aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SAMLRequestNotSignedException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SAMLRequestNotSupported.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java150
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java2
22 files changed, 381 insertions, 123 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index c993290e9..5fa0dfcc3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -33,64 +33,6 @@ public class DispatcherServlet extends AuthServlet {
public static final String PARAM_TARGET_MODULE = "mod";
public static final String PARAM_TARGET_ACTION = "action";
- /*
- * public static final String PARAM_DISPATCHER_TARGETS =
- * "DispatcherTargets"; public static final String PARAM_DISPATCHER_TYPE =
- * "DispatcherType"; public static final String PARAM_DISPATCHER_TYPE_UNAUTH
- * = "UNAUTH"; public static final String PARAM_DISPATCHER_TYPE_AUTH =
- * "AUTH"; public static String SYSTEM_NEWLINE =
- * System.getProperty("line.separator");
- */
- /*
- * private HashMap<String, HashMap<String, HttpServlet>> endpointMap = new
- * HashMap<String, HashMap<String, HttpServlet>>();
- *
- * private void registerModule(IModulInfo modulInfo) {
- *
- * HashMap<String, HttpServlet> tempMap = new HashMap<String,
- * HttpServlet>();
- *
- * try {
- *
- * String path = modulInfo.getPath();
- *
- * if (path == null) { throw new Exception(String.format(
- * "%s does not return a valid target path!", new Object[] {
- * modulInfo.getClass().getName() })); }
- *
- * Logger.debug("Registering: " + modulInfo.getName() + " under " + path);
- *
- * List<ServletInfo> servletInfos = modulInfo.getServlets();
- *
- * Iterator<ServletInfo> servletInfoIterator = servletInfos.iterator();
- *
- * while (servletInfoIterator.hasNext()) {
- *
- * ServletInfo servletInfo = servletInfoIterator.next();
- *
- * if (servletInfo.getType() == ServletType.UNAUTH) { HttpServlet servlet =
- * servletInfo.getServletInstance(); String target =
- * servletInfo.getTarget();
- *
- * if (target == null) { throw new Exception( String.format(
- * "%s does not return a valid target identifier!", new Object[] {
- * servlet.getClass() .getName() })); }
- *
- * if (tempMap.containsKey(target)) { throw new Exception(String.format(
- * "%s tried to overwrite %s/%s", new Object[] {
- * servlet.getClass().getName(), path, target })); }
- *
- * tempMap.put(target, servlet); Logger.info("Registered Servlet class: " +
- * servlet.getClass().getName() + " OK"); }
- *
- * }
- *
- * // when there was no error we register all servlets into the real //
- * endpoint map ... if (!tempMap.isEmpty()) { endpointMap.put(path,
- * tempMap); } } catch (Throwable e) {
- * Logger.error("Registering Modul class: " + modulInfo.getClass().getName()
- * + " FAILED!!", e); } }
- */
@Override
public void init(ServletConfig config) throws ServletException {
try {
@@ -105,15 +47,6 @@ public class DispatcherServlet extends AuthServlet {
throw new ServletException(ex);
}
Logger.info("Dispatcher Servlet initialization");
-
- /*
- * List<IModulInfo> modules = ModulStorage.getAllModules();
- * Iterator<IModulInfo> it = modules.iterator(); while (it.hasNext()) {
- * IModulInfo info = it.next(); String targetClass =
- * info.getClass().getName(); try { registerModule(info); } catch
- * (Throwable e) { Logger.error("Registering Class " + targetClass +
- * " FAILED!!", e); } }
- */
}
protected void processRequest(HttpServletRequest req,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java
new file mode 100644
index 000000000..1e3c6145f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.xml.io.MarshallingException;
+
+public class ExternalPVPSessionStore {
+
+ private Map<String, SPSSODescriptor> externalSessions = new HashMap<String, SPSSODescriptor>();
+
+ public boolean contains(String sessionID) {
+ return externalSessions.containsKey(sessionID);
+ }
+
+ public void put(String sessionID, SPSSODescriptor sso) throws MarshallingException {
+ externalSessions.put(sessionID, sso);
+ }
+
+ public SPSSODescriptor get(String sessionID) {
+ return externalSessions.get(sessionID);
+ }
+
+ public void remove(String sessionID) {
+ externalSessions.remove(sessionID);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index d9129165e..85d5c2a46 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -17,13 +17,17 @@ import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
+import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.metadata.ArtifactResolutionService;
import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallingException;
@@ -52,9 +56,20 @@ public class MetadataAction implements IAction {
HttpServletResponse httpResp) throws MOAIDException {
try {
+ EntitiesDescriptor idpEntitiesDescriptor =
+ SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
+
+ idpEntitiesDescriptor.setName(PVPConfiguration.getInstance().getIDPIssuerName());
+
+ idpEntitiesDescriptor.setID(SAML2Utils.getSecureIdentifier());
