diff options
Diffstat (limited to 'id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation')
31 files changed, 2313 insertions, 0 deletions
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAssertionValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAssertionValidator.java new file mode 100644 index 000000000..c412ba6a0 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAssertionValidator.java @@ -0,0 +1,91 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.validator.AssertionSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkAssertionValidator extends AssertionSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAssertionValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Assertion assertion) throws ValidationException {
+
+ super.validate(assertion);
+
+ if(assertion.getID() == null) {
+
+ throw new ValidationException("ID is required.");
+ }
+
+ if(assertion.getVersion() == null || !assertion.getVersion().equals(SAMLVersion.VERSION_20)) {
+
+ throw new ValidationException("Version of assertion not present or invalid.");
+ }
+
+ if(assertion.getIssueInstant() == null) {
+
+ throw new ValidationException("IssueInstant is required.");
+ }
+
+ if(assertion.getSubject() == null) {
+
+ throw new ValidationException("Subject is required.");
+ }
+
+ if(assertion.getConditions() == null) {
+
+ throw new ValidationException("Conditions is required.");
+ }
+
+ if(assertion.getAuthnStatements() == null ||
+ assertion.getAuthnStatements().size() != 1) {
+
+ throw new ValidationException("Incorrect number of AuthnStatements.");
+ }
+
+ if(assertion.getAttributeStatements() != null) {
+
+ if(assertion.getAttributeStatements().size() != 0 &&
+ assertion.getAttributeStatements().size() != 1) {
+
+ throw new ValidationException("Incorrect number of AttributeStatements.");
+ }
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAttributeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAttributeValidator.java new file mode 100644 index 000000000..6e37725d1 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAttributeValidator.java @@ -0,0 +1,204 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern; + +import org.joda.time.format.DateTimeFormat; +import org.joda.time.format.DateTimeFormatter; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.validator.AttributeSchemaValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.util.AttributeMap; +import org.opensaml.xml.validation.ValidationException; + +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.saml.STORKAttribute; +
+public class StorkAttributeValidator extends AttributeSchemaValidator {
+
+ private static final String PATTERN_EIDENTIFIER = "^[A-Z]{2}/[A-Z]{2}/[A-Za-z0-9+/=\r\n]+$";
+ private static final String PATTERN_GENDER = "^[MF]{1}$";
+ private static final String PATTERN_COUNTRYCODEOFBIRTH = "^[A-Z]{2}|[A-Z]{4}$";
+ private static final String PATTERN_COUNTRYCODE = "^[A-Z]{2}$";
+ private static final String PATTERN_MARTIALSTATUS = "^[SMPDW]{1}$";
+ private static final String PATTERN_EMAIL = "^[-+.\\w]{1,64}@[-.\\w]{1,64}\\.[-.\\w]{2,6}$";
+ private static final String PATTERN_AGE = "^[0-9]{1,3}$";
+ private static final int MAX_AGE = 120;
+ private static final String PATTERN_ISAGEOVER = PATTERN_AGE;
+ private static final String PATTERN_CITIZENQAALEVEL = "^[1-4]{1}$";
+
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAttributeValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Attribute attr) throws ValidationException {
+
+ super.validate(attr);
+
+ if(attr.getName() == null) {
+
+ throw new ValidationException("Name is required.");
+ }
+
+ if(attr.getNameFormat() == null) {
+
+ throw new ValidationException("NameFormat is required.");
+ }
+
+
+ if(attr.getUnknownAttributes() != null) {
+
+ AttributeMap map = attr.getUnknownAttributes();
+
+ String value = map.get(STORKAttribute.DEFAULT_STORK_ATTRIBUTE_QNAME);
+
+ if (value == null || value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) {
+ //if AttributeStatus not present, default is "Available" thus AttributeValue must be present
+ if (attr.getAttributeValues().isEmpty()) {
+ //isAgeOver can have no value
+ if (!attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ throw new ValidationException("AttributeStatus indicates that attribute is available but no AttributeValue is present.");
+ }
+ }
+
+ //throw new ValidationException("AttributeStatus not present.");
+
+ } else if(!value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL) &&
+ !value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_NOT_AVAIL) &&
+ !value.equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_WITHHELD)) {
+
+ throw new ValidationException("AttributeStatus is invalid.");
+ }
+
+ }
+
+ if (!attr.getAttributeValues().isEmpty()) {
+ //validate individual attributes if present
+ XMLObject attrValueObject = attr.getAttributeValues().get(0);
+
+ if (!(attrValueObject instanceof XSString)) {
+ //Only validate String attributes
+ return;
+ }
+
+ String value = ((XSString) attr.getAttributeValues().get(0)).getValue();
+ String attrName = attr.getName();
+
+ //only isAgeOver can be empty if provided
+ if (value == null) {
+ //only isAgeOver can be empty if provided
+ if (attrName.equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ return;
+ } else {
+ throw new ValidationException("Provided AttributeValue is empty");
+ }
+ }
+
+ //validate eIdentifier
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, PATTERN_EIDENTIFIER);
+
+ //validate gender
