aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java46
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java228
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java257
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java30
23 files changed, 390 insertions, 326 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 85d5c2a46..59eaa90b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.protocols.pvp2x;
-import java.io.IOException;
import java.io.StringWriter;
import java.util.List;
@@ -8,12 +7,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -21,7 +16,6 @@ import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.metadata.ArtifactResolutionService;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -30,14 +24,11 @@ import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;
@@ -47,8 +38,8 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
public class MetadataAction implements IAction {
@@ -133,7 +124,7 @@ public class MetadataAction implements IAction {
redirectSingleSignOnService);
}
- if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
+ /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) {
ArtifactResolutionService artifactResolutionService = SAML2Utils
.createSAMLObject(ArtifactResolutionService.class);
@@ -146,7 +137,7 @@ public class MetadataAction implements IAction {
idpSSODescriptor.getArtifactResolutionServices().add(
artifactResolutionService);
- }
+ }*/
idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
@@ -199,33 +190,10 @@ public class MetadataAction implements IAction {
httpResp.getOutputStream().close();
- } catch (CredentialsNotAvailableException e) {
- e.printStackTrace();
- } catch (SecurityException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (ParserConfigurationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (MarshallingException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (SignatureException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (TransformerConfigurationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (TransformerFactoryConfigurationError e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (TransformerException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
+ } catch (Exception e) {
+ Logger.error("Failed to generate metadata", e);
+ throw new MOAIDException("pvp2.13", null);
+ }
}
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 11f7fb257..c5fa53973 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -190,7 +190,6 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
config.setRequest(moaRequest);
config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID));
- //TODO: Implement check for Mandate Attributes if mandate request
String useMandate = request.getParameter(PARAM_USEMANDATE);
if(useMandate != null) {
if(useMandate.equals("true")) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index a8c3dab48..e9d802e17 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -1,12 +1,5 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index ced20ce9c..acadd3cb4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -70,8 +70,7 @@ public class SoapBinding implements IDecoder, IEncoder {
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
StatusResponseType response, String targetLocation)
throws MessageEncodingException, SecurityException {
- HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
- // TODO
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
new file mode 100644
index 000000000..2038ef5a5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -0,0 +1,228 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
+
+import java.util.Iterator;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.AuthnContext;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class PVP2AssertionBuilder implements PVPConstants {
+ public static Assertion buildAssertion(AuthnRequest authnRequest,
+ AuthenticationSession authSession, EntityDescriptor peerEntity) throws PVP2Exception {
+ Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
+
+ RequestedAuthnContext reqAuthnContext = authnRequest
+ .getRequestedAuthnContext();
+
+ if (reqAuthnContext == null) {
+ throw new NoAuthContextException();
+ }
+
+ boolean stork_qaa_1_4_found = false;
+
+ Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
+ .getAuthnContextClassRefs().iterator();
+
+ while (reqAuthnContextClassRefIt.hasNext()) {
+ AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
+ .next();
+ String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
+ "\\s+");
+ for (int i = 0; i < qaa_uris.length; i++) {
+ if (qaa_uris[i].trim().equals(STORK_QAA_1_4)) {
+ stork_qaa_1_4_found = true;
+ break;
+ }
+ }
+ }
+
+ if (!stork_qaa_1_4_found) {
+ throw new QAANotSupportedException(STORK_QAA_1_4);
+ }
+
+ reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
+ .iterator();
+ StringBuilder authContextsb = new StringBuilder();
+ while (reqAuthnContextClassRefIt.hasNext()) {
+ AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
+ .next();
+ String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
+ "\\s+");
+ for (int i = 0; i < qaa_uris.length; i++) {
+ if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
+ || qaa_uris[i].trim().equals(STORK_QAA_1_3)
+ || qaa_uris[i].trim().equals(STORK_QAA_1_2)
+ || qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
+ authContextsb.append(qaa_uris[i].trim());
+ authContextsb.append(" ");
+ }
+ }
+
+ }
+ AuthnContextClassRef authnContextClassRef = SAML2Utils
+ .createSAMLObject(AuthnContextClassRef.class);
+ authnContextClassRef.setAuthnContextClassRef(authContextsb.toString());
+ AuthnContext authnContext = SAML2Utils
+ .createSAMLObject(AuthnContext.class);
+ authnContext.setAuthnContextClassRef(authnContextClassRef);
+
+ AuthnStatement authnStatement = SAML2Utils
+ .createSAMLObject(AuthnStatement.class);
+ String remoteSessionID = SAML2Utils.getSecureIdentifier();
+ authnStatement.setAuthnInstant(new DateTime());
+ // currently dummy id ...
