aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java221
1 files changed, 0 insertions, 221 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
deleted file mode 100644
index f29418853..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.security.NoSuchAlgorithmException;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-@Service("PVPAuthnRequestBuilder")
-public class PVPAuthnRequestBuilder {
-
- @Autowired(required=true) ApplicationContext springContext;
-
- /**
- * Build a PVP2.x specific authentication request
- *
- * @param pendingReq Currently processed pendingRequest
- * @param config AuthnRequest builder configuration, never null
- * @param idpEntity SAML2 EntityDescriptor of the IDP, which receive this AuthnRequest, never null
- * @param httpResp
- * @throws NoSuchAlgorithmException
- * @throws SecurityException
- * @throws PVP2Exception
- * @throws MessageEncodingException
- */
- public void buildAuthnRequest(IRequest pendingReq, IPVPAuthnRequestBuilderConfiguruation config,
- HttpServletResponse httpResp) throws NoSuchAlgorithmException, MessageEncodingException, PVP2Exception, SecurityException {
- //get IDP Entity element from config
- EntityDescriptor idpEntity = config.getIDPEntityDescriptor();
-
- AuthnRequest authReq = SAML2Utils
- .createSAMLObject(AuthnRequest.class);
-
- //select SingleSignOn Service endpoint from IDP metadata
- SingleSignOnService endpoint = null;
- for (SingleSignOnService sss :
- idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-
- // use POST binding as default if it exists
- if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
- endpoint = sss;
-
- } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
- && endpoint == null )
- endpoint = sss;
-
- }
-
- if (endpoint == null) {
- Logger.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID()
- + " does not support POST or Redirect Binding.");
- throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{config.getSPNameForLogging(), idpEntity.getEntityID()});
-
- } else
- authReq.setDestination(endpoint.getLocation());
-
-
- //set basic AuthnRequest information
- String reqID = config.getRequestID();
- if (MiscUtil.isNotEmpty(reqID))
- authReq.setID(reqID);
-
- else {
- SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
- authReq.setID(gen.generateIdentifier());
-
- }
-
- authReq.setIssueInstant(new DateTime());
-
- //set isPassive flag
- if (config.isPassivRequest() == null)
- authReq.setIsPassive(false);
- else
- authReq.setIsPassive(config.isPassivRequest());
-
- //set EntityID of the service provider
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setFormat(NameIDType.ENTITY);
- issuer.setValue(config.getSPEntityID());
- authReq.setIssuer(issuer);
-
- //set AssertionConsumerService ID
- if (config.getAssertionConsumerServiceId() != null)
- authReq.setAssertionConsumerServiceIndex(config.getAssertionConsumerServiceId());
-
- //set NameIDPolicy
- if (config.getNameIDPolicyFormat() != null) {
- NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class);
- policy.setAllowCreate(config.getNameIDPolicyAllowCreation());
- policy.setFormat(config.getNameIDPolicyFormat());
- authReq.setNameIDPolicy(policy);
- }
-
- //set requested QAA level
- if (config.getAuthnContextClassRef() != null) {
- RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
- AuthnContextClassRef authnClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-
- authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRef());
-
- if (config.getAuthnContextComparison() == null)
- reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
- else
- reqAuthContext.setComparison(config.getAuthnContextComparison());
-
- reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
- authReq.setRequestedAuthnContext(reqAuthContext);
- }
-
- //set request Subject element
- if (MiscUtil.isNotEmpty(config.getSubjectNameID())) {
- Subject reqSubject = SAML2Utils.createSAMLObject(Subject.class);
- NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-
- subjectNameID.setValue(config.getSubjectNameID());
- if (MiscUtil.isNotEmpty(config.getSubjectNameIDQualifier()))
- subjectNameID.setNameQualifier(config.getSubjectNameIDQualifier());
-
- if (MiscUtil.isNotEmpty(config.getSubjectNameIDFormat()))
- subjectNameID.setFormat(config.getSubjectNameIDFormat());
- else
- subjectNameID.setFormat(NameID.TRANSIENT);
-
- reqSubject.setNameID(subjectNameID);
-
- if (config.getSubjectConformationDate() != null) {
- SubjectConfirmation subjectConformation = SAML2Utils.createSAMLObject(SubjectConfirmation.class);
- SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);
- subjectConformation.setSubjectConfirmationData(subjectConformDate);
- reqSubject.getSubjectConfirmations().add(subjectConformation );
-
- if (config.getSubjectConformationMethode() != null)
- subjectConformation.setMethod(config.getSubjectConformationMethode());
-
- subjectConformDate.setDOM(config.getSubjectConformationDate());
-
- }
-
- authReq.setSubject(reqSubject );
-
- }
-
- //TODO: implement requested attributes
- //maybe: config.getRequestedAttributes();
-
- //select message encoder
- IEncoder binding = null;
- if (endpoint.getBinding().equals(
- SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-
- } else if (endpoint.getBinding().equals(
- SAMLConstants.SAML2_POST_BINDING_URI)) {
- binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
-
- }
-
- //encode message
- binding.encodeRequest(null, httpResp, authReq,
- endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq);
- }
-
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 21:11:20 +0000