aboutsummaryrefslogtreecommitdiff
path: root/id/server/stork2-saml-engine/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/stork2-saml-engine/src/main/java')
-rw-r--r--id/server/stork2-saml-engine/src/main/java/META-INF/MANIFEST.MF6
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java836
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngineUtils.java1718
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java7449
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java138
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/AuthenticationAttributes.java114
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CitizenCountryCode.java112
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CustomAttributeQuery.java102
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CustomRequestAbstractType.java352
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDCrossBorderShare.java116
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDCrossSectorShare.java112
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDSectorShare.java114
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/QAAAttribute.java126
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/RequestedAttribute.java280
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/RequestedAttributes.java102
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java196
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLEngineSignI.java176
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPApplication.java112
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPCountry.java112
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPID.java112
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPInformation.java112
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPInstitution.java112
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPSector.java112
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java1016
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/VIDPAuthenticationAttributes.java144
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesBuilder.java112
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java218
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesMarshaller.java57
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesUnmarshaller.java108
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java164
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryBuilder.java52
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java130
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryMarshaller.java100
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryUnmarshaller.java228
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareBuilder.java102
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java172
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareMarshaller.java94
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareUnmarshaller.java86
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareBuilder.java102
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java176
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareMarshaller.java92
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareUnmarshaller.java94
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareBuilder.java100
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java168
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareMarshaller.java92
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareUnmarshaller.java94
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java168
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeBuilder.java108
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java440
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeMarshaller.java178
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeUnmarshaller.java192
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesBuilder.java108
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesImpl.java190
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesMarshaller.java66
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesUnmarshaller.java104
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java168
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java164
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java164
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java220
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationUnmarshaller.java104
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java168
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorImpl.java168
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java936
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignModuleFactory.java128
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java1121
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java1065
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java264
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesUnmarshaller.java110
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/package-info.java36
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/package-info.java36
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java126
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java122
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java80
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java130
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java36
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/package-info.java36
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java276
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationEngine.java138
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationReader.java467
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationSingleton.java146
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/InstanceEngine.java140
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/package-info.java38
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/SAMLEngineException.java114
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/STORKSAMLEngineRuntimeException.java110
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/package-info.java36
85 files changed, 12449 insertions, 12374 deletions
diff --git a/id/server/stork2-saml-engine/src/main/java/META-INF/MANIFEST.MF b/id/server/stork2-saml-engine/src/main/java/META-INF/MANIFEST.MF
index 5e9495128..254272e1c 100644
--- a/id/server/stork2-saml-engine/src/main/java/META-INF/MANIFEST.MF
+++ b/id/server/stork2-saml-engine/src/main/java/META-INF/MANIFEST.MF
@@ -1,3 +1,3 @@
-Manifest-Version: 1.0
-Class-Path:
-
+Manifest-Version: 1.0
+Class-Path:
+
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
index e993c0e46..26635e337 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
@@ -1,421 +1,415 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine;
-
-import java.io.ByteArrayInputStream;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.xml.ConfigurationException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallerFactory;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.parse.XMLParserException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.auth.engine.core.STORKSAMLCore;
-import eu.stork.peps.auth.engine.core.impl.CustomAttributeQueryMarshaller;
-import eu.stork.peps.auth.engine.core.impl.CustomAttributeQueryUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SignModuleFactory;
-import eu.stork.peps.configuration.ConfigurationCreator;
-import eu.stork.peps.configuration.ConfigurationReader;
-import eu.stork.peps.configuration.InstanceEngine;
-import eu.stork.peps.exceptions.SAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
-
-/**
- * Class that wraps the operations over SAML tokens, both generation and
- * validation of SAML requests and SAML responses. Compliant with "OASIS Secure
- * Assertion Markup Language (SAML) 2.0, May 2005", but taking into account
- * STORK specific requirements.
- *
- * @author fjquevedo
- * @author iinigo
- */
-
-public class SAMLEngine {
-
- /** The Document Builder Factory. */
- private static javax.xml.parsers.DocumentBuilderFactory dbf = null;
-
- /** The instance of every engine SAML. */
- private static Map<String, InstanceEngine> instanceConfigs;
-
- /** The instances of SAML engine. */
- private static Map<String, Map<String, Object>> instances;
-
- /** The logger. */
- private static final Logger LOG = LoggerFactory.getLogger(SAMLEngine.class
- .getName());
-
- /** The Constant MODULE_SIGN_CONF. */
- private static final String MODULE_SIGN_CONF = "SignatureConf";
-
- /** The Constant SAML_ENGINE_SIGN_CLASS. */
- private static final String SAML_ENGINE_SIGN_CLASS = "class";
-
- /** The Constant SAML_ENGINE_CONF. */
- private static final String SAML_ENGINE_CONF = "SamlEngineConf";
-
- /** The Constant SAML_ENGINE_FILE_CONF. */
- private static final String SAML_ENGINE_FILE_CONF = "fileConfiguration";
-
- /** The codification of characters. */
- private static final String CHARACTER_ENCODING = "UTF-8";
-
- /** The SAML core. */
- private STORKSAMLCore samlCore;
-
- /** The Module of Signature. */
- private SAMLEngineSignI signer;
-
-
- /** Initializes the SAML engine. */
- /** Configure Document Builder Factory. */
-
- static {
- startUp();
- loadDocumentFactory();
- }
-
- /**
- * Load document factory.
- */
- private static void loadDocumentFactory() {
-
- try {
- dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance();
- dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
- dbf.setNamespaceAware(true);
- dbf.setIgnoringComments(true);
- } catch (ParserConfigurationException e) {
- LOG.error("Error parser configuration.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
-
- }
-
- /**
- * Method that initializes the basic services for the SAML Engine, like the
- * OpenSAML library and the BouncyCastle provider.
- */
- private static void startUp() {
-
- LOG.info("SAMLEngine: Initialize OpenSAML");
-
- //TLenz: MOA-ID uses an own Bootstrap
-// try {
-// DefaultBootstrap.bootstrap();
-// } catch (ConfigurationException e) {
-// LOG.error("Problem initializing the OpenSAML library.");
-// throw new STORKSAMLEngineRuntimeException(e);
-// }
-
- LOG.debug("Read all file configurations. (instances of SAMLEngine)");
- try {
- instanceConfigs = ConfigurationReader.readConfiguration();
- } catch (SAMLEngineException e) {
- LOG.error("Error read configuration file.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
-
- LOG.debug("Create all instaces of saml engine. (instances of SAMLEngine)");
- try {
- instances = ConfigurationCreator
- .createConfiguration(instanceConfigs);
- } catch (STORKSAMLEngineException e) {
- LOG.error("Error initializing instances from Stork SAML engine.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
- }
-
- /**
- * Instantiates a new SAML engine.
- */
- private SAMLEngine() {
-
- }
-
- /**
- * Instantiates a new SAML engine.
- *
- * @param nameInstance the name instance
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- protected SAMLEngine(final String nameInstance)
- throws STORKSAMLEngineException {
- LOG.info("Loading Specific Configuration.");
-
- LOG.debug("Create intance of saml messages.");
-
- Map<String, Object> instance = instances.get(nameInstance);
-
- if (instance == null || instance.isEmpty()) {
- LOG.error("Instance: " + nameInstance + " not exist.");
- throw new STORKSAMLEngineException("Instance: " + nameInstance
- + " not exist.");
- }
-
- Properties properties = (Properties) instance.get(SAML_ENGINE_CONF);
-
- if (properties == null) {
- LOG.error("SamlEngine.xml: not exist.");
- throw new STORKSAMLEngineException("SamlEngine.xml: not exist.");
- }
-
- samlCore = new STORKSAMLCore(properties);
-
- final HashMap<String, String> propertiesSign = (HashMap<String, String>) instance
- .get(MODULE_SIGN_CONF);
-
- LOG.debug("Loading Module of sign.");
- signer = SignModuleFactory.getInstance(propertiesSign
- .get(SAML_ENGINE_SIGN_CLASS));
-
- try {
- LOG.info("Initialize module of sign.");
- signer.init(propertiesSign.get(SAML_ENGINE_FILE_CONF));
- LOG.info("Load cryptographic service provider of module of sign.");
- signer.loadCryptServiceProvider();
- } catch (SAMLEngineException e) {
- LOG.error("Error create signature module: "
- + propertiesSign.get(SAML_ENGINE_FILE_CONF));
- LOG.info("Exception" + e);
- throw new STORKSAMLEngineException(e);
- }
- }
-
- /**
- * Gets the Signer properties.
- *
- * @return the SAML Sign properties
- */
- protected SAMLEngineSignI getSigner() {
- return signer;
- }
-
- /**
- * Gets the SAML core properties.
- *
- * @return the SAML core properties
- */
- protected final STORKSAMLCore getSamlCoreProperties() {
- return samlCore;
- }
-
- /**
- * Method that transform the received SAML object into a byte array
- * representation.
- *
- * @param samlToken the SAML token.
- *
- * @return the byte[] of the SAML token.
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- private byte[] marshall(final XMLObject samlToken)
- throws SAMLEngineException {
-
- try {
- javax.xml.parsers.DocumentBuilder docBuilder = null;
-
- final MarshallerFactory marshallerFactory = Configuration
- .getMarshallerFactory();
-
- final Marshaller marshaller;
- if (samlToken.getElementQName().toString().endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
- marshaller = new CustomAttributeQueryMarshaller();
- else
- marshaller = marshallerFactory
- .getMarshaller(samlToken);
-
- docBuilder = dbf.newDocumentBuilder();
-
- final Document doc = docBuilder.newDocument();
-
- marshaller.marshall(samlToken, doc);
-
- // Obtain a byte array representation of the marshalled SAML object
- final DOMSource domSource = new DOMSource(doc);
- final StringWriter writer = new StringWriter();
- final StreamResult result = new StreamResult(writer);
- final TransformerFactory transFactory = TransformerFactory
- .newInstance();
- Transformer transformer;
-
- transformer = transFactory.newTransformer();
- transformer.transform(domSource, result);
- LOG.debug("SAML request \n"+ writer.toString());
- return writer.toString().getBytes(CHARACTER_ENCODING);
-
- } catch (ParserConfigurationException e) {
- LOG.error("ParserConfigurationException.");
- throw new SAMLEngineException(e);
- } catch (MarshallingException e) {
- LOG.error("MarshallingException.");
- throw new SAMLEngineException(e);
- } catch (TransformerConfigurationException e) {
- LOG.error("TransformerConfigurationException.");
- throw new SAMLEngineException(e);
- } catch (TransformerException e) {
- LOG.error("TransformerException.");
- throw new SAMLEngineException(e);
- } catch (UnsupportedEncodingException e) {
- LOG.error("UnsupportedEncodingException: " + CHARACTER_ENCODING);
- throw new SAMLEngineException(e);
- }
- }
-
- /**
- * Method that signs a SAML Token.
- *
- * @param tokenSaml the token SAML
- *
- * @return the SAML object sign
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- private SignableSAMLObject sign(final SignableSAMLObject tokenSaml)
- throws SAMLEngineException {
- LOG.debug("Sign SamlToken.");
- signer.sign(tokenSaml);
- return tokenSaml;
- }
-
- /**
- * Sign and transform to byte array.
- *
- * @param samlToken the SAML token
- *
- * @return the byte[] of the SAML token
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- protected final byte[] signAndMarshall(final SignableSAMLObject samlToken)
- throws SAMLEngineException {
- LOG.debug("Marshall Saml Token.");
- SignableSAMLObject signElement = sign(samlToken);
- return marshall(signElement);
- }
-
- /**
- * Method that unmarshalls a SAML Object from a byte array representation to
- * an XML Object.
- *
- * @param samlToken Byte array representation of a SAML Object
- *
- * @return XML Object (superclass of SAMLObject)
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- protected final XMLObject unmarshall(final byte[] samlToken)
- throws SAMLEngineException {
- try {
- // Get parser pool manager
- final BasicParserPool ppMgr = new BasicParserPool();
- // Note: this is necessary due to an unresolved Xerces deferred DOM
- // issue/bug
- final HashMap<String, Boolean> features = new HashMap<String, Boolean>();
- features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
- ppMgr.setBuilderFeatures(features);
-
- ppMgr.setNamespaceAware(true);
-
- // Parse SAMLToken
- Document document = ppMgr.parse(new ByteArrayInputStream(samlToken));
- if (document != null){
- final Element root = document.getDocumentElement();
- // Get appropriate unmarshaller
- final UnmarshallerFactory unmarshallerFact = Configuration.getUnmarshallerFactory();
- // Unmarshall using the SAML Token root element
- if (unmarshallerFact != null && root != null){
- final Unmarshaller unmarshaller;
- if (root.getLocalName().equals(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
- unmarshaller = new CustomAttributeQueryUnmarshaller();
- else
- unmarshaller = unmarshallerFact.getUnmarshaller(root);
- try {
- return unmarshaller.unmarshall(root);
- } catch (NullPointerException e){
- LOG.error("Error element tag incomplet or null.");
- throw new SAMLEngineException("NullPointerException", e);
- }
- } else {
- LOG.error("Error element tag incomplet or null.");
- throw new SAMLEngineException("NullPointerException : unmarshallerFact or root is null");
- }
- } else {
- LOG.error("Error element tag incomplet or null.");
- throw new SAMLEngineException("NullPointerException : document is null");
- }
- } catch (XMLParserException e) {
- LOG.error("XML Parsing Error.", e);
- throw new SAMLEngineException(e);
- } catch (UnmarshallingException e) {
- LOG.error("TransformerException.", e);
- throw new SAMLEngineException(e);
- } catch (NullPointerException e) {
- LOG.error("Error element tag incomplet or null.", e);
- throw new SAMLEngineException(e);
- }
- }
-
- /**
- * Method that validates an XML Signature contained in a SAML Token.
- *
- * @param samlToken the SAML token
- *
- * @return the SAML object
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- protected final SAMLObject validateSignature(
- final SignableSAMLObject samlToken) throws SAMLEngineException {
-
- LOG.info("Validate Signature");
- signer.validateSignature(samlToken);
-
- return samlToken;
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine;
+
+import java.io.ByteArrayInputStream;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.xml.XMLConstants;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.opensaml.Configuration;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallerFactory;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.parse.XMLParserException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.auth.engine.core.STORKSAMLCore;
+import eu.stork.peps.auth.engine.core.impl.CustomAttributeQueryMarshaller;
+import eu.stork.peps.auth.engine.core.impl.CustomAttributeQueryUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.SignModuleFactory;
+import eu.stork.peps.configuration.ConfigurationCreator;
+import eu.stork.peps.configuration.ConfigurationReader;
+import eu.stork.peps.configuration.InstanceEngine;
+import eu.stork.peps.exceptions.SAMLEngineException;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
+
+/**
+ * Class that wraps the operations over SAML tokens, both generation and
+ * validation of SAML requests and SAML responses. Compliant with "OASIS Secure
+ * Assertion Markup Language (SAML) 2.0, May 2005", but taking into account
+ * STORK specific requirements.
+ *
+ * @author fjquevedo
+ * @author iinigo
+ */
+
+public class SAMLEngine {
+
+ /** The Document Builder Factory. */
+ private static javax.xml.parsers.DocumentBuilderFactory dbf = null;
+
+ /** The instance of every engine SAML. */
+ private static Map<String, InstanceEngine> instanceConfigs;
+
+ /** The instances of SAML engine. */
+ private static Map<String, Map<String, Object>> instances;
+
+ /** The logger. */
+ private static final Logger LOG = LoggerFactory.getLogger(SAMLEngine.class
+ .getName());
+
+ /** The Constant MODULE_SIGN_CONF. */
+ private static final String MODULE_SIGN_CONF = "SignatureConf";
+
+ /** The Constant SAML_ENGINE_SIGN_CLASS. */
+ private static final String SAML_ENGINE_SIGN_CLASS = "class";
+
+ /** The Constant SAML_ENGINE_CONF. */
+ private static final String SAML_ENGINE_CONF = "SamlEngineConf";
+
+ /** The Constant SAML_ENGINE_FILE_CONF. */
+ private static final String SAML_ENGINE_FILE_CONF = "fileConfiguration";
+
+ /** The codification of characters. */
+ private static final String CHARACTER_ENCODING = "UTF-8";
+
+ /** The SAML core. */
+ private STORKSAMLCore samlCore;
+
+ /** The Module of Signature. */
+ private SAMLEngineSignI signer;
+
+
+ /** Initializes the SAML engine. */
+ /** Configure Document Builder Factory. */
+
+ static {
+ startUp();
+ loadDocumentFactory();
+ }
+
+ /**
+ * Load document factory.
+ */
+ private static void loadDocumentFactory() {
+ try {
+ dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance();
+ dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ dbf.setNamespaceAware(true);
+ dbf.setIgnoringComments(true);
+ } catch (ParserConfigurationException e) {
+ LOG.error("Error parser configuration.");
+ throw new STORKSAMLEngineRuntimeException(e);
+ }
+ }
+
+ /**
+ * Method that initializes the basic services for the SAML Engine, like the
+ * OpenSAML library and the BouncyCastle provider.
+ */
+ private static void startUp() {
+
+ LOG.info("SAMLEngine: Initialize OpenSAML");
+
+
+
+/* Commented because it makes a problems with PVP2 MOA-ID
+ try {
+ DefaultBootstrap.bootstrap();
+ } catch (ConfigurationException e) {
+ LOG.error("Problem initializing the OpenSAML library.");
+ throw new STORKSAMLEngineRuntimeException(e);
+ }
+*/
+
+ LOG.debug("Read all file configurations. (instances of SAMLEngine)");
+ try {
+ instanceConfigs = ConfigurationReader.readConfiguration();
+ } catch (SAMLEngineException e) {
+ LOG.error("Error read configuration file.");
+ throw new STORKSAMLEngineRuntimeException(e);
+ }
+
+ LOG.debug("Create all instances of saml engine. (instances of SAMLEngine)");
+ try {
+ instances = ConfigurationCreator
+ .createConfiguration(instanceConfigs);
+ } catch (STORKSAMLEngineException e) {
+ LOG.error("Error initializing instances from Stork SAML engine.");
+ throw new STORKSAMLEngineRuntimeException(e);
+ }
+ }
+
+ /**
+ * Instantiates a new SAML engine.
+ *
+ * @param nameInstance the name instance
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ protected SAMLEngine(final String nameInstance)
+ throws STORKSAMLEngineException {
+ LOG.info("Loading Specific Configuration.");
+
+ LOG.debug("Create intance of saml messages.");
+
+ Map<String, Object> instance = instances.get(nameInstance);
+
+ if (instance == null || instance.isEmpty()) {
+ LOG.error("Instance: " + nameInstance + " not exist.");
+ throw new STORKSAMLEngineException("Instance: " + nameInstance
+ + " not exist.");
+ }
+
+ Properties properties = (Properties) instance.get(SAML_ENGINE_CONF);
+
+ if (properties == null) {
+ LOG.error("SamlEngine.xml: not exist.");
+ throw new STORKSAMLEngineException("SamlEngine.xml: not exist.");
+ }
+
+ samlCore = new STORKSAMLCore(properties);
+
+ final HashMap<String, String> propertiesSign = (HashMap<String, String>) instance
+ .get(MODULE_SIGN_CONF);
+
+ LOG.debug("Loading Module of sign.");
+ signer = SignModuleFactory.getInstance(propertiesSign
+ .get(SAML_ENGINE_SIGN_CLASS));
+
+ try {
+ LOG.info("Initialize module of sign.");
+ signer.init(propertiesSign.get(SAML_ENGINE_FILE_CONF));
+ LOG.info("Load cryptographic service provider of module of sign.");
+ signer.loadCryptServiceProvider();
+ } catch (SAMLEngineException e) {
+ LOG.error("Error create signature module: "
+ + propertiesSign.get(SAML_ENGINE_FILE_CONF));
+ LOG.info("Exception" + e);
+ throw new STORKSAMLEngineException(e);
+ }
+ }
+
+ /**
+ * Gets the Signer properties.
+ *
+ * @return the SAML Sign properties
+ */
+ protected SAMLEngineSignI getSigner() {
+ return signer;
+ }
+
+ /**
+ * Gets the SAML core properties.