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_GENDER, PATTERN_GENDER);
+
+ //validate dateOfBirth
+ if (attrName.equals(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH)) {
+ verifyDate(value);
+ }
+
+ //validate countryCode of birth
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_COUNTRYCODEOFBIRTH, PATTERN_COUNTRYCODEOFBIRTH);
+
+ //validate countryCode
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_NATIONALITYCODE, PATTERN_COUNTRYCODE);
+
+ //validate martialStatus
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_MARTIALSTATUS, PATTERN_MARTIALSTATUS);
+
+ //validate email
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_EMAIL, PATTERN_EMAIL);
+
+ //validate age and isAgeOver
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_AGE, PATTERN_AGE);
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_ISAGEOVER, PATTERN_ISAGEOVER);
+ if (attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_AGE) || attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ if (Integer.valueOf(((XSString) attr.getAttributeValues().get(0)).getValue()) > MAX_AGE) {
+ throw new ValidationException("Maximum age reached");
+ }
+ }
+
+ validateAttributeValueFormat(value, attrName, STORKConstants.STORK_ATTRIBUTE_CITIZENQAALEVEL, PATTERN_CITIZENQAALEVEL);
+ }
+
+ }
+
+ private void validateAttributeValueFormat(String value, String currentAttrName, String attrNameToTest, String pattern) throws ValidationException {
+ if (currentAttrName.equals(attrNameToTest)) {
+ if (!Pattern.matches(pattern, value)) {
+ throw new ValidationException(attrNameToTest + " has incorrect format.");
+ }
+ }
+
+ }
+
+ private static void verifyDate(String pepsDate) throws ValidationException {
+ DateTimeFormatter fmt = null;
+
+ switch (pepsDate.length()) {
+ case 4:
+ fmt = DateTimeFormat.forPattern("yyyy");
+ break;
+ case 6:
+ fmt = DateTimeFormat.forPattern("yyyyMM");
+ break;
+ case 8:
+ fmt = DateTimeFormat.forPattern("yyyyMMdd");
+ break;
+ default:
+ throw new ValidationException("Date has wrong format");
+ }
+
+ try {
+ fmt.parseDateTime(pepsDate);
+ } catch (IllegalArgumentException e) {
+ throw new ValidationException("Date has wrong format");
+ }
+
+
+ }
+
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAudienceRestrictionValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAudienceRestrictionValidator.java new file mode 100644 index 000000000..a561d4c33 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAudienceRestrictionValidator.java @@ -0,0 +1,56 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.validator.AudienceRestrictionSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkAudienceRestrictionValidator extends
+ AudienceRestrictionSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAudienceRestrictionValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(AudienceRestriction res) throws ValidationException {
+
+ super.validate(res);
+
+ if(res.getAudiences() == null || res.getAudiences().size() < 1) {
+
+ throw new ValidationException("Audience is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthenticationAttributesValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthenticationAttributesValidator.java new file mode 100644 index 000000000..1997da7b6 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthenticationAttributesValidator.java @@ -0,0 +1,57 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class StorkAuthenticationAttributesValidator implements Validator<AuthenticationAttributes> {
+
+
+ public StorkAuthenticationAttributesValidator() {
+
+ }
+
+ public void validate(AuthenticationAttributes authenticationAttributes) throws ValidationException {
+
+ //check AuthenticationAttributes for VIDPs
+ VIDPAuthenticationAttributes vidpAuthenticationAttributes = authenticationAttributes.getVIDPAuthenticationAttributes();
+
+ if(vidpAuthenticationAttributes == null) {
+
+ throw new ValidationException("VIDPAuthenticationAttributes is required for sending requests to VIDPs.");
+ }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnRequestValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnRequestValidator.java new file mode 100644 index 000000000..0e8722d55 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnRequestValidator.java @@ -0,0 +1,137 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.validator.AuthnRequestSchemaValidator;
+import org.opensaml.xml.util.XMLHelper;
+import org.opensaml.xml.validation.ValidationException;
+
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+
+public class StorkAuthnRequestValidator extends AuthnRequestSchemaValidator {
+
+ private static final String ALLOWED_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:unspecified";
+ private static final String ALLOWED_PROTOCOL_BINDING_1 = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
+ private static final String ALLOWED_PROTOCOL_BINDING_2 = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";
+
+ private static final int MAX_SIZE = 131072;
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAuthnRequestValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(AuthnRequest req) throws ValidationException {
+
+ if (XMLHelper.prettyPrintXML(req.getDOM()).getBytes().length > MAX_SIZE) {
+ throw new ValidationException("SAML AuthnRequest exceeds max size.");
+ }
+
+ super.validate(req);
+
+ STORKAuthnRequest request = (STORKAuthnRequest) req;
+
+ if (request.getID() == null) {
+
+ throw new ValidationException("ID is required.");
+ }
+
+ if (request.getVersion() == null) {
+
+ throw new ValidationException("Version is required.");
