Object clone();  } diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java index f82f6fbcc..87ab4275f 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java @@ -5,6 +5,7 @@ import java.util.ArrayList;  import java.util.Iterator;
  import java.util.LinkedHashMap;
  import java.util.List;
 +import java.util.Map;
  import org.apache.log4j.Logger;
 @@ -36,7 +37,7 @@ public final class Linker implements Serializable {  	/**
  	 * Assertion map.
  	 */
 -	private LinkedHashMap<AttributeSource, STORKAttrQueryResponse> assertions;
 +	private Map<AttributeSource, List<STORKAttrQueryResponse>> assertions;
  	/**
  	 * The current index of local (domestic) Attribute Providers.
 @@ -55,7 +56,7 @@ public final class Linker implements Serializable {  		localIndex = 0;
  		remoteIndex = 0;
 -		assertions = new LinkedHashMap<AttributeSource, STORKAttrQueryResponse>();
 +		assertions = new LinkedHashMap<AttributeSource, List<STORKAttrQueryResponse>>();
  	}
  	/**
 @@ -143,13 +144,19 @@ public final class Linker implements Serializable {  			localIndex++;
  		// Assertion storage
 -		this.assertions.put(source, attrResponse);
 -		// previously: getTotalPersonalAttributeList() in both cases
 -		if (source.getSourceType() == AttributeSource.SOURCE_REMOTE_COUNTRY)
 +		if (this.assertions.containsKey(source)) {
 +			this.assertions.get(source).add(attrResponse);
 +		} else {
 +			List<STORKAttrQueryResponse> temp = new ArrayList<STORKAttrQueryResponse>();
 +			temp.add(attrResponse);
 +			this.assertions.put(source, temp);
 +		}
 +
 +		if (source.getSourceType() == AttributeSource.SOURCE_REMOTE_COUNTRY) {
  			this.attributeProvidersMap.put(source, attrResponse.getTotalPersonalAttributeList());
 -		else
 +		} else {
  			this.attributeProvidersMap.put(source, attrResponse.getPersonalAttributeList());
 -		// this.attributeProvidersMap.put(source, attrResponse.getTotalPersonalAttributeList());
 +		}
  	}
  	/**
 @@ -312,5 +319,13 @@ public final class Linker implements Serializable {  			LOG.debug("The attributeProvidersMap after the merge.");
  			((AttributeProvidersMap) this.attributeProvidersMap).trace();
  		}
 +
 +		for (AttributeSource as : previous.assertions.keySet()) {
 +			if (!assertions.containsKey(as)) {
 +				assertions.put(as, previous.assertions.get(as));
 +			} else {
 +				assertions.get(as).addAll(previous.assertions.get(as));
 +			}
 +		}
  	}
 -}
\ No newline at end of file +}
 diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java index ac83d5ddf..7d758d754 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java @@ -314,7 +314,17 @@ public enum PEPSErrors {  	/**  	 * Represents the 'invalid.attr.country.code' constant error identifier.  	 */ -	INVALID_COUNTRY_CODE("invalid.attr.country.code"); +	INVALID_COUNTRY_CODE("invalid.attr.country.code"), +	/** +	 * DTL error codes. +	 */ +	DTL_ERROR_ADD("dtl.error.adding.doc"), DTL_ERROR_GET("dtl.error.getting.doc"), DTL_ERROR_REQUEST("dtl.error.request.attribute"), DTL_INVALID_XML("dtl.invalid.xml"), DTL_EMPTY_REQUEST( +			"dtl.empty.request"), DTL_ERROR_DOCUMENT_URL("dtl.error.no.document.url"), DTL_ERROR_NO_DOCUMENT("dtl.error.no.document"), DTL_ERROR_MARSHALL_SIGNREQUEST("dtl.error.marshall.signrequest"), DTL_ERROR_MARSHALL_SIGNRESPONSE( +			"dtl.error.marshall.signresponse"), +	/** +	 * Represents the 'colleagueAttributeRequest.invalidSAML' constant error identifier. +	 */ +	COLLEAGUE_LOGOUT_INVALID_SAML("colleagueLogoutRequest.invalidSAML");  	/**  	 * Represents the constant's value. diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java index ec967a2ee..6b876b680 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java @@ -69,6 +69,10 @@ public enum PEPSParameters {  	 */  	ATTRIBUTE_LIST("attrList"),  	/** +	 * Represents the 'allAttrList' parameter constant. +	 */ +	ALL_ATTRIBUTE_LIST("allAttrList"), +	/**  	 * Represents the 'apMandAttrList' parameter constant.  	 */  	AP_MANDATORY_ATTRIBUTE_LIST("apMandAttrList"), @@ -106,7 +110,7 @@ public enum PEPSParameters {  	/**  	 * Represents the complex attributes parameter constant.  	 */ -	COMPLEX_ADDRESS_VALUE("canonicalResidenceAddress"), COMPLEX_NEWATTRIBUTE_VALUE("newAttribute2"), COMPLEX_HASDEGREE_VALUE("hasDegree"), COMPLEX_MANDATECONTENT_VALUE("mandateContent"), +	COMPLEX_ADDRESS_VALUE("canonicalResidenceAddress"), COMPLEX_NEWATTRIBUTE_VALUE("newAttribute2"), COMPLEX_HASDEGREE_VALUE("hasDegree"), COMPLEX_MANDATECONTENT_VALUE("mandate"),  	/**  	 * Represents the 'consent-type' parameter constant.  	 */ @@ -603,8 +607,23 @@ public enum PEPSParameters {  	/**  	 * Represents the 'idPDerivedAttrList' parameter constant.  	 */ - -	IDP_DERIVED_ATTR_LIST("idPDerivedAttrList"); +	IDP_DERIVED_ATTR_LIST("idPDerivedAttrList"), +	/** +	 * Represents the 'apRejectedAttrsList' parameter constant. +	 */ +	AP_REJECTED_ATTRS_LIST("apRejectedAttrsList"), +	/** +	 * Represents the 'logoutRequest' parameter constant. +	 */ +	LOGOUT_REQUEST("logoutRequest"), +	/** +	 * Represents the 'logoutRequest' parameter constant. +	 */ +	LOGOUT_RESPONSE("logoutResponse"), +	/** +	 * Represents the 'logoutRequest' parameter constant. +	 */ +	LOGOUT_DEST_URL("speps.logout.destination.url");  	/**  	 * Represents the constant's value. diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java index 9cc587d7f..a63db12e1 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java @@ -246,7 +246,11 @@ public enum PEPSValues {  	/**  	 * Represents the 'attr-filter' constant value.  	 */ -	AP_ATTRFILTER_PREFIX("attr-filter"); +	AP_ATTRFILTER_PREFIX("attr-filter"), +	/** +	 * Represents the 'save-session' constant value. +	 */ +	SAVED_SESSION("saved-session");  	/**  	 * Represents the constant's value. diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java index 49ea3e695..8d1482f05 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java @@ -18,7 +18,7 @@ import java.util.ArrayList;  import java.util.HashMap;  import java.util.List;  import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; +import java.util.Vector;  import org.apache.log4j.Logger; @@ -60,7 +60,7 @@ public final class PersonalAttribute implements Serializable, Cloneable {  	/**  	 * Complex values of the personal attribute.  	 */ -	private Map<String, String> complexValue = new ConcurrentHashMap<String, String>(); +	private List<Map<String, String>> complexValue = new Vector<Map<String, String>>();  	/**  	 * Is the personal attribute mandatory? @@ -138,8 +138,7 @@ public final class PersonalAttribute implements Serializable, Cloneable {  				personalAttr.setValue(val);  			}  			if (!isEmptyComplexValue()) { -				final Map<String, String> complexVal = (Map<String, String>) ((HashMap<String, String>) this.getComplexValue()).clone(); -				personalAttr.setComplexValue(complexVal); +				personalAttr.addComplexValues(this.getComplexValues());  			}  			return personalAttr;  		} catch (final CloneNotSupportedException e) { @@ -209,6 +208,18 @@ public final class PersonalAttribute implements Serializable, Cloneable {  	}  	/** +	 * Add new value to list of values. +	 * +	 * @param attrValue +	 *            The personal attribute value. +	 */ +	public void addValue(final String attrValue) { +		if (attrValue != null) { +			this.value.add(attrValue); +		} +	} + +	/**  	 * Getter for the type value.  	 *   	 * @return The name value. @@ -252,6 +263,19 @@ public final class PersonalAttribute implements Serializable, Cloneable {  	 * @return The complex value.  	 */  	public Map<String, String> getComplexValue() { +		if (complexValue.size() > 0) { +			return complexValue.get(0); +		} else { +			return new HashMap<String, String>(); +		} +	} + +	/** +	 * Getter for the complex values. +	 * +	 * @return The complex value. +	 */ +	public List<Map<String, String>> getComplexValues() {  		return complexValue;  	} @@ -263,11 +287,21 @@ public final class PersonalAttribute implements Serializable, Cloneable {  	 */  	public void setComplexValue(final Map<String, String> complexVal) {  		if (complexVal != null) { -			this.complexValue = complexVal; +			this.complexValue.add(complexVal);  		}  	}  	/** +	 * Setter for the complex values. +	 * +	 * @param complexVal +	 *            The personal attribute Complex values. +	 */ +	public void addComplexValues(final List<Map<String, String>> complexVals) { +		this.complexValue.addAll(complexVals); +	} + +	/**  	 * Getter for the personal's friendly name.  	 *   	 * @return The personal's friendly name value. @@ -301,7 +335,7 @@ public final class PersonalAttribute implements Serializable, Cloneable {  	 * @return True if the Complex Value is empty;  	 */  	public boolean isEmptyComplexValue() { -		return complexValue.isEmpty(); +		return complexValue.isEmpty() || complexValue.get(0).isEmpty();  	}  	/** @@ -343,4 +377,15 @@ public final class PersonalAttribute implements Serializable, Cloneable {  		return strBuild.toString();  	} +	/** +	 * Empties the Value or ComplexValue field of a PersonalAttribute +	 */ +	public void setEmptyValue() { +		if (this.isEmptyValue()) { +			this.complexValue = new Vector<Map<String, String>>(); +		} else { +			this.value = new ArrayList<String>(); +		} +	} +  } diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java index 8f60bdc0d..233cdebd0 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java @@ -13,7 +13,6 @@   */  package eu.stork.peps.auth.commons; -import java.io.Serializable;  import java.util.ArrayList;  import java.util.HashMap;  import java.util.Iterator; @@ -34,7 +33,7 @@ import org.apache.log4j.Logger;   * @see PersonalAttribute   */  @SuppressWarnings("PMD") -public final class PersonalAttributeList extends ConcurrentHashMap<String, PersonalAttribute> implements IPersonalAttributeList, Serializable { +public final class PersonalAttributeList extends ConcurrentHashMap<String, PersonalAttribute> implements IPersonalAttributeList {  	/**  	 * Logger object. @@ -88,10 +87,17 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso  		String attrName = (String) key;  		if (this.latestAttrAlias.containsKey(key)) { -			attrName = attrName + this.latestAttrAlias.get(key); +			int index = this.latestAttrAlias.get(key); +			if ((index + 1) > this.attrAliasNumber.get(key).size()) { +				index = 0; +			} + +			attrName = this.attrAliasNumber.get(key).get(index); +			this.latestAttrAlias.put((String) key, Integer.valueOf(++index));  		} else {  			if (this.attrAliasNumber.containsKey(key)) { -				this.latestAttrAlias.put(attrName, this.attrAliasNumber.get(key)); +				this.latestAttrAlias.put((String) key, Integer.valueOf(0)); +				attrName = this.attrAliasNumber.get(key).get(0);  			}  		}  		return super.get(attrName); @@ -109,6 +115,13 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso  	/**  	 * {@inheritDoc}  	 */ +	public PersonalAttribute replace(final String key, final PersonalAttribute val) { +		return super.put(key, val); +	} + +	/** +	 * {@inheritDoc} +	 */  	public PersonalAttribute put(final String key, final PersonalAttribute val) {  		if (StringUtils.isNotEmpty(key) && val != null) {  			// Validate if attribute name already exists! @@ -135,10 +148,56 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso  	}  	/** -	 * {@inheritDoc} +	 * Escape method for attributes with double comma +	 * +	 * @return escaped attribute list +	 * +	 */ +	private String attrListEncoder(String attrList) { +		StringBuilder finalAttr = new StringBuilder(); +		String boolAttr = PEPSValues.TRUE.toString(); +		String reqRegex = PEPSValues.ATTRIBUTE_TUPLE_SEP.toString() + PEPSValues.TRUE.toString() + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString(); + +		String reqRegexSeparator = PEPSValues.ATTRIBUTE_TUPLE_SEP.toString() + PEPSValues.TRUE.toString() + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString() + "|" + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString() +				+ PEPSValues.FALSE.toString() + PEPSValues.ATTRIBUTE_TUPLE_SEP.toString(); + +		for (String s : attrList.split(PEPSValues.ATTRIBUTE_SEP.toString())) { +			StringBuilder tempBuilder = new StringBuilder(s); +			if (s.split(PEPSValues.ATTRIBUTE_TUPLE_SEP.toString()).length > 4) { +				LOG.info("Found attributes with special characters, escaping special characters"); + +				if (s.split(reqRegex) == null) { +					boolAttr = PEPSValues.FALSE.toString(); +				} + +				tempBuilder.setLength(0); +				tempBuilder.append(AttributeUtil.escape(s.split(reqRegexSeparator)[0])); +				tempBuilder.append(PEPSValues.ATTRIBUTE_TUPLE_SEP.toString()); +				tempBuilder.append(boolAttr); +				tempBuilder.append(PEPSValues.ATTRIBUTE_TUPLE_SEP.toString()); +				tempBuilder.append(s.split(reqRegexSeparator)[1]); + +			} + +			finalAttr.append(tempBuilder.toString()); +			finalAttr.append(PEPSValues.ATTRIBUTE_SEP.toString()); +		} +		return finalAttr.toString(); +	} + +	/** +	 * Unescape a string +	 * +	 * @see PersonalAttributeList#attrListEncoder +	 *  	 */ +	private String attrListDecoder(String string) { +		return AttributeUtil.unescape(string); +	} +  	public void populate(final String attrList) { -		final StringTokenizer strToken = new StringTokenizer(attrList, PEPSValues.ATTRIBUTE_SEP.toString()); + +		final StringTokenizer strToken = new StringTokenizer(attrListEncoder(attrList), PEPSValues.ATTRIBUTE_SEP.toString());  		while (strToken.hasMoreTokens()) {  			final PersonalAttribute persAttr = new PersonalAttribute(); @@ -163,6 +222,9 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso  				}  				if (tuples.length == AttributeConstants.NUMBER_TUPLES.intValue()) { +					tuples[0] = attrListDecoder(tuples[0]); +					persAttr.setName(attrListDecoder(persAttr.getName())); +  					persAttr.setStatus(tuples[AttributeConstants.ATTR_STATUS_INDEX.intValue()]);  				}  				this.put(tuples[AttributeConstants.ATTR_NAME_INDEX.intValue()], persAttr); @@ -180,6 +242,7 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso  	 * @return The copy of this IPersonalAttributeList.  	 */  	public Object clone() { +		// This implementation may have an bug!  		try {  			return (PersonalAttributeList) super.clone();  		} catch (CloneNotSupportedException e) { @@ -310,6 +373,17 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso  	}  	/** +	 * {@inheritDoc} +	 */ +	public IPersonalAttributeList merge(IPersonalAttributeList attrList1) { + +		for (PersonalAttribute attr : attrList1) { +			this.add(attr); +		} +		return this; +	} + +	/**  	 * Returns a IPersonalAttributeList of the mandatory attributes in this map.  	 *   	 * @return an IPersonalAttributeList of the mandatory attributes contained in this map. @@ -318,7 +392,7 @@ public final class PersonalAttributeList extends ConcurrentHashMap<String, Perso  		LOG.info("get simple attributes");  		IPersonalAttributeList attrList = new PersonalAttributeList();  		for (PersonalAttribute attr : this) { -			if (attr.getComplexValue().isEmpty()) { +			if (!attr.getValue().isEmpty()) {  				attrList.put(attr.getName(), attr);  				LOG.info("adding simple attribute:" + attr.getName());  			} diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java index 6f39ebeeb..c3223ec40 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnRequest.java @@ -331,13 +331,7 @@ public final class STORKAuthnRequest implements Serializable, Cloneable {  	 * @see IPersonalAttributeList  	 */  	public IPersonalAttributeList getPersonalAttributeList() { -		IPersonalAttributeList personnalAttributeList = null; -		try { -			personnalAttributeList = (IPersonalAttributeList) attributeList.clone(); -		} catch (CloneNotSupportedException e1) { -			LOG.trace("[PersonalAttribute] Nothing to do."); -		} -		return personnalAttributeList; +		return (IPersonalAttributeList) attributeList.clone();  	}  	/** diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java index 4b415bbcf..32bfd0df0 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/STORKAuthnResponse.java @@ -14,6 +14,7 @@  package eu.stork.peps.auth.commons;  import java.io.Serializable; +import java.util.ArrayList;  import java.util.List;  import org.apache.log4j.Logger; @@ -26,7 +27,7 @@ import org.opensaml.saml2.core.Assertion;   * @author ricardo.ferreira@multicert.com, renato.portela@multicert.com, luis.felix@multicert.com, hugo.magalhaes@multicert.com, paulo.ribeiro@multicert.com   * @version $Revision: 1.15 $, $Date: 2010-11-17 05:15:28 $   */ -public final class STORKAuthnResponse implements Serializable { +public final class STORKAuthnResponse implements Serializable, Cloneable {  	/** The Constant serialVersionUID. */  	private static final long serialVersionUID = -9100982727074068660L; @@ -167,13 +168,7 @@ public final class STORKAuthnResponse implements Serializable {  	 * @see PersonalAttributeList  	 */  	public IPersonalAttributeList getPersonalAttributeList() { -		IPersonalAttributeList personnalAttributeList = null; -		try { -			personnalAttributeList = (IPersonalAttributeList) attributeList.clone(); -		} catch (CloneNotSupportedException e1) { -			LOG.trace("[PersonalAttribute] Nothing to do."); -		} -		return personnalAttributeList; +		return (IPersonalAttributeList) attributeList.clone();  	}  	/** @@ -347,13 +342,25 @@ public final class STORKAuthnResponse implements Serializable {  	 * @see PersonalAttributeList  	 */  	public IPersonalAttributeList getTotalPersonalAttributeList() { -		IPersonalAttributeList personnalAttributeList = null; -		try { -			personnalAttributeList = (IPersonalAttributeList) totalAttributeList.clone(); -		} catch (CloneNotSupportedException e1) { -			LOG.trace("[PersonalAttribute] Nothing to do."); +		return (IPersonalAttributeList) totalAttributeList.clone(); +	} + +	public List<PersonalAttribute> getNormalizedPersonalAttributeList() { +		List<PersonalAttribute> returnAttrList = new ArrayList<PersonalAttribute>(); + +		if (this.totalAttributeList.isEmpty()) { +			this.totalAttributeList = this.attributeList; +		} + +		for (PersonalAttribute pa : this.totalAttributeList) { +			// Get the shortname of the attribute by removing +			// the attached assertionId, if there is one and +			// put the shortname as the attribute name +			pa.setName(pa.getName().split("_")[0]); +			// We add it to the return list. +			returnAttrList.add(pa);  		} -		return personnalAttributeList; +		return returnAttrList;  	}  	/** diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java index 6eaa63c5a..82ec6d3b4 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java @@ -71,19 +71,19 @@ public class ObjectFactory {  	}  	/** -	 * Create an instance of {@link MandateType } -	 *  +	 * Create an instance of {@link RequestedAttributeType } +	 *  	 */ -	public MandateType createMandateType() { -		return new MandateType(); +	public RequestedAttributeType createRequestedAttributeType() { +		return new RequestedAttributeType();  	}  	/** -	 * Create an instance of {@link RequestedAttributeType } -	 *  +	 * Create an instance of {@link MandateType } +	 *  	 */ -	public RequestedAttributeType createRequestedAttributeType() { -		return new RequestedAttributeType(); +	public MandateType createMandateType() { +		return new MandateType();  	}  	/** diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java index f4d084a79..1dcaf4c95 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java @@ -97,7 +97,14 @@ public class SAMLEngine {  	/** The Constant SAML_ENGINE_FILE_CONF. */  	private static final String SAML_ENGINE_FILE_CONF = "fileConfiguration"; -	/** The codification of characters. */ +	/** +	 * Additional trust store for HW signing +	 */ +	private static final String HW_TRUST_STORE_CONF = "softTrustStoreConfig"; + +	/** +	 * The codification of characters. +	 */  	private static final String CHARACTER_ENCODING = "UTF-8";  	/** The SAML core. */ diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java index 6a7e1f7c0..7bf5d5ca8 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java @@ -202,8 +202,7 @@ public final class STORKSAMLEngine extends SAMLEngine {  		try {  			engine = new STORKSAMLEngine(nameInstance.trim());  		} catch (Exception e) { -			LOG.error("Error getting instance: " + nameInstance); -			e.printStackTrace(); +			LOG.error("Error get instance: " + nameInstance);  		}  		return engine;  	} @@ -389,15 +388,9 @@ public final class STORKSAMLEngine extends SAMLEngine {  		final Subject subject = SAMLEngineUtils.generateSubject(); -		// Mandatory STORK verified -		// String format = NameID.UNSPECIFIED -		// specification: 'SAML:2.0' exist -		// opensaml: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" -		// opensaml "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" -		final String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"; +		final String format = super.getSamlCoreProperties().getFormat();  		final String nameQualifier = ""; -  		LOG.debug("Generate NameID");  		final NameID nameId = SAMLEngineUtils.generateNameID(super.getSamlCoreProperties().getResponder(), format, nameQualifier);  		nameId.setValue(format); @@ -1102,7 +1095,6 @@ public final class STORKSAMLEngine extends SAMLEngine {  		// Validate Parameters mandatories  		validateParamAttrQueryReq(request); -		// final AttributeQuery attrQueryRequestAux = SAMLEngineUtils  		final CustomAttributeQuery attrQueryRequestAux = SAMLEngineUtils.generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime());  		// Set name spaces. @@ -1930,6 +1922,8 @@ public final class STORKSAMLEngine extends SAMLEngine {  			citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils.createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME);  			citizenCountryCode.setCitizenCountryCode(request.getCitizenCountryCode().toUpperCase()); + +			extensions.getUnknownXMLObjects().add(citizenCountryCode);  		}  		SPID spid = null; @@ -1938,6 +1932,8 @@ public final class STORKSAMLEngine extends SAMLEngine {  			spid = (SPID) SAMLEngineUtils.createSamlObject(SPID.DEF_ELEMENT_NAME);  			spid.setSPID(request.getSPID().toUpperCase()); + +			extensions.getUnknownXMLObjects().add(spid);  		}  		return extensions; @@ -2493,11 +2489,6 @@ public final class STORKSAMLEngine extends SAMLEngine {  			throw new STORKSAMLEngineException("StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");  		} -		// Destination of the request - not mandatory -		/* -		 * if (StringUtils.isBlank(request.getDestination())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Destination is mandatory."); } -		 */ -  		// SP country is empty  		if (StringUtils.isBlank(request.getSpCountry())) {  			throw new STORKSAMLEngineException("StorkSamlEngine: SP country is mandatory."); @@ -2525,12 +2516,7 @@ public final class STORKSAMLEngine extends SAMLEngine {  	 */  	private void validateParamLogoutReq(final STORKLogoutRequest request) throws STORKSAMLEngineException {  		LOG.info("Validate parameters from logout request."); -  		// URL to which AP Response must be sent. -		/* -		 * if (StringUtils.isBlank(request.get())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); } -		 */ -  		// Destination of the request  		if (StringUtils.isBlank(request.getDestination())) {  			throw new STORKSAMLEngineException("StorkSamlEngine: Destination is mandatory."); @@ -2591,9 +2577,9 @@ public final class STORKSAMLEngine extends SAMLEngine {  			throw new STORKSAMLEngineException("Issuer must be not empty or null.");  		} -		if (responseAuthReq.getPersonalAttributeList() == null || responseAuthReq.getPersonalAttributeList().isEmpty()) { -			LOG.error("PersonalAttributeList is null or empty."); -			throw new STORKSAMLEngineException("PersonalAttributeList is null or empty."); +		if (responseAuthReq.getPersonalAttributeList() == null) { +			LOG.error("PersonalAttributeList is null."); +			throw new STORKSAMLEngineException("PersonalAttributeList is null.");  		}  		if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { @@ -2627,10 +2613,6 @@ public final class STORKSAMLEngine extends SAMLEngine {  			throw new STORKSAMLEngineException("PersonalAttributeList is null or empty.");  		} -		/* -		 * if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { throw new STORKSAMLEngineException( "assertionConsumerServiceURL is null or empty."); } -		 */ -  		if (StringUtils.isBlank(request.getSamlId())) {  			throw new STORKSAMLEngineException("request ID is null or empty.");  		} @@ -2840,7 +2822,6 @@ public final class STORKSAMLEngine extends SAMLEngine {  		