+ *
+ * @return the SAML core properties
+ */
+ protected final STORKSAMLCore getSamlCoreProperties() {
+ return samlCore;
+ }
+
+ /**
+ * Method that transform the received SAML object into a byte array
+ * representation.
+ *
+ * @param samlToken the SAML token.
+ *
+ * @return the byte[] of the SAML token.
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ private byte[] marshall(final XMLObject samlToken)
+ throws SAMLEngineException {
+
+ try {
+ javax.xml.parsers.DocumentBuilder docBuilder = null;
+
+ final MarshallerFactory marshallerFactory = Configuration
+ .getMarshallerFactory();
+
+ final Marshaller marshaller;
+ if (samlToken.getElementQName().toString().endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
+ marshaller = new CustomAttributeQueryMarshaller();
+ else
+ marshaller = marshallerFactory
+ .getMarshaller(samlToken);
+
+ docBuilder = dbf.newDocumentBuilder();
+
+ final Document doc = docBuilder.newDocument();
+
+ marshaller.marshall(samlToken, doc);
+
+ // Obtain a byte array representation of the marshalled SAML object
+ final DOMSource domSource = new DOMSource(doc);
+ final StringWriter writer = new StringWriter();
+ final StreamResult result = new StreamResult(writer);
+ final TransformerFactory transFactory = TransformerFactory
+ .newInstance();
+ Transformer transformer;
+
+ transformer = transFactory.newTransformer();
+ transformer.transform(domSource, result);
+ LOG.debug("SAML request \n"+ writer.toString());
+ return writer.toString().getBytes(CHARACTER_ENCODING);
+
+ } catch (ParserConfigurationException e) {
+ LOG.error("ParserConfigurationException.");
+ throw new SAMLEngineException(e);
+ } catch (MarshallingException e) {
+ LOG.error("MarshallingException.");
+ throw new SAMLEngineException(e);
+ } catch (TransformerConfigurationException e) {
+ LOG.error("TransformerConfigurationException.");
+ throw new SAMLEngineException(e);
+ } catch (TransformerException e) {
+ LOG.error("TransformerException.");
+ throw new SAMLEngineException(e);
+ } catch (UnsupportedEncodingException e) {
+ LOG.error("UnsupportedEncodingException: " + CHARACTER_ENCODING);
+ throw new SAMLEngineException(e);
+ }
+ }
+
+ /**
+ * Method that signs a SAML Token.
+ *
+ * @param tokenSaml the token SAML
+ *
+ * @return the SAML object sign
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ private SignableSAMLObject sign(final SignableSAMLObject tokenSaml)
+ throws SAMLEngineException {
+ LOG.debug("Sign SamlToken.");
+ signer.sign(tokenSaml);
+ return tokenSaml;
+ }
+
+ /**
+ * Sign and transform to byte array.
+ *
+ * @param samlToken the SAML token
+ *
+ * @return the byte[] of the SAML token
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ protected final byte[] signAndMarshall(final SignableSAMLObject samlToken)
+ throws SAMLEngineException {
+ LOG.debug("Marshall Saml Token.");
+ SignableSAMLObject signElement = sign(samlToken);
+ return marshall(signElement);
+ }
+
+ /**
+ * Method that unmarshalls a SAML Object from a byte array representation to
+ * an XML Object.
+ *
+ * @param samlToken Byte array representation of a SAML Object
+ *
+ * @return XML Object (superclass of SAMLObject)
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ protected final XMLObject unmarshall(final byte[] samlToken)
+ throws SAMLEngineException {
+ try {
+ // Get parser pool manager
+ final BasicParserPool ppMgr = new BasicParserPool();
+ // Note: this is necessary due to an unresolved Xerces deferred DOM
+ // issue/bug
+ final HashMap<String, Boolean> features = new HashMap<String, Boolean>();
+ features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+ ppMgr.setBuilderFeatures(features);
+
+ ppMgr.setNamespaceAware(true);
+
+ // Parse SAMLToken
+ Document document = ppMgr.parse(new ByteArrayInputStream(samlToken));
+ if (document != null){
+ final Element root = document.getDocumentElement();
+ // Get appropriate unmarshaller
+ final UnmarshallerFactory unmarshallerFact = Configuration.getUnmarshallerFactory();
+ // Unmarshall using the SAML Token root element
+ if (unmarshallerFact != null && root != null){
+ final Unmarshaller unmarshaller;
+ if (root.getLocalName().equals(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
+ unmarshaller = new CustomAttributeQueryUnmarshaller();
+ else
+ unmarshaller = unmarshallerFact.getUnmarshaller(root);
+ try {
+ return unmarshaller.unmarshall(root);
+ } catch (NullPointerException e){
+ LOG.error("Error element tag incomplet or null.");
+ throw new SAMLEngineException("NullPointerException", e);
+ }
+ } else {
+ LOG.error("Error element tag incomplet or null.");
+ throw new SAMLEngineException("NullPointerException : unmarshallerFact or root is null");
+ }
+ } else {
+ LOG.error("Error element tag incomplet or null.");
+ throw new SAMLEngineException("NullPointerException : document is null");
+ }
+ } catch (XMLParserException e) {
+ LOG.error("XML Parsing Error.", e);
+ throw new SAMLEngineException(e);
+ } catch (UnmarshallingException e) {
+ LOG.error("TransformerException.", e);
+ throw new SAMLEngineException(e);
+ } catch (NullPointerException e) {
+ LOG.error("Error element tag incomplet or null.", e);
+ throw new SAMLEngineException(e);
+ }
+ }
+
+ /**
+ * Method that validates an XML Signature contained in a SAML Token.
+ *
+ * @param samlToken the SAML token
+ *
+ * @return the SAML object
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ protected final SAMLObject validateSignature(
+ final SignableSAMLObject samlToken) throws SAMLEngineException {
+
+ LOG.info("Validate Signature");
+ signer.validateSignature(samlToken);
+
+ return samlToken;
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngineUtils.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngineUtils.java
index c77cc700a..1efbb8b32 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngineUtils.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngineUtils.java
@@ -1,885 +1,833 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.commons.lang.StringUtils;
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.common.impl.ExtensionsBuilder;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.core.SubjectLocality;
-import org.opensaml.saml2.core.impl.AssertionBuilder;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSAny;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.signature.KeyInfo;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-import eu.stork.peps.auth.engine.core.RequestedAttribute;
-import eu.stork.peps.auth.engine.core.SAMLCore;
-import eu.stork.peps.auth.engine.core.SPApplication;
-import eu.stork.peps.auth.engine.core.SPCountry;
-import eu.stork.peps.auth.engine.core.SPInstitution;
-import eu.stork.peps.auth.engine.core.SPSector;
-import eu.stork.peps.auth.engine.core.impl.CustomAttributeQueryBuilder;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
-
-/**
- * The Class SAMLEngineUtils.
- *
- * @author fjquevedo
- * @author iinigo
- */
-public final class SAMLEngineUtils {
-
- /** The Constant UTF_8. */
- public static final String UTF_8 = "UTF-8";
-
- /** The Constant SHA_512. */
- public static final String SHA_512 = "SHA-512";
-
-
- /** The generator. */
- private static SecureRandomIdentifierGenerator generator;
-
- /** The Constant LOG. */
- private static final Logger LOG = LoggerFactory
- .getLogger(SAMLEngineUtils.class.getName());
-
- /**
- * Method that generates a random value according to NCName grammar.
- *
- * NCName ::= NCNameStartChar NCNameChar* NCNameChar ::= NameChar - ':'
- * NCNameStartChar ::= Letter | '_' NameStartChar ::= ":" | [A-Z] | "_" |
- * [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF] | [#x370-#x37D] |
- * [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F] | [#x2C00-#x2FEF] |
- * [#x3001-#xD7FF] | [#xF900-#xFDCF] | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]
- * NameChar ::= NameStartChar | "-" | "." | [0-9] | #xB7 | [#x0300-#x036F] |
- * [#x203F-#x2040] Name ::= NameStartChar (NameChar)* Letter ::= BaseChar |
- * Ideographic BaseChar ::= [#x0041-#x005A] | [#x0061-#x007A] |
- * [#x00C0-#x00D6] | [#x00D8-#x00F6] | [#x00F8-#x00FF] | [#x0100-#x0131] |
- * [#x0134-#x013E] | [#x0141-#x0148] | [#x014A-#x017E] | [#x0180-#x01C3] |
- * [#x01CD-#x01F0] | [#x01F4-#x01F5] | [#x01FA-#x0217] | [#x0250-#x02A8] |
- * [#x02BB-#x02C1] | #x0386 | [#x0388-#x038A] | #x038C | [#x038E-#x03A1] |
- * [#x03A3-#x03CE] | [#x03D0-#x03D6] | #x03DA | #x03DC | #x03DE | #x03E0 |
- * [#x03E2-#x03F3] | [#x0401-#x040C] | [#x040E-#x044F] | [#x0451-#x045C] |
- * [#x045E-#x0481] | [#x0490-#x04C4] | [#x04C7-#x04C8] | [#x04CB-#x04CC] |
- * [#x04D0-#x04EB] | [#x04EE-#x04F5] | [#x04F8-#x04F9] | [#x0531-#x0556] |
- * #x0559 | [#x0561-#x0586] | [#x05D0-#x05EA] | [#x05F0-#x05F2] |
- * [#x0621-#x063A] | [#x0641-#x064A] | [#x0671-#x06B7] | [#x06BA-#x06BE] |
- * [#x06C0-#x06CE] | [#x06D0-#x06D3] | #x06D5 | [#x06E5-#x06E6] |
- * [#x0905-#x0939] | #x093D | [#x0958-#x0961] | [#x0985-#x098C] |
- * [#x098F-#x0990] | [#x0993-#x09A8] | [#x09AA-#x09B0] | #x09B2 |
- * [#x09B6-#x09B9] | [#x09DC-#x09DD] | [#x09DF-#x09E1] | [#x09F0-#x09F1] |
- * [#x0A05-#x0A0A] | [#x0A0F-#x0A10] | [#x0A13-#x0A28] | [#x0A2A-#x0A30] |
- * [#x0A32-#x0A33] | [#x0A35-#x0A36] | [#x0A38-#x0A39] | [#x0A59-#x0A5C] |
- * #x0A5E | [#x0A72-#x0A74] | [#x0A85-#x0A8B] | #x0A8D | [#x0A8F-#x0A91] |
- * [#x0A93-#x0AA8] | [#x0AAA-#x0AB0] | [#x0AB2-#x0AB3] | [#x0AB5-#x0AB9] |
- * #x0ABD | #x0AE0 | [#x0B05-#x0B0C] | [#x0B0F-#x0B10] | [#x0B13-#x0B28] |
- * [#x0B2A-#x0B30] | [#x0B32-#x0B33] | [#x0B36-#x0B39] | #x0B3D |
- * [#x0B5C-#x0B5D] | [#x0B5F-#x0B61] | [#x0B85-#x0B8A] | [#x0B8E-#x0B90] |
- * [#x0B92-#x0B95] | [#x0B99-#x0B9A] | #x0B9C | [#x0B9E-#x0B9F] |
- * [#x0BA3-#x0BA4] | [#x0BA8-#x0BAA] | [#x0BAE-#x0BB5] | [#x0BB7-#x0BB9] |
- * [#x0C05-#x0C0C] | [#x0C0E-#x0C10] | [#x0C12-#x0C28] | [#x0C2A-#x0C33] |
- * [#x0C35-#x0C39] | [#x0C60-#x0C61] | [#x0C85-#x0C8C] | [#x0C8E-#x0C90] |
- * [#x0C92-#x0CA8] | [#x0CAA-#x0CB3] | [#x0CB5-#x0CB9] | #x0CDE |
- * [#x0CE0-#x0CE1] | [#x0D05-#x0D0C] | [#x0D0E-#x0D10] | [#x0D12-#x0D28] |
- * [#x0D2A-#x0D39] | [#x0D60-#x0D61] | [#x0E01-#x0E2E] | #x0E30 |
- * [#x0E32-#x0E33] | [#x0E40-#x0E45] | [#x0E81-#x0E82] | #x0E84 |
- * [#x0E87-#x0E88] | #x0E8A | #x0E8D | [#x0E94-#x0E97] | [#x0E99-#x0E9F] |
- * [#x0EA1-#x0EA3] | #x0EA5 | #x0EA7 | [#x0EAA-#x0EAB] | [#x0EAD-#x0EAE] |
- * #x0EB0 | [#x0EB2-#x0EB3] | #x0EBD | [#x0EC0-#x0EC4] | [#x0F40-#x0F47] |
- * [#x0F49-#x0F69] | [#x10A0-#x10C5] | [#x10D0-#x10F6] | #x1100 |
- * [#x1102-#x1103] | [#x1105-#x1107] | #x1109 | [#x110B-#x110C] |
- * [#x110E-#x1112] | #x113C | #x113E | #x1140 | #x114C | #x114E | #x1150 |
- * [#x1154-#x1155] | #x1159 | [#x115F-#x1161] | #x1163 | #x1165 | #x1167 |
- * #x1169 | [#x116D-#x116E] | [#x1172-#x1173] | #x1175 | #x119E | #x11A8 |
- * #x11AB | [#x11AE-#x11AF] | [#x11B7-#x11B8] | #x11BA | [#x11BC-#x11C2] |
- * #x11EB | #x11F0 | #x11F9 | [#x1E00-#x1E9B] | [#x1EA0-#x1EF9] |
- * [#x1F00-#x1F15] | [#x1F18-#x1F1D] | [#x1F20-#x1F45] | [#x1F48-#x1F4D] |
- * [#x1F50-#x1F57] | #x1F59 | #x1F5B | #x1F5D | [#x1F5F-#x1F7D] |
- * [#x1F80-#x1FB4] | [#x1FB6-#x1FBC] | #x1FBE | [#x1FC2-#x1FC4] |
- * [#x1FC6-#x1FCC] | [#x1FD0-#x1FD3] | [#x1FD6-#x1FDB] | [#x1FE0-#x1FEC] |
- * [#x1FF2-#x1FF4] | [#x1FF6-#x1FFC] | #x2126 | [#x212A-#x212B] | #x212E |
- * [#x2180-#x2182] | [#x3041-#x3094] | [#x30A1-#x30FA] | [#x3105-#x312C] |
- * [#xAC00-#xD7A3] Ideographic ::= [#x4E00-#x9FA5] | #x3007 |
- * [#x3021-#x3029]
- *
- * @return Random ID value
- */
-
- //Initialization of a generator of identifiers for all token SAML.
-
- static {
- loadRandomIdentifierGenerator();
- }
-
-
- /**
- * Load random identifier generator.
- *
- *@throws STORKSAMLEngineRuntimeException the STORKSAML engine runtime exception
- */
- private static void loadRandomIdentifierGenerator() {
-
- try {
- generator = new SecureRandomIdentifierGenerator();
- } catch (NoSuchAlgorithmException ex) {
- LOG.error("Error init SecureRandomIdentifierGenerator", ex);
- throw new STORKSAMLEngineRuntimeException(ex);
- }
-
- }
-
- /**
- * Creates the SAML object.
- *
- * @param qname the QName
- *
- * @return the XML object
- */
- public static XMLObject createSamlObject(final QName qname) {
- if (qname.toString().endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
- {
- CustomAttributeQueryBuilder builder = new CustomAttributeQueryBuilder();
- return builder.buildObject(qname);
- }
- else
- {
- return Configuration.getBuilderFactory().getBuilder(qname).buildObject(
- qname);
- }
- }
-
- /**
- * Creates the SAML object.
- *
- * @param qname the quality name
- * @param qname1 the qname1
- *
- * @return the xML object
- */
- public static XMLObject createSamlObject(final QName qname,
- final QName qname1) {
- return Configuration.getBuilderFactory().getBuilder(qname1)
- .buildObject(qname, qname1);
- }
-
- /**
- * Encode value with an specific algorithm.
- *
- * @param value the value
- * @param alg the algorithm
- *
- * @return the string
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static String encode(final String value, final String alg)
- throws STORKSAMLEngineException {
- LOG.debug("Encode value with " + alg + " algorithm.");
- byte[] buffer;
-
- final StringBuffer hash = new StringBuffer("");
- try {
- buffer = value.getBytes(UTF_8);
- MessageDigest msgDig;
- msgDig = MessageDigest.getInstance(alg);
-
-
- msgDig.update(buffer);
- final byte[] digest = msgDig.digest();
-
- final int signedByte = 0xff;
- for (byte aux : digest) {
- final int byt = aux & signedByte;
- if (Integer.toHexString(byt).length() == 1) {
- hash.append('0');
- }
- hash.append(Integer.toHexString(byt));
- }
-
- } catch (UnsupportedEncodingException e1) {
- LOG.error("UnsupportedEncodingException: " + UTF_8);
- throw new STORKSAMLEngineException(e1);
- } catch (NoSuchAlgorithmException e) {
- LOG.error("NoSuchAlgorithmException: " + alg);
- throw new STORKSAMLEngineException(e);
- }
-
- return hash.toString();
- }
-
- /**
- * Generate assertion.
- *
- * @param version the version
- * @param identifier the identifier
- * @param issueInstant the issue instant
- * @param issuer the issuer
- *
- * @return the assertion
- */
- public static Assertion generateAssertion(final SAMLVersion version,
- final String identifier, final DateTime issueInstant,
- final Issuer issuer) {
- final AssertionBuilder assertionBuilder = new AssertionBuilder();
- final Assertion assertion = assertionBuilder.buildObject();
- assertion.setVersion(version);
- assertion.setID(identifier);
- assertion.setIssueInstant(issueInstant);
-
- // <saml:Issuer>
- assertion.setIssuer(issuer);
- return assertion;
- }
-
- /**
- * Generate authentication statement.
- *
- * @param authnInstant the authentication instant
- * @param authnContext the authentication context
- *
- * @return the authentication statement
- */
- public static AuthnStatement generateAthnStatement(final DateTime authnInstant,
- final AuthnContext authnContext) {
- // <saml:AuthnStatement>
- final AuthnStatement authnStatement = (AuthnStatement) SAMLEngineUtils
- .createSamlObject(AuthnStatement.DEFAULT_ELEMENT_NAME);
-
- authnStatement.setAuthnInstant(authnInstant);
- authnStatement.setAuthnContext(authnContext);
-
- return authnStatement;
- }
-
-
-
-
-
- /**
- * Generate attribute from a list of values.
- *
- * @param name the name of the attribute.
- * @param status the status of the parameter: "Available", "NotAvailable" or
- * "Withheld".
- * @param values the value of the attribute.
- * @param isHashing the is hashing with "SHA-512" algorithm.
- * @return the attribute
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static Attribute generateAttrComplex(final String name,
- final String status, final Map<String, String> values,
- final boolean isHashing) throws STORKSAMLEngineException {
- LOG.debug("Generate attribute complex: " + name);
- final Attribute attribute = (Attribute) SAMLEngineUtils
- .createSamlObject(Attribute.DEFAULT_ELEMENT_NAME);
-
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
-
- attribute.getUnknownAttributes().put(
- new QName(SAMLCore.STORK10_NS.getValue(), "AttributeStatus",
- SAMLCore.STORK10_PREFIX.getValue()), status);
-
- if (!values.isEmpty()) {
- LOG.debug("Add attribute values.");
-
- // Create an attribute that contains all XSAny elements.
- final XSAny attrValue = (XSAny) SAMLEngineUtils.createSamlObject(
- AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
-
- final Iterator<Entry<String, String>> iterator = values.entrySet()
- .iterator();
- while (iterator.hasNext()) {
- final Map.Entry<String, String> pairs = iterator.next();
-
- final String value = pairs.getValue();
-
- if (StringUtils.isNotBlank(value)) {
- // Create the attribute statement
- final XSAny attrValueSimple = (XSAny) SAMLEngineUtils
- .createSamlObject(new QName(SAMLCore.STORK10_NS.getValue(),
- pairs.getKey().toString(),
- SAMLCore.STORK10_PREFIX.getValue()), XSAny.TYPE_NAME);
-
- // if it's necessary encode the information.
