diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java | 272 |
1 files changed, 136 insertions, 136 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java index 942fab4f3..9c654d42f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java @@ -1,136 +1,136 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.verification; - -import java.io.UnsupportedEncodingException; - -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.security.SAMLSignatureProfileValidator; -import org.opensaml.xml.validation.ValidationException; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.XMLUtil; -import at.gv.egovernment.moa.logging.Logger; - -public class SAMLVerifierMOASP implements ISAMLVerifier { - - - //TODO: implement via metadata validator .... - public void verifyRequest(RequestAbstractType request) - throws MOAIDException { - // validate Signature - try { - if (request.isSigned()) { - - String trustProfileID = AuthConfigurationProviderFactory.getInstance() - .getStorkConfig().getSignatureVerificationParameter() - .getTrustProfileID(); - - Logger.trace("Starting validation of Signature references"); - try { - SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); - sigValidator.validate(request.getSignature()); - } catch (ValidationException e) { - Logger.error("Validation of XML Signature refrences failed: " - + e.getMessage()); - throw new SecurityException(e); - } - Logger.debug("XML Signature references are OK."); - - Logger.debug("Invoking MOA-SP with TrustProfileID: " - + trustProfileID); - - // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .build(XMLUtil.printXML(request.getDOM()).getBytes("UTF-8"), - trustProfileID); - - Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built"); - - Logger.trace("Calling MOA-SP"); - // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() - .verifyXMLSignature(domVerifyXMLSignatureRequest); - - // parses the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( - domVerifyXMLSignatureResponse).parseData(); - - Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP"); - - if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) { - String msg = "Signature of SAMLResponse not valid"; - Logger.error(msg); - throw new SecurityException(msg); - } - - Logger.debug("Signature of SAML response successfully verified"); - - if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { - String msg = "Certificate of SAMLResponse not valid"; - Logger.error(msg); - throw new SecurityException(msg); - } - - Logger.debug("Signing certificate of SAML response succesfully verified"); - - } else { - String msg = "SAML Object is not signed."; - throw new SecurityException(msg); - } - - } catch (ConfigurationException e) { - String msg = "Unable to load STORK configuration for STORK SAML Response signature verification."; - Logger.error(msg, e); - throw new SecurityException(msg, e); - } catch (ParseException e) { - String msg = "Unable to parse VerifyXMLSignature Request or Response."; - Logger.error(msg, e); - throw new SecurityException(msg, e); - } catch (BuildException e) { - String msg = "Unable to parse VerifyXMLSignature Request or Response."; - Logger.error(msg, e); - throw new SecurityException(msg, e); - } catch (ServiceException e) { - String msg = "Unable to invoke MOA-SP."; - Logger.error(msg, e); - throw new SecurityException(msg, e); - } catch (UnsupportedEncodingException e) { - String msg = "Unsupported Encoding."; - Logger.error(msg, e); - throw new SecurityException(msg, e); - } - - } - -} +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// *******************************************************************************/ +//package at.gv.egovernment.moa.id.protocols.pvp2x.verification; +// +//import java.io.UnsupportedEncodingException; +// +//import org.opensaml.saml2.core.RequestAbstractType; +//import org.opensaml.security.SAMLSignatureProfileValidator; +//import org.opensaml.xml.validation.ValidationException; +//import org.w3c.dom.Element; +// +//import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +//import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +//import at.gv.egovernment.moa.id.auth.exception.BuildException; +//import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +//import at.gv.egovernment.moa.id.auth.exception.ParseException; +//import at.gv.egovernment.moa.id.auth.exception.ServiceException; +//import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +//import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +//import at.gv.egovernment.moa.id.config.ConfigurationException; +//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +//import at.gv.egovernment.moa.id.util.XMLUtil; +//import at.gv.egovernment.moa.logging.Logger; +// +//public class SAMLVerifierMOASP implements ISAMLVerifier { +// +// +// //TODO: implement via metadata validator .... +// public void verifyRequest(RequestAbstractType request) +// throws MOAIDException { +// // validate Signature +// try { +// if (request.isSigned()) { +// +// String trustProfileID = AuthConfigurationProviderFactory.getInstance() +// .getStorkConfig().getSignatureVerificationParameter() +// .getTrustProfileID(); +// +// Logger.trace("Starting validation of Signature references"); +// try { +// SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); +// sigValidator.validate(request.getSignature()); +// } catch (ValidationException e) { +// Logger.error("Validation of XML Signature refrences failed: " +// + e.getMessage()); +// throw new SecurityException(e); +// } +// Logger.debug("XML Signature references are OK."); +// +// Logger.debug("Invoking MOA-SP with TrustProfileID: " +// + trustProfileID); +// +// // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP +// Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() +// .build(XMLUtil.printXML(request.getDOM()).getBytes("UTF-8"), +// trustProfileID); +// +// Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built"); +// +// Logger.trace("Calling MOA-SP"); +// // invokes the call +// Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() +// .verifyXMLSignature(domVerifyXMLSignatureRequest); +// +// // parses the <VerifyXMLSignatureResponse> +// VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( +// domVerifyXMLSignatureResponse).parseData(); +// +// Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP"); +// +// if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) { +// String msg = "Signature of SAMLResponse not valid"; +// Logger.error(msg); +// throw new SecurityException(msg); +// } +// +// Logger.debug("Signature of SAML response successfully verified"); +// +// if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { +// String msg = "Certificate of SAMLResponse not valid"; +// Logger.error(msg); +// throw new SecurityException(msg); +// } +// +// Logger.debug("Signing certificate of SAML response succesfully verified"); +// +// } else { +// String msg = "SAML Object is not signed."; +// throw new SecurityException(msg); +// } +// +// } catch (ConfigurationException e) { +// String msg = "Unable to load STORK configuration for STORK SAML Response signature verification."; +// Logger.error(msg, e); +// throw new SecurityException(msg, e); +// } catch (ParseException e) { +// String msg = "Unable to parse VerifyXMLSignature Request or Response."; +// Logger.error(msg, e); +// throw new SecurityException(msg, e); +// } catch (BuildException e) { +// String msg = "Unable to parse VerifyXMLSignature Request or Response."; +// Logger.error(msg, e); +// throw new SecurityException(msg, e); +// } catch (ServiceException e) { +// String msg = "Unable to invoke MOA-SP."; +// Logger.error(msg, e); +// throw new SecurityException(msg, e); +// } catch (UnsupportedEncodingException e) { +// String msg = "Unsupported Encoding."; +// Logger.error(msg, e); +// throw new SecurityException(msg, e); +// } +// +// } +// +//} |