attrRequest.setDestination(samlRequest.getDestination());  		attrRequest.setAssertionConsumerServiceURL(samlRequest.getAssertionConsumerServiceURL()); -		/* authnRequest.setProviderName(samlRequest.getProviderName()); */  		attrRequest.setIssuer(samlRequest.getIssuer().getValue());  		// Delete unknown elements from requested ones @@ -2881,13 +2862,15 @@ public final class STORKSAMLEngine extends SAMLEngine {  		final LogoutRequest samlRequest = (LogoutRequest) validateStorkSaml(tokenSaml); -		LOG.debug("Validate Extensions."); -		final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator(); -		try { -			validatorExt.validate(samlRequest.getExtensions()); -		} catch (ValidationException e) { -			LOG.error("ValidationException: validate Extensions.", e); -			throw new STORKSAMLEngineException(e); +		if (samlRequest.getExtensions() != null) { +			LOG.debug("Validate Extensions."); +			final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator(); +			try { +				validatorExt.validate(samlRequest.getExtensions()); +			} catch (ValidationException e) { +				LOG.error("ValidationException: validate Extensions.", e); +				throw new STORKSAMLEngineException(e); +			}  		}  		LOG.debug("Generate STORKLogoutRequest."); @@ -2909,6 +2892,43 @@ public final class STORKSAMLEngine extends SAMLEngine {  	}  	/** +	 * Validate stork logout response. +	 *  +	 * @param tokenSaml +	 *            The SAML token +	 *  +	 * @return the STORK logout response +	 *  +	 * @throws STORKSAMLEngineException +	 *             the STORKSAML engine exception +	 */ +	public STORKLogoutResponse validateSTORKLogoutResponse(final byte[] tokenSaml) throws STORKSAMLEngineException { + +		LOG.info("validate STORK Logout Response"); + +		final LogoutResponse samlRes = (LogoutResponse) validateStorkSaml(tokenSaml); + +		LOG.debug("Generate STORKLogoutResponse."); +		final STORKLogoutResponse logoutRes = new STORKLogoutResponse(); + +		try { +			logoutRes.setTokenSaml(super.signAndMarshall(samlRes)); +		} catch (SAMLEngineException e) { +			LOG.error("Sign and Marshall.", e); +			throw new STORKSAMLEngineException(e); +		} + +		logoutRes.setAlias(this.getAlias(samlRes.getSignature().getKeyInfo(), super.getSigner().getTrustStore())); +		logoutRes.setSamlId(samlRes.getID()); +		logoutRes.setDestination(samlRes.getDestination()); +		logoutRes.setIssuer(samlRes.getIssuer().getValue()); +		logoutRes.setStatusCode(samlRes.getStatus().getStatusCode().getValue().toString()); +		logoutRes.setStatusMessage(samlRes.getStatus().getStatusMessage().getMessage().toString()); +		logoutRes.setInResponseTo(samlRes.getInResponseTo()); +		return logoutRes; +	} + +	/**  	 * Validate stork authentication response.  	 *   	 * @param tokenSaml @@ -3060,16 +3080,15 @@ public final class STORKSAMLEngine extends SAMLEngine {  		authnResponse.setAssertions(samlResponse.getAssertions());  		if (samlResponse.getAssertions().size() > 1) {  			PersonalAttributeList total = new PersonalAttributeList(); -			List<IPersonalAttributeList> attrList = new ArrayList(); +			List<IPersonalAttributeList> attrList = new ArrayList<IPersonalAttributeList>();  			for (int i = 0; i < samlResponse.getAssertions().size(); i++) {  				Assertion tempAssertion = (Assertion) samlResponse.getAssertions().get(i);  				IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion);  				if (temp != null) {  					attrList.add(temp); -					for (PersonalAttribute attribute : temp) { -						PersonalAttribute attr = (PersonalAttribute) attribute.clone(); -						attr.setName(attr.getName() + tempAssertion.getID()); -						total.add(attr); +					for (PersonalAttribute attribute : (IPersonalAttributeList) temp.clone()) { +						attribute.setName(attribute.getName() + tempAssertion.getID()); +						total.add(attribute);  					}  				}  			} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java index 175084048..73d7e4f62 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java @@ -25,7 +25,7 @@ public final class X509PrincipalUtil {  	 * @param principal2  	 * @return true if arguments are not null and equals  	 */ -	public static boolean equals(X509Principal principal1, X509Principal principal2) { +	public static boolean X509equals(X509Principal principal1, X509Principal principal2) {  		boolean continueProcess = true;  		if (principal1 == null || principal2 == null) {  			return false; diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java index 922e7e61e..16b9afd18 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java @@ -55,6 +55,9 @@ public enum SAMLCore {  	/** The RESPONDE r_ tag. */  	RESPONDER_TAG("responder"), +	 +	/** The format r_tag. */ +	FORMAT_TAG("format"),  	/** The STOR k10_ ns. */  	STORK10_NS("urn:eu:stork:names:tc:STORK:1.0:assertion"), diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java index 13d2f0af4..2a548ca6f 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java @@ -73,7 +73,11 @@ public final class STORKSAMLCore {  	/** The responder. */  	private String responder = null; -	/** The SAML core properties. */ +	private String format = null; + +	/** +	 * The SAML core properties. +	 */  	private Properties samlCoreProp = null;  	/** The time not on or after. */ @@ -189,6 +193,15 @@ public final class STORKSAMLCore {  	}  	/** +	 * return the format string. +	 *  +	 * @return +	 */ +	public String getFormat() { +		return this.format; +	} + +	/**  	 * Gets the time not on or after.  	 *   	 * @return the time not on or after @@ -330,6 +343,8 @@ public final class STORKSAMLCore {  			requester = samlCoreProp.getProperty(SAMLCore.REQUESTER_TAG.getValue());  			responder = samlCoreProp.getProperty(SAMLCore.RESPONDER_TAG.getValue()); +			format = samlCoreProp.getProperty(SAMLCore.FORMAT_TAG.getValue(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"); +  		} catch (SAMLEngineException e) {  			LOGGER.error("SAMLCore: error loadConfiguration. ", e);  			throw new STORKSAMLEngineRuntimeException(e); @@ -492,6 +507,15 @@ public final class STORKSAMLCore {  	}  	/** +	 * Sets the format string +	 *  +	 * @param newFormat +	 */ +	public void setFormat(final String newFormat) { +		this.format = newFormat; +	} + +	/**  	 * Sets the time not on or after.  	 *   	 * @param newTimeNotOnOrAft diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java index 907b9bf68..9f602aba1 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java @@ -102,9 +102,4 @@ public final class AuthenticationAttributesImpl extends AbstractSignableSAMLObje  		vIDPAuthenAttr = prepareForAssignment(this.vIDPAuthenAttr, newVIDPAuthenAttr);  	} -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	}  } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java index 003d56b46..aa4c725f1 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java @@ -77,9 +77,4 @@ public class CitizenCountryCodeImpl extends AbstractSAMLObject implements Citize  		return null;  	} -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	}  } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java index b5d194c7f..13cc3d287 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java @@ -77,9 +77,4 @@ public class EIDCrossBorderShareImpl extends AbstractSAMLObject implements EIDCr  		return null;  	} -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	} -}
\ No newline at end of file +} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java index f2762e327..2e3f6ab7e 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java @@ -78,9 +78,4 @@ public class EIDCrossSectorShareImpl extends AbstractSAMLObject implements EIDCr  		return null;  	} -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	} -}
