aboutsummaryrefslogtreecommitdiff
path: root/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn')
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/all-wcprops35
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/entries201
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/SAMLEngine.java.svn-base409
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/SAMLEngineUtils.java.svn-base833
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/STORKSAMLEngine.java.svn-base2983
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/X509PrincipalUtil.java.svn-base69
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/package-info.java.svn-base19
7 files changed, 0 insertions, 4549 deletions
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/all-wcprops b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/all-wcprops
deleted file mode 100644
index a5df7ea64..000000000
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/all-wcprops
+++ /dev/null
@@ -1,35 +0,0 @@
-K 25
-svn:wc:ra_dav:version-url
-V 87
-/CITnet/svn/STORK2/!svn/ver/56/trunk/SamlEngine/src/main/java/eu/stork/peps/auth/engine
-END
-SAMLEngine.java
-K 25
-svn:wc:ra_dav:version-url
-V 103
-/CITnet/svn/STORK2/!svn/ver/56/trunk/SamlEngine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
-END
-SAMLEngineUtils.java
-K 25
-svn:wc:ra_dav:version-url
-V 108
-/CITnet/svn/STORK2/!svn/ver/56/trunk/SamlEngine/src/main/java/eu/stork/peps/auth/engine/SAMLEngineUtils.java
-END
-package-info.java
-K 25
-svn:wc:ra_dav:version-url
-V 105
-/CITnet/svn/STORK2/!svn/ver/22/trunk/SamlEngine/src/main/java/eu/stork/peps/auth/engine/package-info.java
-END
-STORKSAMLEngine.java
-K 25
-svn:wc:ra_dav:version-url
-V 108
-/CITnet/svn/STORK2/!svn/ver/56/trunk/SamlEngine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
-END
-X509PrincipalUtil.java
-K 25
-svn:wc:ra_dav:version-url
-V 110
-/CITnet/svn/STORK2/!svn/ver/56/trunk/SamlEngine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java
-END
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/entries b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/entries
deleted file mode 100644
index ee72945c7..000000000
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/entries
+++ /dev/null
@@ -1,201 +0,0 @@
-10
-
-dir
-357
-https://webgate.ec.europa.eu/CITnet/svn/STORK2/trunk/SamlEngine/src/main/java/eu/stork/peps/auth/engine
-https://webgate.ec.europa.eu/CITnet/svn/STORK2
-
-
-
-2013-10-24T15:44:04.704923Z
-56
-emgrtargr
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-aa842e49-f825-43fc-93ba-11ee9fd5a035
-
-SAMLEngine.java
-file
-
-
-
-
-2013-12-20T12:27:57.446475Z
-06e800364af96f515b5e2b2e6da3c423
-2013-10-24T15:44:04.704923Z
-56
-emgrtargr
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-13855
-
-SAMLEngineUtils.java
-file
-
-
-
-
-2013-12-20T12:27:57.446475Z
-de13d8f36c3a8d7c25ed55f94f43a663
-2013-10-24T15:44:04.704923Z
-56
-emgrtargr
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-28573
-
-package-info.java
-file
-
-
-
-
-2013-12-20T12:27:57.446475Z
-db9d14c008d5504a156cfa955db13657
-2013-07-25T08:47:40.940990Z
-6
-emsomavmi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-796
-
-STORKSAMLEngine.java
-file
-
-
-
-
-2013-12-20T12:27:57.446475Z
-4899e34f046f8a1ba1292c1e0c2f972f
-2013-10-24T15:44:04.704923Z
-56
-emgrtargr
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-106833
-
-X509PrincipalUtil.java
-file
-
-
-
-
-2013-12-20T12:27:57.446475Z
-5b1c22a27ba0a0bfd4c0bd4ef1890205
-2013-10-24T15:44:04.704923Z
-56
-emgrtargr
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-2296
-
-core
-dir
-
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/SAMLEngine.java.svn-base b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/SAMLEngine.java.svn-base
deleted file mode 100644
index f8f50fc74..000000000
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/SAMLEngine.java.svn-base
+++ /dev/null
@@ -1,409 +0,0 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine;
-
-import java.io.ByteArrayInputStream;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.xml.ConfigurationException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallerFactory;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.parse.XMLParserException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.auth.engine.core.STORKSAMLCore;
-import eu.stork.peps.auth.engine.core.impl.SignModuleFactory;
-import eu.stork.peps.configuration.ConfigurationCreator;
-import eu.stork.peps.configuration.ConfigurationReader;
-import eu.stork.peps.configuration.InstanceEngine;
-import eu.stork.peps.exceptions.SAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
-
-/**
- * Class that wraps the operations over SAML tokens, both generation and
- * validation of SAML requests and SAML responses. Compliant with "OASIS Secure
- * Assertion Markup Language (SAML) 2.0, May 2005", but taking into account
- * STORK specific requirements.
- *
- * @author fjquevedo
- * @author iinigo
- */
-
-public class SAMLEngine {
-
- /** The Document Builder Factory. */
- private static javax.xml.parsers.DocumentBuilderFactory dbf = null;
-
- /** The instance of every engine SAML. */
- private static Map<String, InstanceEngine> instanceConfigs;
-
- /** The instances of SAML engine. */
- private static Map<String, Map<String, Object>> instances;
-
- /** The logger. */
- private static final Logger LOG = LoggerFactory.getLogger(SAMLEngine.class
- .getName());
-
- /** The Constant MODULE_SIGN_CONF. */
- private static final String MODULE_SIGN_CONF = "SignatureConf";
-
- /** The Constant SAML_ENGINE_SIGN_CLASS. */
- private static final String SAML_ENGINE_SIGN_CLASS = "class";
-
- /** The Constant SAML_ENGINE_CONF. */
- private static final String SAML_ENGINE_CONF = "SamlEngineConf";
-
- /** The Constant SAML_ENGINE_FILE_CONF. */
- private static final String SAML_ENGINE_FILE_CONF = "fileConfiguration";
-
- /** The codification of characters. */
- private static final String CHARACTER_ENCODING = "UTF-8";
-
- /** The SAML core. */
- private STORKSAMLCore samlCore;
-
- /** The Module of Signature. */
- private SAMLEngineSignI signer;
-
-
- /** Initializes the SAML engine. */
- /** Configure Document Builder Factory. */
-
- static {
- startUp();
- loadDocumentFactory();
- }
-
- /**
- * Load document factory.
- */
- private static void loadDocumentFactory() {
-
- try {
- dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance();
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
- dbf.setNamespaceAware(true);
- dbf.setIgnoringComments(true);
- } catch (ParserConfigurationException e) {
- LOG.error("Error parser configuration.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
-
- }
-
- /**
- * Method that initializes the basic services for the SAML Engine, like the
- * OpenSAML library and the BouncyCastle provider.
- */
- private static void startUp() {
-
- LOG.info("SAMLEngine: Initialize OpenSAML");
-
- try {
- DefaultBootstrap.bootstrap();
- } catch (ConfigurationException e) {
- LOG.error("Problem initializing the OpenSAML library.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
-
- LOG.debug("Read all file configurations. (instances of SAMLEngine)");
- try {
- instanceConfigs = ConfigurationReader.readConfiguration();
- } catch (SAMLEngineException e) {
- LOG.error("Error read configuration file.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
-
- LOG.debug("Create all instaces of saml engine. (instances of SAMLEngine)");
- try {
- instances = ConfigurationCreator
- .createConfiguration(instanceConfigs);
- } catch (STORKSAMLEngineException e) {
- LOG.error("Error initializing instances from Stork SAML engine.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
- }
-
- /**
- * Instantiates a new SAML engine.
- */
- private SAMLEngine() {
-
- }
-
- /**
- * Instantiates a new SAML engine.
- *
- * @param nameInstance the name instance
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- protected SAMLEngine(final String nameInstance)
- throws STORKSAMLEngineException {
- LOG.info("Loading Specific Configuration.");
-
- LOG.debug("Create intance of saml messages.");
-
- Map<String, Object> instance = instances.get(nameInstance);
-
- if (instance == null || instance.isEmpty()) {
- LOG.error("Instance: " + nameInstance + " not exist.");
- throw new STORKSAMLEngineException("Instance: " + nameInstance
- + " not exist.");
- }
-
- Properties properties = (Properties) instance.get(SAML_ENGINE_CONF);
-
- if (properties == null) {
- LOG.error("SamlEngine.xml: not exist.");
- throw new STORKSAMLEngineException("SamlEngine.xml: not exist.");
- }
-
- samlCore = new STORKSAMLCore(properties);
-
- final HashMap<String, String> propertiesSign = (HashMap<String, String>) instance
- .get(MODULE_SIGN_CONF);
-
- LOG.debug("Loading Module of sign.");
- signer = SignModuleFactory.getInstance(propertiesSign
- .get(SAML_ENGINE_SIGN_CLASS));
-
- try {
- LOG.info("Initialize module of sign.");
- signer.init(propertiesSign.get(SAML_ENGINE_FILE_CONF));
- LOG.info("Load cryptographic service provider of module of sign.");
- signer.loadCryptServiceProvider();
- } catch (SAMLEngineException e) {
- LOG.error("Error create signature module: "
- + propertiesSign.get(SAML_ENGINE_FILE_CONF));
- LOG.info("Exception" + e);
- throw new STORKSAMLEngineException(e);
- }
- }
-
- /**
- * Gets the Signer properties.
- *
- * @return the SAML Sign properties
- */
- protected SAMLEngineSignI getSigner() {
- return signer;
- }
-
- /**
- * Gets the SAML core properties.
- *
- * @return the SAML core properties
- */
- protected final STORKSAMLCore getSamlCoreProperties() {
- return samlCore;
- }
-
- /**
- * Method that transform the received SAML object into a byte array
- * representation.
- *
- * @param samlToken the SAML token.
- *
- * @return the byte[] of the SAML token.
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- private byte[] marshall(final XMLObject samlToken)
- throws SAMLEngineException {
-
- try {
- javax.xml.parsers.DocumentBuilder docBuilder = null;
-
- final MarshallerFactory marshallerFactory = Configuration
- .getMarshallerFactory();
-
- final Marshaller marshaller = marshallerFactory
- .getMarshaller(samlToken);
-
- docBuilder = dbf.newDocumentBuilder();
-
- final Document doc = docBuilder.newDocument();
-
- marshaller.marshall(samlToken, doc);
-
- // Obtain a byte array representation of the marshalled SAML object
- final DOMSource domSource = new DOMSource(doc);
- final StringWriter writer = new StringWriter();
- final StreamResult result = new StreamResult(writer);
- final TransformerFactory transFactory = TransformerFactory
- .newInstance();
- Transformer transformer;
-
- transformer = transFactory.newTransformer();
- transformer.transform(domSource, result);
- LOG.debug("SAML request \n"+ writer.toString());
- return writer.toString().getBytes(CHARACTER_ENCODING);
-
- } catch (ParserConfigurationException e) {
- LOG.error("ParserConfigurationException.");
- throw new SAMLEngineException(e);
- } catch (MarshallingException e) {
- LOG.error("MarshallingException.");
- throw new SAMLEngineException(e);
- } catch (TransformerConfigurationException e) {
- LOG.error("TransformerConfigurationException.");
- throw new SAMLEngineException(e);
- } catch (TransformerException e) {
- LOG.error("TransformerException.");
- throw new SAMLEngineException(e);
- } catch (UnsupportedEncodingException e) {
- LOG.error("UnsupportedEncodingException: " + CHARACTER_ENCODING);
- throw new SAMLEngineException(e);
- }
- }
-
- /**
- * Method that signs a SAML Token.
- *
- * @param tokenSaml the token SAML
- *
- * @return the SAML object sign
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- private SignableSAMLObject sign(final SignableSAMLObject tokenSaml)
- throws SAMLEngineException {
- LOG.debug("Sign SamlToken.");
- signer.sign(tokenSaml);
- return tokenSaml;
- }
-
- /**
- * Sign and transform to byte array.
- *
- * @param samlToken the SAML token
- *
- * @return the byte[] of the SAML token
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- protected final byte[] signAndMarshall(final SignableSAMLObject samlToken)
- throws SAMLEngineException {
- LOG.debug("Marshall Saml Token.");
- SignableSAMLObject signElement = sign(samlToken);
- return marshall(signElement);
- }
-
- /**
- * Method that unmarshalls a SAML Object from a byte array representation to
- * an XML Object.
- *
- * @param samlToken Byte array representation of a SAML Object
- *
- * @return XML Object (superclass of SAMLObject)
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- protected final XMLObject unmarshall(final byte[] samlToken)
- throws SAMLEngineException {
- try {
- // Get parser pool manager
- final BasicParserPool ppMgr = new BasicParserPool();
- // Note: this is necessary due to an unresolved Xerces deferred DOM
- // issue/bug
- final HashMap<String, Boolean> features = new HashMap<String, Boolean>();
- features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- ppMgr.setBuilderFeatures(features);
-
- ppMgr.setNamespaceAware(true);
-
- // Parse SAMLToken
- Document document = ppMgr.parse(new ByteArrayInputStream(samlToken));
- if (document != null){
- final Element root = document.getDocumentElement();
- // Get appropriate unmarshaller
- final UnmarshallerFactory unmarshallerFact = Configuration.getUnmarshallerFactory();
- // Unmarshall using the SAML Token root element
- if (unmarshallerFact != null && root != null){
- final Unmarshaller unmarshaller = unmarshallerFact.getUnmarshaller(root);
- try {
- return unmarshaller.unmarshall(root);
- } catch (NullPointerException e){
- LOG.error("Error element tag incomplet or null.");
- throw new SAMLEngineException("NullPointerException", e);
- }
- } else {
- LOG.error("Error element tag incomplet or null.");
- throw new SAMLEngineException("NullPointerException : unmarshallerFact or root is null");
- }
- } else {
- LOG.error("Error element tag incomplet or null.");
- throw new SAMLEngineException("NullPointerException : document is null");
- }
- } catch (XMLParserException e) {
- LOG.error("XML Parsing Error.", e);
- throw new SAMLEngineException(e);
- } catch (UnmarshallingException e) {
- LOG.error("TransformerException.", e);
- throw new SAMLEngineException(e);
- } catch (NullPointerException e) {
- LOG.error("Error element tag incomplet or null.", e);
- throw new SAMLEngineException(e);
- }
- }
-
- /**
- * Method that validates an XML Signature contained in a SAML Token.
- *
- * @param samlToken the SAML token
- *
- * @return the SAML object
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- protected final SAMLObject validateSignature(
- final SignableSAMLObject samlToken) throws SAMLEngineException {
-
- LOG.info("Validate Signature");
- signer.validateSignature(samlToken);
-
- return samlToken;
- }
-}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/SAMLEngineUtils.java.svn-base b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/SAMLEngineUtils.java.svn-base
deleted file mode 100644
index 60f7c3091..000000000
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/SAMLEngineUtils.java.svn-base
+++ /dev/null
@@ -1,833 +0,0 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.commons.lang.StringUtils;
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.common.impl.ExtensionsBuilder;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.core.SubjectLocality;
-import org.opensaml.saml2.core.impl.AssertionBuilder;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSAny;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.signature.KeyInfo;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-import eu.stork.peps.auth.engine.core.RequestedAttribute;
-import eu.stork.peps.auth.engine.core.SAMLCore;
-import eu.stork.peps.auth.engine.core.SPApplication;
-import eu.stork.peps.auth.engine.core.SPCountry;
-import eu.stork.peps.auth.engine.core.SPInstitution;
-import eu.stork.peps.auth.engine.core.SPSector;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
-
-/**
- * The Class SAMLEngineUtils.
- *
- * @author fjquevedo
- * @author iinigo
- */
-public final class SAMLEngineUtils {
-
- /** The Constant UTF_8. */
- public static final String UTF_8 = "UTF-8";
-
- /** The Constant SHA_512. */
- public static final String SHA_512 = "SHA-512";
-
-
- /** The generator. */
- private static SecureRandomIdentifierGenerator generator;
-
- /** The Constant LOG. */
- private static final Logger LOG = LoggerFactory
- .getLogger(SAMLEngineUtils.class.getName());
-
- /**
- * Method that generates a random value according to NCName grammar.
