aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java198
1 files changed, 0 insertions, 198 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
deleted file mode 100644
index d76e6c2f1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
+++ /dev/null
@@ -1,198 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class CredentialProvider {
-
- private static KeyStore keyStore = null;
-
- public static X509Credential getIDPMetaDataSigningCredential()
- throws CredentialsNotAvailableException {
- PVPConfiguration config = PVPConfiguration.getInstance();
- try {
-
- if (keyStore == null)
- keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
- config.getIDPKeyStorePassword());
-
- MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
- keyStore, config.getIDPKeyAliasMetadata(), config
- .getIDPKeyPasswordMetadata().toCharArray());
-
- credentials.setUsageType(UsageType.SIGNING);
- if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
- Logger.error("IDP Metadata Signing credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException("IDP Assertion Signing credentials (Alias: "
- + config.getIDPKeyAliasMetadata() + ") is not found or contains no PrivateKey.", null);
-
- }
- return credentials;
- } catch (Exception e) {
- Logger.error("Failed to generate IDP Metadata Signing credentials");
- e.printStackTrace();
- throw new CredentialsNotAvailableException(e.getMessage(), null);
- }
- }
-
- public static X509Credential getIDPAssertionSigningCredential()
- throws CredentialsNotAvailableException {
- PVPConfiguration config = PVPConfiguration.getInstance();
- try {
- if (keyStore == null)
- keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
- config.getIDPKeyStorePassword());
-
- MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
- keyStore, config.getIDPKeyAliasAssertionSign(), config
- .getIDPKeyPasswordAssertionSign().toCharArray());
-
- credentials.setUsageType(UsageType.SIGNING);
- if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
- Logger.error("IDP Assertion Signing credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException("IDP Assertion Signing credentials (Alias: "
- + config.getIDPKeyAliasAssertionSign() + ") is not found or contains no PrivateKey.", null);
-
- }
-
- return (X509Credential) credentials;
- } catch (Exception e) {
- Logger.error("Failed to generate IDP Assertion Signing credentials");
- e.printStackTrace();
- throw new CredentialsNotAvailableException(e.getMessage(), null);
- }
- }
-
- public static X509Credential getIDPAssertionEncryptionCredential()
- throws CredentialsNotAvailableException {
- PVPConfiguration config = PVPConfiguration.getInstance();
- try {
- if (keyStore == null)
- keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
- config.getIDPKeyStorePassword());
-
- //if no encryption key is configured return null
- if (MiscUtil.isEmpty(config.getIDPKeyAliasAssertionEncryption()))
- return null;
-
- MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
- keyStore, config.getIDPKeyAliasAssertionEncryption(), config
- .getIDPKeyPasswordAssertionEncryption().toCharArray());
-
- credentials.setUsageType(UsageType.ENCRYPTION);
-
- if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
- Logger.error("IDP Assertion Encryption credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException("IDP Assertion Encryption credentials (Alias: "
- + config.getIDPKeyAliasAssertionEncryption() + ") is not found or contains no PrivateKey.", null);
-
- }
-
- return (X509Credential) credentials;
- } catch (Exception e) {
- Logger.error("Failed to generate IDP Assertion Encryption credentials");
- e.printStackTrace();
- throw new CredentialsNotAvailableException(e.getMessage(), null);
- }
- }
-
- public static Signature getIDPSignature(Credential credentials) {
-
- PrivateKey privatekey = credentials.getPrivateKey();
-
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
-
- if (privatekey instanceof RSAPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
- } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
-
- } else {
- Logger.warn("Could NOT evaluate the Private-Key type from PVP credential.");
-
- }
-
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
- return signer;
-
- }
-
- public static Credential getSPTrustedCredential(String entityID)
- throws CredentialsNotAvailableException {
-
- iaik.x509.X509Certificate cert = PVPConfiguration.getInstance()
- .getTrustEntityCertificate(entityID);
-
- if (cert == null) {
- throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null);
- }
-
- BasicX509Credential credential = new BasicX509Credential();
- credential.setEntityId(entityID);
- credential.setUsageType(UsageType.SIGNING);
- credential.setPublicKey(cert.getPublicKey());
-
- return credential;
- }
- /*
- * public static Credential getTrustedCredential() throws
- * CredentialsNotAvailableException { String filename =
- * PVPConfiguration.getInstance().getTrustEntityCertificate("sp.crt");
- *
- * iaik.x509.X509Certificate cert; try { cert = new X509Certificate(new
- * FileInputStream(new File(filename))); } catch (CertificateException e) {
- * e.printStackTrace(); throw new
- * CredentialsNotAvailableException(e.getMessage(), null); } catch
- * (FileNotFoundException e) { e.printStackTrace(); throw new
- * CredentialsNotAvailableException(e.getMessage(), null); } catch
- * (IOException e) { e.printStackTrace(); throw new
- * CredentialsNotAvailableException(e.getMessage(), null); }
- *
- * BasicX509Credential credential = new BasicX509Credential();
- * credential.setEntityId("sp.crt");
- * credential.setUsageType(UsageType.SIGNING);
- * credential.setPublicKey(cert.getPublicKey());
- *
- * return credential; }
- */
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 12:16:59 +0000