\ No newline at end of file +} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java index 423cf8b25..e74ce1fec 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java @@ -77,9 +77,4 @@ public class QAAAttributeImpl extends AbstractSAMLObject implements QAAAttribute  		return null;  	} -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	}  } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java index e7ac7213b..2537d3794 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java @@ -213,9 +213,4 @@ public class RequestedAttributeImpl extends AbstractSAMLObject implements Reques  		this.unknownAttributes = newUnknownAttr;  	} -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	}  } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java index 276697d6a..7f09d611f 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java @@ -77,9 +77,4 @@ public class SPApplicationImpl extends AbstractSAMLObject implements SPApplicati  		return null;  	} -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	}  } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java index 404a90079..ea9085867 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java @@ -77,9 +77,4 @@ public class SPCountryImpl extends AbstractSAMLObject implements SPCountry {  		return null;  	} -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	}  } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java index cea51a5a8..03dea20ed 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java @@ -77,9 +77,4 @@ public class SPIDImpl extends AbstractSAMLObject implements SPID {  		return null;  	} -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	}  } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java index 4089f0862..41b3d8998 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java @@ -101,9 +101,4 @@ public final class SPInformationImpl extends AbstractSignableSAMLObject implemen  		this.spId = prepareForAssignment(this.spId, newSPId);  	} -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	}  } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java index 054481744..ed0a75f35 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java @@ -77,9 +77,4 @@ public class SPInstitutionImpl extends AbstractSAMLObject implements SPInstituti  		return null;  	} -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	}  } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java index 6e23d7f24..1cd5fb761 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java @@ -72,6 +72,7 @@ import eu.stork.peps.exceptions.SAMLEngineException;   * The Class HWSign. Module of sign.   *    * @author fjquevedo + * @author advania   */  public final class SignHW implements SAMLEngineSignI { @@ -79,14 +80,19 @@ public final class SignHW implements SAMLEngineSignI {  	private static final String CONF_FILE = "configurationFile";  	/** -	 * The Constant KEYSTORE_TYPE. private static final String KEYSTORE_TYPE = "keystoreType" +	 * The Constant KEYSTORE_TYPE.  	 */ +	private static final String KEYSTORE_TYPE = "keystoreType";  	/** The logger. */  	private static final Logger LOG = LoggerFactory.getLogger(SignHW.class.getName());  	/** The stork own key store. */  	private KeyStore storkOwnKeyStore = null; +	/** +	 * The soft trust key store. +	 */ +	private SignSW swTrustStore = null;  	/**  	 * Gets the stork own key store. @@ -160,6 +166,12 @@ public final class SignHW implements SAMLEngineSignI {  			throw new SAMLEngineException(e);  		} finally {  			IOUtils.closeQuietly(inputStr); +			/** +			 * Init the soft keystore to validate with. trustStoreConfig is read from the SignModule config file and should refer to the keystore containing trusted certificates. +			 */ +			swTrustStore = new SignSW(); +			swTrustStore.init(properties.getProperty("trustStoreConfig")); +			swTrustStore.loadCryptServiceProvider();  		}  	} @@ -204,7 +216,7 @@ public final class SignHW implements SAMLEngineSignI {  				X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());  				X509Principal issuerDNConf = new X509Principal(issuer); -				if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) { +				if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {  					alias = aliasCert;  					find = true;  				} @@ -339,56 +351,14 @@ public final class SignHW implements SAMLEngineSignI {  	 *             exception in validate signature  	 */  	public SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException { -		LOG.info("Start signature validation."); +		LOG.info("Start signature validation HW."); +		/* +		 * we are using the soft signature class to validate the signatures. This way we use the same key store code and validation that is used there. +		 */  		try { - -			// Validate structure signature -			final SAMLSignatureProfileValidator signProfValidator = new SAMLSignatureProfileValidator(); - -			// Indicates signature id conform to SAML Signature profile -			signProfValidator.validate(tokenSaml.getSignature()); - -			String aliasCert; -			X509Certificate certificate; - -			final List<Credential> trustedCred = new ArrayList<Credential>(); - -			for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements();) { -				aliasCert = e.nextElement(); -				final BasicX509Credential credential = new BasicX509Credential(); -				certificate = (X509Certificate) storkOwnKeyStore.getCertificate(aliasCert); -				credential.setEntityCertificate(certificate); -				trustedCred.add(credential); -			} - -			final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo(); -			final List<X509Certificate> listCertificates = KeyInfoHelper.getCertificates(keyInfo); - -			if (listCertificates.size() != 1) { -				throw new SAMLEngineException("Only must be one certificate"); -			} - -			// Exist only one certificate -			final BasicX509Credential entityX509Cred = new BasicX509Credential(); -			entityX509Cred.setEntityCertificate(listCertificates.get(0)); - -			final ExplicitKeyTrustEvaluator keyTrustEvaluator = new ExplicitKeyTrustEvaluator(); -			if (!keyTrustEvaluator.validate(entityX509Cred, trustedCred)) { -				throw new SAMLEngineException("Certificate it is not trusted."); -			} - -			final SignatureValidator sigValidator = new SignatureValidator(entityX509Cred); - -			sigValidator.validate(tokenSaml.getSignature()); - -		} catch (final ValidationException e) { -			LOG.error("ValidationException.", e); -			throw new SAMLEngineException(e); -		} catch (final KeyStoreException e) { -			LOG.error("ValidationException.", e); -			throw new SAMLEngineException(e); -		} catch (final CertificateException e) { -			LOG.error("CertificateException.", e); +			swTrustStore.validateSignature(tokenSaml); +		} catch (Exception e) { +			LOG.error("SW ValidationException.", e);  			throw new SAMLEngineException(e);  		}  		return tokenSaml; @@ -408,6 +378,12 @@ public final class SignHW implements SAMLEngineSignI {  		try {  			inputStream = SignHW.class.getResourceAsStream("/" + properties.getProperty(CONF_FILE)); +			final Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(inputStream); +			if (Security.getProperty(pkcs11Provider.getName()) == null) { +				Security.insertProviderAt(pkcs11Provider, Security.getProviders().length); +			} + +			storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE), pkcs11Provider);  		} catch (final Exception e) {  			throw new SAMLEngineException("Error loading CryptographicServiceProvider", e); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java index c91f11444..d5f01a4cc 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java @@ -41,6 +41,7 @@ import eu.stork.peps.auth.engine.X509PrincipalUtil;  import org.apache.commons.io.IOUtils;  import org.apache.commons.lang.NotImplementedException;  import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.jce.provider.BouncyCastleProvider;  import org.opensaml.Configuration;  import org.opensaml.common.SAMLObject;  import org.opensaml.common.SignableSAMLObject; @@ -166,25 +167,25 @@ public final class SignP12 implements SAMLEngineSignI {  		properties = new Properties();  		try {  			try { -				LOG.debug("Fichero a cargar " + fileConf); +				LOG.debug("Loading " + fileConf);  				fileProperties = new FileInputStream(fileConf);  				properties.loadFromXML(fileProperties);  			} catch (Exception e) { -				LOG.error("Fallo al cargar el recurso externo. Se reintenta como fichero interno."); +				LOG.error("Failed to load external resource. Retrieving internal file.");  				fileProperties = SignP12.class.getResourceAsStream("/" + fileConf);  				if (fileProperties == null) {  					fileProperties = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileConf);  					if (fileProperties == null) {  						Enumeration<URL> files = ClassLoader.getSystemClassLoader().getResources(fileConf);  						if (files != null && files.hasMoreElements()) { -							LOG.info("Se han encontrado recurso/s. Se toma el primero."); +							LOG.info("Found /s.");  							fileProperties = ClassLoader.getSystemClassLoader().getResourceAsStream(files.nextElement().getFile());  						} else { -							throw new IOException("No se pudo recuperar el fichero: " + fileConf, e); +							throw new IOException("Could not load file: " + fileConf, e);  						}  					}  				} -				LOG.debug("Recuperados " + fileProperties.available() + " bytes"); +				LOG.debug("Recovered " + fileProperties.available() + " bytes");  				properties.loadFromXML(fileProperties);  			}  		} catch (InvalidPropertiesFormatException e) { @@ -243,7 +244,7 @@ public final class SignP12 implements SAMLEngineSignI {  				X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());  				X509Principal issuerDNConf = new X509Principal(issuer); -				if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) { +				if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {  					alias = aliasCert;  					find = true;  				} @@ -455,23 +456,21 @@ public final class SignP12 implements SAMLEngineSignI {  		FileInputStream fisTrustStore = null;  		try { -			// // Dynamically register Bouncy Castle provider. -			// boolean found = false; -			// // Check if BouncyCastle is already registered as a provider -			// final Provider[] providers = Security.getProviders(); -			// for (int i = 0; i < providers.length; i++) { -			// if (providers[i].getName().equals( -			// BouncyCastleProvider.PROVIDER_NAME)) { -			// found = true; -			// } -			// } -			// -			// // Register only if the provider has not been previously registered -			// if (!found) { -			// LOG.debug("SAMLCore: Register Bouncy Castle provider."); -			// Security.insertProviderAt(new BouncyCastleProvider(), Security -			// .getProviders().length); -			// } +			// Dynamically register Bouncy Castle provider. +			boolean found = false; +			// Check if BouncyCastle is already registered as a provider +			final Provider[] providers = Security.getProviders(); +			for (int i = 0; i < providers.length; i++) { +				if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) { +					found = true; +				} +			} + +			// Register only if the provider has not been previously registered +			if (!found) { +				LOG.debug("SAMLCore: Register Bouncy Castle provider."); +				Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length); +			}  			p12Store = KeyStore.getInstance(properties.getProperty("keystoreType")); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java index e1ae2b8e2..1ca857e9e 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java @@ -12,17 +12,34 @@   * Licence for the specific language governing permissions and limitations under   * the Licence.   */ -  package eu.stork.peps.auth.engine.core.impl; -import eu.stork.peps.auth.engine.X509PrincipalUtil; -import eu.stork.peps.auth.engine.core.CustomAttributeQuery; -import eu.stork.peps.auth.engine.core.SAMLEngineSignI; -import eu.stork.peps.exceptions.SAMLEngineException; +import java.io.ByteArrayInputStream; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.Security; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.InvalidPropertiesFormatException; +import java.util.List; +import java.util.Properties; +  import org.apache.commons.io.IOUtils;  import org.apache.commons.lang.NotImplementedException;  import org.bouncycastle.jce.X509Principal; -//import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.BouncyCastleProvider;  import org.opensaml.Configuration;  import org.opensaml.common.SAMLObject;  import org.opensaml.common.SignableSAMLObject; @@ -41,25 +58,22 @@ import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;  import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;  import org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEvaluator;  import org.opensaml.xml.security.x509.BasicX509Credential; -import org.opensaml.xml.signature.*; +import org.opensaml.xml.signature.KeyInfo;  import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants;  import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.SignatureValidator;  import org.opensaml.xml.signature.Signer;  import org.opensaml.xml.util.Base64;  import org.opensaml.xml.validation.ValidationException;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.*; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.*; +import eu.stork.peps.auth.engine.X509PrincipalUtil; +import eu.stork.peps.auth.engine.core.CustomAttributeQuery; +import eu.stork.peps.auth.engine.core.SAMLEngineSignI; +import eu.stork.peps.exceptions.SAMLEngineException; +  /**   * The Class SWSign. Class responsible for signing and validating of messages SAML with a certificate store software. @@ -215,16 +229,12 @@ public class SignSW implements SAMLEngineSignI {  				final String serialNum = certificate.getSerialNumber().toString(16); -				try { -					X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); -					X509Principal issuerDNConf = new X509Principal(issuer); +				X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); +				X509Principal issuerDNConf = new X509Principal(issuer); -					if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) { -						alias = aliasCert; -						find = true; -					} -				} catch (Exception ex) { -					LOG.error("Exception during signing: " + ex.getMessage()); // Added as a workaround for Bouncycastle email error +				if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) { +					alias = aliasCert; +					find = true;  				}  			}  			if (!find) { @@ -344,7 +354,7 @@ public class SignSW implements SAMLEngineSignI {  	 * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(org.opensaml.common.SignableSAMLObject)  	 */  	public final SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException { -		LOG.info("Start signature validation."); +		LOG.info("Start signature validation SW.");  		try {  			// Validate structure signature @@ -440,23 +450,21 @@ public class SignSW implements SAMLEngineSignI {  		LOG.info("Load Cryptographic Service Provider");  		FileInputStream fis = null;  		try { -			// // Dynamically register Bouncy Castle provider. -			// boolean found = false; -			// // Check if BouncyCastle is already registered as a provider -			// final Provider[] providers = Security.getProviders(); -			// for (int i = 0; i < providers.length; i++) { -			// if (providers[i].getName().equals( -			// BouncyCastleProvider.PROVIDER_NAME)) { -			// found = true; -			// } -			// } -			// -			// // Register only if the provider has not been previously registered -			// if (!found) { -			// LOG.info("SAMLCore: Register Bouncy Castle provider."); -			// Security.insertProviderAt(new BouncyCastleProvider(), Security -			// .getProviders().length); -			// } +			// Dynamically register Bouncy Castle provider. +			boolean found = false; +			// Check if BouncyCastle is already registered as a provider +			final Provider[] providers = Security.getProviders(); +			for (int i = 0; i < providers.length; i++) { +				if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) { +					found = true; +				} +			} + +			// Register only if the provider has not been previously registered +			if (!found) { +				LOG.info("SAMLCore: Register Bouncy Castle provider."); +				Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length); +			}  			storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE)); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java index d7d92ea74..bfb85e357 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java @@ -125,10 +125,4 @@ public final class VIDPAuthenticationAttributesImpl extends AbstractSignableSAML  	public void setSPInformation(SPInformation newSPInformation) {  		this.spInformation = prepareForAssignment(this.spInformation, newSPInformation);  	} - -	@Override -	public int hashCode() { -		LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); -		return super.hashCode(); -	}  } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java index bf7626dc5..04ff153d3 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java @@ -54,8 +54,12 @@ public class QAAAttributeSchemaValidator implements Validator<QAAAttribute> {  		if (DatatypeHelper.isEmpty(qaaAttribute.getQaaLevel())) {  			throw new ValidationException("QAALevel label must be specified.");  		} - -		final int qaa = Integer.valueOf(qaaAttribute.getQaaLevel()); +		int qaa = 0; +		try { +			qaa = Integer.valueOf(qaaAttribute.getQaaLevel()); +		} catch (Exception e) { +			throw new ValidationException("QAALevel is not a valid number!"); +		}  		if (qaa < QAAAttribute.MIN_VALUE || qaa > QAAAttribute.MAX_VALUE) {  			throw new ValidationException("QAALevel label must be greater than 0."); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java index 6e76c52a6..c0197b9db 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java @@ -12,15 +12,8 @@   * Licence for the specific language governing permissions and limitations under   * the Licence.   */ -  package eu.stork.peps.configuration; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.commons.io.IOUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.FileInputStream;  import java.io.IOException;  import java.io.InputStream;  import java.util.HashMap; @@ -28,6 +21,12 @@ import java.util.InvalidPropertiesFormatException;  import java.util.Map;  import java.util.Properties; +import org.apache.commons.io.IOUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import eu.stork.peps.exceptions.STORKSAMLEngineException; +  /**   * The Class InstanceCreator.   * @@ -90,6 +89,7 @@ public final class ConfigurationCreator {  	 *             the STORKSAML engine runtime exception  	 */  	private static Properties getNewInstance(final String fileName) throws STORKSAMLEngineException { +		LOGGER.info("Create file configuration properties to Stork Saml Engine: " + fileName);  		InputStream fileEngineProp = null;  		// fetch base from system properties, give a default if there is nothing configured @@ -115,10 +115,10 @@ public final class ConfigurationCreator {  			configuration.loadFromXML(fileEngineProp);  			return configuration;  		} catch (InvalidPropertiesFormatException e) { -			LOGGER.error("Invalid properties format."); +			LOGGER.error("Invalid properties format: " + fileName);  			throw new STORKSAMLEngineException(e);  		} catch (IOException e) { -			LOGGER.error("Error read file: " + base + fileName); +			LOGGER.error("Error read file: " + fileName);  			throw new STORKSAMLEngineException(e);  		} finally {  			IOUtils.closeQuietly(fileEngineProp); diff --git a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java index 502e0e461..4f22df7fb 100644 --- a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java +++ b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java @@ -59,6 +59,18 @@ public class StorkAttrQueryRequestTest {  		givenName.setValue(Arrays.asList("Sveinbjorn"));  		pal.add(givenName); +		final PersonalAttribute fiscalNumber = new PersonalAttribute(); +		fiscalNumber.setName("fiscalNumber"); +		fiscalNumber.setIsRequired(true); +		fiscalNumber.setValue(Arrays.asList("fiscalNumber")); +		pal.add(fiscalNumber); + +		final PersonalAttribute LPFiscalNumber = new PersonalAttribute(); +		LPFiscalNumber.setName("LPFiscalNumber"); +		LPFiscalNumber.setIsRequired(true); +		LPFiscalNumber.setValue(Arrays.asList("LPFiscalNumber")); +		pal.add(LPFiscalNumber); +  		destination = "http://A-PEPS.gov.xx/PEPS/AttributeColleagueRequest";  		assertConsumerUrl = "http://S-PEPS.gov.xx/PEPS/ColleagueResponse";  		// spName = "University of Oxford"; diff --git a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java index beca213ac..d476ad26e 100644 --- a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java +++ b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java @@ -21,15 +21,12 @@ import java.util.ArrayList;  import org.junit.Ignore;  import org.junit.Test; -  import org.opensaml.xml.parse.BasicParserPool;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.*; +import eu.stork.peps.auth.commons.*;  import eu.stork.peps.auth.engine.STORKSAMLEngine;  import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -68,6 +65,11 @@ public class StorkAuthRequestTest {  		eIDNumber.setIsRequired(true);  		pal.add(eIDNumber); +		final PersonalAttribute LPFiscalNumber = new PersonalAttribute(); +		LPFiscalNumber.setName("LPFiscalNumber"); +		LPFiscalNumber.setIsRequired(true); +		pal.add(LPFiscalNumber); +  		destination = "http://C-PEPS.gov.xx/PEPS/ColleagueRequest";  		assertConsumerUrl = "http://S-PEPS.gov.xx/PEPS/ColleagueResponse"; diff --git a/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml b/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml index 171e05f12..fadef82b2 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml @@ -1,67 +1,85 @@  <?xml version="1.0" encoding="UTF-8"?>  <instances> -	<!-- Configuration name --> -	<instance name="CONF0"> -		<!-- Configurations parameters StorkSamlEngine --> -		<configuration name="SamlEngineConf"> -			<parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" /> -		</configuration> +    <!-- Configuration name --> +    <instance name="CONF0"> +        <!-- Configurations parameters StorkSamlEngine --> +        <configuration name="SamlEngineConf"> +            <parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" /> +        </configuration> -		<!-- Settings module signature --> -		<configuration name="SignatureConf"> -			<!-- Specific signature module --> -			<parameter name="class" -				value="eu.stork.peps.auth.engine.core.impl.SignSW" /> -			<!-- Settings specific module --> -			<parameter name="fileConfiguration" value="SignModule_Conf0.xml" /> -		</configuration> -	</instance> +        <!-- Settings module signature --> +        <configuration name="SignatureConf"> +            <!-- Specific signature module --> +            <parameter name="class" +                       value="eu.stork.peps.auth.engine.core.impl.SignSW" /> +            <!-- Settings specific module --> +            <parameter name="fileConfiguration" value="SignModule_Conf0.xml" /> +            <parameter name="softTrustStoreConfig" value="SignModule_Conf0.xml" /> +        </configuration> +    </instance> -	<!-- ******************** CONF1 ******************** --> -	<!-- Configuration name --> -	<instance name="CONF1"> -		<!-- Configurations parameters StorkSamlEngine --> -		<configuration name="SamlEngineConf"> -			<parameter name="fileConfiguration" value="StorkSamlEngine_Conf1.xml" /> -		</configuration> +    <!-- ******************** CONF1 ******************** --> +    <!-- Configuration name --> +    <instance name="CONF1"> +        <!-- Configurations parameters StorkSamlEngine --> +        <configuration name="SamlEngineConf"> +            <parameter name="fileConfiguration" value="StorkSamlEngine_Conf1.xml" /> +        </configuration> -		<!-- Settings module signature --> -		<configuration name="SignatureConf"> -			<!-- Specific signature module --> -			<parameter name="class" -				value="eu.stork.peps.auth.engine.core.impl.SignSW" /> -			<!-- Settings specific module --> -			<parameter name="fileConfiguration" value="SignModule_Conf1.xml" /> -		</configuration> -	</instance> +        <!-- Settings module signature --> +        <configuration name="SignatureConf"> +            <!-- Specific signature module --> +            <parameter name="class" +                       value="eu.stork.peps.auth.engine.core.impl.SignSW" /> +            <!-- Settings specific module --> +            <parameter name="fileConfiguration" value="SignModule_Conf1.xml" /> +        </configuration> +    </instance> -	<!-- ******************** CONF2 ******************** --> +    <!