+ authnStatement.setSessionIndex(remoteSessionID);
+ authnStatement.setAuthnContext(authnContext);
+
+ assertion.getAuthnStatements().add(authnStatement);
+
+ SPSSODescriptor spSSODescriptor = peerEntity
+ .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int idx = 0;
+
+ if (aIdx != null) {
+ idx = aIdx.intValue();
+ }
+
+ AttributeConsumingService attributeConsumingService = spSSODescriptor
+ .getAttributeConsumingServices().get(idx);
+
+ AttributeStatement attributeStatement = SAML2Utils
+ .createSAMLObject(AttributeStatement.class);
+
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
+ boolean foundFormat = false;
+ Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats()
+ .iterator();
+ while (formatIt.hasNext()) {
+ if (formatIt.next().getFormat().equals(NameID.PERSISTENT)) {
+ foundFormat = true;
+ break;
+ }
+ }
+ if (!foundFormat) {
+ // TODO use correct exception
+ throw new NameIDFormatNotSupportedException("");
+ }
+
+ // TODO: Check if we need to hide source pin
+ /*
+ * if(authSession.getUseMandate()) { Element mandate =
+ * authSession.getMandate(); if(authSession.getBusinessService()) { //
+ * Hide Source PIN! ParepUtils.HideStammZahlen(mandate, true, null,
+ * authSession.getDomainIdentifier(), true); } else {
+ * ParepUtils.HideStammZahlen(mandate, false, authSession.getTarget(),
+ * null, true); } }
+ */
+
+ Iterator<RequestedAttribute> it = attributeConsumingService
+ .getRequestAttributes().iterator();
+ while (it.hasNext()) {
+ RequestedAttribute reqAttribut = it.next();
+ try {
+ Attribute attr = PVPAttributeBuilder.buildAttribute(
+ reqAttribut.getName(), authSession);
+ if (attr == null) {
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+ } else {
+ attributeStatement.getAttributes().add(attr);
+ }
+ } catch (PVP2Exception e) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttribut.getFriendlyName(), e);
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+ }
+ }
+
+ if (attributeStatement.getAttributes().size() > 0) {
+ assertion.getAttributeStatements().add(attributeStatement);
+ }
+
+ subjectNameID.setFormat(NameID.PERSISTENT);
+ subjectNameID.setNameQualifier(authSession.getAssertionAuthData()
+ .getIdentificationType());
+ subjectNameID.setValue(authSession.getAssertionAuthData()
+ .getIdentificationValue());
+ // }
+
+ subject.setNameID(subjectNameID);
+
+ SubjectConfirmation subjectConfirmation = SAML2Utils
+ .createSAMLObject(SubjectConfirmation.class);
+ subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+ SubjectConfirmationData subjectConfirmationData = SAML2Utils
+ .createSAMLObject(SubjectConfirmationData.class);
+ subjectConfirmationData.setInResponseTo(authnRequest.getID());
+ subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20));
+ subjectConfirmationData.setRecipient(peerEntity.getEntityID());
+
+ subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
+
+ subject.getSubjectConfirmations().add(subjectConfirmation);
+
+ Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
+ AudienceRestriction audienceRestriction = SAML2Utils
+ .createSAMLObject(AudienceRestriction.class);
+ Audience audience = SAML2Utils.createSAMLObject(Audience.class);
+
+ audience.setAudienceURI(peerEntity.getEntityID());
+ audienceRestriction.getAudiences().add(audience);
+ conditions.setNotBefore(new DateTime());
+ conditions.setNotOnOrAfter(new DateTime().plusMinutes(20));
+ conditions.getAudienceRestrictions().add(audienceRestriction);
+
+ assertion.setConditions(conditions);
+
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+ issuer.setFormat(NameID.ENTITY);
+ assertion.setIssuer(issuer);
+ assertion.setSubject(subject);
+ assertion.setID(SAML2Utils.getSecureIdentifier());
+ assertion.setIssueInstant(new DateTime());
+
+ return assertion;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
new file mode 100644
index 000000000..51c4b7e72
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
@@ -0,0 +1,19 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class BindingNotSupportedException extends PVP2Exception {
+
+ public BindingNotSupportedException(String binding) {
+ super("pvp2.11", new Object[] {binding});
+ this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -7227603941387879360L;
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
index d8dd3729a..521b55580 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
@@ -1,11 +1,12 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+import org.opensaml.saml2.core.StatusCode;
+