- if (isHashing) {
- attrValueSimple
- .setTextContent(encode(value, SHA_512));
- } else {
- attrValueSimple.setTextContent(value);
- }
-
- attrValue.getUnknownXMLObjects().add(attrValueSimple);
- attribute.getAttributeValues().add(attrValue);
- }
- }
-
- }
- return attribute;
- }
-
- /**
- * Generate extension.
- *
- * @return the extensions
- */
- public static Extensions generateExtension() {
- final ExtensionsBuilder extensionsBuilder = new ExtensionsBuilder();
- return extensionsBuilder.buildObject(
- "urn:oasis:names:tc:SAML:2.0:protocol", "Extensions", "saml2p");
- }
-
-
-
-
- /**
- * Generate issuer.
- *
- * @return the issuer
- */
- public static Issuer generateIssuer() {
- return (Issuer) SAMLEngineUtils
- .createSamlObject(Issuer.DEFAULT_ELEMENT_NAME);
- }
-
- /**
- * Generate key info.
- *
- * @return the key info
- */
- public static KeyInfo generateKeyInfo() {
- return (KeyInfo) SAMLEngineUtils
- .createSamlObject(KeyInfo.DEFAULT_ELEMENT_NAME);
- }
-
- /**
- * Generate name id.
- *
- * @return the name id
- */
- public static NameID generateNameID() {
- return (NameID) SAMLEngineUtils
- .createSamlObject(NameID.DEFAULT_ELEMENT_NAME);
- }
-
- /**
- * Generate name id.
- *
- * @param nameQualifier the name qualifier
- * @param format the format
- * @param spNameQualifier the sP name qualifier
- *
- * @return the name id
- */
- public static NameID generateNameID(final String nameQualifier,
- final String format, final String spNameQualifier) {
- // <saml:NameID>
- final NameID nameId = (NameID) Configuration.getBuilderFactory()
- .getBuilder(NameID.DEFAULT_ELEMENT_NAME).buildObject(
- NameID.DEFAULT_ELEMENT_NAME);
-
- // optional
- nameId.setNameQualifier(nameQualifier);
-
- // optional
- nameId.setFormat(format);
-
- // optional
- nameId.setSPNameQualifier(spNameQualifier);
-
- return nameId;
- }
-
- /**
- * Generate NCName.
- *
- * @return the string
- */
- public static String generateNCName() {
- return generator.generateIdentifier();
- }
-
-
- /**
- * Generate the quality authentication assurance level.
- *
- * @param qaal the level of quality authentication assurance.
- *
- * @return the quality authentication assurance attribute
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static QAAAttribute generateQAAAttribute(final int qaal)
- throws STORKSAMLEngineException {
- LOG.debug("Generate QAAAttribute.");
-
- final QAAAttribute qaaAttribute = (QAAAttribute) SAMLEngineUtils
- .createSamlObject(QAAAttribute.DEF_ELEMENT_NAME);
- qaaAttribute.setQaaLevel(String.valueOf(qaal));
- return qaaAttribute;
- }
-
- /**
- * Generate requested attribute.
- *
- * @param name the name
- * @param friendlyName the friendly name
- * @param isRequired the is required
- * @param value the value
- *
- * @return the requested attribute
- */
- public static RequestedAttribute generateReqAuthnAttributeSimple(
- final String name, final String friendlyName,
- final String isRequired, final List<String> value) {
- LOG.debug("Generate the requested attribute.");
-
- final RequestedAttribute requested = (RequestedAttribute) SAMLEngineUtils
- .createSamlObject(RequestedAttribute.DEF_ELEMENT_NAME);
- requested.setName(name);
- requested.setNameFormat(RequestedAttribute.URI_REFERENCE);
-
- requested.setFriendlyName(friendlyName);
-
- requested.setIsRequired(isRequired);
-
- // The value is optional in an authentication request.
- if (!value.isEmpty()) {
- for (int nextValue = 0; nextValue < value.size(); nextValue++) {
- final String valor = value.get(nextValue);
- if (StringUtils.isNotBlank(valor)) {
-
- if(!name.equals("http://www.stork.gov.eu/1.0/signedDoc")){
-
- // Create the attribute statement
- final XSAny attrValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- new QName(SAMLCore.STORK10_NS.getValue(),
- "AttributeValue",
- SAMLCore.STORK10_PREFIX.getValue()),
- XSAny.TYPE_NAME);
-
- attrValue.setTextContent(valor.trim());
- requested.getAttributeValues().add(attrValue);
-
- }else{
-
- DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
- domFactory.setNamespaceAware(true);
- Document document = null;
- DocumentBuilder builder;
-
- // Parse the signedDoc value into an XML DOM Document
- try {
- builder = domFactory.newDocumentBuilder();
- InputStream is;
- is = new ByteArrayInputStream(valor.trim().getBytes("UTF-8"));
- document = builder.parse(is);
- is.close();
- } catch (SAXException e1) {
- LOG.error("SAX Error while parsing signModule attribute", e1);
- throw new STORKSAMLEngineRuntimeException(e1);
- } catch (ParserConfigurationException e2) {
- LOG.error("Parser Configuration Error while parsing signModule attribute", e2);
- throw new STORKSAMLEngineRuntimeException(e2);
- } catch (UnsupportedEncodingException e3) {
- LOG.error("Unsupported encoding Error while parsing signModule attribute", e3);
- throw new STORKSAMLEngineRuntimeException(e3);
- } catch (IOException e4) {
- LOG.error("IO Error while parsing signModule attribute", e4);
- throw new STORKSAMLEngineRuntimeException(e4);
- }
-
- // Create the XML statement(this will be overwritten with the previous DOM structure)
- final XSAny xmlValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- new QName(SAMLCore.STORK10_NS.getValue(),
- "XMLValue",
- SAMLCore.STORK10_PREFIX.getValue()),
- XSAny.TYPE_NAME);
-
- //Set the signedDoc XML content to this element
- xmlValue.setDOM(document.getDocumentElement());
-
- // Create the attribute statement
- final XSAny attrValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- new QName(SAMLCore.STORK10_NS.getValue(),
- "AttributeValue",
- SAMLCore.STORK10_PREFIX.getValue()),
- XSAny.TYPE_NAME);
-
- //Add previous signedDocXML to the AttributeValue Element
- attrValue.getUnknownXMLObjects().add(xmlValue);
-
- requested.getAttributeValues().add(attrValue);
- }
-
-
- }
- }
- }
-
- return requested;
- }
-
- /**
- * Generate response.
- *
- * @param version the version
- * @param identifier the identifier
- * @param issueInstant the issue instant
- * @param status the status
- *
- * @return the response
- */
- public static Response generateResponse(final SAMLVersion version,
- final String identifier, final DateTime issueInstant,
- final Status status) {
- final Response response = (Response) SAMLEngineUtils
- .createSamlObject(Response.DEFAULT_ELEMENT_NAME);
- response.setID(identifier);
- response.setIssueInstant(issueInstant);
- response.setStatus(status);
- return response;
- }
-
- /**
- * Method that generates a SAML Authentication Request basing on the
- * provided information.
- *
- * @param identifier the identifier
- * @param version the version
- * @param issueInstant the issue instant
- *
- * @return the authentication request
- */
- public static AuthnRequest generateSAMLAuthnRequest(final String identifier,
- final SAMLVersion version, final DateTime issueInstant) {
- LOG.debug("Generate basic authentication request.");
- final AuthnRequest authnRequest = (AuthnRequest) SAMLEngineUtils
- .createSamlObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
-
- authnRequest.setID(identifier);
- authnRequest.setVersion(version);
- authnRequest.setIssueInstant(issueInstant);
- return authnRequest;
- }
-
- /*public static AttributeQuery generateSAMLAttrQueryRequest(final String identifier,
- final SAMLVersion version, final DateTime issueInstant) {
- LOG.debug("Generate attribute query request.");
- final AttributeQuery attrQueryRequest = (AttributeQuery) SAMLEngineUtils
- .createSamlObject(AttributeQuery.DEFAULT_ELEMENT_NAME);
-
- attrQueryRequest.setID(identifier);
- attrQueryRequest.setVersion(version);
- attrQueryRequest.setIssueInstant(issueInstant);
- return attrQueryRequest;
- }*/
-
- public static CustomAttributeQuery generateSAMLAttrQueryRequest(final String identifier,
- final SAMLVersion version, final DateTime issueInstant) {
- LOG.debug("Generate attribute query request.");
- final CustomAttributeQuery attrQueryRequest = (CustomAttributeQuery) SAMLEngineUtils
- .createSamlObject(CustomAttributeQuery.DEFAULT_ELEMENT_NAME);
-
- attrQueryRequest.setID(identifier);
- attrQueryRequest.setVersion(version);
- attrQueryRequest.setIssueInstant(issueInstant);
- return attrQueryRequest;
- }
-
- public static LogoutRequest generateSAMLLogoutRequest(final String identifier,
- final SAMLVersion version, final DateTime issueInstant) {
- LOG.debug("Generate logout request.");
- final LogoutRequest logoutRequest = (LogoutRequest)SAMLEngineUtils.
- createSamlObject(LogoutRequest.DEFAULT_ELEMENT_NAME);
-
-
- logoutRequest.setID(identifier);
- logoutRequest.setVersion(version);
- logoutRequest.setIssueInstant(issueInstant);
- return logoutRequest;
- }
-
- public static LogoutResponse generateSAMLLogoutResponse(final String identifier,
- final SAMLVersion version, final DateTime issueInstant,
- final Status status, final String inResponseTo) {
- LOG.debug("Generate logout response.");
- final LogoutResponse logoutResponse = (LogoutResponse)SAMLEngineUtils.
- createSamlObject(LogoutResponse.DEFAULT_ELEMENT_NAME);
-
- logoutResponse.setInResponseTo(inResponseTo);
- logoutResponse.setStatus(status);
- logoutResponse.setID(identifier);
- logoutResponse.setVersion(version);
- logoutResponse.setIssueInstant(issueInstant);
- return logoutResponse;
- }
-
- /**
- * Generate service provider application.
- *
- * @param spApplication the service provider application
- *
- * @return the sP application
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static SPApplication generateSPApplication(final String spApplication)
- throws STORKSAMLEngineException {
- LOG.debug("Generate SPApplication.");
-
- final SPApplication applicationAttr = (SPApplication) SAMLEngineUtils
- .createSamlObject(SPApplication.DEF_ELEMENT_NAME);
- applicationAttr.setSPApplication(spApplication);
- return applicationAttr;
- }
-
- /**
- * Generate service provider country.
- *
- * @param spCountry the service provider country
- *
- * @return the service provider country
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static SPCountry generateSPCountry(final String spCountry)
- throws STORKSAMLEngineException {
- LOG.debug("Generate SPApplication.");
-
- final SPCountry countryAttribute = (SPCountry) SAMLEngineUtils
- .createSamlObject(SPCountry.DEF_ELEMENT_NAME);
- countryAttribute.setSPCountry(spCountry);
- return countryAttribute;
- }
-
- /**
- * Generate service provider institution.
- *
- * @param spInstitution the service provider institution
- *
- * @return the service provider institution
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static SPInstitution generateSPInstitution(final String spInstitution)
- throws STORKSAMLEngineException {
- LOG.debug("Generate SPInstitution.");
-
- final SPInstitution institutionAttr = (SPInstitution) SAMLEngineUtils
- .createSamlObject(SPInstitution.DEF_ELEMENT_NAME);
- institutionAttr.setSPInstitution(spInstitution);
- return institutionAttr;
- }
-
- /**
- * Generate service provider sector.
- *
- * @param spSector the service provider sector
- *
- * @return the service provider sector
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static SPSector generateSPSector(final String spSector)
- throws STORKSAMLEngineException {
- LOG.debug("Generate SPSector.");
-
- final SPSector sectorAttribute = (SPSector) SAMLEngineUtils
- .createSamlObject(SPSector.DEF_ELEMENT_NAME);
- sectorAttribute.setSPSector(spSector);
- return sectorAttribute;
- }
-
- /**
- * Generate status.
- *
- * @param statusCode the status code
- *
- * @return the status
- */
- public static Status generateStatus(final StatusCode statusCode) {
- final Status status = (Status) SAMLEngineUtils
- .createSamlObject(Status.DEFAULT_ELEMENT_NAME);
- status.setStatusCode(statusCode);
- return status;
- }
-
- /**
- * Generate status code.
- *
- * @param value the value
- *
- * @return the status code
- */
- public static StatusCode generateStatusCode(final String value) {
- final StatusCode statusCode = (StatusCode) SAMLEngineUtils
- .createSamlObject(StatusCode.DEFAULT_ELEMENT_NAME);
- statusCode.setValue(value);
- return statusCode;
- }
-
-
- /**
- * Generate status message.
- *
- * @param message the message
- *
- * @return the status message
- */
- public static StatusMessage generateStatusMessage(final String message) {
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .createSamlObject(StatusMessage.DEFAULT_ELEMENT_NAME);
- statusMessage.setMessage(message);
- return statusMessage;
- }
-
- /**
- * Generate subject.
- *
- * @return the subject
- */
- public static Subject generateSubject() {
- return (Subject) SAMLEngineUtils
- .createSamlObject(Subject.DEFAULT_ELEMENT_NAME);
- }
-
- /**
- * Generate subject confirmation.
- *
- * @param method the method
- * @param data the data
- *
- * @return the subject confirmation
- */
- public static SubjectConfirmation generateSubjectConfirmation(
- final String method, final SubjectConfirmationData data) {
- final SubjectConfirmation subjectConf = (SubjectConfirmation) Configuration
- .getBuilderFactory().getBuilder(
- SubjectConfirmation.DEFAULT_ELEMENT_NAME).buildObject(
- SubjectConfirmation.DEFAULT_ELEMENT_NAME);
-
- subjectConf.setMethod(method);
-
- subjectConf.setSubjectConfirmationData(data);
-
- return subjectConf;
- }
-
-
- /**
- * Generate subject confirmation data.
- *
- * @param notOnOrAfter the not on or after
- * @param recipient the recipient
- * @param inResponseTo the in response to
- *
- * @return the subject confirmation data
- */
- public static SubjectConfirmationData generateSubjectConfirmationData(
- final DateTime notOnOrAfter, final String recipient,
- final String inResponseTo) {
- final SubjectConfirmationData subjectConfData = (SubjectConfirmationData) SAMLEngineUtils
- .createSamlObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
- subjectConfData.setNotOnOrAfter(notOnOrAfter);
- subjectConfData.setRecipient(recipient);
- subjectConfData.setInResponseTo(inResponseTo);
- return subjectConfData;
- }
-
-
- /**
- * Generate subject locality.
- *
- * @param address the address
- *
- * @return the subject locality
- */
- public static SubjectLocality generateSubjectLocality(final String address) {
- final SubjectLocality subjectLocality = (SubjectLocality) SAMLEngineUtils
- .createSamlObject(SubjectLocality.DEFAULT_ELEMENT_NAME);
- subjectLocality.setAddress(address);
- return subjectLocality;
- }
-
-
-
-
- /**
- * Method that returns the current time.
- *
- * @return the current time
- */
- public static DateTime getCurrentTime() {
- return new DateTime();
- }
-
-
- /**
- * Instantiates a new SAML engine utilities.
- */
- private SAMLEngineUtils() {
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.lang.StringUtils;
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.saml2.common.Extensions;
+import org.opensaml.saml2.common.impl.ExtensionsBuilder;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.saml2.core.AuthnContext;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.core.SubjectLocality;
+import org.opensaml.saml2.core.impl.AssertionBuilder;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSAny;
+import org.opensaml.xml.signature.KeyInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+import eu.stork.peps.auth.engine.core.SAMLCore;
+import eu.stork.peps.auth.engine.core.SPApplication;
+import eu.stork.peps.auth.engine.core.SPCountry;
+import eu.stork.peps.auth.engine.core.SPInstitution;
+import eu.stork.peps.auth.engine.core.SPSector;
+import eu.stork.peps.auth.engine.core.impl.CustomAttributeQueryBuilder;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
+
+/**
+ * The Class SAMLEngineUtils.
+ *
+ * @author fjquevedo
+ * @author iinigo
+ *
+ */
+public final class SAMLEngineUtils {
+
+ /** The Constant UTF_8. */
+ public static final String UTF_8 = "UTF-8";
+
+ /** The Constant SHA_512. */
+ public static final String SHA_512 = "SHA-512";
+
+ /** The generator. */
+ private static SecureRandomIdentifierGenerator generator;
+
+ /** The Constant LOG. */
+ private static final Logger LOG = LoggerFactory
+ .getLogger(SAMLEngineUtils.class.getName());
+
+ /**
+ * Method that generates a random value according to NCName grammar.
