diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java | 90 |
1 files changed, 46 insertions, 44 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index d9129165e..59eaa90b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; -import java.io.IOException; import java.io.StringWriter; import java.util.List; @@ -8,32 +7,28 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerConfigurationException; -import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactory; -import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; +import org.joda.time.DateTime; import org.opensaml.Configuration; import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.metadata.ArtifactResolutionService; +import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.NameIDFormat; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.xml.io.Marshaller; -import org.opensaml.xml.io.MarshallingException; -import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.SignatureException; import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; @@ -43,8 +38,8 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; public class MetadataAction implements IAction { @@ -52,9 +47,20 @@ public class MetadataAction implements IAction { HttpServletResponse httpResp) throws MOAIDException { try { + EntitiesDescriptor idpEntitiesDescriptor = + SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + + idpEntitiesDescriptor.setName(PVPConfiguration.getInstance().getIDPIssuerName()); + + idpEntitiesDescriptor.setID(SAML2Utils.getSecureIdentifier()); + + idpEntitiesDescriptor.setValidUntil(new DateTime().plusWeeks(4)); + EntityDescriptor idpEntityDescriptor = SAML2Utils .createSAMLObject(EntityDescriptor.class); + idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor); + idpEntityDescriptor .setEntityID("https://localhost:8443/moa-id-auth"); @@ -83,13 +89,15 @@ public class MetadataAction implements IAction { Signature signature = CredentialProvider .getIDPSignature(credential); - idpEntityDescriptor.setSignature(signature); + idpEntitiesDescriptor.setSignature(signature); IDPSSODescriptor idpSSODescriptor = SAML2Utils .createSAMLObject(IDPSSODescriptor.class); - idpSSODescriptor.setWantAuthnRequestsSigned(true); - + idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + idpSSODescriptor.setWantAuthnRequestsSigned(true); + if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) { SingleSignOnService postSingleSignOnService = SAML2Utils .createSAMLObject(SingleSignOnService.class); @@ -116,7 +124,7 @@ public class MetadataAction implements IAction { redirectSingleSignOnService); } - if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) { + /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) { ArtifactResolutionService artifactResolutionService = SAML2Utils .createSAMLObject(ArtifactResolutionService.class); @@ -125,14 +133,31 @@ public class MetadataAction implements IAction { artifactResolutionService.setLocation(PVPConfiguration .getInstance().getIDPResolveSOAPService()); + artifactResolutionService.setIndex(0); + idpSSODescriptor.getArtifactResolutionServices().add( artifactResolutionService); - } + }*/ idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes()); + NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistenNameIDFormat.setFormat(NameIDType.PERSISTENT); + + idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat); + + NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientNameIDFormat.setFormat(NameIDType.TRANSIENT); + + idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat); + + NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat); + idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor); DocumentBuilder builder; @@ -142,8 +167,8 @@ public class MetadataAction implements IAction { builder = factory.newDocumentBuilder(); Document document = builder.newDocument(); Marshaller out = Configuration.getMarshallerFactory() - .getMarshaller(idpEntityDescriptor); - out.marshall(idpEntityDescriptor, document); + .getMarshaller(idpEntitiesDescriptor); + out.marshall(idpEntitiesDescriptor, document); Signer.signObject(signature); @@ -165,33 +190,10 @@ public class MetadataAction implements IAction { httpResp.getOutputStream().close(); - } catch (CredentialsNotAvailableException e) { - e.printStackTrace(); - } catch (SecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (ParserConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (MarshallingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (SignatureException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (TransformerConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (TransformerFactoryConfigurationError e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (TransformerException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } + } catch (Exception e) { + Logger.error("Failed to generate metadata", e); + throw new MOAIDException("pvp2.13", null); + } } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, |