public class InvalidAssertionConsumerServiceException extends PVP2Exception {
- public InvalidAssertionConsumerServiceException(String messageId,
- Object[] parameters) {
- super(messageId, parameters);
- // TODO Auto-generated constructor stub
+ public InvalidAssertionConsumerServiceException(int idx) {
+ super("pvp2.00", new Object[]{idx});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
index b3eb61d46..799d26ccb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
@@ -1,9 +1,12 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+import org.opensaml.saml2.core.StatusCode;
+
public class InvalidDateFormatException extends PVP2Exception {
public InvalidDateFormatException() {
- super("Invalid date format", null);
+ super("pvp2.02", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
index dbee8d696..41a56639a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
@@ -5,7 +5,7 @@ import org.opensaml.saml2.core.StatusCode;
public class MandateAttributesNotHandleAbleException extends PVP2Exception {
public MandateAttributesNotHandleAbleException() {
- super("Mandate attributes not listed in attribute consumer service", null);
+ super("pvp2.03", null);
this.statusCodeValue = StatusCode.REQUESTER_URI;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
new file mode 100644
index 000000000..7dc9d5645
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -0,0 +1,14 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class NameIDFormatNotSupportedException extends PVP2Exception {
+
+ public NameIDFormatNotSupportedException(String nameIDFormat) {
+ super("pvp2.12", new Object[] {nameIDFormat});
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -2270762519437873336L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
index 0d464ccfa..cd81de30f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+import org.opensaml.saml2.core.StatusCode;
+
public class NoAuthContextException extends PVP2Exception {
/**
@@ -7,8 +9,9 @@ public class NoAuthContextException extends PVP2Exception {
*/
private static final long serialVersionUID = 7040652043174500992L;
- public NoAuthContextException(String messageId, Object[] parameters) {
- super(messageId, parameters);
+ public NoAuthContextException() {
+ super("pvp2.04", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
new file mode 100644
index 000000000..6af97301f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+public class NoCredentialsException extends PVP2Exception {
+
+ public static final String MOA_IDP_TARGET = "MOA-ID";
+
+ public NoCredentialsException(String target) {
+ super("pvp2.08", new Object[] {target});
+ this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -9086515080686076313L;
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
index a7cb74657..d24905f68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
@@ -3,7 +3,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
public class NoMandateDataAvailableException extends PVP2Exception {
public NoMandateDataAvailableException() {
- super("No mandate data available", null);
+ super("pvp2.06", null);
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
new file mode 100644
index 000000000..a9bd8104e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+public class PVP2EncodingException extends PVP2Exception {
+
+ public PVP2EncodingException() {
+ super("pvp2.01", null);
+ }
+
+ public PVP2EncodingException(Throwable wrapped) {
+ super("pvp2.01", null, wrapped);
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -1348774139990071020L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
index 1e4cf15b8..990a76562 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
@@ -12,10 +12,12 @@ public abstract class PVP2Exception extends MOAIDException {
public PVP2Exception(String messageId, Object[] parameters,
Throwable wrapped) {
super(messageId, parameters, wrapped);
+ this.statusMessageValue = this.getMessage();
}
public PVP2Exception(String messageId, Object[] parameters) {
super(messageId, parameters);
+ this.statusMessageValue = this.getMessage();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
new file mode 100644
index 000000000..be22be859
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+
+public class QAANotSupportedException extends PVP2Exception {
+
+ public QAANotSupportedException(String qaa) {
+ super("pvp2.05", new Object[] {qaa});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3964192953884089323L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