+ *
+ * NCName ::= NCNameStartChar NCNameChar* NCNameChar ::= NameChar - ':'
+ * NCNameStartChar ::= Letter | '_' NameStartChar ::= ":" | [A-Z] | "_" |
+ * [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF] | [#x370-#x37D] |
+ * [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F] | [#x2C00-#x2FEF] |
+ * [#x3001-#xD7FF] | [#xF900-#xFDCF] | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]
+ * NameChar ::= NameStartChar | "-" | "." | [0-9] | #xB7 | [#x0300-#x036F] |
+ * [#x203F-#x2040] Name ::= NameStartChar (NameChar)* Letter ::= BaseChar |
+ * Ideographic BaseChar ::= [#x0041-#x005A] | [#x0061-#x007A] |
+ * [#x00C0-#x00D6] | [#x00D8-#x00F6] | [#x00F8-#x00FF] | [#x0100-#x0131] |
+ * [#x0134-#x013E] | [#x0141-#x0148] | [#x014A-#x017E] | [#x0180-#x01C3] |
+ * [#x01CD-#x01F0] | [#x01F4-#x01F5] | [#x01FA-#x0217] | [#x0250-#x02A8] |
+ * [#x02BB-#x02C1] | #x0386 | [#x0388-#x038A] | #x038C | [#x038E-#x03A1] |
+ * [#x03A3-#x03CE] | [#x03D0-#x03D6] | #x03DA | #x03DC | #x03DE | #x03E0 |
+ * [#x03E2-#x03F3] | [#x0401-#x040C] | [#x040E-#x044F] | [#x0451-#x045C] |
+ * [#x045E-#x0481] | [#x0490-#x04C4] | [#x04C7-#x04C8] | [#x04CB-#x04CC] |
+ * [#x04D0-#x04EB] | [#x04EE-#x04F5] | [#x04F8-#x04F9] | [#x0531-#x0556] |
+ * #x0559 | [#x0561-#x0586] | [#x05D0-#x05EA] | [#x05F0-#x05F2] |
+ * [#x0621-#x063A] | [#x0641-#x064A] | [#x0671-#x06B7] | [#x06BA-#x06BE] |
+ * [#x06C0-#x06CE] | [#x06D0-#x06D3] | #x06D5 | [#x06E5-#x06E6] |
+ * [#x0905-#x0939] | #x093D | [#x0958-#x0961] | [#x0985-#x098C] |
+ * [#x098F-#x0990] | [#x0993-#x09A8] | [#x09AA-#x09B0] | #x09B2 |
+ * [#x09B6-#x09B9] | [#x09DC-#x09DD] | [#x09DF-#x09E1] | [#x09F0-#x09F1] |
+ * [#x0A05-#x0A0A] | [#x0A0F-#x0A10] | [#x0A13-#x0A28] | [#x0A2A-#x0A30] |
+ * [#x0A32-#x0A33] | [#x0A35-#x0A36] | [#x0A38-#x0A39] | [#x0A59-#x0A5C] |
+ * #x0A5E | [#x0A72-#x0A74] | [#x0A85-#x0A8B] | #x0A8D | [#x0A8F-#x0A91] |
+ * [#x0A93-#x0AA8] | [#x0AAA-#x0AB0] | [#x0AB2-#x0AB3] | [#x0AB5-#x0AB9] |
+ * #x0ABD | #x0AE0 | [#x0B05-#x0B0C] | [#x0B0F-#x0B10] | [#x0B13-#x0B28] |
+ * [#x0B2A-#x0B30] | [#x0B32-#x0B33] | [#x0B36-#x0B39] | #x0B3D |
+ * [#x0B5C-#x0B5D] | [#x0B5F-#x0B61] | [#x0B85-#x0B8A] | [#x0B8E-#x0B90] |
+ * [#x0B92-#x0B95] | [#x0B99-#x0B9A] | #x0B9C | [#x0B9E-#x0B9F] |
+ * [#x0BA3-#x0BA4] | [#x0BA8-#x0BAA] | [#x0BAE-#x0BB5] | [#x0BB7-#x0BB9] |
+ * [#x0C05-#x0C0C] | [#x0C0E-#x0C10] | [#x0C12-#x0C28] | [#x0C2A-#x0C33] |
+ * [#x0C35-#x0C39] | [#x0C60-#x0C61] | [#x0C85-#x0C8C] | [#x0C8E-#x0C90] |
+ * [#x0C92-#x0CA8] | [#x0CAA-#x0CB3] | [#x0CB5-#x0CB9] | #x0CDE |
+ * [#x0CE0-#x0CE1] | [#x0D05-#x0D0C] | [#x0D0E-#x0D10] | [#x0D12-#x0D28] |
+ * [#x0D2A-#x0D39] | [#x0D60-#x0D61] | [#x0E01-#x0E2E] | #x0E30 |
+ * [#x0E32-#x0E33] | [#x0E40-#x0E45] | [#x0E81-#x0E82] | #x0E84 |
+ * [#x0E87-#x0E88] | #x0E8A | #x0E8D | [#x0E94-#x0E97] | [#x0E99-#x0E9F] |
+ * [#x0EA1-#x0EA3] | #x0EA5 | #x0EA7 | [#x0EAA-#x0EAB] | [#x0EAD-#x0EAE] |
+ * #x0EB0 | [#x0EB2-#x0EB3] | #x0EBD | [#x0EC0-#x0EC4] | [#x0F40-#x0F47] |
+ * [#x0F49-#x0F69] | [#x10A0-#x10C5] | [#x10D0-#x10F6] | #x1100 |
+ * [#x1102-#x1103] | [#x1105-#x1107] | #x1109 | [#x110B-#x110C] |
+ * [#x110E-#x1112] | #x113C | #x113E | #x1140 | #x114C | #x114E | #x1150 |
+ * [#x1154-#x1155] | #x1159 | [#x115F-#x1161] | #x1163 | #x1165 | #x1167 |
+ * #x1169 | [#x116D-#x116E] | [#x1172-#x1173] | #x1175 | #x119E | #x11A8 |
+ * #x11AB | [#x11AE-#x11AF] | [#x11B7-#x11B8] | #x11BA | [#x11BC-#x11C2] |
+ * #x11EB | #x11F0 | #x11F9 | [#x1E00-#x1E9B] | [#x1EA0-#x1EF9] |
+ * [#x1F00-#x1F15] | [#x1F18-#x1F1D] | [#x1F20-#x1F45] | [#x1F48-#x1F4D] |
+ * [#x1F50-#x1F57] | #x1F59 | #x1F5B | #x1F5D | [#x1F5F-#x1F7D] |
+ * [#x1F80-#x1FB4] | [#x1FB6-#x1FBC] | #x1FBE | [#x1FC2-#x1FC4] |
+ * [#x1FC6-#x1FCC] | [#x1FD0-#x1FD3] | [#x1FD6-#x1FDB] | [#x1FE0-#x1FEC] |
+ * [#x1FF2-#x1FF4] | [#x1FF6-#x1FFC] | #x2126 | [#x212A-#x212B] | #x212E |
+ * [#x2180-#x2182] | [#x3041-#x3094] | [#x30A1-#x30FA] | [#x3105-#x312C] |
+ * [#xAC00-#xD7A3] Ideographic ::= [#x4E00-#x9FA5] | #x3007 |
+ * [#x3021-#x3029]
+ *
+ * @return Random ID value
+ */
+
+ //Initialization of a generator of identifiers for all token SAML.
+ static {
+ loadRandomIdentifierGenerator();
+ }
+
+ /**
+ * Load random identifier generator.
+ *
+ *@throws STORKSAMLEngineRuntimeException the STORKSAML engine runtime exception
+ */
+ private static void loadRandomIdentifierGenerator() {
+ try {
+ generator = new SecureRandomIdentifierGenerator();
+ } catch (NoSuchAlgorithmException ex) {
+ LOG.error("Error init SecureRandomIdentifierGenerator", ex);
+ throw new STORKSAMLEngineRuntimeException(ex);
+ }
+
+ }
+
+ /**
+ * Creates the SAML object.
+ *
+ * @param qname the QName
+ *
+ * @return the XML object
+ */
+ public static XMLObject createSamlObject(final QName qname) {
+ if (qname.toString().endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
+ {
+ CustomAttributeQueryBuilder builder = new CustomAttributeQueryBuilder();
+ return builder.buildObject(qname);
+ }
+ else
+ {
+ return Configuration.getBuilderFactory().getBuilder(qname).buildObject(
+ qname);
+ }
+ }
+
+ /**
+ * Creates the SAML object.
+ *
+ * @param qname the quality name
+ * @param qname1 the qname1
+ *
+ * @return the xML object
+ */
+ public static XMLObject createSamlObject(final QName qname,
+ final QName qname1) {
+ return Configuration.getBuilderFactory().getBuilder(qname1)
+ .buildObject(qname, qname1);
+ }
+
+ /**
+ * Encode value with an specific algorithm.
+ *
+ * @param value the value
+ * @param alg the algorithm
+ *
+ * @return the string
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public static String encode(final String value, final String alg)
+ throws STORKSAMLEngineException {
+ LOG.debug("Encode value with " + alg + " algorithm.");
+ byte[] buffer;
+ final StringBuffer hash = new StringBuffer("");
+ try {
+ buffer = value.getBytes(UTF_8);
+ MessageDigest msgDig;
+ msgDig = MessageDigest.getInstance(alg);
+ msgDig.update(buffer);
+ final byte[] digest = msgDig.digest();
+ final int signedByte = 0xff;
+ for (byte aux : digest) {
+ final int byt = aux & signedByte;
+ if (Integer.toHexString(byt).length() == 1) {
+ hash.append('0');
+ }
+ hash.append(Integer.toHexString(byt));
+ }
+ } catch (UnsupportedEncodingException e1) {
+ LOG.error("UnsupportedEncodingException: " + UTF_8);
+ throw new STORKSAMLEngineException(e1);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("NoSuchAlgorithmException: " + alg);
+ throw new STORKSAMLEngineException(e);
+ }
+ return hash.toString();
+ }
+
+ /**
+ * Generate assertion.
+ *
+ * @param version the version
+ * @param identifier the identifier
+ * @param issueInstant the issue instant
+ * @param issuer the issuer
+ *
+ * @return the assertion
+ */
+ public static Assertion generateAssertion(final SAMLVersion version,
+ final String identifier, final DateTime issueInstant,
+ final Issuer issuer) {
+ final AssertionBuilder assertionBuilder = new AssertionBuilder();
+ final Assertion assertion = assertionBuilder.buildObject();
+ assertion.setVersion(version);
+ assertion.setID(identifier);
+ assertion.setIssueInstant(issueInstant);
+ // <saml:Issuer>
+ assertion.setIssuer(issuer);
+ return assertion;
+ }
+
+ /**
+ * Generate authentication statement.
+ *
+ * @param authnInstant the authentication instant
+ * @param authnContext the authentication context
+ *
+ * @return the authentication statement
+ */
+ public static AuthnStatement generateAthnStatement(final DateTime authnInstant,
+ final AuthnContext authnContext) {
+ // <saml:AuthnStatement>
+ final AuthnStatement authnStatement = (AuthnStatement) SAMLEngineUtils
+ .createSamlObject(AuthnStatement.DEFAULT_ELEMENT_NAME);
+ authnStatement.setAuthnInstant(authnInstant);
+ authnStatement.setAuthnContext(authnContext);
+ return authnStatement;
+ }
+
+ /**
+ * Generate attribute from a list of values.
+ *
+ * @param name the name of the attribute.
+ * @param status the status of the parameter: "Available", "NotAvailable" or
+ * "Withheld".
+ * @param values the value of the attribute.
+ * @param isHashing the is hashing with "SHA-512" algorithm.
+ * @return the attribute
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public static Attribute generateAttrComplex(final String name,
+ final String status, final Map<String, String> values,
+ final boolean isHashing) throws STORKSAMLEngineException {
+ LOG.debug("Generate attribute complex: " + name);
+ final Attribute attribute = (Attribute) SAMLEngineUtils
+ .createSamlObject(Attribute.DEFAULT_ELEMENT_NAME);
+
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ attribute.getUnknownAttributes().put(
+ new QName(SAMLCore.STORK10_NS.getValue(), "AttributeStatus",
+ SAMLCore.STORK10_PREFIX.getValue()), status);
+
+ if (!values.isEmpty()) {
+ LOG.debug("Add attribute values.");
+ // Create an attribute that contains all XSAny elements.
+ final XSAny attrValue = (XSAny) SAMLEngineUtils.createSamlObject(
+ AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
+ final Iterator<Entry<String, String>> iterator = values.entrySet()
+ .iterator();
+ while (iterator.hasNext()) {
+ final Map.Entry<String, String> pairs = iterator.next();
+ final String value = pairs.getValue();
+
+ if (StringUtils.isNotBlank(value)) {
+ // Create the attribute statement
+ final XSAny attrValueSimple = (XSAny) SAMLEngineUtils
+ .createSamlObject(new QName(SAMLCore.STORK10_NS.getValue(),
+ pairs.getKey().toString(),
+ SAMLCore.STORK10_PREFIX.getValue()), XSAny.TYPE_NAME);
+ // if it's necessary encode the information.
+ if (isHashing) {
+ attrValueSimple
+ .setTextContent(encode(value, SHA_512));
+ } else {
+ attrValueSimple.setTextContent(value);
+ }
+ attrValue.getUnknownXMLObjects().add(attrValueSimple);
+ attribute.getAttributeValues().add(attrValue);
+ }
+ }
+
+ }
+ return attribute;
+ }
+
+ /**
+ * Generate extension.
+ *
+ * @return the extensions
+ */
+ public static Extensions generateExtension() {
+ final ExtensionsBuilder extensionsBuilder = new ExtensionsBuilder();
+ return extensionsBuilder.buildObject(
+ "urn:oasis:names:tc:SAML:2.0:protocol", "Extensions", "saml2p");
+ }
+
+ /**
+ * Generate issuer.
+ *
+ * @return the issuer
+ */
+ public static Issuer generateIssuer() {
+ return (Issuer) SAMLEngineUtils
+ .createSamlObject(Issuer.DEFAULT_ELEMENT_NAME);
+ }
+
+ /**
+ * Generate key info.
+ *
+ * @return the key info
+ */
+ public static KeyInfo generateKeyInfo() {
+ return (KeyInfo) SAMLEngineUtils
+ .createSamlObject(KeyInfo.DEFAULT_ELEMENT_NAME);
+ }
+
+ /**
+ * Generate name id.
+ *
+ * @return the name id
+ */
+ public static NameID generateNameID() {
+ return (NameID) SAMLEngineUtils
+ .createSamlObject(NameID.DEFAULT_ELEMENT_NAME);
+ }
+
+ /**
+ * Generate name id.
+ *
+ * @param nameQualifier the name qualifier
+ * @param format the format
+ * @param spNameQualifier the sP name qualifier
+ *
+ * @return the name id
+ */
+ public static NameID generateNameID(final String nameQualifier,
+ final String format, final String spNameQualifier) {
+ // <saml:NameID>
+ final NameID nameId = (NameID) Configuration.getBuilderFactory()
+ .getBuilder(NameID.DEFAULT_ELEMENT_NAME).buildObject(
+ NameID.DEFAULT_ELEMENT_NAME);
+ // optional
+ nameId.setNameQualifier(nameQualifier);
+ // optional
+ nameId.setFormat(format);
+ // optional
+ nameId.setSPNameQualifier(spNameQualifier);
+ return nameId;
+ }
+
+ /**
+ * Generate NCName.
+ *
+ * @return the string
+ */
+ public static String generateNCName() {
+ return generator.generateIdentifier();
+ }
+
+ /**
+ * Generate the quality authentication assurance level.
+ *
+ * @param qaal the level of quality authentication assurance.
+ *
+ * @return the quality authentication assurance attribute
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public static QAAAttribute generateQAAAttribute(final int qaal)
+ throws STORKSAMLEngineException {
+ LOG.debug("Generate QAAAttribute.");
+
+ final QAAAttribute qaaAttribute = (QAAAttribute) SAMLEngineUtils
+ .createSamlObject(QAAAttribute.DEF_ELEMENT_NAME);
+ qaaAttribute.setQaaLevel(String.valueOf(qaal));
+ return qaaAttribute;
+ }
+
+ /**
+ * Generate requested attribute.
+ *
+ * @param name the name
+ * @param friendlyName the friendly name
+ * @param isRequired the is required
+ * @param value the value
+ *
+ * @return the requested attribute
+ */
+ public static RequestedAttribute generateReqAuthnAttributeSimple(
+ final String name, final String friendlyName,
+ final String isRequired, final List<String> value) {
+ LOG.debug("Generate the requested attribute.");
+
+ final RequestedAttribute requested = (RequestedAttribute) SAMLEngineUtils
+ .createSamlObject(RequestedAttribute.DEF_ELEMENT_NAME);
+ requested.setName(name);
+ requested.setNameFormat(RequestedAttribute.URI_REFERENCE);
+
+ requested.setFriendlyName(friendlyName);
+
+ requested.setIsRequired(isRequired);
+
+ // The value is optional in an authentication request.
+ if (!value.isEmpty()) {
+ for (int nextValue = 0; nextValue < value.size(); nextValue++) {
+ final String valor = value.get(nextValue);
+ if (StringUtils.isNotBlank(valor)) {
+
+ if(!name.equals("http://www.stork.gov.eu/1.0/signedDoc")){
+
+ // Create the attribute statement
+ final XSAny attrValue = (XSAny) SAMLEngineUtils
+ .createSamlObject(
+ new QName(SAMLCore.STORK10_NS.getValue(),
+ "AttributeValue",
+ SAMLCore.STORK10_PREFIX.getValue()),
+ XSAny.TYPE_NAME);
+
+ attrValue.setTextContent(valor.trim());
+ requested.getAttributeValues().add(attrValue);
+
+ }else{
+
+ DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
+ domFactory.setNamespaceAware(true);
+ Document document = null;
+ DocumentBuilder builder;
+
+ // Parse the signedDoc value into an XML DOM Document
+ try {
+ builder = domFactory.newDocumentBuilder();
+ InputStream is;
+ is = new ByteArrayInputStream(valor.trim().getBytes(UTF_8));
+ document = builder.parse(is);
+ is.close();
+ } catch (SAXException e1) {
+ LOG.error("SAX Error while parsing signModule attribute", e1);
+ throw new STORKSAMLEngineRuntimeException(e1);
+ } catch (ParserConfigurationException e2) {
+ LOG.error("Parser Configuration Error while parsing signModule attribute", e2);
+ throw new STORKSAMLEngineRuntimeException(e2);
+ } catch (UnsupportedEncodingException e3) {
+ LOG.error("Unsupported encoding Error while parsing signModule attribute", e3);
+ throw new STORKSAMLEngineRuntimeException(e3);
+ } catch (IOException e4) {
+ LOG.error("IO Error while parsing signModule attribute", e4);
+ throw new STORKSAMLEngineRuntimeException(e4);
+ }
+
+ // Create the XML statement(this will be overwritten with the previous DOM structure)
+ final XSAny xmlValue = (XSAny) SAMLEngineUtils
+ .createSamlObject(
+ new QName(SAMLCore.STORK10_NS.getValue(),
+ "XMLValue",
+ SAMLCore.STORK10_PREFIX.getValue()),
+ XSAny.TYPE_NAME);
+
+ //Set the signedDoc XML content to this element
+ xmlValue.setDOM(document.getDocumentElement());
+
+ // Create the attribute statement
+ final XSAny attrValue = (XSAny) SAMLEngineUtils
+ .createSamlObject(
+ new QName(SAMLCore.STORK10_NS.getValue(),
+ "AttributeValue",
+ SAMLCore.STORK10_PREFIX.getValue()),
+ XSAny.TYPE_NAME);
+
+ //Add previous signedDocXML to the AttributeValue Element
+ attrValue.getUnknownXMLObjects().add(xmlValue);
+
+ requested.getAttributeValues().add(attrValue);
+ }
+
+
+ }
+ }
+ }
+
+ return requested;
+ }
+
+ /**
+ * Generate response.
+ *
+ * @param version the version
+ * @param identifier the identifier
+ * @param issueInstant the issue instant
+ * @param status the status
+ *
+ * @return the response
+ */
+ public static Response generateResponse(final SAMLVersion version,
+ final String identifier, final DateTime issueInstant,
+ final Status status) {
+ final Response response = (Response) SAMLEngineUtils
+ .createSamlObject(Response.DEFAULT_ELEMENT_NAME);
+ response.setID(identifier);
+ response.setIssueInstant(issueInstant);
+ response.setStatus(status);
+ return response;
+ }
+
+ /**
+ * Method that generates a SAML Authentication Request basing on the
+ * provided information.
+ *
+ * @param identifier the identifier
+ * @param version the version
+ * @param issueInstant the issue instant
+ *
+ * @return the authentication request
+ */
+ public static AuthnRequest generateSAMLAuthnRequest(final String identifier,
+ final SAMLVersion version, final DateTime issueInstant) {
+ LOG.debug("Generate basic authentication request.");
+ final AuthnRequest authnRequest = (AuthnRequest) SAMLEngineUtils
+ .createSamlObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
+
+ authnRequest.setID(identifier);
+ authnRequest.setVersion(version);
+ authnRequest.setIssueInstant(issueInstant);
+ return authnRequest;
+ }
+
+ public static CustomAttributeQuery generateSAMLAttrQueryRequest(final String identifier,
+ final SAMLVersion version, final DateTime issueInstant) {
+ LOG.debug("Generate attribute query request.");
+ final CustomAttributeQuery attrQueryRequest = (CustomAttributeQuery) SAMLEngineUtils
+ .createSamlObject(CustomAttributeQuery.DEFAULT_ELEMENT_NAME);
+
+ attrQueryRequest.setID(identifier);
+ attrQueryRequest.setVersion(version);
+ attrQueryRequest.setIssueInstant(issueInstant);
+ return attrQueryRequest;
+ }
+
+ public static LogoutRequest generateSAMLLogoutRequest(final String identifier,
+ final SAMLVersion version, final DateTime issueInstant) {
+ LOG.debug("Generate logout request.");
+ final LogoutRequest logoutRequest = (LogoutRequest)SAMLEngineUtils.
+ createSamlObject(LogoutRequest.DEFAULT_ELEMENT_NAME);
+
+
+ logoutRequest.setID(identifier);
+ logoutRequest.setVersion(version);
+ logoutRequest.setIssueInstant(issueInstant);
+ return logoutRequest;
+ }
+
+ public static LogoutResponse generateSAMLLogoutResponse(final String identifier,
+ final SAMLVersion version, final DateTime issueInstant,
+ final Status status, final String inResponseTo) {
+ LOG.debug("Generate logout response.");
+ final LogoutResponse logoutResponse = (LogoutResponse)SAMLEngineUtils.
+ createSamlObject(LogoutResponse.DEFAULT_ELEMENT_NAME);
+
+ logoutResponse.setInResponseTo(inResponseTo);
+ logoutResponse.setStatus(status);
+ logoutResponse.setID(identifier);
+ logoutResponse.setVersion(version);
+ logoutResponse.setIssueInstant(issueInstant);
+ return logoutResponse;
+ }
+
+ /**
+ * Generate service provider application.
+ *
+ * @param spApplication the service provider application
+ *
+ * @return the sP application
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public static SPApplication generateSPApplication(final String spApplication)
+ throws STORKSAMLEngineException {
+ LOG.debug("Generate SPApplication.");
+
+ final SPApplication applicationAttr = (SPApplication) SAMLEngineUtils
+ .createSamlObject(SPApplication.DEF_ELEMENT_NAME);
+ applicationAttr.setSPApplication(spApplication);
+ return applicationAttr;
+ }
+
+ /**
+ * Generate service provider country.
