diff options
Diffstat (limited to 'id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java')
| -rw-r--r-- | id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java | 2491 |
1 files changed, 1043 insertions, 1448 deletions
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java index 6bdf7b320..7bf5d5ca8 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java @@ -175,10 +175,8 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException; /** - * Class that wraps the operations over SAML tokens, both generation and - * validation of SAML STORK requests and SAML STORK responses. Complaint with - * "OASIS Secure Assertion Markup Language (SAML) 2.0, May 2005", but taking - * into account STORK specific requirements. + * Class that wraps the operations over SAML tokens, both generation and validation of SAML STORK requests and SAML STORK responses. Complaint with + * "OASIS Secure Assertion Markup Language (SAML) 2.0, May 2005", but taking into account STORK specific requirements. * * @author fjquevedo * @author iinigo @@ -186,26 +184,25 @@ import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException; public final class STORKSAMLEngine extends SAMLEngine { /** The Constant LOG. */ - private static final Logger LOG = LoggerFactory - .getLogger(STORKSAMLEngine.class.getName()); + private static final Logger LOG = LoggerFactory.getLogger(STORKSAMLEngine.class.getName()); + + private static final String ATTRIBUTE_EMPTY_LITERAL = "Attribute name is null or empty."; - private static final String ATTRIBUTE_EMPTY_LITERAL = "Attribute name is null or empty."; /** * Gets the single instance of STORKSAMLEngine. * - * @param nameInstance the name instance + * @param nameInstance + * the name instance * * @return single instance of STORKSAMLEngine */ - public static synchronized STORKSAMLEngine getInstance( - final String nameInstance) { + public static synchronized STORKSAMLEngine getInstance(final String nameInstance) { STORKSAMLEngine engine = null; LOG.info("Get instance: " + nameInstance); try { engine = new STORKSAMLEngine(nameInstance.trim()); } catch (Exception e) { - LOG.error("Error getting instance: " + nameInstance); - e.printStackTrace(); + LOG.error("Error get instance: " + nameInstance); } return engine; } @@ -213,130 +210,79 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Instantiate a new STORKSAML engine. * - * @param nameInstance the name instance + * @param nameInstance + * the name instance * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private STORKSAMLEngine(final String nameInstance) - throws STORKSAMLEngineException { + private STORKSAMLEngine(final String nameInstance) throws STORKSAMLEngineException { // Initialization OpenSAML. super(nameInstance); LOG.info("Register STORK objects provider."); - Configuration.registerObjectProvider(QAAAttribute.DEF_ELEMENT_NAME, - new QAAAttributeBuilder(), new QAAAttributeMarshaller(), - new QAAAttributeUnmarshaller()); - - Configuration.registerObjectProvider(EIDSectorShare.DEF_ELEMENT_NAME, - new EIDSectorShareBuilder(), new EIDSectorShareMarshaller(), - new EIDSectorShareUnmarshaller()); - - Configuration.registerObjectProvider( - EIDCrossSectorShare.DEF_ELEMENT_NAME, - new EIDCrossSectorShareBuilder(), - new EIDCrossSectorShareMarshaller(), - new EIDCrossSectorShareUnmarshaller()); - - Configuration.registerObjectProvider( - EIDCrossBorderShare.DEF_ELEMENT_NAME, - new EIDCrossBorderShareBuilder(), - new EIDCrossBorderShareMarshaller(), - new EIDCrossBorderShareUnmarshaller()); - - Configuration.registerObjectProvider(SPSector.DEF_ELEMENT_NAME, - new SPSectorBuilder(), new SPSectorMarshaller(), - new SPSectorUnmarshaller()); - - Configuration.registerObjectProvider(SPInstitution.DEF_ELEMENT_NAME, - new SPInstitutionBuilder(), new SPInstitutionMarshaller(), - new SPInstitutionUnmarshaller()); - - Configuration.registerObjectProvider(SPApplication.DEF_ELEMENT_NAME, - new SPApplicationBuilder(), new SPApplicationMarshaller(), - new SPApplicationUnmarshaller()); - - Configuration.registerObjectProvider(SPCountry.DEF_ELEMENT_NAME, - new SPCountryBuilder(), new SPCountryMarshaller(), - new SPCountryUnmarshaller()); - - Configuration.registerObjectProvider(XSAny.TYPE_NAME, - new XSAnyBuilder(), new XSAnyMarshaller(), - new XSAnyUnmarshaller()); - - Configuration.registerObjectProvider( - RequestedAttribute.DEF_ELEMENT_NAME, - new RequestedAttributeBuilder(), - new RequestedAttributeMarshaller(), - new RequestedAttributeUnmarshaller()); - - Configuration.registerObjectProvider( - RequestedAttributes.DEF_ELEMENT_NAME, - new RequestedAttributesBuilder(), - new RequestedAttributesMarshaller(), - new RequestedAttributesUnmarshaller()); - - Configuration.registerObjectProvider( - AuthenticationAttributes.DEF_ELEMENT_NAME, - new AuthenticationAttributesBuilder(), - new AuthenticationAttributesMarshaller(), + Configuration.registerObjectProvider(QAAAttribute.DEF_ELEMENT_NAME, new QAAAttributeBuilder(), new QAAAttributeMarshaller(), new QAAAttributeUnmarshaller()); + + Configuration.registerObjectProvider(EIDSectorShare.DEF_ELEMENT_NAME, new EIDSectorShareBuilder(), new EIDSectorShareMarshaller(), new EIDSectorShareUnmarshaller()); + + Configuration.registerObjectProvider(EIDCrossSectorShare.DEF_ELEMENT_NAME, new EIDCrossSectorShareBuilder(), new EIDCrossSectorShareMarshaller(), new EIDCrossSectorShareUnmarshaller()); + + Configuration.registerObjectProvider(EIDCrossBorderShare.DEF_ELEMENT_NAME, new EIDCrossBorderShareBuilder(), new EIDCrossBorderShareMarshaller(), new EIDCrossBorderShareUnmarshaller()); + + Configuration.registerObjectProvider(SPSector.DEF_ELEMENT_NAME, new SPSectorBuilder(), new SPSectorMarshaller(), new SPSectorUnmarshaller()); + + Configuration.registerObjectProvider(SPInstitution.DEF_ELEMENT_NAME, new SPInstitutionBuilder(), new SPInstitutionMarshaller(), new SPInstitutionUnmarshaller()); + + Configuration.registerObjectProvider(SPApplication.DEF_ELEMENT_NAME, new SPApplicationBuilder(), new SPApplicationMarshaller(), new SPApplicationUnmarshaller()); + + Configuration.registerObjectProvider(SPCountry.DEF_ELEMENT_NAME, new SPCountryBuilder(), new SPCountryMarshaller(), new SPCountryUnmarshaller()); + + Configuration.registerObjectProvider(XSAny.TYPE_NAME, new XSAnyBuilder(), new XSAnyMarshaller(), new XSAnyUnmarshaller()); + + Configuration.registerObjectProvider(RequestedAttribute.DEF_ELEMENT_NAME, new RequestedAttributeBuilder(), new RequestedAttributeMarshaller(), new RequestedAttributeUnmarshaller()); + + Configuration.registerObjectProvider(RequestedAttributes.DEF_ELEMENT_NAME, new RequestedAttributesBuilder(), new RequestedAttributesMarshaller(), new RequestedAttributesUnmarshaller()); + + Configuration.registerObjectProvider(AuthenticationAttributes.DEF_ELEMENT_NAME, new AuthenticationAttributesBuilder(), new AuthenticationAttributesMarshaller(), new AuthenticationAttributesUnmarshaller()); - Configuration.registerObjectProvider( - VIDPAuthenticationAttributes.DEF_ELEMENT_NAME, - new VIDPAuthenticationAttributesBuilder(), - new VIDPAuthenticationAttributesMarshaller(), + Configuration.registerObjectProvider(VIDPAuthenticationAttributes.DEF_ELEMENT_NAME, new VIDPAuthenticationAttributesBuilder(), new VIDPAuthenticationAttributesMarshaller(), new VIDPAuthenticationAttributesUnmarshaller()); - Configuration.registerObjectProvider( - CitizenCountryCode.DEF_ELEMENT_NAME, - new CitizenCountryCodeBuilder(), - new CitizenCountryCodeMarshaller(), - new CitizenCountryCodeUnmarshaller()); + Configuration.registerObjectProvider(CitizenCountryCode.DEF_ELEMENT_NAME, new CitizenCountryCodeBuilder(), new CitizenCountryCodeMarshaller(), new CitizenCountryCodeUnmarshaller()); - Configuration.registerObjectProvider( - SPID.DEF_ELEMENT_NAME, - new SPIDBuilder(), - new SPIDMarshaller(), - new SPIDUnmarshaller()); + Configuration.registerObjectProvider(SPID.DEF_ELEMENT_NAME, new SPIDBuilder(), new SPIDMarshaller(), new SPIDUnmarshaller()); - Configuration.registerObjectProvider( - SPInformation.DEF_ELEMENT_NAME, - new SPInformationBuilder(), - new SPInformationMarshaller(), - new SPInformationUnmarshaller()); + Configuration.registerObjectProvider(SPInformation.DEF_ELEMENT_NAME, new SPInformationBuilder(), new SPInformationMarshaller(), new SPInformationUnmarshaller()); LOG.info("Register STORK object validators."); - final ValidatorSuite validatorSuite = new ValidatorSuite( - QAAAttribute.DEF_LOCAL_NAME); + final ValidatorSuite validatorSuite = new ValidatorSuite(QAAAttribute.DEF_LOCAL_NAME); - validatorSuite.registerValidator(QAAAttribute.DEF_ELEMENT_NAME, - new QAAAttributeSchemaValidator()); + validatorSuite.registerValidator(QAAAttribute.DEF_ELEMENT_NAME, new QAAAttributeSchemaValidator()); final Extensions extensions = SAMLEngineUtils.generateExtension(); - validatorSuite.registerValidator(extensions.getElementQName(), - new ExtensionsSchemaValidator()); + validatorSuite.registerValidator(extensions.getElementQName(), new ExtensionsSchemaValidator()); - Configuration.registerValidatorSuite( - "stork:QualityAuthenticationAssuranceLevel", validatorSuite); + Configuration.registerValidatorSuite("stork:QualityAuthenticationAssuranceLevel", validatorSuite); } /** * Generate authentication response base. * - * @param status the status - * @param assertConsumerURL the assert consumer URL. - * @param inResponseTo the in response to + * @param status + * the status + * @param assertConsumerURL + * the assert consumer URL. + * @param inResponseTo + * the in response to * * @return the response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private Response genAuthnRespBase(final Status status, - final String assertConsumerURL, final String inResponseTo) - throws STORKSAMLEngineException { + private Response genAuthnRespBase(final Status status, final String assertConsumerURL, final String inResponseTo) throws STORKSAMLEngineException { LOG.debug("Generate Authentication Response base."); - final Response response = SAMLEngineUtils.generateResponse( - SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(), - SAMLEngineUtils.getCurrentTime(), status); + final Response response = SAMLEngineUtils.generateResponse(SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(), SAMLEngineUtils.getCurrentTime(), status); // Set name Spaces this.setNameSpaces(response); @@ -358,30 +304,29 @@ public final class STORKSAMLEngine extends SAMLEngine { response.setInResponseTo(inResponseTo.trim()); // Optional STORK - response.setConsent(super.getSamlCoreProperties() - .getConsentAuthnResponse()); + response.setConsent(super.getSamlCoreProperties().getConsentAuthnResponse()); return response; } - + /** * Generate attribute query response base. * - * @param status the status - * @param destinationURL the assert consumer URL. - * @param inResponseTo the in response to + * @param status + * the status + * @param destinationURL + * the assert consumer URL. + * @param inResponseTo + * the in response to * * @return the response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private Response genAttrQueryRespBase(final Status status, - final String destinationURL, final String inResponseTo) - throws STORKSAMLEngineException { + private Response genAttrQueryRespBase(final Status status, final String destinationURL, final String inResponseTo) throws STORKSAMLEngineException { LOG.debug("Generate Attribute query Response base."); - final Response response = SAMLEngineUtils.generateResponse( - SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(), - SAMLEngineUtils.getCurrentTime(), status); + final Response response = SAMLEngineUtils.generateResponse(SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(), SAMLEngineUtils.getCurrentTime(), status); // Set name Spaces this.setNameSpaces(response); @@ -403,8 +348,7 @@ public final class STORKSAMLEngine extends SAMLEngine { response.setInResponseTo(inResponseTo.trim()); // Optional STORK - response.setConsent(super.getSamlCoreProperties() - .getConsentAuthnResponse()); + response.setConsent(super.getSamlCoreProperties().getConsentAuthnResponse()); return response; } @@ -412,20 +356,24 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Generate assertion. * - * @param ipAddress the IP address. - * @param assertConsumerURL the assert consumer URL. - * @param inResponseTo the in response to - * @param issuer the issuer - * @param notOnOrAfter the not on or after + * @param ipAddress + * the IP address. + * @param assertConsumerURL + * the assert consumer URL. + * @param inResponseTo + * the in response to + * @param issuer + * the issuer + * @param notOnOrAfter + * the not on or after * * @return the assertion * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private Assertion generateAssertion(final String ipAddress, - final String assertConsumerURL, final String inResponseTo, - final String issuer, final DateTime notOnOrAfter) - throws STORKSAMLEngineException { + private Assertion generateAssertion(final String ipAddress, final String assertConsumerURL, final String inResponseTo, final String issuer, final DateTime notOnOrAfter) + throws STORKSAMLEngineException { LOG.info("Generate Assertion."); // Mandatory STORK @@ -434,64 +382,46 @@ public final class STORKSAMLEngine extends SAMLEngine { issuerAssertion.setValue(super.getSamlCoreProperties().getResponder()); // Format Entity Optional STORK - issuerAssertion.setFormat(super.getSamlCoreProperties() - .getFormatEntity()); + issuerAssertion.setFormat(super.getSamlCoreProperties().getFormatEntity()); - final Assertion assertion = SAMLEngineUtils.generateAssertion( - SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(), - SAMLEngineUtils.getCurrentTime(), issuerAssertion); + final Assertion assertion = SAMLEngineUtils.generateAssertion(SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(), SAMLEngineUtils.getCurrentTime(), issuerAssertion); final Subject subject = SAMLEngineUtils.generateSubject(); - // Mandatory STORK verified - // String format = NameID.UNSPECIFIED - // specification: 'SAML:2.0' exist - // opensaml: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" - // opensaml "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" - final String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"; + final String format = super.getSamlCoreProperties().getFormat(); final String nameQualifier = ""; - LOG.debug("Generate NameID"); - final NameID nameId = SAMLEngineUtils.generateNameID(super - .getSamlCoreProperties().getResponder(), format, nameQualifier); + final NameID nameId = SAMLEngineUtils.generateNameID(super.getSamlCoreProperties().getResponder(), format, nameQualifier); nameId.setValue(format); subject.setNameID(nameId); // Mandatory if urn:oasis:names:tc:SAML:2.0:cm:bearer. // Optional in other case. LOG.debug("Generate SubjectConfirmationData."); - final SubjectConfirmationData dataBearer = SAMLEngineUtils - .generateSubjectConfirmationData(SAMLEngineUtils - .getCurrentTime(), assertConsumerURL, inResponseTo); + final SubjectConfirmationData dataBearer = SAMLEngineUtils.generateSubjectConfirmationData(SAMLEngineUtils.getCurrentTime(), assertConsumerURL, inResponseTo); // Mandatory if urn:oasis:names:tc:SAML:2.0:cm:bearer. // Optional in other case. LOG.debug("Generate SubjectConfirmation"); - final SubjectConfirmation subjectConf = SAMLEngineUtils - .generateSubjectConfirmation(SubjectConfirmation.METHOD_BEARER, - dataBearer); + final SubjectConfirmation subjectConf = SAMLEngineUtils.generateSubjectConfirmation(SubjectConfirmation.METHOD_BEARER, dataBearer); final ArrayList<SubjectConfirmation> listSubjectConf = new ArrayList<SubjectConfirmation>(); listSubjectConf.add(subjectConf); - for (final Iterator<SubjectConfirmation> iter = listSubjectConf - .iterator(); iter.hasNext();) { + for (final Iterator<SubjectConfirmation> iter = listSubjectConf.iterator(); iter.hasNext();) { final SubjectConfirmation element = iter.next(); if (SubjectConfirmation.METHOD_BEARER.equals(element.getMethod())) { // ipAddress Mandatory if method is Bearer. if (StringUtils.isBlank(ipAddress)) { - throw new STORKSAMLEngineException( - "ipAddress is null or empty"); + throw new STORKSAMLEngineException("ipAddress is null or empty"); } - element.getSubjectConfirmationData().setAddress( - ipAddress.trim()); + element.getSubjectConfirmationData().setAddress(ipAddress.trim()); } - element.getSubjectConfirmationData() - .setRecipient(assertConsumerURL); + element.getSubjectConfirmationData().setRecipient(assertConsumerURL); element.getSubjectConfirmationData().setNotOnOrAfter(notOnOrAfter); } @@ -503,248 +433,215 @@ public final class STORKSAMLEngine extends SAMLEngine { // Conditions that MUST be evaluated when assessing the validity of // and/or when using the assertion. - final Conditions conditions = this.generateConditions(SAMLEngineUtils - .getCurrentTime(), notOnOrAfter, issuer); + final Conditions conditions = this.generateConditions(SAMLEngineUtils.getCurrentTime(), notOnOrAfter, issuer); assertion.setConditions(conditions); LOG.debug("Generate stork Authentication Statement."); - final AuthnStatement storkAuthnStat = this - .generateStorkAuthStatement(ipAddress); + final AuthnStatement storkAuthnStat = this.generateStorkAuthStatement(ipAddress); assertion.getAuthnStatements().add(storkAuthnStat); return assertion; } - private String getAttributeName(final PersonalAttribute attribute) throws STORKSAMLEngineException { - if (StringUtils.isBlank(attribute.getName())) { - LOG.error(ATTRIBUTE_EMPTY_LITERAL); - throw new STORKSAMLEngineException(ATTRIBUTE_EMPTY_LITERAL); - } - - final String attributeName = super.getSamlCoreProperties() - .getProperty(attribute.getName()); - - if (StringUtils.isBlank(attributeName)) { - LOG.error("Attribute name: {} it is not known.", attribute - .getName()); - throw new STORKSAMLEngineException("Attribute name: " - + attribute.getName() + " it is not known."); - } - return attributeName; - } + private String getAttributeName(final PersonalAttribute attribute) throws STORKSAMLEngineException { + if (StringUtils.isBlank(attribute.getName())) { + LOG.error(ATTRIBUTE_EMPTY_LITERAL); + throw new STORKSAMLEngineException(ATTRIBUTE_EMPTY_LITERAL); + } + + final String attributeName = super.getSamlCoreProperties().getProperty(attribute.getName()); + + if (StringUtils.isBlank(attributeName)) { + LOG.error("Attribute name: {} it is not known.", attribute.getName()); + throw new STORKSAMLEngineException("Attribute name: " + attribute.getName() + " it is not known."); + } + return attributeName; + } + /** * Generate attribute statement. * - * @param personalAttrList the personal attribute list - * @param isHashing the is hashing + * @param personalAttrList + * the personal attribute list + * @param isHashing + * the is hashing * * @return the attribute statement * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception * @throws IOException */ - private AttributeStatement generateAttributeStatement( - final IPersonalAttributeList personalAttrList, - final boolean isHashing) throws STORKSAMLEngineException { + private AttributeStatement generateAttributeStatement(final IPersonalAttributeList personalAttrList, final boolean isHashing) throws STORKSAMLEngineException { LOG.debug("Generate attribute statement"); - final AttributeStatement attrStatement = (AttributeStatement) SAMLEngineUtils - .createSamlObject(AttributeStatement.DEFAULT_ELEMENT_NAME); + final AttributeStatement attrStatement = (AttributeStatement) SAMLEngineUtils.createSamlObject(AttributeStatement.DEFAULT_ELEMENT_NAME); for (PersonalAttribute attribute : personalAttrList) { - String attributeName = getAttributeName(attribute); + String attributeName = getAttributeName(attribute); // Verification that only one value it's permitted, simple or // complex, not both. final boolean simpleNull = (attribute.getValue() == null); - final boolean simpleEmpty = (simpleNull || (!simpleNull && attribute - .getValue().isEmpty())); + final boolean simpleEmpty = (simpleNull || (!simpleNull && attribute.getValue().isEmpty())); final boolean complexNull = (attribute.getComplexValue() == null); - final boolean complexEmpty = (complexNull || (!complexNull && attribute - .getComplexValue().isEmpty())); + final boolean