- *
- * NCName ::= NCNameStartChar NCNameChar* NCNameChar ::= NameChar - ':'
- * NCNameStartChar ::= Letter | '_' NameStartChar ::= ":" | [A-Z] | "_" |
- * [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF] | [#x370-#x37D] |
- * [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F] | [#x2C00-#x2FEF] |
- * [#x3001-#xD7FF] | [#xF900-#xFDCF] | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]
- * NameChar ::= NameStartChar | "-" | "." | [0-9] | #xB7 | [#x0300-#x036F] |
- * [#x203F-#x2040] Name ::= NameStartChar (NameChar)* Letter ::= BaseChar |
- * Ideographic BaseChar ::= [#x0041-#x005A] | [#x0061-#x007A] |
- * [#x00C0-#x00D6] | [#x00D8-#x00F6] | [#x00F8-#x00FF] | [#x0100-#x0131] |
- * [#x0134-#x013E] | [#x0141-#x0148] | [#x014A-#x017E] | [#x0180-#x01C3] |
- * [#x01CD-#x01F0] | [#x01F4-#x01F5] | [#x01FA-#x0217] | [#x0250-#x02A8] |
- * [#x02BB-#x02C1] | #x0386 | [#x0388-#x038A] | #x038C | [#x038E-#x03A1] |
- * [#x03A3-#x03CE] | [#x03D0-#x03D6] | #x03DA | #x03DC | #x03DE | #x03E0 |
- * [#x03E2-#x03F3] | [#x0401-#x040C] | [#x040E-#x044F] | [#x0451-#x045C] |
- * [#x045E-#x0481] | [#x0490-#x04C4] | [#x04C7-#x04C8] | [#x04CB-#x04CC] |
- * [#x04D0-#x04EB] | [#x04EE-#x04F5] | [#x04F8-#x04F9] | [#x0531-#x0556] |
- * #x0559 | [#x0561-#x0586] | [#x05D0-#x05EA] | [#x05F0-#x05F2] |
- * [#x0621-#x063A] | [#x0641-#x064A] | [#x0671-#x06B7] | [#x06BA-#x06BE] |
- * [#x06C0-#x06CE] | [#x06D0-#x06D3] | #x06D5 | [#x06E5-#x06E6] |
- * [#x0905-#x0939] | #x093D | [#x0958-#x0961] | [#x0985-#x098C] |
- * [#x098F-#x0990] | [#x0993-#x09A8] | [#x09AA-#x09B0] | #x09B2 |
- * [#x09B6-#x09B9] | [#x09DC-#x09DD] | [#x09DF-#x09E1] | [#x09F0-#x09F1] |
- * [#x0A05-#x0A0A] | [#x0A0F-#x0A10] | [#x0A13-#x0A28] | [#x0A2A-#x0A30] |
- * [#x0A32-#x0A33] | [#x0A35-#x0A36] | [#x0A38-#x0A39] | [#x0A59-#x0A5C] |
- * #x0A5E | [#x0A72-#x0A74] | [#x0A85-#x0A8B] | #x0A8D | [#x0A8F-#x0A91] |
- * [#x0A93-#x0AA8] | [#x0AAA-#x0AB0] | [#x0AB2-#x0AB3] | [#x0AB5-#x0AB9] |
- * #x0ABD | #x0AE0 | [#x0B05-#x0B0C] | [#x0B0F-#x0B10] | [#x0B13-#x0B28] |
- * [#x0B2A-#x0B30] | [#x0B32-#x0B33] | [#x0B36-#x0B39] | #x0B3D |
- * [#x0B5C-#x0B5D] | [#x0B5F-#x0B61] | [#x0B85-#x0B8A] | [#x0B8E-#x0B90] |
- * [#x0B92-#x0B95] | [#x0B99-#x0B9A] | #x0B9C | [#x0B9E-#x0B9F] |
- * [#x0BA3-#x0BA4] | [#x0BA8-#x0BAA] | [#x0BAE-#x0BB5] | [#x0BB7-#x0BB9] |
- * [#x0C05-#x0C0C] | [#x0C0E-#x0C10] | [#x0C12-#x0C28] | [#x0C2A-#x0C33] |
- * [#x0C35-#x0C39] | [#x0C60-#x0C61] | [#x0C85-#x0C8C] | [#x0C8E-#x0C90] |
- * [#x0C92-#x0CA8] | [#x0CAA-#x0CB3] | [#x0CB5-#x0CB9] | #x0CDE |
- * [#x0CE0-#x0CE1] | [#x0D05-#x0D0C] | [#x0D0E-#x0D10] | [#x0D12-#x0D28] |
- * [#x0D2A-#x0D39] | [#x0D60-#x0D61] | [#x0E01-#x0E2E] | #x0E30 |
- * [#x0E32-#x0E33] | [#x0E40-#x0E45] | [#x0E81-#x0E82] | #x0E84 |
- * [#x0E87-#x0E88] | #x0E8A | #x0E8D | [#x0E94-#x0E97] | [#x0E99-#x0E9F] |
- * [#x0EA1-#x0EA3] | #x0EA5 | #x0EA7 | [#x0EAA-#x0EAB] | [#x0EAD-#x0EAE] |
- * #x0EB0 | [#x0EB2-#x0EB3] | #x0EBD | [#x0EC0-#x0EC4] | [#x0F40-#x0F47] |
- * [#x0F49-#x0F69] | [#x10A0-#x10C5] | [#x10D0-#x10F6] | #x1100 |
- * [#x1102-#x1103] | [#x1105-#x1107] | #x1109 | [#x110B-#x110C] |
- * [#x110E-#x1112] | #x113C | #x113E | #x1140 | #x114C | #x114E | #x1150 |
- * [#x1154-#x1155] | #x1159 | [#x115F-#x1161] | #x1163 | #x1165 | #x1167 |
- * #x1169 | [#x116D-#x116E] | [#x1172-#x1173] | #x1175 | #x119E | #x11A8 |
- * #x11AB | [#x11AE-#x11AF] | [#x11B7-#x11B8] | #x11BA | [#x11BC-#x11C2] |
- * #x11EB | #x11F0 | #x11F9 | [#x1E00-#x1E9B] | [#x1EA0-#x1EF9] |
- * [#x1F00-#x1F15] | [#x1F18-#x1F1D] | [#x1F20-#x1F45] | [#x1F48-#x1F4D] |
- * [#x1F50-#x1F57] | #x1F59 | #x1F5B | #x1F5D | [#x1F5F-#x1F7D] |
- * [#x1F80-#x1FB4] | [#x1FB6-#x1FBC] | #x1FBE | [#x1FC2-#x1FC4] |
- * [#x1FC6-#x1FCC] | [#x1FD0-#x1FD3] | [#x1FD6-#x1FDB] | [#x1FE0-#x1FEC] |
- * [#x1FF2-#x1FF4] | [#x1FF6-#x1FFC] | #x2126 | [#x212A-#x212B] | #x212E |
- * [#x2180-#x2182] | [#x3041-#x3094] | [#x30A1-#x30FA] | [#x3105-#x312C] |
- * [#xAC00-#xD7A3] Ideographic ::= [#x4E00-#x9FA5] | #x3007 |
- * [#x3021-#x3029]
- *
- * @return Random ID value
- */
-
- //Initialization of a generator of identifiers for all token SAML.
-
- static {
- loadRandomIdentifierGenerator();
- }
-
-
- /**
- * Load random identifier generator.
- *
- *@throws STORKSAMLEngineRuntimeException the STORKSAML engine runtime exception
- */
- private static void loadRandomIdentifierGenerator() {
-
- try {
- generator = new SecureRandomIdentifierGenerator();
- } catch (NoSuchAlgorithmException ex) {
- LOG.error("Error init SecureRandomIdentifierGenerator", ex);
- throw new STORKSAMLEngineRuntimeException(ex);
- }
-
- }
-
- /**
- * Creates the SAML object.
- *
- * @param qname the QName
- *
- * @return the XML object
- */
- public static XMLObject createSamlObject(final QName qname) {
- return Configuration.getBuilderFactory().getBuilder(qname).buildObject(
- qname);
- }
-
- /**
- * Creates the SAML object.
- *
- * @param qname the quality name
- * @param qname1 the qname1
- *
- * @return the xML object
- */
- public static XMLObject createSamlObject(final QName qname,
- final QName qname1) {
- return Configuration.getBuilderFactory().getBuilder(qname1)
- .buildObject(qname, qname1);
- }
-
- /**
- * Encode value with an specific algorithm.
- *
- * @param value the value
- * @param alg the algorithm
- *
- * @return the string
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static String encode(final String value, final String alg)
- throws STORKSAMLEngineException {
- LOG.debug("Encode value with " + alg + " algorithm.");
- byte[] buffer;
-
- final StringBuffer hash = new StringBuffer("");
- try {
- buffer = value.getBytes(UTF_8);
- MessageDigest msgDig;
- msgDig = MessageDigest.getInstance(alg);
-
-
- msgDig.update(buffer);
- final byte[] digest = msgDig.digest();
-
- final int signedByte = 0xff;
- for (byte aux : digest) {
- final int byt = aux & signedByte;
- if (Integer.toHexString(byt).length() == 1) {
- hash.append('0');
- }
- hash.append(Integer.toHexString(byt));
- }
-
- } catch (UnsupportedEncodingException e1) {
- LOG.error("UnsupportedEncodingException: " + UTF_8);
- throw new STORKSAMLEngineException(e1);
- } catch (NoSuchAlgorithmException e) {
- LOG.error("NoSuchAlgorithmException: " + alg);
- throw new STORKSAMLEngineException(e);
- }
-
- return hash.toString();
- }
-
- /**
- * Generate assertion.
- *
- * @param version the version
- * @param identifier the identifier
- * @param issueInstant the issue instant
- * @param issuer the issuer
- *
- * @return the assertion
- */
- public static Assertion generateAssertion(final SAMLVersion version,
- final String identifier, final DateTime issueInstant,
- final Issuer issuer) {
- final AssertionBuilder assertionBuilder = new AssertionBuilder();
- final Assertion assertion = assertionBuilder.buildObject();
- assertion.setVersion(version);
- assertion.setID(identifier);
- assertion.setIssueInstant(issueInstant);
-
- // <saml:Issuer>
- assertion.setIssuer(issuer);
- return assertion;
- }
-
- /**
- * Generate authentication statement.
- *
- * @param authnInstant the authentication instant
- * @param authnContext the authentication context
- *
- * @return the authentication statement
- */
- public static AuthnStatement generateAthnStatement(final DateTime authnInstant,
- final AuthnContext authnContext) {
- // <saml:AuthnStatement>
- final AuthnStatement authnStatement = (AuthnStatement) SAMLEngineUtils
- .createSamlObject(AuthnStatement.DEFAULT_ELEMENT_NAME);
-
- authnStatement.setAuthnInstant(authnInstant);
- authnStatement.setAuthnContext(authnContext);
-
- return authnStatement;
- }
-
-
-
-
-
- /**
- * Generate attribute from a list of values.
- *
- * @param name the name of the attribute.
- * @param status the status of the parameter: "Available", "NotAvailable" or
- * "Withheld".
- * @param values the value of the attribute.
- * @param isHashing the is hashing with "SHA-512" algorithm.
- * @return the attribute
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static Attribute generateAttrComplex(final String name,
- final String status, final Map<String, String> values,
- final boolean isHashing) throws STORKSAMLEngineException {
- LOG.debug("Generate attribute complex: " + name);
- final Attribute attribute = (Attribute) SAMLEngineUtils
- .createSamlObject(Attribute.DEFAULT_ELEMENT_NAME);
-
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
-
- attribute.getUnknownAttributes().put(
- new QName(SAMLCore.STORK10_NS.getValue(), "AttributeStatus",
- SAMLCore.STORK10_PREFIX.getValue()), status);
-
- if (!values.isEmpty()) {
- LOG.debug("Add attribute values.");
-
- // Create an attribute that contains all XSAny elements.
- final XSAny attrValue = (XSAny) SAMLEngineUtils.createSamlObject(
- AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
-
- final Iterator<Entry<String, String>> iterator = values.entrySet()
- .iterator();
- while (iterator.hasNext()) {
- final Map.Entry<String, String> pairs = iterator.next();
-
- final String value = pairs.getValue();
-
- if (StringUtils.isNotBlank(value)) {
- // Create the attribute statement
- final XSAny attrValueSimple = (XSAny) SAMLEngineUtils
- .createSamlObject(new QName(SAMLCore.STORK10_NS.getValue(),
- pairs.getKey().toString(),
- SAMLCore.STORK10_PREFIX.getValue()), XSAny.TYPE_NAME);
-
- // if it's necessary encode the information.
- if (isHashing) {
- attrValueSimple
- .setTextContent(encode(value, SHA_512));
- } else {
- attrValueSimple.setTextContent(value);
- }
-
- attrValue.getUnknownXMLObjects().add(attrValueSimple);
- attribute.getAttributeValues().add(attrValue);
- }
- }
-
- }
- return attribute;
- }
-
- /**
- * Generate extension.
- *
- * @return the extensions
- */
- public static Extensions generateExtension() {
- final ExtensionsBuilder extensionsBuilder = new ExtensionsBuilder();
- return extensionsBuilder.buildObject(
- "urn:oasis:names:tc:SAML:2.0:protocol", "Extensions", "saml2p");
- }
-
-
-
-
- /**
- * Generate issuer.
- *
- * @return the issuer
- */
- public static Issuer generateIssuer() {
- return (Issuer) SAMLEngineUtils
- .createSamlObject(Issuer.DEFAULT_ELEMENT_NAME);
- }
-
- /**
- * Generate key info.
- *
- * @return the key info
- */
- public static KeyInfo generateKeyInfo() {
- return (KeyInfo) SAMLEngineUtils
- .createSamlObject(KeyInfo.DEFAULT_ELEMENT_NAME);
- }
-
- /**
- * Generate name id.
- *
- * @return the name id
- */
- public static NameID generateNameID() {
- return (NameID) SAMLEngineUtils
- .createSamlObject(NameID.DEFAULT_ELEMENT_NAME);
- }
-
- /**
- * Generate name id.
- *
- * @param nameQualifier the name qualifier
- * @param format the format
- * @param spNameQualifier the sP name qualifier
- *
- * @return the name id
- */
- public static NameID generateNameID(final String nameQualifier,
- final String format, final String spNameQualifier) {
- // <saml:NameID>
- final NameID nameId = (NameID) Configuration.getBuilderFactory()
- .getBuilder(NameID.DEFAULT_ELEMENT_NAME).buildObject(
- NameID.DEFAULT_ELEMENT_NAME);
-
- // optional
- nameId.setNameQualifier(nameQualifier);
-
- // optional
- nameId.setFormat(format);
-
- // optional
- nameId.setSPNameQualifier(spNameQualifier);
-
- return nameId;
- }
-
- /**
- * Generate NCName.
- *
- * @return the string
- */
- public static String generateNCName() {
- return generator.generateIdentifier();
- }
-
-
- /**
- * Generate the quality authentication assurance level.
- *
- * @param qaal the level of quality authentication assurance.
- *
- * @return the quality authentication assurance attribute
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static QAAAttribute generateQAAAttribute(final int qaal)
- throws STORKSAMLEngineException {
- LOG.debug("Generate QAAAttribute.");
-
- final QAAAttribute qaaAttribute = (QAAAttribute) SAMLEngineUtils
- .createSamlObject(QAAAttribute.DEF_ELEMENT_NAME);
- qaaAttribute.setQaaLevel(String.valueOf(qaal));
- return qaaAttribute;
- }
-
- /**
- * Generate requested attribute.
- *
- * @param name the name
- * @param friendlyName the friendly name
- * @param isRequired the is required
- * @param value the value
- *
- * @return the requested attribute
- */
- public static RequestedAttribute generateReqAuthnAttributeSimple(
- final String name, final String friendlyName,
- final String isRequired, final List<String> value) {
- LOG.debug("Generate the requested attribute.");
-
- final RequestedAttribute requested = (RequestedAttribute) SAMLEngineUtils
- .createSamlObject(RequestedAttribute.DEF_ELEMENT_NAME);
- requested.setName(name);
- requested.setNameFormat(RequestedAttribute.URI_REFERENCE);
-
- requested.setFriendlyName(friendlyName);
-
- requested.setIsRequired(isRequired);
-
- // The value is optional in an authentication request.
- if (!value.isEmpty()) {
- for (int nextValue = 0; nextValue < value.size(); nextValue++) {
- final String valor = value.get(nextValue);
- if (StringUtils.isNotBlank(valor)) {
-
- if(!name.equals("http://www.stork.gov.eu/1.0/signedDoc")){
-
- // Create the attribute statement
- final XSAny attrValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- new QName(SAMLCore.STORK10_NS.getValue(),
- "AttributeValue",
- SAMLCore.STORK10_PREFIX.getValue()),
- XSAny.TYPE_NAME);
-
- attrValue.setTextContent(valor.trim());
- requested.getAttributeValues().add(attrValue);
-
- }else{
-
- DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
- domFactory.setNamespaceAware(true);
- Document document = null;
- DocumentBuilder builder;
-
- // Parse the signedDoc value into an XML DOM Document
- try {
- builder = domFactory.newDocumentBuilder();
- InputStream is;
- is = new ByteArrayInputStream(valor.trim().getBytes("UTF-8"));
- document = builder.parse(is);
- is.close();
- } catch (SAXException e1) {
- LOG.error("SAX Error while parsing signModule attribute", e1);
- throw new STORKSAMLEngineRuntimeException(e1);
- } catch (ParserConfigurationException e2) {
- LOG.error("Parser Configuration Error while parsing signModule attribute", e2);
- throw new STORKSAMLEngineRuntimeException(e2);
- } catch (UnsupportedEncodingException e3) {
- LOG.error("Unsupported encoding Error while parsing signModule attribute", e3);
- throw new STORKSAMLEngineRuntimeException(e3);
- } catch (IOException e4) {
- LOG.error("IO Error while parsing signModule attribute", e4);
- throw new STORKSAMLEngineRuntimeException(e4);
- }
-
- // Create the XML statement(this will be overwritten with the previous DOM structure)
- final XSAny xmlValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- new QName(SAMLCore.STORK10_NS.getValue(),
- "XMLValue",
- SAMLCore.STORK10_PREFIX.getValue()),
- XSAny.TYPE_NAME);
-
- //Set the signedDoc XML content to this element
- xmlValue.setDOM(document.getDocumentElement());
-
- // Create the attribute statement
- final XSAny attrValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- new QName(SAMLCore.STORK10_NS.getValue(),
- "AttributeValue",
- SAMLCore.STORK10_PREFIX.getValue()),
- XSAny.TYPE_NAME);
-
- //Add previous signedDocXML to the AttributeValue Element
- attrValue.getUnknownXMLObjects().add(xmlValue);
-
- requested.getAttributeValues().add(attrValue);
- }
-
-
- }
- }
- }
-
- return requested;
- }
-
- /**
- * Generate response.