index 871c6f4bd..e0f576205 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
@@ -4,8 +4,13 @@ import org.opensaml.saml2.core.StatusCode;
public class SAMLRequestNotSignedException extends PVP2Exception {
- public SAMLRequestNotSignedException(String messageId, Object[] parameters) {
- super(messageId, parameters);
+ public SAMLRequestNotSignedException() {
+ super("pvp2.07", null);
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
+
+ public SAMLRequestNotSignedException(Throwable e) {
+ super("pvp2.07", null, e);
this.statusCodeValue = StatusCode.REQUESTER_URI;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
index 99940335b..029470b94 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
@@ -5,8 +5,8 @@ import org.opensaml.saml2.core.StatusCode;
public class SAMLRequestNotSupported extends PVP2Exception {
- public SAMLRequestNotSupported(String messageId, Object[] parameters) {
- super(messageId, parameters);
+ public SAMLRequestNotSupported() {
+ super("pvp2.09", null);
this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
index 6aeed47d7..0a91cc61a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
@@ -9,7 +9,7 @@ public class UnprovideableAttributeException extends PVP2Exception {
private static final long serialVersionUID = 3972197758163647157L;
public UnprovideableAttributeException(String attributeName) {
- super(attributeName, null);
+ super("pvp2.10", new Object[] {attributeName});
this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 194138235..94189714e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -1,42 +1,22 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
-import java.util.Iterator;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
-import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
@@ -44,13 +24,10 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -63,222 +40,20 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
public void process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp) throws MOAIDException {
if (!handleObject(obj)) {
- throw new MOAIDException("INVALID HANDLER SELECETED", null);
+ throw new MOAIDException("pvp2.13", null);
}
AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
-
- RequestedAuthnContext reqAuthnContext = authnRequest
- .getRequestedAuthnContext();
-
- if (reqAuthnContext == null) {
- throw new NoAuthContextException("No Authn Context provided!", null);
- }
-
- boolean stork_qaa_1_4_found = false;
-
- Iterator<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
- .getAuthnContextClassRefs().iterator();
-
- while (reqAuthnContextClassRefIt.hasNext()) {
- AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
- .next();
- String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
- "\\s+");
- for (int i = 0; i < qaa_uris.length; i++) {
- if (qaa_uris[i].trim().equals(STORK_QAA_1_4)) {
- stork_qaa_1_4_found = true;
- break;
- }
- }
- }
-
- if (!stork_qaa_1_4_found) {
- throw new NoAuthContextException(
- "QAA not available Only supported QAA: " + STORK_QAA_1_4,
- null);
- }
+ EntityDescriptor peerEntity = obj.getEntityMetadata();
+
AuthenticationSession authSession = AuthenticationManager
.getAuthenticationSession(req.getSession());
// authSession.getM
- Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
-
- reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
- .iterator();
- StringBuilder authContextsb = new StringBuilder();
- while (reqAuthnContextClassRefIt.hasNext()) {
- AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
- .next();
- String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
- "\\s+");
- for (int i = 0; i < qaa_uris.length; i++) {
- if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
- || qaa_uris[i].trim().equals(STORK_QAA_1_3)
- || qaa_uris[i].trim().equals(STORK_QAA_1_2)
- || qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
- authContextsb.append(qaa_uris[i].trim());
- authContextsb.append(" ");
- }
- }
-
- }
- AuthnContextClassRef authnContextClassRef = SAML2Utils
- .createSAMLObject(AuthnContextClassRef.class);
- authnContextClassRef.setAuthnContextClassRef(authContextsb.toString());
- AuthnContext authnContext = SAML2Utils
- .createSAMLObject(AuthnContext.class);
- authnContext.setAuthnContextClassRef(authnContextClassRef);
-
- AuthnStatement authnStatement = SAML2Utils
- .createSAMLObject(AuthnStatement.class);
- String remoteSessionID = SAML2Utils.getSecureIdentifier();
- authnStatement.setAuthnInstant(new DateTime());
- // currently dummy id ...
