aboutsummaryrefslogtreecommitdiff
path: root/id/oa/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/oa/src/main/java/at')
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java62
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java30
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java27
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java4
4 files changed, 71 insertions, 52 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 4bce49465..0b8251386 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -43,6 +43,7 @@ import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
@@ -124,7 +125,7 @@ public class Authenticate extends HttpServlet {
serviceURL = serviceURL + "/";
//name.setValue(serviceURL);
issuer.setValue(serviceURL);
-
+
// subject.setNameID(name);
// authReq.setSubject(subject);
issuer.setFormat(NameIDType.ENTITY);
@@ -155,13 +156,21 @@ public class Authenticate extends HttpServlet {
for (SingleSignOnService sss :
idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
+// //Get the service address for the binding you wish to use
+// if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+// redirectEndpoint = sss;
+// }
+
//Get the service address for the binding you wish to use
- if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
redirectEndpoint = sss;
}
+
}
authReq.setDestination(redirectEndpoint.getLocation());
+ //authReq.setDestination("http://test.test.test");
+
RequestedAuthnContext reqAuthContext =
SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
@@ -191,32 +200,47 @@ public class Authenticate extends HttpServlet {
authReq.setSignature(signer);
//generate Http-POST Binding message
- VelocityEngine engine = new VelocityEngine();
- engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
- engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
- engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
- engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
- engine.setProperty("classpath.resource.loader.class",
- "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
- engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
- "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
- engine.init();
-
- HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
- "templates/pvp_postbinding_template.html");
+// VelocityEngine engine = new VelocityEngine();
+// engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+// engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+// engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+// engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+// engine.setProperty("classpath.resource.loader.class",
+// "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+// engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
+// "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
+// engine.init();
+//
+// HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+// "templates/pvp_postbinding_template.html");
+// HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+// response, true);
+// BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+// SingleSignOnService service = new SingleSignOnServiceBuilder()
+// .buildObject();
+// service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+// service.setLocation(redirectEndpoint.getLocation());;
+//
+// context.setOutboundSAMLMessageSigningCredential(authcredential);
+// context.setPeerEntityEndpoint(service);
+// context.setOutboundSAMLMessage(authReq);
+// context.setOutboundMessageTransport(responseAdapter);
+
+ //generate Redirect Binding message
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
response, true);
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
SingleSignOnService service = new SingleSignOnServiceBuilder()
.buildObject();
- service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- service.setLocation(redirectEndpoint.getLocation());;
-
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(redirectEndpoint.getLocation());
context.setOutboundSAMLMessageSigningCredential(authcredential);
context.setPeerEntityEndpoint(service);
context.setOutboundSAMLMessage(authReq);
context.setOutboundMessageTransport(responseAdapter);
-
+ //context.setRelayState(relayState);
+
encoder.encode(context);
} catch (Exception e) {
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
index 65a4ab2a7..67321ca7e 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
@@ -42,13 +42,13 @@ import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
+import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EncryptionMethod;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
@@ -57,9 +57,6 @@ import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.ServiceName;
import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.saml2.metadata.impl.EncryptionMethodBuilder;
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.encryption.OAEPparams;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
@@ -77,10 +74,11 @@ import at.gv.egovernment.moa.id.demoOA.Constants;
import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
import at.gv.egovernment.moa.id.demoOA.utils.AttributeListBuilder;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
import at.iaik.commons.util.MiscUtil;
public class BuildMetadata extends HttpServlet {
+ Logger log = Logger.getLogger(BuildMetadata.class);
+
private static final long serialVersionUID = 1L;
private static final int VALIDUNTIL_IN_HOURS = 24;
@@ -119,7 +117,7 @@ public class BuildMetadata extends HttpServlet {
String name = config.getPVP2MetadataEntitiesName();
if (MiscUtil.isEmpty(name)) {
- Logger.info("NO Metadata EntitiesName configurated");
+ log.info("NO Metadata EntitiesName configurated");
throw new ConfigurationException("NO Metadata EntitiesName configurated");
}
@@ -143,7 +141,7 @@ public class BuildMetadata extends HttpServlet {
if (!serviceURL.endsWith("/"))
serviceURL = serviceURL + "/";
- Logger.debug("Set OnlineApplicationURL to " + serviceURL);
+ log.debug("Set OnlineApplicationURL to " + serviceURL);
spEntityDescriptor.setEntityID(serviceURL);