- *
- * @param version the version
- * @param identifier the identifier
- * @param issueInstant the issue instant
- * @param status the status
- *
- * @return the response
- */
- public static Response generateResponse(final SAMLVersion version,
- final String identifier, final DateTime issueInstant,
- final Status status) {
- final Response response = (Response) SAMLEngineUtils
- .createSamlObject(Response.DEFAULT_ELEMENT_NAME);
- response.setID(identifier);
- response.setIssueInstant(issueInstant);
- response.setStatus(status);
- return response;
- }
-
- /**
- * Method that generates a SAML Authentication Request basing on the
- * provided information.
- *
- * @param identifier the identifier
- * @param version the version
- * @param issueInstant the issue instant
- *
- * @return the authentication request
- */
- public static AuthnRequest generateSAMLAuthnRequest(final String identifier,
- final SAMLVersion version, final DateTime issueInstant) {
- LOG.debug("Generate basic authentication request.");
- final AuthnRequest authnRequest = (AuthnRequest) SAMLEngineUtils
- .createSamlObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
-
- authnRequest.setID(identifier);
- authnRequest.setVersion(version);
- authnRequest.setIssueInstant(issueInstant);
- return authnRequest;
- }
-
- public static AttributeQuery generateSAMLAttrQueryRequest(final String identifier,
- final SAMLVersion version, final DateTime issueInstant) {
- LOG.debug("Generate attribute query request.");
- final AttributeQuery attrQueryRequest = (AttributeQuery) SAMLEngineUtils
- .createSamlObject(AttributeQuery.DEFAULT_ELEMENT_NAME);
-
- attrQueryRequest.setID(identifier);
- attrQueryRequest.setVersion(version);
- attrQueryRequest.setIssueInstant(issueInstant);
- return attrQueryRequest;
- }
-
- /**
- * Generate service provider application.
- *
- * @param spApplication the service provider application
- *
- * @return the sP application
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static SPApplication generateSPApplication(final String spApplication)
- throws STORKSAMLEngineException {
- LOG.debug("Generate SPApplication.");
-
- final SPApplication applicationAttr = (SPApplication) SAMLEngineUtils
- .createSamlObject(SPApplication.DEF_ELEMENT_NAME);
- applicationAttr.setSPApplication(spApplication);
- return applicationAttr;
- }
-
- /**
- * Generate service provider country.
- *
- * @param spCountry the service provider country
- *
- * @return the service provider country
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static SPCountry generateSPCountry(final String spCountry)
- throws STORKSAMLEngineException {
- LOG.debug("Generate SPApplication.");
-
- final SPCountry countryAttribute = (SPCountry) SAMLEngineUtils
- .createSamlObject(SPCountry.DEF_ELEMENT_NAME);
- countryAttribute.setSPCountry(spCountry);
- return countryAttribute;
- }
-
- /**
- * Generate service provider institution.
- *
- * @param spInstitution the service provider institution
- *
- * @return the service provider institution
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static SPInstitution generateSPInstitution(final String spInstitution)
- throws STORKSAMLEngineException {
- LOG.debug("Generate SPInstitution.");
-
- final SPInstitution institutionAttr = (SPInstitution) SAMLEngineUtils
- .createSamlObject(SPInstitution.DEF_ELEMENT_NAME);
- institutionAttr.setSPInstitution(spInstitution);
- return institutionAttr;
- }
-
- /**
- * Generate service provider sector.
- *
- * @param spSector the service provider sector
- *
- * @return the service provider sector
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static SPSector generateSPSector(final String spSector)
- throws STORKSAMLEngineException {
- LOG.debug("Generate SPSector.");
-
- final SPSector sectorAttribute = (SPSector) SAMLEngineUtils
- .createSamlObject(SPSector.DEF_ELEMENT_NAME);
- sectorAttribute.setSPSector(spSector);
- return sectorAttribute;
- }
-
- /**
- * Generate status.
- *
- * @param statusCode the status code
- *
- * @return the status
- */
- public static Status generateStatus(final StatusCode statusCode) {
- final Status status = (Status) SAMLEngineUtils
- .createSamlObject(Status.DEFAULT_ELEMENT_NAME);
- status.setStatusCode(statusCode);
- return status;
- }
-
- /**
- * Generate status code.
- *
- * @param value the value
- *
- * @return the status code
- */
- public static StatusCode generateStatusCode(final String value) {
- final StatusCode statusCode = (StatusCode) SAMLEngineUtils
- .createSamlObject(StatusCode.DEFAULT_ELEMENT_NAME);
- statusCode.setValue(value);
- return statusCode;
- }
-
-
- /**
- * Generate status message.
- *
- * @param message the message
- *
- * @return the status message
- */
- public static StatusMessage generateStatusMessage(final String message) {
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .createSamlObject(StatusMessage.DEFAULT_ELEMENT_NAME);
- statusMessage.setMessage(message);
- return statusMessage;
- }
-
- /**
- * Generate subject.
- *
- * @return the subject
- */
- public static Subject generateSubject() {
- return (Subject) SAMLEngineUtils
- .createSamlObject(Subject.DEFAULT_ELEMENT_NAME);
- }
-
- /**
- * Generate subject confirmation.
- *
- * @param method the method
- * @param data the data
- *
- * @return the subject confirmation
- */
- public static SubjectConfirmation generateSubjectConfirmation(
- final String method, final SubjectConfirmationData data) {
- final SubjectConfirmation subjectConf = (SubjectConfirmation) Configuration
- .getBuilderFactory().getBuilder(
- SubjectConfirmation.DEFAULT_ELEMENT_NAME).buildObject(
- SubjectConfirmation.DEFAULT_ELEMENT_NAME);
-
- subjectConf.setMethod(method);
-
- subjectConf.setSubjectConfirmationData(data);
-
- return subjectConf;
- }
-
-
- /**
- * Generate subject confirmation data.
- *
- * @param notOnOrAfter the not on or after
- * @param recipient the recipient
- * @param inResponseTo the in response to
- *
- * @return the subject confirmation data
- */
- public static SubjectConfirmationData generateSubjectConfirmationData(
- final DateTime notOnOrAfter, final String recipient,
- final String inResponseTo) {
- final SubjectConfirmationData subjectConfData = (SubjectConfirmationData) SAMLEngineUtils
- .createSamlObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
- subjectConfData.setNotOnOrAfter(notOnOrAfter);
- subjectConfData.setRecipient(recipient);
- subjectConfData.setInResponseTo(inResponseTo);
- return subjectConfData;
- }
-
-
- /**
- * Generate subject locality.
- *
- * @param address the address
- *
- * @return the subject locality
- */
- public static SubjectLocality generateSubjectLocality(final String address) {
- final SubjectLocality subjectLocality = (SubjectLocality) SAMLEngineUtils
- .createSamlObject(SubjectLocality.DEFAULT_ELEMENT_NAME);
- subjectLocality.setAddress(address);
- return subjectLocality;
- }
-
-
-
-
- /**
- * Method that returns the current time.
- *
- * @return the current time
- */
- public static DateTime getCurrentTime() {
- return new DateTime();
- }
-
-
- /**
- * Instantiates a new SAML engine utilities.
- */
- private SAMLEngineUtils() {
- }
-
-}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/STORKSAMLEngine.java.svn-base b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/STORKSAMLEngine.java.svn-base
deleted file mode 100644
index 3cac2f637..000000000
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/STORKSAMLEngine.java.svn-base
+++ /dev/null
@@ -1,2983 +0,0 @@
-/*
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.apache.commons.lang.StringUtils;
-import org.bouncycastle.jce.X509Principal;
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextDecl;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.OneTimeUse;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.core.SubjectLocality;
-import org.opensaml.saml2.core.impl.SubjectConfirmationBuilder;
-import org.opensaml.xml.Namespace;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSAny;
-import org.opensaml.xml.schema.impl.XSAnyBuilder;
-import org.opensaml.xml.schema.impl.XSAnyImpl;
-import org.opensaml.xml.schema.impl.XSAnyMarshaller;
-import org.opensaml.xml.schema.impl.XSAnyUnmarshaller;
-import org.opensaml.xml.schema.impl.XSStringImpl;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.Validator;
-import org.opensaml.xml.validation.ValidatorSuite;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
-import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
-import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
-import eu.stork.peps.auth.engine.core.CitizenCountryCode;
-import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
-import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
-import eu.stork.peps.auth.engine.core.EIDSectorShare;
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-import eu.stork.peps.auth.engine.core.RequestedAttribute;
-import eu.stork.peps.auth.engine.core.RequestedAttributes;
-import eu.stork.peps.auth.engine.core.SAMLCore;
-import eu.stork.peps.auth.engine.core.SPApplication;
-import eu.stork.peps.auth.engine.core.SPCountry;
-import eu.stork.peps.auth.engine.core.SPID;
-import eu.stork.peps.auth.engine.core.SPInformation;
-import eu.stork.peps.auth.engine.core.SPInstitution;
-import eu.stork.peps.auth.engine.core.SPSector;
-import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
-import eu.stork.peps.auth.engine.core.impl.AuthenticationAttributesBuilder;
-import eu.stork.peps.auth.engine.core.impl.AuthenticationAttributesMarshaller;
-import eu.stork.peps.auth.engine.core.impl.AuthenticationAttributesUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.CitizenCountryCodeBuilder;
-import eu.stork.peps.auth.engine.core.impl.CitizenCountryCodeMarshaller;
-import eu.stork.peps.auth.engine.core.impl.CitizenCountryCodeUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossBorderShareBuilder;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossBorderShareMarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossBorderShareUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossSectorShareBuilder;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossSectorShareMarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossSectorShareUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDSectorShareBuilder;
-import eu.stork.peps.auth.engine.core.impl.EIDSectorShareMarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDSectorShareUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.QAAAttributeBuilder;
-import eu.stork.peps.auth.engine.core.impl.QAAAttributeMarshaller;
-import eu.stork.peps.auth.engine.core.impl.QAAAttributeUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributeBuilder;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributeMarshaller;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributeUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributesBuilder;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributesMarshaller;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributesUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPApplicationBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPApplicationMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPApplicationUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPCountryBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPCountryMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPCountryUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPIDBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPIDMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPIDUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPInformationBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPInformationMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPInformationUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPInstitutionBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPInstitutionMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPInstitutionUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPSectorBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPSectorMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPSectorUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.VIDPAuthenticationAttributesBuilder;
-import eu.stork.peps.auth.engine.core.impl.VIDPAuthenticationAttributesMarshaller;
-import eu.stork.peps.auth.engine.core.impl.VIDPAuthenticationAttributesUnmarshaller;
-import eu.stork.peps.auth.engine.core.validator.ExtensionsSchemaValidator;
-import eu.stork.peps.auth.engine.core.validator.QAAAttributeSchemaValidator;
-import eu.stork.peps.exceptions.SAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
-
-/**
- * Class that wraps the operations over SAML tokens, both generation and
- * validation of SAML STORK requests and SAML STORK responses. Complaint with
- * "OASIS Secure Assertion Markup Language (SAML) 2.0, May 2005", but taking
- * into account STORK specific requirements.
- *
- * @author fjquevedo
- * @author iinigo
- */
-public final class STORKSAMLEngine extends SAMLEngine {
-
- /** The Constant LOG. */
- private static final Logger LOG = LoggerFactory
- .getLogger(STORKSAMLEngine.class.getName());
-
- private static final String ATTRIBUTE_EMPTY_LITERAL = "Attribute name is null or empty.";
- /**
- * Gets the single instance of STORKSAMLEngine.
- *
- * @param nameInstance the name instance
- *
- * @return single instance of STORKSAMLEngine
- */
- public static synchronized STORKSAMLEngine getInstance(
- final String nameInstance) {
- STORKSAMLEngine engine = null;
- LOG.info("Get instance: " + nameInstance);
- try {
- engine = new STORKSAMLEngine(nameInstance.trim());
- } catch (Exception e) {
- LOG.error("Error get instance: " + nameInstance);
- }
- return engine;
- }
-
- /**
- * Instantiate a new STORKSAML engine.
- *
- * @param nameInstance the name instance
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private STORKSAMLEngine(final String nameInstance)
- throws STORKSAMLEngineException {
- // Initialization OpenSAML.
- super(nameInstance);
- LOG.info("Register STORK objects provider.");
- Configuration.registerObjectProvider(QAAAttribute.DEF_ELEMENT_NAME,
- new QAAAttributeBuilder(), new QAAAttributeMarshaller(),
- new QAAAttributeUnmarshaller());
-
- Configuration.registerObjectProvider(EIDSectorShare.DEF_ELEMENT_NAME,
- new EIDSectorShareBuilder(), new EIDSectorShareMarshaller(),
- new EIDSectorShareUnmarshaller());
-
- Configuration.registerObjectProvider(
- EIDCrossSectorShare.DEF_ELEMENT_NAME,
- new EIDCrossSectorShareBuilder(),
- new EIDCrossSectorShareMarshaller(),
- new EIDCrossSectorShareUnmarshaller());
-
- Configuration.registerObjectProvider(
- EIDCrossBorderShare.DEF_ELEMENT_NAME,
- new EIDCrossBorderShareBuilder(),
- new EIDCrossBorderShareMarshaller(),
- new EIDCrossBorderShareUnmarshaller());
-
- Configuration.registerObjectProvider(SPSector.DEF_ELEMENT_NAME,
- new SPSectorBuilder(), new SPSectorMarshaller(),
- new SPSectorUnmarshaller());
-
- Configuration.registerObjectProvider(SPInstitution.DEF_ELEMENT_NAME,
- new SPInstitutionBuilder(), new SPInstitutionMarshaller(),
- new SPInstitutionUnmarshaller());
-
- Configuration.registerObjectProvider(SPApplication.DEF_ELEMENT_NAME,
- new SPApplicationBuilder(), new SPApplicationMarshaller(),
- new SPApplicationUnmarshaller());
-
- Configuration.registerObjectProvider(SPCountry.DEF_ELEMENT_NAME,
- new SPCountryBuilder(), new SPCountryMarshaller(),
- new SPCountryUnmarshaller());
-
- Configuration.registerObjectProvider(XSAny.TYPE_NAME,
- new XSAnyBuilder(), new XSAnyMarshaller(),
- new XSAnyUnmarshaller());
-
- Configuration.registerObjectProvider(
- RequestedAttribute.DEF_ELEMENT_NAME,
- new RequestedAttributeBuilder(),
- new RequestedAttributeMarshaller(),
- new RequestedAttributeUnmarshaller());
-
- Configuration.registerObjectProvider(
- RequestedAttributes.DEF_ELEMENT_NAME,
- new RequestedAttributesBuilder(),
- new RequestedAttributesMarshaller(),
- new RequestedAttributesUnmarshaller());
-
- Configuration.registerObjectProvider(
- AuthenticationAttributes.DEF_ELEMENT_NAME,
- new AuthenticationAttributesBuilder(),
- new AuthenticationAttributesMarshaller(),
- new AuthenticationAttributesUnmarshaller());
-
- Configuration.registerObjectProvider(
- VIDPAuthenticationAttributes.DEF_ELEMENT_NAME,
- new VIDPAuthenticationAttributesBuilder(),
- new VIDPAuthenticationAttributesMarshaller(),
- new VIDPAuthenticationAttributesUnmarshaller());
-
- Configuration.registerObjectProvider(
- CitizenCountryCode.DEF_ELEMENT_NAME,
- new CitizenCountryCodeBuilder(),
- new CitizenCountryCodeMarshaller(),
- new CitizenCountryCodeUnmarshaller());
-
- Configuration.registerObjectProvider(
- SPID.DEF_ELEMENT_NAME,
- new SPIDBuilder(),
- new SPIDMarshaller(),
- new SPIDUnmarshaller());
-
- Configuration.registerObjectProvider(
- SPInformation.DEF_ELEMENT_NAME,
- new SPInformationBuilder(),
- new SPInformationMarshaller(),
- new SPInformationUnmarshaller());
-
- LOG.info("Register STORK object validators.");
- final ValidatorSuite validatorSuite = new ValidatorSuite(
- QAAAttribute.DEF_LOCAL_NAME);
-
- validatorSuite.registerValidator(QAAAttribute.DEF_ELEMENT_NAME,
- new QAAAttributeSchemaValidator());
- final Extensions extensions = SAMLEngineUtils.generateExtension();
- validatorSuite.registerValidator(extensions.getElementQName(),
- new ExtensionsSchemaValidator());
-
- Configuration.registerValidatorSuite(
- "stork:QualityAuthenticationAssuranceLevel", validatorSuite);
-
- }
-
- /**
- * Generate authentication response base.
- *
- * @param status the status
- * @param assertConsumerURL the assert consumer URL.
- * @param inResponseTo the in response to
- *
- * @return the response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Response genAuthnRespBase(final Status status,
- final String assertConsumerURL, final String inResponseTo)
- throws STORKSAMLEngineException {
- LOG.debug("Generate Authentication Response base.");
- final Response response = SAMLEngineUtils.generateResponse(
- SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(),
- SAMLEngineUtils.getCurrentTime(), status);
-
- // Set name Spaces
- this.setNameSpaces(response);
-
- // Mandatory STORK
- LOG.debug("Generate Issuer");
- final Issuer issuer = SAMLEngineUtils.generateIssuer();
- issuer.setValue(super.getSamlCoreProperties().getResponder());
-
- // Format Entity Optional STORK
- issuer.setFormat(super.getSamlCoreProperties().getFormatEntity());
-
- response.setIssuer(issuer);
-
- // destination Mandatory Stork
- response.setDestination(assertConsumerURL.trim());
-
- // inResponseTo Mandatory Stork
- response.setInResponseTo(inResponseTo.trim());
-
- // Optional STORK
- response.setConsent(super.getSamlCoreProperties()
- .getConsentAuthnResponse());
-
- return response;
- }
-
- /**
- * Generate attribute query response base.