complexEmpty = (complexNull || (!complexNull && attribute.getComplexValue().isEmpty())); if ((!simpleEmpty && !complexEmpty)) { - throw new STORKSAMLEngineException( - "Attribute name: " - + attribute.getName() - + " must be contain one value, simple or complex value."); + throw new STORKSAMLEngineException("Attribute name: " + attribute.getName() + " must be contain one value, simple or complex value."); } else { if (!simpleEmpty) { - attrStatement.getAttributes().add( - this.generateAttrSimple(attributeName, attribute - .getStatus(), attribute.getValue(), - isHashing)); + attrStatement.getAttributes().add(this.generateAttrSimple(attributeName, attribute.getStatus(), attribute.getValue(), isHashing)); } else if (!complexEmpty) { - attrStatement.getAttributes().add( - SAMLEngineUtils.generateAttrComplex(attributeName, - attribute.getStatus(), attribute - .getComplexValue(), isHashing)); + attrStatement.getAttributes().add(SAMLEngineUtils.generateAttrComplex(attributeName, attribute.getStatus(), attribute.getComplexValue(), isHashing)); } else if (!simpleNull) { - attrStatement.getAttributes().add( - this.generateAttrSimple(attributeName, attribute - .getStatus(), new ArrayList<String>(), - isHashing)); + attrStatement.getAttributes().add(this.generateAttrSimple(attributeName, attribute.getStatus(), new ArrayList<String>(), isHashing)); } else { // Add attribute complex. - attrStatement.getAttributes().add( - SAMLEngineUtils.generateAttrComplex(attributeName, - attribute.getStatus(), - new HashMap<String, String>(), isHashing)); + attrStatement.getAttributes().add(SAMLEngineUtils.generateAttrComplex(attributeName, attribute.getStatus(), new HashMap<String, String>(), isHashing)); } } } return attrStatement; } - private XSAny createAttributeValueForSignedDoc(final String value, final boolean isHashing) throws STORKSAMLEngineException { - DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); - domFactory.setNamespaceAware(true); - Document document = null; - DocumentBuilder builder; - - // Parse the signedDoc value into an XML DOM Document - try { - builder = domFactory.newDocumentBuilder(); - InputStream is; - is = new ByteArrayInputStream(value.trim().getBytes("UTF-8")); - document = builder.parse(is); - is.close(); - } catch (SAXException e1) { - LOG.error("SAX Error while parsing signModule attribute", e1); - throw new STORKSAMLEngineRuntimeException(e1); - } catch (ParserConfigurationException e2) { - LOG.error("Parser Configuration Error while parsing signModule attribute", e2); - throw new STORKSAMLEngineRuntimeException(e2); - } catch (UnsupportedEncodingException e3) { - LOG.error("Unsupported encoding Error while parsing signModule attribute", e3); - throw new STORKSAMLEngineRuntimeException(e3); - } catch (IOException e4) { - LOG.error("IO Error while parsing signModule attribute", e4); - throw new STORKSAMLEngineRuntimeException(e4); - } - - // Create the attribute statement - final XSAny xmlValue = (XSAny) SAMLEngineUtils - .createSamlObject( - AttributeValue.DEFAULT_ELEMENT_NAME, - XSAny.TYPE_NAME); - - //Set the signedDoc XML content to this element - xmlValue.setDOM(document.getDocumentElement()); - - // Create the attribute statement - final XSAny attrValue = (XSAny) SAMLEngineUtils - .createSamlObject( - AttributeValue.DEFAULT_ELEMENT_NAME, - XSAny.TYPE_NAME); - - //Add previous signedDocXML to the AttributeValue Element - - // if it's necessary encode the information. - if (!isHashing) { - attrValue.getUnknownXMLObjects().add(xmlValue); - } - return attrValue; - } - - private XSAny createAttributeValueForNonSignedDoc(final String value, final boolean isHashing) throws STORKSAMLEngineException { - // Create the attribute statement - final XSAny attrValue = (XSAny) SAMLEngineUtils - .createSamlObject( - AttributeValue.DEFAULT_ELEMENT_NAME, - XSAny.TYPE_NAME); - // if it's necessary encode the information. - if (isHashing) { - attrValue.setTextContent(SAMLEngineUtils.encode(value, SAMLEngineUtils.SHA_512)); - } else { - attrValue.setTextContent(value); - } - return attrValue; - } + + private XSAny createAttributeValueForSignedDoc(final String value, final boolean isHashing) throws STORKSAMLEngineException { + DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); + domFactory.setNamespaceAware(true); + Document document = null; + DocumentBuilder builder; + + // Parse the signedDoc value into an XML DOM Document + try { + builder = domFactory.newDocumentBuilder(); + InputStream is; + is = new ByteArrayInputStream(value.trim().getBytes("UTF-8")); + document = builder.parse(is); + is.close(); + } catch (SAXException e1) { + LOG.error("SAX Error while parsing signModule attribute", e1); + throw new STORKSAMLEngineRuntimeException(e1); + } catch (ParserConfigurationException e2) { + LOG.error("Parser Configuration Error while parsing signModule attribute", e2); + throw new STORKSAMLEngineRuntimeException(e2); + } catch (UnsupportedEncodingException e3) { + LOG.error("Unsupported encoding Error while parsing signModule attribute", e3); + throw new STORKSAMLEngineRuntimeException(e3); + } catch (IOException e4) { + LOG.error("IO Error while parsing signModule attribute", e4); + throw new STORKSAMLEngineRuntimeException(e4); + } + + // Create the attribute statement + final XSAny xmlValue = (XSAny) SAMLEngineUtils.createSamlObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME); + + // Set the signedDoc XML content to this element + xmlValue.setDOM(document.getDocumentElement()); + + // Create the attribute statement + final XSAny attrValue = (XSAny) SAMLEngineUtils.createSamlObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME); + + // Add previous signedDocXML to the AttributeValue Element + + // if it's necessary encode the information. + if (!isHashing) { + attrValue.getUnknownXMLObjects().add(xmlValue); + } + return attrValue; + } + + private XSAny createAttributeValueForNonSignedDoc(final String value, final boolean isHashing) throws STORKSAMLEngineException { + // Create the attribute statement + final XSAny attrValue = (XSAny) SAMLEngineUtils.createSamlObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME); + // if it's necessary encode the information. + if (isHashing) { + attrValue.setTextContent(SAMLEngineUtils.encode(value, SAMLEngineUtils.SHA_512)); + } else { + attrValue.setTextContent(value); + } + return attrValue; + } /** * Generate attribute from a list of values. * - * @param name the name of the attribute. - * @param values the value of the attribute. - * @param isHashing the is hashing with "SHA-512" algorithm. - * @param status the status of the parameter: "Available", "NotAvailable" or - * "Withheld". + * @param name + * the name of the attribute. + * @param values + * the value of the attribute. + * @param isHashing + * the is hashing with "SHA-512" algorithm. + * @param status + * the status of the parameter: "Available", "NotAvailable" or "Withheld". * * @return the attribute * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private Attribute generateAttrSimple(final String name, - final String status, final List<String> values, - final boolean isHashing) throws STORKSAMLEngineException { - LOG.debug("Generate attribute simple: " + name); - final Attribute attribute = (Attribute) SAMLEngineUtils - .createSamlObject(Attribute.DEFAULT_ELEMENT_NAME); - - attribute.setName(name); - attribute.setNameFormat(Attribute.URI_REFERENCE); - - attribute.getUnknownAttributes().put( - new QName(SAMLCore.STORK10_NS.getValue(), "AttributeStatus", - SAMLCore.STORK10_PREFIX.getValue()), status); - - if (values != null) { - LOG.debug("Add attribute values."); - for (int i = 0; i < values.size(); i++) { - final String value = values.get(i); - if (StringUtils.isNotBlank(value)) { - XSAny attrValue = null; - if (!name.equals("http://www.stork.gov.eu/1.0/signedDoc")) { - // Create the attribute statement - attrValue = createAttributeValueForNonSignedDoc(value, isHashing); - - } else { - attrValue = createAttributeValueForSignedDoc(value, isHashing); - attribute.getAttributeValues().add(attrValue); - } - attribute.getAttributeValues().add(attrValue); - } - } - } - return attribute; - } + private Attribute generateAttrSimple(final String name, final String status, final List<String> values, final boolean isHashing) throws STORKSAMLEngineException { + LOG.debug("Generate attribute simple: " + name); + final Attribute attribute = (Attribute) SAMLEngineUtils.createSamlObject(Attribute.DEFAULT_ELEMENT_NAME); + + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + + attribute.getUnknownAttributes().put(new QName(SAMLCore.STORK10_NS.getValue(), "AttributeStatus", SAMLCore.STORK10_PREFIX.getValue()), status); + + if (values != null) { + LOG.debug("Add attribute values."); + for (int i = 0; i < values.size(); i++) { + final String value = values.get(i); + if (StringUtils.isNotBlank(value)) { + XSAny attrValue = null; + if (!name.equals("http://www.stork.gov.eu/1.0/signedDoc")) { + // Create the attribute statement + attrValue = createAttributeValueForNonSignedDoc(value, isHashing); + + } else { + attrValue = createAttributeValueForSignedDoc(value, isHashing); + attribute.getAttributeValues().add(attrValue); + } + attribute.getAttributeValues().add(attrValue); + } + } + } + return attribute; + } /** - * Generate conditions that MUST be evaluated when assessing the validity of - * and/or when using the assertion. + * Generate conditions that MUST be evaluated when assessing the validity of and/or when using the assertion. * - * @param notBefore the not before - * @param notOnOrAfter the not on or after - * @param audienceURI the audience URI. + * @param notBefore + * the not before + * @param notOnOrAfter + * the not on or after + * @param audienceURI + * the audience URI. * * @return the conditions */ - private Conditions generateConditions(final DateTime notBefore, - final DateTime notOnOrAfter, final String audienceURI) { + private Conditions generateConditions(final DateTime notBefore, final DateTime notOnOrAfter, final String audienceURI) { LOG.debug("Generate conditions."); - final Conditions conditions = (Conditions) SAMLEngineUtils - .createSamlObject(Conditions.DEFAULT_ELEMENT_NAME); + final Conditions conditions = (Conditions) SAMLEngineUtils.createSamlObject(Conditions.DEFAULT_ELEMENT_NAME); conditions.setNotBefore(notBefore); conditions.setNotOnOrAfter(notOnOrAfter); - final AudienceRestriction restrictions = (AudienceRestriction) SAMLEngineUtils - .createSamlObject(AudienceRestriction.DEFAULT_ELEMENT_NAME); + final AudienceRestriction restrictions = (AudienceRestriction) SAMLEngineUtils.createSamlObject(AudienceRestriction.DEFAULT_ELEMENT_NAME); - final Audience audience = (Audience) SAMLEngineUtils - .createSamlObject(Audience.DEFAULT_ELEMENT_NAME); + final Audience audience = (Audience) SAMLEngineUtils.createSamlObject(Audience.DEFAULT_ELEMENT_NAME); audience.setAudienceURI(audienceURI); restrictions.getAudiences().add(audience); conditions.getAudienceRestrictions().add(restrictions); if (super.getSamlCoreProperties().isOneTimeUse()) { - final OneTimeUse oneTimeUse = (OneTimeUse) SAMLEngineUtils - .createSamlObject(OneTimeUse.DEFAULT_ELEMENT_NAME); + final OneTimeUse oneTimeUse = (OneTimeUse) SAMLEngineUtils.createSamlObject(OneTimeUse.DEFAULT_ELEMENT_NAME); conditions.getConditions().add(oneTimeUse); } return conditions; @@ -753,14 +650,15 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Generate personal attribute list. * - * @param assertion the assertion + * @param assertion + * the assertion * * @return the personal attribute list * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private IPersonalAttributeList generatePersonalAttributeList( - final Assertion assertion) throws STORKSAMLEngineException { + private IPersonalAttributeList generatePersonalAttributeList(final Assertion assertion) throws STORKSAMLEngineException { LOG.debug("Generate personal attribute list from XMLObject."); final List<XMLObject> listExtensions = assertion.getOrderedChildren(); @@ -778,8 +676,7 @@ public final class STORKSAMLEngine extends SAMLEngine { if (!find) { LOG.error("Error: AttributeStatement it's not present."); - throw new STORKSAMLEngineException( - "AttributeStatement it's not present."); + throw new STORKSAMLEngineException("AttributeStatement it's not present."); } final List<Attribute> reqAttrs = requestedAttr.getAttributes(); @@ -794,88 +691,70 @@ public final class STORKSAMLEngine extends SAMLEngine { final PersonalAttribute personalAttribute = new PersonalAttribute(); attributeName = attribute.getName(); - personalAttribute.setName(attributeName.substring(attributeName - .lastIndexOf('/') + 1)); + personalAttribute.setName(attributeName.substring(attributeName.lastIndexOf('/') + 1)); - personalAttribute.setStatus(attribute.getUnknownAttributes().get( - new QName(SAMLCore.STORK10_NS.getValue(), - "AttributeStatus", SAMLCore.STORK10_PREFIX - .getValue()))); + personalAttribute.setStatus(attribute.getUnknownAttributes().get(new QName(SAMLCore.STORK10_NS.getValue(), "AttributeStatus", SAMLCore.STORK10_PREFIX.getValue()))); final ArrayList<String> simpleValues = new ArrayList<String>(); final HashMap<String, String> multiValues = new HashMap<String, String>(); final List<XMLObject> values = attribute.getOrderedChildren(); - - + // Process the values. for (int nextValue = 0; nextValue < values.size(); nextValue++) { final XMLObject xmlObject = values.get(nextValue); if (xmlObject instanceof XSStringImpl) { - + simpleValues.add(((XSStringImpl) xmlObject).getValue()); } else if (xmlObject instanceof XSAnyImpl) { if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) { - final XSAnyImpl xmlString = (XSAnyImpl) values - .get(nextValue); + final XSAnyImpl xmlString = (XSAnyImpl) values.get(nextValue); - TransformerFactory transFactory = TransformerFactory - .newInstance(); + TransformerFactory transFactory = TransformerFactory.newInstance(); Transformer transformer = null; try { transformer = transFactory.newTransformer(); - transformer.setOutputProperty( - OutputKeys.OMIT_XML_DECLARATION, "yes"); + transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); } catch (TransformerConfigurationException e) { - LOG.error("Error transformer configuration exception", e); + LOG.error("Error transformer configuration exception", e); } StringWriter buffer = new StringWriter(); try { - if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){ - transformer.transform(new DOMSource(xmlString - .getUnknownXMLObjects().get(0).getDOM()), - new StreamResult(buffer)); - } + if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0) { + transformer.transform(new DOMSource(xmlString.getUnknownXMLObjects().get(0).getDOM()), new StreamResult(buffer)); + } } catch (TransformerException e) { - LOG.error("Error transformer exception", e); + LOG.error("Error transformer exception", e); } String str = buffer.toString(); simpleValues.add(str); - } else if (isComplex(xmlObject)) - { + } else if (isComplex(xmlObject)) { LOG.info(attributeName + " found"); // Process complex value. final XSAnyImpl complexValue = (XSAnyImpl) xmlObject; - for (int nextComplexValue = 0; nextComplexValue < complexValue - .getUnknownXMLObjects().size(); nextComplexValue++) { + for (int nextComplexValue = 0; nextComplexValue < complexValue.getUnknownXMLObjects().size(); nextComplexValue++) { - final XSAnyImpl simple = (XSAnyImpl) complexValue - .getUnknownXMLObjects().get( - nextComplexValue); + final XSAnyImpl simple = (XSAnyImpl) complexValue.getUnknownXMLObjects().get(nextComplexValue); - multiValues.put(simple.getElementQName() - .getLocalPart(), simple.getTextContent()); + multiValues.put(simple.getElementQName().getLocalPart(), simple.getTextContent()); } - } - else { + } else { // Process simple value. - simpleValues.add(((XSAnyImpl) xmlObject) - .getTextContent()); + simpleValues.add(((XSAnyImpl) xmlObject).getTextContent()); } } else { LOG.error("Error: attribute value it's unknown."); - throw new STORKSAMLEngineException( - "Attribute value it's unknown."); + throw new STORKSAMLEngineException("Attribute value it's unknown."); } } @@ -890,24 +769,21 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Generate stork authentication request. * - * @param request the request that contain all parameters for generate an - * authentication request. + * @param request + * the request that contain all parameters for generate an authentication request. * * @return the STORK authentication request that has been processed. * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAuthnRequest generateSTORKAuthnRequest( - final STORKAuthnRequest request) throws STORKSAMLEngineException { + public STORKAuthnRequest generateSTORKAuthnRequest(final STORKAuthnRequest request) throws STORKSAMLEngineException { LOG.info("Generate SAMLAuthnRequest."); // Validate Parameters mandatories validateParamAuthnReq(request); - final AuthnRequest authnRequestAux = SAMLEngineUtils - .generateSAMLAuthnRequest(SAMLEngineUtils.generateNCName(), - SAMLVersion.VERSION_20, SAMLEngineUtils - .getCurrentTime()); + final AuthnRequest authnRequestAux = SAMLEngineUtils.generateSAMLAuthnRequest(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime()); // Set name spaces. setNameSpaces(authnRequestAux); @@ -918,14 +794,12 @@ public final class STORKSAMLEngine extends SAMLEngine { // Add parameter Mandatory STORK authnRequestAux.setIsPassive(Boolean.FALSE); - authnRequestAux.setAssertionConsumerServiceURL(request - .getAssertionConsumerServiceURL()); + authnRequestAux.setAssertionConsumerServiceURL(request.getAssertionConsumerServiceURL()); authnRequestAux.setProviderName(request.getProviderName()); // Add protocol binding - authnRequestAux.setProtocolBinding(super.getSamlCoreProperties() - .getProtocolBinding()); + authnRequestAux.setProtocolBinding(super.getSamlCoreProperties().getProtocolBinding()); // Add parameter optional STORK // Destination is mandatory if the destination is a C-PEPS @@ -935,36 +809,32 @@ public final class STORKSAMLEngine extends SAMLEngine { } // Consent is optional. Set from SAMLEngine.xml - consent. - authnRequestAux.setConsent(super.getSamlCoreProperties() - .getConsentAuthnRequest()); + authnRequestAux.setConsent(super.getSamlCoreProperties().getConsentAuthnRequest()); final Issuer issuer = SAMLEngineUtils.generateIssuer(); - - if(request.getIssuer()!