SPSSODescriptor spSSODescriptor = SAML2Utils
@@ -165,7 +163,7 @@ public class BuildMetadata extends HttpServlet {
config.getPVP2KeystoreMetadataKeyPassword().toCharArray());
- Logger.debug("Set Metadata key information");
+ log.debug("Set Metadata key information");
//Set MetaData Signing key
KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils
.createSAMLObject(KeyDescriptor.class);
@@ -213,7 +211,7 @@ public class BuildMetadata extends HttpServlet {
spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
} else {
- Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
+ log.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
}
@@ -293,32 +291,32 @@ public class BuildMetadata extends HttpServlet {
response.getOutputStream().close();
} catch (ConfigurationException e) {
- Logger.warn("Configuration can not be loaded.", e);
+ log.warn("Configuration can not be loaded.", e);
throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
} catch (NoSuchAlgorithmException e) {
- Logger.warn("Requested Algorithm could not found.", e);
+ log.warn("Requested Algorithm could not found.", e);
throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
} catch (ParserConfigurationException e) {
- Logger.warn("PVP2 Metadata createn error", e);
+ log.warn("PVP2 Metadata createn error", e);
throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
} catch (TransformerConfigurationException e) {
- Logger.warn("PVP2 Metadata createn error", e);
+ log.warn("PVP2 Metadata createn error", e);
throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
} catch (TransformerFactoryConfigurationError e) {
- Logger.warn("PVP2 Metadata createn error", e);
+ log.warn("PVP2 Metadata createn error", e);
throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
} catch (TransformerException e) {
- Logger.warn("PVP2 Metadata createn error", e);
+ log.warn("PVP2 Metadata createn error", e);
throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
}
catch (Exception e) {
- Logger.warn("Unspecific PVP2 Metadata createn error", e);
+ log.warn("Unspecific PVP2 Metadata createn error", e);
throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
}
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index cde9451a4..cfc170011 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -23,7 +23,6 @@
package at.gv.egovernment.moa.id.demoOA.servlet.pvp2;
import java.io.IOException;
-import java.security.Key;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;
@@ -34,6 +33,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.apache.log4j.Logger;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
@@ -56,7 +56,6 @@ import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.opensaml.xml.security.criteria.UsageCriteria;
@@ -77,12 +76,11 @@ import at.gv.egovernment.moa.id.demoOA.Constants;
import at.gv.egovernment.moa.id.demoOA.PVPConstants;
import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-
public class DemoApplication extends HttpServlet {
-
+ Logger log = Logger.getLogger(DemoApplication.class);
+
private static final long serialVersionUID = -2129228304760706063L;
@@ -97,7 +95,7 @@ public class DemoApplication extends HttpServlet {
String method = request.getMethod();
HttpSession session = request.getSession();
if (session == null) {
- Logger.info("NO HTTP Session");
+ log.info("NO HTTP Session");
bean.setErrorMessage("NO HTTP session");
setAnser(request, response, bean);
return;
@@ -120,7 +118,7 @@ public class DemoApplication extends HttpServlet {
Signature sign = samlResponse.getSignature();
if (sign == null) {
- Logger.info("Only http POST Requests can be used");
+ log.info("Only http POST Requests can be used");
bean.setErrorMessage("Only http POST Requests can be used");
setAnser(request, response, bean);
return;
@@ -150,7 +148,7 @@ public class DemoApplication extends HttpServlet {
ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver);
trustEngine.validate(sign, criteriaSet);
- Logger.info("PVP2 Assertion is valid");
+ log.info("PVP2 Assertion is valid");
//set assertion
org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
@@ -166,7 +164,7 @@ public class DemoApplication extends HttpServlet {
if (encryAssertionList != null && encryAssertionList.size() > 0) {
//decrypt assertions
- Logger.debug("Found encryped assertion. Start decryption ...");
+ log.debug("Found encryped assertion. Start decryption ...");
KeyStore keyStore = config.getPVP2KeyStore();
@@ -192,7 +190,7 @@ public class DemoApplication extends HttpServlet {
}
- Logger.debug("Assertion decryption finished. ");
+ log.debug("Assertion decryption finished. ");
} else {
saml2assertions = samlResponse.getAssertions();
@@ -215,13 +213,12 @@ public class DemoApplication extends HttpServlet {
String strAttributeName = attributes.get(x).getDOM().getAttribute("Name");
if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME))
- familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent();
-
+ familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME))
- givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent();
+ givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) {
- birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent();
+ birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
}
}
}
@@ -249,7 +246,7 @@ public class DemoApplication extends HttpServlet {
}
} catch (Exception e) {
- Logger.warn(e);
+ log.warn(e);
bean.setErrorMessage("Internal Error: " + e.getMessage());
setAnser(request, response, bean);
return;
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
index eecb691c0..1dcc66a56 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
@@ -56,9 +56,9 @@ public class AttributeListBuilder implements PVPConstants{
requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true));
requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true));
requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
- requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, true));
- requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, true));
requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));