-- ******************** CONF2 ******************** --> -	<instance name="CONF2"> -		<configuration name="SamlEngineConf"> -			<parameter name="fileConfiguration" value="StorkSamlEngine_Conf2.xml" /> -		</configuration> +    <instance name="CONF2"> +        <configuration name="SamlEngineConf"> +            <parameter name="fileConfiguration" value="StorkSamlEngine_Conf2.xml" /> +        </configuration> -		<configuration name="SignatureConf"> -			<parameter name="class" -				value="eu.stork.peps.auth.engine.core.impl.SignSW" /> -			<parameter name="fileConfiguration" value="SignModule_Conf2.xml" /> -		</configuration> -	</instance> +        <configuration name="SignatureConf"> +            <parameter name="class" +                       value="eu.stork.peps.auth.engine.core.impl.SignSW" /> +            <parameter name="fileConfiguration" value="SignModule_Conf2.xml" /> +        </configuration> +    </instance> -	<!-- ******************** CONF3 ******************** --> +    <!-- ******************** CONF3 ******************** --> -	<instance name="CONF3"> -		<configuration name="SamlEngineConf"> -			<parameter name="fileConfiguration" value="StorkSamlEngine_Conf3.xml" /> -		</configuration> +    <instance name="CONF3"> +        <configuration name="SamlEngineConf"> +            <parameter name="fileConfiguration" value="StorkSamlEngine_Conf3.xml" /> +        </configuration> -		<configuration name="SignatureConf"> -			<parameter name="class" -				value="eu.stork.peps.auth.engine.core.impl.SignSW" /> -			<parameter name="fileConfiguration" value="SignModule_Conf3.xml" /> -		</configuration> -	</instance> +        <configuration name="SignatureConf"> +            <parameter name="class" +                       value="eu.stork.peps.auth.engine.core.impl.SignSW" /> +            <parameter name="fileConfiguration" value="SignModule_Conf3.xml" /> +        </configuration> +    </instance> +	 +    <!-- ******************** CONF4 ******************** --> +    <instance name="CONF4"> +        <!-- Configurations parameters StorkSamlEngine --> +        <configuration name="SamlEngineConf"> +            <parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" /> +        </configuration> + +        <!-- Settings module signature --> +        <configuration name="SignatureConf"> +            <!-- Specific signature module --> +            <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignHW" /> +            <!-- Settings specific module --> +            <parameter name="fileConfiguration" value="SignModule_P11.xml" /> +            <parameter name="softTrustStoreConfig" value="SignModule_Conf0.xml" /> +        </configuration> +    </instance>  </instances>
\ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml index abb071044..295258bb2 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml @@ -1,17 +1,21 @@  <?xml version="1.0" encoding="UTF-8"?>  <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> -<!-- properties> <comment>SWModule sign with JKS.</comment> <entry key="keystorePath">C:\opt\keystores\keyStoreCountry0.jks</entry>  -	<entry key="keyStorePassword">local-demo</entry> <entry key="keyPassword">local-demo</entry>  -	<entry key="issuer">CN=saml-demo-cert,OU=STORK2,O=Advania,L=Reykjavik,ST=Reykjavik,C=IS</entry>  -	<entry key="serialNumber">524D4C6C</entry> <entry key="keystoreType">JKS</entry>  -	</properties --> +<!-- properties> +        <comment>SWModule sign with JKS.</comment> +        <entry key="keystorePath">C:\opt\keystores\keyStoreCountry0.jks</entry> +        <entry key="keyStorePassword">local-demo</entry> +        <entry key="keyPassword">local-demo</entry> +        <entry key="issuer">CN=saml-demo-cert,OU=STORK2,O=Advania,L=Reykjavik,ST=Reykjavik,C=IS</entry> +        <entry key="serialNumber">524D4C6C</entry> +        <entry key="keystoreType">JKS</entry> +</properties-->  <properties> -	<comment>SWModule sign with JKS.</comment> -	<entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry> -	<entry key="keyStorePassword">local-demo</entry> -	<entry key="keyPassword">local-demo</entry> -	<entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> -	<entry key="serialNumber">4BA89DB2</entry> -	<entry key="keystoreType">JKS</entry> +    <comment>SWModule sign with JKS.</comment> +    <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry> +    <entry key="keyStorePassword">local-demo</entry> +    <entry key="keyPassword">local-demo</entry> +    <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> +    <entry key="serialNumber">4BA89DB2</entry> +    <entry key="keystoreType">JKS</entry>  </properties>
\ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml index e556a7331..ffd41cb61 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml @@ -2,11 +2,11 @@  <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">  <properties> -	<comment>SWModule sign with JKS.</comment> -	<entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry> -	<entry key="keyStorePassword">local-demo</entry> -	<entry key="keyPassword">local-demo</entry> -	<entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> -	<entry key="serialNumber">4BA89DB2</entry> -	<entry key="keystoreType">JKS</entry> +    <comment>SWModule sign with JKS.</comment> +    <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry> +    <entry key="keyStorePassword">local-demo</entry> +    <entry key="keyPassword">local-demo</entry> +    <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> +    <entry key="serialNumber">4BA89DB2</entry> +    <entry key="keystoreType">JKS</entry>  </properties>
\ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml index 3da1e33df..21b73d49d 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml @@ -2,11 +2,11 @@  <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">  <properties> -	<comment>SWModule sign with JKS.</comment> -	<entry key="keystorePath">C:\opt\keystores\keyStoreCountry2.jks</entry> -	<entry key="keyStorePassword">local-demo</entry> -	<entry key="keyPassword">local-demo</entry> -	<entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> -	<entry key="serialNumber">4BA89DB2</entry> -	<entry key="keystoreType">JKS</entry> +    <comment>SWModule sign with JKS.</comment> +    <entry key="keystorePath">C:\opt\keystores\keyStoreCountry2.jks</entry> +    <entry key="keyStorePassword">local-demo</entry> +    <entry key="keyPassword">local-demo</entry> +    <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> +    <entry key="serialNumber">4BA89DB2</entry> +    <entry key="keystoreType">JKS</entry>  </properties>
\ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml index 4c14a1711..f9ebc85cc 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml @@ -2,11 +2,11 @@  <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">  <properties> -	<comment>SWModule sign with JKS.</comment> -	<entry key="keystorePath">C:\opt\keystores\keyStoreCountry3.jks</entry> -	<entry key="keyStorePassword">local-demo</entry> -	<entry key="keyPassword">local-demo</entry> -	<entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> -	<entry key="serialNumber">4BA89DB2</entry> -	<entry key="keystoreType">JKS</entry> +    <comment>SWModule sign with JKS.</comment> +    <entry key="keystorePath">C:\opt\keystores\keyStoreCountry3.jks</entry> +    <entry key="keyStorePassword">local-demo</entry> +    <entry key="keyPassword">local-demo</entry> +    <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> +    <entry key="serialNumber">4BA89DB2</entry> +    <entry key="keystoreType">JKS</entry>  </properties>
\ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml index c683d97c3..0e95da1f2 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml @@ -2,10 +2,11 @@  <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">  <properties> -	<comment>HWModule sign with interface PKCS11.</comment> -	<entry key="configurationFile">p11Config.cfg</entry> -	<entry key="keyPassword">*******</entry> -	<entry key="issuer">CN=XXXXXXXXX</entry> -	<entry key="serialNumber">xxxxxxxxxxxxxx</entry> -	<entry key="keystoreType">PKCS11</entry> +    <comment>HWModule sign with interface PKCS11.</comment> +    <entry key="configurationFile">p11Conf.cfg</entry> +    <entry key="keyPassword">12345</entry> +    <entry key="issuer">CN=Test Certificate</entry> +    <entry key="serialNumber">147d4b07db8</entry> +    <entry key="keystoreType">PKCS11</entry> +    <entry key="trustStoreConfig">SignModule_Conf0.xml</entry>  </properties>
\ No newline at end of file | 