- *
- * @param status the status
- * @param destinationURL the assert consumer URL.
- * @param inResponseTo the in response to
- *
- * @return the response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Response genAttrQueryRespBase(final Status status,
- final String destinationURL, final String inResponseTo)
- throws STORKSAMLEngineException {
- LOG.debug("Generate Attribute query Response base.");
- final Response response = SAMLEngineUtils.generateResponse(
- SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(),
- SAMLEngineUtils.getCurrentTime(), status);
-
- // Set name Spaces
- this.setNameSpaces(response);
-
- // Mandatory STORK
- LOG.debug("Generate Issuer");
- final Issuer issuer = SAMLEngineUtils.generateIssuer();
- issuer.setValue(super.getSamlCoreProperties().getResponder());
-
- // Format Entity Optional STORK
- issuer.setFormat(super.getSamlCoreProperties().getFormatEntity());
-
- response.setIssuer(issuer);
-
- // destination Mandatory Stork
- response.setDestination(destinationURL.trim());
-
- // inResponseTo Mandatory Stork
- response.setInResponseTo(inResponseTo.trim());
-
- // Optional STORK
- response.setConsent(super.getSamlCoreProperties()
- .getConsentAuthnResponse());
-
- return response;
- }
-
- /**
- * Generate assertion.
- *
- * @param ipAddress the IP address.
- * @param assertConsumerURL the assert consumer URL.
- * @param inResponseTo the in response to
- * @param issuer the issuer
- * @param notOnOrAfter the not on or after
- *
- * @return the assertion
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Assertion generateAssertion(final String ipAddress,
- final String assertConsumerURL, final String inResponseTo,
- final String issuer, final DateTime notOnOrAfter)
- throws STORKSAMLEngineException {
- LOG.info("Generate Assertion.");
-
- // Mandatory STORK
- LOG.debug("Generate Issuer to Assertion");
- final Issuer issuerAssertion = SAMLEngineUtils.generateIssuer();
- issuerAssertion.setValue(super.getSamlCoreProperties().getResponder());
-
- // Format Entity Optional STORK
- issuerAssertion.setFormat(super.getSamlCoreProperties()
- .getFormatEntity());
-
- final Assertion assertion = SAMLEngineUtils.generateAssertion(
- SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(),
- SAMLEngineUtils.getCurrentTime(), issuerAssertion);
-
- final Subject subject = SAMLEngineUtils.generateSubject();
-
- // Mandatory STORK verified
- // String format = NameID.UNSPECIFIED
- // specification: 'SAML:2.0' exist
- // opensaml: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- // opensaml "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
- final String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
-
- final String nameQualifier = "";
-
- LOG.debug("Generate NameID");
- final NameID nameId = SAMLEngineUtils.generateNameID(super
- .getSamlCoreProperties().getResponder(), format, nameQualifier);
- nameId.setValue(format);
- subject.setNameID(nameId);
-
- // Mandatory if urn:oasis:names:tc:SAML:2.0:cm:bearer.
- // Optional in other case.
- LOG.debug("Generate SubjectConfirmationData.");
- final SubjectConfirmationData dataBearer = SAMLEngineUtils
- .generateSubjectConfirmationData(SAMLEngineUtils
- .getCurrentTime(), assertConsumerURL, inResponseTo);
-
- // Mandatory if urn:oasis:names:tc:SAML:2.0:cm:bearer.
- // Optional in other case.
- LOG.debug("Generate SubjectConfirmation");
- final SubjectConfirmation subjectConf = SAMLEngineUtils
- .generateSubjectConfirmation(SubjectConfirmation.METHOD_BEARER,
- dataBearer);
-
- final ArrayList<SubjectConfirmation> listSubjectConf = new ArrayList<SubjectConfirmation>();
- listSubjectConf.add(subjectConf);
-
- for (final Iterator<SubjectConfirmation> iter = listSubjectConf
- .iterator(); iter.hasNext();) {
- final SubjectConfirmation element = iter.next();
-
- if (SubjectConfirmation.METHOD_BEARER.equals(element.getMethod())) {
- // ipAddress Mandatory if method is Bearer.
-
- if (StringUtils.isBlank(ipAddress)) {
- throw new STORKSAMLEngineException(
- "ipAddress is null or empty");
- }
- element.getSubjectConfirmationData().setAddress(
- ipAddress.trim());
- }
-
- element.getSubjectConfirmationData()
- .setRecipient(assertConsumerURL);
- element.getSubjectConfirmationData().setNotOnOrAfter(notOnOrAfter);
- }
-
- // The SAML 2.0 specification allows multiple SubjectConfirmations
- subject.getSubjectConfirmations().addAll(listSubjectConf);
-
- // Mandatory Stork
- assertion.setSubject(subject);
-
- // Conditions that MUST be evaluated when assessing the validity of
- // and/or when using the assertion.
- final Conditions conditions = this.generateConditions(SAMLEngineUtils
- .getCurrentTime(), notOnOrAfter, issuer);
-
- assertion.setConditions(conditions);
-
- LOG.debug("Generate stork Authentication Statement.");
- final AuthnStatement storkAuthnStat = this
- .generateStorkAuthStatement(ipAddress);
- assertion.getAuthnStatements().add(storkAuthnStat);
-
- return assertion;
- }
-
- private String getAttributeName(final PersonalAttribute attribute) throws STORKSAMLEngineException {
- if (StringUtils.isBlank(attribute.getName())) {
- LOG.error(ATTRIBUTE_EMPTY_LITERAL);
- throw new STORKSAMLEngineException(ATTRIBUTE_EMPTY_LITERAL);
- }
-
- final String attributeName = super.getSamlCoreProperties()
- .getProperty(attribute.getName());
-
- if (StringUtils.isBlank(attributeName)) {
- LOG.error("Attribute name: {} it is not known.", attribute
- .getName());
- throw new STORKSAMLEngineException("Attribute name: "
- + attribute.getName() + " it is not known.");
- }
- return attributeName;
- }
- /**
- * Generate attribute statement.
- *
- * @param personalAttrList the personal attribute list
- * @param isHashing the is hashing
- *
- * @return the attribute statement
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- * @throws IOException
- */
- private AttributeStatement generateAttributeStatement(
- final IPersonalAttributeList personalAttrList,
- final boolean isHashing) throws STORKSAMLEngineException {
- LOG.debug("Generate attribute statement");
-
- final AttributeStatement attrStatement = (AttributeStatement) SAMLEngineUtils
- .createSamlObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
-
- for (PersonalAttribute attribute : personalAttrList) {
-
- String attributeName = getAttributeName(attribute);
-
- // Verification that only one value it's permitted, simple or
- // complex, not both.
-
- final boolean simpleNull = (attribute.getValue() == null);
- final boolean simpleEmpty = (simpleNull || (!simpleNull && attribute
- .getValue().isEmpty()));
-
- final boolean complexNull = (attribute.getComplexValue() == null);
- final boolean complexEmpty = (complexNull || (!complexNull && attribute
- .getComplexValue().isEmpty()));
-
- if ((!simpleEmpty && !complexEmpty)) {
- throw new STORKSAMLEngineException(
- "Attribute name: "
- + attribute.getName()
- + " must be contain one value, simple or complex value.");
- } else {
-
- if (!simpleEmpty) {
- attrStatement.getAttributes().add(
- this.generateAttrSimple(attributeName, attribute
- .getStatus(), attribute.getValue(),
- isHashing));
- } else if (!complexEmpty) {
- attrStatement.getAttributes().add(
- SAMLEngineUtils.generateAttrComplex(attributeName,
- attribute.getStatus(), attribute
- .getComplexValue(), isHashing));
- } else if (!simpleNull) {
- attrStatement.getAttributes().add(
- this.generateAttrSimple(attributeName, attribute
- .getStatus(), new ArrayList<String>(),
- isHashing));
- } else {
- // Add attribute complex.
- attrStatement.getAttributes().add(
- SAMLEngineUtils.generateAttrComplex(attributeName,
- attribute.getStatus(),
- new HashMap<String, String>(), isHashing));
- }
- }
- }
- return attrStatement;
- }
- private XSAny createAttributeValueForSignedDoc(final String value, final boolean isHashing) throws STORKSAMLEngineException {
- DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
- domFactory.setNamespaceAware(true);
- Document document = null;
- DocumentBuilder builder;
-
- // Parse the signedDoc value into an XML DOM Document
- try {
- builder = domFactory.newDocumentBuilder();
- InputStream is;
- is = new ByteArrayInputStream(value.trim().getBytes("UTF-8"));
- document = builder.parse(is);
- is.close();
- } catch (SAXException e1) {
- LOG.error("SAX Error while parsing signModule attribute", e1);
- throw new STORKSAMLEngineRuntimeException(e1);
- } catch (ParserConfigurationException e2) {
- LOG.error("Parser Configuration Error while parsing signModule attribute", e2);
- throw new STORKSAMLEngineRuntimeException(e2);
- } catch (UnsupportedEncodingException e3) {
- LOG.error("Unsupported encoding Error while parsing signModule attribute", e3);
- throw new STORKSAMLEngineRuntimeException(e3);
- } catch (IOException e4) {
- LOG.error("IO Error while parsing signModule attribute", e4);
- throw new STORKSAMLEngineRuntimeException(e4);
- }
-
- // Create the attribute statement
- final XSAny xmlValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- AttributeValue.DEFAULT_ELEMENT_NAME,
- XSAny.TYPE_NAME);
-
- //Set the signedDoc XML content to this element
- xmlValue.setDOM(document.getDocumentElement());
-
- // Create the attribute statement
- final XSAny attrValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- AttributeValue.DEFAULT_ELEMENT_NAME,
- XSAny.TYPE_NAME);
-
- //Add previous signedDocXML to the AttributeValue Element
-
- // if it's necessary encode the information.
- if (!isHashing) {
- attrValue.getUnknownXMLObjects().add(xmlValue);
- }
- return attrValue;
- }
-
- private XSAny createAttributeValueForNonSignedDoc(final String value, final boolean isHashing) throws STORKSAMLEngineException {
- // Create the attribute statement
- final XSAny attrValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- AttributeValue.DEFAULT_ELEMENT_NAME,
- XSAny.TYPE_NAME);
- // if it's necessary encode the information.
- if (isHashing) {
- attrValue.setTextContent(SAMLEngineUtils.encode(value, SAMLEngineUtils.SHA_512));
- } else {
- attrValue.setTextContent(value);
- }
- return attrValue;
- }
-
- /**
- * Generate attribute from a list of values.
- *
- * @param name the name of the attribute.
- * @param values the value of the attribute.
- * @param isHashing the is hashing with "SHA-512" algorithm.
- * @param status the status of the parameter: "Available", "NotAvailable" or
- * "Withheld".
- *
- * @return the attribute
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Attribute generateAttrSimple(final String name,
- final String status, final List<String> values,
- final boolean isHashing) throws STORKSAMLEngineException {
- LOG.debug("Generate attribute simple: " + name);
- final Attribute attribute = (Attribute) SAMLEngineUtils
- .createSamlObject(Attribute.DEFAULT_ELEMENT_NAME);
-
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
-
- attribute.getUnknownAttributes().put(
- new QName(SAMLCore.STORK10_NS.getValue(), "AttributeStatus",
- SAMLCore.STORK10_PREFIX.getValue()), status);
-
- if (values != null) {
- LOG.debug("Add attribute values.");
- for (int i = 0; i < values.size(); i++) {
- final String value = values.get(i);
- if (StringUtils.isNotBlank(value)) {
- XSAny attrValue = null;
- if (!name.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
- // Create the attribute statement
- attrValue = createAttributeValueForNonSignedDoc(value, isHashing);
-
- } else {
- attrValue = createAttributeValueForSignedDoc(value, isHashing);
- attribute.getAttributeValues().add(attrValue);
- }
- attribute.getAttributeValues().add(attrValue);
- }
- }
- }
- return attribute;
- }
-
- /**
- * Generate conditions that MUST be evaluated when assessing the validity of
- * and/or when using the assertion.
- *
- * @param notBefore the not before
- * @param notOnOrAfter the not on or after
- * @param audienceURI the audience URI.
- *
- * @return the conditions
- */
- private Conditions generateConditions(final DateTime notBefore,
- final DateTime notOnOrAfter, final String audienceURI) {
- LOG.debug("Generate conditions.");
- final Conditions conditions = (Conditions) SAMLEngineUtils
- .createSamlObject(Conditions.DEFAULT_ELEMENT_NAME);
- conditions.setNotBefore(notBefore);
- conditions.setNotOnOrAfter(notOnOrAfter);
-
- final AudienceRestriction restrictions = (AudienceRestriction) SAMLEngineUtils
- .createSamlObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
-
- final Audience audience = (Audience) SAMLEngineUtils
- .createSamlObject(Audience.DEFAULT_ELEMENT_NAME);
- audience.setAudienceURI(audienceURI);
-
- restrictions.getAudiences().add(audience);
- conditions.getAudienceRestrictions().add(restrictions);
-
- if (super.getSamlCoreProperties().isOneTimeUse()) {
- final OneTimeUse oneTimeUse = (OneTimeUse) SAMLEngineUtils
- .createSamlObject(OneTimeUse.DEFAULT_ELEMENT_NAME);
- conditions.getConditions().add(oneTimeUse);
- }
- return conditions;
- }
-
- /**
- * Generate personal attribute list.
- *
- * @param assertion the assertion
- *
- * @return the personal attribute list
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private IPersonalAttributeList generatePersonalAttributeList(
- final Assertion assertion) throws STORKSAMLEngineException {
- LOG.debug("Generate personal attribute list from XMLObject.");
- final List<XMLObject> listExtensions = assertion.getOrderedChildren();
-
- boolean find = false;
- AttributeStatement requestedAttr = null;
-
- // Search the attribute statement.
- for (int i = 0; i < listExtensions.size() && !find; i++) {
- final XMLObject xml = listExtensions.get(i);
- if (xml instanceof AttributeStatement) {
- requestedAttr = (AttributeStatement) xml;
- find = true;
- }
- }
-
- if (!find) {
- LOG.error("Error: AttributeStatement it's not present.");
- throw new STORKSAMLEngineException(
- "AttributeStatement it's not present.");
- }
-
- final List<Attribute> reqAttrs = requestedAttr.getAttributes();
-
- final IPersonalAttributeList personalAttrList = new PersonalAttributeList();
- String attributeName;
-
- // Process the attributes.
- for (int nextAttribute = 0; nextAttribute < reqAttrs.size(); nextAttribute++) {
- final Attribute attribute = reqAttrs.get(nextAttribute);
-
- final PersonalAttribute personalAttribute = new PersonalAttribute();
-
- attributeName = attribute.getName();
- personalAttribute.setName(attributeName.substring(attributeName
- .lastIndexOf('/') + 1));
-
- personalAttribute.setStatus(attribute.getUnknownAttributes().get(
- new QName(SAMLCore.STORK10_NS.getValue(),
- "AttributeStatus", SAMLCore.STORK10_PREFIX
- .getValue())));
-
- final ArrayList<String> simpleValues = new ArrayList<String>();
- final HashMap<String, String> multiValues = new HashMap<String, String>();
-
- final List<XMLObject> values = attribute.getOrderedChildren();
-
-
- // Process the values.
- for (int nextValue = 0; nextValue < values.size(); nextValue++) {
-
- final XMLObject xmlObject = values.get(nextValue);
-
- if (xmlObject instanceof XSStringImpl) {
-
- // Process simple value.
- simpleValues.add(((XSStringImpl) xmlObject).getValue());
-
- } else if (xmlObject instanceof XSAnyImpl) {
-
- if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
-
- final XSAnyImpl xmlString = (XSAnyImpl) values
- .get(nextValue);
-
- TransformerFactory transFactory = TransformerFactory
- .newInstance();
- Transformer transformer = null;
- try {
- transformer = transFactory.newTransformer();
- transformer.setOutputProperty(
- OutputKeys.OMIT_XML_DECLARATION, "yes");
- } catch (TransformerConfigurationException e) {
- LOG.error("Error transformer configuration exception", e);
- }
- StringWriter buffer = new StringWriter();
- try {
- if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){
- transformer.transform(new DOMSource(xmlString
- .getUnknownXMLObjects().get(0).getDOM()),
- new StreamResult(buffer));
- }
- } catch (TransformerException e) {
- LOG.error("Error transformer exception", e);
- }
- String str = buffer.toString();
-
- simpleValues.add(str);
-
- } else if (attributeName
- .equals("http://www.stork.gov.eu/1.0/canonicalResidenceAddress"))
- {
- LOG.info("canonicalResidenceAddress found");
- // Process complex value.
- final XSAnyImpl complexValue = (XSAnyImpl) xmlObject;
-
- for (int nextComplexValue = 0; nextComplexValue < complexValue
- .getUnknownXMLObjects().size(); nextComplexValue++) {
-
- final XSAnyImpl simple = (XSAnyImpl) complexValue
- .getUnknownXMLObjects().get(
- nextComplexValue);
-
- multiValues.put(simple.getElementQName()
- .getLocalPart(), simple.getTextContent());
- }
-
- }
- else if (attributeName
- .equals("http://www.stork.gov.eu/1.0/newAttribute2"))
- {
- LOG.info("newAttribute2 found");
- // Process complex value.
- final XSAnyImpl complexValue = (XSAnyImpl) xmlObject;
-
- for (int nextComplexValue = 0; nextComplexValue < complexValue
- .getUnknownXMLObjects().size(); nextComplexValue++) {
-
- final XSAnyImpl simple = (XSAnyImpl) complexValue
- .getUnknownXMLObjects().get(
- nextComplexValue);
-
- multiValues.put(simple.getElementQName()
- .getLocalPart(), simple.getTextContent());
- }
- }
- else if (attributeName
- .equals("http://www.stork.gov.eu/1.0/hasDegree"))
- {
- LOG.info("hasDegree found");
- // Process complex value.