- authnStatement.setSessionIndex(remoteSessionID);
- authnStatement.setAuthnContext(authnContext);
-
- assertion.getAuthnStatements().add(authnStatement);
- EntityDescriptor peerEntity = obj.getEntityMetadata();
- SPSSODescriptor spSSODescriptor = peerEntity
- .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
- Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
- int idx = 0;
-
- if (aIdx != null) {
- idx = aIdx.intValue();
- }
-
- AttributeConsumingService attributeConsumingService = spSSODescriptor
- .getAttributeConsumingServices().get(idx);
-
- AttributeStatement attributeStatement = SAML2Utils
- .createSAMLObject(AttributeStatement.class);
-
- Subject subject = SAML2Utils.createSAMLObject(Subject.class);
- NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
- boolean foundFormat = false;
- Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats()
- .iterator();
- while (formatIt.hasNext()) {
- if (formatIt.next().getFormat().equals(NameID.PERSISTENT)) {
- foundFormat = true;
- break;
- }
- }
- if (!foundFormat) {
- // TODO use correct exception
- throw new SAMLRequestNotSupported(NameID.PERSISTENT
- + " not supported by SP", null);
- }
-
- //TODO: Check if we need to hide source pin
- /*if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
- if(authSession.getBusinessService()) {
- // Hide Source PIN!
- ParepUtils.HideStammZahlen(mandate, true, null, authSession.getDomainIdentifier(), true);
- } else {
- ParepUtils.HideStammZahlen(mandate, false, authSession.getTarget(), null, true);
- }
- }*/
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity);
-/* if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
-
- Document document = mandate.getOwnerDocument();
- DOMImplementationLS domImplLS = (DOMImplementationLS) document
- .getImplementation();
- LSSerializer serializer = domImplLS.createLSSerializer();
- String str = serializer.writeToString(mandate);
- Logger.info("Full Mandate: " + str);
- //TODO: extract attributes for mandates
- Logger.info("Assertion Authdata getAssertionID: " + authSession.getAssertionAuthData().getAssertionID());
- Logger.info("Assertion Authdata getBkuURL: " + authSession.getAssertionAuthData().getBkuURL());
- Logger.info("Assertion Authdata getBPK: " + authSession.getAssertionAuthData().getBPK());
- Logger.info("Assertion Authdata getDateOfBirth: " + authSession.getAssertionAuthData().getDateOfBirth());
- Logger.info("Assertion Authdata getFamilyName: " + authSession.getAssertionAuthData().getFamilyName());
- Logger.info("Assertion Authdata getGivenName: " + authSession.getAssertionAuthData().getGivenName());
- Logger.info("Assertion Authdata getIdentificationType: " + authSession.getAssertionAuthData().getIdentificationType());
- Logger.info("Assertion Authdata getIdentificationValue: " + authSession.getAssertionAuthData().getIdentificationValue());
- Logger.info("Assertion Authdata getWBPK: " + authSession.getAssertionAuthData().getWBPK());
- Logger.info("Assertion getMandateData: " + authSession.getMandateData());
- Logger.info("Assertion getMandateReferenceValue: " + authSession.getMandateReferenceValue());
- } else {
-*/
- Iterator<RequestedAttribute> it = attributeConsumingService
- .getRequestAttributes().iterator();
- while (it.hasNext()) {
- RequestedAttribute reqAttribut = it.next();
- try {
- Attribute attr = PVPAttributeBuilder.buildAttribute(
- reqAttribut.getName(), authSession);
- if (attr == null) {
- if (reqAttribut.isRequired()) {
- throw new UnprovideableAttributeException(
- reqAttribut.getName());
- }
- } else {
- attributeStatement.getAttributes().add(attr);
- }
- } catch(PVP2Exception e) {
- Logger.error("Attribute generation failed! for " + reqAttribut.getFriendlyName(), e);
- }
- }
-
- if (attributeStatement.getAttributes().size() > 0) {
- assertion.getAttributeStatements().add(attributeStatement);