+
+ idpEntitiesDescriptor.setValidUntil(new DateTime().plusWeeks(4));
+
EntityDescriptor idpEntityDescriptor = SAML2Utils
.createSAMLObject(EntityDescriptor.class);
+ idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor);
+
idpEntityDescriptor
.setEntityID("https://localhost:8443/moa-id-auth");
@@ -83,13 +98,15 @@ public class MetadataAction implements IAction {
Signature signature = CredentialProvider
.getIDPSignature(credential);
- idpEntityDescriptor.setSignature(signature);
+ idpEntitiesDescriptor.setSignature(signature);
IDPSSODescriptor idpSSODescriptor = SAML2Utils
.createSAMLObject(IDPSSODescriptor.class);
- idpSSODescriptor.setWantAuthnRequestsSigned(true);
-
+ idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ idpSSODescriptor.setWantAuthnRequestsSigned(true);
+
if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
SingleSignOnService postSingleSignOnService = SAML2Utils
.createSAMLObject(SingleSignOnService.class);
@@ -125,6 +142,8 @@ public class MetadataAction implements IAction {
artifactResolutionService.setLocation(PVPConfiguration
.getInstance().getIDPResolveSOAPService());
+ artifactResolutionService.setIndex(0);
+
idpSSODescriptor.getArtifactResolutionServices().add(
artifactResolutionService);
}
@@ -133,6 +152,21 @@ public class MetadataAction implements IAction {
idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes());
+ NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistenNameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat);
+
+ NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientNameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat);
+
+ NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat);
+
idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor);
DocumentBuilder builder;
@@ -142,8 +176,8 @@ public class MetadataAction implements IAction {
builder = factory.newDocumentBuilder();
Document document = builder.newDocument();
Marshaller out = Configuration.getMarshallerFactory()
- .getMarshaller(idpEntityDescriptor);
- out.marshall(idpEntityDescriptor, document);
+ .getMarshaller(idpEntitiesDescriptor);
+ out.marshall(idpEntitiesDescriptor, document);
Signer.signObject(signature);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 33c8af197..d2a3764cd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
@@ -195,13 +196,22 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
if(e instanceof NoPassivAuthenticationException) {
statusCode.setValue(StatusCode.NO_PASSIVE_URI);
statusMessage.setMessage(e.getLocalizedMessage());
+ } else if(e instanceof PVP2Exception) {
+ PVP2Exception ex = (PVP2Exception) e;
+ statusCode.setValue(ex.getStatusCodeValue());
+ String statusMessageValue = ex.getStatusMessageValue();
+ if(statusMessageValue != null) {
+ statusMessage.setMessage(statusMessageValue);
+ }
} else {
statusCode.setValue(StatusCode.RESPONDER_URI);
statusMessage.setMessage(e.getLocalizedMessage());
}
status.setStatusCode(statusCode);
- status.setStatusMessage(statusMessage);
+ if(statusMessage.getMessage() != null) {
+ status.setStatusMessage(statusMessage);
+ }
samlResponse.setStatus(status);
IEncoder encoder = new RedirectBinding();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index b818a2d8a..5875a37c7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -1,6 +1,12 @@
package at.gv.egovernment.moa.id.protocols.pvp2x;
public interface PVPConstants {
+
+ public static final String STORK_QAA_1_1 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1";
+ public static final String STORK_QAA_1_2 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-2";
+ public static final String STORK_QAA_1_3 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-3";
+ public static final String STORK_QAA_1_4 = "http://www.ref.gv.at/ns/names/agiz/stork/qaa/1-4";
+
public static final String URN_OID_PREFIX = "urn:oid:";
public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SAMLRequestNotSignedException.java
deleted file mode 100644
index 40f5685ad..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SAMLRequestNotSignedException.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-public class SAMLRequestNotSignedException extends MOAIDException {
-
- public SAMLRequestNotSignedException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- // TODO Auto-generated constructor stub
- }
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SAMLRequestNotSupported.java
deleted file mode 100644
index 16b388a09..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SAMLRequestNotSupported.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-
-public class SAMLRequestNotSupported extends MOAIDException {
-
- public SAMLRequestNotSupported(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- *
- */
- private static final long serialVersionUID = 1244883178458802767L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java
index d62cf72b1..d3c79c939 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java