- final XSAnyImpl complexValue = (XSAnyImpl) xmlObject;
-
- for (int nextComplexValue = 0; nextComplexValue < complexValue
- .getUnknownXMLObjects().size(); nextComplexValue++) {
-
- final XSAnyImpl simple = (XSAnyImpl) complexValue
- .getUnknownXMLObjects().get(
- nextComplexValue);
-
- multiValues.put(simple.getElementQName()
- .getLocalPart(), simple.getTextContent());
- }
- }
- else if(attributeName
- .equals("http://www.stork.gov.eu/1.0/mandateContent"))
- {
- LOG.info("mandateContent found");
- // Process complex value.
- final XSAnyImpl complexValue = (XSAnyImpl) xmlObject;
-
- for (int nextComplexValue = 0; nextComplexValue < complexValue
- .getUnknownXMLObjects().size(); nextComplexValue++) {
-
- final XSAnyImpl simple = (XSAnyImpl) complexValue
- .getUnknownXMLObjects().get(
- nextComplexValue);
-
- multiValues.put(simple.getElementQName()
- .getLocalPart(), simple.getTextContent());
- }
- }
- else {
- // Process simple value.
- simpleValues.add(((XSAnyImpl) xmlObject)
- .getTextContent());
- }
-
- } else {
- LOG.error("Error: attribute value it's unknown.");
- throw new STORKSAMLEngineException(
- "Attribute value it's unknown.");
- }
- }
-
- personalAttribute.setValue(simpleValues);
- personalAttribute.setComplexValue(multiValues);
- personalAttrList.add(personalAttribute);
- }
-
- return personalAttrList;
- }
-
- /**
- * Generate stork authentication request.
- *
- * @param request the request that contain all parameters for generate an
- * authentication request.
- *
- * @return the STORK authentication request that has been processed.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnRequest generateSTORKAuthnRequest(
- final STORKAuthnRequest request) throws STORKSAMLEngineException {
- LOG.info("Generate SAMLAuthnRequest.");
-
- // Validate Parameters mandatories
- validateParamAuthnReq(request);
-
- final AuthnRequest authnRequestAux = SAMLEngineUtils
- .generateSAMLAuthnRequest(SAMLEngineUtils.generateNCName(),
- SAMLVersion.VERSION_20, SAMLEngineUtils
- .getCurrentTime());
-
- // Set name spaces.
- setNameSpaces(authnRequestAux);
-
- // Add parameter Mandatory STORK
- authnRequestAux.setForceAuthn(Boolean.TRUE);
-
- // Add parameter Mandatory STORK
- authnRequestAux.setIsPassive(Boolean.FALSE);
-
- authnRequestAux.setAssertionConsumerServiceURL(request
- .getAssertionConsumerServiceURL());
-
- authnRequestAux.setProviderName(request.getProviderName());
-
- // Add protocol binding
- authnRequestAux.setProtocolBinding(super.getSamlCoreProperties()
- .getProtocolBinding());
-
- // Add parameter optional STORK
- // Destination is mandatory if the destination is a C-PEPS
- // The application must to know if the destination is a C-PEPS.
- if (StringUtils.isNotBlank(request.getDestination())) {
- authnRequestAux.setDestination(request.getDestination());
- }
-
- // Consent is optional. Set from SAMLEngine.xml - consent.
- authnRequestAux.setConsent(super.getSamlCoreProperties()
- .getConsentAuthnRequest());
-
- final Issuer issuer = SAMLEngineUtils.generateIssuer();
-
- if(request.getIssuer()!=null){
- issuer.setValue(request.getIssuer());
- } else {
- issuer.setValue(super.getSamlCoreProperties().getRequester());
- }
-
- // Optional STORK
- final String formatEntity = super.getSamlCoreProperties()
- .getFormatEntity();
- if (StringUtils.isNotBlank(formatEntity)) {
- issuer.setFormat(formatEntity);
- }
-
- authnRequestAux.setIssuer(issuer);
-
- // Generate stork extensions.
- final Extensions storkExtensions = this
- .generateSTORKExtensions(request);
- // add the extensions to the SAMLAuthnRequest
- authnRequestAux.setExtensions(storkExtensions);
-
- // the result contains an authentication request token (byte[]),
- // identifier of the token, and all parameters from the request.
- final STORKAuthnRequest authRequest = processExtensions(authnRequestAux
- .getExtensions());
-
- try {
- authRequest.setTokenSaml(super.signAndMarshall(authnRequestAux));
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- authRequest.setSamlId(authnRequestAux.getID());
- authRequest.setDestination(authnRequestAux.getDestination());
- authRequest.setAssertionConsumerServiceURL(authnRequestAux
- .getAssertionConsumerServiceURL());
-
- authRequest.setProviderName(authnRequestAux.getProviderName());
- authRequest.setIssuer(authnRequestAux.getIssuer().getValue());
-
- return authRequest;
- }
-
- /**
- * Generate stork authentication response.
- *
- * @param request the request
- * @param responseAuthReq the response authentication request
- * @param ipAddress the IP address
- * @param isHashing the is hashing
- *
- * @return the sTORK authentication response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnResponse generateSTORKAuthnResponse(
- final STORKAuthnRequest request,
- final STORKAuthnResponse responseAuthReq, final String ipAddress,
- final boolean isHashing) throws STORKSAMLEngineException {
- LOG.info("generateSTORKAuthnResponse");
-
- // Validate parameters
- validateParamResponse(request, responseAuthReq);
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode");
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(StatusCode.SUCCESS_URI);
-
- LOG.debug("Generate Status");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- LOG.debug("Generate StatusMessage");
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(StatusCode.SUCCESS_URI);
-
- status.setStatusMessage(statusMessage);
-
- LOG.debug("Generate Response");
-
- // RESPONSE
- final Response response = genAuthnRespBase(status, request
- .getAssertionConsumerServiceURL(), request.getSamlId());
-
- DateTime notOnOrAfter = new DateTime();
-
- notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
- .getTimeNotOnOrAfter());
-
- final Assertion assertion = this.generateAssertion(ipAddress, request
- .getAssertionConsumerServiceURL(), request.getSamlId(), request
- .getIssuer(), notOnOrAfter);
-
- final AttributeStatement attrStatement = this
- .generateAttributeStatement(responseAuthReq
- .getPersonalAttributeList(), isHashing);
-
- assertion.getAttributeStatements().add(attrStatement);
-
- // Add assertions
- response.getAssertions().add(assertion);
-
- final STORKAuthnResponse authresponse = new STORKAuthnResponse();
-
- try {
- authresponse.setTokenSaml(super.signAndMarshall(response));
- authresponse.setSamlId(response.getID());
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
- return authresponse;
- }
-
- /**
- * Generate stork authentication response fail.
- *
- * @param request the request
- * @param response the response
- * @param ipAddress the IP address
- * @param isHashing the is hashing
- *
- * @return the sTORK authentication response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnResponse generateSTORKAuthnResponseFail(
- final STORKAuthnRequest request, final STORKAuthnResponse response,
- final String ipAddress, final boolean isHashing)
- throws STORKSAMLEngineException {
- LOG.info("generateSTORKAuthnResponseFail");
-
- validateParamResponseFail(request, response);
-
- // Mandatory
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(response.getStatusCode());
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode.");
- // Subordinate code it's optional in case not covered into next codes:
- // - urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
- // - urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue
- // - urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy
- // - urn:oasis:names:tc:SAML:2.0:status:RequestDenied
- // - http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported
-
- if (StringUtils.isNotBlank(response.getSubStatusCode())) {
- final StatusCode newStatusCode = SAMLEngineUtils
- .generateStatusCode(response.getSubStatusCode());
- statusCode.setStatusCode(newStatusCode);
- }
-
- LOG.debug("Generate Status.");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- if (StringUtils.isNotBlank(response.getMessage())) {
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(response.getMessage());
-
- status.setStatusMessage(statusMessage);
- }
-
- LOG.debug("Generate Response.");
- // RESPONSE
- final Response responseFail = genAuthnRespBase(status, request
- .getAssertionConsumerServiceURL(), request.getSamlId());
-
- DateTime notOnOrAfter = new DateTime();
-
- notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
- .getTimeNotOnOrAfter());
-
- final Assertion assertion = this.generateAssertion(ipAddress, request
- .getAssertionConsumerServiceURL(), request.getSamlId(), request
- .getIssuer(), notOnOrAfter);
-
- responseFail.getAssertions().add(assertion);
-
- LOG.debug("Sign and Marshall ResponseFail.");
-
- final STORKAuthnResponse storkResponse = new STORKAuthnResponse();
-
- try {
- storkResponse.setTokenSaml(super.signAndMarshall(responseFail));
- storkResponse.setSamlId(responseFail.getID());
- } catch (SAMLEngineException e) {
- LOG.error("SAMLEngineException.", e);
- throw new STORKSAMLEngineException(e);
- }
- return storkResponse;
- }
-
- /**
- * Generate stork attribute query request.
- *
- * @param request the request that contain all parameters for generate an
- * attribute query request.
- *
- * @return the STORK attribute query request that has been processed.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAttrQueryRequest generateSTORKAttrQueryRequest(
- final STORKAttrQueryRequest request) throws STORKSAMLEngineException {
- LOG.info("Generate STORKAttrQueryRequest.");
-
- // Validate Parameters mandatories
- validateParamAttrQueryReq(request);
-
- final AttributeQuery attrQueryRequestAux = SAMLEngineUtils
- .generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(),
- SAMLVersion.VERSION_20, SAMLEngineUtils
- .getCurrentTime());
-
- // Set name spaces.
- setNameSpaces(attrQueryRequestAux);
-
-
- // Add parameter optional STORK
- // Destination is mandatory if the destination is a C-PEPS
- // The application must to know if the destination is a C-PEPS.
- if (StringUtils.isNotBlank(request.getDestination())) {
- attrQueryRequestAux.setDestination(request.getDestination());
- }
-
- // Consent is optional. Set from SAMLEngine.xml - consent.
- attrQueryRequestAux.setConsent(super.getSamlCoreProperties()
- .getConsentAuthnRequest());
-
- final Issuer issuer = SAMLEngineUtils.generateIssuer();
-
- //Set the subject - needed for attribute query validation
- Subject subject = SAMLEngineUtils.generateSubject();
- SubjectConfirmationBuilder builder = new SubjectConfirmationBuilder();
- SubjectConfirmation subjectConfirmation = builder.buildObject();
- subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
- subject.getSubjectConfirmations().add(subjectConfirmation);
- attrQueryRequestAux.setSubject(subject);
-
- if(request.getIssuer()!=null){
- issuer.setValue(request.getIssuer());
- } else {
- issuer.setValue(super.getSamlCoreProperties().getRequester());
- }
-
- // Optional STORK
- final String formatEntity = super.getSamlCoreProperties()
- .getFormatEntity();
- if (StringUtils.isNotBlank(formatEntity)) {
- issuer.setFormat(formatEntity);
- }
-
- attrQueryRequestAux.setIssuer(issuer);
-
- // Generate stork extensions.
- final Extensions storkExtensions = this
- .generateSTORKAttrExtensions(request);
- // add the extensions to the SAMLAuthnRequest
- attrQueryRequestAux.setExtensions(storkExtensions);
-
- // the result contains an authentication request token (byte[]),
- // identifier of the token, and all parameters from the request.
- final STORKAttrQueryRequest attrQueryRequest = processAttrExtensions(attrQueryRequestAux
- .getExtensions());
-
- try {
- attrQueryRequest.setTokenSaml(super.signAndMarshall(attrQueryRequestAux));
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- attrQueryRequest.setSamlId(attrQueryRequestAux.getID());
- attrQueryRequest.setDestination(attrQueryRequestAux.getDestination());
-
- attrQueryRequest.setIssuer(attrQueryRequestAux.getIssuer().getValue());
-
- return attrQueryRequest;
- }
-
- /**
- * Generate stork attribute query response.
- *
- * @param request the request
- * @param responseAttrQueryReq the response authentication request
- * @param ipAddress the IP address
- * @param isHashing the is hashing
- *
- * @return the sTORK authentication response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAttrQueryResponse generateSTORKAttrQueryResponse(
- final STORKAttrQueryRequest request,
- final STORKAttrQueryResponse responseAttrQueryReq, final String ipAddress,
- final String destinationUrl, final boolean isHashing) throws STORKSAMLEngineException {
- LOG.info("generateSTORKAttrQueryResponse");
-
- // Validate parameters
- validateParamAttrQueryResponse(request, responseAttrQueryReq);
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode");
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(StatusCode.SUCCESS_URI);
-
- LOG.debug("Generate Status");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- LOG.debug("Generate StatusMessage");
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(StatusCode.SUCCESS_URI);
-
- status.setStatusMessage(statusMessage);
-
- LOG.debug("Generate Response");
-
- // RESPONSE
- final Response response = genAuthnRespBase(status, destinationUrl,
- request.getSamlId());
-
- DateTime notOnOrAfter = new DateTime();
-
- notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
- .getTimeNotOnOrAfter());
-
- final Assertion assertion = this.generateAssertion(ipAddress, ""
- ,request.getSamlId(), request.getIssuer(), notOnOrAfter);
-
- final AttributeStatement attrStatement = this
- .generateAttributeStatement(responseAttrQueryReq
- .getPersonalAttributeList(), isHashing);
-
- assertion.getAttributeStatements().add(attrStatement);
-
- // Add assertions
- response.getAssertions().add(assertion);
-
- final STORKAttrQueryResponse attrQueryResponse = new STORKAttrQueryResponse();
-
- try {
- attrQueryResponse.setTokenSaml(super.signAndMarshall(response));
- attrQueryResponse.setSamlId(response.getID());
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
- return attrQueryResponse;
- }
-
- /**
- * Generate stork attribute query response fail.
- *
- * @param request the request
- * @param response the response
- * @param ipAddress the IP address
- * @param isHashing the is hashing
- *
- * @return the STORK attribute query response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAttrQueryResponse generateSTORKAttrQueryResponseFail(
- final STORKAttrQueryRequest request, final STORKAttrQueryResponse response,
- final String ipAddress, final String destinationUrl, final boolean isHashing)
- throws STORKSAMLEngineException {
- LOG.info("generateSTORKAttrQueryResponseFail");
-
- validateParamAttrQueryResponseFail(request, response);
-
- // Mandatory
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(response.getStatusCode());
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode.");
- // Subordinate code it's optional in case not covered into next codes:
- // - urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
- // - urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue
- // - urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy
- // - urn:oasis:names:tc:SAML:2.0:status:RequestDenied
- // - http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported
-
- if (StringUtils.isNotBlank(response.getSubStatusCode())) {
- final StatusCode newStatusCode = SAMLEngineUtils
- .generateStatusCode(response.getSubStatusCode());
- statusCode.setStatusCode(newStatusCode);
- }
-
- LOG.debug("Generate Status.");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- if (StringUtils.isNotBlank(response.getMessage())) {
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(response.getMessage());
-
- status.setStatusMessage(statusMessage);
- }
-
- LOG.debug("Generate Response.");
- // RESPONSE
- final Response responseFail = genAuthnRespBase(status, destinationUrl,
- request.getSamlId());
-
- DateTime notOnOrAfter = new DateTime();
-
- notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
- .getTimeNotOnOrAfter());
-
- final Assertion assertion = this.generateAssertion(ipAddress, "",
- request.getSamlId(), request
- .getIssuer(), notOnOrAfter);
-
- responseFail.getAssertions().add(assertion);
-
- LOG.debug("Sign and Marshall ResponseFail.");
-
- final STORKAttrQueryResponse storkResponse = new STORKAttrQueryResponse();
-
- try {
- storkResponse.setTokenSaml(super.signAndMarshall(responseFail));
- storkResponse.setSamlId(responseFail.getID());
- } catch (SAMLEngineException e) {
- LOG.error("SAMLEngineException.", e);
- throw new STORKSAMLEngineException(e);
- }
- return storkResponse;
- }
-
- /**
- * Generate stork authentication statement for the authentication statement.
- *
- * @param ipAddress the IP address
- *
- * @return the authentication statement
- */
- private AuthnStatement generateStorkAuthStatement(final String ipAddress) {
- LOG.debug("Generate stork authenticate statement.");
- final SubjectLocality subjectLocality = SAMLEngineUtils
- .generateSubjectLocality(ipAddress);
-
- final AuthnContext authnContext = (AuthnContext) SAMLEngineUtils
- .createSamlObject(AuthnContext.DEFAULT_ELEMENT_NAME);
-
- final AuthnContextDecl authnContextDecl = (AuthnContextDecl) SAMLEngineUtils
- .createSamlObject(AuthnContextDecl.DEFAULT_ELEMENT_NAME);
-
- authnContext.setAuthnContextDecl(authnContextDecl);
-
- final AuthnStatement authnStatement = SAMLEngineUtils
- .generateAthnStatement(new DateTime(), authnContext);
-
- // Optional STORK
- authnStatement.setSessionIndex(null);
- authnStatement.setSubjectLocality(subjectLocality);
-
- return authnStatement;
- }
-
- /**
- * Generate stork extensions.
- *
- * @param request the request
- *
- * @return the extensions
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Extensions generateSTORKExtensions(final STORKAuthnRequest request)
- throws STORKSAMLEngineException {
- LOG.debug("Generate STORKExtensions");
-
- final Extensions extensions = SAMLEngineUtils.generateExtension();
-
- LOG.debug("Generate QAAAttribute");
- final QAAAttribute qaaAttribute = SAMLEngineUtils
- .generateQAAAttribute(request.getQaa());
- extensions.getUnknownXMLObjects().add(qaaAttribute);
-
-
- if (StringUtils.isNotEmpty(request
- .getSpSector())) {
- // Add information about service provider.