+ *
+ * @param spCountry the service provider country
+ *
+ * @return the service provider country
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public static SPCountry generateSPCountry(final String spCountry)
+ throws STORKSAMLEngineException {
+ LOG.debug("Generate SPApplication.");
+
+ final SPCountry countryAttribute = (SPCountry) SAMLEngineUtils
+ .createSamlObject(SPCountry.DEF_ELEMENT_NAME);
+ countryAttribute.setSPCountry(spCountry);
+ return countryAttribute;
+ }
+
+ /**
+ * Generate service provider institution.
+ *
+ * @param spInstitution the service provider institution
+ *
+ * @return the service provider institution
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public static SPInstitution generateSPInstitution(final String spInstitution)
+ throws STORKSAMLEngineException {
+ LOG.debug("Generate SPInstitution.");
+
+ final SPInstitution institutionAttr = (SPInstitution) SAMLEngineUtils
+ .createSamlObject(SPInstitution.DEF_ELEMENT_NAME);
+ institutionAttr.setSPInstitution(spInstitution);
+ return institutionAttr;
+ }
+
+ /**
+ * Generate service provider sector.
+ *
+ * @param spSector the service provider sector
+ *
+ * @return the service provider sector
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public static SPSector generateSPSector(final String spSector)
+ throws STORKSAMLEngineException {
+ LOG.debug("Generate SPSector.");
+
+ final SPSector sectorAttribute = (SPSector) SAMLEngineUtils
+ .createSamlObject(SPSector.DEF_ELEMENT_NAME);
+ sectorAttribute.setSPSector(spSector);
+ return sectorAttribute;
+ }
+
+ /**
+ * Generate status.
+ *
+ * @param statusCode the status code
+ *
+ * @return the status
+ */
+ public static Status generateStatus(final StatusCode statusCode) {
+ final Status status = (Status) SAMLEngineUtils
+ .createSamlObject(Status.DEFAULT_ELEMENT_NAME);
+ status.setStatusCode(statusCode);
+ return status;
+ }
+
+ /**
+ * Generate status code.
+ *
+ * @param value the value
+ *
+ * @return the status code
+ */
+ public static StatusCode generateStatusCode(final String value) {
+ final StatusCode statusCode = (StatusCode) SAMLEngineUtils
+ .createSamlObject(StatusCode.DEFAULT_ELEMENT_NAME);
+ statusCode.setValue(value);
+ return statusCode;
+ }
+
+ /**
+ * Generate status message.
+ *
+ * @param message the message
+ *
+ * @return the status message
+ */
+ public static StatusMessage generateStatusMessage(final String message) {
+ final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
+ .createSamlObject(StatusMessage.DEFAULT_ELEMENT_NAME);
+ statusMessage.setMessage(message);
+ return statusMessage;
+ }
+
+ /**
+ * Generate subject.
+ *
+ * @return the subject
+ */
+ public static Subject generateSubject() {
+ return (Subject) SAMLEngineUtils
+ .createSamlObject(Subject.DEFAULT_ELEMENT_NAME);
+ }
+
+ /**
+ * Generate subject confirmation.
+ *
+ * @param method the method
+ * @param data the data
+ *
+ * @return the subject confirmation
+ */
+ public static SubjectConfirmation generateSubjectConfirmation(
+ final String method, final SubjectConfirmationData data) {
+ final SubjectConfirmation subjectConf = (SubjectConfirmation) Configuration
+ .getBuilderFactory().getBuilder(
+ SubjectConfirmation.DEFAULT_ELEMENT_NAME).buildObject(
+ SubjectConfirmation.DEFAULT_ELEMENT_NAME);
+
+ subjectConf.setMethod(method);
+
+ subjectConf.setSubjectConfirmationData(data);
+
+ return subjectConf;
+ }
+
+ /**
+ * Generate subject confirmation data.
+ *
+ * @param notOnOrAfter the not on or after
+ * @param recipient the recipient
+ * @param inResponseTo the in response to
+ *
+ * @return the subject confirmation data
+ */
+ public static SubjectConfirmationData generateSubjectConfirmationData(
+ final DateTime notOnOrAfter, final String recipient,
+ final String inResponseTo) {
+ final SubjectConfirmationData subjectConfData = (SubjectConfirmationData) SAMLEngineUtils
+ .createSamlObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
+ subjectConfData.setNotOnOrAfter(notOnOrAfter);
+ subjectConfData.setRecipient(recipient);
+ subjectConfData.setInResponseTo(inResponseTo);
+ return subjectConfData;
+ }
+
+ /**
+ * Generate subject locality.
+ *
+ * @param address the address
+ *
+ * @return the subject locality
+ */
+ public static SubjectLocality generateSubjectLocality(final String address) {
+ final SubjectLocality subjectLocality = (SubjectLocality) SAMLEngineUtils
+ .createSamlObject(SubjectLocality.DEFAULT_ELEMENT_NAME);
+ subjectLocality.setAddress(address);
+ return subjectLocality;
+ }
+
+ /**
+ * Method that returns the current time.
+ *
+ * @return the current time
+ */
+ public static DateTime getCurrentTime() {
+ return new DateTime();
+ }
+
+ /**
+ * Instantiates a new SAML engine utilities.
+ */
+ private SAMLEngineUtils() {
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
index 20ebb709d..6bdf7b320 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
@@ -1,3705 +1,3744 @@
-/*
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.apache.commons.lang.StringUtils;
-import org.bouncycastle.jce.X509Principal;
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextDecl;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.OneTimeUse;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.core.SubjectLocality;
-import org.opensaml.saml2.core.impl.SubjectConfirmationBuilder;
-import org.opensaml.xml.Namespace;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSAny;
-import org.opensaml.xml.schema.impl.XSAnyBuilder;
-import org.opensaml.xml.schema.impl.XSAnyImpl;
-import org.opensaml.xml.schema.impl.XSAnyMarshaller;
-import org.opensaml.xml.schema.impl.XSAnyUnmarshaller;
-import org.opensaml.xml.schema.impl.XSDateTimeImpl;
-import org.opensaml.xml.schema.impl.XSStringImpl;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.Validator;
-import org.opensaml.xml.validation.ValidatorSuite;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
-import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
-import eu.stork.peps.auth.commons.STORKLogoutRequest;
-import eu.stork.peps.auth.commons.STORKLogoutResponse;
-import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
-import eu.stork.peps.auth.engine.core.CitizenCountryCode;
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.CustomRequestAbstractType;
-import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
-import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
-import eu.stork.peps.auth.engine.core.EIDSectorShare;
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-import eu.stork.peps.auth.engine.core.RequestedAttribute;
-import eu.stork.peps.auth.engine.core.RequestedAttributes;
-import eu.stork.peps.auth.engine.core.SAMLCore;
-import eu.stork.peps.auth.engine.core.SPApplication;
-import eu.stork.peps.auth.engine.core.SPCountry;
-import eu.stork.peps.auth.engine.core.SPID;
-import eu.stork.peps.auth.engine.core.SPInformation;
-import eu.stork.peps.auth.engine.core.SPInstitution;
-import eu.stork.peps.auth.engine.core.SPSector;
-import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
-import eu.stork.peps.auth.engine.core.impl.AuthenticationAttributesBuilder;
-import eu.stork.peps.auth.engine.core.impl.AuthenticationAttributesMarshaller;
-import eu.stork.peps.auth.engine.core.impl.AuthenticationAttributesUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.CitizenCountryCodeBuilder;
-import eu.stork.peps.auth.engine.core.impl.CitizenCountryCodeMarshaller;
-import eu.stork.peps.auth.engine.core.impl.CitizenCountryCodeUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.CustomAttributeQueryUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossBorderShareBuilder;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossBorderShareMarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossBorderShareUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossSectorShareBuilder;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossSectorShareMarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDCrossSectorShareUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDSectorShareBuilder;
-import eu.stork.peps.auth.engine.core.impl.EIDSectorShareMarshaller;
-import eu.stork.peps.auth.engine.core.impl.EIDSectorShareUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.QAAAttributeBuilder;
-import eu.stork.peps.auth.engine.core.impl.QAAAttributeMarshaller;
-import eu.stork.peps.auth.engine.core.impl.QAAAttributeUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributeBuilder;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributeMarshaller;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributeUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributesBuilder;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributesMarshaller;
-import eu.stork.peps.auth.engine.core.impl.RequestedAttributesUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPApplicationBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPApplicationMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPApplicationUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPCountryBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPCountryMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPCountryUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPIDBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPIDMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPIDUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPInformationBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPInformationMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPInformationUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPInstitutionBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPInstitutionMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPInstitutionUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPSectorBuilder;
-import eu.stork.peps.auth.engine.core.impl.SPSectorMarshaller;
-import eu.stork.peps.auth.engine.core.impl.SPSectorUnmarshaller;
-import eu.stork.peps.auth.engine.core.impl.VIDPAuthenticationAttributesBuilder;
-import eu.stork.peps.auth.engine.core.impl.VIDPAuthenticationAttributesMarshaller;
-import eu.stork.peps.auth.engine.core.impl.VIDPAuthenticationAttributesUnmarshaller;
-import eu.stork.peps.auth.engine.core.validator.CustomAttributeQueryValidator;
-import eu.stork.peps.auth.engine.core.validator.ExtensionsSchemaValidator;
-import eu.stork.peps.auth.engine.core.validator.QAAAttributeSchemaValidator;
-import eu.stork.peps.exceptions.SAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
-
-/**
- * Class that wraps the operations over SAML tokens, both generation and
- * validation of SAML STORK requests and SAML STORK responses. Complaint with
- * "OASIS Secure Assertion Markup Language (SAML) 2.0, May 2005", but taking
- * into account STORK specific requirements.
- *
- * @author fjquevedo
- * @author iinigo
- */
-public final class STORKSAMLEngine extends SAMLEngine {
-
- /** The Constant LOG. */
- private static final Logger LOG = LoggerFactory
- .getLogger(STORKSAMLEngine.class.getName());
-
- private static final String ATTRIBUTE_EMPTY_LITERAL = "Attribute name is null or empty.";
- /**
- * Gets the single instance of STORKSAMLEngine.
- *
- * @param nameInstance the name instance
- *
- * @return single instance of STORKSAMLEngine
- */
- public static synchronized STORKSAMLEngine getInstance(
- final String nameInstance) {
- STORKSAMLEngine engine = null;
- LOG.info("Get instance: " + nameInstance);
- try {
- engine = new STORKSAMLEngine(nameInstance.trim());
- } catch (Exception e) {
- LOG.error("Error get instance: " + nameInstance);
- }
- return engine;
- }
-
- /**
- * Instantiate a new STORKSAML engine.
- *
- * @param nameInstance the name instance
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private STORKSAMLEngine(final String nameInstance)
- throws STORKSAMLEngineException {
- // Initialization OpenSAML.
- super(nameInstance);
- LOG.info("Register STORK objects provider.");
- Configuration.registerObjectProvider(QAAAttribute.DEF_ELEMENT_NAME,
- new QAAAttributeBuilder(), new QAAAttributeMarshaller(),
- new QAAAttributeUnmarshaller());
-
- Configuration.registerObjectProvider(EIDSectorShare.DEF_ELEMENT_NAME,
- new EIDSectorShareBuilder(), new EIDSectorShareMarshaller(),
- new EIDSectorShareUnmarshaller());
-
- Configuration.registerObjectProvider(
- EIDCrossSectorShare.DEF_ELEMENT_NAME,
- new EIDCrossSectorShareBuilder(),
- new EIDCrossSectorShareMarshaller(),
- new EIDCrossSectorShareUnmarshaller());
-
- Configuration.registerObjectProvider(
- EIDCrossBorderShare.DEF_ELEMENT_NAME,
- new EIDCrossBorderShareBuilder(),
- new EIDCrossBorderShareMarshaller(),
- new EIDCrossBorderShareUnmarshaller());
-
- Configuration.registerObjectProvider(SPSector.DEF_ELEMENT_NAME,
- new SPSectorBuilder(), new SPSectorMarshaller(),
- new SPSectorUnmarshaller());
-
- Configuration.registerObjectProvider(SPInstitution.DEF_ELEMENT_NAME,
- new SPInstitutionBuilder(), new SPInstitutionMarshaller(),
- new SPInstitutionUnmarshaller());
-
- Configuration.registerObjectProvider(SPApplication.DEF_ELEMENT_NAME,
- new SPApplicationBuilder(), new SPApplicationMarshaller(),
- new SPApplicationUnmarshaller());
-
- Configuration.registerObjectProvider(SPCountry.DEF_ELEMENT_NAME,
- new SPCountryBuilder(), new SPCountryMarshaller(),
- new SPCountryUnmarshaller());
-
- Configuration.registerObjectProvider(XSAny.TYPE_NAME,
- new XSAnyBuilder(), new XSAnyMarshaller(),
- new XSAnyUnmarshaller());
-
- Configuration.registerObjectProvider(
- RequestedAttribute.DEF_ELEMENT_NAME,
- new RequestedAttributeBuilder(),
- new RequestedAttributeMarshaller(),
- new RequestedAttributeUnmarshaller());
-
- Configuration.registerObjectProvider(
- RequestedAttributes.DEF_ELEMENT_NAME,
- new RequestedAttributesBuilder(),
- new RequestedAttributesMarshaller(),
- new RequestedAttributesUnmarshaller());
-
- Configuration.registerObjectProvider(
- AuthenticationAttributes.DEF_ELEMENT_NAME,
- new AuthenticationAttributesBuilder(),
- new AuthenticationAttributesMarshaller(),
- new AuthenticationAttributesUnmarshaller());
-
- Configuration.registerObjectProvider(
- VIDPAuthenticationAttributes.DEF_ELEMENT_NAME,
- new VIDPAuthenticationAttributesBuilder(),
- new VIDPAuthenticationAttributesMarshaller(),
- new VIDPAuthenticationAttributesUnmarshaller());
-
- Configuration.registerObjectProvider(
- CitizenCountryCode.DEF_ELEMENT_NAME,
- new CitizenCountryCodeBuilder(),
- new CitizenCountryCodeMarshaller(),
- new CitizenCountryCodeUnmarshaller());
-
- Configuration.registerObjectProvider(
- SPID.DEF_ELEMENT_NAME,
- new SPIDBuilder(),
- new SPIDMarshaller(),
- new SPIDUnmarshaller());
-
- Configuration.registerObjectProvider(
- SPInformation.DEF_ELEMENT_NAME,
- new SPInformationBuilder(),
- new SPInformationMarshaller(),
- new SPInformationUnmarshaller());
-
- LOG.info("Register STORK object validators.");
- final ValidatorSuite validatorSuite = new ValidatorSuite(
- QAAAttribute.DEF_LOCAL_NAME);
-
- validatorSuite.registerValidator(QAAAttribute.DEF_ELEMENT_NAME,
- new QAAAttributeSchemaValidator());
- final Extensions extensions = SAMLEngineUtils.generateExtension();
- validatorSuite.registerValidator(extensions.getElementQName(),
- new ExtensionsSchemaValidator());
-
- Configuration.registerValidatorSuite(
- "stork:QualityAuthenticationAssuranceLevel", validatorSuite);
-
- }
-
- /**
- * Generate authentication response base.
- *
- * @param status the status
- * @param assertConsumerURL the assert consumer URL.
- * @param inResponseTo the in response to
- *
- * @return the response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Response genAuthnRespBase(final Status status,
- final String assertConsumerURL, final String inResponseTo)
- throws STORKSAMLEngineException {
- LOG.debug("Generate Authentication Response base.");
- final Response response = SAMLEngineUtils.generateResponse(
- SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(),
- SAMLEngineUtils.getCurrentTime(), status);
-
- // Set name Spaces
- this.setNameSpaces(response);
-
- // Mandatory STORK
- LOG.debug("Generate Issuer");
- final Issuer issuer = SAMLEngineUtils.generateIssuer();
- issuer.setValue(super.getSamlCoreProperties().getResponder());
-
- // Format Entity Optional STORK
- issuer.setFormat(super.getSamlCoreProperties().getFormatEntity());
-
- response.setIssuer(issuer);
-
- // destination Mandatory Stork
- response.setDestination(assertConsumerURL.trim());
-
- // inResponseTo Mandatory Stork
- response.setInResponseTo(inResponseTo.trim());
-
- // Optional STORK
- response.setConsent(super.getSamlCoreProperties()
- .getConsentAuthnResponse());
-
- return response;
- }
-
- /**
- * Generate attribute query response base.
- *
- * @param status the status
- * @param destinationURL the assert consumer URL.
- * @param inResponseTo the in response to
- *
- * @return the response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Response genAttrQueryRespBase(final Status status,
- final String destinationURL, final String inResponseTo)
- throws STORKSAMLEngineException {
- LOG.debug("Generate Attribute query Response base.");
- final Response response = SAMLEngineUtils.generateResponse(
- SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(),
- SAMLEngineUtils.getCurrentTime(), status);
-
- // Set name Spaces
- this.setNameSpaces(response);
-
- // Mandatory STORK
- LOG.debug("Generate Issuer");
- final Issuer issuer = SAMLEngineUtils.generateIssuer();
- issuer.setValue(super.getSamlCoreProperties().getResponder());
-
- // Format Entity Optional STORK
- issuer.setFormat(super.getSamlCoreProperties().getFormatEntity());
-
- response.setIssuer(issuer);
-
- // destination Mandatory Stork
- response.setDestination(destinationURL.trim());
-
- // inResponseTo Mandatory Stork
- response.setInResponseTo(inResponseTo.trim());
-
- // Optional STORK
- response.setConsent(super.getSamlCoreProperties()
- .getConsentAuthnResponse());
-
- return response;
- }
-
- /**
- * Generate assertion.
- *
- * @param ipAddress the IP address.
- * @param assertConsumerURL the assert consumer URL.
- * @param inResponseTo the in response to
- * @param issuer the issuer
- * @param notOnOrAfter the not on or after
- *
- * @return the assertion
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Assertion generateAssertion(final String ipAddress,
- final String assertConsumerURL, final String inResponseTo,
- final String issuer, final DateTime notOnOrAfter)
- throws STORKSAMLEngineException {
- LOG.info("Generate Assertion.");
-
- // Mandatory STORK
- LOG.debug("Generate Issuer to Assertion");
- final Issuer issuerAssertion = SAMLEngineUtils.generateIssuer();
- issuerAssertion.setValue(super.getSamlCoreProperties().getResponder());
-
- // Format Entity Optional STORK
- issuerAssertion.setFormat(super.getSamlCoreProperties()
- .getFormatEntity());
-
- final Assertion assertion = SAMLEngineUtils.generateAssertion(
- SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(),
- SAMLEngineUtils.getCurrentTime(), issuerAssertion);
-
- final Subject subject = SAMLEngineUtils.generateSubject();
-
- // Mandatory STORK verified
- // String format = NameID.UNSPECIFIED
- // specification: 'SAML:2.0' exist
- // opensaml: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- // opensaml "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
- final String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
-
- final String nameQualifier = "";
-
- LOG.debug("Generate NameID");
- final NameID nameId = SAMLEngineUtils.generateNameID(super
- .getSamlCoreProperties().getResponder(), format, nameQualifier);
- nameId.setValue(format);
- subject.setNameID(nameId);
-
- // Mandatory if urn:oasis:names:tc:SAML:2.0:cm:bearer.
- // Optional in other case.
- LOG.debug("Generate SubjectConfirmationData.");
- final SubjectConfirmationData dataBearer = SAMLEngineUtils
- .generateSubjectConfirmationData(SAMLEngineUtils
- .getCurrentTime(), assertConsumerURL, inResponseTo);
-
- // Mandatory if urn:oasis:names:tc:SAML:2.0:cm:bearer.
- // Optional in other case.