+ } else {
+
+ if (!request.getVersion().equals(SAMLVersion.VERSION_20)) {
+
+ throw new ValidationException("Version is invalid.");
+ }
+ }
+
+ if (request.getIssueInstant() == null) {
+
+ throw new ValidationException("IssueInstant is required.");
+ }
+
+ if (request.getConsent() != null) {
+
+ if (!request.getConsent().equals(ALLOWED_CONSENT)) {
+
+ throw new ValidationException("Consent is invalid.");
+ }
+ }
+
+ if (request.isForceAuthn() == null) {
+
+ throw new ValidationException("ForceAuthn is required.");
+ } else if (!request.isForceAuthn()) {
+
+ throw new ValidationException("ForceAuthn is invalid.");
+ }
+
+ if (request.isPassive() == null) {
+
+ throw new ValidationException("IsPassive is required.");
+ } else if (request.isPassive()) {
+
+ throw new ValidationException("IsPassive is invalid.");
+ }
+
+ if (request.getProtocolBinding() == null) {
+
+ throw new ValidationException("ProtocolBinding is required.");
+ } else {
+ if (!request.getProtocolBinding()
+ .equals(ALLOWED_PROTOCOL_BINDING_1)
+ && !request.getProtocolBinding().equals(
+ ALLOWED_PROTOCOL_BINDING_2)) {
+
+ throw new ValidationException("ProtocolBinding is invalid.");
+ }
+
+ }
+
+ if(request.getAssertionConsumerServiceURL() == null) {
+
+ throw new ValidationException("AssertionConsumerServiceURL is required.");
+ }
+
+ if(request.getProviderName() == null) {
+
+ throw new ValidationException("ProviderName is required.");
+ }
+
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnStatementValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnStatementValidator.java new file mode 100644 index 000000000..b25b5621f --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkAuthnStatementValidator.java @@ -0,0 +1,62 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.validator.AuthnStatementSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkAuthnStatementValidator extends
+ AuthnStatementSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkAuthnStatementValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(AuthnStatement stmnt) throws ValidationException {
+
+ super.validate(stmnt);
+
+ if(stmnt.getAuthnInstant() == null) {
+
+ throw new ValidationException("AuthnInstant is required.");
+ }
+
+ if(stmnt.getSubjectLocality() == null) {
+
+ throw new ValidationException("SubjectLocality is required.");
+ }
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkCitizenCountryCodeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkCitizenCountryCodeValidator.java new file mode 100644 index 000000000..15f8e2dd1 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkCitizenCountryCodeValidator.java @@ -0,0 +1,63 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.CitizenCountryCode;
+
+public class StorkCitizenCountryCodeValidator implements
+ Validator<CitizenCountryCode> {
+
+ public static final String REGEX_PATTERN = "^[A-Za-z]{2}$";
+
+ public StorkCitizenCountryCodeValidator() {
+
+ }
+
+ public void validate(CitizenCountryCode ccc) throws ValidationException {
+
+ if(ccc == null) {
+
+ throw new ValidationException("CitizenCountryCode is required.");
+ }
+
+ if (ccc.getValue() == null) {
+ throw new ValidationException("CitizenCountryCode has no value");
+ }
+
+
+ if (!Pattern.matches(REGEX_PATTERN, ccc.getValue())) {
+ throw new ValidationException("CitizenCountryCode not valid: " + ccc.getValue());
+ }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkConditionsValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkConditionsValidator.java new file mode 100644 index 000000000..81b7957fd --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkConditionsValidator.java @@ -0,0 +1,70 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.validator.ConditionsSpecValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkConditionsValidator extends ConditionsSpecValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkConditionsValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Conditions conditions) throws ValidationException {
+
+ super.validate(conditions);
+
+ if(conditions.getNotBefore() == null) {
+
+ throw new ValidationException("NotBefore is required.");
+ }
+
+ if(conditions.getNotOnOrAfter() == null) {
+
+ throw new ValidationException("NotOnOrAfter is required.");
+ }
+
+ if(conditions.getAudienceRestrictions() == null || conditions.getAudienceRestrictions().size() < 1) {
+
+ throw new ValidationException("AudienceRestriction is required.");
+ }
+
+ if(conditions.getOneTimeUse() == null) {
+
+ throw new ValidationException("OneTimeUse is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEIDSectorShareValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEIDSectorShareValidator.java new file mode 100644 index 000000000..96555e660 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEIDSectorShareValidator.java @@ -0,0 +1,51 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/**
+ *
+ */
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.EIDSectorShare;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class StorkEIDSectorShareValidator implements Validator<EIDSectorShare> {
+
+ public StorkEIDSectorShareValidator() {
+
+ }
+
+ public void validate(EIDSectorShare eidSectorShare) throws ValidationException {
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedAttributeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedAttributeValidator.java new file mode 100644 index 000000000..48464b6ec --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedAttributeValidator.java @@ -0,0 +1,50 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.EncryptedAttribute;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkEncryptedAttributeValidator implements
+ Validator<EncryptedAttribute> {
+
+ public StorkEncryptedAttributeValidator() {
+
+ }
+
+ public void validate(EncryptedAttribute encAttr) throws ValidationException {
+
+ if(encAttr.getEncryptedData() == null) {
+
+ throw new ValidationException("EncryptedData is required.");
+ }
+
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedIdValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedIdValidator.java new file mode 100644 index 000000000..79450b1dc --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkEncryptedIdValidator.java @@ -0,0 +1,51 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.EncryptedID;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkEncryptedIdValidator implements Validator<EncryptedID> {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkEncryptedIdValidator() {
+
+ }
+
+ public void validate(EncryptedID encId) throws ValidationException {
+
+ if(encId.getEncryptedData() == null) {
+
+ throw new ValidationException("EncryptedData is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkExtensionsValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkExtensionsValidator.java new file mode 100644 index 000000000..21b247071 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkExtensionsValidator.java @@ -0,0 +1,66 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.List;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.saml.STORKExtensions;
+import eu.stork.vidp.messages.stork.AuthenticationAttributes;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class StorkExtensionsValidator implements Validator<STORKExtensions> {
+
+
+ public StorkExtensionsValidator() {
+
+ }
+
+ public void validate(STORKExtensions ext) throws ValidationException {
+
+ // check QAALevel
+ List<XMLObject> qaaList = ext.getUnknownXMLObjects(QualityAuthenticationAssuranceLevel.DEFAULT_ELEMENT_NAME);
+
+ if(qaaList == null || qaaList.size() != 1) {
+
+ throw new ValidationException("QAALevel is required.");
+ }
+
+ //check AuthenticationAttributes for VIDPs
+// AuthenticationAttributes authenticationAttributes = ext.getAuthenticationAttributes();
+//
+// if(authenticationAttributes == null) {
+//
+// throw new ValidationException("AuthenticationAttributes is required for sending requests to VIDPs.");
+// }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkIssuerValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkIssuerValidator.java new file mode 100644 index 000000000..df32ee6ad --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkIssuerValidator.java @@ -0,0 +1,61 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.validator.IssuerSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkIssuerValidator extends IssuerSchemaValidator {
+
+ private static final String FORMAT_ALLOWED_VALUE = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity";
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkIssuerValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Issuer issuer) throws ValidationException {
+
+ super.validate(issuer);
+
+ // format is optional
+ if(issuer.getFormat() != null) {
+
+ if(!issuer.getFormat().equals(FORMAT_ALLOWED_VALUE)) {
+
+ throw new ValidationException("Format has an invalid value.");
+ }
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIDValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIDValidator.java new file mode 100644 index 000000000..85fbeff17 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIDValidator.java @@ -0,0 +1,67 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.validator.NameIDSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkNameIDValidator extends NameIDSchemaValidator {
+
+ private static final String FORMAT_ALLOWED_VALUE = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
+ private static final String FORMAT_ALLOWED_VALUE_OLD = "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified";
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkNameIDValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(NameID nameID) throws ValidationException {
+
+ super.validate(nameID);
+
+ if (nameID.getNameQualifier() == null) {
+
+ throw new ValidationException("NameQualifier is required.");
+ }
+
+ if (nameID.getFormat() == null) {
+
+ throw new ValidationException("Format is required.");
+
+ } else if(!(nameID.getFormat().equals(FORMAT_ALLOWED_VALUE) || nameID.getFormat().equals(FORMAT_ALLOWED_VALUE_OLD))) {
+
+ throw new ValidationException("Format is invalid.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIdPolicyValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIdPolicyValidator.java new file mode 100644 index 000000000..7d98b5e60 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkNameIdPolicyValidator.java @@ -0,0 +1,52 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkNameIdPolicyValidator implements Validator<NameIDPolicy> {
+
+ public StorkNameIdPolicyValidator() {
+
+ }
+
+ public void validate(NameIDPolicy nameIDPolicy) throws ValidationException {
+
+
+ if(nameIDPolicy.getAllowCreate() != null) {
+
+ if(!nameIDPolicy.getAllowCreate()) {
+
+ throw new ValidationException("AllowCreate is invalid.");
+ }
+ }
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkQualityAuthenticationAssuranceLevelValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkQualityAuthenticationAssuranceLevelValidator.java new file mode 100644 index 000000000..5c23fe04b --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkQualityAuthenticationAssuranceLevelValidator.java @@ -0,0 +1,54 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+