- LOG.debug("Generate SPSector");
- final SPSector sector = SAMLEngineUtils.generateSPSector(request
- .getSpSector());
- extensions.getUnknownXMLObjects().add(sector);
- }
-
- //Delete from specification. Kept for compatibility with Provider Name value
- LOG.debug("Generate SPInstitution");
- final SPInstitution institution = SAMLEngineUtils
- .generateSPInstitution(request.getProviderName());
- extensions.getUnknownXMLObjects().add(institution);
-
-
- if (StringUtils.isNotEmpty(request.getSpApplication())) {
- LOG.debug("Generate SPApplication");
- final SPApplication application = SAMLEngineUtils
- .generateSPApplication(request.getSpApplication());
- extensions.getUnknownXMLObjects().add(application);
- }
-
- if (StringUtils.isNotEmpty(request.getSpCountry())) {
- LOG.debug("Generate SPCountry");
- final SPCountry country = SAMLEngineUtils.generateSPCountry(request
- .getSpCountry());
- extensions.getUnknownXMLObjects().add(country);
- }
-
- //eIDSectorShare: optional; default value: false.
- String valueSectorShare = super.getSamlCoreProperties()
- .iseIDSectorShare();
-
- if (StringUtils.isNotEmpty(valueSectorShare)) {
- // Add information about the use of the SAML message.
- LOG.debug("Generate EIDSectorShare");
- final EIDSectorShare eIdSectorShare = (EIDSectorShare) SAMLEngineUtils
- .createSamlObject(EIDSectorShare.DEF_ELEMENT_NAME);
-
- eIdSectorShare.setEIDSectorShare(String.valueOf(Boolean.valueOf(valueSectorShare)));
-
- extensions.getUnknownXMLObjects().add(eIdSectorShare);
- }
-
- String valueCrossSectorShare = super.getSamlCoreProperties()
- .iseIDCrossSectorShare();
-
- if (StringUtils.isNotEmpty(valueCrossSectorShare)) {
- LOG.debug("Generate EIDCrossSectorShare");
- final EIDCrossSectorShare eIdCrossSecShare = (EIDCrossSectorShare) SAMLEngineUtils
- .createSamlObject(EIDCrossSectorShare.DEF_ELEMENT_NAME);
- eIdCrossSecShare.setEIDCrossSectorShare(String.valueOf(Boolean.valueOf(valueCrossSectorShare)));
- extensions.getUnknownXMLObjects().add(eIdCrossSecShare);
- }
-
-
- String valueCrossBorderShare = super.getSamlCoreProperties()
- .iseIDCrossBorderShare();
-
- if (StringUtils.isNotEmpty(valueCrossBorderShare)) {
- LOG.debug("Generate EIDCrossBorderShare");
- final EIDCrossBorderShare eIdCrossBordShare = (EIDCrossBorderShare) SAMLEngineUtils
- .createSamlObject(EIDCrossBorderShare.DEF_ELEMENT_NAME);
- eIdCrossBordShare.setEIDCrossBorderShare(String.valueOf(Boolean.valueOf(valueCrossBorderShare)));
- extensions.getUnknownXMLObjects().add(eIdCrossBordShare);
- }
-
-
- // Add information about requested attributes.
- LOG.debug("Generate RequestedAttributes.");
- final RequestedAttributes reqAttributes = (RequestedAttributes) SAMLEngineUtils
- .createSamlObject(RequestedAttributes.DEF_ELEMENT_NAME);
-
- LOG.debug("SAML Engine configuration properties load.");
- final Iterator<PersonalAttribute> iterator = request
- .getPersonalAttributeList().iterator();
-
- while (iterator.hasNext()) {
-
- final PersonalAttribute attribute = iterator.next();
-
- if (attribute == null || StringUtils.isBlank(attribute.getName())) {
- LOG.error(ATTRIBUTE_EMPTY_LITERAL);
- throw new STORKSAMLEngineException(ATTRIBUTE_EMPTY_LITERAL);
- }
-
- // Verified if exits the attribute name.
- final String attributeName = super.getSamlCoreProperties()
- .getProperty(attribute.getName());
-
- if (StringUtils.isBlank(attributeName)) {
- LOG.debug("Attribute name: {} was not found.", attribute
- .getName());
- throw new STORKSAMLEngineException("Attribute name: "
- + attribute.getName() + " was not found.");
- }
-
- // Friendly name it's an optional attribute.
- String friendlyName = null;
-
- if (super.getSamlCoreProperties().isFriendlyName()) {
- friendlyName = attribute.getName();
- }
-
-
- String isRequired = null;
- if (super.getSamlCoreProperties().isRequired()) {
- isRequired = String.valueOf(attribute.isRequired());
- }
-
-
- LOG.debug("Generate requested attribute: " + attributeName);
- final RequestedAttribute requestedAttr = SAMLEngineUtils
- .generateReqAuthnAttributeSimple(attributeName,
- friendlyName, isRequired, attribute
- .getValue());
-
- // Add requested attribute.
- reqAttributes.getAttributes().add(requestedAttr);
- }
-
- // Add requested attributes.
- extensions.getUnknownXMLObjects().add(reqAttributes);
-
- CitizenCountryCode citizenCountryCode = null;
- if (request.getCitizenCountryCode() != null && StringUtils.isNotBlank(request.getCitizenCountryCode())){
- LOG.debug("Generate CitizenCountryCode");
- citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils
- .createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME);
-
- citizenCountryCode.setCitizenCountryCode(request
- .getCitizenCountryCode().toUpperCase());
- }
-
- SPID spid = null;
- if(request.getSPID()!=null && StringUtils.isNotBlank(request.getSPID())) {
- LOG.debug("Generate SPID");
- spid = (SPID) SAMLEngineUtils
- .createSamlObject(SPID.DEF_ELEMENT_NAME);
-
- spid.setSPID(request.getSPID().toUpperCase());
- }
-
- AuthenticationAttributes authenticationAttr = (AuthenticationAttributes) SAMLEngineUtils
- .createSamlObject(AuthenticationAttributes.DEF_ELEMENT_NAME);
-
- final VIDPAuthenticationAttributes vIDPauthenticationAttr = (VIDPAuthenticationAttributes) SAMLEngineUtils
- .createSamlObject(VIDPAuthenticationAttributes.DEF_ELEMENT_NAME);
-
- final SPInformation spInformation = (SPInformation) SAMLEngineUtils
- .createSamlObject(SPInformation.DEF_ELEMENT_NAME);
-
- if(citizenCountryCode!=null){
- vIDPauthenticationAttr.setCitizenCountryCode(citizenCountryCode);
- }
-
- if(spid!=null){
- spInformation.setSPID(spid);
- }
-
- vIDPauthenticationAttr.setSPInformation(spInformation);
-
- authenticationAttr
- .setVIDPAuthenticationAttributes(vIDPauthenticationAttr);
- extensions.getUnknownXMLObjects().add(authenticationAttr);
-
-
- return extensions;
-
- }
-
- /**
- * Generate stork extensions.
- *
- * @param request the attribute query request
- *
- * @return the extensions
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Extensions generateSTORKAttrExtensions(final STORKAttrQueryRequest request)
- throws STORKSAMLEngineException {
- LOG.debug("Generate STORKExtensions");
-
- final Extensions extensions = SAMLEngineUtils.generateExtension();
-
- LOG.debug("Generate QAAAttribute");
- final QAAAttribute qaaAttribute = SAMLEngineUtils
- .generateQAAAttribute(request.getQaa());
- extensions.getUnknownXMLObjects().add(qaaAttribute);
-
-
- if (StringUtils.isNotEmpty(request
- .getSpSector())) {
- // Add information about service provider.
- LOG.debug("Generate SPSector");
- final SPSector sector = SAMLEngineUtils.generateSPSector(request
- .getSpSector());
- extensions.getUnknownXMLObjects().add(sector);
- }
-
-
- if (StringUtils.isNotEmpty(request.getSpApplication())) {
- LOG.debug("Generate SPApplication");
- final SPApplication application = SAMLEngineUtils
- .generateSPApplication(request.getSpApplication());
- extensions.getUnknownXMLObjects().add(application);
- }
-
- if (StringUtils.isNotEmpty(request.getSpCountry())) {
- LOG.debug("Generate SPCountry");
- final SPCountry country = SAMLEngineUtils.generateSPCountry(request
- .getSpCountry());
- extensions.getUnknownXMLObjects().add(country);
- }
-
- final EIDSectorShare eIdSectorShare = (EIDSectorShare) SAMLEngineUtils
- .createSamlObject(EIDSectorShare.DEF_ELEMENT_NAME);
-
- eIdSectorShare.setEIDSectorShare(String.valueOf(request.isEIDSectorShare()));
-
- extensions.getUnknownXMLObjects().add(eIdSectorShare);
-
- final EIDCrossSectorShare eIdCrossSecShare = (EIDCrossSectorShare) SAMLEngineUtils
- .createSamlObject(EIDCrossSectorShare.DEF_ELEMENT_NAME);
- eIdCrossSecShare.setEIDCrossSectorShare(String.valueOf(request.isEIDCrossSectorShare()));
- extensions.getUnknownXMLObjects().add(eIdCrossSecShare);
-
- final EIDCrossBorderShare eIdCrossBordShare = (EIDCrossBorderShare) SAMLEngineUtils
- .createSamlObject(EIDCrossBorderShare.DEF_ELEMENT_NAME);
- eIdCrossBordShare.setEIDCrossBorderShare(String.valueOf(request.isEIDCrossBorderShare()));
- extensions.getUnknownXMLObjects().add(eIdCrossBordShare);
-
-
- // Add information about requested attributes.
- LOG.debug("Generate RequestedAttributes.");
- final RequestedAttributes reqAttributes = (RequestedAttributes) SAMLEngineUtils
- .createSamlObject(RequestedAttributes.DEF_ELEMENT_NAME);
-
- LOG.debug("SAML Engine configuration properties load.");
- final Iterator<PersonalAttribute> iterator = request
- .getPersonalAttributeList().iterator();
-
- while (iterator.hasNext()) {
-
- final PersonalAttribute attribute = iterator.next();
-
- if (attribute == null || StringUtils.isBlank(attribute.getName())) {
- LOG.error(ATTRIBUTE_EMPTY_LITERAL);
- throw new STORKSAMLEngineException(ATTRIBUTE_EMPTY_LITERAL);
- }
-
- // Verified if exits the attribute name.
- final String attributeName = super.getSamlCoreProperties()
- .getProperty(attribute.getName());
-
- if (StringUtils.isBlank(attributeName)) {
- LOG.debug("Attribute name: {} was not found.", attribute
- .getName());
- throw new STORKSAMLEngineException("Attribute name: "
- + attribute.getName() + " was not found.");
- }
-
- // Friendly name it's an optional attribute.
- String friendlyName = null;
-
- if (super.getSamlCoreProperties().isFriendlyName()) {
- friendlyName = attribute.getName();
- }
-
-
- String isRequired = null;
- if (super.getSamlCoreProperties().isRequired()) {
- isRequired = String.valueOf(attribute.isRequired());
- }
-
-
- LOG.debug("Generate requested attribute: " + attributeName);
- final RequestedAttribute requestedAttr = SAMLEngineUtils
- .generateReqAuthnAttributeSimple(attributeName,
- friendlyName, isRequired, attribute
- .getValue());
-
- // Add requested attribute.
- reqAttributes.getAttributes().add(requestedAttr);
- }
-
- // Add requested attributes.
- extensions.getUnknownXMLObjects().add(reqAttributes);
-
- CitizenCountryCode citizenCountryCode = null;
- if (request.getCitizenCountryCode() != null && StringUtils.isNotBlank(request.getCitizenCountryCode())){
- LOG.debug("Generate CitizenCountryCode");
- citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils
- .createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME);
-
- citizenCountryCode.setCitizenCountryCode(request
- .getCitizenCountryCode().toUpperCase());
- }
-
- SPID spid = null;
- if(request.getSPID()!=null && StringUtils.isNotBlank(request.getSPID())) {
- LOG.debug("Generate SPID");
- spid = (SPID) SAMLEngineUtils
- .createSamlObject(SPID.DEF_ELEMENT_NAME);
-
- spid.setSPID(request.getSPID().toUpperCase());
- }
-
-
- return extensions;
-
- }
-
- /**
- * Gets the alias from X.509 Certificate at keystore.
- *
- * @param keyInfo the key info
- * @param storkOwnKeyStore
- * @param storkOwnKeyStore
- *
- * @return the alias
- */
- private String getAlias(final KeyInfo keyInfo, KeyStore storkOwnKeyStore) {
-
- LOG.debug("Recover alias information");
-
- String alias = null;
- try {
- final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
- .getX509Datas().get(0).getX509Certificates().get(0);
-
- // Transform the KeyInfo to X509Certificate.
- CertificateFactory certFact;
- certFact = CertificateFactory.getInstance("X.509");
-
- final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
- .decode(xmlCert.getValue()));
-
- final X509Certificate cert = (X509Certificate) certFact
- .generateCertificate(bis);
-
- final String tokenSerialNumber = cert.getSerialNumber().toString(16);
- final X509Principal tokenIssuerDN = new X509Principal(cert.getIssuerDN().getName());
-
-
- String aliasCert;
- X509Certificate certificate;
- boolean find = false;
-
- for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
- .hasMoreElements()
- && !find; ) {
- aliasCert = e.nextElement();
- certificate = (X509Certificate) storkOwnKeyStore
- .getCertificate(aliasCert);
-
- final String serialNum = certificate.getSerialNumber()
- .toString(16);
-
- X509Principal issuerDN = new X509Principal(certificate
- .getIssuerDN().getName());
-
- if(serialNum.equalsIgnoreCase(tokenSerialNumber)
- && X509PrincipalUtil.equals2(issuerDN, tokenIssuerDN)){
- alias = aliasCert;
- find = true;
- }
-
- }
-
- } catch (KeyStoreException e) {
- LOG.error("Procces getAlias from certificate associated into the signing keystore..", e);
- } catch (CertificateException e) {
- LOG.error("Procces getAlias from certificate associated into the signing keystore..", e);
- } catch (RuntimeException e) {
- LOG.error("Procces getAlias from certificate associated into the signing keystore..", e);
- }
- return alias;
- }
-
- /**
- * Gets the country from X.509 Certificate.
- *
- * @param keyInfo the key info
- *
- * @return the country
- */
- private String getCountry(final KeyInfo keyInfo) {
- LOG.debug("Recover country information.");
-
- String result = "";
- try {
- final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
- .getX509Datas().get(0).getX509Certificates().get(0);
-
- // Transform the KeyInfo to X509Certificate.
- CertificateFactory certFact;
- certFact = CertificateFactory.getInstance("X.509");
-
- final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
- .decode(xmlCert.getValue()));
-
- final X509Certificate cert = (X509Certificate) certFact
- .generateCertificate(bis);
-
- String distName = cert.getSubjectDN().toString();
-
- distName = StringUtils.deleteWhitespace(StringUtils
- .upperCase(distName));
-
- final String countryCode = "C=";
- final int init = distName.indexOf(countryCode);
-
- if (init > StringUtils.INDEX_NOT_FOUND) { // Exist country code.
- int end = distName.indexOf(',', init);
-
- if (end <= StringUtils.INDEX_NOT_FOUND) {
- end = distName.length();
- }
-
- if (init < end && end > StringUtils.INDEX_NOT_FOUND) {
- result = distName.substring(init + countryCode.length(),
- end);
- //It must be a two characters value
- if(result.length()>2){
- result = result.substring(0, 2);
- }
- }
- }
-
- } catch (CertificateException e) {
- LOG.error("Procces getCountry from certificate.");
- }
- return result.trim();
- }
-
- /**
- * Process all elements XMLObjects from the extensions.
- *
- * @param extensions the extensions from the authentication request.