=null){ + + if (request.getIssuer() != null) { issuer.setValue(request.getIssuer()); - } else { + } else { issuer.setValue(super.getSamlCoreProperties().getRequester()); - } + } // Optional STORK - final String formatEntity = super.getSamlCoreProperties() - .getFormatEntity(); + final String formatEntity = super.getSamlCoreProperties().getFormatEntity(); if (StringUtils.isNotBlank(formatEntity)) { issuer.setFormat(formatEntity); } authnRequestAux.setIssuer(issuer); - + // Generate stork extensions. - final Extensions storkExtensions = this - .generateSTORKExtensions(request); + final Extensions storkExtensions = this.generateSTORKExtensions(request); // add the extensions to the SAMLAuthnRequest authnRequestAux.setExtensions(storkExtensions); // the result contains an authentication request token (byte[]), // identifier of the token, and all parameters from the request. - final STORKAuthnRequest authRequest = processExtensions(authnRequestAux - .getExtensions()); + final STORKAuthnRequest authRequest = processExtensions(authnRequestAux.getExtensions()); try { authRequest.setTokenSaml(super.signAndMarshall(authnRequestAux)); @@ -975,8 +845,7 @@ public final class STORKSAMLEngine extends SAMLEngine { authRequest.setSamlId(authnRequestAux.getID()); authRequest.setDestination(authnRequestAux.getDestination()); - authRequest.setAssertionConsumerServiceURL(authnRequestAux - .getAssertionConsumerServiceURL()); + authRequest.setAssertionConsumerServiceURL(authnRequestAux.getAssertionConsumerServiceURL()); authRequest.setProviderName(authnRequestAux.getProviderName()); authRequest.setIssuer(authnRequestAux.getIssuer().getValue()); @@ -987,19 +856,22 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Generate stork authentication response. * - * @param request the request - * @param responseAuthReq the response authentication request - * @param ipAddress the IP address - * @param isHashing the is hashing + * @param request + * the request + * @param responseAuthReq + * the response authentication request + * @param ipAddress + * the IP address + * @param isHashing + * the is hashing * * @return the sTORK authentication response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAuthnResponse generateSTORKAuthnResponse( - final STORKAuthnRequest request, - final STORKAuthnResponse responseAuthReq, final String ipAddress, - final boolean isHashing) throws STORKSAMLEngineException { + public STORKAuthnResponse generateSTORKAuthnResponse(final STORKAuthnRequest request, final STORKAuthnResponse responseAuthReq, final String ipAddress, final boolean isHashing) + throws STORKSAMLEngineException { LOG.info("generateSTORKAuthnResponse"); // Validate parameters @@ -1007,36 +879,28 @@ public final class STORKSAMLEngine extends SAMLEngine { // Mandatory SAML LOG.debug("Generate StatusCode"); - final StatusCode statusCode = SAMLEngineUtils - .generateStatusCode(StatusCode.SUCCESS_URI); + final StatusCode statusCode = SAMLEngineUtils.generateStatusCode(StatusCode.SUCCESS_URI); LOG.debug("Generate Status"); final Status status = SAMLEngineUtils.generateStatus(statusCode); LOG.debug("Generate StatusMessage"); - final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils - .generateStatusMessage(StatusCode.SUCCESS_URI); + final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils.generateStatusMessage(StatusCode.SUCCESS_URI); status.setStatusMessage(statusMessage); LOG.debug("Generate Response"); // RESPONSE - final Response response = genAuthnRespBase(status, request - .getAssertionConsumerServiceURL(), request.getSamlId()); + final Response response = genAuthnRespBase(status, request.getAssertionConsumerServiceURL(), request.getSamlId()); DateTime notOnOrAfter = new DateTime(); - notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties() - .getTimeNotOnOrAfter()); + notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties().getTimeNotOnOrAfter()); - final Assertion assertion = this.generateAssertion(ipAddress, request - .getAssertionConsumerServiceURL(), request.getSamlId(), request - .getIssuer(), notOnOrAfter); + final Assertion assertion = this.generateAssertion(ipAddress, request.getAssertionConsumerServiceURL(), request.getSamlId(), request.getIssuer(), notOnOrAfter); - final AttributeStatement attrStatement = this - .generateAttributeStatement(responseAuthReq - .getPersonalAttributeList(), isHashing); + final AttributeStatement attrStatement = this.generateAttributeStatement(responseAuthReq.getPersonalAttributeList(), isHashing); assertion.getAttributeStatements().add(attrStatement); @@ -1054,23 +918,26 @@ public final class STORKSAMLEngine extends SAMLEngine { } return authresponse; } - + /** * Generate stork authentication response. * - * @param request the request - * @param responseAuthReq the response authentication request - * @param ipAddress the IP address - * @param isHashing the is hashing + * @param request + * the request + * @param responseAuthReq + * the response authentication request + * @param ipAddress + * the IP address + * @param isHashing + * the is hashing * * @return the sTORK authentication response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAuthnResponse generateSTORKAuthnResponseAfterQuery( - final STORKAuthnRequest request, - final STORKAuthnResponse responseAuthReq, final String ipAddress, - final boolean isHashing, List<STORKAttrQueryResponse> res) throws STORKSAMLEngineException { + public STORKAuthnResponse generateSTORKAuthnResponseAfterQuery(final STORKAuthnRequest request, final STORKAuthnResponse responseAuthReq, final String ipAddress, final boolean isHashing, + List<STORKAttrQueryResponse> res) throws STORKSAMLEngineException { LOG.info("generateSTORKAuthnResponse"); // Validate parameters @@ -1078,52 +945,40 @@ public final class STORKSAMLEngine extends SAMLEngine { // Mandatory SAML LOG.debug("Generate StatusCode"); - final StatusCode statusCode = SAMLEngineUtils - .generateStatusCode(StatusCode.SUCCESS_URI); + final StatusCode statusCode = SAMLEngineUtils.generateStatusCode(StatusCode.SUCCESS_URI); LOG.debug("Generate Status"); final Status status = SAMLEngineUtils.generateStatus(statusCode); LOG.debug("Generate StatusMessage"); - final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils - .generateStatusMessage(StatusCode.SUCCESS_URI); + final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils.generateStatusMessage(StatusCode.SUCCESS_URI); status.setStatusMessage(statusMessage); LOG.debug("Generate Response"); // RESPONSE - final Response response = genAuthnRespBase(status, request - .getAssertionConsumerServiceURL(), request.getSamlId()); + final Response response = genAuthnRespBase(status, request.getAssertionConsumerServiceURL(), request.getSamlId()); DateTime notOnOrAfter = new DateTime(); - notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties() - .getTimeNotOnOrAfter()); + notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties().getTimeNotOnOrAfter()); - final Assertion assertion = this.generateAssertion(ipAddress, request - .getAssertionConsumerServiceURL(), request.getSamlId(), request - .getIssuer(), notOnOrAfter); + final Assertion assertion = this.generateAssertion(ipAddress, request.getAssertionConsumerServiceURL(), request.getSamlId(), request.getIssuer(), notOnOrAfter); - final AttributeStatement attrStatement = this - .generateAttributeStatement(responseAuthReq - .getPersonalAttributeList(), isHashing); + final AttributeStatement attrStatement = this.generateAttributeStatement(responseAuthReq.getPersonalAttributeList(), isHashing); assertion.getAttributeStatements().add(attrStatement); // Add assertions response.getAssertions().add(assertion); // Check for response queries - if (res != null && res.size() > 0) - { - //Iterate through them - for (int i = 0; i < res.size(); i++) - { - //If response contains multiple assertions iterate through them as well - if (res.get(i).getAssertions().size() > 1) - { - for (int j = 0; j < res.get(i).getAssertions().size(); j++) - { + if (res != null && res.size() > 0) { + // Iterate through them + for (int i = 0; i < res.size(); i++) { + // If response contains multiple assertions iterate through them as well + if (res.get(i).getAssertions().size() > 1) { + for (int j = 0; j < res.get(i).getAssertions().size(); j++) { Assertion tempAssertion = res.get(i).getAssertions().get(j); tempAssertion.setParent(response); response.getAssertions().add(tempAssertion); @@ -1151,26 +1006,28 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Generate stork authentication response fail. * - * @param request the request - * @param response the response - * @param ipAddress the IP address - * @param isHashing the is hashing + * @param request + * the request + * @param response + * the response + * @param ipAddress + * the IP address + * @param isHashing + * the is hashing * * @return the sTORK authentication response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAuthnResponse generateSTORKAuthnResponseFail( - final STORKAuthnRequest request, final STORKAuthnResponse response, - final String ipAddress, final boolean isHashing) - throws STORKSAMLEngineException { + public STORKAuthnResponse generateSTORKAuthnResponseFail(final STORKAuthnRequest request, final STORKAuthnResponse response, final String ipAddress, final boolean isHashing) + throws STORKSAMLEngineException { LOG.info("generateSTORKAuthnResponseFail"); validateParamResponseFail(request, response); // Mandatory - final StatusCode statusCode = SAMLEngineUtils - .generateStatusCode(response.getStatusCode()); + final StatusCode statusCode = SAMLEngineUtils.generateStatusCode(response.getStatusCode()); // Mandatory SAML LOG.debug("Generate StatusCode."); @@ -1182,8 +1039,7 @@ public final class STORKSAMLEngine extends SAMLEngine { // - http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported if (StringUtils.isNotBlank(response.getSubStatusCode())) { - final StatusCode newStatusCode = SAMLEngineUtils - .generateStatusCode(response.getSubStatusCode()); + final StatusCode newStatusCode = SAMLEngineUtils.generateStatusCode(response.getSubStatusCode()); statusCode.setStatusCode(newStatusCode); } @@ -1191,25 +1047,20 @@ public final class STORKSAMLEngine extends SAMLEngine { final Status status = SAMLEngineUtils.generateStatus(statusCode); if (StringUtils.isNotBlank(response.getMessage())) { - final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils - .generateStatusMessage(response.getMessage()); + final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils.generateStatusMessage(response.getMessage()); status.setStatusMessage(statusMessage); } LOG.debug("Generate Response."); // RESPONSE - final Response responseFail = genAuthnRespBase(status, request - .getAssertionConsumerServiceURL(), request.getSamlId()); + final Response responseFail = genAuthnRespBase(status, request.getAssertionConsumerServiceURL(), request.getSamlId()); DateTime notOnOrAfter = new DateTime(); - notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties() - .getTimeNotOnOrAfter()); + notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties().getTimeNotOnOrAfter()); - final Assertion assertion = this.generateAssertion(ipAddress, request - .getAssertionConsumerServiceURL(), request.getSamlId(), request - .getIssuer(), notOnOrAfter); + final Assertion assertion = this.generateAssertion(ipAddress, request.getAssertionConsumerServiceURL(), request.getSamlId(), request.getIssuer(), notOnOrAfter); responseFail.getAssertions().add(assertion); @@ -1226,41 +1077,36 @@ public final class STORKSAMLEngine extends SAMLEngine { } return storkResponse; } - + /** * Generate stork attribute query request. * - * @param request the request that contain all parameters for generate an - * attribute query request. + * @param request + * the request that contain all parameters for generate an attribute query request. * * @return the STORK attribute query request that has been processed. * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAttrQueryRequest generateSTORKAttrQueryRequest( - final STORKAttrQueryRequest request) throws STORKSAMLEngineException { + public STORKAttrQueryRequest generateSTORKAttrQueryRequest(final STORKAttrQueryRequest request) throws STORKSAMLEngineException { LOG.info("Generate STORKAttrQueryRequest."); // Validate Parameters mandatories validateParamAttrQueryReq(request); - //final AttributeQuery attrQueryRequestAux = SAMLEngineUtils - final CustomAttributeQuery attrQueryRequestAux = SAMLEngineUtils - .generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(), - SAMLVersion.VERSION_20, SAMLEngineUtils - .getCurrentTime()); + final CustomAttributeQuery attrQueryRequestAux = SAMLEngineUtils.generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime()); // Set name spaces. setNameSpaces(attrQueryRequestAux); - // Add parameter optional STORK // Destination is mandatory if the destination is a C-PEPS // The application must to know if the destination is a C-PEPS. if (StringUtils.isNotBlank(request.getDestination())) { attrQueryRequestAux.setDestination(request.getDestination()); } - + // Add parameter optional STORK // Consumer URL is needed if using HTTP-Post if (StringUtils.isNotBlank(request.getAssertionConsumerServiceURL())) { @@ -1268,44 +1114,40 @@ public final class STORKSAMLEngine extends SAMLEngine { } // Consent is optional. Set from SAMLEngine.xml - consent. - attrQueryRequestAux.setConsent(super.getSamlCoreProperties() - .getConsentAuthnRequest()); + attrQueryRequestAux.setConsent(super.getSamlCoreProperties().getConsentAuthnRequest()); final Issuer issuer = SAMLEngineUtils.generateIssuer(); - - //Set the subject - needed for attribute query validation + + // Set the subject - needed for attribute query validation Subject subject = SAMLEngineUtils.generateSubject(); SubjectConfirmationBuilder builder = new SubjectConfirmationBuilder(); - SubjectConfirmation subjectConfirmation = builder.buildObject(); + SubjectConfirmation subjectConfirmation = builder.buildObject(); subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer"); subject.getSubjectConfirmations().add(subjectConfirmation); attrQueryRequestAux.setSubject(subject); - - if(request.getIssuer()!=null){ + + if (request.getIssuer() != null) { issuer.setValue(request.getIssuer()); - } else { + } else { issuer.setValue(super.getSamlCoreProperties().getRequester()); - } + } // Optional STORK - final String formatEntity = super.getSamlCoreProperties() - .getFormatEntity(); + final String formatEntity = super.getSamlCoreProperties().getFormatEntity(); if (StringUtils.isNotBlank(formatEntity)) { issuer.setFormat(formatEntity); } attrQueryRequestAux.setIssuer(issuer); - + // Generate stork extensions. - final Extensions storkExtensions = this - .generateSTORKAttrExtensions(request); + final Extensions storkExtensions = this.generateSTORKAttrExtensions(request); // add the extensions to the SAMLAuthnRequest attrQueryRequestAux.setExtensions(storkExtensions); // the result contains an authentication request token (byte[]), // identifier of the token, and all parameters from the request. - final STORKAttrQueryRequest attrQueryRequest = processAttrExtensions(attrQueryRequestAux - .getExtensions()); + final STORKAttrQueryRequest attrQueryRequest = processAttrExtensions(attrQueryRequestAux.getExtensions()); try { attrQueryRequest.setTokenSaml(super.signAndMarshall(attrQueryRequestAux)); @@ -1321,22 +1163,25 @@ public final class STORKSAMLEngine extends SAMLEngine { return attrQueryRequest; } - + /** * Generate stork attribute query response. * - * @param request the request - * @param responseAttrQueryRes the response authentication request - * @param ipAddress the IP address - * @param isHashing the hashing of values + * @param request + * the request + * @param responseAttrQueryRes + * the response authentication request + * @param ipAddress + * the IP address + * @param isHashing + * the hashing of values * * @return the sTORK authentication response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAttrQueryResponse generateSTORKAttrQueryResponse( - final STORKAttrQueryRequest request, - final STORKAttrQueryResponse responseAttrQueryRes, final String ipAddress, + public STORKAttrQueryResponse generateSTORKAttrQueryResponse(final STORKAttrQueryRequest request, final STORKAttrQueryResponse responseAttrQueryRes, final String ipAddress, final String destinationUrl, final boolean isHashing) throws STORKSAMLEngineException { LOG.info("generateSTORKAttrQueryResponse"); @@ -1345,35 +1190,28 @@ public final class STORKSAMLEngine extends SAMLEngine { // Mandatory SAML LOG.debug("Generate StatusCode"); - final StatusCode statusCode = SAMLEngineUtils - .generateStatusCode(StatusCode.SUCCESS_URI); + final StatusCode statusCode = SAMLEngineUtils.generateStatusCode(StatusCode.SUCCESS_URI); LOG.debug("Generate Status"); final Status status = SAMLEngineUtils.generateStatus(statusCode); LOG.debug("Generate StatusMessage"); - final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils - .generateStatusMessage(StatusCode.SUCCESS_URI); + final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils.generateStatusMessage(StatusCode.SUCCESS_URI); status.setStatusMessage(statusMessage); LOG.debug("Generate Response"); // RESPONSE - final Response response = genAuthnRespBase(status, destinationUrl, - request.getSamlId()); + final Response response = genAuthnRespBase(status, destinationUrl, request.getSamlId()); DateTime notOnOrAfter = new DateTime(); - notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties() - .getTimeNotOnOrAfter()); + notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties().getTimeNotOnOrAfter()); - final Assertion assertion = this.generateAssertion(ipAddress, "" - ,request.getSamlId(), request.getIssuer(), notOnOrAfter); + final Assertion assertion = this.generateAssertion(ipAddress, "", request.getSamlId(), request.getIssuer(), notOnOrAfter); - final AttributeStatement attrStatement = this - .generateAttributeStatement(responseAttrQueryRes - .getPersonalAttributeList(), isHashing); + final AttributeStatement attrStatement = this.generateAttributeStatement(responseAttrQueryRes.getPersonalAttributeList(), isHashing); assertion.getAttributeStatements().add(attrStatement); @@ -1391,24 +1229,28 @@ public final class STORKSAMLEngine extends SAMLEngine { } return attrQueryResponse; } - + /** - * Generate stork attribute query response from multiple assertions - * - * @param request the request - * @param responseAttrQueryRes the response to the query request - * @param responses the responses to include in the response (aggregation) - * @param ipAddress the IP address - * @param isHashing the hashing of values + * Generate stork attribute query response from multiple assertions + * + * @param request + * the request + * @param responseAttrQueryRes + * the response to the query request + * @param responses + * the responses to include in the response (aggregation) + * @param ipAddress + * the IP address + * @param isHashing + * the hashing of values * * @return the sTORK attribute query response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAttrQueryResponse generateSTORKAttrQueryResponseWithAssertions( - final STORKAttrQueryRequest request, final STORKAttrQueryResponse responseAttrQueryRes, - final List<STORKAttrQueryResponse> responses, final String ipAddress, - final String destinationUrl, final boolean isHashing) throws STORKSAMLEngineException { + public STORKAttrQueryResponse generateSTORKAttrQueryResponseWithAssertions(final STORKAttrQueryRequest request, final STORKAttrQueryResponse responseAttrQueryRes, + final List<STORKAttrQueryResponse> responses, final String ipAddress, final String destinationUrl, final boolean isHashing) throws STORKSAMLEngineException { LOG.info("generateSTORKAttrQueryResponse"); // Validate parameters @@ -1416,44 +1258,35 @@ public final class STORKSAMLEngine extends SAMLEngine { // Mandatory SAML LOG.debug("Generate StatusCode"); - final StatusCode statusCode = SAMLEngineUtils - .generateStatusCode(StatusCode.SUCCESS_URI); + final StatusCode statusCode = SAMLEngineUtils.generateStatusCode(StatusCode.SUCCESS_URI); LOG.debug("Generate Status"); final Status status = SAMLEngineUtils.generateStatus(statusCode); LOG.debug("Generate StatusMessage"); - final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils - .generateStatusMessage(StatusCode.SUCCESS_URI); + final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils.generateStatusMessage(StatusCode.SUCCESS_URI); status.setStatusMessage(statusMessage); LOG.debug("Generate Response"); // RESPONSE - final Response response = genAuthnRespBase(status, destinationUrl, - request.getSamlId()); + final Response response = genAuthnRespBase(status, destinationUrl, request.getSamlId()); DateTime notOnOrAfter = new DateTime(); - notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties() - .getTimeNotOnOrAfter()); + notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties().getTimeNotOnOrAfter()); - final Assertion assertion = this.generateAssertion(ipAddress, "" - ,request.getSamlId(), request.getIssuer(), notOnOrAfter); + final Assertion assertion = this.generateAssertion(ipAddress, "", request.getSamlId(), request.getIssuer(), notOnOrAfter); - final AttributeStatement attrStatement = this - .generateAttributeStatement(responseAttrQueryRes - .getPersonalAttributeList(), isHashing); + final AttributeStatement attrStatement = this.generateAttributeStatement(responseAttrQueryRes.getPersonalAttributeList(), isHashing); assertion.getAttributeStatements().add(attrStatement); // Add the assertions from the former Query responses response.getAssertions().add(assertion); - if (responses != null && responses.size() > 0) - { - for (int i = 0; i < responses.size(); i++) - { + if (responses != null && responses.size() > 0) { + for (int i = 0; i < responses.size(); i++) { Assertion tempAssertion = responses.get(i).getAssertion(); tempAssertion.setParent(response); response.getAssertions().add(tempAssertion); @@ -1471,30 +1304,32 @@ public final class