+public class StorkQualityAuthenticationAssuranceLevelValidator implements
+ Validator<QualityAuthenticationAssuranceLevel> {
+
+
+ private static final int MIN_VAL = 1;
+ private static final int MAX_VAL = 4;
+
+ public StorkQualityAuthenticationAssuranceLevelValidator() {
+
+ }
+
+ public void validate(QualityAuthenticationAssuranceLevel qaaLevel)
+ throws ValidationException {
+
+ if(qaaLevel.getValue() < MIN_VAL || qaaLevel.getValue() > MAX_VAL) {
+
+ throw new ValidationException("QAALevel is invalid.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributeValidator.java new file mode 100644 index 000000000..b9b26a38a --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributeValidator.java @@ -0,0 +1,92 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern; + +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.validator.RequestedAttributeSchemaValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSAny; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.validation.ValidationException; + +import eu.stork.vidp.messages.common.STORKConstants; +
+public class StorkRequestedAttributeValidator extends
+ RequestedAttributeSchemaValidator {
+
+ private static final String PATTERN_ISAGEOVER = "^[0-9]{1,3}$";
+
+ public StorkRequestedAttributeValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(RequestedAttribute attr) throws ValidationException {
+
+ super.validate(attr);
+
+ if (attr.getName() == null) {
+
+ throw new ValidationException("Name is required.");
+ }
+
+ if (attr.getNameFormat() == null) {
+
+ throw new ValidationException("NameFormat is required.");
+ }
+
+ if (!STORKConstants.FULL_STORK_ATTRIBUTE_SET.contains(attr.getName()) && attr.isRequired()) {
+ throw new ValidationException("Unknown attribute " + attr.getName() + " requested mandatory.");
+ }
+
+ if (attr.getName().equals(STORKConstants.STORK_ATTRIBUTE_ISAGEOVER)) {
+ if (attr.getAttributeValues().isEmpty()) {
+ throw new ValidationException("isAgeOver requires attribute value");
+ }
+
+ XMLObject attrValueObject = attr.getAttributeValues().get(0);
+
+ if (attrValueObject instanceof XSString) {
+ if (!Pattern.matches(PATTERN_ISAGEOVER, ((XSString) attr.getAttributeValues().get(0)).getValue())) {
+ throw new ValidationException("Value for isAgeOver has incorrect format.");
+ }
+ } else if (attrValueObject instanceof XSAny) {
+ if (!Pattern.matches(PATTERN_ISAGEOVER, ((XSAny) attrValueObject).getTextContent())) {
+ throw new ValidationException("Value for isAgeOver has incorrect format.");
+ }
+
+ } else {
+ throw new ValidationException("Value for isAgeOver has incorrect format.");
+ }
+
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributesValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributesValidator.java new file mode 100644 index 000000000..0324079f3 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkRequestedAttributesValidator.java @@ -0,0 +1,45 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+public class StorkRequestedAttributesValidator implements
+ Validator<RequestedAttributes> {
+
+ public StorkRequestedAttributesValidator() {
+
+ }
+
+ public void validate(RequestedAttributes attrs) throws ValidationException {
+
+ // empty so far
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkResponseValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkResponseValidator.java new file mode 100644 index 000000000..8028173fa --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkResponseValidator.java @@ -0,0 +1,137 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml1.core.StatusCode;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.validator.ResponseSchemaValidator;
+import org.opensaml.xml.util.XMLHelper;
+import org.opensaml.xml.validation.ValidationException;
+
+import eu.stork.mw.messages.saml.STORKResponse;
+
+public class StorkResponseValidator extends ResponseSchemaValidator {
+
+ private static final String CONSENT_ALLOWED_VALUE_1 = "urn:oasis:names:tc:SAML:2.0:consent:obtained";
+ private static final String CONSENT_ALLOWED_VALUE_2 = "urn:oasis:names:tc:SAML:2.0:consent:prior";
+ private static final String CONSENT_ALLOWED_VALUE_3 = "urn:oasis:names:tc:SAML:2.0:consent:curent-implicit";
+ private static final String CONSENT_ALLOWED_VALUE_4 = "urn:oasis:names:tc:SAML:2.0:consent:curent-explicit";
+ private static final String CONSENT_ALLOWED_VALUE_5 = "urn:oasis:names:tc:SAML:2.0:consent:unspecified";
+
+ private static final int MAX_SIZE = 131072;
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkResponseValidator() {
+
+ super();
+ }
+
+ /** {@inheritDoc} */
+ public void validate(Response response) throws ValidationException {
+
+ if (XMLHelper.prettyPrintXML(response.getDOM()).getBytes().length > MAX_SIZE) {
+ throw new ValidationException("SAML Response exceeds max size.");
+ }
+
+ super.validate(response);
+
+ STORKResponse resp = (STORKResponse) response;
+
+ if (resp.getID() == null) {
+
+ throw new ValidationException("ID is required");
+ }
+
+ if (resp.getInResponseTo() == null) {
+
+ throw new ValidationException("InResponseTo is required");
+ }
+
+ if (resp.getVersion() == null) {
+
+ throw new ValidationException("Version is required.");
+ } else if(!resp.getVersion().equals(SAMLVersion.VERSION_20)) {
+
+ throw new ValidationException("Version is invalid.");
+ }
+