- *
- * @return the STORK authentication request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private STORKAuthnRequest processExtensions(final Extensions extensions)
- throws STORKSAMLEngineException {
- LOG.debug("Procces the extensions.");
-
- final STORKAuthnRequest request = new STORKAuthnRequest();
-
- final QAAAttribute qaa = (QAAAttribute) extensions
- .getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME).get(0);
- request.setQaa(Integer.parseInt(qaa.getQaaLevel()));
-
- List optionalElements = extensions.getUnknownXMLObjects(
- SPSector.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPSector sector = (SPSector) extensions.getUnknownXMLObjects(
- SPSector.DEF_ELEMENT_NAME).get(0);
- request.setSpSector(sector.getSPSector());
- }
-
- optionalElements = extensions.getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPApplication application = (SPApplication) extensions
- .getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME).get(0);
- request.setSpApplication(application.getSPApplication());
- }
-
- optionalElements = extensions.getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPCountry application = (SPCountry) extensions
- .getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME).get(0);
- request.setSpCountry(application.getSPCountry());
- }
-
-
- List listCrossBorderShare = extensions
- .getUnknownXMLObjects(EIDCrossBorderShare.DEF_ELEMENT_NAME);
-
- if (!listCrossBorderShare .isEmpty()) {
- final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) listCrossBorderShare.get(0);
- request.setEIDCrossBorderShare(Boolean.parseBoolean(crossBorderShare
- .getEIDCrossBorderShare()));
- }
-
-
- List listCrosSectorShare = extensions
- .getUnknownXMLObjects(EIDCrossSectorShare.DEF_ELEMENT_NAME);
-
- if (!listCrosSectorShare.isEmpty()) {
- final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) listCrosSectorShare.get(0);
- request.setEIDCrossSectorShare(Boolean.parseBoolean(crossSectorShare
- .getEIDCrossSectorShare()));
- }
-
- List listSectorShareExtension = extensions
- .getUnknownXMLObjects(EIDSectorShare.DEF_ELEMENT_NAME);
- if (!listSectorShareExtension.isEmpty()) {
- final EIDSectorShare sectorShare = (EIDSectorShare) listSectorShareExtension.get(0);
- request.setEIDSectorShare(Boolean.parseBoolean(sectorShare.getEIDSectorShare()));
- }
-
-
-
- List<XMLObject> authAttrs = extensions
- .getUnknownXMLObjects(AuthenticationAttributes.DEF_ELEMENT_NAME);
-
- if (authAttrs != null && !authAttrs.isEmpty()) {
-
- final AuthenticationAttributes authnAttr = (AuthenticationAttributes) authAttrs
- .get(0);
-
- VIDPAuthenticationAttributes vidpAuthnAttr = null;
- if (authnAttr != null && !authAttrs.isEmpty()){
- vidpAuthnAttr = authnAttr.getVIDPAuthenticationAttributes();
- }
-
- CitizenCountryCode citizenCountryCodeElement = null;
- SPInformation spInformation = null;
- if (vidpAuthnAttr != null){
- citizenCountryCodeElement = vidpAuthnAttr.getCitizenCountryCode();
- spInformation = vidpAuthnAttr.getSPInformation();
- }
-
- String citizenCountryCode = null;
- if(citizenCountryCodeElement!=null){
- citizenCountryCode = citizenCountryCodeElement.getCitizenCountryCode();
- }
-
- if(citizenCountryCode!= null && StringUtils.isNotBlank(citizenCountryCode)){
- request.setCitizenCountryCode(citizenCountryCode);
- }
-
- SPID spidElement = null;
- if (spInformation != null){
- spidElement = spInformation.getSPID();
- }
-
- String spid = null;
- if(spidElement!=null){
- spid = spidElement.getSPID();
- }
-
- if (spid != null && StringUtils.isNotBlank(spid)) {
- request.setSPID(spid);
- }
- }
-
- if (extensions
- .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) == null) {
- LOG.error("Extensions not contains any requested attribute.");
- throw new STORKSAMLEngineException(
- "Extensions not contains any requested attribute.");
- }
-
- final RequestedAttributes requestedAttr = (RequestedAttributes) extensions
- .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME)
- .get(0);
-
- final List<RequestedAttribute> reqAttrs = requestedAttr.getAttributes();
-
- final IPersonalAttributeList personalAttrList = new PersonalAttributeList();
-
- String attributeName;
- for (int nextAttribute = 0; nextAttribute < reqAttrs.size(); nextAttribute++) {
- final RequestedAttribute attribute = reqAttrs.get(nextAttribute);
- final PersonalAttribute personalAttribute = new PersonalAttribute();
- personalAttribute.setIsRequired(Boolean.valueOf(attribute.isRequired()));
- personalAttribute.setFriendlyName(attribute.getFriendlyName());
- attributeName = attribute.getName();
-
- // recover the last name from the string.
- personalAttribute.setName(attributeName.substring(attributeName
- .lastIndexOf('/') + 1));
-
- final ArrayList<String> valores = new ArrayList<String>();
- final List<XMLObject> values = attribute.getOrderedChildren();
-
- for (int nextSimpleValue = 0; nextSimpleValue < values.size(); nextSimpleValue++) {
-
- // Process attributes simples. An AuthenticationRequest only
- // must contains simple values.
-
- final XMLObject xmlObject = values.get(nextSimpleValue);
-
- if(xmlObject instanceof XSStringImpl){
-
- final XSStringImpl xmlString = (XSStringImpl) values
- .get(nextSimpleValue);
- valores.add(xmlString.getValue());
-
- }else{
-
- if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
-
- final XSAnyImpl xmlString = (XSAnyImpl) values
- .get(nextSimpleValue);
-
- TransformerFactory transFactory = TransformerFactory.newInstance();
- Transformer transformer = null;
- try {
- transformer = transFactory.newTransformer();
- transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- } catch (TransformerConfigurationException e) {
- LOG.error("Error transformer configuration exception", e);
- }
- StringWriter buffer = new StringWriter();
- try {
- if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){
- transformer.transform(new DOMSource(xmlString.getUnknownXMLObjects().get(0).getDOM()),
- new StreamResult(buffer));
- }
- } catch (TransformerException e) {
- LOG.error("Error transformer exception", e);
- }
- String str = buffer.toString();
-
- valores.add(str);
-
- }else{
-
- final XSAnyImpl xmlString = (XSAnyImpl) values
- .get(nextSimpleValue);
- valores.add(xmlString.getTextContent());
- }
-
-
-
- }
- }
- personalAttribute.setValue(valores);
- personalAttrList.add(personalAttribute);
- }
-
- request.setPersonalAttributeList(personalAttrList);
-
- return request;
- }
-
-
- /**
- * Process all elements XMLObjects from the extensions.
- *
- * @param extensions the extensions from the authentication request.
- *
- * @return the STORK authentication request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private STORKAttrQueryRequest processAttrExtensions(final Extensions extensions)
- throws STORKSAMLEngineException {
- LOG.debug("Procces the atribute query extensions.");
-
- final STORKAttrQueryRequest request = new STORKAttrQueryRequest();
-
- final QAAAttribute qaa = (QAAAttribute) extensions
- .getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME).get(0);
- request.setQaa(Integer.parseInt(qaa.getQaaLevel()));
-
- List optionalElements = extensions.getUnknownXMLObjects(
- SPSector.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPSector sector = (SPSector) extensions.getUnknownXMLObjects(
- SPSector.DEF_ELEMENT_NAME).get(0);
- request.setSpSector(sector.getSPSector());
- }
-
- optionalElements = extensions.getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPApplication application = (SPApplication) extensions
- .getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME).get(0);
- request.setSpApplication(application.getSPApplication());
- }
-
- optionalElements = extensions.getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPCountry application = (SPCountry) extensions
- .getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME).get(0);
- request.setSpCountry(application.getSPCountry());
- }
-
-
- List listCrossBorderShare = extensions
- .getUnknownXMLObjects(EIDCrossBorderShare.DEF_ELEMENT_NAME);
-
- if (!listCrossBorderShare .isEmpty()) {
- final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) listCrossBorderShare.get(0);
- request.setEIDCrossBorderShare(Boolean.parseBoolean(crossBorderShare
- .getEIDCrossBorderShare()));
- }
-
-
- List listCrosSectorShare = extensions
- .getUnknownXMLObjects(EIDCrossSectorShare.DEF_ELEMENT_NAME);
-
- if (!listCrosSectorShare.isEmpty()) {
- final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) listCrosSectorShare.get(0);
- request.setEIDCrossSectorShare(Boolean.parseBoolean(crossSectorShare
- .getEIDCrossSectorShare()));
- }
-
- List listSectorShareExtension = extensions
- .getUnknownXMLObjects(EIDSectorShare.DEF_ELEMENT_NAME);
- if (!listSectorShareExtension.isEmpty()) {
- final EIDSectorShare sectorShare = (EIDSectorShare) listSectorShareExtension.get(0);
- request.setEIDSectorShare(Boolean.parseBoolean(sectorShare.getEIDSectorShare()));
- }
-
-
-
- List<XMLObject> authAttrs = extensions
- .getUnknownXMLObjects(AuthenticationAttributes.DEF_ELEMENT_NAME);
-
- if (authAttrs != null && !authAttrs.isEmpty()) {
-
- final AuthenticationAttributes authnAttr = (AuthenticationAttributes) authAttrs
- .get(0);
-
- VIDPAuthenticationAttributes vidpAuthnAttr = null;
- if (authnAttr != null && !authAttrs.isEmpty()){
- vidpAuthnAttr = authnAttr.getVIDPAuthenticationAttributes();
- }
-
- CitizenCountryCode citizenCountryCodeElement = null;
- SPInformation spInformation = null;
- if (vidpAuthnAttr != null){
- citizenCountryCodeElement = vidpAuthnAttr.getCitizenCountryCode();
- spInformation = vidpAuthnAttr.getSPInformation();
- }
-
- String citizenCountryCode = null;
- if(citizenCountryCodeElement!=null){
- citizenCountryCode = citizenCountryCodeElement.getCitizenCountryCode();
- }
-
- if(citizenCountryCode!= null && StringUtils.isNotBlank(citizenCountryCode)){
- request.setCitizenCountryCode(citizenCountryCode);
- }
-
- SPID spidElement = null;
- if (spInformation != null){
- spidElement = spInformation.getSPID();
- }
-
- String spid = null;
- if(spidElement!=null){
- spid = spidElement.getSPID();
- }
-
- if (spid != null && StringUtils.isNotBlank(spid)) {
- request.setSPID(spid);
- }
- }
-
- if (extensions
- .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) == null) {
- LOG.error("Extensions not contains any requested attribute.");
- throw new STORKSAMLEngineException(
- "Extensions not contains any requested attribute.");
- }
-
- final RequestedAttributes requestedAttr = (RequestedAttributes) extensions
- .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME)
- .get(0);
-
- final List<RequestedAttribute> reqAttrs = requestedAttr.getAttributes();
-
- final IPersonalAttributeList personalAttrList = new PersonalAttributeList();
-
- String attributeName;
- for (int nextAttribute = 0; nextAttribute < reqAttrs.size(); nextAttribute++) {
- final RequestedAttribute attribute = reqAttrs.get(nextAttribute);
- final PersonalAttribute personalAttribute = new PersonalAttribute();
- personalAttribute.setIsRequired(Boolean.valueOf(attribute.isRequired()));
- personalAttribute.setFriendlyName(attribute.getFriendlyName());
- attributeName = attribute.getName();
-
- // recover the last name from the string.
- personalAttribute.setName(attributeName.substring(attributeName
- .lastIndexOf('/') + 1));
-
- final ArrayList<String> valores = new ArrayList<String>();
- final List<XMLObject> values = attribute.getOrderedChildren();
-
- for (int nextSimpleValue = 0; nextSimpleValue < values.size(); nextSimpleValue++) {
-
- // Process attributes simples. An AuthenticationRequest only
- // must contains simple values.
-
- final XMLObject xmlObject = values.get(nextSimpleValue);
-
- if(xmlObject instanceof XSStringImpl){
-
- final XSStringImpl xmlString = (XSStringImpl) values
- .get(nextSimpleValue);
- valores.add(xmlString.getValue());
-
- }else{
-
- if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
-
- final XSAnyImpl xmlString = (XSAnyImpl) values
- .get(nextSimpleValue);
-
- TransformerFactory transFactory = TransformerFactory.newInstance();
- Transformer transformer = null;
- try {
- transformer = transFactory.newTransformer();
- transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- } catch (TransformerConfigurationException e) {
- LOG.error("Error transformer configuration exception", e);
- }
- StringWriter buffer = new StringWriter();
- try {
- if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){
- transformer.transform(new DOMSource(xmlString.getUnknownXMLObjects().get(0).getDOM()),
- new StreamResult(buffer));
- }
- } catch (TransformerException e) {
- LOG.error("Error transformer exception", e);
- }
- String str = buffer.toString();
-
- valores.add(str);
-
- }else{
-
- final XSAnyImpl xmlString = (XSAnyImpl) values
- .get(nextSimpleValue);
- valores.add(xmlString.getTextContent());
- }
-
-
-
- }
- }
- personalAttribute.setValue(valores);
- personalAttrList.add(personalAttribute);
- }
-
- request.setPersonalAttributeList(personalAttrList);
-
- return request;
- }
-
- /**
- * Sets the name spaces.
- *
- * @param tokenSaml the new name spaces
- */
- private void setNameSpaces(final XMLObject tokenSaml) {
- LOG.debug("Set namespaces.");
-
- final Namespace saml2 = new Namespace(SAMLConstants.SAML20_NS,
- SAMLConstants.SAML20_PREFIX);
- tokenSaml.addNamespace(saml2);
-
- final Namespace digSig = new Namespace(
- "http://www.w3.org/2000/09/xmldsig#", "ds");
- tokenSaml.addNamespace(digSig);
-
- final Namespace storkp = new Namespace(SAMLCore.STORK10P_NS.getValue(),
- SAMLCore.STORK10P_PREFIX.getValue());
- tokenSaml.addNamespace(storkp);
-
- final Namespace stork = new Namespace(SAMLCore.STORK10_NS.getValue(),
- SAMLCore.STORK10_PREFIX.getValue());
-
- tokenSaml.addNamespace(stork);
- }
-
- /**
- * Validate parameters from authentication request.
- *
- * @param request the request.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamAuthnReq(final STORKAuthnRequest request)
- throws STORKSAMLEngineException {
- LOG.info("Validate parameters from authentication request.");
-
- // URL to which Authentication Response must be sent.
- if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");
- }
-
- // the name of the original service provider requesting the
- // authentication.
- if (StringUtils.isBlank(request.getProviderName())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: Service Provider it's mandatory.");
- }
-
- // object that contain all attributes requesting.
- if (request.getPersonalAttributeList() == null
- || request.getPersonalAttributeList().isEmpty()) {
- throw new STORKSAMLEngineException(
- "attributeQueries is null or empty.");
- }
-
- // Quality authentication assurance level.
- if ((request.getQaa() < QAAAttribute.MIN_VALUE)
- || (request.getQaa() > QAAAttribute.MAX_VALUE)) {
- throw new STORKSAMLEngineException("Qaal: " + request.getQaa()
- + ", is invalid.");
- }
-
- }
-
- /**
- * Validate parameters from authentication request.
- *
- * @param request the request.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamAttrQueryReq(final STORKAttrQueryRequest request)
- throws STORKSAMLEngineException {
- LOG.info("Validate parameters from attribute query request.");
-
- // URL to which Authentication Response must be sent.
- /*if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");
- }*/
-
- // the name of the original service provider requesting the
- // authentication.
- /*if (StringUtils.isBlank(request.getProviderName())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: Service Provider it's mandatory.");
- }*/
-
- // object that contain all attributes requesting.
- if (request.getPersonalAttributeList() == null
- || request.getPersonalAttributeList().isEmpty()) {
- throw new STORKSAMLEngineException(
- "attributeQueries is null or empty.");
- }
-
- // Quality authentication assurance level.
- if ((request.getQaa() < QAAAttribute.MIN_VALUE)
- || (request.getQaa() > QAAAttribute.MAX_VALUE)) {
- throw new STORKSAMLEngineException("Qaal: " + request.getQaa()
- + ", is invalid.");
- }
-
- }
-
-
- /**
- * Validate parameters from response.
- *
- * @param request the request
- * @param responseAuthReq the response authentication request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamResponse(final STORKAuthnRequest request,
- final STORKAuthnResponse responseAuthReq)
- throws STORKSAMLEngineException {
- LOG.info("Validate parameters response.");
- if (StringUtils.isBlank(request.getIssuer())) {
- throw new STORKSAMLEngineException(
- "Issuer must be not empty or null.");
- }
-
- if (responseAuthReq.getPersonalAttributeList() == null
- || responseAuthReq.getPersonalAttributeList().isEmpty()) {
- LOG.error("PersonalAttributeList is null or empty.");
- throw new STORKSAMLEngineException(
- "PersonalAttributeList is null or empty.");
- }
-
- if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
- throw new STORKSAMLEngineException(
- "assertionConsumerServiceURL is null or empty.");
- }
-
- if (StringUtils.isBlank(request.getSamlId())) {
- throw new STORKSAMLEngineException("request ID is null or empty.");
- }
- }
-
- /**
- * Validate parameters from response.
- *
- * @param request the request
- * @param responseAttrQueryReq the response authentication request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamAttrQueryResponse(final STORKAttrQueryRequest request,
- final STORKAttrQueryResponse responseAttrQueryReq)
- throws STORKSAMLEngineException {
- LOG.info("Validate attribute querey parameters response.");
- if (StringUtils.isBlank(request.getIssuer())) {
- throw new STORKSAMLEngineException(
- "Issuer must be not empty or null.");
- }
-
- if (responseAttrQueryReq.getPersonalAttributeList() == null
- || responseAttrQueryReq.getPersonalAttributeList().isEmpty()) {
- LOG.error("PersonalAttributeList is null or empty.");
- throw new STORKSAMLEngineException(
- "PersonalAttributeList is null or empty.");
- }
-
- /*if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
- throw new STORKSAMLEngineException(
- "assertionConsumerServiceURL is null or empty.");
- }*/
-
- if (StringUtils.isBlank(request.getSamlId())) {
- throw new STORKSAMLEngineException("request ID is null or empty.");
- }
- }
-
- /**
- * Validate parameter from response fail.
- *
- * @param request the request
- * @param response the response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamResponseFail(final STORKAuthnRequest request,
- final STORKAuthnResponse response) throws STORKSAMLEngineException {
- LOG.info("Validate parameters response fail.");
- if (StringUtils.isBlank(response.getStatusCode())) {
- throw new STORKSAMLEngineException("Code error it's null or empty.");
- }
-
- if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
- throw new STORKSAMLEngineException(
- "assertionConsumerServiceURL is null or empty.");
- }
-
- if (StringUtils.isBlank(request.getSamlId())) {
- throw new STORKSAMLEngineException("request ID is null or empty.");
- }
- }
-
- /**
- * Validate parameter from response fail.
