aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java182
1 files changed, 0 insertions, 182 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
deleted file mode 100644
index f9589950f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
+++ /dev/null
@@ -1,182 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- *
- */
-package at.gv.egovernment.moa.id.auth.stork;
-
-import org.opensaml.xml.validation.ValidationException;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
-import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.XMLUtil;
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.mw.messages.saml.STORKResponse;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.util.SAMLUtil;
-
-/**
- * Verifies the SMAL response according to the STORK specification
- * @author bzwattendorfer
- *
- */
-public class PEPSConnectorResponseVerifier implements ResponseVerifier {
-
-
- /* (non-Javadoc)
- * @see eu.stork.mw.peps.connector.validation.ResponseVerifier#verify(org.opensaml.saml2.core.Response)
- */
- public void verify(STORKResponse response) throws SecurityException {
-
- verifySignature(response);
- Logger.debug("Signature of SAML response valid.");
-
- verifyStandardValidation(response);
-
- Logger.debug("SAML response format valid.");
-
- }
-
-
- private void verifySignature(STORKResponse response) throws SecurityException {
- //validate Signature
- try {
- if (response.isSigned()) {
-
- String trustProfileID = AuthConfigurationProvider.getInstance().getStorkConfig().getSignatureVerificationParameter().getTrustProfileID();
-
- Logger.trace("Starting validation of Signature references");
- try {
- SAMLUtil.validateSignatureReferences(response);
- } catch (ValidationException e) {
- Logger.error("Validation of XML Signature refrences failed: " + e.getMessage());
- throw new SecurityException(e);
- }
- Logger.debug("XML Signature references are OK.");
-
- Logger.debug("Invoking MOA-SP with TrustProfileID: " + trustProfileID);
-
- // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
- .build(XMLUtil.printXML(response.getDOM()).getBytes(), trustProfileID);
-
- Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built");
-
- Logger.trace("Calling MOA-SP");
- // invokes the call
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
- .verifyXMLSignature(domVerifyXMLSignatureRequest);
-
- // parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
- domVerifyXMLSignatureResponse).parseData();
-
- Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP");
-
- if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) {
- String msg = "Signature of SAMLResponse not valid";
- Logger.error(msg);
- throw new SecurityException(msg);
- }
-
- Logger.debug("Signature of SAML response successfully verified");
-
- if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
- String msg = "Certificate of SAMLResponse not valid";
- Logger.error(msg);
- throw new SecurityException(msg);
- }
-
- Logger.debug("Signing certificate of SAML response succesfully verified");
-
- } else {
- String msg = "SAML Response is not signed.";
- throw new SecurityException(msg);
- }
-
- } catch (ConfigurationException e) {
- String msg = "Unable to load STORK configuration for STORK SAML Response signature verification.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- } catch (ParseException e) {
- String msg = "Unable to parse VerifyXMLSignature Request or Response.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- } catch (BuildException e) {
- String msg = "Unable to parse VerifyXMLSignature Request or Response.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- } catch (ServiceException e) {
- String msg = "Unable to invoke MOA-SP.";
- Logger.error(msg, e);
- throw new SecurityException(msg, e);
- }
-
- }
-
- private void verifyStandardValidation(STORKResponse response) throws SecurityException {
- try {
- SAMLUtil.verifySAMLObjectStandardValidation(response, "saml2-core-schema-and-stork-validator");
- } catch (SAMLValidationException e) {
- String msg ="SAML Response received not valid.";
- throw new SecurityException(msg, e);
- }
-
- }
-
-
-
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 14:19:26 +0000