+ if (resp.getIssueInstant() == null) {
+
+ throw new ValidationException("IssueInstant is required");
+ }
+
+ if (resp.getDestination() == null) {
+
+ throw new ValidationException("Destination is required");
+ }
+
+ // Consent is optional
+ if (resp.getConsent() != null) {
+
+ String consent = resp.getConsent();
+
+ if (!consent.equals(CONSENT_ALLOWED_VALUE_1)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_2)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_3)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_4)
+ && !consent.equals(CONSENT_ALLOWED_VALUE_5)) {
+
+ throw new ValidationException("Consent is invalid.");
+ }
+ }
+
+
+ if (resp.getIssuer() == null) {
+
+ throw new ValidationException("Issuer is required.");
+ }
+
+ if (resp.getStatus() == null) {
+
+ throw new ValidationException("Status is required.");
+ }
+
+
+ if(resp.getSignature() == null) {
+
+ throw new ValidationException("Signature is required.");
+ }
+
+
+ if (resp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) {
+ if (resp.getAssertions() == null || resp.getAssertions().size() == 0) {
+
+ throw new ValidationException("Assertion is required");
+ }
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPIDValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPIDValidator.java new file mode 100644 index 000000000..a42d7a453 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPIDValidator.java @@ -0,0 +1,64 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SPID;
+
+public class StorkSPIDValidator implements Validator<SPID> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 40;
+
+ public StorkSPIDValidator() {
+
+ }
+
+ public void validate(SPID spid) throws ValidationException {
+
+
+ if(spid == null) {
+
+ throw new ValidationException("SPID value is required.");
+ }
+
+ if(spid != null) {
+
+ if (spid.getValue() == null) {
+ throw new ValidationException("SPID has no value");
+ }
+
+ if (spid.getValue().length() <= MIN_SIZE || spid.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("SPID has wrong size: " + spid.getValue().length());
+ }
+ }
+
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPInformationValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPInformationValidator.java new file mode 100644 index 000000000..9c54fd620 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSPInformationValidator.java @@ -0,0 +1,49 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SPInformation;
+
+public class StorkSPInformationValidator implements Validator<SPInformation> {
+
+ public StorkSPInformationValidator() {
+
+ }
+
+ public void validate(SPInformation spi) throws ValidationException {
+
+ if(spi.getSPID() == null) {
+
+ throw new ValidationException("SPID is required.");
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpApplicationValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpApplicationValidator.java new file mode 100644 index 000000000..08551e03e --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpApplicationValidator.java @@ -0,0 +1,63 @@ +/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpApplication;
+
+public class StorkSpApplicationValidator implements
+ Validator<SpApplication> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 100;
+ //public static final String REGEX_PATTERN = "^[a-zA-Z0-9]{1,30}$";
+
+ public StorkSpApplicationValidator() {
+
+ }
+
+ public void validate(SpApplication spApplication) throws ValidationException {
+
+ if(spApplication != null) {
+
+ if (spApplication.getValue() == null) {
+ throw new ValidationException("spApplication has no value");
+ }
+
+// if (!Pattern.matches(REGEX_PATTERN, spApplication.getValue())) {
+// throw new ValidationException("spApplication has wrong format: " + spApplication.getValue());
+// }
+
+ if (spApplication.getValue().length() < MIN_SIZE || spApplication.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("spApplication has wrong size: " + spApplication.getValue().length());
+ }
+
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpCountryValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpCountryValidator.java new file mode 100644 index 000000000..e6ae0f1b7 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpCountryValidator.java @@ -0,0 +1,58 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpCountry;
+
+public class StorkSpCountryValidator implements
+ Validator<SpCountry> {
+
+ public static final String REGEX_PATTERN = "^[A-Z]{2}$";
+
+ public StorkSpCountryValidator() {
+
+ }
+
+ public void validate(SpCountry spCountry) throws ValidationException {
+
+ if(spCountry != null) {
+
+ if (spCountry.getValue() == null) {
+ throw new ValidationException("spCountry has no value");
+ }
+
+ if (!Pattern.matches(REGEX_PATTERN, spCountry.getValue())) {
+ throw new ValidationException("spCountry not valid: " + spCountry.getValue());
+ }
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpInstitutionValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpInstitutionValidator.java new file mode 100644 index 000000000..9d50d9122 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpInstitutionValidator.java @@ -0,0 +1,62 @@ +/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpInstitution;
+
+public class StorkSpInstitutionValidator implements
+ Validator<SpInstitution> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 50;
+ //public static final String REGEX_PATTERN = "^[a-zA-Z0-9]{1,50}$";
+
+ public StorkSpInstitutionValidator() {
+
+ }
+
+ public void validate(SpInstitution spInstitution) throws ValidationException {