- }
-
- subjectNameID.setFormat(NameID.PERSISTENT);
- subjectNameID.setNameQualifier(authSession.getAssertionAuthData()
- .getIdentificationType());
- subjectNameID.setValue(authSession.getAssertionAuthData()
- .getIdentificationValue());
-// }
-
- subject.setNameID(subjectNameID);
-
- SubjectConfirmation subjectConfirmation = SAML2Utils
- .createSAMLObject(SubjectConfirmation.class);
- subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
- SubjectConfirmationData subjectConfirmationData = SAML2Utils
- .createSAMLObject(SubjectConfirmationData.class);
- subjectConfirmationData.setInResponseTo(authnRequest.getID());
- subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20));
- subjectConfirmationData.setRecipient(peerEntity.getEntityID());
-
- subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
-
- subject.getSubjectConfirmations().add(subjectConfirmation);
-
- Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
- AudienceRestriction audienceRestriction = SAML2Utils
- .createSAMLObject(AudienceRestriction.class);
- Audience audience = SAML2Utils.createSAMLObject(Audience.class);
-
- audience.setAudienceURI(peerEntity.getEntityID());
- audienceRestriction.getAudiences().add(audience);
- conditions.setNotBefore(new DateTime());
- conditions.setNotOnOrAfter(new DateTime().plusMinutes(20));
- conditions.getAudienceRestrictions().add(audienceRestriction);
-
- assertion.setConditions(conditions);
-
- // assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj,
- // authSession));
-
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
- issuer.setFormat(NameID.ENTITY);
- assertion.setIssuer(issuer);
- assertion.setSubject(subject);
- assertion.setID(SAML2Utils.getSecureIdentifier());
- assertion.setIssueInstant(new DateTime());
-
Response authResponse = SAML2Utils.createSAMLObject(Response.class);
Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
@@ -289,19 +64,21 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
authResponse.getAssertions().add(assertion);
authResponse.setStatus(SAML2Utils.getSuccessStatus());
- aIdx = authnRequest.getAssertionConsumerServiceIndex();
- idx = 0;
+ Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ int idx = 0;
if (aIdx != null) {
idx = aIdx.intValue();
}
+
+ SPSSODescriptor spSSODescriptor = peerEntity
+ .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
AssertionConsumerService consumerService = spSSODescriptor
.getAssertionConsumerServices().get(idx);
if (consumerService == null) {
- throw new InvalidAssertionConsumerServiceException("IDX " + idx
- + " is not a valid consumer service index!", null);
+ throw new InvalidAssertionConsumerServiceException(idx);
}
String oaURL = consumerService.getLocation();
@@ -320,18 +97,18 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
}
if (binding == null) {
- throw new InvalidAssertionConsumerServiceException("Binding "
- + consumerService.getBinding() + " is not supported", null);
+ throw new BindingNotSupportedException(consumerService.getBinding());
}
try {
binding.encodeRespone(req, resp, authResponse, oaURL);
// TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
} catch (MessageEncodingException e) {
- e.printStackTrace();
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
} catch (SecurityException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
}
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index 9496ecb31..29c960dd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -41,6 +41,6 @@ public class RequestManager {
}
// not handled
- throw new SAMLRequestNotSupported("NOTSUPPORTED", null);
+ throw new SAMLRequestNotSupported();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
index 3a6d15ef6..db1241e6f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -13,8 +13,7 @@ public class SAMLSignatureValidator implements ISAMLValidator {