STORKSAMLEngine extends SAMLEngine { } return attrQueryResponse; } - + /** * Generate stork attribute query response fail. * - * @param request the request - * @param response the response - * @param ipAddress the IP address - * @param isHashing the is hashing + * @param request + * the request + * @param response + * the response + * @param ipAddress + * the IP address + * @param isHashing + * the is hashing * * @return the STORK attribute query response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAttrQueryResponse generateSTORKAttrQueryResponseFail( - final STORKAttrQueryRequest request, final STORKAttrQueryResponse response, - final String ipAddress, final String destinationUrl, final boolean isHashing) - throws STORKSAMLEngineException { + public STORKAttrQueryResponse generateSTORKAttrQueryResponseFail(final STORKAttrQueryRequest request, final STORKAttrQueryResponse response, final String ipAddress, final String destinationUrl, + final boolean isHashing) throws STORKSAMLEngineException { LOG.info("generateSTORKAttrQueryResponseFail"); validateParamAttrQueryResponseFail(request, response); // Mandatory - final StatusCode statusCode = SAMLEngineUtils - .generateStatusCode(response.getStatusCode()); + final StatusCode statusCode = SAMLEngineUtils.generateStatusCode(response.getStatusCode()); // Mandatory SAML LOG.debug("Generate StatusCode."); @@ -1506,8 +1341,7 @@ public final class STORKSAMLEngine extends SAMLEngine { // - http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported if (StringUtils.isNotBlank(response.getSubStatusCode())) { - final StatusCode newStatusCode = SAMLEngineUtils - .generateStatusCode(response.getSubStatusCode()); + final StatusCode newStatusCode = SAMLEngineUtils.generateStatusCode(response.getSubStatusCode()); statusCode.setStatusCode(newStatusCode); } @@ -1515,25 +1349,20 @@ public final class STORKSAMLEngine extends SAMLEngine { final Status status = SAMLEngineUtils.generateStatus(statusCode); if (StringUtils.isNotBlank(response.getMessage())) { - final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils - .generateStatusMessage(response.getMessage()); + final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils.generateStatusMessage(response.getMessage()); status.setStatusMessage(statusMessage); } LOG.debug("Generate Response."); // RESPONSE - final Response responseFail = genAuthnRespBase(status, destinationUrl, - request.getSamlId()); + final Response responseFail = genAuthnRespBase(status, destinationUrl, request.getSamlId()); DateTime notOnOrAfter = new DateTime(); - notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties() - .getTimeNotOnOrAfter()); + notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties().getTimeNotOnOrAfter()); - final Assertion assertion = this.generateAssertion(ipAddress, "", - request.getSamlId(), request - .getIssuer(), notOnOrAfter); + final Assertion assertion = this.generateAssertion(ipAddress, "", request.getSamlId(), request.getIssuer(), notOnOrAfter); responseFail.getAssertions().add(assertion); @@ -1550,67 +1379,59 @@ public final class STORKSAMLEngine extends SAMLEngine { } return storkResponse; } - + /** * Generate stork logout request. * - * @param request the request that contain all parameters for generate an - * logout request. + * @param request + * the request that contain all parameters for generate an logout request. * * @return the STORK logout request that has been processed. * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKLogoutRequest generateSTORKLogoutRequest( - final STORKLogoutRequest request) throws STORKSAMLEngineException { + public STORKLogoutRequest generateSTORKLogoutRequest(final STORKLogoutRequest request) throws STORKSAMLEngineException { LOG.info("Generate STORKLogoutRequest."); // Validate Parameters mandatories validateParamLogoutReq(request); - final LogoutRequest logoutRequestAux = SAMLEngineUtils - .generateSAMLLogoutRequest(SAMLEngineUtils.generateNCName(), - SAMLVersion.VERSION_20, SAMLEngineUtils - .getCurrentTime()); + final LogoutRequest logoutRequestAux = SAMLEngineUtils.generateSAMLLogoutRequest(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime()); // Set name spaces. setNameSpaces(logoutRequestAux); - // Add parameter optional STORK // Destination is mandatory if the destination is a C-PEPS // The application must to know if the destination is a C-PEPS. if (StringUtils.isNotBlank(request.getDestination())) { logoutRequestAux.setDestination(request.getDestination()); } - + // Consent is optional. Set from SAMLEngine.xml - consent. - logoutRequestAux.setConsent(super.getSamlCoreProperties() - .getConsentAuthnRequest()); + logoutRequestAux.setConsent(super.getSamlCoreProperties().getConsentAuthnRequest()); final Issuer issuer = SAMLEngineUtils.generateIssuer(); - - - if(request.getIssuer()!=null){ + + if (request.getIssuer() != null) { issuer.setValue(request.getIssuer()); - } else { + } else { issuer.setValue(super.getSamlCoreProperties().getRequester()); - } + } // Optional STORK - final String formatEntity = super.getSamlCoreProperties() - .getFormatEntity(); + final String formatEntity = super.getSamlCoreProperties().getFormatEntity(); if (StringUtils.isNotBlank(formatEntity)) { issuer.setFormat(formatEntity); } logoutRequestAux.setIssuer(issuer); - + // Set the name ID final NameID newNameID = SAMLEngineUtils.generateNameID(); - newNameID.setValue(request.getSpProvidedId()); + newNameID.setValue(request.getSpProvidedId()); logoutRequestAux.setNameID(newNameID); - // the result contains an authentication request token (byte[]), // identifier of the token, and all parameters from the request. @@ -1630,79 +1451,70 @@ public final class STORKSAMLEngine extends SAMLEngine { return logoutRequest; } - /** * Generate stork logout response. - * @param request the request thats being responded to - * @param response the tesponse that contain all parameters for generate an - * logout request. + * + * @param request + * the request thats being responded to + * @param response + * the tesponse that contain all parameters for generate an logout request. * * @return the STORK logout response that has been processed. * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKLogoutResponse generateSTORKLogoutResponse( - final STORKLogoutRequest request, - final STORKLogoutResponse response) throws STORKSAMLEngineException { + public STORKLogoutResponse generateSTORKLogoutResponse(final STORKLogoutRequest request, final STORKLogoutResponse response) throws STORKSAMLEngineException { LOG.info("Generate STORKLogoutResponse."); // Validate Parameters mandatories validateParamLogoutRes(request, response); - + // Mandatory SAML LOG.debug("Generate StatusCode"); - final StatusCode statusCode = SAMLEngineUtils - .generateStatusCode(StatusCode.SUCCESS_URI); + final StatusCode statusCode = SAMLEngineUtils.generateStatusCode(StatusCode.SUCCESS_URI); LOG.debug("Generate Status"); final Status status = SAMLEngineUtils.generateStatus(statusCode); LOG.debug("Generate StatusMessage"); - final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils - .generateStatusMessage(StatusCode.SUCCESS_URI); + final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils.generateStatusMessage(StatusCode.SUCCESS_URI); status.setStatusMessage(statusMessage); - final LogoutResponse logoutResponseAux= SAMLEngineUtils - .generateSAMLLogoutResponse(SAMLEngineUtils.generateNCName(), - SAMLVersion.VERSION_20, SAMLEngineUtils - .getCurrentTime(), status, request.getSamlId()); + final LogoutResponse logoutResponseAux = SAMLEngineUtils.generateSAMLLogoutResponse(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime(), status, + request.getSamlId()); // Set name spaces. setNameSpaces(logoutResponseAux); - // Add parameter optional STORK // Destination is mandatory if the destination is a C-PEPS // The application must to know if the destination is a C-PEPS. if (StringUtils.isNotBlank(response.getDestination())) { logoutResponseAux.setDestination(response.getDestination()); } - + // Consent is optional. Set from SAMLEngine.xml - consent. - logoutResponseAux.setConsent(super.getSamlCoreProperties() - .getConsentAuthnRequest()); + logoutResponseAux.setConsent(super.getSamlCoreProperties().getConsentAuthnRequest()); final Issuer issuer = SAMLEngineUtils.generateIssuer(); - - - if(response.getIssuer()!=null){ + + if (response.getIssuer() != null) { issuer.setValue(response.getIssuer()); - } else { + } else { issuer.setValue(super.getSamlCoreProperties().getRequester()); - } + } // Optional STORK - final String formatEntity = super.getSamlCoreProperties() - .getFormatEntity(); + final String formatEntity = super.getSamlCoreProperties().getFormatEntity(); if (StringUtils.isNotBlank(formatEntity)) { issuer.setFormat(formatEntity); } logoutResponseAux.setIssuer(issuer); - - + // the result contains an authentication request token (byte[]), // identifier of the token, and all parameters from the request. final STORKLogoutResponse logoutResponse = new STORKLogoutResponse(); @@ -1722,28 +1534,26 @@ public final class STORKSAMLEngine extends SAMLEngine { return logoutResponse; } - + /** * Generate failed stork logout response. * - * @param response the response that contain all parameters for generate an - * logout request. + * @param response + * the response that contain all parameters for generate an logout request. * * @return the STORK logout response that has been processed. * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKLogoutResponse generateSTORKLogoutResponseFail( - final STORKLogoutRequest request, - final STORKLogoutResponse response ) throws STORKSAMLEngineException { + public STORKLogoutResponse generateSTORKLogoutResponseFail(final STORKLogoutRequest request, final STORKLogoutResponse response) throws STORKSAMLEngineException { LOG.info("Generate STORKLogoutResponse."); // Validate Parameters mandatories validateParamLogoutResFail(request, response); - + // Mandatory - final StatusCode statusCode = SAMLEngineUtils - .generateStatusCode(response.getStatusCode()); + final StatusCode statusCode = SAMLEngineUtils.generateStatusCode(response.getStatusCode()); // Mandatory SAML LOG.debug("Generate StatusCode."); @@ -1755,8 +1565,7 @@ public final class STORKSAMLEngine extends SAMLEngine { // - http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported if (StringUtils.isNotBlank(response.getSubStatusCode())) { - final StatusCode newStatusCode = SAMLEngineUtils - .generateStatusCode(response.getSubStatusCode()); + final StatusCode newStatusCode = SAMLEngineUtils.generateStatusCode(response.getSubStatusCode()); statusCode.setStatusCode(newStatusCode); } @@ -1764,51 +1573,43 @@ public final class STORKSAMLEngine extends SAMLEngine { final Status status = SAMLEngineUtils.generateStatus(statusCode); if (StringUtils.isNotBlank(response.getStatusMessage())) { - final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils - .generateStatusMessage(response.getStatusMessage()); + final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils.generateStatusMessage(response.getStatusMessage()); status.setStatusMessage(statusMessage); } - final LogoutResponse logoutResponseAux= SAMLEngineUtils - .generateSAMLLogoutResponse(SAMLEngineUtils.generateNCName(), - SAMLVersion.VERSION_20, SAMLEngineUtils - .getCurrentTime(), status, request.getSamlId()); + final LogoutResponse logoutResponseAux = SAMLEngineUtils.generateSAMLLogoutResponse(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime(), status, + request.getSamlId()); // Set name spaces. setNameSpaces(logoutResponseAux); - // Add parameter optional STORK // Destination is mandatory if the destination is a C-PEPS // The application must to know if the destination is a C-PEPS. if (StringUtils.isNotBlank(response.getDestination())) { logoutResponseAux.setDestination(response.getDestination()); } - + // Consent is optional. Set from SAMLEngine.xml - consent. - logoutResponseAux.setConsent(super.getSamlCoreProperties() - .getConsentAuthnRequest()); + logoutResponseAux.setConsent(super.getSamlCoreProperties().getConsentAuthnRequest()); final Issuer issuer = SAMLEngineUtils.generateIssuer(); - - - if(response.getIssuer()!=null){ + + if (response.getIssuer() != null) { issuer.setValue(response.getIssuer()); - } else { + } else { issuer.setValue(super.getSamlCoreProperties().getRequester()); - } + } // Optional STORK - final String formatEntity = super.getSamlCoreProperties() - .getFormatEntity(); + final String formatEntity = super.getSamlCoreProperties().getFormatEntity(); if (StringUtils.isNotBlank(formatEntity)) { issuer.setFormat(formatEntity); } logoutResponseAux.setIssuer(issuer); - - + // the result contains an authentication request token (byte[]), // identifier of the token, and all parameters from the request. final STORKLogoutResponse logoutResponse = new STORKLogoutResponse(); @@ -1832,25 +1633,22 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Generate stork authentication statement for the authentication statement. * - * @param ipAddress the IP address + * @param ipAddress + * the IP address * * @return the authentication statement */ private AuthnStatement generateStorkAuthStatement(final String ipAddress) { LOG.debug("Generate stork authenticate statement."); - final SubjectLocality subjectLocality = SAMLEngineUtils - .generateSubjectLocality(ipAddress); + final SubjectLocality subjectLocality = SAMLEngineUtils.generateSubjectLocality(ipAddress); - final AuthnContext authnContext = (AuthnContext) SAMLEngineUtils - .createSamlObject(AuthnContext.DEFAULT_ELEMENT_NAME); + final AuthnContext authnContext = (AuthnContext) SAMLEngineUtils.createSamlObject(AuthnContext.DEFAULT_ELEMENT_NAME); - final AuthnContextDecl authnContextDecl = (AuthnContextDecl) SAMLEngineUtils - .createSamlObject(AuthnContextDecl.DEFAULT_ELEMENT_NAME); + final AuthnContextDecl authnContextDecl = (AuthnContextDecl) SAMLEngineUtils.createSamlObject(AuthnContextDecl.DEFAULT_ELEMENT_NAME); authnContext.setAuthnContextDecl(authnContextDecl); - final AuthnStatement authnStatement = SAMLEngineUtils - .generateAthnStatement(new DateTime(), authnContext); + final AuthnStatement authnStatement = SAMLEngineUtils.generateAthnStatement(new DateTime(), authnContext); // Optional STORK authnStatement.setSessionIndex(null); @@ -1862,101 +1660,84 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Generate stork extensions. * - * @param request the request + * @param request + * the request * * @return the extensions * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private Extensions generateSTORKExtensions(final STORKAuthnRequest request) - throws STORKSAMLEngineException { + private Extensions generateSTORKExtensions(final STORKAuthnRequest request) throws STORKSAMLEngineException { LOG.debug("Generate STORKExtensions"); final Extensions extensions = SAMLEngineUtils.generateExtension(); LOG.debug("Generate QAAAttribute"); - final QAAAttribute qaaAttribute = SAMLEngineUtils - .generateQAAAttribute(request.getQaa()); + final QAAAttribute qaaAttribute = SAMLEngineUtils.generateQAAAttribute(request.getQaa()); extensions.getUnknownXMLObjects().add(qaaAttribute); - - if (StringUtils.isNotEmpty(request - .getSpSector())) { + if (StringUtils.isNotEmpty(request.getSpSector())) { // Add information about service provider. LOG.debug("Generate SPSector"); - final SPSector sector = SAMLEngineUtils.generateSPSector(request - .getSpSector()); + final SPSector sector = SAMLEngineUtils.generateSPSector(request.getSpSector()); extensions.getUnknownXMLObjects().add(sector); } - //Delete from specification. Kept for compatibility with Provider Name value + // Delete from specification. Kept for compatibility with Provider Name value LOG.debug("Generate SPInstitution"); - final SPInstitution institution = SAMLEngineUtils - .generateSPInstitution(request.getProviderName()); + final SPInstitution institution = SAMLEngineUtils.generateSPInstitution(request.getProviderName()); extensions.getUnknownXMLObjects().add(institution); - if (StringUtils.isNotEmpty(request.getSpApplication())) { LOG.debug("Generate SPApplication"); - final SPApplication application = SAMLEngineUtils - .generateSPApplication(request.getSpApplication()); + final SPApplication application = SAMLEngineUtils.generateSPApplication(request.getSpApplication()); extensions.getUnknownXMLObjects().add(application); } if (StringUtils.isNotEmpty(request.getSpCountry())) { LOG.debug("Generate SPCountry"); - final SPCountry country = SAMLEngineUtils.generateSPCountry(request - .getSpCountry()); + final SPCountry country = SAMLEngineUtils.generateSPCountry(request.getSpCountry()); extensions.getUnknownXMLObjects().add(country); } - //eIDSectorShare: optional; default value: false. - String valueSectorShare = super.getSamlCoreProperties() - .iseIDSectorShare(); + // eIDSectorShare: optional; default value: false. + String valueSectorShare = super.getSamlCoreProperties().iseIDSectorShare(); if (StringUtils.isNotEmpty(valueSectorShare)) { // Add information about the use of the SAML message. LOG.debug("Generate EIDSectorShare"); - final EIDSectorShare eIdSectorShare = (EIDSectorShare) SAMLEngineUtils - .createSamlObject(EIDSectorShare.DEF_ELEMENT_NAME); + final EIDSectorShare eIdSectorShare = (EIDSectorShare) SAMLEngineUtils.createSamlObject(EIDSectorShare.DEF_ELEMENT_NAME); eIdSectorShare.setEIDSectorShare(String.valueOf(Boolean.valueOf(valueSectorShare))); extensions.getUnknownXMLObjects().add(eIdSectorShare); - } + } - String valueCrossSectorShare = super.getSamlCoreProperties() - .iseIDCrossSectorShare(); + String valueCrossSectorShare = super.getSamlCoreProperties().iseIDCrossSectorShare(); if (StringUtils.isNotEmpty(valueCrossSectorShare)) { LOG.debug("Generate EIDCrossSectorShare"); - final EIDCrossSectorShare eIdCrossSecShare = (EIDCrossSectorShare) SAMLEngineUtils - .createSamlObject(EIDCrossSectorShare.DEF_ELEMENT_NAME); + final EIDCrossSectorShare eIdCrossSecShare = (EIDCrossSectorShare) SAMLEngineUtils.createSamlObject(EIDCrossSectorShare.DEF_ELEMENT_NAME); eIdCrossSecShare.setEIDCrossSectorShare(String.valueOf(Boolean.valueOf(valueCrossSectorShare))); extensions.getUnknownXMLObjects().add(eIdCrossSecShare); } - - String valueCrossBorderShare = super.getSamlCoreProperties() - .iseIDCrossBorderShare(); + String valueCrossBorderShare = super.getSamlCoreProperties().iseIDCrossBorderShare(); if (StringUtils.isNotEmpty(valueCrossBorderShare)) { LOG.debug("Generate EIDCrossBorderShare"); - final EIDCrossBorderShare eIdCrossBordShare = (EIDCrossBorderShare) SAMLEngineUtils - .createSamlObject(EIDCrossBorderShare.DEF_ELEMENT_NAME); + final EIDCrossBorderShare eIdCrossBordShare = (EIDCrossBorderShare) SAMLEngineUtils.createSamlObject(EIDCrossBorderShare.DEF_ELEMENT_NAME); eIdCrossBordShare.setEIDCrossBorderShare(String.valueOf(Boolean.valueOf(valueCrossBorderShare))); extensions.getUnknownXMLObjects().add(eIdCrossBordShare); } - // Add information about requested attributes. LOG.debug("Generate RequestedAttributes."); - final RequestedAttributes reqAttributes = (RequestedAttributes) SAMLEngineUtils - .createSamlObject(RequestedAttributes.DEF_ELEMENT_NAME); + final RequestedAttributes reqAttributes = (RequestedAttributes) SAMLEngineUtils.createSamlObject(RequestedAttributes.DEF_ELEMENT_NAME); LOG.debug("SAML Engine configuration properties load."); - final Iterator<PersonalAttribute> iterator = request - .getPersonalAttributeList().iterator(); + final Iterator<PersonalAttribute> iterator = request.getPersonalAttributeList().iterator(); while (iterator.hasNext()) { @@ -1968,14 +1749,11 @@ public final class STORKSAMLEngine extends SAMLEngine { } // Verified if exits the attribute name. - final String attributeName = super.getSamlCoreProperties() - .getProperty(attribute.getName()); + final String attributeName = super.getSamlCoreProperties().getProperty(attribute.getName()); if (StringUtils.isBlank(attributeName)) { - LOG.debug("Attribute name: {} was not found.", attribute - .getName()); - throw new STORKSAMLEngineException("Attribute name: " - + attribute.getName() + " was not found."); + LOG.debug("Attribute name: {} was not found.", attribute.getName()); + throw new STORKSAMLEngineException("Attribute name: " + attribute.getName() + " was not found."); } // Friendly name it's an optional attribute. @@ -1985,18 +1763,13 @@ public final class STORKSAMLEngine extends SAMLEngine { friendlyName = attribute.getName(); } - String isRequired = null; if (super.getSamlCoreProperties().isRequired()) { isRequired = String.valueOf(attribute.isRequired()); } - LOG.debug("Generate requested attribute: " + attributeName); - final RequestedAttribute requestedAttr = SAMLEngineUtils - .generateReqAuthnAttributeSimple(attributeName, - friendlyName, isRequired, attribute - .getValue()); + final RequestedAttribute requestedAttr = SAMLEngineUtils.generateReqAuthnAttributeSimple(attributeName, friendlyName, isRequired, attribute.getValue()); // Add requested attribute. reqAttributes.getAttributes().add(requestedAttr); @@ -2006,123 +1779,103 @@ public final class STORKSAMLEngine extends SAMLEngine { extensions.getUnknownXMLObjects().add(reqAttributes); CitizenCountryCode citizenCountryCode = null; - if (request.getCitizenCountryCode() != null && StringUtils.isNotBlank(request.getCitizenCountryCode())){ + if (request.getCitizenCountryCode() != null && StringUtils.isNotBlank(request.getCitizenCountryCode())) { LOG.debug("Generate CitizenCountryCode"); - citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils - .createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME); + citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils.createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME); - citizenCountryCode.setCitizenCountryCode(request - .getCitizenCountryCode().toUpperCase()); - } + citizenCountryCode.setCitizenCountryCode(request.getCitizenCountryCode().toUpperCase()); + } SPID spid = null; - if(request.getSPID()!