@@ -35,6 +35,7 @@ public abstract class BaseAttributeBuilder implements PVPConstants, IAttributeBu
SAML2Utils.createSAMLObject(Attribute.class);
attribute.setFriendlyName(friendlyName);
attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
attribute.getAttributeValues().add(buildAttributeStringValue(value));
return attribute;
}
@@ -45,6 +46,7 @@ public abstract class BaseAttributeBuilder implements PVPConstants, IAttributeBu
SAML2Utils.createSAMLObject(Attribute.class);
attribute.setFriendlyName(friendlyName);
attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
return attribute;
}
@@ -54,6 +56,7 @@ public abstract class BaseAttributeBuilder implements PVPConstants, IAttributeBu
SAML2Utils.createSAMLObject(Attribute.class);
attribute.setFriendlyName(friendlyName);
attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
return attribute;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
index 5524ed44d..d9c66e6f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -12,7 +12,7 @@ public class EIDCitizenQAALevelAttributeBuilder extends BaseAttributeBuilder {
public Attribute build(AuthenticationSession authSession) {
return buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
- EID_CITIZEN_QAA_LEVEL_NAME, 2);
+ EID_CITIZEN_QAA_LEVEL_NAME, 4);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index d38c900bc..5a054b142 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -68,6 +68,7 @@ public class PVPConfiguration {
public static final String IDP_REDIRECT_SSO_SERVICE = "idp.sso.redirect";
public static final String IDP_SOAP_RESOLVE_SERVICE = "idp.resolve.soap";
+
public static final String IDP_TRUST_STORE = "idp.truststore";
public static final String SP_TARGET_PREFIX = "sp.target.";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
new file mode 100644
index 000000000..d8dd3729a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
@@ -0,0 +1,16 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class InvalidAssertionConsumerServiceException extends PVP2Exception {
+
+ public InvalidAssertionConsumerServiceException(String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ // TODO Auto-generated constructor stub
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7861790149343943091L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
new file mode 100644
index 000000000..0d464ccfa
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
@@ -0,0 +1,14 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class NoAuthContextException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7040652043174500992L;
+
+ public NoAuthContextException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
new file mode 100644
index 000000000..1e4cf15b8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public abstract class PVP2Exception extends MOAIDException {
+
+ protected String statusCodeValue = StatusCode.RESPONDER_URI;
+ protected String statusMessageValue = null;
+
+ public PVP2Exception(String messageId, Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+ public PVP2Exception(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+
+ public String getStatusCodeValue() {
+ return (this.statusCodeValue);
+ }
+
+ public String getStatusMessageValue() {
+ return (this.statusMessageValue);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7669537952484421069L;
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
new file mode 100644
index 000000000..a24320cbc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class ResponderErrorException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -425416760138285446L;
+
+ public ResponderErrorException(String messageId, Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ this.statusCodeValue = StatusCode.RESPONDER_URI;
+ }
+
+ public ResponderErrorException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ this.statusCodeValue = StatusCode.RESPONDER_URI;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
new file mode 100644
index 000000000..871c6f4bd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class SAMLRequestNotSignedException extends PVP2Exception {
+
+ public SAMLRequestNotSignedException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
new file mode 100644
index 000000000..99940335b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+
+public class SAMLRequestNotSupported extends PVP2Exception {
+
+ public SAMLRequestNotSupported(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1244883178458802767L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
new file mode 100644
index 000000000..6aeed47d7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
@@ -0,0 +1,15 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class UnprovideableAttributeException extends PVP2Exception {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 3972197758163647157L;
+
+ public UnprovideableAttributeException(String attributeName) {
+ super(attributeName, null);