+
+ if(spInstitution != null) {
+
+ if (spInstitution.getValue() == null) {
+ throw new ValidationException("spInstitution has no value");
+ }
+
+// if (!Pattern.matches(REGEX_PATTERN, spApplication.getValue())) {
+// throw new ValidationException("spApplication has wrong format: " + spApplication.getValue());
+// }
+
+ if (spInstitution.getValue().length() < MIN_SIZE || spInstitution.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("spInstitution has wrong size: " + spInstitution.getValue().length());
+ }
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpSectorValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpSectorValidator.java new file mode 100644 index 000000000..2cfaa7a4c --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSpSectorValidator.java @@ -0,0 +1,65 @@ +/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package eu.stork.vidp.messages.validation;
+
+import java.util.regex.Pattern;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.SpSector;
+
+public class StorkSpSectorValidator implements
+ Validator<SpSector> {
+
+ public static final int MIN_SIZE = 1;
+ public static final int MAX_SIZE = 20;
+ //public static final String REGEX_PATTERN = "^[a-zA-Z0-9]{1,30}$";
+
+ public StorkSpSectorValidator() {
+
+ }
+
+ public void validate(SpSector spSector) throws ValidationException {
+
+ if(spSector != null) {
+
+ if (spSector.getValue() == null) {
+ throw new ValidationException("spSector has no value");
+ }
+
+// if (!Pattern.matches(REGEX_PATTERN, spSector.getValue())) {
+// throw new ValidationException("spSector has wrong format: " + spSector.getValue());
+// }
+
+ if (spSector.getValue().length() < MIN_SIZE || spSector.getValue().length() > MAX_SIZE) {
+ throw new ValidationException("spApplication has wrong size: " + spSector.getValue().length());
+ }
+
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusCodeValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusCodeValidator.java new file mode 100644 index 000000000..3ee214c46 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusCodeValidator.java @@ -0,0 +1,139 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.validator.StatusCodeSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkStatusCodeValidator extends StatusCodeSchemaValidator {
+
+ // supported values according to SAML v2.0 specification
+ private static String[] ALLOWED_FIRST_LEVEL_STATUS_CODE_VALUES = new String[] {
+ "urn:oasis:names:tc:SAML:2.0:status:Success",
+ "urn:oasis:names:tc:SAML:2.0:status:Requester",
+ "urn:oasis:names:tc:SAML:2.0:status:Responder",
+ "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"};
+
+ private static String[] ALLOWED_SECOND_LEVEL_STATUS_CODE_VALUES = new String[] {
+ "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed",
+ "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue",
+ "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy",
+ "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext",
+ "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP",
+ "urn:oasis:names:tc:SAML:2.0:status:NoPassive",
+ "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP",
+ "urn:oasis:names:tc:SAML:2.0:status:PartialLogout",
+ "urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestDenied",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh",
+ "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow",
+ "urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized",
+ "urn:oasis:names:tc:SAML:2.0:status:TooManyResponses",
+ "urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile",
+ "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal",
+ "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding",
+ "http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported"
+ };
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkStatusCodeValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(StatusCode statusCode) throws ValidationException {
+
+ super.validate(statusCode);
+
+
+ if(statusCode.getValue() == null) {
+
+ throw new ValidationException("StatusCode is required");
+ }
+
+ boolean valid = false;
+
+ if (statusCode.getParent() instanceof Status) {
+ //first level Status Codes
+
+ String value = statusCode.getValue();
+
+
+
+
+ for(String allowedVal : ALLOWED_FIRST_LEVEL_STATUS_CODE_VALUES) {
+
+ if(value.equals(allowedVal)) {
+
+ valid = true;
+ break;
+ }
+ }
+
+ if(!valid) {
+
+ throw new ValidationException("First Level StatusCode has an invalid value.");
+ }
+ } else {
+ //parent is status code
+ //second level Status Codes
+
+ if(statusCode != null) {
+
+ valid = false;
+
+ String subVal = statusCode.getValue();
+
+ for(String allowedVal : ALLOWED_SECOND_LEVEL_STATUS_CODE_VALUES) {
+
+ if(subVal.equals(allowedVal)) {
+
+ valid = true;
+ break;
+ }
+ }
+
+ if(!valid) {
+
+ throw new ValidationException("Second Level StatusCode has an invalid value.");
+ }
+
+ }
+
+ }
+ }
+
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusValidator.java new file mode 100644 index 000000000..36d7ffab5 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkStatusValidator.java @@ -0,0 +1,55 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.validator.StatusSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkStatusValidator extends StatusSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkStatusValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Status status) throws ValidationException {
+
+ super.validate(status);
+
+ if(status.getStatusCode() == null) {
+