- LOG.debug("Generate SubjectConfirmation");
- final SubjectConfirmation subjectConf = SAMLEngineUtils
- .generateSubjectConfirmation(SubjectConfirmation.METHOD_BEARER,
- dataBearer);
-
- final ArrayList<SubjectConfirmation> listSubjectConf = new ArrayList<SubjectConfirmation>();
- listSubjectConf.add(subjectConf);
-
- for (final Iterator<SubjectConfirmation> iter = listSubjectConf
- .iterator(); iter.hasNext();) {
- final SubjectConfirmation element = iter.next();
-
- if (SubjectConfirmation.METHOD_BEARER.equals(element.getMethod())) {
- // ipAddress Mandatory if method is Bearer.
-
- if (StringUtils.isBlank(ipAddress)) {
- throw new STORKSAMLEngineException(
- "ipAddress is null or empty");
- }
- element.getSubjectConfirmationData().setAddress(
- ipAddress.trim());
- }
-
- element.getSubjectConfirmationData()
- .setRecipient(assertConsumerURL);
- element.getSubjectConfirmationData().setNotOnOrAfter(notOnOrAfter);
- }
-
- // The SAML 2.0 specification allows multiple SubjectConfirmations
- subject.getSubjectConfirmations().addAll(listSubjectConf);
-
- // Mandatory Stork
- assertion.setSubject(subject);
-
- // Conditions that MUST be evaluated when assessing the validity of
- // and/or when using the assertion.
- final Conditions conditions = this.generateConditions(SAMLEngineUtils
- .getCurrentTime(), notOnOrAfter, issuer);
-
- assertion.setConditions(conditions);
-
- LOG.debug("Generate stork Authentication Statement.");
- final AuthnStatement storkAuthnStat = this
- .generateStorkAuthStatement(ipAddress);
- assertion.getAuthnStatements().add(storkAuthnStat);
-
- return assertion;
- }
-
- private String getAttributeName(final PersonalAttribute attribute) throws STORKSAMLEngineException {
- if (StringUtils.isBlank(attribute.getName())) {
- LOG.error(ATTRIBUTE_EMPTY_LITERAL);
- throw new STORKSAMLEngineException(ATTRIBUTE_EMPTY_LITERAL);
- }
-
- final String attributeName = super.getSamlCoreProperties()
- .getProperty(attribute.getName());
-
- if (StringUtils.isBlank(attributeName)) {
- LOG.error("Attribute name: {} it is not known.", attribute
- .getName());
- throw new STORKSAMLEngineException("Attribute name: "
- + attribute.getName() + " it is not known.");
- }
- return attributeName;
- }
- /**
- * Generate attribute statement.
- *
- * @param personalAttrList the personal attribute list
- * @param isHashing the is hashing
- *
- * @return the attribute statement
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- * @throws IOException
- */
- private AttributeStatement generateAttributeStatement(
- final IPersonalAttributeList personalAttrList,
- final boolean isHashing) throws STORKSAMLEngineException {
- LOG.debug("Generate attribute statement");
-
- final AttributeStatement attrStatement = (AttributeStatement) SAMLEngineUtils
- .createSamlObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
-
- for (PersonalAttribute attribute : personalAttrList) {
-
- String attributeName = getAttributeName(attribute);
-
- // Verification that only one value it's permitted, simple or
- // complex, not both.
-
- final boolean simpleNull = (attribute.getValue() == null);
- final boolean simpleEmpty = (simpleNull || (!simpleNull && attribute
- .getValue().isEmpty()));
-
- final boolean complexNull = (attribute.getComplexValue() == null);
- final boolean complexEmpty = (complexNull || (!complexNull && attribute
- .getComplexValue().isEmpty()));
-
- if ((!simpleEmpty && !complexEmpty)) {
- throw new STORKSAMLEngineException(
- "Attribute name: "
- + attribute.getName()
- + " must be contain one value, simple or complex value.");
- } else {
-
- if (!simpleEmpty) {
- attrStatement.getAttributes().add(
- this.generateAttrSimple(attributeName, attribute
- .getStatus(), attribute.getValue(),
- isHashing));
- } else if (!complexEmpty) {
- attrStatement.getAttributes().add(
- SAMLEngineUtils.generateAttrComplex(attributeName,
- attribute.getStatus(), attribute
- .getComplexValue(), isHashing));
- } else if (!simpleNull) {
- attrStatement.getAttributes().add(
- this.generateAttrSimple(attributeName, attribute
- .getStatus(), new ArrayList<String>(),
- isHashing));
- } else {
- // Add attribute complex.
- attrStatement.getAttributes().add(
- SAMLEngineUtils.generateAttrComplex(attributeName,
- attribute.getStatus(),
- new HashMap<String, String>(), isHashing));
- }
- }
- }
- return attrStatement;
- }
- private XSAny createAttributeValueForSignedDoc(final String value, final boolean isHashing) throws STORKSAMLEngineException {
- DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
- domFactory.setNamespaceAware(true);
- Document document = null;
- DocumentBuilder builder;
-
- // Parse the signedDoc value into an XML DOM Document
- try {
- builder = domFactory.newDocumentBuilder();
- InputStream is;
- is = new ByteArrayInputStream(value.trim().getBytes("UTF-8"));
- document = builder.parse(is);
- is.close();
- } catch (SAXException e1) {
- LOG.error("SAX Error while parsing signModule attribute", e1);
- throw new STORKSAMLEngineRuntimeException(e1);
- } catch (ParserConfigurationException e2) {
- LOG.error("Parser Configuration Error while parsing signModule attribute", e2);
- throw new STORKSAMLEngineRuntimeException(e2);
- } catch (UnsupportedEncodingException e3) {
- LOG.error("Unsupported encoding Error while parsing signModule attribute", e3);
- throw new STORKSAMLEngineRuntimeException(e3);
- } catch (IOException e4) {
- LOG.error("IO Error while parsing signModule attribute", e4);
- throw new STORKSAMLEngineRuntimeException(e4);
- }
-
- // Create the attribute statement
- final XSAny xmlValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- AttributeValue.DEFAULT_ELEMENT_NAME,
- XSAny.TYPE_NAME);
-
- //Set the signedDoc XML content to this element
- xmlValue.setDOM(document.getDocumentElement());
-
- // Create the attribute statement
- final XSAny attrValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- AttributeValue.DEFAULT_ELEMENT_NAME,
- XSAny.TYPE_NAME);
-
- //Add previous signedDocXML to the AttributeValue Element
-
- // if it's necessary encode the information.
- if (!isHashing) {
- attrValue.getUnknownXMLObjects().add(xmlValue);
- }
- return attrValue;
- }
-
- private XSAny createAttributeValueForNonSignedDoc(final String value, final boolean isHashing) throws STORKSAMLEngineException {
- // Create the attribute statement
- final XSAny attrValue = (XSAny) SAMLEngineUtils
- .createSamlObject(
- AttributeValue.DEFAULT_ELEMENT_NAME,
- XSAny.TYPE_NAME);
- // if it's necessary encode the information.
- if (isHashing) {
- attrValue.setTextContent(SAMLEngineUtils.encode(value, SAMLEngineUtils.SHA_512));
- } else {
- attrValue.setTextContent(value);
- }
- return attrValue;
- }
-
- /**
- * Generate attribute from a list of values.
- *
- * @param name the name of the attribute.
- * @param values the value of the attribute.
- * @param isHashing the is hashing with "SHA-512" algorithm.
- * @param status the status of the parameter: "Available", "NotAvailable" or
- * "Withheld".
- *
- * @return the attribute
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Attribute generateAttrSimple(final String name,
- final String status, final List<String> values,
- final boolean isHashing) throws STORKSAMLEngineException {
- LOG.debug("Generate attribute simple: " + name);
- final Attribute attribute = (Attribute) SAMLEngineUtils
- .createSamlObject(Attribute.DEFAULT_ELEMENT_NAME);
-
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
-
- attribute.getUnknownAttributes().put(
- new QName(SAMLCore.STORK10_NS.getValue(), "AttributeStatus",
- SAMLCore.STORK10_PREFIX.getValue()), status);
-
- if (values != null) {
- LOG.debug("Add attribute values.");
- for (int i = 0; i < values.size(); i++) {
- final String value = values.get(i);
- if (StringUtils.isNotBlank(value)) {
- XSAny attrValue = null;
- if (!name.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
- // Create the attribute statement
- attrValue = createAttributeValueForNonSignedDoc(value, isHashing);
-
- } else {
- attrValue = createAttributeValueForSignedDoc(value, isHashing);
- attribute.getAttributeValues().add(attrValue);
- }
- attribute.getAttributeValues().add(attrValue);
- }
- }
- }
- return attribute;
- }
-
- /**
- * Generate conditions that MUST be evaluated when assessing the validity of
- * and/or when using the assertion.
- *
- * @param notBefore the not before
- * @param notOnOrAfter the not on or after
- * @param audienceURI the audience URI.
- *
- * @return the conditions
- */
- private Conditions generateConditions(final DateTime notBefore,
- final DateTime notOnOrAfter, final String audienceURI) {
- LOG.debug("Generate conditions.");
- final Conditions conditions = (Conditions) SAMLEngineUtils
- .createSamlObject(Conditions.DEFAULT_ELEMENT_NAME);
- conditions.setNotBefore(notBefore);
- conditions.setNotOnOrAfter(notOnOrAfter);
-
- final AudienceRestriction restrictions = (AudienceRestriction) SAMLEngineUtils
- .createSamlObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
-
- final Audience audience = (Audience) SAMLEngineUtils
- .createSamlObject(Audience.DEFAULT_ELEMENT_NAME);
- audience.setAudienceURI(audienceURI);
-
- restrictions.getAudiences().add(audience);
- conditions.getAudienceRestrictions().add(restrictions);
-
- if (super.getSamlCoreProperties().isOneTimeUse()) {
- final OneTimeUse oneTimeUse = (OneTimeUse) SAMLEngineUtils
- .createSamlObject(OneTimeUse.DEFAULT_ELEMENT_NAME);
- conditions.getConditions().add(oneTimeUse);
- }
- return conditions;
- }
-
- /**
- * Generate personal attribute list.
- *
- * @param assertion the assertion
- *
- * @return the personal attribute list
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private IPersonalAttributeList generatePersonalAttributeList(
- final Assertion assertion) throws STORKSAMLEngineException {
- LOG.debug("Generate personal attribute list from XMLObject.");
- final List<XMLObject> listExtensions = assertion.getOrderedChildren();
-
- boolean find = false;
- AttributeStatement requestedAttr = null;
-
- // Search the attribute statement.
- for (int i = 0; i < listExtensions.size() && !find; i++) {
- final XMLObject xml = listExtensions.get(i);
- if (xml instanceof AttributeStatement) {
- requestedAttr = (AttributeStatement) xml;
- find = true;
- }
- }
-
- if (!find) {
- LOG.error("Error: AttributeStatement it's not present.");
- throw new STORKSAMLEngineException(
- "AttributeStatement it's not present.");
- }
-
- final List<Attribute> reqAttrs = requestedAttr.getAttributes();
-
- final IPersonalAttributeList personalAttrList = new PersonalAttributeList();
- String attributeName;
-
- // Process the attributes.
- for (int nextAttribute = 0; nextAttribute < reqAttrs.size(); nextAttribute++) {
- final Attribute attribute = reqAttrs.get(nextAttribute);
-
- final PersonalAttribute personalAttribute = new PersonalAttribute();
-
- attributeName = attribute.getName();
- personalAttribute.setName(attributeName.substring(attributeName
- .lastIndexOf('/') + 1));
-
- personalAttribute.setStatus(attribute.getUnknownAttributes().get(
- new QName(SAMLCore.STORK10_NS.getValue(),
- "AttributeStatus", SAMLCore.STORK10_PREFIX
- .getValue())));
-
- final ArrayList<String> simpleValues = new ArrayList<String>();
- final HashMap<String, String> multiValues = new HashMap<String, String>();
-
- final List<XMLObject> values = attribute.getOrderedChildren();
-
-
- // Process the values.
- for (int nextValue = 0; nextValue < values.size(); nextValue++) {
-
- final XMLObject xmlObject = values.get(nextValue);
-
- if (xmlObject instanceof XSStringImpl) {
-
- simpleValues.add(((XSStringImpl) xmlObject).getValue());
-
- } else if (xmlObject instanceof XSAnyImpl) {
-
- if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
-
- final XSAnyImpl xmlString = (XSAnyImpl) values
- .get(nextValue);
-
- TransformerFactory transFactory = TransformerFactory
- .newInstance();
- Transformer transformer = null;
- try {
- transformer = transFactory.newTransformer();
- transformer.setOutputProperty(
- OutputKeys.OMIT_XML_DECLARATION, "yes");
- } catch (TransformerConfigurationException e) {
- LOG.error("Error transformer configuration exception", e);
- }
- StringWriter buffer = new StringWriter();
- try {
- if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){
- transformer.transform(new DOMSource(xmlString
- .getUnknownXMLObjects().get(0).getDOM()),
- new StreamResult(buffer));
- }
- } catch (TransformerException e) {
- LOG.error("Error transformer exception", e);
- }
- String str = buffer.toString();
-
- simpleValues.add(str);
-
- } else if (isComplex(xmlObject))
- {
- LOG.info(attributeName + " found");
- // Process complex value.
- final XSAnyImpl complexValue = (XSAnyImpl) xmlObject;
-
- for (int nextComplexValue = 0; nextComplexValue < complexValue
- .getUnknownXMLObjects().size(); nextComplexValue++) {
-
- final XSAnyImpl simple = (XSAnyImpl) complexValue
- .getUnknownXMLObjects().get(
- nextComplexValue);
-
- multiValues.put(simple.getElementQName()
- .getLocalPart(), simple.getTextContent());
- }
-
- }
- else {
- // Process simple value.
- simpleValues.add(((XSAnyImpl) xmlObject)
- .getTextContent());
- }
-
- } else {
- LOG.error("Error: attribute value it's unknown.");
- throw new STORKSAMLEngineException(
- "Attribute value it's unknown.");
- }
- }
-
- personalAttribute.setValue(simpleValues);
- personalAttribute.setComplexValue(multiValues);
- personalAttrList.add(personalAttribute);
- }
-
- return personalAttrList;
- }
-
- /**
- * Generate stork authentication request.
- *
- * @param request the request that contain all parameters for generate an
- * authentication request.
- *
- * @return the STORK authentication request that has been processed.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnRequest generateSTORKAuthnRequest(
- final STORKAuthnRequest request) throws STORKSAMLEngineException {
- LOG.info("Generate SAMLAuthnRequest.");
-
- // Validate Parameters mandatories
- validateParamAuthnReq(request);
-
- final AuthnRequest authnRequestAux = SAMLEngineUtils
- .generateSAMLAuthnRequest(SAMLEngineUtils.generateNCName(),
- SAMLVersion.VERSION_20, SAMLEngineUtils
- .getCurrentTime());
-
- // Set name spaces.
- setNameSpaces(authnRequestAux);
-
- // Add parameter Mandatory STORK
- authnRequestAux.setForceAuthn(Boolean.TRUE);
-
- // Add parameter Mandatory STORK
- authnRequestAux.setIsPassive(Boolean.FALSE);
-
- authnRequestAux.setAssertionConsumerServiceURL(request
- .getAssertionConsumerServiceURL());
-
- authnRequestAux.setProviderName(request.getProviderName());
-
- // Add protocol binding
- authnRequestAux.setProtocolBinding(super.getSamlCoreProperties()
- .getProtocolBinding());
-
- // Add parameter optional STORK
- // Destination is mandatory if the destination is a C-PEPS
- // The application must to know if the destination is a C-PEPS.
- if (StringUtils.isNotBlank(request.getDestination())) {
- authnRequestAux.setDestination(request.getDestination());
- }
-
- // Consent is optional. Set from SAMLEngine.xml - consent.
- authnRequestAux.setConsent(super.getSamlCoreProperties()
- .getConsentAuthnRequest());
-
- final Issuer issuer = SAMLEngineUtils.generateIssuer();
-
- if(request.getIssuer()!=null){
- issuer.setValue(request.getIssuer());
- } else {
- issuer.setValue(super.getSamlCoreProperties().getRequester());
- }
-
- // Optional STORK
- final String formatEntity = super.getSamlCoreProperties()
- .getFormatEntity();
- if (StringUtils.isNotBlank(formatEntity)) {
- issuer.setFormat(formatEntity);
- }
-
- authnRequestAux.setIssuer(issuer);
-
- // Generate stork extensions.
- final Extensions storkExtensions = this
- .generateSTORKExtensions(request);
- // add the extensions to the SAMLAuthnRequest
- authnRequestAux.setExtensions(storkExtensions);
-
- // the result contains an authentication request token (byte[]),
- // identifier of the token, and all parameters from the request.
- final STORKAuthnRequest authRequest = processExtensions(authnRequestAux
- .getExtensions());
-
- try {
- authRequest.setTokenSaml(super.signAndMarshall(authnRequestAux));
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- authRequest.setSamlId(authnRequestAux.getID());
- authRequest.setDestination(authnRequestAux.getDestination());
- authRequest.setAssertionConsumerServiceURL(authnRequestAux
- .getAssertionConsumerServiceURL());
-
- authRequest.setProviderName(authnRequestAux.getProviderName());
- authRequest.setIssuer(authnRequestAux.getIssuer().getValue());
-
- return authRequest;
- }
-
- /**
- * Generate stork authentication response.
- *
- * @param request the request
- * @param responseAuthReq the response authentication request
- * @param ipAddress the IP address
- * @param isHashing the is hashing
- *
- * @return the sTORK authentication response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnResponse generateSTORKAuthnResponse(
- final STORKAuthnRequest request,
- final STORKAuthnResponse responseAuthReq, final String ipAddress,
- final boolean isHashing) throws STORKSAMLEngineException {
- LOG.info("generateSTORKAuthnResponse");
-
- // Validate parameters
- validateParamResponse(request, responseAuthReq);
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode");
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(StatusCode.SUCCESS_URI);
-
- LOG.debug("Generate Status");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- LOG.debug("Generate StatusMessage");
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(StatusCode.SUCCESS_URI);
-
- status.setStatusMessage(statusMessage);
-
- LOG.debug("Generate Response");
-
- // RESPONSE
- final Response response = genAuthnRespBase(status, request
- .getAssertionConsumerServiceURL(), request.getSamlId());
-
- DateTime notOnOrAfter = new DateTime();
-
- notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
- .getTimeNotOnOrAfter());
-
- final Assertion assertion = this.generateAssertion(ipAddress, request
- .getAssertionConsumerServiceURL(), request.getSamlId(), request
- .getIssuer(), notOnOrAfter);
-
- final AttributeStatement attrStatement = this
- .generateAttributeStatement(responseAuthReq
- .getPersonalAttributeList(), isHashing);
-
- assertion.getAttributeStatements().add(attrStatement);
-
- // Add assertions
- response.getAssertions().add(assertion);
-
- final STORKAuthnResponse authresponse = new STORKAuthnResponse();
-
- try {
- authresponse.setTokenSaml(super.signAndMarshall(response));
- authresponse.setSamlId(response.getID());
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
- return authresponse;
- }
-
- /**
- * Generate stork authentication response.
