aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java111
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java77
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java17
13 files changed, 310 insertions, 192 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index feaf59cb2..673b65243 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -47,6 +47,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public static final String REDIRECT = "Redirect";
public static final String POST = "Post";
+ public static final String SOAP = "Soap";
private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index a7b4a5bc7..8f83812a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -1,14 +1,10 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
-import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.servlet.http.HttpServletRequest;
@@ -19,7 +15,6 @@ import org.apache.velocity.runtime.RuntimeConstants;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.SingleSignOnService;
@@ -28,13 +23,12 @@ import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.BasicCredential;
-import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
public class ArtifactBinding implements IDecoder, IEncoder {
@@ -48,30 +42,13 @@ public class ArtifactBinding implements IDecoder, IEncoder {
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
StatusResponseType response, String targetLocation)
throws MessageEncodingException, SecurityException {
- KeyStore keyStore;
-
try {
- keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-
- FileInputStream inputStream = new FileInputStream(
- "/home/afitzek/server/moaid_conf/moaid/pvp.ks");
- keyStore.load(inputStream, "123456".toCharArray());
- inputStream.close();
-
- BasicCredential credentials = new BasicCredential();
- PrivateKey key = (PrivateKey) keyStore.getKey("pvpIDP",
- "123456".toCharArray());
- Certificate cert = keyStore.getCertificate("pvpIDP");
- credentials.setPublicKey(cert.getPublicKey());
- credentials.setPrivateKey(key);
- credentials.setUsageType(UsageType.SIGNING);
-
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
+ Credential credentials = CredentialProvider
+ .getIDPSigningCredential();
+ Signature signer = CredentialProvider.getIDPSignature(credentials);
response.setSignature(signer);
+
VelocityEngine engine = new VelocityEngine();
engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
@@ -100,24 +77,9 @@ public class ArtifactBinding implements IDecoder, IEncoder {
context.setOutboundMessageTransport(responseAdapter);
encoder.encode(context);
- } catch (KeyStoreException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (FileNotFoundException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (NoSuchAlgorithmException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (CertificateException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (UnrecoverableKeyException e) {
- // TODO Auto-generated catch block
+ } catch (CredentialsNotAvailableException e) {
e.printStackTrace();
+ throw new SecurityException(e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 38be055be..c7d779fa2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -1,16 +1,5 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -31,49 +20,31 @@ import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.BasicCredential;
-import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
public class PostBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation) throws MessageEncodingException,
- SecurityException{
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException {
// TODO Auto-generated method stub
-
+
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation) throws MessageEncodingException,
- SecurityException{
- KeyStore keyStore;
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException {
try {
- keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-
- FileInputStream inputStream = new FileInputStream(
- "/home/afitzek/server/moaid_conf/moaid/pvp.ks");
- keyStore.load(inputStream, "123456".toCharArray());
- inputStream.close();
-
- BasicCredential credentials = new BasicCredential();
- PrivateKey key = (PrivateKey) keyStore.getKey("pvpIDP",
- "123456".toCharArray());
- Certificate cert = keyStore.getCertificate("pvpIDP");
- credentials.setPublicKey(cert.getPublicKey());
- credentials.setPrivateKey(key);
- credentials.setUsageType(UsageType.SIGNING);
-
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
+ Credential credentials = CredentialProvider
+ .getIDPSigningCredential();
+ Signature signer = CredentialProvider.getIDPSignature(credentials);
response.setSignature(signer);
VelocityEngine engine = new VelocityEngine();
@@ -81,11 +52,11 @@ public class PostBinding implements IDecoder, IEncoder {
engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
- engine.setProperty("classpath.resource.loader.class",
+ engine.setProperty("classpath.resource.loader.class",
"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
engine.init();
-
- HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+
+ HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
"resources/templates/pvp_postbinding_template.html");
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
resp, true);
@@ -101,68 +72,46 @@ public class PostBinding implements IDecoder, IEncoder {
context.setOutboundMessageTransport(responseAdapter);
encoder.encode(context);
- } catch (KeyStoreException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (FileNotFoundException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (NoSuchAlgorithmException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (CertificateException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (UnrecoverableKeyException e) {
- // TODO Auto-generated catch block
+ } catch (CredentialsNotAvailableException e) {
e.printStackTrace();
+ throw new SecurityException(e);
}
}
public MOARequest decodeRequest(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
- SecurityException{
-
-
-
+ SecurityException {
+
HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext =
- new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(
- req));
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
decode.decode(messageContext);
RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
.getInboundMessage();
-
+
MOARequest request = new MOARequest(inboundMessage);
-
+
return request;
-
+
}
public MOAResponse decodeRespone(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
- SecurityException{
-
+ SecurityException {
+
HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext =
- new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(
- req));
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
decode.decode(messageContext);
- Response inboundMessage = (Response) messageContext
- .getInboundMessage();
-
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+
MOAResponse moaResponse = new MOAResponse(inboundMessage);
return moaResponse;
-
+
}
public boolean handleDecode(String action) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 2cae67e97..92a6b6002 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -1,16 +1,5 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -35,14 +24,13 @@ import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.BasicCredential;
-import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
public class RedirectBinding implements IDecoder, IEncoder {
@@ -56,30 +44,13 @@ public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
StatusResponseType response, String targetLocation)
throws MessageEncodingException, SecurityException {
- KeyStore keyStore;
-
try {
- keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-
- FileInputStream inputStream = new FileInputStream(
- "/home/afitzek/server/moaid_conf/moaid/pvp.ks");
- keyStore.load(inputStream, "123456".toCharArray());
- inputStream.close();
-
- BasicCredential credentials = new BasicCredential();
- PrivateKey key = (PrivateKey) keyStore.getKey("pvpIDP",
- "123456".toCharArray());
- Certificate cert = keyStore.getCertificate("pvpIDP");
- credentials.setPublicKey(cert.getPublicKey());
- credentials.setPrivateKey(key);
- credentials.setUsageType(UsageType.SIGNING);
-
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
+ Credential credentials = CredentialProvider
+ .getIDPSigningCredential();
+ Signature signer = CredentialProvider.getIDPSignature(credentials);
response.setSignature(signer);
+
HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
@@ -96,26 +67,10 @@ public class RedirectBinding implements IDecoder, IEncoder {
context.setOutboundMessageTransport(responseAdapter);
encoder.encode(context);
- } catch (KeyStoreException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (FileNotFoundException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (NoSuchAlgorithmException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (CertificateException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (UnrecoverableKeyException e) {
- // TODO Auto-generated catch block
+ } catch (CredentialsNotAvailableException e) {
e.printStackTrace();
+ throw new SecurityException(e);
}
-
}
public MOARequest decodeRequest(HttpServletRequest req,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
new file mode 100644
index 000000000..027dab15a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -0,0 +1,77 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+
+public class SoapBinding implements IDecoder, IEncoder {
+
+ public MOARequest decodeRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+ HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder();
+ BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext =
+ new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(
+ req));
+ soapDecoder.decode(messageContext);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+
+ MOARequest request = new MOARequest(inboundMessage);
+
+ return request;
+ }
+
+ public MOAResponse decodeRespone(HttpServletRequest req,
+ HttpServletResponse resp) throws MessageDecodingException,
+ SecurityException {
+ HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder();
+ BasicSAMLMessageContext<Response, ?, ?> messageContext =
+ new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(
+ req));
+ soapDecoder.decode(messageContext);
+
+ Response inboundMessage = (Response) messageContext
+ .getInboundMessage();
+
+ MOAResponse moaResponse = new MOAResponse(inboundMessage);
+ return moaResponse;
+ }
+
+ public boolean handleDecode(String action) {
+ return (action.equals(PVP2XProtocol.SOAP));
+ }
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
new file mode 100644
index 000000000..5ec852d46
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -0,0 +1,63 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class PVPConfiguration {
+ private static PVPConfiguration instance;
+
+ public static PVPConfiguration getInstance() {
+ if(instance == null) {
+ instance = new PVPConfiguration();
+ }
+ return instance;
+ }
+
+ public static final String PVP_CONFIG_FILE = "pvp2config.properties";
+ public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
+ public static final String IDP_KEYALIAS = "idp.ks.alias";
+ public static final String IDP_KS_PASS = "idp.ks.kspassword";
+ public static final String IDP_KEY_PASS = "idp.ks.keypassword";
+ public static final String METADATA_FILE = "md.file";
+
+ Properties props = new Properties();
+
+ private PVPConfiguration() {
+ try {
+ String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+ String pathName = (new File(fileName)).getParent();
+ String configFile = pathName + File.pathSeparator + PVP_CONFIG_FILE;
+
+ Logger.info("PVP Config file " + configFile);
+ FileInputStream is = new FileInputStream(configFile);
+ props.load(is);
+ is.close();
+ } catch(Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public String getIDPKeyStoreFilename() {
+ return props.getProperty(IDP_JAVAKEYSTORE);
+ }
+
+ public String getIDPKeyStorePassword() {
+ return props.getProperty(IDP_KS_PASS);
+ }
+
+ public String getIDPKeyAlias() {
+ return props.getProperty(IDP_KEYALIAS);