=null && StringUtils.isNotBlank(request.getSPID())) { + if (request.getSPID() != null && StringUtils.isNotBlank(request.getSPID())) { LOG.debug("Generate SPID"); - spid = (SPID) SAMLEngineUtils - .createSamlObject(SPID.DEF_ELEMENT_NAME); + spid = (SPID) SAMLEngineUtils.createSamlObject(SPID.DEF_ELEMENT_NAME); spid.setSPID(request.getSPID().toUpperCase()); - } + } - AuthenticationAttributes authenticationAttr = (AuthenticationAttributes) SAMLEngineUtils - .createSamlObject(AuthenticationAttributes.DEF_ELEMENT_NAME); + AuthenticationAttributes authenticationAttr = (AuthenticationAttributes) SAMLEngineUtils.createSamlObject(AuthenticationAttributes.DEF_ELEMENT_NAME); - final VIDPAuthenticationAttributes vIDPauthenticationAttr = (VIDPAuthenticationAttributes) SAMLEngineUtils - .createSamlObject(VIDPAuthenticationAttributes.DEF_ELEMENT_NAME); + final VIDPAuthenticationAttributes vIDPauthenticationAttr = (VIDPAuthenticationAttributes) SAMLEngineUtils.createSamlObject(VIDPAuthenticationAttributes.DEF_ELEMENT_NAME); - final SPInformation spInformation = (SPInformation) SAMLEngineUtils - .createSamlObject(SPInformation.DEF_ELEMENT_NAME); + final SPInformation spInformation = (SPInformation) SAMLEngineUtils.createSamlObject(SPInformation.DEF_ELEMENT_NAME); - if(citizenCountryCode!=null){ + if (citizenCountryCode != null) { vIDPauthenticationAttr.setCitizenCountryCode(citizenCountryCode); } - if(spid!=null){ + if (spid != null) { spInformation.setSPID(spid); } vIDPauthenticationAttr.setSPInformation(spInformation); - authenticationAttr - .setVIDPAuthenticationAttributes(vIDPauthenticationAttr); + authenticationAttr.setVIDPAuthenticationAttributes(vIDPauthenticationAttr); extensions.getUnknownXMLObjects().add(authenticationAttr); - return extensions; } - + /** * Generate stork extensions. * - * @param request the attribute query request + * @param request + * the attribute query request * * @return the extensions * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private Extensions generateSTORKAttrExtensions(final STORKAttrQueryRequest request) - throws STORKSAMLEngineException { + private Extensions generateSTORKAttrExtensions(final STORKAttrQueryRequest request) throws STORKSAMLEngineException { LOG.debug("Generate STORKExtensions"); final Extensions extensions = SAMLEngineUtils.generateExtension(); LOG.debug("Generate QAAAttribute"); - final QAAAttribute qaaAttribute = SAMLEngineUtils - .generateQAAAttribute(request.getQaa()); + final QAAAttribute qaaAttribute = SAMLEngineUtils.generateQAAAttribute(request.getQaa()); extensions.getUnknownXMLObjects().add(qaaAttribute); - - if (StringUtils.isNotEmpty(request - .getSpSector())) { + if (StringUtils.isNotEmpty(request.getSpSector())) { // Add information about service provider. LOG.debug("Generate SPSector"); - final SPSector sector = SAMLEngineUtils.generateSPSector(request - .getSpSector()); + final SPSector sector = SAMLEngineUtils.generateSPSector(request.getSpSector()); extensions.getUnknownXMLObjects().add(sector); } - if (StringUtils.isNotEmpty(request.getSpApplication())) { LOG.debug("Generate SPApplication"); - final SPApplication application = SAMLEngineUtils - .generateSPApplication(request.getSpApplication()); + final SPApplication application = SAMLEngineUtils.generateSPApplication(request.getSpApplication()); extensions.getUnknownXMLObjects().add(application); } if (StringUtils.isNotEmpty(request.getSpCountry())) { LOG.debug("Generate SPCountry"); - final SPCountry country = SAMLEngineUtils.generateSPCountry(request - .getSpCountry()); + final SPCountry country = SAMLEngineUtils.generateSPCountry(request.getSpCountry()); extensions.getUnknownXMLObjects().add(country); } - final EIDSectorShare eIdSectorShare = (EIDSectorShare) SAMLEngineUtils - .createSamlObject(EIDSectorShare.DEF_ELEMENT_NAME); + final EIDSectorShare eIdSectorShare = (EIDSectorShare) SAMLEngineUtils.createSamlObject(EIDSectorShare.DEF_ELEMENT_NAME); eIdSectorShare.setEIDSectorShare(String.valueOf(request.isEIDSectorShare())); extensions.getUnknownXMLObjects().add(eIdSectorShare); - final EIDCrossSectorShare eIdCrossSecShare = (EIDCrossSectorShare) SAMLEngineUtils - .createSamlObject(EIDCrossSectorShare.DEF_ELEMENT_NAME); + final EIDCrossSectorShare eIdCrossSecShare = (EIDCrossSectorShare) SAMLEngineUtils.createSamlObject(EIDCrossSectorShare.DEF_ELEMENT_NAME); eIdCrossSecShare.setEIDCrossSectorShare(String.valueOf(request.isEIDCrossSectorShare())); extensions.getUnknownXMLObjects().add(eIdCrossSecShare); - final EIDCrossBorderShare eIdCrossBordShare = (EIDCrossBorderShare) SAMLEngineUtils - .createSamlObject(EIDCrossBorderShare.DEF_ELEMENT_NAME); + final EIDCrossBorderShare eIdCrossBordShare = (EIDCrossBorderShare) SAMLEngineUtils.createSamlObject(EIDCrossBorderShare.DEF_ELEMENT_NAME); eIdCrossBordShare.setEIDCrossBorderShare(String.valueOf(request.isEIDCrossBorderShare())); extensions.getUnknownXMLObjects().add(eIdCrossBordShare); - // Add information about requested attributes. LOG.debug("Generate RequestedAttributes."); - final RequestedAttributes reqAttributes = (RequestedAttributes) SAMLEngineUtils - .createSamlObject(RequestedAttributes.DEF_ELEMENT_NAME); + final RequestedAttributes reqAttributes = (RequestedAttributes) SAMLEngineUtils.createSamlObject(RequestedAttributes.DEF_ELEMENT_NAME); LOG.debug("SAML Engine configuration properties load."); - final Iterator<PersonalAttribute> iterator = request - .getPersonalAttributeList().iterator(); + final Iterator<PersonalAttribute> iterator = request.getPersonalAttributeList().iterator(); while (iterator.hasNext()) { @@ -2134,14 +1887,11 @@ public final class STORKSAMLEngine extends SAMLEngine { } // Verified if exits the attribute name. - final String attributeName = super.getSamlCoreProperties() - .getProperty(attribute.getName()); + final String attributeName = super.getSamlCoreProperties().getProperty(attribute.getName()); if (StringUtils.isBlank(attributeName)) { - LOG.debug("Attribute name: {} was not found.", attribute - .getName()); - throw new STORKSAMLEngineException("Attribute name: " - + attribute.getName() + " was not found."); + LOG.debug("Attribute name: {} was not found.", attribute.getName()); + throw new STORKSAMLEngineException("Attribute name: " + attribute.getName() + " was not found."); } // Friendly name it's an optional attribute. @@ -2151,18 +1901,13 @@ public final class STORKSAMLEngine extends SAMLEngine { friendlyName = attribute.getName(); } - String isRequired = null; if (super.getSamlCoreProperties().isRequired()) { isRequired = String.valueOf(attribute.isRequired()); } - LOG.debug("Generate requested attribute: " + attributeName); - final RequestedAttribute requestedAttr = SAMLEngineUtils - .generateReqAuthnAttributeSimple(attributeName, - friendlyName, isRequired, attribute - .getValue()); + final RequestedAttribute requestedAttr = SAMLEngineUtils.generateReqAuthnAttributeSimple(attributeName, friendlyName, isRequired, attribute.getValue()); // Add requested attribute. reqAttributes.getAttributes().add(requestedAttr); @@ -2172,100 +1917,92 @@ public final class STORKSAMLEngine extends SAMLEngine { extensions.getUnknownXMLObjects().add(reqAttributes); CitizenCountryCode citizenCountryCode = null; - if (request.getCitizenCountryCode() != null && StringUtils.isNotBlank(request.getCitizenCountryCode())){ + if (request.getCitizenCountryCode() != null && StringUtils.isNotBlank(request.getCitizenCountryCode())) { LOG.debug("Generate CitizenCountryCode"); - citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils - .createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME); + citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils.createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME); + + citizenCountryCode.setCitizenCountryCode(request.getCitizenCountryCode().toUpperCase()); - citizenCountryCode.setCitizenCountryCode(request - .getCitizenCountryCode().toUpperCase()); - } + extensions.getUnknownXMLObjects().add(citizenCountryCode); + } SPID spid = null; - if(request.getSPID()!=null && StringUtils.isNotBlank(request.getSPID())) { + if (request.getSPID() != null && StringUtils.isNotBlank(request.getSPID())) { LOG.debug("Generate SPID"); - spid = (SPID) SAMLEngineUtils - .createSamlObject(SPID.DEF_ELEMENT_NAME); + spid = (SPID) SAMLEngineUtils.createSamlObject(SPID.DEF_ELEMENT_NAME); spid.setSPID(request.getSPID().toUpperCase()); - } + extensions.getUnknownXMLObjects().add(spid); + } return extensions; } - + /** * Gets the alias from X.509 Certificate at keystore. * - * @param keyInfo the key info - * @param storkOwnKeyStore - * @param storkOwnKeyStore + * @param keyInfo + * the key info + * @param storkOwnKeyStore + * @param storkOwnKeyStore * * @return the alias */ - private String getAlias(final KeyInfo keyInfo, KeyStore storkOwnKeyStore) { - - LOG.debug("Recover alias information"); + private String getAlias(final KeyInfo keyInfo, KeyStore storkOwnKeyStore) { - String alias = null; - try { - final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo - .getX509Datas().get(0).getX509Certificates().get(0); + LOG.debug("Recover alias information"); - // Transform the KeyInfo to X509Certificate. - CertificateFactory certFact; - certFact = CertificateFactory.getInstance("X.509"); + String alias = null; + try { + final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo.getX509Datas().get(0).getX509Certificates().get(0); - final ByteArrayInputStream bis = new ByteArrayInputStream(Base64 - .decode(xmlCert.getValue())); + // Transform the KeyInfo to X509Certificate. + CertificateFactory certFact; + certFact = CertificateFactory.getInstance("X.509"); - final X509Certificate cert = (X509Certificate) certFact - .generateCertificate(bis); + final ByteArrayInputStream bis = new ByteArrayInputStream(Base64.decode(xmlCert.getValue())); - final String tokenSerialNumber = cert.getSerialNumber().toString(16); - final X509Principal tokenIssuerDN = new X509Principal(cert.getIssuerDN().getName()); + final X509Certificate cert = (X509Certificate) certFact.generateCertificate(bis); + final String tokenSerialNumber = cert.getSerialNumber().toString(16); + final X509Principal tokenIssuerDN = new X509Principal(cert.getIssuerDN().getName()); - String aliasCert; - X509Certificate certificate; - boolean find = false; + String aliasCert; + X509Certificate certificate; + boolean find = false; - for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e - .hasMoreElements() - && !find; ) { - aliasCert = e.nextElement(); - certificate = (X509Certificate) storkOwnKeyStore - .getCertificate(aliasCert); + for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements() && !find;) { + aliasCert = e.nextElement(); + certificate = (X509Certificate) storkOwnKeyStore.getCertificate(aliasCert); - final String serialNum = certificate.getSerialNumber() - .toString(16); + final String serialNum = certificate.getSerialNumber().toString(16); - X509Principal issuerDN = new X509Principal(certificate - .getIssuerDN().getName()); + X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); - if(serialNum.equalsIgnoreCase(tokenSerialNumber) - && X509PrincipalUtil.equals2(issuerDN, tokenIssuerDN)){ - alias = aliasCert; - find = true; - } + if (serialNum.equalsIgnoreCase(tokenSerialNumber) && X509PrincipalUtil.equals2(issuerDN, tokenIssuerDN)) { + alias = aliasCert; + find = true; + } - } + } - } catch (KeyStoreException e) { - LOG.error("Procces getAlias from certificate associated into the signing keystore..", e); - } catch (CertificateException e) { - LOG.error("Procces getAlias from certificate associated into the signing keystore..", e); - } catch (RuntimeException e) { - LOG.error("Procces getAlias from certificate associated into the signing keystore..", e); - } - return alias; - } + } catch (KeyStoreException e) { + LOG.error("Procces getAlias from certificate associated into the signing keystore..", e); + } catch (CertificateException e) { + LOG.error("Procces getAlias from certificate associated into the signing keystore..", e); + } catch (RuntimeException e) { + LOG.error("Procces getAlias from certificate associated into the signing keystore..", e); + } + return alias; + } /** * Gets the country from X.509 Certificate. * - * @param keyInfo the key info + * @param keyInfo + * the key info * * @return the country */ @@ -2274,23 +2011,19 @@ public final class STORKSAMLEngine extends SAMLEngine { String result = ""; try { - final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo - .getX509Datas().get(0).getX509Certificates().get(0); + final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo.getX509Datas().get(0).getX509Certificates().get(0); // Transform the KeyInfo to X509Certificate. CertificateFactory certFact; certFact = CertificateFactory.getInstance("X.509"); - final ByteArrayInputStream bis = new ByteArrayInputStream(Base64 - .decode(xmlCert.getValue())); + final ByteArrayInputStream bis = new ByteArrayInputStream(Base64.decode(xmlCert.getValue())); - final X509Certificate cert = (X509Certificate) certFact - .generateCertificate(bis); + final X509Certificate cert = (X509Certificate) certFact.generateCertificate(bis); String distName = cert.getSubjectDN().toString(); - distName = StringUtils.deleteWhitespace(StringUtils - .upperCase(distName)); + distName = StringUtils.deleteWhitespace(StringUtils.upperCase(distName)); final String countryCode = "C="; final int init = distName.indexOf(countryCode); @@ -2303,12 +2036,11 @@ public final class STORKSAMLEngine extends SAMLEngine { } if (init < end && end > StringUtils.INDEX_NOT_FOUND) { - result = distName.substring(init + countryCode.length(), - end); - //It must be a two characters value - if(result.length()>2){ + result = distName.substring(init + countryCode.length(), end); + // It must be a two characters value + if (result.length() > 2) { result = result.substring(0, 2); - } + } } } @@ -2321,112 +2053,97 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Process all elements XMLObjects from the extensions. * - * @param extensions the extensions from the authentication request. + * @param extensions + * the extensions from the authentication request. * * @return the STORK authentication request * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private STORKAuthnRequest processExtensions(final Extensions extensions) - throws STORKSAMLEngineException { + private STORKAuthnRequest processExtensions(final Extensions extensions) throws STORKSAMLEngineException { LOG.debug("Procces the extensions."); final STORKAuthnRequest request = new STORKAuthnRequest(); - final QAAAttribute qaa = (QAAAttribute) extensions - .getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME).get(0); + final QAAAttribute qaa = (QAAAttribute) extensions.getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME).get(0); request.setQaa(Integer.parseInt(qaa.getQaaLevel())); - List optionalElements = extensions.getUnknownXMLObjects( - SPSector.DEF_ELEMENT_NAME); + List optionalElements = extensions.getUnknownXMLObjects(SPSector.DEF_ELEMENT_NAME); if (!optionalElements.isEmpty()) { - final SPSector sector = (SPSector) extensions.getUnknownXMLObjects( - SPSector.DEF_ELEMENT_NAME).get(0); + final SPSector sector = (SPSector) extensions.getUnknownXMLObjects(SPSector.DEF_ELEMENT_NAME).get(0); request.setSpSector(sector.getSPSector()); } optionalElements = extensions.getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME); if (!optionalElements.isEmpty()) { - final SPApplication application = (SPApplication) extensions - .getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME).get(0); + final SPApplication application = (SPApplication) extensions.getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME).get(0); request.setSpApplication(application.getSPApplication()); } optionalElements = extensions.getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME); if (!optionalElements.isEmpty()) { - final SPCountry application = (SPCountry) extensions - .getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME).get(0); + final SPCountry application = (SPCountry) extensions.getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME).get(0); request.setSpCountry(application.getSPCountry()); - } - + } - List listCrossBorderShare = extensions - .getUnknownXMLObjects(EIDCrossBorderShare.DEF_ELEMENT_NAME); + List listCrossBorderShare = extensions.getUnknownXMLObjects(EIDCrossBorderShare.DEF_ELEMENT_NAME); - if (!listCrossBorderShare .isEmpty()) { + if (!listCrossBorderShare.isEmpty()) { final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) listCrossBorderShare.get(0); - request.setEIDCrossBorderShare(Boolean.parseBoolean(crossBorderShare - .getEIDCrossBorderShare())); + request.setEIDCrossBorderShare(Boolean.parseBoolean(crossBorderShare.getEIDCrossBorderShare())); } - - List listCrosSectorShare = extensions - .getUnknownXMLObjects(EIDCrossSectorShare.DEF_ELEMENT_NAME); + List listCrosSectorShare = extensions.getUnknownXMLObjects(EIDCrossSectorShare.DEF_ELEMENT_NAME); if (!listCrosSectorShare.isEmpty()) { final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) listCrosSectorShare.get(0); - request.setEIDCrossSectorShare(Boolean.parseBoolean(crossSectorShare - .getEIDCrossSectorShare())); + request.setEIDCrossSectorShare(Boolean.parseBoolean(crossSectorShare.getEIDCrossSectorShare())); } - List listSectorShareExtension = extensions - .getUnknownXMLObjects(EIDSectorShare.DEF_ELEMENT_NAME); + List listSectorShareExtension = extensions.getUnknownXMLObjects(EIDSectorShare.DEF_ELEMENT_NAME); if (!listSectorShareExtension.isEmpty()) { final EIDSectorShare sectorShare = (EIDSectorShare) listSectorShareExtension.get(0); request.setEIDSectorShare(Boolean.parseBoolean(sectorShare.getEIDSectorShare())); } - - - List<XMLObject> authAttrs = extensions - .getUnknownXMLObjects(AuthenticationAttributes.DEF_ELEMENT_NAME); + List<XMLObject> authAttrs = extensions.getUnknownXMLObjects(AuthenticationAttributes.DEF_ELEMENT_NAME); if (authAttrs != null && !authAttrs.isEmpty()) { - final AuthenticationAttributes authnAttr = (AuthenticationAttributes) authAttrs - .get(0); + final AuthenticationAttributes authnAttr = (AuthenticationAttributes) authAttrs.get(0); VIDPAuthenticationAttributes vidpAuthnAttr = null; - if (authnAttr != null && !authAttrs.isEmpty()){ + if (authnAttr != null && !authAttrs.isEmpty()) { vidpAuthnAttr = authnAttr.getVIDPAuthenticationAttributes(); } CitizenCountryCode citizenCountryCodeElement = null; SPInformation spInformation = null; - if (vidpAuthnAttr != null){ + if (vidpAuthnAttr != null) { citizenCountryCodeElement = vidpAuthnAttr.getCitizenCountryCode(); spInformation = vidpAuthnAttr.getSPInformation(); } String citizenCountryCode = null; - if(citizenCountryCodeElement!