diff options
Diffstat (limited to 'id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java')
-rw-r--r-- | id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java | 99 |
1 files changed, 59 insertions, 40 deletions
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java index 6a7e1f7c0..7bf5d5ca8 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java @@ -202,8 +202,7 @@ public final class STORKSAMLEngine extends SAMLEngine { try { engine = new STORKSAMLEngine(nameInstance.trim()); } catch (Exception e) { - LOG.error("Error getting instance: " + nameInstance); - e.printStackTrace(); + LOG.error("Error get instance: " + nameInstance); } return engine; } @@ -389,15 +388,9 @@ public final class STORKSAMLEngine extends SAMLEngine { final Subject subject = SAMLEngineUtils.generateSubject(); - // Mandatory STORK verified - // String format = NameID.UNSPECIFIED - // specification: 'SAML:2.0' exist - // opensaml: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" - // opensaml "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" - final String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"; + final String format = super.getSamlCoreProperties().getFormat(); final String nameQualifier = ""; - LOG.debug("Generate NameID"); final NameID nameId = SAMLEngineUtils.generateNameID(super.getSamlCoreProperties().getResponder(), format, nameQualifier); nameId.setValue(format); @@ -1102,7 +1095,6 @@ public final class STORKSAMLEngine extends SAMLEngine { // Validate Parameters mandatories validateParamAttrQueryReq(request); - // final AttributeQuery attrQueryRequestAux = SAMLEngineUtils final CustomAttributeQuery attrQueryRequestAux = SAMLEngineUtils.generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime()); // Set name spaces. @@ -1930,6 +1922,8 @@ public final class STORKSAMLEngine extends SAMLEngine { citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils.createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME); citizenCountryCode.setCitizenCountryCode(request.getCitizenCountryCode().toUpperCase()); + + extensions.getUnknownXMLObjects().add(citizenCountryCode); } SPID spid = null; @@ -1938,6 +1932,8 @@ public final class STORKSAMLEngine extends SAMLEngine { spid = (SPID) SAMLEngineUtils.createSamlObject(SPID.DEF_ELEMENT_NAME); spid.setSPID(request.getSPID().toUpperCase()); + + extensions.getUnknownXMLObjects().add(spid); } return extensions; @@ -2493,11 +2489,6 @@ public final class STORKSAMLEngine extends SAMLEngine { throw new STORKSAMLEngineException("StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); } - // Destination of the request - not mandatory - /* - * if (StringUtils.isBlank(request.getDestination())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Destination is mandatory."); } - */ - // SP country is empty if (StringUtils.isBlank(request.getSpCountry())) { throw new STORKSAMLEngineException("StorkSamlEngine: SP country is mandatory."); @@ -2525,12 +2516,7 @@ public final class STORKSAMLEngine extends SAMLEngine { */ private void validateParamLogoutReq(final STORKLogoutRequest request) throws STORKSAMLEngineException { LOG.info("Validate parameters from logout request."); - // URL to which AP Response must be sent. - /* - * if (StringUtils.isBlank(request.get())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); } - */ - // Destination of the request if (StringUtils.isBlank(request.getDestination())) { throw new STORKSAMLEngineException("StorkSamlEngine: Destination is mandatory."); @@ -2591,9 +2577,9 @@ public final class STORKSAMLEngine extends SAMLEngine { throw new STORKSAMLEngineException("Issuer must be not empty or null."); } - if (responseAuthReq.getPersonalAttributeList() == null || responseAuthReq.getPersonalAttributeList().isEmpty()) { - LOG.error("PersonalAttributeList is null or empty."); - throw new STORKSAMLEngineException("PersonalAttributeList is null or empty."); + if (responseAuthReq.getPersonalAttributeList() == null) { + LOG.error("PersonalAttributeList is null."); + throw new STORKSAMLEngineException("PersonalAttributeList is null."); } if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { @@ -2627,10 +2613,6 @@ public final class STORKSAMLEngine extends SAMLEngine { throw new STORKSAMLEngineException("PersonalAttributeList is null or empty."); } - /* - * if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { throw new STORKSAMLEngineException( "assertionConsumerServiceURL is null or empty."); } - */ - if (StringUtils.isBlank(request.getSamlId())) { throw new STORKSAMLEngineException("request ID is null or empty."); } @@ -2840,7 +2822,6 @@ public final class STORKSAMLEngine extends SAMLEngine { attrRequest.setDestination(samlRequest.getDestination()); attrRequest.setAssertionConsumerServiceURL(samlRequest.getAssertionConsumerServiceURL()); - /* authnRequest.setProviderName(samlRequest.getProviderName()); */ attrRequest.setIssuer(samlRequest.getIssuer().getValue()); // Delete unknown elements from requested ones @@ -2881,13 +2862,15 @@ public final class STORKSAMLEngine extends SAMLEngine { final LogoutRequest samlRequest = (LogoutRequest) validateStorkSaml(tokenSaml); - LOG.debug("Validate Extensions."); - final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator(); - try { - validatorExt.validate(samlRequest.getExtensions()); - } catch (ValidationException e) { - LOG.error("ValidationException: validate Extensions.", e); - throw new STORKSAMLEngineException(e); + if (samlRequest.getExtensions() != null) { + LOG.debug("Validate Extensions."); + final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator(); + try { + validatorExt.validate(samlRequest.getExtensions()); + } catch (ValidationException e) { + LOG.error("ValidationException: validate Extensions.", e); + throw new STORKSAMLEngineException(e); + } } LOG.debug("Generate STORKLogoutRequest."); @@ -2909,6 +2892,43 @@ public final class STORKSAMLEngine extends SAMLEngine { } /** + * Validate stork logout response. + * + * @param tokenSaml + * The SAML token + * + * @return the STORK logout response + * + * @throws STORKSAMLEngineException + * the STORKSAML engine exception + */ + public STORKLogoutResponse validateSTORKLogoutResponse(final byte[] tokenSaml) throws STORKSAMLEngineException { + + LOG.info("validate STORK Logout Response"); + + final LogoutResponse samlRes = (LogoutResponse) validateStorkSaml(tokenSaml); + + LOG.debug("Generate STORKLogoutResponse."); + final STORKLogoutResponse logoutRes = new STORKLogoutResponse(); + + try { + logoutRes.setTokenSaml(super.signAndMarshall(samlRes)); + } catch (SAMLEngineException e) { + LOG.error("Sign and Marshall.", e); + throw new STORKSAMLEngineException(e); + } + + logoutRes.setAlias(this.getAlias(samlRes.getSignature().getKeyInfo(), super.getSigner().getTrustStore())); + logoutRes.setSamlId(samlRes.getID()); + logoutRes.setDestination(samlRes.getDestination()); + logoutRes.setIssuer(samlRes.getIssuer().getValue()); + logoutRes.setStatusCode(samlRes.getStatus().getStatusCode().getValue().toString()); + logoutRes.setStatusMessage(samlRes.getStatus().getStatusMessage().getMessage().toString()); + logoutRes.setInResponseTo(samlRes.getInResponseTo()); + return logoutRes; + } + + /** * Validate stork authentication response. * * @param tokenSaml @@ -3060,16 +3080,15 @@ public final class STORKSAMLEngine extends SAMLEngine { authnResponse.setAssertions(samlResponse.getAssertions()); if (samlResponse.getAssertions().size() > 1) { PersonalAttributeList total = new PersonalAttributeList(); - List<IPersonalAttributeList> attrList = new ArrayList(); + List<IPersonalAttributeList> attrList = new ArrayList<IPersonalAttributeList>(); for (int i = 0; i < samlResponse.getAssertions().size(); i++) { Assertion tempAssertion = (Assertion) samlResponse.getAssertions().get(i); IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion); if (temp != null) { attrList.add(temp); - for (PersonalAttribute attribute : temp) { - PersonalAttribute attr = (PersonalAttribute) attribute.clone(); - attr.setName(attr.getName() + tempAssertion.getID()); - total.add(attr); + for (PersonalAttribute attribute : (IPersonalAttributeList) temp.clone()) { + attribute.setName(attribute.getName() + tempAssertion.getID()); + total.add(attribute); } } } |