+ }
+
+ public String getIDPKeyPassword() {
+ return props.getProperty(IDP_KEY_PASS);
+ }
+
+ public String getMetadataFile() {
+ return props.getProperty(METADATA_FILE);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 346883a94..94741df73 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -15,6 +15,8 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+
public class MOAMetadataProvider implements MetadataProvider {
MetadataProvider internalProvider;
@@ -24,7 +26,7 @@ public class MOAMetadataProvider implements MetadataProvider {
public MOAMetadataProvider() throws MetadataProviderException {
FilesystemMetadataProvider fsProvider = new FilesystemMetadataProvider(
- new File(MD_FILE));
+ new File(PVPConfiguration.getInstance().getMetadataFile()));
fsProvider.setParserPool(new BasicParserPool());
internalProvider = fsProvider;
fsProvider.initialize();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
new file mode 100644
index 000000000..3d2bd33b0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry;
+import org.opensaml.saml2.core.ArtifactResolve;
+import org.opensaml.saml2.core.ArtifactResponse;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+
+public class ArtifactResolution implements IRequestHandler {
+
+ public boolean handleObject(MOARequest obj) {
+ return (obj.getSamlRequest() instanceof ArtifactResolve);
+ }
+
+ public void process(MOARequest obj, HttpServletRequest req,
+ HttpServletResponse resp) {
+ if(!handleObject(obj)) {
+ // TODO: throw exception
+ return;
+ }
+
+ ArtifactResolve artifactResolve = (ArtifactResolve)obj.getSamlRequest();
+ String artifactID = artifactResolve.getArtifact().getArtifact();
+
+ PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance();
+ if(!pvpAssertion.contains(artifactID)) {
+ // TODO: send not found ...
+ } else {
+ SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID);
+ ArtifactResponse response = SAML2Utils.createSAMLObject(ArtifactResponse.class);
+ response.setMessage(assertion.getSamlMessage());
+ response.setIssueInstant(new DateTime());
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 27e248081..5fc1dc785 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -17,6 +17,7 @@ import org.opensaml.saml2.core.Subject;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
+import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
@@ -32,10 +33,9 @@ public class AuthnRequestHandler implements IRequestHandler {
}
public void process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp) {
+ HttpServletResponse resp) throws MOAIDException {
if(!handleObject(obj)) {
- // TODO: throw exception
- return;
+ throw new MOAIDException("INVALID HANDLER SELECETED", null);
}
AuthnRequest authnRequest = (AuthnRequest)obj.getSamlRequest();
@@ -95,14 +95,10 @@ public class AuthnRequestHandler implements IRequestHandler {
try {
binding.encodeRespone(req, resp, authResponse, oaURL);
} catch (MessageEncodingException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
} catch (SecurityException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
-
- System.out.println("AuthnRequest");
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index a971df93b..002713f79 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -3,11 +3,12 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
public interface IRequestHandler {
public boolean handleObject(MOARequest obj);
public void process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp);
+ HttpServletResponse resp) throws MOAIDException;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index 3f1049482..0e5fa9b1e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -7,6 +7,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.SAMLRequestNotSupported;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
@@ -29,7 +30,7 @@ public class RequestManager {
}
public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp)
- throws SAMLRequestNotSupported {
+ throws SAMLRequestNotSupported, MOAIDException {
Iterator<IRequestHandler> it = handler.iterator();
while(it.hasNext()) {
IRequestHandler handler = it.next();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
new file mode 100644
index 000000000..ec65f6bce
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -0,0 +1,52 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
+
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+
+import org.opensaml.xml.security.credential.BasicCredential;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class CredentialProvider {
+ public static Credential getIDPSigningCredential() throws CredentialsNotAvailableException {
+ KeyStore keyStore;
+ PVPConfiguration config = PVPConfiguration.getInstance();
+ try {
+ keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+
+ FileInputStream inputStream = new FileInputStream(
+ config.getIDPKeyStoreFilename());
+ keyStore.load(inputStream, config.getIDPKeyStorePassword().toCharArray());
+ inputStream.close();
+
+ BasicCredential credentials = new BasicCredential();
+ PrivateKey key = (PrivateKey) keyStore.getKey(config.getIDPKeyAlias(),
+ config.getIDPKeyPassword().toCharArray());
+ Certificate cert = keyStore.getCertificate(config.getIDPKeyAlias());
+ credentials.setPublicKey(cert.getPublicKey());
+ credentials.setPrivateKey(key);
+ credentials.setUsageType(UsageType.SIGNING);
+ return credentials;
+ } catch(Exception e) {
+ Logger.error("Failed to generate IDP Signing credentials");
+ e.printStackTrace();
+ throw new CredentialsNotAvailableException(e.getMessage(), null);
+ }
+ }
+
+ public static Signature getIDPSignature(Credential credentials) {
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(credentials);
+ return signer;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
new file mode 100644
index 000000000..56864bc1f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public class CredentialsNotAvailableException extends MOAIDException {
+
+ public CredentialsNotAvailableException(String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -2564476345552842599L;
+
+}