+ this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 964c19208..9e795c51c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -11,14 +11,23 @@ import org.opensaml.saml2.core.ArtifactResponse;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
@@ -27,14 +36,21 @@ import org.opensaml.xml.security.SecurityException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-public class AuthnRequestHandler implements IRequestHandler {
+public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
public boolean handleObject(MOARequest obj) {
return (obj.getSamlRequest() instanceof AuthnRequest);
@@ -48,26 +64,75 @@ public class AuthnRequestHandler implements IRequestHandler {
AuthnRequest authnRequest = (AuthnRequest)obj.getSamlRequest();
+ RequestedAuthnContext reqAuthnContext = authnRequest.getRequestedAuthnContext();
+
+ if(reqAuthnContext == null) {
+ throw new NoAuthContextException("No Authn Context provided!", null);
+ }
+
+ boolean stork_qaa_1_4_found = false;
+
+ Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs().iterator();
+
+ while(reqAuthnContextClassRefIt.hasNext()) {
+ AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt.next();
+ String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split("\\s+");
+ for(int i = 0; i < qaa_uris.length; i++) {
+ if(qaa_uris[i].trim().equals(STORK_QAA_1_4)) {
+ stork_qaa_1_4_found = true;
+ break;
+ }
+ }
+ }
+
+ if(!stork_qaa_1_4_found) {
+ throw new NoAuthContextException("QAA not available Only supported QAA: " + STORK_QAA_1_4, null);
+ }
+
Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+ reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs().iterator();
+ StringBuilder authContextsb = new StringBuilder();
+ while(reqAuthnContextClassRefIt.hasNext()) {
+ AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt.next();
+ String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split("\\s+");
+ for(int i = 0; i < qaa_uris.length; i++) {
+ if(qaa_uris[i].trim().equals(STORK_QAA_1_4) ||
+ qaa_uris[i].trim().equals(STORK_QAA_1_3)||
+ qaa_uris[i].trim().equals(STORK_QAA_1_2)||
+ qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
+ authContextsb.append(qaa_uris[i].trim());
+ authContextsb.append(" ");
+ }
+ }
+
+ }
AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
- authnContextClassRef.setAuthnContextClassRef(AuthnContext.SMARTCARD_PKI_AUTHN_CTX);
-
+ authnContextClassRef.setAuthnContextClassRef(authContextsb.toString());
AuthnContext authnContext = SAML2Utils.createSAMLObject(AuthnContext.class);
authnContext.setAuthnContextClassRef(authnContextClassRef);
AuthnStatement authnStatement = SAML2Utils.createSAMLObject(AuthnStatement.class);
-
+ String remoteSessionID = SAML2Utils.getSecureIdentifier();
authnStatement.setAuthnInstant(new DateTime());
+ // currently dummy id ...
+ authnStatement.setSessionIndex(remoteSessionID);
authnStatement.setAuthnContext(authnContext);
assertion.getAuthnStatements().add(authnStatement);
-
- SPSSODescriptor spSSODescriptor = obj.getEntityMetadata().
+ EntityDescriptor peerEntity = obj.getEntityMetadata();
+ SPSSODescriptor spSSODescriptor = peerEntity.
getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int idx = 0;
+
+ if(aIdx != null) {
+ idx = aIdx.intValue();
+ }
+
AttributeConsumingService attributeConsumingService =
- spSSODescriptor.getAttributeConsumingServices().iterator().next();
+ spSSODescriptor.getAttributeConsumingServices().get(idx);
AuthenticationSession authSession =
@@ -81,7 +146,7 @@ public class AuthnRequestHandler implements IRequestHandler {
Attribute attr = PVPAttributeBuilder.buildAttribute(reqAttribut.getName(), authSession);
if(attr == null) {
if(reqAttribut.isRequired()) {
- throw new MOAIDException("Cannot provide requested attribute " + reqAttribut.getName(), null);
+ throw new UnprovideableAttributeException(reqAttribut.getName());
}
} else {
attributeStatement.getAttributes().add(attr);
@@ -94,10 +159,47 @@ public class AuthnRequestHandler implements IRequestHandler {
Subject subject = SAML2Utils.createSAMLObject(Subject.class);
NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ boolean foundFormat = false;
+ Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats().iterator();
+ while(formatIt.hasNext()) {
+ if(formatIt.next().getFormat().equals(NameID.PERSISTENT)) {
+ foundFormat = true;
+ break;
+ }
+ }
+ if(!foundFormat) {
+ // TODO use correct exception
+ throw new SAMLRequestNotSupported(NameID.PERSISTENT + " not supported by SP", null);
+ }
subjectNameID.setFormat(NameID.PERSISTENT);
+ subjectNameID.setNameQualifier(authSession.getIdentityLink().getIdentificationType());
subjectNameID.setValue(authSession.getAuthData().getIdentificationValue());
subject.setNameID(subjectNameID);
+ SubjectConfirmation subjectConfirmation = SAML2Utils.createSAMLObject(SubjectConfirmation.class);
+ subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+ SubjectConfirmationData subjectConfirmationData =
