aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java90
1 files changed, 46 insertions, 44 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index d9129165e..59eaa90b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.protocols.pvp2x;
-import java.io.IOException;
import java.io.StringWriter;
import java.util.List;
@@ -8,32 +7,28 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
+import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.metadata.ArtifactResolutionService;
+import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;
@@ -43,8 +38,8 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
public class MetadataAction implements IAction {
@@ -52,9 +47,20 @@ public class MetadataAction implements IAction {
HttpServletResponse httpResp) throws MOAIDException {
try {
+ EntitiesDescriptor idpEntitiesDescriptor =
+ SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
+
+ idpEntitiesDescriptor.setName(PVPConfiguration.getInstance().getIDPIssuerName());
+
+ idpEntitiesDescriptor.setID(SAML2Utils.getSecureIdentifier());
+
+ idpEntitiesDescriptor.setValidUntil(new DateTime().plusWeeks(4));
+
EntityDescriptor idpEntityDescriptor = SAML2Utils
.createSAMLObject(EntityDescriptor.class);
+ idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor);
+
idpEntityDescriptor
.setEntityID("https://localhost:8443/moa-id-auth");
@@ -83,13 +89,15 @@ public class MetadataAction implements IAction {
Signature signature = CredentialProvider
.getIDPSignature(credential);
- idpEntityDescriptor.setSignature(signature);
+ idpEntitiesDescriptor.setSignature(signature);
IDPSSODescriptor idpSSODescriptor = SAML2Utils
.createSAMLObject(IDPSSODescriptor.class);
- idpSSODescriptor.setWantAuthnRequestsSigned(true);
-
+ idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ idpSSODescriptor.setWantAuthnRequestsSigned(true);
+
if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
SingleSignOnService postSingleSignOnService = SAML2Utils
.createSAMLObject(SingleSignOnService.class);
@@ -116,7 +124,7 @@ public class MetadataAction implements IAction {
redirectSingleSignOnService);
}
- if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
+ /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
ArtifactResolutionService artifactResolutionService = SAML2Utils
.createSAMLObject(ArtifactResolutionService.class);
@@ -125,14 +133,31 @@ public class MetadataAction implements IAction {
artifactResolutionService.setLocation(PVPConfiguration
.getInstance().getIDPResolveSOAPService());
+ artifactResolutionService.setIndex(0);
+
idpSSODescriptor.getArtifactResolutionServices().add(
artifactResolutionService);
- }
+ }*/
idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes());
+ NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistenNameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat);
+
+ NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
+
+ NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat);
+
idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor);
DocumentBuilder builder;
@@ -142,8 +167,8 @@ public class MetadataAction implements IAction {
builder = factory.newDocumentBuilder();
Document document = builder.newDocument();
Marshaller out = Configuration.getMarshallerFactory()
- .getMarshaller(idpEntityDescriptor);
- out.marshall(idpEntityDescriptor, document);
+ .getMarshaller(idpEntitiesDescriptor);
+ out.marshall(idpEntitiesDescriptor, document);
Signer.signObject(signature);
@@ -165,33 +190,10 @@ public class MetadataAction implements IAction {
httpResp.getOutputStream().close();
- } catch (CredentialsNotAvailableException e) {
- e.printStackTrace();
- } catch (SecurityException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (ParserConfigurationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (MarshallingException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (SignatureException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (TransformerConfigurationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (TransformerFactoryConfigurationError e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (TransformerException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
+ } catch (Exception e) {
+ Logger.error("Failed to generate metadata", e);
+ throw new MOAIDException("pvp2.13", null);
+ }
}
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 03:47:15 +0000