=null){ + if (citizenCountryCodeElement != null) { citizenCountryCode = citizenCountryCodeElement.getCitizenCountryCode(); } - if(citizenCountryCode!= null && StringUtils.isNotBlank(citizenCountryCode)){ + if (citizenCountryCode != null && StringUtils.isNotBlank(citizenCountryCode)) { request.setCitizenCountryCode(citizenCountryCode); - } + } SPID spidElement = null; - if (spInformation != null){ + if (spInformation != null) { spidElement = spInformation.getSPID(); } String spid = null; - if(spidElement!=null){ + if (spidElement != null) { spid = spidElement.getSPID(); } @@ -2435,16 +2152,12 @@ public final class STORKSAMLEngine extends SAMLEngine { } } - if (extensions - .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) == null) { + if (extensions.getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) == null) { LOG.error("Extensions not contains any requested attribute."); - throw new STORKSAMLEngineException( - "Extensions not contains any requested attribute."); + throw new STORKSAMLEngineException("Extensions not contains any requested attribute."); } - final RequestedAttributes requestedAttr = (RequestedAttributes) extensions - .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) - .get(0); + final RequestedAttributes requestedAttr = (RequestedAttributes) extensions.getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME).get(0); final List<RequestedAttribute> reqAttrs = requestedAttr.getAttributes(); @@ -2459,8 +2172,7 @@ public final class STORKSAMLEngine extends SAMLEngine { attributeName = attribute.getName(); // recover the last name from the string. - personalAttribute.setName(attributeName.substring(attributeName - .lastIndexOf('/') + 1)); + personalAttribute.setName(attributeName.substring(attributeName.lastIndexOf('/') + 1)); final ArrayList<String> valores = new ArrayList<String>(); final List<XMLObject> values = attribute.getOrderedChildren(); @@ -2469,52 +2181,46 @@ public final class STORKSAMLEngine extends SAMLEngine { // Process attributes simples. An AuthenticationRequest only // must contains simple values. - + final XMLObject xmlObject = values.get(nextSimpleValue); - - if(xmlObject instanceof XSStringImpl){ - - final XSStringImpl xmlString = (XSStringImpl) values - .get(nextSimpleValue); + + if (xmlObject instanceof XSStringImpl) { + + final XSStringImpl xmlString = (XSStringImpl) values.get(nextSimpleValue); valores.add(xmlString.getValue()); - - }else{ - + + } else { + if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) { - - final XSAnyImpl xmlString = (XSAnyImpl) values - .get(nextSimpleValue); - + + final XSAnyImpl xmlString = (XSAnyImpl) values.get(nextSimpleValue); + TransformerFactory transFactory = TransformerFactory.newInstance(); Transformer transformer = null; try { transformer = transFactory.newTransformer(); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); } catch (TransformerConfigurationException e) { - LOG.error("Error transformer configuration exception", e); + LOG.error("Error transformer configuration exception", e); } - StringWriter buffer = new StringWriter(); + StringWriter buffer = new StringWriter(); try { - if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){ - transformer.transform(new DOMSource(xmlString.getUnknownXMLObjects().get(0).getDOM()), - new StreamResult(buffer)); - } + if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0) { + transformer.transform(new DOMSource(xmlString.getUnknownXMLObjects().get(0).getDOM()), new StreamResult(buffer)); + } } catch (TransformerException e) { - LOG.error("Error transformer exception", e); + LOG.error("Error transformer exception", e); } String str = buffer.toString(); - - valores.add(str); - - }else{ - - final XSAnyImpl xmlString = (XSAnyImpl) values - .get(nextSimpleValue); + + valores.add(str); + + } else { + + final XSAnyImpl xmlString = (XSAnyImpl) values.get(nextSimpleValue); valores.add(xmlString.getTextContent()); } - - - + } } personalAttribute.setValue(valores); @@ -2526,116 +2232,100 @@ public final class STORKSAMLEngine extends SAMLEngine { return request; } - /** * Process all elements XMLObjects from the extensions. * - * @param extensions the extensions from the authentication request. + * @param extensions + * the extensions from the authentication request. * * @return the STORK authentication request * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private STORKAttrQueryRequest processAttrExtensions(final Extensions extensions) - throws STORKSAMLEngineException { + private STORKAttrQueryRequest processAttrExtensions(final Extensions extensions) throws STORKSAMLEngineException { LOG.debug("Procces the atribute query extensions."); final STORKAttrQueryRequest request = new STORKAttrQueryRequest(); - final QAAAttribute qaa = (QAAAttribute) extensions - .getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME).get(0); + final QAAAttribute qaa = (QAAAttribute) extensions.getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME).get(0); request.setQaa(Integer.parseInt(qaa.getQaaLevel())); - List optionalElements = extensions.getUnknownXMLObjects( - SPSector.DEF_ELEMENT_NAME); + List optionalElements = extensions.getUnknownXMLObjects(SPSector.DEF_ELEMENT_NAME); if (!optionalElements.isEmpty()) { - final SPSector sector = (SPSector) extensions.getUnknownXMLObjects( - SPSector.DEF_ELEMENT_NAME).get(0); + final SPSector sector = (SPSector) extensions.getUnknownXMLObjects(SPSector.DEF_ELEMENT_NAME).get(0); request.setSpSector(sector.getSPSector()); } optionalElements = extensions.getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME); if (!optionalElements.isEmpty()) { - final SPApplication application = (SPApplication) extensions - .getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME).get(0); + final SPApplication application = (SPApplication) extensions.getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME).get(0); request.setSpApplication(application.getSPApplication()); } optionalElements = extensions.getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME); if (!optionalElements.isEmpty()) { - final SPCountry application = (SPCountry) extensions - .getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME).get(0); + final SPCountry application = (SPCountry) extensions.getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME).get(0); request.setSpCountry(application.getSPCountry()); - } - + } - List listCrossBorderShare = extensions - .getUnknownXMLObjects(EIDCrossBorderShare.DEF_ELEMENT_NAME); + List listCrossBorderShare = extensions.getUnknownXMLObjects(EIDCrossBorderShare.DEF_ELEMENT_NAME); - if (!listCrossBorderShare .isEmpty()) { + if (!listCrossBorderShare.isEmpty()) { final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) listCrossBorderShare.get(0); - request.setEIDCrossBorderShare(Boolean.parseBoolean(crossBorderShare - .getEIDCrossBorderShare())); + request.setEIDCrossBorderShare(Boolean.parseBoolean(crossBorderShare.getEIDCrossBorderShare())); } - - List listCrosSectorShare = extensions - .getUnknownXMLObjects(EIDCrossSectorShare.DEF_ELEMENT_NAME); + List listCrosSectorShare = extensions.getUnknownXMLObjects(EIDCrossSectorShare.DEF_ELEMENT_NAME); if (!listCrosSectorShare.isEmpty()) { final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) listCrosSectorShare.get(0); - request.setEIDCrossSectorShare(Boolean.parseBoolean(crossSectorShare - .getEIDCrossSectorShare())); + request.setEIDCrossSectorShare(Boolean.parseBoolean(crossSectorShare.getEIDCrossSectorShare())); } - List listSectorShareExtension = extensions - .getUnknownXMLObjects(EIDSectorShare.DEF_ELEMENT_NAME); + List listSectorShareExtension = extensions.getUnknownXMLObjects(EIDSectorShare.DEF_ELEMENT_NAME); if (!listSectorShareExtension.isEmpty()) { final EIDSectorShare sectorShare = (EIDSectorShare) listSectorShareExtension.get(0); request.setEIDSectorShare(Boolean.parseBoolean(sectorShare.getEIDSectorShare())); } - - - List<XMLObject> authAttrs = extensions - .getUnknownXMLObjects(AuthenticationAttributes.DEF_ELEMENT_NAME); + List<XMLObject> authAttrs = extensions.getUnknownXMLObjects(AuthenticationAttributes.DEF_ELEMENT_NAME); if (authAttrs != null && !authAttrs.isEmpty()) { - final AuthenticationAttributes authnAttr = (AuthenticationAttributes) authAttrs - .get(0); + final AuthenticationAttributes authnAttr = (AuthenticationAttributes) authAttrs.get(0); VIDPAuthenticationAttributes vidpAuthnAttr = null; - if (authnAttr != null && !authAttrs.isEmpty()){ + if (authnAttr != null && !authAttrs.isEmpty()) { vidpAuthnAttr = authnAttr.getVIDPAuthenticationAttributes(); } CitizenCountryCode citizenCountryCodeElement = null; SPInformation spInformation = null; - if (vidpAuthnAttr != null){ + if (vidpAuthnAttr != null) { citizenCountryCodeElement = vidpAuthnAttr.getCitizenCountryCode(); spInformation = vidpAuthnAttr.getSPInformation(); } String citizenCountryCode = null; - if(citizenCountryCodeElement!=null){ + if (citizenCountryCodeElement != null) { citizenCountryCode = citizenCountryCodeElement.getCitizenCountryCode(); } - if(citizenCountryCode!= null && StringUtils.isNotBlank(citizenCountryCode)){ + if (citizenCountryCode != null && StringUtils.isNotBlank(citizenCountryCode)) { request.setCitizenCountryCode(citizenCountryCode); - } + } SPID spidElement = null; - if (spInformation != null){ + if (spInformation != null) { spidElement = spInformation.getSPID(); } String spid = null; - if(spidElement!=null){ + if (spidElement != null) { spid = spidElement.getSPID(); } @@ -2644,16 +2334,12 @@ public final class STORKSAMLEngine extends SAMLEngine { } } - if (extensions - .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) == null) { + if (extensions.getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) == null) { LOG.error("Extensions not contains any requested attribute."); - throw new STORKSAMLEngineException( - "Extensions not contains any requested attribute."); + throw new STORKSAMLEngineException("Extensions not contains any requested attribute."); } - final RequestedAttributes requestedAttr = (RequestedAttributes) extensions - .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) - .get(0); + final RequestedAttributes requestedAttr = (RequestedAttributes) extensions.getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME).get(0); final List<RequestedAttribute> reqAttrs = requestedAttr.getAttributes(); @@ -2668,8 +2354,7 @@ public final class STORKSAMLEngine extends SAMLEngine { attributeName = attribute.getName(); // recover the last name from the string. - personalAttribute.setName(attributeName.substring(attributeName - .lastIndexOf('/') + 1)); + personalAttribute.setName(attributeName.substring(attributeName.lastIndexOf('/') + 1)); final ArrayList<String> valores = new ArrayList<String>(); final List<XMLObject> values = attribute.getOrderedChildren(); @@ -2678,52 +2363,46 @@ public final class STORKSAMLEngine extends SAMLEngine { // Process attributes simples. An AuthenticationRequest only // must contains simple values. - + final XMLObject xmlObject = values.get(nextSimpleValue); - - if(xmlObject instanceof XSStringImpl){ - - final XSStringImpl xmlString = (XSStringImpl) values - .get(nextSimpleValue); + + if (xmlObject instanceof XSStringImpl) { + + final XSStringImpl xmlString = (XSStringImpl) values.get(nextSimpleValue); valores.add(xmlString.getValue()); - - }else{ - + + } else { + if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) { - - final XSAnyImpl xmlString = (XSAnyImpl) values - .get(nextSimpleValue); - + + final XSAnyImpl xmlString = (XSAnyImpl) values.get(nextSimpleValue); + TransformerFactory transFactory = TransformerFactory.newInstance(); Transformer transformer = null; try { transformer = transFactory.newTransformer(); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); } catch (TransformerConfigurationException e) { - LOG.error("Error transformer configuration exception", e); + LOG.error("Error transformer configuration exception", e); } - StringWriter buffer = new StringWriter(); + StringWriter buffer = new StringWriter(); try { - if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){ - transformer.transform(new DOMSource(xmlString.getUnknownXMLObjects().get(0).getDOM()), - new StreamResult(buffer)); - } + if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0) { + transformer.transform(new DOMSource(xmlString.getUnknownXMLObjects().get(0).getDOM()), new StreamResult(buffer)); + } } catch (TransformerException e) { - LOG.error("Error transformer exception", e); + LOG.error("Error transformer exception", e); } String str = buffer.toString(); - - valores.add(str); - - }else{ - - final XSAnyImpl xmlString = (XSAnyImpl) values - .get(nextSimpleValue); + + valores.add(str); + + } else { + + final XSAnyImpl xmlString = (XSAnyImpl) values.get(nextSimpleValue); valores.add(xmlString.getTextContent()); } - - - + } } personalAttribute.setValue(valores); @@ -2738,25 +2417,22 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Sets the name spaces. * - * @param tokenSaml the new name spaces + * @param tokenSaml + * the new name spaces */ private void setNameSpaces(final XMLObject tokenSaml) { LOG.debug("Set namespaces."); - final Namespace saml2 = new Namespace(SAMLConstants.SAML20_NS, - SAMLConstants.SAML20_PREFIX); + final Namespace saml2 = new Namespace(SAMLConstants.SAML20_NS, SAMLConstants.SAML20_PREFIX); tokenSaml.addNamespace(saml2); - final Namespace digSig = new Namespace( - "http://www.w3.org/2000/09/xmldsig#", "ds"); + final Namespace digSig = new Namespace("http://www.w3.org/2000/09/xmldsig#", "ds"); tokenSaml.addNamespace(digSig); - final Namespace storkp = new Namespace(SAMLCore.STORK10P_NS.getValue(), - SAMLCore.STORK10P_PREFIX.getValue()); + final Namespace storkp = new Namespace(SAMLCore.STORK10P_NS.getValue(), SAMLCore.STORK10P_PREFIX.getValue()); tokenSaml.addNamespace(storkp); - final Namespace stork = new Namespace(SAMLCore.STORK10_NS.getValue(), - SAMLCore.STORK10_PREFIX.getValue()); + final Namespace stork = new Namespace(SAMLCore.STORK10_NS.getValue(), SAMLCore.STORK10_PREFIX.getValue()); tokenSaml.addNamespace(stork); } @@ -2764,248 +2440,209 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Validate parameters from authentication request. * - * @param request the request. + * @param request + * the request. * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private void validateParamAuthnReq(final STORKAuthnRequest request) - throws STORKSAMLEngineException { + private void validateParamAuthnReq(final STORKAuthnRequest request) throws STORKSAMLEngineException { LOG.info("Validate parameters from authentication request."); // URL to which Authentication Response must be sent. if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { - throw new STORKSAMLEngineException( - "StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); + throw new STORKSAMLEngineException("StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); } // the name of the original service provider requesting the // authentication. if (StringUtils.isBlank(request.getProviderName())) { - throw new STORKSAMLEngineException( - "StorkSamlEngine: Service Provider it's mandatory."); + throw new STORKSAMLEngineException("StorkSamlEngine: Service Provider it's mandatory."); } // object that contain all attributes requesting. - if (request.getPersonalAttributeList() == null - || request.getPersonalAttributeList().isEmpty()) { - throw new STORKSAMLEngineException( - "attributeQueries is null or empty."); + if (request.getPersonalAttributeList() == null || request.getPersonalAttributeList().isEmpty()) { + throw new STORKSAMLEngineException("attributeQueries is null or empty."); } // Quality authentication assurance level. - if ((request.getQaa() < QAAAttribute.MIN_VALUE) - || (request.getQaa() > QAAAttribute.MAX_VALUE)) { - throw new STORKSAMLEngineException("Qaal: " + request.getQaa() - + ", is invalid."); + if ((request.getQaa() < QAAAttribute.MIN_VALUE) || (request.getQaa() > QAAAttribute.MAX_VALUE)) { + throw new STORKSAMLEngineException("Qaal: " + request.getQaa() + ", is invalid."); } } - + /** * Validate parameters from attribute query request. * - * @param request the request. + * @param request + * the request. * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private void validateParamAttrQueryReq(final STORKAttrQueryRequest request) - throws STORKSAMLEngineException { + private void validateParamAttrQueryReq(final STORKAttrQueryRequest request) throws STORKSAMLEngineException { LOG.info("Validate parameters from attribute query request."); // URL to which AP Response must be sent. if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { - throw new STORKSAMLEngineException( - "StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); + throw new STORKSAMLEngineException("StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); } - // Destination of the request - not mandatory - /*if (StringUtils.isBlank(request.getDestination())) { - throw new STORKSAMLEngineException( - "StorkSamlEngine: Destination is mandatory."); - }*/ - // SP country is empty if (StringUtils.isBlank(request.getSpCountry())) { - throw new STORKSAMLEngineException( - "StorkSamlEngine: SP country is mandatory."); + throw new STORKSAMLEngineException("StorkSamlEngine: SP country is mandatory."); } // object that contain all attributes requesting. - if (request.getPersonalAttributeList() == null - || request.getPersonalAttributeList().isEmpty()) { - throw new STORKSAMLEngineException( - "attributeQueries is null or empty."); + if (request.getPersonalAttributeList() == null || request.getPersonalAttributeList().isEmpty()) { + throw new STORKSAMLEngineException("attributeQueries is null or empty."); } // Quality authentication assurance level. - if ((request.getQaa() < QAAAttribute.MIN_VALUE) - || (request.getQaa() > QAAAttribute.MAX_VALUE)) { - throw new STORKSAMLEngineException("Qaal: " + request.getQaa() - + ", is invalid."); + if ((request.getQaa() < QAAAttribute.MIN_VALUE) || (request.getQaa() > QAAAttribute.MAX_VALUE)) { + throw new STORKSAMLEngineException("Qaal: " + request.getQaa() + ", is invalid."); } } - + /** * Validate parameters from logout request. * - * @param request the request. + * @param request + * the request. * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private void validateParamLogoutReq(final STORKLogoutRequest request) - throws STORKSAMLEngineException { + private void validateParamLogoutReq(final STORKLogoutRequest request) throws STORKSAMLEngineException { LOG.info("Validate parameters from logout request."); - // URL to which AP Response must be sent. - /*if (StringUtils.isBlank(request.get())) { - throw new STORKSAMLEngineException( - "StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); - }*/ - // Destination of the request if (StringUtils.isBlank(request.getDestination())) { - throw new STORKSAMLEngineException( - "StorkSamlEngine: Destination is mandatory."); + throw new STORKSAMLEngineException("StorkSamlEngine: Destination is mandatory."); } - + // SP Provided Id if (StringUtils.isBlank(request.getSpProvidedId())) { - throw new STORKSAMLEngineException( - "StorkSamlEngine: SP provided Id is mandatory."); + throw new STORKSAMLEngineException("StorkSamlEngine: SP provided Id is mandatory."); } } - + /** * Validate parameters from logout response. * - * @param response the response. + * @param response + * the response. * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private void validateParamLogoutRes(final STORKLogoutRequest request, - final STORKLogoutResponse response) throws STORKSAMLEngineException { + private void validateParamLogoutRes(final STORKLogoutRequest request, final STORKLogoutResponse response) throws STORKSAMLEngineException { LOG.info("Validate parameters from logout request."); // Issuer is mandatory if (StringUtils.isBlank(request.getIssuer())) { - throw new STORKSAMLEngineException( - "Issuer must be not empty or null."); + throw new