- *
- * @param request the request
- * @param response the response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamAttrQueryResponseFail(final STORKAttrQueryRequest request,
- final STORKAttrQueryResponse response) throws STORKSAMLEngineException {
- LOG.info("Validate parameters response fail.");
- if (StringUtils.isBlank(response.getStatusCode())) {
- throw new STORKSAMLEngineException("Code error it's null or empty.");
- }
-
- if (StringUtils.isBlank(request.getSamlId())) {
- throw new STORKSAMLEngineException("request ID is null or empty.");
- }
- }
-
- /**
- * Validate stork authentication request.
- *
- * @param tokenSaml the token SAML
- *
- * @return the sTORK authentication request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnRequest validateSTORKAuthnRequest(final byte[] tokenSaml)
- throws STORKSAMLEngineException {
- LOG.info("validateSTORKAuthnRequest");
-
- final AuthnRequest samlRequest = (AuthnRequest) validateStorkSaml(tokenSaml);
-
- LOG.debug("Validate Extensions.");
- final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
- try {
- validatorExt.validate(samlRequest.getExtensions());
- } catch (ValidationException e) {
- LOG.error("ValidationException: validate Extensions.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- LOG.debug("Generate STORKAuthnRequest.");
- final STORKAuthnRequest authnRequest = processExtensions(samlRequest
- .getExtensions());
-
- authnRequest.setCountry(this.getCountry(samlRequest.getSignature()
- .getKeyInfo()));
-
- authnRequest.setAlias(this.getAlias(samlRequest.getSignature()
- .getKeyInfo(), super.getSigner().getTrustStore()));
-
- authnRequest.setSamlId(samlRequest.getID());
- authnRequest.setDestination(samlRequest.getDestination());
- authnRequest.setAssertionConsumerServiceURL(samlRequest
- .getAssertionConsumerServiceURL());
-
- authnRequest.setProviderName(samlRequest.getProviderName());
- authnRequest.setIssuer(samlRequest.getIssuer().getValue());
-
- //Delete unknown elements from requested ones
- final Iterator<PersonalAttribute> iterator = authnRequest.getPersonalAttributeList().iterator();
- IPersonalAttributeList cleanPerAttrList = (PersonalAttributeList) authnRequest.getPersonalAttributeList();
- while (iterator.hasNext()) {
-
- final PersonalAttribute attribute = iterator.next();
-
- // Verify if the attribute name exits.
- final String attributeName = super.getSamlCoreProperties()
- .getProperty(attribute.getName());
-
- if (StringUtils.isBlank(attributeName)) {
- LOG.info("Attribute name: {} was not found. It will be removed from the request object", attribute.getName());
- cleanPerAttrList.remove(attribute.getName());
- }
-
- }
- authnRequest.setPersonalAttributeList(cleanPerAttrList);
-
- return authnRequest;
-
- }
-
- /**
- * Validate stork authentication request.
- *
- * @param tokenSaml the token SAML
- *
- * @return the sTORK authentication request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAttrQueryRequest validateSTORKAttrQueryRequest(final byte[] tokenSaml)
- throws STORKSAMLEngineException {
- LOG.info("validateSTORKAttrQueryRequest");
-
- final AttributeQuery samlRequest = (AttributeQuery) validateStorkSaml(tokenSaml);
-
- LOG.debug("Validate Extensions.");
- final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
- try {
- validatorExt.validate(samlRequest.getExtensions());
- } catch (ValidationException e) {
- LOG.error("ValidationException: validate Extensions.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- LOG.debug("Generate STORKAttrQueryRequest.");
- final STORKAttrQueryRequest attrRequest = processAttrExtensions(samlRequest
- .getExtensions());
-
- attrRequest.setCountry(this.getCountry(samlRequest.getSignature()
- .getKeyInfo()));
-
- attrRequest.setAlias(this.getAlias(samlRequest.getSignature()
- .getKeyInfo(), super.getSigner().getTrustStore()));
-
- attrRequest.setSamlId(samlRequest.getID());
- attrRequest.setDestination(samlRequest.getDestination());
- /*attrRequest.setAssertionConsumerServiceURL(samlRequest
- .getAssertionConsumerServiceURL());
-
- authnRequest.setProviderName(samlRequest.getProviderName());*/
- attrRequest.setIssuer(samlRequest.getIssuer().getValue());
-
- //Delete unknown elements from requested ones
- final Iterator<PersonalAttribute> iterator = attrRequest.getPersonalAttributeList().iterator();
- IPersonalAttributeList cleanPerAttrList = (PersonalAttributeList) attrRequest.getPersonalAttributeList();
- while (iterator.hasNext()) {
-
- final PersonalAttribute attribute = iterator.next();
-
- // Verify if the attribute name exits.
- final String attributeName = super.getSamlCoreProperties()
- .getProperty(attribute.getName());
-
- if (StringUtils.isBlank(attributeName)) {
- LOG.info("Attribute name: {} was not found. It will be removed from the request object", attribute.getName());
- cleanPerAttrList.remove(attribute.getName());
- }
-
- }
- attrRequest.setPersonalAttributeList(cleanPerAttrList);
-
- return attrRequest;
-
- }
-
- /**
- * Validate stork authentication response.
- *
- * @param tokenSaml the token SAML
- * @param userIP the user IP
- *
- * @return the Stork authentication response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnResponse validateSTORKAuthnResponse(
- final byte[] tokenSaml, final String userIP)
- throws STORKSAMLEngineException {
-
- LOG.info("validateSTORKAuthnResponse");
- final Response samlResponse = (Response) validateStorkSaml(tokenSaml);
-
- LOG.debug("Create StorkAuthResponse.");
- final STORKAuthnResponse authnResponse = new STORKAuthnResponse();
-
- authnResponse.setCountry(this.getCountry(samlResponse.getSignature()
- .getKeyInfo()));
-
- LOG.debug("Set ID.");
- authnResponse.setSamlId(samlResponse.getID());
- LOG.debug("Set InResponseTo.");
- authnResponse.setInResponseTo(samlResponse.getInResponseTo());
- LOG.debug("Set statusCode.");
- authnResponse.setStatusCode(samlResponse.getStatus().getStatusCode()
- .getValue());
-
- // Subordinate code.
- if (samlResponse.getStatus().getStatusCode().getStatusCode() != null) {
- authnResponse.setSubStatusCode(samlResponse.getStatus()
- .getStatusCode().getStatusCode().getValue());
- }
-
- if (samlResponse.getStatus().getStatusMessage() != null) {
- LOG.debug("Set statusMessage.");
- authnResponse.setMessage(samlResponse.getStatus()
- .getStatusMessage().getMessage());
- }
-
- LOG.debug("validateStorkResponse");
- final Assertion assertion = (Assertion) validateStorkResponse(
- samlResponse, userIP);
-
- if(assertion!=null){
- final DateTime serverDate = new DateTime();
-
- if (assertion.getConditions().getNotOnOrAfter().isBefore(serverDate)) {
- LOG.error("Token date expired (getNotOnOrAfter = "
- + assertion.getConditions().getNotOnOrAfter()
- + ", server_date: " + serverDate + ")");
- throw new STORKSAMLEngineException(
- "Token date expired (getNotOnOrAfter = "
- + assertion.getConditions().getNotOnOrAfter()
- + " ), server_date: " + serverDate);
- }
-
- LOG.debug("Set notOnOrAfter.");
- authnResponse.setNotOnOrAfter(assertion.getConditions()
- .getNotOnOrAfter());
-
- LOG.debug("Set notBefore.");
- authnResponse.setNotBefore(assertion.getConditions().getNotBefore());
-
- authnResponse.setNotBefore(assertion.getConditions().getNotBefore());
-
- authnResponse.setAudienceRestriction(((AudienceRestriction) assertion
- .getConditions().getAudienceRestrictions().get(0))
- .getAudiences().get(0).getAudienceURI());
- }
-
- // Case no error.
- if (assertion!=null && StatusCode.SUCCESS_URI.equalsIgnoreCase(authnResponse
- .getStatusCode())) {
- LOG.debug("Status Success. Set PersonalAttributeList.");
- authnResponse
- .setPersonalAttributeList(generatePersonalAttributeList(assertion));
- authnResponse.setFail(false);
- } else {
- LOG.debug("Status Fail.");
- authnResponse.setFail(true);
- }
- LOG.debug("Return result.");
- return authnResponse;
-
- }
-
- /**
- * Validate stork attribute query response.
- *
- * @param tokenSaml the token SAML
- * @param userIP the user IP
- *
- * @return the Stork attribute query response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAttrQueryResponse validateSTORKAttrQueryResponse(
- final byte[] tokenSaml, final String userIP)
- throws STORKSAMLEngineException {
-
- LOG.info("validateSTORKAttrQueryResponse");
- final Response samlResponse = (Response) validateStorkSaml(tokenSaml);
-
- LOG.debug("Create StorkAttrQueryResponse.");
- final STORKAttrQueryResponse attrQueryResponse = new STORKAttrQueryResponse();
-
- attrQueryResponse.setCountry(this.getCountry(samlResponse.getSignature()
- .getKeyInfo()));
-
- LOG.debug("Set ID.");
- attrQueryResponse.setSamlId(samlResponse.getID());
- LOG.debug("Set InResponseTo.");
- attrQueryResponse.setInResponseTo(samlResponse.getInResponseTo());
- LOG.debug("Set statusCode.");
- attrQueryResponse.setStatusCode(samlResponse.getStatus().getStatusCode()
- .getValue());
-
- // Subordinate code.
- if (samlResponse.getStatus().getStatusCode().getStatusCode() != null) {
- attrQueryResponse.setSubStatusCode(samlResponse.getStatus()
- .getStatusCode().getStatusCode().getValue());
- }
-
- if (samlResponse.getStatus().getStatusMessage() != null) {
- LOG.debug("Set statusMessage.");
- attrQueryResponse.setMessage(samlResponse.getStatus()
- .getStatusMessage().getMessage());
- }
-
- LOG.debug("validateStorkResponse");
- final Assertion assertion = (Assertion) validateStorkResponse(
- samlResponse, userIP);
-
- if(assertion!=null){
- final DateTime serverDate = new DateTime();
-
- if (assertion.getConditions().getNotOnOrAfter().isBefore(serverDate)) {
- LOG.error("Token date expired (getNotOnOrAfter = "
- + assertion.getConditions().getNotOnOrAfter()
- + ", server_date: " + serverDate + ")");
- throw new STORKSAMLEngineException(
- "Token date expired (getNotOnOrAfter = "
- + assertion.getConditions().getNotOnOrAfter()
- + " ), server_date: " + serverDate);
- }
-
- LOG.debug("Set notOnOrAfter.");
- attrQueryResponse.setNotOnOrAfter(assertion.getConditions()
- .getNotOnOrAfter());
-
- LOG.debug("Set notBefore.");
- attrQueryResponse.setNotBefore(assertion.getConditions().getNotBefore());
-
- attrQueryResponse.setNotBefore(assertion.getConditions().getNotBefore());
-
- attrQueryResponse.setAudienceRestriction(((AudienceRestriction) assertion
- .getConditions().getAudienceRestrictions().get(0))
- .getAudiences().get(0).getAudienceURI());
- }
-
- // Case no error.
- if (assertion!=null && StatusCode.SUCCESS_URI.equalsIgnoreCase(attrQueryResponse
- .getStatusCode())) {
- LOG.debug("Status Success. Set PersonalAttributeList.");
- attrQueryResponse
- .setPersonalAttributeList(generatePersonalAttributeList(assertion));
- attrQueryResponse.setFail(false);
- } else {
- LOG.debug("Status Fail.");
- attrQueryResponse.setFail(true);
- }
- LOG.debug("Return result.");
- return attrQueryResponse;
-
- }
-
- /**
- * Validate stork response.
- *
- * @param samlResponse the SAML response
- * @param userIP the user IP
- *
- * @return the assertion
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Assertion validateStorkResponse(final Response samlResponse,
- final String userIP) throws STORKSAMLEngineException {
- // Exist only one Assertion
-
- if (samlResponse.getAssertions() == null
- || samlResponse.getAssertions().isEmpty()) {
- LOG.info("Assertion is null or empty."); //in replace of throw new STORKSAMLEngineException("Assertion is null or empty.")
- return null;
- }
-
- final Assertion assertion = (Assertion) samlResponse.getAssertions()
- .get(0);
-
- LOG.debug("Verified method Bearer");
- for (final Iterator<SubjectConfirmation> iter = assertion.getSubject()
- .getSubjectConfirmations().iterator(); iter.hasNext();) {
- final SubjectConfirmation element = iter.next();
- final boolean isBearer = SubjectConfirmation.METHOD_BEARER
- .equals(element.getMethod());
-
- final boolean ipValidate = super.getSamlCoreProperties()
- .isIpValidation();
-
- if (ipValidate) {
- if (isBearer) {
- if (StringUtils.isBlank(userIP)) {
- LOG.error("browser_ip is null or empty.");
- throw new STORKSAMLEngineException(
- "browser_ip is null or empty.");
- } else if (StringUtils.isBlank(element
- .getSubjectConfirmationData().getAddress())) {
- LOG.error("token_ip attribute is null or empty.");
- throw new STORKSAMLEngineException(
- "token_ip attribute is null or empty.");
- }
- }
-
- final boolean ipEqual = element.getSubjectConfirmationData()
- .getAddress().equals(userIP);
-
- // Validation ipUser
- if (!ipEqual && ipValidate) {
- LOG.error("SubjectConfirmation BEARER: ");
- throw new STORKSAMLEngineException(
- "IPs doesn't match : token_ip ("
- + element.getSubjectConfirmationData()
- .getAddress() + ") browser_ip ("
- + userIP + ")");
- }
- }
-
- }
- return assertion;
- }
-
- /**
- * Validate stork SAML.
- *
- * @param tokenSaml the token SAML
- *
- * @return the signable SAML object
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private SignableSAMLObject validateStorkSaml(final byte[] tokenSaml)
- throws STORKSAMLEngineException {
-
- LOG.info("Validate StorkSaml message.");
-
- if (tokenSaml == null) {
- LOG.error("Saml authentication request is null.");
- throw new STORKSAMLEngineException(
- "Saml authentication request is null.");
- }
-
- LOG.debug("Generate AuthnRequest from request.");
- SignableSAMLObject samlObject;
-
- try {
- samlObject = (SignableSAMLObject) super.unmarshall(tokenSaml);
- } catch (SAMLEngineException e) {
- LOG.error("SAMLEngineException unmarshall.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- boolean validateSign = true;
-
- if (StringUtils.isNotBlank(super.getSamlCoreProperties().getProperty(
- "validateSignature"))) {
- validateSign = Boolean.valueOf(super.getSamlCoreProperties()
- .getProperty("validateSignature"));
- }
-
- if (validateSign) {
- LOG.debug("Validate Signature.");
- try {
- super.validateSignature(samlObject);
- } catch (SAMLEngineException e) {
- LOG.error("SAMLEngineException validateSignature.", e);
- throw new STORKSAMLEngineException(e);
- }
- }
-
- LOG.debug("Validate Schema.");
- final ValidatorSuite validatorSuite = Configuration
- .getValidatorSuite("saml2-core-schema-validator");
- try {
- validatorSuite.validate(samlObject);
- } catch (ValidationException e) {
- LOG.error("ValidationException.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- return samlObject;
- }
-}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/X509PrincipalUtil.java.svn-base b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/X509PrincipalUtil.java.svn-base
deleted file mode 100644
index e38cc5f0b..000000000
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/X509PrincipalUtil.java.svn-base
+++ /dev/null
@@ -1,69 +0,0 @@
-package eu.stork.peps.auth.engine;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.jce.X509Principal;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Utility class used to decrease complexity of comparison of 2 X509principal
- *
- * @author vanegdi
- * @version $Revision: 1.00 $, $Date: 2013-05-24 20:53:51 $
- */
-public final class X509PrincipalUtil{
-
- private static final DERObjectIdentifier[] DER_OBJECT_IDENTIFIERS_ARRAY= {
- X509Principal.CN,
- X509Principal.OU,
- X509Principal.O,
- X509Principal.L,
- X509Principal.ST,
- X509Principal.C,
- X509Principal.E
- };
-
- private static final Logger LOG = LoggerFactory.getLogger(eu.stork.peps.auth.engine.X509PrincipalUtil.class);
-
- /**
- * Compares 2 X509Principals to detect if they equals
- * @param principal1
- * @param principal2
- * @return true if arguments are not null and equals
- */
- public static boolean equals(X509Principal principal1, X509Principal principal2) {
- boolean continueProcess = true;
- if (principal1 == null || principal2 == null){
- return false;
- }
-
- int cpt = 0;
- while(continueProcess && cpt < DER_OBJECT_IDENTIFIERS_ARRAY.length){
- continueProcess = continueProcess && x509ValuesByIdentifierEquals(principal1, principal2, DER_OBJECT_IDENTIFIERS_ARRAY[cpt]);
- cpt++;
- }
- return continueProcess;
- }
-
- public static boolean equals2(X509Principal principal1, X509Principal principal2) {
-
- if (principal1 == null || principal2 == null){
- return false;
- }
-
- if (principal1.getName().equals(principal2.getName()))
- return true;
- else
- return false;
-
- }
-
- private static boolean x509ValuesByIdentifierEquals(X509Principal principal1, X509Principal principal2, DERObjectIdentifier identifier){
- return principal1.getValues(identifier).equals(principal2.getValues(identifier));
- }
-
- private X509PrincipalUtil(){
- // default contructor
- LOG.error("Fake X509PrincipalUtil : never be called");
- }
-}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/package-info.java.svn-base b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/package-info.java.svn-base
deleted file mode 100644
index d3e353e51..000000000
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/.svn/text-base/package-info.java.svn-base
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-/**
- * Provides the classes necessary to create a SAML message.
- */
-package eu.stork.peps.auth.engine; \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 02:10:38 +0000