+ SAML2Utils.createSAMLObject(SubjectConfirmationData.class);
+ subjectConfirmationData.setInResponseTo(authnRequest.getID());
+ subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20));
+ subjectConfirmationData.setRecipient(peerEntity.getEntityID());
+
+ subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
+
+ subject.getSubjectConfirmations().add(subjectConfirmation);
+
+ Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
+ AudienceRestriction audienceRestriction = SAML2Utils.createSAMLObject(AudienceRestriction.class);
+ Audience audience = SAML2Utils.createSAMLObject(Audience.class);
+
+ audience.setAudienceURI(peerEntity.getEntityID());
+ audienceRestriction.getAudiences().add(audience);
+ conditions.setNotBefore(new DateTime());
+ conditions.setNotOnOrAfter(new DateTime().plusMinutes(20));
+ conditions.getAudienceRestrictions().add(audienceRestriction);
+
+ assertion.setConditions(conditions);
+
//assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj, authSession));
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
@@ -105,6 +207,8 @@ public class AuthnRequestHandler implements IRequestHandler {
issuer.setFormat(NameID.ENTITY);
assertion.setIssuer(issuer);
assertion.setSubject(subject);
+ assertion.setID(SAML2Utils.getSecureIdentifier());
+ assertion.setIssueInstant(new DateTime());
ArtifactResponse authResponse = SAML2Utils.createSAMLObject(ArtifactResponse.class);
@@ -116,21 +220,41 @@ public class AuthnRequestHandler implements IRequestHandler {
authResponse.setMessage(assertion);
authResponse.setStatus(SAML2Utils.getSuccessStatus());
- Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
- int idx = 0;
+ aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ idx = 0;
if(aIdx != null) {
idx = aIdx.intValue();
}
+ AssertionConsumerService consumerService = spSSODescriptor.
+ getAssertionConsumerServices().get(idx);
+
+ if(consumerService == null) {
+ throw new InvalidAssertionConsumerServiceException("IDX " + idx + " is not a valid consumer service index!", null);
+ }
+ String oaURL = consumerService.getLocation();
+
+ IEncoder binding = null;
- String oaURL = spSSODescriptor.
- getAssertionConsumerServices().get(idx).getLocation();
+ if(consumerService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+ } else if(consumerService.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+ // TODO: not supported YET!!
+ binding = new ArtifactBinding();
+ } else if(consumerService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+ }
+
+ if(binding == null) {
+ throw new InvalidAssertionConsumerServiceException("Binding " + consumerService.getBinding() + " is not supported", null);
+ }
- IEncoder binding = new PostBinding();
try {
binding.encodeRespone(req, resp, authResponse, oaURL);
+ // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
} catch (MessageEncodingException e) {
+ e.printStackTrace();
} catch (SecurityException e) {
// TODO Auto-generated catch block
e.printStackTrace();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index 0e5fa9b1e..9496ecb31 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -8,8 +8,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.SAMLRequestNotSupported;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
public class RequestManager {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
index 0fa5a7193..7bb5b052f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
@@ -9,6 +10,7 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.opensaml.Configuration;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.xml.XMLObject;
@@ -36,6 +38,12 @@ public class SAML2Utils {
}
}
+ public static String getSecureIdentifier() {
+ return idGenerator.generateIdentifier();
+ }
+
+ private static SecureRandomIdentifierGenerator idGenerator;
+
private static DocumentBuilder builder;
static {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
@@ -46,6 +54,11 @@ public class SAML2Utils {
// TODO Auto-generated catch block
e.printStackTrace();
}
+ try {
+ idGenerator = new SecureRandomIdentifierGenerator();
+ } catch(NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
}
public static Document asDOMDocument(XMLObject object) throws IOException,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
index df0fec001..3a6d15ef6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -6,7 +6,7 @@ import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.xml.validation.ValidationException;
import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.SAMLRequestNotSignedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
public class SAMLSignatureValidator implements ISAMLValidator {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 41e9b70cf..1233d8dab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -8,7 +8,7 @@ import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;
import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.SAMLRequestNotSignedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
public class EntityVerifier {