public void validateRequest(RequestAbstractType request)
throws MOAIDException {
if (request.getSignature() == null) {
- throw new SAMLRequestNotSignedException("NOT SIGNED",
- new Object[] {});
+ throw new SAMLRequestNotSignedException();
}
try {
@@ -22,15 +21,14 @@ public class SAMLSignatureValidator implements ISAMLValidator {
sigValidator.validate(request.getSignature());
} catch (ValidationException e) {
e.printStackTrace();
- throw new MOAIDException("SIGNATURE VALIDATOR", new Object[] {});
+ throw new SAMLRequestNotSignedException(e);
}
}
public static void validateSignable(SignableSAMLObject signableObject)
throws MOAIDException {
if (signableObject.getSignature() == null) {
- throw new SAMLRequestNotSignedException("NOT SIGNED",
- new Object[] {});
+ throw new SAMLRequestNotSignedException();
}
try {
@@ -38,7 +36,7 @@ public class SAMLSignatureValidator implements ISAMLValidator {
sigValidator.validate(signableObject.getSignature());
} catch (ValidationException e) {
e.printStackTrace();
- throw new MOAIDException("SIGNATURE VALIDATOR", new Object[] {});
+ throw new SAMLRequestNotSignedException(e);
}
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 1233d8dab..5bd0878a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -8,65 +8,63 @@ import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
+import at.gv.egovernment.moa.logging.Logger;
public class EntityVerifier {
public static void verify(EntityDescriptor entityDescriptor) throws MOAIDException {
if (entityDescriptor.getSignature() == null) {
- throw new SAMLRequestNotSignedException("NOT SIGNED",
- new Object[] {});
+ throw new SAMLRequestNotSignedException();
}
try {
SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
sigValidator.validate(entityDescriptor.getSignature());
} catch (ValidationException e) {
- e.printStackTrace();
- throw new MOAIDException("SIGNATURE VALIDATOR", new Object[] {});
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
}
Credential credential = CredentialProvider.getSPTrustedCredential(entityDescriptor.getEntityID());
if(credential == null) {
- throw new MOAIDException("NO CREDENTIALS FOR " + entityDescriptor.getEntityID(), new Object[] {});
+ throw new NoCredentialsException(entityDescriptor.getEntityID());
}
SignatureValidator sigValidator = new SignatureValidator(credential);
try {
sigValidator.validate(entityDescriptor.getSignature());
} catch (ValidationException e) {
- // Indicates signature was not cryptographically valid, or possibly a processing error
- e.printStackTrace();
- throw new MOAIDException("FAILED TO VERIFY SIGNATURE", new Object[] {});
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
}
}
public static void verify(EntitiesDescriptor entityDescriptor) throws MOAIDException {
if (entityDescriptor.getSignature() == null) {
- throw new SAMLRequestNotSignedException("NOT SIGNED",
- new Object[] {});
+ throw new SAMLRequestNotSignedException();
}
try {
SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
sigValidator.validate(entityDescriptor.getSignature());
} catch (ValidationException e) {
- e.printStackTrace();
- throw new MOAIDException("SIGNATURE VALIDATOR", new Object[] {});
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
}
Credential credential = CredentialProvider.getTrustedCredential();
if(credential == null) {
- throw new MOAIDException("NO CREDENTIALS FOR ", new Object[] {});
+ throw new NoCredentialsException("moaID IDP");
}
SignatureValidator sigValidator = new SignatureValidator(credential);
try {
sigValidator.validate(entityDescriptor.getSignature());
} catch (ValidationException e) {
- // Indicates signature was not cryptographically valid, or possibly a processing error
- e.printStackTrace();
- throw new MOAIDException("FAILED TO VERIFY SIGNATURE", new Object[] {});
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
}
}