+ throw new ValidationException("StatusCode is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectConfirmationValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectConfirmationValidator.java new file mode 100644 index 000000000..0f1fad295 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectConfirmationValidator.java @@ -0,0 +1,128 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import java.util.List; + +import javax.xml.namespace.QName; + +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.core.validator.SubjectConfirmationSchemaValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.signature.X509Data; +import org.opensaml.xml.validation.ValidationException; +
+public class StorkSubjectConfirmationValidator extends
+ SubjectConfirmationSchemaValidator {
+
+ private static final String ALLOWED_METHOD_1 = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
+ private static final String ALLOWED_METHOD_2 = "oasis:names:tc:SAML:2.0:cm:holder-of-key";
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkSubjectConfirmationValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(SubjectConfirmation subjectConfirmation)
+ throws ValidationException {
+
+ super.validate(subjectConfirmation);
+
+ String method = subjectConfirmation.getMethod();
+
+ if (!(method.equals(ALLOWED_METHOD_1) || method.equals(ALLOWED_METHOD_2))) {
+ throw new ValidationException("Method is invalid.");
+ }
+
+ if (subjectConfirmation.getSubjectConfirmationData() == null) {
+ throw new ValidationException("SubjectConfirmationData required.");
+
+ }
+
+ SubjectConfirmationData confData = subjectConfirmation.getSubjectConfirmationData(); +
+
+ if (method.equals(ALLOWED_METHOD_1)) {
+ if (confData.getNotBefore() != null) {
+ throw new ValidationException("NotBefore in SubjectConfirmationData not allowed if confirmation method is \"bearer\".");
+ }
+
+ }
+
+ if (confData.getNotOnOrAfter() == null) {
+
+ throw new ValidationException("NotOnOrAfter is required.");
+ }
+
+ if (confData.getRecipient() == null) {
+
+ throw new ValidationException("Recipient is required.");
+ }
+
+ if (confData.getInResponseTo() == null) {
+
+ throw new ValidationException("InResponseTo is required.");
+ }
+
+ if(method.equals(ALLOWED_METHOD_2)) {
+
+ List<XMLObject> childrenKeyInfo = confData.getUnknownXMLObjects(new QName("KeyInfo"));
+
+ if(childrenKeyInfo.size() < 1) {
+
+ throw new ValidationException("KeyInfo is required.");
+ }
+
+ List<XMLObject> childrenKeyData = confData.getUnknownXMLObjects(new QName("X509Data"));
+
+ if(childrenKeyData.size() != 1) {
+
+ throw new ValidationException("Invalid number of X509Data elements.");
+ } else {
+
+ X509Data data = (X509Data)childrenKeyData.get(0);
+
+ if(data.getX509Certificates() == null || data.getX509Certificates().size() < 1 ) {
+
+ throw new ValidationException("X509Certificate is required.");
+ }
+
+ }
+
+ }
+
+
+
+ }
+
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectLocalityValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectLocalityValidator.java new file mode 100644 index 000000000..33c7b4478 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectLocalityValidator.java @@ -0,0 +1,47 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.SubjectLocality;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+public class StorkSubjectLocalityValidator implements
+ Validator<SubjectLocality> {
+
+ public StorkSubjectLocalityValidator() {
+
+ }
+
+ public void validate(SubjectLocality sloc) throws ValidationException {
+
+ if (sloc.getAddress() == null) {
+
+ throw new ValidationException("Address is required.");
+ }
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectValidator.java new file mode 100644 index 000000000..077b6294a --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkSubjectValidator.java @@ -0,0 +1,60 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.validator.SubjectSchemaValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class StorkSubjectValidator extends SubjectSchemaValidator {
+
+ /**
+ * Constructor
+ *
+ */
+ public StorkSubjectValidator() {
+
+ super();
+ }
+
+ @Override
+ public void validate(Subject subject) throws ValidationException {
+
+ super.validate(subject);
+
+ if(subject.getNameID() == null && subject.getEncryptedID() == null) {
+
+ throw new ValidationException("Neither NameID nor EncryptedID is provided.");
+ }
+
+ if(subject.getSubjectConfirmations() == null || subject.getSubjectConfirmations().size() < 1) {
+
+ throw new ValidationException("SubjectConfirmation is required.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkVIDPAuthenticationAttributesValidator.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkVIDPAuthenticationAttributesValidator.java new file mode 100644 index 000000000..88ff7bed4 --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/validation/StorkVIDPAuthenticationAttributesValidator.java @@ -0,0 +1,57 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.validation;
+
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes;
+
+public class StorkVIDPAuthenticationAttributesValidator implements
+ Validator<VIDPAuthenticationAttributes> {
+
+ public StorkVIDPAuthenticationAttributesValidator() {
+
+ }
+
+ public void validate(VIDPAuthenticationAttributes attr)
+ throws ValidationException {
+
+
+ if(attr.getCitizenCountryCode() == null) {
+
+ throw new ValidationException("CitizenCountryCode is required.");
+ }
+
+
+ if(attr.getSPInformation() == null) {
+
+ throw new ValidationException("SPInformation is required.");
+ }
+
+ }
+
+}
|