aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java28
2 files changed, 39 insertions, 12 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 94e30238a..af22a2d7e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -132,7 +132,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
SubjectConfirmationData subjectConfirmationData = null;
- return buildGenericAssertion(pendingReq, attrQuery.getIssuer().getValue(), date,
+ return buildGenericAssertion(pendingReq.getAuthURL(), attrQuery.getIssuer().getValue(), date,
authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex,
new DateTime(authData.getSsoSessionValidTo().getTime()));
}
@@ -410,12 +410,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
sloInformation.setNameIDFormat(subjectNameID.getFormat());
sloInformation.setSessionIndex(sessionIndex);
- return buildGenericAssertion(pendingReq, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
+ return buildGenericAssertion(pendingReq.getAuthURL(), peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
}
/**
*
- * @param pendingReq IDP PublicURL PreFix
+ * @param issuer IDP EntityID
* @param entityID Service Provider EntityID
* @param date
* @param authnContextClassRef
@@ -428,7 +428,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
* @throws ConfigurationException
*/
- public static Assertion buildGenericAssertion(IRequest pendingReq, String entityID, DateTime date,
+ public static Assertion buildGenericAssertion(String issuer, String entityID, DateTime date,
AuthnContextClassRef authnContextClassRef, List<Attribute> attrList,
NameID subjectNameID, SubjectConfirmationData subjectConfirmationData,
String sessionIndex, DateTime isValidTo) throws ConfigurationException {
@@ -478,15 +478,14 @@ public class PVP2AssertionBuilder implements PVPConstants {
assertion.setConditions(conditions);
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- String authURL = pendingReq.getAuthURL();
- if (authURL.endsWith("/"))
- authURL = authURL.substring(0, authURL.length()-1);
- issuer.setValue(authURL);
- issuer.setFormat(NameID.ENTITY);
+ Issuer issuerObj = SAML2Utils.createSAMLObject(Issuer.class);
+
+ if (issuer.endsWith("/"))
+ issuer = issuer.substring(0, issuer.length()-1);
+ issuerObj.setValue(issuer);
+ issuerObj.setFormat(NameID.ENTITY);
- assertion.setIssuer(issuer);
+ assertion.setIssuer(issuerObj);
assertion.setSubject(subject);
assertion.setID(SAML2Utils.getSecureIdentifier());
assertion.setIssueInstant(date);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
index e7df23d61..4c9a1e59f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
@@ -23,11 +23,17 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPrivateKey;
+import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.KeyStoreUtils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -183,4 +189,26 @@ public abstract class AbstractCredentialProvider {
throw new CredentialsNotAvailableException(e.getMessage(), null);
}
}
+
+ public static Signature getIDPSignature(Credential credentials) {
+ PrivateKey privatekey = credentials.getPrivateKey();
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+
+ if (privatekey instanceof RSAPrivateKey) {
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+
+ } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
+
+ } else {
+ Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential.");
+
+
+ }
+
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(credentials);
+ return signer;
+
+ }
}