- *
- * @param request the request
- * @param responseAuthReq the response authentication request
- * @param ipAddress the IP address
- * @param isHashing the is hashing
- *
- * @return the sTORK authentication response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnResponse generateSTORKAuthnResponseAfterQuery(
- final STORKAuthnRequest request,
- final STORKAuthnResponse responseAuthReq, final String ipAddress,
- final boolean isHashing, List<STORKAttrQueryResponse> res) throws STORKSAMLEngineException {
- LOG.info("generateSTORKAuthnResponse");
-
- // Validate parameters
- validateParamResponse(request, responseAuthReq);
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode");
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(StatusCode.SUCCESS_URI);
-
- LOG.debug("Generate Status");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- LOG.debug("Generate StatusMessage");
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(StatusCode.SUCCESS_URI);
-
- status.setStatusMessage(statusMessage);
-
- LOG.debug("Generate Response");
-
- // RESPONSE
- final Response response = genAuthnRespBase(status, request
- .getAssertionConsumerServiceURL(), request.getSamlId());
-
- DateTime notOnOrAfter = new DateTime();
-
- notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
- .getTimeNotOnOrAfter());
-
- final Assertion assertion = this.generateAssertion(ipAddress, request
- .getAssertionConsumerServiceURL(), request.getSamlId(), request
- .getIssuer(), notOnOrAfter);
-
- final AttributeStatement attrStatement = this
- .generateAttributeStatement(responseAuthReq
- .getPersonalAttributeList(), isHashing);
-
- assertion.getAttributeStatements().add(attrStatement);
-
- // Add assertions
- response.getAssertions().add(assertion);
- // Check for response queries
- if (res != null && res.size() > 0)
- {
- //Iterate through them
- for (int i = 0; i < res.size(); i++)
- {
- //If response contains multiple assertions iterate through them as well
- if (res.get(i).getAssertions().size() > 1)
- {
- for (int j = 0; j < res.get(i).getAssertions().size(); j++)
- {
- Assertion tempAssertion = res.get(i).getAssertions().get(j);
- tempAssertion.setParent(response);
- response.getAssertions().add(tempAssertion);
- }
- } else {
- Assertion tempAssertion = res.get(i).getAssertion();
- tempAssertion.setParent(response);
- response.getAssertions().add(tempAssertion);
- }
- }
- }
-
- final STORKAuthnResponse authresponse = new STORKAuthnResponse();
-
- try {
- authresponse.setTokenSaml(super.signAndMarshall(response));
- authresponse.setSamlId(response.getID());
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
- return authresponse;
- }
-
- /**
- * Generate stork authentication response fail.
- *
- * @param request the request
- * @param response the response
- * @param ipAddress the IP address
- * @param isHashing the is hashing
- *
- * @return the sTORK authentication response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnResponse generateSTORKAuthnResponseFail(
- final STORKAuthnRequest request, final STORKAuthnResponse response,
- final String ipAddress, final boolean isHashing)
- throws STORKSAMLEngineException {
- LOG.info("generateSTORKAuthnResponseFail");
-
- validateParamResponseFail(request, response);
-
- // Mandatory
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(response.getStatusCode());
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode.");
- // Subordinate code it's optional in case not covered into next codes:
- // - urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
- // - urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue
- // - urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy
- // - urn:oasis:names:tc:SAML:2.0:status:RequestDenied
- // - http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported
-
- if (StringUtils.isNotBlank(response.getSubStatusCode())) {
- final StatusCode newStatusCode = SAMLEngineUtils
- .generateStatusCode(response.getSubStatusCode());
- statusCode.setStatusCode(newStatusCode);
- }
-
- LOG.debug("Generate Status.");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- if (StringUtils.isNotBlank(response.getMessage())) {
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(response.getMessage());
-
- status.setStatusMessage(statusMessage);
- }
-
- LOG.debug("Generate Response.");
- // RESPONSE
- final Response responseFail = genAuthnRespBase(status, request
- .getAssertionConsumerServiceURL(), request.getSamlId());
-
- DateTime notOnOrAfter = new DateTime();
-
- notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
- .getTimeNotOnOrAfter());
-
- final Assertion assertion = this.generateAssertion(ipAddress, request
- .getAssertionConsumerServiceURL(), request.getSamlId(), request
- .getIssuer(), notOnOrAfter);
-
- responseFail.getAssertions().add(assertion);
-
- LOG.debug("Sign and Marshall ResponseFail.");
-
- final STORKAuthnResponse storkResponse = new STORKAuthnResponse();
-
- try {
- storkResponse.setTokenSaml(super.signAndMarshall(responseFail));
- storkResponse.setSamlId(responseFail.getID());
- } catch (SAMLEngineException e) {
- LOG.error("SAMLEngineException.", e);
- throw new STORKSAMLEngineException(e);
- }
- return storkResponse;
- }
-
- /**
- * Generate stork attribute query request.
- *
- * @param request the request that contain all parameters for generate an
- * attribute query request.
- *
- * @return the STORK attribute query request that has been processed.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAttrQueryRequest generateSTORKAttrQueryRequest(
- final STORKAttrQueryRequest request) throws STORKSAMLEngineException {
- LOG.info("Generate STORKAttrQueryRequest.");
-
- // Validate Parameters mandatories
- validateParamAttrQueryReq(request);
-
- //final AttributeQuery attrQueryRequestAux = SAMLEngineUtils
- final CustomAttributeQuery attrQueryRequestAux = SAMLEngineUtils
- .generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(),
- SAMLVersion.VERSION_20, SAMLEngineUtils
- .getCurrentTime());
-
- // Set name spaces.
- setNameSpaces(attrQueryRequestAux);
-
-
- // Add parameter optional STORK
- // Destination is mandatory if the destination is a C-PEPS
- // The application must to know if the destination is a C-PEPS.
- if (StringUtils.isNotBlank(request.getDestination())) {
- attrQueryRequestAux.setDestination(request.getDestination());
- }
-
- // Add parameter optional STORK
- // Consumer URL is needed if using HTTP-Post
- if (StringUtils.isNotBlank(request.getAssertionConsumerServiceURL())) {
- attrQueryRequestAux.setAssertionConsumerServiceURL(request.getAssertionConsumerServiceURL());
- }
-
- // Consent is optional. Set from SAMLEngine.xml - consent.
- attrQueryRequestAux.setConsent(super.getSamlCoreProperties()
- .getConsentAuthnRequest());
-
- final Issuer issuer = SAMLEngineUtils.generateIssuer();
-
- //Set the subject - needed for attribute query validation
- Subject subject = SAMLEngineUtils.generateSubject();
- SubjectConfirmationBuilder builder = new SubjectConfirmationBuilder();
- SubjectConfirmation subjectConfirmation = builder.buildObject();
- subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
- subject.getSubjectConfirmations().add(subjectConfirmation);
- attrQueryRequestAux.setSubject(subject);
-
- if(request.getIssuer()!=null){
- issuer.setValue(request.getIssuer());
- } else {
- issuer.setValue(super.getSamlCoreProperties().getRequester());
- }
-
- // Optional STORK
- final String formatEntity = super.getSamlCoreProperties()
- .getFormatEntity();
- if (StringUtils.isNotBlank(formatEntity)) {
- issuer.setFormat(formatEntity);
- }
-
- attrQueryRequestAux.setIssuer(issuer);
-
- // Generate stork extensions.
- final Extensions storkExtensions = this
- .generateSTORKAttrExtensions(request);
- // add the extensions to the SAMLAuthnRequest
- attrQueryRequestAux.setExtensions(storkExtensions);
-
- // the result contains an authentication request token (byte[]),
- // identifier of the token, and all parameters from the request.
- final STORKAttrQueryRequest attrQueryRequest = processAttrExtensions(attrQueryRequestAux
- .getExtensions());
-
- try {
- attrQueryRequest.setTokenSaml(super.signAndMarshall(attrQueryRequestAux));
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- attrQueryRequest.setSamlId(attrQueryRequestAux.getID());
- attrQueryRequest.setDestination(attrQueryRequestAux.getDestination());
- attrQueryRequest.setAssertionConsumerServiceURL(attrQueryRequestAux.getAssertionConsumerServiceURL());
- attrQueryRequest.setIssuer(attrQueryRequestAux.getIssuer().getValue());
-
- return attrQueryRequest;
- }
-
- /**
- * Generate stork attribute query response.
- *
- * @param request the request
- * @param responseAttrQueryRes the response authentication request
- * @param ipAddress the IP address
- * @param isHashing the hashing of values
- *
- * @return the sTORK authentication response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAttrQueryResponse generateSTORKAttrQueryResponse(
- final STORKAttrQueryRequest request,
- final STORKAttrQueryResponse responseAttrQueryRes, final String ipAddress,
- final String destinationUrl, final boolean isHashing) throws STORKSAMLEngineException {
- LOG.info("generateSTORKAttrQueryResponse");
-
- // Validate parameters
- validateParamAttrQueryResponse(request, responseAttrQueryRes);
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode");
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(StatusCode.SUCCESS_URI);
-
- LOG.debug("Generate Status");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- LOG.debug("Generate StatusMessage");
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(StatusCode.SUCCESS_URI);
-
- status.setStatusMessage(statusMessage);
-
- LOG.debug("Generate Response");
-
- // RESPONSE
- final Response response = genAuthnRespBase(status, destinationUrl,
- request.getSamlId());
-
- DateTime notOnOrAfter = new DateTime();
-
- notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
- .getTimeNotOnOrAfter());
-
- final Assertion assertion = this.generateAssertion(ipAddress, ""
- ,request.getSamlId(), request.getIssuer(), notOnOrAfter);
-
- final AttributeStatement attrStatement = this
- .generateAttributeStatement(responseAttrQueryRes
- .getPersonalAttributeList(), isHashing);
-
- assertion.getAttributeStatements().add(attrStatement);
-
- // Add assertions
- response.getAssertions().add(assertion);
-
- final STORKAttrQueryResponse attrQueryResponse = new STORKAttrQueryResponse();
-
- try {
- attrQueryResponse.setTokenSaml(super.signAndMarshall(response));
- attrQueryResponse.setSamlId(response.getID());
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
- return attrQueryResponse;
- }
-
- /**
- * Generate stork attribute query response from multiple assertions
- *
- * @param request the request
- * @param responseAttrQueryRes the response to the query request
- * @param responses the responses to include in the response (aggregation)
- * @param ipAddress the IP address
- * @param isHashing the hashing of values
- *
- * @return the sTORK attribute query response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAttrQueryResponse generateSTORKAttrQueryResponseWithAssertions(
- final STORKAttrQueryRequest request, final STORKAttrQueryResponse responseAttrQueryRes,
- final List<STORKAttrQueryResponse> responses, final String ipAddress,
- final String destinationUrl, final boolean isHashing) throws STORKSAMLEngineException {
- LOG.info("generateSTORKAttrQueryResponse");
-
- // Validate parameters
- validateParamAttrQueryResponse(request, responseAttrQueryRes);
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode");
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(StatusCode.SUCCESS_URI);
-
- LOG.debug("Generate Status");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- LOG.debug("Generate StatusMessage");
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(StatusCode.SUCCESS_URI);
-
- status.setStatusMessage(statusMessage);
-
- LOG.debug("Generate Response");
-
- // RESPONSE
- final Response response = genAuthnRespBase(status, destinationUrl,
- request.getSamlId());
-
- DateTime notOnOrAfter = new DateTime();
-
- notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
- .getTimeNotOnOrAfter());
-
- final Assertion assertion = this.generateAssertion(ipAddress, ""
- ,request.getSamlId(), request.getIssuer(), notOnOrAfter);
-
- final AttributeStatement attrStatement = this
- .generateAttributeStatement(responseAttrQueryRes
- .getPersonalAttributeList(), isHashing);
-
- assertion.getAttributeStatements().add(attrStatement);
-
- // Add the assertions from the former Query responses
- response.getAssertions().add(assertion);
- if (responses != null && responses.size() > 0)
- {
- for (int i = 0; i < responses.size(); i++)
- {
- Assertion tempAssertion = responses.get(i).getAssertion();
- tempAssertion.setParent(response);
- response.getAssertions().add(tempAssertion);
- }
- }
-
- final STORKAttrQueryResponse attrQueryResponse = new STORKAttrQueryResponse();
-
- try {
- attrQueryResponse.setTokenSaml(super.signAndMarshall(response));
- attrQueryResponse.setSamlId(response.getID());
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
- return attrQueryResponse;
- }
-
- /**
- * Generate stork attribute query response fail.
- *
- * @param request the request
- * @param response the response
- * @param ipAddress the IP address
- * @param isHashing the is hashing
- *
- * @return the STORK attribute query response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAttrQueryResponse generateSTORKAttrQueryResponseFail(
- final STORKAttrQueryRequest request, final STORKAttrQueryResponse response,
- final String ipAddress, final String destinationUrl, final boolean isHashing)
- throws STORKSAMLEngineException {
- LOG.info("generateSTORKAttrQueryResponseFail");
-
- validateParamAttrQueryResponseFail(request, response);
-
- // Mandatory
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(response.getStatusCode());
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode.");
- // Subordinate code it's optional in case not covered into next codes:
- // - urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
- // - urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue
- // - urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy
- // - urn:oasis:names:tc:SAML:2.0:status:RequestDenied
- // - http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported
-
- if (StringUtils.isNotBlank(response.getSubStatusCode())) {
- final StatusCode newStatusCode = SAMLEngineUtils
- .generateStatusCode(response.getSubStatusCode());
- statusCode.setStatusCode(newStatusCode);
- }
-
- LOG.debug("Generate Status.");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- if (StringUtils.isNotBlank(response.getMessage())) {
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(response.getMessage());
-
- status.setStatusMessage(statusMessage);
- }
-
- LOG.debug("Generate Response.");
- // RESPONSE
- final Response responseFail = genAuthnRespBase(status, destinationUrl,
- request.getSamlId());
-
- DateTime notOnOrAfter = new DateTime();
-
- notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
- .getTimeNotOnOrAfter());
-
- final Assertion assertion = this.generateAssertion(ipAddress, "",
- request.getSamlId(), request
- .getIssuer(), notOnOrAfter);
-
- responseFail.getAssertions().add(assertion);
-
- LOG.debug("Sign and Marshall ResponseFail.");
-
- final STORKAttrQueryResponse storkResponse = new STORKAttrQueryResponse();
-
- try {
- storkResponse.setTokenSaml(super.signAndMarshall(responseFail));
- storkResponse.setSamlId(responseFail.getID());
- } catch (SAMLEngineException e) {
- LOG.error("SAMLEngineException.", e);
- throw new STORKSAMLEngineException(e);
- }
- return storkResponse;
- }
-
- /**
- * Generate stork logout request.
- *
- * @param request the request that contain all parameters for generate an
- * logout request.
- *
- * @return the STORK logout request that has been processed.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKLogoutRequest generateSTORKLogoutRequest(
- final STORKLogoutRequest request) throws STORKSAMLEngineException {
- LOG.info("Generate STORKLogoutRequest.");
-
- // Validate Parameters mandatories
- validateParamLogoutReq(request);
-
- final LogoutRequest logoutRequestAux = SAMLEngineUtils
- .generateSAMLLogoutRequest(SAMLEngineUtils.generateNCName(),
- SAMLVersion.VERSION_20, SAMLEngineUtils
- .getCurrentTime());
-
- // Set name spaces.
- setNameSpaces(logoutRequestAux);
-
-
- // Add parameter optional STORK
- // Destination is mandatory if the destination is a C-PEPS
- // The application must to know if the destination is a C-PEPS.
- if (StringUtils.isNotBlank(request.getDestination())) {
- logoutRequestAux.setDestination(request.getDestination());
- }
-
- // Consent is optional. Set from SAMLEngine.xml - consent.
- logoutRequestAux.setConsent(super.getSamlCoreProperties()
- .getConsentAuthnRequest());
-
- final Issuer issuer = SAMLEngineUtils.generateIssuer();
-
-
- if(request.getIssuer()!=null){
- issuer.setValue(request.getIssuer());
- } else {
- issuer.setValue(super.getSamlCoreProperties().getRequester());
- }
-
- // Optional STORK
- final String formatEntity = super.getSamlCoreProperties()
- .getFormatEntity();
- if (StringUtils.isNotBlank(formatEntity)) {
- issuer.setFormat(formatEntity);
- }
-
- logoutRequestAux.setIssuer(issuer);
-
- // Set the name ID
- final NameID newNameID = SAMLEngineUtils.generateNameID();
- newNameID.setValue(request.getSpProvidedId());
- logoutRequestAux.setNameID(newNameID);
-
-
- // the result contains an authentication request token (byte[]),
- // identifier of the token, and all parameters from the request.
- final STORKLogoutRequest logoutRequest = new STORKLogoutRequest();
-
- try {
- logoutRequest.setTokenSaml(super.signAndMarshall(logoutRequestAux));
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- logoutRequest.setSamlId(logoutRequestAux.getID());
- logoutRequest.setDestination(logoutRequestAux.getDestination());
- logoutRequest.setIssuer(logoutRequestAux.getIssuer().getValue());
- logoutRequest.setSpProvidedId(logoutRequestAux.getNameID().getValue());
-
- return logoutRequest;
- }
-
-
- /**
- * Generate stork logout response.
- * @param request the request thats being responded to
- * @param response the tesponse that contain all parameters for generate an
- * logout request.
- *
- * @return the STORK logout response that has been processed.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKLogoutResponse generateSTORKLogoutResponse(
- final STORKLogoutRequest request,
- final STORKLogoutResponse response) throws STORKSAMLEngineException {
- LOG.info("Generate STORKLogoutResponse.");
-
- // Validate Parameters mandatories
- validateParamLogoutRes(request, response);
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode");
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(StatusCode.SUCCESS_URI);
-
- LOG.debug("Generate Status");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- LOG.debug("Generate StatusMessage");
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(StatusCode.SUCCESS_URI);
-
- status.setStatusMessage(statusMessage);
-
- final LogoutResponse logoutResponseAux= SAMLEngineUtils
- .generateSAMLLogoutResponse(SAMLEngineUtils.generateNCName(),
- SAMLVersion.VERSION_20, SAMLEngineUtils
- .getCurrentTime(), status, request.getSamlId());
-
- // Set name spaces.
- setNameSpaces(logoutResponseAux);
-
-
- // Add parameter optional STORK
- // Destination is mandatory if the destination is a C-PEPS
- // The application must to know if the destination is a C-PEPS.
- if (StringUtils.isNotBlank(response.getDestination())) {
- logoutResponseAux.setDestination(response.getDestination());
- }
-
- // Consent is optional. Set from SAMLEngine.xml - consent.
- logoutResponseAux.setConsent(super.getSamlCoreProperties()
- .getConsentAuthnRequest());
-
- final Issuer issuer = SAMLEngineUtils.generateIssuer();
-
-
- if(response.getIssuer()!=null){
- issuer.setValue(response.getIssuer());
- } else {
- issuer.setValue(super.getSamlCoreProperties().getRequester());
- }
-
- // Optional STORK
- final String formatEntity = super.getSamlCoreProperties()
- .getFormatEntity();
- if (StringUtils.isNotBlank(formatEntity)) {
- issuer.setFormat(formatEntity);
- }
-
- logoutResponseAux.setIssuer(issuer);
-
-
- // the result contains an authentication request token (byte[]),
- // identifier of the token, and all parameters from the request.
- final STORKLogoutResponse logoutResponse = new STORKLogoutResponse();
-
- try {
- logoutResponse.setTokenSaml(super.signAndMarshall(logoutResponseAux));
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- logoutResponse.setSamlId(logoutResponseAux.getID());
- logoutResponse.setDestination(logoutResponseAux.getDestination());
- logoutResponse.setIssuer(logoutResponseAux.getIssuer().getValue());
- logoutResponse.setStatusCode(logoutResponseAux.getStatus().getStatusCode().toString());
- logoutResponse.setStatusMessage(logoutResponseAux.getStatus().getStatusMessage().toString());
-
- return logoutResponse;
- }
-
- /**
- * Generate failed stork logout response.
- *
- * @param response the response that contain all parameters for generate an
- * logout request.
- *
- * @return the STORK logout response that has been processed.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKLogoutResponse generateSTORKLogoutResponseFail(
- final STORKLogoutRequest request,
- final STORKLogoutResponse response ) throws STORKSAMLEngineException {
- LOG.info("Generate STORKLogoutResponse.");
-
- // Validate Parameters mandatories
- validateParamLogoutResFail(request, response);
-
- // Mandatory
- final StatusCode statusCode = SAMLEngineUtils
- .generateStatusCode(response.getStatusCode());
-
- // Mandatory SAML
- LOG.debug("Generate StatusCode.");
- // Subordinate code it's optional in case not covered into next codes:
- // - urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
- // - urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue
- // - urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy
- // - urn:oasis:names:tc:SAML:2.0:status:RequestDenied
- // - http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported
-
- if (StringUtils.isNotBlank(response.getSubStatusCode())) {
- final StatusCode newStatusCode = SAMLEngineUtils
- .generateStatusCode(response.getSubStatusCode());
- statusCode.setStatusCode(newStatusCode);
- }
-
- LOG.debug("Generate Status.");
- final Status status = SAMLEngineUtils.generateStatus(statusCode);
-
- if (StringUtils.isNotBlank(response.getStatusMessage())) {
- final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
- .generateStatusMessage(response.getStatusMessage());
-
- status.setStatusMessage(statusMessage);
- }
-
- final LogoutResponse logoutResponseAux= SAMLEngineUtils
- .generateSAMLLogoutResponse(SAMLEngineUtils.generateNCName(),
- SAMLVersion.VERSION_20, SAMLEngineUtils
- .getCurrentTime(), status, request.getSamlId());
-
- // Set name spaces.
