diff options
Diffstat (limited to 'id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator')
5 files changed, 293 insertions, 201 deletions
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java index beceac57f..c602ad38a 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java @@ -1,57 +1,69 @@ -package eu.stork.peps.auth.engine.core.validator;
-
-import java.util.List;
-
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.SubjectQuery;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.util.DatatypeHelper;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.Validator;
-
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-
-public class CustomAttributeQueryValidator implements Validator<CustomAttributeQuery> {
-
- /*
- * Validate action.
- *
- * @param qaa the quality authentication assurance level attribute
- *
- * @throws ValidationException the validation exception
- */
- public final void validate(final CustomAttributeQuery attrQuery) throws ValidationException {
- validateAssertion(attrQuery);
- validateSubject(attrQuery);
- validateDestination(attrQuery);
- }
-
-
- /**
- * Validate assertion.
- *
- * @param attrQuery the attribute query
- *
- * @throws ValidationException the validation exception
- */
- protected final void validateAssertion(final CustomAttributeQuery attrQuery)
- throws ValidationException {
- if (DatatypeHelper.isEmpty(attrQuery.getAssertionConsumerServiceURL())) {
- throw new ValidationException("Consumer Service URL must be specified.");
- }
- }
-
- //Validate subject
- protected void validateSubject(CustomAttributeQuery query) throws ValidationException {
- if (query.getSubject() == null)
- throw new ValidationException("Subject is required");
- }
-
- //Validate destination
- protected void validateDestination(CustomAttributeQuery query) throws ValidationException {
- if (query.getDestination() == null)
- throw new ValidationException("Destination is required");
- }
-
-}
+package eu.stork.peps.auth.engine.core.validator; + +import org.opensaml.xml.util.DatatypeHelper; +import org.opensaml.xml.validation.ValidationException; +import org.opensaml.xml.validation.Validator; + +import eu.stork.peps.auth.engine.core.CustomAttributeQuery; + +public class CustomAttributeQueryValidator implements Validator<CustomAttributeQuery> { + + /** + * Validate action. + * + * @param attrQuery the attribute query to validate + * + * @throws ValidationException the validation exception + */ + public final void validate(final CustomAttributeQuery attrQuery) throws ValidationException { + validateAssertion(attrQuery); + validateSubject(attrQuery); + validateDestination(attrQuery); + } + + + /** + * Validate assertion. + * + * @param attrQuery the attribute query + * + * @throws ValidationException the validation exception + */ + protected final void validateAssertion(final CustomAttributeQuery attrQuery) + throws ValidationException { + if (DatatypeHelper.isEmpty(attrQuery.getAssertionConsumerServiceURL())) { + throw new ValidationException("Consumer Service URL must be specified."); + } + } + + /** + * Validate subject + * @param query the attribute query to validate + * @throws ValidationException the validation exception + */ + protected void validateSubject(CustomAttributeQuery query) throws ValidationException { + if (query.getSubject() == null) + throw new ValidationException("Subject is required"); + } + + /** + * Validate the destination + * @param query the query to validate + * @throws ValidationException the validation exception + */ + protected void validateDestination(CustomAttributeQuery query) throws ValidationException { + if (query.getDestination() == null) + throw new ValidationException("Destination is required"); + } + + /** + * Validate the destination + * @param query the query to validate + * @throws ValidationException the validation exception + */ + protected void validateTime(CustomAttributeQuery query) throws ValidationException { + if (query.getIssueInstant().isAfterNow()) + throw new ValidationException("Issue time is in the futue"); + } + +} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java index 760d9c188..491549aac 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java @@ -1,61 +1,61 @@ -/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.validator;
-
-import java.util.List;
-
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.Validator;
-
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-
-/**
- * The Class ExtensionsSchemaValidator.
- *
- * @author fjquevedo
- */
-public class ExtensionsSchemaValidator implements Validator<Extensions> {
-
-
- /**
- * validate the extensions.
- *
- * @param extensions the extensions
- *
- * @throws ValidationException the validation exception
- */
- public final void validate(final Extensions extensions)
- throws ValidationException {
- if (extensions.getUnknownXMLObjects() == null
- || extensions.getUnknownXMLObjects().size() <= 0) {
- throw new ValidationException("Extension element is empty or not exist.");
- }
-
- List<XMLObject> qaa = extensions.getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME);
-
- if (qaa.size() == 1) {
- final Validator<QAAAttribute> validatorQaa = new QAAAttributeSchemaValidator();
- validatorQaa.validate((QAAAttribute) qaa.get(0));
- } else {
- throw new ValidationException(
- "Extensions must contain only one element QAALevel.");
- }
-
- }
-
-}
+/* + * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. You may + * obtain a copy of the Licence at: + * + * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * Licence for the specific language governing permissions and limitations under + * the Licence. + */ + +package eu.stork.peps.auth.engine.core.validator; + +import java.util.List; + +import org.opensaml.saml2.common.Extensions; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.validation.ValidationException; +import org.opensaml.xml.validation.Validator; + +import eu.stork.peps.auth.engine.core.QAAAttribute; + +/** + * The Class ExtensionsSchemaValidator. + * + * @author fjquevedo + */ +public class ExtensionsSchemaValidator implements Validator<Extensions> { + + + /** + * validate the extensions. + * + * @param extensions the extensions + * + * @throws ValidationException the validation exception + */ + public final void validate(final Extensions extensions) + throws ValidationException { + if (extensions.getUnknownXMLObjects() == null + || extensions.getUnknownXMLObjects().size() <= 0) { + throw new ValidationException("Extension element is empty or not exist."); + } + + List<XMLObject> qaa = extensions.getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME); + + if (qaa.size() == 1) { + final Validator<QAAAttribute> validatorQaa = new QAAAttributeSchemaValidator(); + validatorQaa.validate((QAAAttribute) qaa.get(0)); + } else { + throw new ValidationException( + "Extensions must contain only one element QAALevel."); + } + + } + +} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java new file mode 100644 index 000000000..72639c8ee --- /dev/null +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java @@ -0,0 +1,80 @@ +package eu.stork.peps.auth.engine.core.validator; + +import org.opensaml.saml2.core.Response; +import org.opensaml.xml.validation.ValidationException; +import org.opensaml.xml.validation.Validator; + + +public class MultipleAssertionResponseValidator implements Validator<Response> { + + /** + * Validate action. + * + * @param response the response to validate + * + * @throws ValidationException the validation exception + */ + public final void validate(final Response response) throws ValidationException { + validateAssertion(response); + validateConsent(response); + validateDestination(response); + validateTime(response); + validateId(response); + } + + + /** + * Validate assertion. + * + * @param response the attribute query + * + * @throws ValidationException the validation exception + */ + protected final void validateAssertion(final Response response) + throws ValidationException { + if (response.getAssertions() == null || response.getAssertions().size() < 2) { + throw new ValidationException("Multiple assertions must be specified."); + } + } + + /** + * Validate the Consent + * @param response the response to validate + * @throws ValidationException the validation exception + */ + protected void validateConsent(Response response) throws ValidationException { + if (response.getConsent() == null) + throw new ValidationException("Consent is required"); + } + + /** + * Validate the destination + * @param response the response to validate + * @throws ValidationException the validation exception + */ + protected void validateDestination(Response response) throws ValidationException { + if (response.getDestination() == null) + throw new ValidationException("Destination is required"); + } + + /** + * Validate issue times + * @param response the response to validate + * @throws ValidationException the validation exception + */ + protected void validateTime(Response response) throws ValidationException { + if (response.getIssueInstant().isAfterNow()) + throw new ValidationException("Issue time is in the futue"); + } + + /** + * Validate ids + * @param response the response to validate + * @throws ValidationException the validation exception + */ + protected void validateId(Response response) throws ValidationException { + if (response.getID() == null || response.getInResponseTo() == null) + throw new ValidationException("Id and response id is required"); + } + +} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java index be5dc8c34..44c9db380 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java @@ -1,65 +1,65 @@ -/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.validator;
-
-import org.opensaml.xml.util.DatatypeHelper;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.Validator;
-
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-
-/**
- * The Class QAAAttributeSchemaValidator.
- *
- * @author fjquevedo
- */
-public class QAAAttributeSchemaValidator implements Validator<QAAAttribute> {
-
-
- /**
- * Validate action.
- *
- * @param qaa the quality authentication assurance level attribute
- *
- * @throws ValidationException the validation exception
- */
- public final void validate(final QAAAttribute qaa) throws ValidationException {
- validateAction(qaa);
- }
-
-
- /**
- * Validate action.
- *
- * @param qaaAttribute the quality authentication assurance level attribute.
- *
- * @throws ValidationException the validation exception
- */
- protected final void validateAction(final QAAAttribute qaaAttribute)
- throws ValidationException {
- if (DatatypeHelper.isEmpty(qaaAttribute.getQaaLevel())) {
- throw new ValidationException("QAALevel label must be specified.");
- }
-
- final int qaa = Integer.valueOf(qaaAttribute.getQaaLevel());
-
- if (qaa < QAAAttribute.MIN_VALUE || qaa > QAAAttribute.MAX_VALUE) {
- throw new ValidationException(
- "QAALevel label must be greater than 0.");
- }
- }
-
-}
+/* + * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. You may + * obtain a copy of the Licence at: + * + * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * Licence for the specific language governing permissions and limitations under + * the Licence. + */ + +package eu.stork.peps.auth.engine.core.validator; + +import org.opensaml.xml.util.DatatypeHelper; +import org.opensaml.xml.validation.ValidationException; +import org.opensaml.xml.validation.Validator; + +import eu.stork.peps.auth.engine.core.QAAAttribute; + +/** + * The Class QAAAttributeSchemaValidator. + * + * @author fjquevedo + */ +public class QAAAttributeSchemaValidator implements Validator<QAAAttribute> { + + + /** + * Validate action. + * + * @param qaa the quality authentication assurance level attribute + * + * @throws ValidationException the validation exception + */ + public final void validate(final QAAAttribute qaa) throws ValidationException { + validateAction(qaa); + } + + + /** + * Validate action. + * + * @param qaaAttribute the quality authentication assurance level attribute. + * + * @throws ValidationException the validation exception + */ + protected final void validateAction(final QAAAttribute qaaAttribute) + throws ValidationException { + if (DatatypeHelper.isEmpty(qaaAttribute.getQaaLevel())) { + throw new ValidationException("QAALevel label must be specified."); + } + + final int qaa = Integer.valueOf(qaaAttribute.getQaaLevel()); + + if (qaa < QAAAttribute.MIN_VALUE || qaa > QAAAttribute.MAX_VALUE) { + throw new ValidationException( + "QAALevel label must be greater than 0."); + } + } + +} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java index b98cf7157..07b632773 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java @@ -1,19 +1,19 @@ -/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-/**
- * Validation rules for STORK 1.0 core types and elements.
- */
+/* + * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. You may + * obtain a copy of the Licence at: + * + * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * Licence for the specific language governing permissions and limitations under + * the Licence. + */ + +/** + * Validation rules for STORK 1.0 core types and elements. + */ package eu.stork.peps.auth.engine.core.validator;
\ No newline at end of file |