aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java209
1 files changed, 209 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
new file mode 100644
index 000000000..3d0fd80bd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -0,0 +1,209 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.io.StringWriter;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.Signer;
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MetadataAction implements IAction {
+
+ public void processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ try {
+
+ EntitiesDescriptor idpEntitiesDescriptor =
+ SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
+
+ idpEntitiesDescriptor.setName(PVPConfiguration.getInstance().getIDPIssuerName());
+
+ idpEntitiesDescriptor.setID(SAML2Utils.getSecureIdentifier());
+
+ idpEntitiesDescriptor.setValidUntil(new DateTime().plusWeeks(4));
+
+ EntityDescriptor idpEntityDescriptor = SAML2Utils
+ .createSAMLObject(EntityDescriptor.class);
+
+ idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor);
+
+ idpEntityDescriptor
+ .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath());
+
+ List<ContactPerson> persons = PVPConfiguration.getInstance()
+ .getIDPContacts();
+
+ idpEntityDescriptor.getContactPersons().addAll(persons);
+
+ idpEntityDescriptor.setOrganization(PVPConfiguration.getInstance()
+ .getIDPOrganisation());
+
+ X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory();
+ keyInfoFactory.setEmitPublicKeyValue(true);
+ keyInfoFactory.setEmitEntityIDAsKeyName(true);
+ keyInfoFactory.setEmitEntityCertificate(true);
+ KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
+
+ Credential credential = CredentialProvider
+ .getIDPSigningCredential();
+
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(credential));
+
+ Signature signature = CredentialProvider
+ .getIDPSignature(credential);
+
+ idpEntitiesDescriptor.setSignature(signature);
+
+ IDPSSODescriptor idpSSODescriptor = SAML2Utils
+ .createSAMLObject(IDPSSODescriptor.class);
+
+ idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ idpSSODescriptor.setWantAuthnRequestsSigned(true);
+
+ if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
+ SingleSignOnService postSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+
+ postSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSOPostService());
+ postSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+
+ idpSSODescriptor.getSingleSignOnServices().add(
+ postSingleSignOnService);
+ }
+
+ if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) {
+ SingleSignOnService redirectSingleSignOnService = SAML2Utils
+ .createSAMLObject(SingleSignOnService.class);
+
+ redirectSingleSignOnService.setLocation(PVPConfiguration
+ .getInstance().getIDPSSORedirectService());
+ redirectSingleSignOnService
+ .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+
+ idpSSODescriptor.getSingleSignOnServices().add(
+ redirectSingleSignOnService);
+ }
+
+ /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
+ ArtifactResolutionService artifactResolutionService = SAML2Utils
+ .createSAMLObject(ArtifactResolutionService.class);
+
+ artifactResolutionService
+ .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ artifactResolutionService.setLocation(PVPConfiguration
+ .getInstance().getIDPResolveSOAPService());
+
+ artifactResolutionService.setIndex(0);
+
+ idpSSODescriptor.getArtifactResolutionServices().add(
+ artifactResolutionService);
+ }*/
+
+ idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes());
+
+ NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistenNameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat);
+
+ NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
+
+ NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat);
+
+ idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor);
+
+ DocumentBuilder builder;
+ DocumentBuilderFactory factory = DocumentBuilderFactory
+ .newInstance();
+
+ builder = factory.newDocumentBuilder();
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory()
+ .getMarshaller(idpEntitiesDescriptor);
+ out.marshall(idpEntitiesDescriptor, document);
+
+ Signer.signObject(signature);
+
+ Transformer transformer = TransformerFactory.newInstance()
+ .newTransformer();
+
+ StringWriter sw = new StringWriter();
+ StreamResult sr = new StreamResult(sw);
+ DOMSource source = new DOMSource(document);
+ transformer.transform(source, sr);
+ sw.close();
+
+ String metadataXML = sw.toString();
+
+ System.out.println("METADATA: " + metadataXML);
+
+ httpResp.setContentType("text/xml");
+ httpResp.getOutputStream().write(metadataXML.getBytes());
+
+ httpResp.getOutputStream().close();
+
+ } catch (Exception e) {
+ Logger.error("Failed to generate metadata", e);
+ throw new MOAIDException("pvp2.13", null);
+ }
+ }
+
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+ }
+
+ public String getDefaultActionName() {
+ return (PVP2XProtocol.METADATA);
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-23 21:13:53 +0000