STORKSAMLEngineException("Issuer must be not empty or null."); } // Destination of the request if (StringUtils.isBlank(response.getDestination())) { - throw new STORKSAMLEngineException( - "StorkSamlEngine: Destination is mandatory."); + throw new STORKSAMLEngineException("StorkSamlEngine: Destination is mandatory."); } - + // SP Provided Id if (StringUtils.isBlank(request.getSpProvidedId())) { - throw new STORKSAMLEngineException( - "StorkSamlEngine: SP provided Id is mandatory."); + throw new STORKSAMLEngineException("StorkSamlEngine: SP provided Id is mandatory."); } - + if (StringUtils.isBlank(request.getSamlId())) { throw new STORKSAMLEngineException("request ID is null or empty."); } } - /** * Validate parameters from response. * - * @param request the request - * @param responseAuthReq the response authentication request + * @param request + * the request + * @param responseAuthReq + * the response authentication request * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private void validateParamResponse(final STORKAuthnRequest request, - final STORKAuthnResponse responseAuthReq) - throws STORKSAMLEngineException { + private void validateParamResponse(final STORKAuthnRequest request, final STORKAuthnResponse responseAuthReq) throws STORKSAMLEngineException { LOG.info("Validate parameters response."); if (StringUtils.isBlank(request.getIssuer())) { - throw new STORKSAMLEngineException( - "Issuer must be not empty or null."); + throw new STORKSAMLEngineException("Issuer must be not empty or null."); } - if (responseAuthReq.getPersonalAttributeList() == null - || responseAuthReq.getPersonalAttributeList().isEmpty()) { - LOG.error("PersonalAttributeList is null or empty."); - throw new STORKSAMLEngineException( - "PersonalAttributeList is null or empty."); + if (responseAuthReq.getPersonalAttributeList() == null) { + LOG.error("PersonalAttributeList is null."); + throw new STORKSAMLEngineException("PersonalAttributeList is null."); } if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { - throw new STORKSAMLEngineException( - "assertionConsumerServiceURL is null or empty."); + throw new STORKSAMLEngineException("assertionConsumerServiceURL is null or empty."); } if (StringUtils.isBlank(request.getSamlId())) { throw new STORKSAMLEngineException("request ID is null or empty."); } } - + /** * Validate parameters from response. * - * @param request the request - * @param responseAttrQueryReq the response authentication request + * @param request + * the request + * @param responseAttrQueryReq + * the response authentication request * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private void validateParamAttrQueryResponse(final STORKAttrQueryRequest request, - final STORKAttrQueryResponse responseAttrQueryReq) - throws STORKSAMLEngineException { + private void validateParamAttrQueryResponse(final STORKAttrQueryRequest request, final STORKAttrQueryResponse responseAttrQueryReq) throws STORKSAMLEngineException { LOG.info("Validate attribute querey parameters response."); if (StringUtils.isBlank(request.getIssuer())) { - throw new STORKSAMLEngineException( - "Issuer must be not empty or null."); + throw new STORKSAMLEngineException("Issuer must be not empty or null."); } - if (responseAttrQueryReq.getPersonalAttributeList() == null - || responseAttrQueryReq.getPersonalAttributeList().isEmpty()) { + if (responseAttrQueryReq.getPersonalAttributeList() == null || responseAttrQueryReq.getPersonalAttributeList().isEmpty()) { LOG.error("PersonalAttributeList is null or empty."); - throw new STORKSAMLEngineException( - "PersonalAttributeList is null or empty."); + throw new STORKSAMLEngineException("PersonalAttributeList is null or empty."); } - /*if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { - throw new STORKSAMLEngineException( - "assertionConsumerServiceURL is null or empty."); - }*/ - if (StringUtils.isBlank(request.getSamlId())) { throw new STORKSAMLEngineException("request ID is null or empty."); } } - + /** * Validate parameters from response. * - * @param request the request - * @param responseAttrQueryReq the response authentication request + * @param request + * the request + * @param responseAttrQueryReq + * the response authentication request * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private void validateParamAttrQueryResponseFromAssertions(final STORKAttrQueryRequest request, - final STORKAttrQueryResponse responseAttrQueryReq) - throws STORKSAMLEngineException { + private void validateParamAttrQueryResponseFromAssertions(final STORKAttrQueryRequest request, final STORKAttrQueryResponse responseAttrQueryReq) throws STORKSAMLEngineException { LOG.info("Validate attribute querey parameters response."); if (StringUtils.isBlank(request.getIssuer())) { - throw new STORKSAMLEngineException( - "Issuer must be not empty or null."); + throw new STORKSAMLEngineException("Issuer must be not empty or null."); } - /*if (responseAttrQueryReq.getPersonalAttributeList() == null - || responseAttrQueryReq.getPersonalAttributeList().isEmpty()) { - LOG.error("PersonalAttributeList is null or empty."); - throw new STORKSAMLEngineException( - "PersonalAttributeList is null or empty."); - }*/ + /* + * if (responseAttrQueryReq.getPersonalAttributeList() == null || responseAttrQueryReq.getPersonalAttributeList().isEmpty()) { LOG.error("PersonalAttributeList is null or empty."); throw new + * STORKSAMLEngineException( "PersonalAttributeList is null or empty."); } + */ - /*if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { - throw new STORKSAMLEngineException( - "assertionConsumerServiceURL is null or empty."); - }*/ + /* + * if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { throw new STORKSAMLEngineException( "assertionConsumerServiceURL is null or empty."); } + */ if (StringUtils.isBlank(request.getSamlId())) { throw new STORKSAMLEngineException("request ID is null or empty."); @@ -3015,38 +2652,41 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Validate parameter from response fail. * - * @param request the request - * @param response the response + * @param request + * the request + * @param response + * the response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private void validateParamResponseFail(final STORKAuthnRequest request, - final STORKAuthnResponse response) throws STORKSAMLEngineException { + private void validateParamResponseFail(final STORKAuthnRequest request, final STORKAuthnResponse response) throws STORKSAMLEngineException { LOG.info("Validate parameters response fail."); if (StringUtils.isBlank(response.getStatusCode())) { throw new STORKSAMLEngineException("Code error it's null or empty."); } if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { - throw new STORKSAMLEngineException( - "assertionConsumerServiceURL is null or empty."); + throw new STORKSAMLEngineException("assertionConsumerServiceURL is null or empty."); } if (StringUtils.isBlank(request.getSamlId())) { throw new STORKSAMLEngineException("request ID is null or empty."); } } - + /** * Validate parameter from response fail. * - * @param request the request - * @param response the response + * @param request + * the request + * @param response + * the response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private void validateParamAttrQueryResponseFail(final STORKAttrQueryRequest request, - final STORKAttrQueryResponse response) throws STORKSAMLEngineException { + private void validateParamAttrQueryResponseFail(final STORKAttrQueryRequest request, final STORKAttrQueryResponse response) throws STORKSAMLEngineException { LOG.info("Validate parameters response fail."); if (StringUtils.isBlank(response.getStatusCode())) { throw new STORKSAMLEngineException("Code error it's null or empty."); @@ -3056,22 +2696,23 @@ public final class STORKSAMLEngine extends SAMLEngine { throw new STORKSAMLEngineException("request ID is null or empty."); } } - + /** * Validate parameter from response fail. * - * @param request the request - * @param response the response + * @param request + * the request + * @param response + * the response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private void validateParamLogoutResFail(final STORKLogoutRequest request, - final STORKLogoutResponse response) throws STORKSAMLEngineException { + private void validateParamLogoutResFail(final STORKLogoutRequest request, final STORKLogoutResponse response) throws STORKSAMLEngineException { LOG.info("Validate parameters response fail."); - + if (StringUtils.isBlank(request.getIssuer())) { - throw new STORKSAMLEngineException( - "Issuer must be not empty or null."); + throw new STORKSAMLEngineException("Issuer must be not empty or null."); } if (StringUtils.isBlank(response.getStatusCode())) { @@ -3086,14 +2727,15 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Validate stork authentication request. * - * @param tokenSaml the token SAML + * @param tokenSaml + * the token SAML * * @return the sTORK authentication request * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAuthnRequest validateSTORKAuthnRequest(final byte[] tokenSaml) - throws STORKSAMLEngineException { + public STORKAuthnRequest validateSTORKAuthnRequest(final byte[] tokenSaml) throws STORKSAMLEngineException { LOG.info("validateSTORKAuthnRequest"); final AuthnRequest samlRequest = (AuthnRequest) validateStorkSaml(tokenSaml); @@ -3108,60 +2750,56 @@ public final class STORKSAMLEngine extends SAMLEngine { } LOG.debug("Generate STORKAuthnRequest."); - final STORKAuthnRequest authnRequest = processExtensions(samlRequest - .getExtensions()); - - authnRequest.setCountry(this.getCountry(samlRequest.getSignature() - .getKeyInfo())); - - authnRequest.setAlias(this.getAlias(samlRequest.getSignature() - .getKeyInfo(), super.getSigner().getTrustStore())); - + final STORKAuthnRequest authnRequest = processExtensions(samlRequest.getExtensions()); + + authnRequest.setCountry(this.getCountry(samlRequest.getSignature().getKeyInfo())); + + authnRequest.setAlias(this.getAlias(samlRequest.getSignature().getKeyInfo(), super.getSigner().getTrustStore())); + authnRequest.setSamlId(samlRequest.getID()); authnRequest.setDestination(samlRequest.getDestination()); - authnRequest.setAssertionConsumerServiceURL(samlRequest - .getAssertionConsumerServiceURL()); + authnRequest.setAssertionConsumerServiceURL(samlRequest.getAssertionConsumerServiceURL()); authnRequest.setProviderName(samlRequest.getProviderName()); authnRequest.setIssuer(samlRequest.getIssuer().getValue()); - //Delete unknown elements from requested ones + // Delete unknown elements from requested ones final Iterator<PersonalAttribute> iterator = authnRequest.getPersonalAttributeList().iterator(); - IPersonalAttributeList cleanPerAttrList = (PersonalAttributeList) authnRequest.getPersonalAttributeList(); + IPersonalAttributeList cleanPerAttrList = (PersonalAttributeList) authnRequest.getPersonalAttributeList(); while (iterator.hasNext()) { final PersonalAttribute attribute = iterator.next(); // Verify if the attribute name exits. - final String attributeName = super.getSamlCoreProperties() - .getProperty(attribute.getName()); + final String attributeName = super.getSamlCoreProperties().getProperty(attribute.getName()); if (StringUtils.isBlank(attributeName)) { LOG.info("Attribute name: {} was not found. It will be removed from the request object", attribute.getName()); cleanPerAttrList.remove(attribute.getName()); } - } + } authnRequest.setPersonalAttributeList(cleanPerAttrList); return authnRequest; } - + /** * Validate stork attribute query request. * - * @param tokenSaml the token SAML + * @param tokenSaml + * the token SAML * * @return the STORK attribute query request * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAttrQueryRequest validateSTORKAttrQueryRequest(final byte[] tokenSaml) - throws STORKSAMLEngineException { + public STORKAttrQueryRequest validateSTORKAttrQueryRequest(final byte[] tokenSaml) throws STORKSAMLEngineException { LOG.info("validateSTORKAttrQueryRequest"); - //final AttributeQuery samlRequest = (AttributeQuery) validateStorkSaml(tokenSaml); + // final AttributeQuery samlRequest = (AttributeQuery) validateStorkSaml(tokenSaml); final CustomRequestAbstractType samlRequest = (CustomRequestAbstractType) validateStorkSaml(tokenSaml); LOG.debug("Validate Extensions."); @@ -3174,82 +2812,77 @@ public final class STORKSAMLEngine extends SAMLEngine { } LOG.debug("Generate STORKAttrQueryRequest."); - final STORKAttrQueryRequest attrRequest = processAttrExtensions(samlRequest - .getExtensions()); - - attrRequest.setCountry(this.getCountry(samlRequest.getSignature() - .getKeyInfo())); - - attrRequest.setAlias(this.getAlias(samlRequest.getSignature() - .getKeyInfo(), super.getSigner().getTrustStore())); - + final STORKAttrQueryRequest attrRequest = processAttrExtensions(samlRequest.getExtensions()); + + attrRequest.setCountry(this.getCountry(samlRequest.getSignature().getKeyInfo())); + + attrRequest.setAlias(this.getAlias(samlRequest.getSignature().getKeyInfo(), super.getSigner().getTrustStore())); + attrRequest.setSamlId(samlRequest.getID()); attrRequest.setDestination(samlRequest.getDestination()); - attrRequest.setAssertionConsumerServiceURL(samlRequest - .getAssertionConsumerServiceURL()); + attrRequest.setAssertionConsumerServiceURL(samlRequest.getAssertionConsumerServiceURL()); - /*authnRequest.setProviderName(samlRequest.getProviderName());*/ attrRequest.setIssuer(samlRequest.getIssuer().getValue()); - //Delete unknown elements from requested ones + // Delete unknown elements from requested ones final Iterator<PersonalAttribute> iterator = attrRequest.getPersonalAttributeList().iterator(); - IPersonalAttributeList cleanPerAttrList = (PersonalAttributeList) attrRequest.getPersonalAttributeList(); + IPersonalAttributeList cleanPerAttrList = (PersonalAttributeList) attrRequest.getPersonalAttributeList(); while (iterator.hasNext()) { final PersonalAttribute attribute = iterator.next(); // Verify if the attribute name exits. - final String attributeName = super.getSamlCoreProperties() - .getProperty(attribute.getName()); + final String attributeName = super.getSamlCoreProperties().getProperty(attribute.getName()); if (StringUtils.isBlank(attributeName)) { LOG.info("Attribute name: {} was not found. It will be removed from the request object", attribute.getName()); cleanPerAttrList.remove(attribute.getName()); } - } + } attrRequest.setPersonalAttributeList(cleanPerAttrList); return attrRequest; } - + /** * Validate stork logout request. * - * @param tokenSaml the token SAML + * @param tokenSaml + * the token SAML * * @return the STORK logout request * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKLogoutRequest validateSTORKLogoutRequest(final byte[] tokenSaml) - throws STORKSAMLEngineException { + public STORKLogoutRequest validateSTORKLogoutRequest(final byte[] tokenSaml) throws STORKSAMLEngineException { LOG.info("validateSTORKLogoutRequest"); - final LogoutRequest samlRequest = (LogoutRequest)validateStorkSaml(tokenSaml); + final LogoutRequest samlRequest = (LogoutRequest) validateStorkSaml(tokenSaml); - LOG.debug("Validate Extensions."); - final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator(); - try { - validatorExt.validate(samlRequest.getExtensions()); - } catch (ValidationException e) { - LOG.error("ValidationException: validate Extensions.", e); - throw new STORKSAMLEngineException(e); + if (samlRequest.getExtensions() != null) { + LOG.debug("Validate Extensions."); + final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator(); + try { + validatorExt.validate(samlRequest.getExtensions()); + } catch (ValidationException e) { + LOG.error("ValidationException: validate Extensions.", e); + throw new STORKSAMLEngineException(e); + } } LOG.debug("Generate STORKLogoutRequest."); final STORKLogoutRequest logoutRequest = new STORKLogoutRequest(); - logoutRequest.setCountry(this.getCountry(samlRequest.getSignature() - .getKeyInfo())); - - logoutRequest.setAlias(this.getAlias(samlRequest.getSignature() - .getKeyInfo(), super.getSigner().getTrustStore())); - + logoutRequest.setCountry(this.getCountry(samlRequest.getSignature().getKeyInfo())); + + logoutRequest.setAlias(this.getAlias(samlRequest.getSignature().getKeyInfo(), super.getSigner().getTrustStore())); + logoutRequest.setSamlId(samlRequest.getID()); logoutRequest.setDestination(samlRequest.getDestination()); - + logoutRequest.setIssuer(samlRequest.getIssuer().getValue()); logoutRequest.setSpProvidedId(samlRequest.getNameID().getValue()); @@ -3259,18 +2892,56 @@ public final class STORKSAMLEngine extends SAMLEngine { } /** + * Validate stork logout response. + * + * @param tokenSaml + * The SAML token + * + * @return the STORK logout response + * + * @throws STORKSAMLEngineException + * the STORKSAML engine exception + */ + public STORKLogoutResponse validateSTORKLogoutResponse(final byte[] tokenSaml) throws STORKSAMLEngineException { + + LOG.info("validate STORK Logout Response"); + + final LogoutResponse samlRes = (LogoutResponse) validateStorkSaml(tokenSaml); + + LOG.debug("Generate STORKLogoutResponse."); + final STORKLogoutResponse logoutRes = new STORKLogoutResponse(); + + try { + logoutRes.setTokenSaml(super.signAndMarshall(samlRes)); + } catch (SAMLEngineException e) { + LOG.error("Sign and Marshall.", e); + throw new STORKSAMLEngineException(e); + } + + logoutRes.setAlias(this.getAlias(samlRes.getSignature().getKeyInfo(), super.getSigner().getTrustStore())); + logoutRes.setSamlId(samlRes.getID()); + logoutRes.setDestination(samlRes.getDestination()); + logoutRes.setIssuer(samlRes.getIssuer().getValue()); + logoutRes.setStatusCode(samlRes.getStatus().getStatusCode().getValue().toString()); + logoutRes.setStatusMessage(samlRes.getStatus().getStatusMessage().getMessage().toString()); + logoutRes.setInResponseTo(samlRes.getInResponseTo()); + return logoutRes; + } + + /** * Validate stork authentication response. * - * @param tokenSaml the token SAML - * @param userIP the user IP + * @param tokenSaml + * the token SAML + * @param userIP + * the user IP * * @return the Stork authentication response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAuthnResponse validateSTORKAuthnResponse( - final byte[] tokenSaml, final String userIP) - throws STORKSAMLEngineException { + public STORKAuthnResponse validateSTORKAuthnResponse(final byte[] tokenSaml, final String userIP) throws STORKSAMLEngineException { LOG.info("validateSTORKAuthnResponse"); final Response samlResponse = (Response) validateStorkSaml(tokenSaml); @@ -3278,90 +2949,76 @@ public final class STORKSAMLEngine extends SAMLEngine { LOG.debug("Create StorkAuthResponse."); final STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry(this.getCountry(samlResponse.getSignature() - .getKeyInfo())); + authnResponse.setCountry(this.getCountry(samlResponse.getSignature().getKeyInfo())); LOG.debug("Set ID."); authnResponse.setSamlId(samlResponse.getID()); LOG.debug("Set InResponseTo."); authnResponse.setInResponseTo(samlResponse.getInResponseTo()); LOG.debug("Set statusCode."); - authnResponse.setStatusCode(samlResponse.getStatus().getStatusCode() - .getValue()); + authnResponse.setStatusCode(samlResponse.getStatus().getStatusCode().getValue()); // Subordinate code. if (samlResponse.getStatus().getStatusCode().getStatusCode() != null) { - authnResponse.setSubStatusCode(samlResponse.getStatus() - .getStatusCode().getStatusCode().getValue()); + authnResponse.setSubStatusCode(samlResponse.getStatus().getStatusCode().getStatusCode().getValue()); } if (samlResponse.getStatus().getStatusMessage() != null) { LOG.debug("Set statusMessage."); - authnResponse.setMessage(samlResponse.getStatus() - .getStatusMessage().getMessage()); + authnResponse.setMessage(samlResponse.getStatus().getStatusMessage().getMessage()); } LOG.debug("validateStorkResponse"); - final Assertion assertion = (Assertion) validateStorkResponse( - samlResponse, userIP); - - if(assertion!=null){ + final Assertion assertion = (Assertion) validateStorkResponse(samlResponse, userIP); + + if (assertion != null) { final DateTime serverDate = new DateTime(); if (assertion.getConditions().getNotOnOrAfter().isBefore(serverDate)) { - LOG.error("Token date expired (getNotOnOrAfter = " - + assertion.getConditions().getNotOnOrAfter() - + ", server_date: " + serverDate + ")"); - throw new STORKSAMLEngineException( - "Token date expired (getNotOnOrAfter = " - + assertion.getConditions().getNotOnOrAfter() - + " ), server_date: " + serverDate); + LOG.error("Token date expired (getNotOnOrAfter = " + assertion.getConditions().getNotOnOrAfter() + ", server_date: " + serverDate + ")"); + throw new STORKSAMLEngineException("Token date expired (getNotOnOrAfter = " + assertion.getConditions().getNotOnOrAfter() + " ), server_date: " + serverDate); } LOG.debug("Set notOnOrAfter."); - authnResponse.setNotOnOrAfter(assertion.getConditions() - .getNotOnOrAfter()); + authnResponse.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter()); LOG.debug("Set notBefore."); authnResponse.setNotBefore(assertion.getConditions().getNotBefore()); authnResponse.setNotBefore(assertion.getConditions().getNotBefore()); - authnResponse.setAudienceRestriction(((AudienceRestriction) assertion - .getConditions().getAudienceRestrictions().get(0)) - .getAudiences().get(0).getAudienceURI()); + authnResponse.setAudienceRestriction(((AudienceRestriction) assertion.getConditions().getAudienceRestrictions().get(0)).getAudiences().get(0).getAudienceURI()); authnResponse.setAssertions(samlResponse.getAssertions()); } - + // Case no error. - if (assertion!=null && StatusCode.SUCCESS_URI.equalsIgnoreCase(authnResponse - .getStatusCode())) { + if (assertion != null && StatusCode.SUCCESS_URI.equalsIgnoreCase(authnResponse.getStatusCode())) { LOG.debug("Status Success. Set PersonalAttributeList."); - authnResponse - .setPersonalAttributeList(generatePersonalAttributeList(assertion)); + authnResponse.setPersonalAttributeList(generatePersonalAttributeList(assertion)); authnResponse.setFail(false); } else { LOG.debug("Status Fail."); authnResponse.setFail(true); - } + } LOG.debug("Return result."); return authnResponse; } - + /** * Validate stork authentication response. * - * @param tokenSaml the token SAML - * @param userIP the user IP + * @param tokenSaml + * the token SAML + * @param userIP + * the user IP * * @return the Stork authentication response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAuthnResponse validateSTORKAuthnResponseWithQuery( - final byte[] tokenSaml, final String userIP) - throws STORKSAMLEngineException { + public STORKAuthnResponse validateSTORKAuthnResponseWithQuery(final byte[] tokenSaml, final String userIP) throws STORKSAMLEngineException { LOG.info("validateSTORKAuthnResponse"); final Response samlResponse = (Response) validateStorkSaml(tokenSaml); @@ -3369,113 +3026,95 @@ public final class STORKSAMLEngine extends SAMLEngine { LOG.debug("Create StorkAuthResponse."); final STORKAuthnResponse authnResponse = new STORKAuthnResponse(); - authnResponse.setCountry(this.getCountry(samlResponse.getSignature() - .getKeyInfo())); + authnResponse.setCountry(this.getCountry(samlResponse.getSignature().getKeyInfo())); LOG.debug("Set ID."); authnResponse.setSamlId(samlResponse.getID()); LOG.debug("Set InResponseTo."); authnResponse.setInResponseTo(samlResponse.getInResponseTo()); LOG.debug("Set statusCode."); - authnResponse.setStatusCode(samlResponse.getStatus().getStatusCode() - .getValue()); + authnResponse.setStatusCode(samlResponse.getStatus().getStatusCode().getValue()); // Subordinate code. if (samlResponse.getStatus().getStatusCode().getStatusCode() != null) { - authnResponse.setSubStatusCode(samlResponse.getStatus() - .getStatusCode().getStatusCode().getValue()); + authnResponse.setSubStatusCode(samlResponse.getStatus().getStatusCode().getStatusCode().getValue()); } if (samlResponse.getStatus().getStatusMessage() != null) { LOG.debug("Set statusMessage."); - authnResponse.setMessage(samlResponse.getStatus() - .getStatusMessage().getMessage()); + authnResponse.setMessage(samlResponse.getStatus().getStatusMessage().getMessage()); } LOG.debug("validateStorkResponse"); - final Assertion assertion = (Assertion) validateStorkResponse( - samlResponse, userIP); - - if(assertion!=null){ + final Assertion assertion = (Assertion) validateStorkResponse(samlResponse, userIP); + + if (assertion != null) { final DateTime serverDate = new DateTime(); if (assertion.getConditions().getNotOnOrAfter().isBefore(serverDate)) { - LOG.error("Token date expired (getNotOnOrAfter = " - + assertion.getConditions().getNotOnOrAfter() - + ", server_date: " + serverDate + ")"); - throw new STORKSAMLEngineException( - "Token date expired (getNotOnOrAfter = " - + assertion.getConditions().getNotOnOrAfter() - + " ), server_date: " + serverDate); + LOG.error("Token date expired (getNotOnOrAfter = " + assertion.getConditions().getNotOnOrAfter() + ", server_date: " + serverDate + ")"); + throw new STORKSAMLEngineException("Token date expired (getNotOnOrAfter = " + assertion.getConditions().getNotOnOrAfter() + " ), server_date: " + serverDate); } LOG.debug("Set notOnOrAfter."); - authnResponse.setNotOnOrAfter(assertion.getConditions() - .getNotOnOrAfter()); + authnResponse.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter()); LOG.debug("Set notBefore."); authnResponse.setNotBefore(assertion.getConditions().getNotBefore()); authnResponse.setNotBefore(assertion.getConditions().getNotBefore()); - authnResponse.setAudienceRestriction(((AudienceRestriction) assertion - .getConditions().getAudienceRestrictions().get(0)) - .getAudiences().get(0).getAudienceURI()); + authnResponse.setAudienceRestriction(((AudienceRestriction) assertion.getConditions().getAudienceRestrictions().get(0)).getAudiences().get(0).getAudienceURI()); } - + // Case no error. - if (assertion!=null && StatusCode.SUCCESS_URI.equalsIgnoreCase(authnResponse - .getStatusCode())) { + if (assertion != null && StatusCode.SUCCESS_URI.equalsIgnoreCase(authnResponse.getStatusCode())) { LOG.debug("Status Success. Set PersonalAttributeList."); - authnResponse - .setPersonalAttributeList(generatePersonalAttributeList(assertion)); + authnResponse.setPersonalAttributeList(generatePersonalAttributeList(assertion)); authnResponse.setFail(false); } else { LOG.debug("Status Fail."); authnResponse.setFail(true); } - + authnResponse.setAssertions(samlResponse.getAssertions()); - if (samlResponse.getAssertions().size() > 1) - { + if (samlResponse.getAssertions().size() > 1) { PersonalAttributeList total = new PersonalAttributeList(); - List<IPersonalAttributeList> attrList = new ArrayList(); - for (int i = 0; i < samlResponse.getAssertions().size(); i++) - { - Assertion tempAssertion = (Assertion)samlResponse.getAssertions().get(i); + List<IPersonalAttributeList> attrList = new ArrayList<IPersonalAttributeList>(); + for (int i = 0; i < samlResponse.getAssertions().size(); i++) { + Assertion tempAssertion = (Assertion) samlResponse.getAssertions().get(i); IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion); - if (temp != null) - { + if (temp != null) { attrList.add(temp); - for (PersonalAttribute attribute : temp) { - PersonalAttribute attr = (PersonalAttribute)attribute.clone(); - attr.setName(attr.getName()+tempAssertion.getID()); - total.add(attr); + for (PersonalAttribute attribute : (IPersonalAttributeList) temp.clone()) { + attribute.setName(attribute.getName() + tempAssertion.getID()); + total.add(attribute); } } } authnResponse.setPersonalAttributeLists(attrList); authnResponse.setTotalPersonalAttributeList(total); } - + LOG.debug("Return result."); return authnResponse; } - + /** * Validate stork attribute query response. * - * @param tokenSaml the token SAML - * @param userIP the user IP + * @param tokenSaml + * the token SAML + * @param userIP + * the user IP * * @return the Stork attribute query response * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - public STORKAttrQueryResponse validateSTORKAttrQueryResponse( - final byte[] tokenSaml, final String userIP) - throws STORKSAMLEngineException { + public STORKAttrQueryResponse validateSTORKAttrQueryResponse(final byte[] tokenSaml, final String userIP) throws STORKSAMLEngineException { LOG.info("validateSTORKAttrQueryResponse"); final Response samlResponse = (Response) validateStorkSaml(tokenSaml); @@ -3483,90 +3122,71 @@ public final class STORKSAMLEngine extends SAMLEngine { LOG.debug("Create StorkAttrQueryResponse."); final STORKAttrQueryResponse attrQueryResponse = new STORKAttrQueryResponse(); - attrQueryResponse.setCountry(this.getCountry(samlResponse.getSignature() - .getKeyInfo())); + attrQueryResponse.setCountry(this.getCountry(samlResponse.getSignature().getKeyInfo())); LOG.debug("Set ID."); attrQueryResponse.setSamlId(samlResponse.getID()); LOG.debug("Set InResponseTo."); attrQueryResponse.setInResponseTo(samlResponse.getInResponseTo()); LOG.debug("Set statusCode."); - attrQueryResponse.setStatusCode(samlResponse.getStatus().getStatusCode() - .getValue()); - + attrQueryResponse.setStatusCode(samlResponse.getStatus().getStatusCode().getValue()); // Subordinate code. if (samlResponse.getStatus().getStatusCode().getStatusCode() != null) { - attrQueryResponse.setSubStatusCode(samlResponse.getStatus() - .getStatusCode().getStatusCode().getValue()); + attrQueryResponse.setSubStatusCode(samlResponse.getStatus().getStatusCode().getStatusCode().getValue()); } if (samlResponse.getStatus().getStatusMessage() != null) { LOG.debug("Set statusMessage."); - attrQueryResponse.setMessage(samlResponse.getStatus() - .getStatusMessage().getMessage()); + attrQueryResponse.setMessage(samlResponse.getStatus().getStatusMessage().getMessage()); } LOG.debug("validateStorkResponse"); - final Assertion assertion = (Assertion) validateStorkResponse( - samlResponse, userIP); - - if(assertion!=null){ + final Assertion assertion = (Assertion) validateStorkResponse(samlResponse, userIP); + + if (assertion != null) { final DateTime serverDate = new DateTime(); attrQueryResponse.setAssertion(assertion); if (assertion.getConditions().getNotOnOrAfter().isBefore(serverDate)) { - LOG.error("Token date expired (getNotOnOrAfter = " - + assertion.getConditions().getNotOnOrAfter() - + ", server_date: " + serverDate + ")"); - throw new STORKSAMLEngineException( - "Token date expired (getNotOnOrAfter = " - + assertion.getConditions().getNotOnOrAfter() - + " ), server_date: " + serverDate); + LOG.error("Token date expired (getNotOnOrAfter = " + assertion.getConditions().getNotOnOrAfter() + ", server_date: " + serverDate + ")"); + throw new STORKSAMLEngineException("Token date expired (getNotOnOrAfter = " + assertion.getConditions().getNotOnOrAfter() + " ), server_date: " + serverDate); } LOG.debug("Set notOnOrAfter."); - attrQueryResponse.setNotOnOrAfter(assertion.getConditions() - .getNotOnOrAfter()); + attrQueryResponse.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter()); LOG.debug("Set notBefore."); attrQueryResponse.setNotBefore(assertion.getConditions().getNotBefore()); attrQueryResponse.setNotBefore(assertion.getConditions().getNotBefore()); - attrQueryResponse.setAudienceRestriction(((AudienceRestriction) assertion - .getConditions().getAudienceRestrictions().get(0)) - .getAudiences().get(0).getAudienceURI()); + attrQueryResponse.setAudienceRestriction(((AudienceRestriction) assertion.getConditions().getAudienceRestrictions().get(0)).getAudiences().get(0).getAudienceURI()); } - + // Case no error. - if (assertion!=null && StatusCode.SUCCESS_URI.equalsIgnoreCase(attrQueryResponse - .getStatusCode())) { + if (assertion != null && StatusCode.SUCCESS_URI.equalsIgnoreCase(attrQueryResponse.getStatusCode())) { LOG.debug("Status Success. Set PersonalAttributeList."); - attrQueryResponse - .setPersonalAttributeList(generatePersonalAttributeList(assertion)); + attrQueryResponse.setPersonalAttributeList(generatePersonalAttributeList(assertion)); attrQueryResponse.setFail(false); } else { LOG.debug("Status Fail."); attrQueryResponse.setFail(true); } - + attrQueryResponse.setAssertions(samlResponse.getAssertions()); - if (samlResponse.getAssertions().size() > 1) - { + if (samlResponse.getAssertions().size() > 1) { PersonalAttributeList total = new PersonalAttributeList(); List<IPersonalAttributeList> attrList = new ArrayList(); - for (int i = 0; i < samlResponse.getAssertions().size(); i++) - { - Assertion tempAssertion = (Assertion)samlResponse.getAssertions().get(i); + for (int i = 0; i < samlResponse.getAssertions().size(); i++) { + Assertion tempAssertion = (Assertion) samlResponse.getAssertions().get(i); IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion); - if (temp != null) - { + if (temp != null) { attrList.add(temp); for (PersonalAttribute attribute : temp) { - PersonalAttribute attr = (PersonalAttribute)attribute.clone(); - attr.setName(attr.getName()+tempAssertion.getID()); + PersonalAttribute attr = (PersonalAttribute) attribute.clone(); + attr.setName(attr.getName() + tempAssertion.getID()); total.add(attr); } } @@ -3574,7 +3194,7 @@ public final class STORKSAMLEngine extends SAMLEngine { attrQueryResponse.setPersonalAttributeLists(attrList); attrQueryResponse.setTotalPersonalAttributeList(total); } - + LOG.debug("Return result."); return attrQueryResponse; @@ -3583,61 +3203,50 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Validate stork response. * - * @param samlResponse the SAML response - * @param userIP the user IP + * @param samlResponse + * the SAML response + * @param userIP + * the user IP * * @return the assertion * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private Assertion validateStorkResponse(final Response samlResponse, - final String userIP) throws STORKSAMLEngineException { + private Assertion validateStorkResponse(final Response samlResponse, final String userIP) throws STORKSAMLEngineException { // Exist only one Assertion - if (samlResponse.getAssertions() == null - || samlResponse.getAssertions().isEmpty()) { - LOG.info("Assertion is null or empty."); //in replace of throw new STORKSAMLEngineException("Assertion is null or empty.") + if (samlResponse.getAssertions() == null || samlResponse.getAssertions().isEmpty()) { + LOG.info("Assertion is null or empty."); // in replace of throw new STORKSAMLEngineException("Assertion is null or empty.") return null; } - final Assertion assertion = (Assertion) samlResponse.getAssertions() - .get(0); + final Assertion assertion = (Assertion) samlResponse.getAssertions().get(0); LOG.debug("Verified method Bearer"); - for (final Iterator<SubjectConfirmation> iter = assertion.getSubject() - .getSubjectConfirmations().iterator(); iter.hasNext();) { + for (final Iterator<SubjectConfirmation> iter = assertion.getSubject().getSubjectConfirmations().iterator(); iter.hasNext();) { final SubjectConfirmation element = iter.next(); - final boolean isBearer = SubjectConfirmation.METHOD_BEARER - .equals(element.getMethod()); + final boolean isBearer = SubjectConfirmation.METHOD_BEARER.equals(element.getMethod()); - final boolean ipValidate = super.getSamlCoreProperties() - .isIpValidation(); + final boolean ipValidate = super.getSamlCoreProperties().isIpValidation(); if (ipValidate) { if (isBearer) { if (StringUtils.isBlank(userIP)) { LOG.error("browser_ip is null or empty."); - throw new STORKSAMLEngineException( - "browser_ip is null or empty."); - } else if (StringUtils.isBlank(element - .getSubjectConfirmationData().getAddress())) { + throw new STORKSAMLEngineException("browser_ip is null or empty."); + } else if (StringUtils.isBlank(element.getSubjectConfirmationData().getAddress())) { LOG.error("token_ip attribute is null or empty."); - throw new STORKSAMLEngineException( - "token_ip attribute is null or empty."); + throw new STORKSAMLEngineException("token_ip attribute is null or empty."); } } - final boolean ipEqual = element.getSubjectConfirmationData() - .getAddress().equals(userIP); + final boolean ipEqual = element.getSubjectConfirmationData().getAddress().equals(userIP); // Validation ipUser if (!ipEqual && ipValidate) { LOG.error("SubjectConfirmation BEARER: "); - throw new STORKSAMLEngineException( - "IPs doesn't match : token_ip (" - + element.getSubjectConfirmationData() - .getAddress() + ") browser_ip (" - + userIP + ")"); + throw new STORKSAMLEngineException("IPs doesn't match : token_ip (" + element.getSubjectConfirmationData().getAddress() + ") browser_ip (" + userIP + ")"); } } @@ -3648,27 +3257,27 @@ public final class STORKSAMLEngine extends SAMLEngine { /** * Validate stork SAML. * - * @param tokenSaml the token SAML + * @param tokenSaml + * the token SAML * * @return the signable SAML object * - * @throws STORKSAMLEngineException the STORKSAML engine exception + * @throws STORKSAMLEngineException + * the STORKSAML engine exception */ - private SignableSAMLObject validateStorkSaml(final byte[] tokenSaml) - throws STORKSAMLEngineException { + private SignableSAMLObject validateStorkSaml(final byte[] tokenSaml) throws STORKSAMLEngineException { LOG.info("Validate StorkSaml message."); if (tokenSaml == null) { LOG.error("Saml authentication request is null."); - throw new STORKSAMLEngineException( - "Saml authentication request is null."); + throw new STORKSAMLEngineException("Saml authentication request is null."); } LOG.debug("Generate AuthnRequest from request."); SignableSAMLObject samlObject; - try { + try { samlObject = (SignableSAMLObject) super.unmarshall(tokenSaml); } catch (SAMLEngineException e) { LOG.error("SAMLEngineException unmarshall.", e); @@ -3677,10 +3286,8 @@ public final class STORKSAMLEngine extends SAMLEngine { boolean validateSign = true; - if (StringUtils.isNotBlank(super.getSamlCoreProperties().getProperty( - "validateSignature"))) { - validateSign = Boolean.valueOf(super.getSamlCoreProperties() - .getProperty("validateSignature")); + if (StringUtils.isNotBlank(super.getSamlCoreProperties().getProperty("validateSignature"))) { + validateSign = Boolean.valueOf(super.getSamlCoreProperties().getProperty("validateSignature")); } if (validateSign) { @@ -3694,22 +3301,15 @@ public final class STORKSAMLEngine extends SAMLEngine { } LOG.debug("Validate Schema."); - final ValidatorSuite validatorSuite = Configuration - .getValidatorSuite("saml2-core-schema-validator"); - try { - if (samlObject.getElementQName().toString().endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME)) - { - CustomAttributeQueryValidator val = - new CustomAttributeQueryValidator(); - val.validate((CustomAttributeQuery)samlObject); - } - else if (samlObject instanceof Response - && ((Response) samlObject).getAssertions().size() > 1) { - MultipleAssertionResponseValidator val = - new MultipleAssertionResponseValidator(); - val.validate((Response)samlObject); - } - else + final ValidatorSuite validatorSuite = Configuration.getValidatorSuite("saml2-core-schema-validator"); + try { + if (samlObject.getElementQName().toString().endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME)) { + CustomAttributeQueryValidator val = new CustomAttributeQueryValidator(); + val.validate((CustomAttributeQuery) samlObject); + } else if (samlObject instanceof Response && ((Response) samlObject).getAssertions().size() > 1) { + MultipleAssertionResponseValidator val = new MultipleAssertionResponseValidator(); + val.validate((Response) samlObject); + } else validatorSuite.validate(samlObject); } catch (ValidationException e) { LOG.error("ValidationException.", e); @@ -3718,27 +3318,22 @@ public final class STORKSAMLEngine extends SAMLEngine { return samlObject; } - - private boolean isComplex(XMLObject xmlObject) - { + + private boolean isComplex(XMLObject xmlObject) { boolean isComplex = false; - + final XSAnyImpl complexValue = (XSAnyImpl) xmlObject; - for (int nextComplexValue = 0; nextComplexValue < complexValue - .getUnknownXMLObjects().size(); nextComplexValue++) { + for (int nextComplexValue = 0; nextComplexValue < complexValue.getUnknownXMLObjects().size(); nextComplexValue++) { - final XSAnyImpl simple = (XSAnyImpl) complexValue - .getUnknownXMLObjects().get( - nextComplexValue); - - if (simple.getElementQName().getLocalPart() != null) - { + final XSAnyImpl simple = (XSAnyImpl) complexValue.getUnknownXMLObjects().get(nextComplexValue); + + if (simple.getElementQName().getLocalPart() != null) { isComplex = true; break; } } - + return isComplex; - } + } } |