- setNameSpaces(logoutResponseAux);
-
-
- // Add parameter optional STORK
- // Destination is mandatory if the destination is a C-PEPS
- // The application must to know if the destination is a C-PEPS.
- if (StringUtils.isNotBlank(response.getDestination())) {
- logoutResponseAux.setDestination(response.getDestination());
- }
-
- // Consent is optional. Set from SAMLEngine.xml - consent.
- logoutResponseAux.setConsent(super.getSamlCoreProperties()
- .getConsentAuthnRequest());
-
- final Issuer issuer = SAMLEngineUtils.generateIssuer();
-
-
- if(response.getIssuer()!=null){
- issuer.setValue(response.getIssuer());
- } else {
- issuer.setValue(super.getSamlCoreProperties().getRequester());
- }
-
- // Optional STORK
- final String formatEntity = super.getSamlCoreProperties()
- .getFormatEntity();
- if (StringUtils.isNotBlank(formatEntity)) {
- issuer.setFormat(formatEntity);
- }
-
- logoutResponseAux.setIssuer(issuer);
-
-
- // the result contains an authentication request token (byte[]),
- // identifier of the token, and all parameters from the request.
- final STORKLogoutResponse logoutResponse = new STORKLogoutResponse();
-
- try {
- logoutResponse.setTokenSaml(super.signAndMarshall(logoutResponseAux));
- } catch (SAMLEngineException e) {
- LOG.error("Sign and Marshall.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- logoutResponse.setSamlId(logoutResponseAux.getID());
- logoutResponse.setDestination(logoutResponseAux.getDestination());
- logoutResponse.setIssuer(logoutResponseAux.getIssuer().getValue());
- logoutResponse.setStatusCode(logoutResponseAux.getStatus().getStatusCode().toString());
- logoutResponse.setStatusMessage(logoutResponseAux.getStatus().getStatusMessage().toString());
-
- return logoutResponse;
- }
-
- /**
- * Generate stork authentication statement for the authentication statement.
- *
- * @param ipAddress the IP address
- *
- * @return the authentication statement
- */
- private AuthnStatement generateStorkAuthStatement(final String ipAddress) {
- LOG.debug("Generate stork authenticate statement.");
- final SubjectLocality subjectLocality = SAMLEngineUtils
- .generateSubjectLocality(ipAddress);
-
- final AuthnContext authnContext = (AuthnContext) SAMLEngineUtils
- .createSamlObject(AuthnContext.DEFAULT_ELEMENT_NAME);
-
- final AuthnContextDecl authnContextDecl = (AuthnContextDecl) SAMLEngineUtils
- .createSamlObject(AuthnContextDecl.DEFAULT_ELEMENT_NAME);
-
- authnContext.setAuthnContextDecl(authnContextDecl);
-
- final AuthnStatement authnStatement = SAMLEngineUtils
- .generateAthnStatement(new DateTime(), authnContext);
-
- // Optional STORK
- authnStatement.setSessionIndex(null);
- authnStatement.setSubjectLocality(subjectLocality);
-
- return authnStatement;
- }
-
- /**
- * Generate stork extensions.
- *
- * @param request the request
- *
- * @return the extensions
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Extensions generateSTORKExtensions(final STORKAuthnRequest request)
- throws STORKSAMLEngineException {
- LOG.debug("Generate STORKExtensions");
-
- final Extensions extensions = SAMLEngineUtils.generateExtension();
-
- LOG.debug("Generate QAAAttribute");
- final QAAAttribute qaaAttribute = SAMLEngineUtils
- .generateQAAAttribute(request.getQaa());
- extensions.getUnknownXMLObjects().add(qaaAttribute);
-
-
- if (StringUtils.isNotEmpty(request
- .getSpSector())) {
- // Add information about service provider.
- LOG.debug("Generate SPSector");
- final SPSector sector = SAMLEngineUtils.generateSPSector(request
- .getSpSector());
- extensions.getUnknownXMLObjects().add(sector);
- }
-
- //Delete from specification. Kept for compatibility with Provider Name value
- LOG.debug("Generate SPInstitution");
- final SPInstitution institution = SAMLEngineUtils
- .generateSPInstitution(request.getProviderName());
- extensions.getUnknownXMLObjects().add(institution);
-
-
- if (StringUtils.isNotEmpty(request.getSpApplication())) {
- LOG.debug("Generate SPApplication");
- final SPApplication application = SAMLEngineUtils
- .generateSPApplication(request.getSpApplication());
- extensions.getUnknownXMLObjects().add(application);
- }
-
- if (StringUtils.isNotEmpty(request.getSpCountry())) {
- LOG.debug("Generate SPCountry");
- final SPCountry country = SAMLEngineUtils.generateSPCountry(request
- .getSpCountry());
- extensions.getUnknownXMLObjects().add(country);
- }
-
- //eIDSectorShare: optional; default value: false.
- String valueSectorShare = super.getSamlCoreProperties()
- .iseIDSectorShare();
-
- if (StringUtils.isNotEmpty(valueSectorShare)) {
- // Add information about the use of the SAML message.
- LOG.debug("Generate EIDSectorShare");
- final EIDSectorShare eIdSectorShare = (EIDSectorShare) SAMLEngineUtils
- .createSamlObject(EIDSectorShare.DEF_ELEMENT_NAME);
-
- eIdSectorShare.setEIDSectorShare(String.valueOf(Boolean.valueOf(valueSectorShare)));
-
- extensions.getUnknownXMLObjects().add(eIdSectorShare);
- }
-
- String valueCrossSectorShare = super.getSamlCoreProperties()
- .iseIDCrossSectorShare();
-
- if (StringUtils.isNotEmpty(valueCrossSectorShare)) {
- LOG.debug("Generate EIDCrossSectorShare");
- final EIDCrossSectorShare eIdCrossSecShare = (EIDCrossSectorShare) SAMLEngineUtils
- .createSamlObject(EIDCrossSectorShare.DEF_ELEMENT_NAME);
- eIdCrossSecShare.setEIDCrossSectorShare(String.valueOf(Boolean.valueOf(valueCrossSectorShare)));
- extensions.getUnknownXMLObjects().add(eIdCrossSecShare);
- }
-
-
- String valueCrossBorderShare = super.getSamlCoreProperties()
- .iseIDCrossBorderShare();
-
- if (StringUtils.isNotEmpty(valueCrossBorderShare)) {
- LOG.debug("Generate EIDCrossBorderShare");
- final EIDCrossBorderShare eIdCrossBordShare = (EIDCrossBorderShare) SAMLEngineUtils
- .createSamlObject(EIDCrossBorderShare.DEF_ELEMENT_NAME);
- eIdCrossBordShare.setEIDCrossBorderShare(String.valueOf(Boolean.valueOf(valueCrossBorderShare)));
- extensions.getUnknownXMLObjects().add(eIdCrossBordShare);
- }
-
-
- // Add information about requested attributes.
- LOG.debug("Generate RequestedAttributes.");
- final RequestedAttributes reqAttributes = (RequestedAttributes) SAMLEngineUtils
- .createSamlObject(RequestedAttributes.DEF_ELEMENT_NAME);
-
- LOG.debug("SAML Engine configuration properties load.");
- final Iterator<PersonalAttribute> iterator = request
- .getPersonalAttributeList().iterator();
-
- while (iterator.hasNext()) {
-
- final PersonalAttribute attribute = iterator.next();
-
- if (attribute == null || StringUtils.isBlank(attribute.getName())) {
- LOG.error(ATTRIBUTE_EMPTY_LITERAL);
- throw new STORKSAMLEngineException(ATTRIBUTE_EMPTY_LITERAL);
- }
-
- // Verified if exits the attribute name.
- final String attributeName = super.getSamlCoreProperties()
- .getProperty(attribute.getName());
-
- if (StringUtils.isBlank(attributeName)) {
- LOG.debug("Attribute name: {} was not found.", attribute
- .getName());
- throw new STORKSAMLEngineException("Attribute name: "
- + attribute.getName() + " was not found.");
- }
-
- // Friendly name it's an optional attribute.
- String friendlyName = null;
-
- if (super.getSamlCoreProperties().isFriendlyName()) {
- friendlyName = attribute.getName();
- }
-
-
- String isRequired = null;
- if (super.getSamlCoreProperties().isRequired()) {
- isRequired = String.valueOf(attribute.isRequired());
- }
-
-
- LOG.debug("Generate requested attribute: " + attributeName);
- final RequestedAttribute requestedAttr = SAMLEngineUtils
- .generateReqAuthnAttributeSimple(attributeName,
- friendlyName, isRequired, attribute
- .getValue());
-
- // Add requested attribute.
- reqAttributes.getAttributes().add(requestedAttr);
- }
-
- // Add requested attributes.
- extensions.getUnknownXMLObjects().add(reqAttributes);
-
- CitizenCountryCode citizenCountryCode = null;
- if (request.getCitizenCountryCode() != null && StringUtils.isNotBlank(request.getCitizenCountryCode())){
- LOG.debug("Generate CitizenCountryCode");
- citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils
- .createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME);
-
- citizenCountryCode.setCitizenCountryCode(request
- .getCitizenCountryCode().toUpperCase());
- }
-
- SPID spid = null;
- if(request.getSPID()!=null && StringUtils.isNotBlank(request.getSPID())) {
- LOG.debug("Generate SPID");
- spid = (SPID) SAMLEngineUtils
- .createSamlObject(SPID.DEF_ELEMENT_NAME);
-
- spid.setSPID(request.getSPID().toUpperCase());
- }
-
- AuthenticationAttributes authenticationAttr = (AuthenticationAttributes) SAMLEngineUtils
- .createSamlObject(AuthenticationAttributes.DEF_ELEMENT_NAME);
-
- final VIDPAuthenticationAttributes vIDPauthenticationAttr = (VIDPAuthenticationAttributes) SAMLEngineUtils
- .createSamlObject(VIDPAuthenticationAttributes.DEF_ELEMENT_NAME);
-
- final SPInformation spInformation = (SPInformation) SAMLEngineUtils
- .createSamlObject(SPInformation.DEF_ELEMENT_NAME);
-
- if(citizenCountryCode!=null){
- vIDPauthenticationAttr.setCitizenCountryCode(citizenCountryCode);
- }
-
- if(spid!=null){
- spInformation.setSPID(spid);
- }
-
- vIDPauthenticationAttr.setSPInformation(spInformation);
-
- authenticationAttr
- .setVIDPAuthenticationAttributes(vIDPauthenticationAttr);
- extensions.getUnknownXMLObjects().add(authenticationAttr);
-
-
- return extensions;
-
- }
-
- /**
- * Generate stork extensions.
- *
- * @param request the attribute query request
- *
- * @return the extensions
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Extensions generateSTORKAttrExtensions(final STORKAttrQueryRequest request)
- throws STORKSAMLEngineException {
- LOG.debug("Generate STORKExtensions");
-
- final Extensions extensions = SAMLEngineUtils.generateExtension();
-
- LOG.debug("Generate QAAAttribute");
- final QAAAttribute qaaAttribute = SAMLEngineUtils
- .generateQAAAttribute(request.getQaa());
- extensions.getUnknownXMLObjects().add(qaaAttribute);
-
-
- if (StringUtils.isNotEmpty(request
- .getSpSector())) {
- // Add information about service provider.
- LOG.debug("Generate SPSector");
- final SPSector sector = SAMLEngineUtils.generateSPSector(request
- .getSpSector());
- extensions.getUnknownXMLObjects().add(sector);
- }
-
-
- if (StringUtils.isNotEmpty(request.getSpApplication())) {
- LOG.debug("Generate SPApplication");
- final SPApplication application = SAMLEngineUtils
- .generateSPApplication(request.getSpApplication());
- extensions.getUnknownXMLObjects().add(application);
- }
-
- if (StringUtils.isNotEmpty(request.getSpCountry())) {
- LOG.debug("Generate SPCountry");
- final SPCountry country = SAMLEngineUtils.generateSPCountry(request
- .getSpCountry());
- extensions.getUnknownXMLObjects().add(country);
- }
-
- final EIDSectorShare eIdSectorShare = (EIDSectorShare) SAMLEngineUtils
- .createSamlObject(EIDSectorShare.DEF_ELEMENT_NAME);
-
- eIdSectorShare.setEIDSectorShare(String.valueOf(request.isEIDSectorShare()));
-
- extensions.getUnknownXMLObjects().add(eIdSectorShare);
-
- final EIDCrossSectorShare eIdCrossSecShare = (EIDCrossSectorShare) SAMLEngineUtils
- .createSamlObject(EIDCrossSectorShare.DEF_ELEMENT_NAME);
- eIdCrossSecShare.setEIDCrossSectorShare(String.valueOf(request.isEIDCrossSectorShare()));
- extensions.getUnknownXMLObjects().add(eIdCrossSecShare);
-
- final EIDCrossBorderShare eIdCrossBordShare = (EIDCrossBorderShare) SAMLEngineUtils
- .createSamlObject(EIDCrossBorderShare.DEF_ELEMENT_NAME);
- eIdCrossBordShare.setEIDCrossBorderShare(String.valueOf(request.isEIDCrossBorderShare()));
- extensions.getUnknownXMLObjects().add(eIdCrossBordShare);
-
-
- // Add information about requested attributes.
- LOG.debug("Generate RequestedAttributes.");
- final RequestedAttributes reqAttributes = (RequestedAttributes) SAMLEngineUtils
- .createSamlObject(RequestedAttributes.DEF_ELEMENT_NAME);
-
- LOG.debug("SAML Engine configuration properties load.");
- final Iterator<PersonalAttribute> iterator = request
- .getPersonalAttributeList().iterator();
-
- while (iterator.hasNext()) {
-
- final PersonalAttribute attribute = iterator.next();
-
- if (attribute == null || StringUtils.isBlank(attribute.getName())) {
- LOG.error(ATTRIBUTE_EMPTY_LITERAL);
- throw new STORKSAMLEngineException(ATTRIBUTE_EMPTY_LITERAL);
- }
-
- // Verified if exits the attribute name.
- final String attributeName = super.getSamlCoreProperties()
- .getProperty(attribute.getName());
-
- if (StringUtils.isBlank(attributeName)) {
- LOG.debug("Attribute name: {} was not found.", attribute
- .getName());
- throw new STORKSAMLEngineException("Attribute name: "
- + attribute.getName() + " was not found.");
- }
-
- // Friendly name it's an optional attribute.
- String friendlyName = null;
-
- if (super.getSamlCoreProperties().isFriendlyName()) {
- friendlyName = attribute.getName();
- }
-
-
- String isRequired = null;
- if (super.getSamlCoreProperties().isRequired()) {
- isRequired = String.valueOf(attribute.isRequired());
- }
-
-
- LOG.debug("Generate requested attribute: " + attributeName);
- final RequestedAttribute requestedAttr = SAMLEngineUtils
- .generateReqAuthnAttributeSimple(attributeName,
- friendlyName, isRequired, attribute
- .getValue());
-
- // Add requested attribute.
- reqAttributes.getAttributes().add(requestedAttr);
- }
-
- // Add requested attributes.
- extensions.getUnknownXMLObjects().add(reqAttributes);
-
- CitizenCountryCode citizenCountryCode = null;
- if (request.getCitizenCountryCode() != null && StringUtils.isNotBlank(request.getCitizenCountryCode())){
- LOG.debug("Generate CitizenCountryCode");
- citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils
- .createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME);
-
- citizenCountryCode.setCitizenCountryCode(request
- .getCitizenCountryCode().toUpperCase());
- }
-
- SPID spid = null;
- if(request.getSPID()!=null && StringUtils.isNotBlank(request.getSPID())) {
- LOG.debug("Generate SPID");
- spid = (SPID) SAMLEngineUtils
- .createSamlObject(SPID.DEF_ELEMENT_NAME);
-
- spid.setSPID(request.getSPID().toUpperCase());
- }
-
-
- return extensions;
-
- }
-
- /**
- * Gets the alias from X.509 Certificate at keystore.
- *
- * @param keyInfo the key info
- * @param storkOwnKeyStore
- * @param storkOwnKeyStore
- *
- * @return the alias
- */
- private String getAlias(final KeyInfo keyInfo, KeyStore storkOwnKeyStore) {
-
- LOG.debug("Recover alias information");
-
- String alias = null;
- try {
- final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
- .getX509Datas().get(0).getX509Certificates().get(0);
-
- // Transform the KeyInfo to X509Certificate.
- CertificateFactory certFact;
- certFact = CertificateFactory.getInstance("X.509");
-
- final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
- .decode(xmlCert.getValue()));
-
- final X509Certificate cert = (X509Certificate) certFact
- .generateCertificate(bis);
-
- final String tokenSerialNumber = cert.getSerialNumber().toString(16);
- final X509Principal tokenIssuerDN = new X509Principal(cert.getIssuerDN().getName());
-
-
- String aliasCert;
- X509Certificate certificate;
- boolean find = false;
-
- for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
- .hasMoreElements()
- && !find; ) {
- aliasCert = e.nextElement();
- certificate = (X509Certificate) storkOwnKeyStore
- .getCertificate(aliasCert);
-
- final String serialNum = certificate.getSerialNumber()
- .toString(16);
-
- X509Principal issuerDN = new X509Principal(certificate
- .getIssuerDN().getName());
-
- if(serialNum.equalsIgnoreCase(tokenSerialNumber)
- && X509PrincipalUtil.equals2(issuerDN, tokenIssuerDN)){
- alias = aliasCert;
- find = true;
- }
-
- }
-
- } catch (KeyStoreException e) {
- LOG.error("Procces getAlias from certificate associated into the signing keystore..", e);
- } catch (CertificateException e) {
- LOG.error("Procces getAlias from certificate associated into the signing keystore..", e);
- } catch (RuntimeException e) {
- LOG.error("Procces getAlias from certificate associated into the signing keystore..", e);
- }
- return alias;
- }
-
- /**
- * Gets the country from X.509 Certificate.
- *
- * @param keyInfo the key info
- *
- * @return the country
- */
- private String getCountry(final KeyInfo keyInfo) {
- LOG.debug("Recover country information.");
-
- String result = "";
- try {
- final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
- .getX509Datas().get(0).getX509Certificates().get(0);
-
- // Transform the KeyInfo to X509Certificate.
- CertificateFactory certFact;
- certFact = CertificateFactory.getInstance("X.509");
-
- final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
- .decode(xmlCert.getValue()));
-
- final X509Certificate cert = (X509Certificate) certFact
- .generateCertificate(bis);
-
- String distName = cert.getSubjectDN().toString();
-
- distName = StringUtils.deleteWhitespace(StringUtils
- .upperCase(distName));
-
- final String countryCode = "C=";
- final int init = distName.indexOf(countryCode);
-
- if (init > StringUtils.INDEX_NOT_FOUND) { // Exist country code.
- int end = distName.indexOf(',', init);
-
- if (end <= StringUtils.INDEX_NOT_FOUND) {
- end = distName.length();
- }
-
- if (init < end && end > StringUtils.INDEX_NOT_FOUND) {
- result = distName.substring(init + countryCode.length(),
- end);
- //It must be a two characters value
- if(result.length()>2){
- result = result.substring(0, 2);
- }
- }
- }
-
- } catch (CertificateException e) {
- LOG.error("Procces getCountry from certificate.");
- }
- return result.trim();
- }
-
- /**
- * Process all elements XMLObjects from the extensions.
- *
- * @param extensions the extensions from the authentication request.
- *
- * @return the STORK authentication request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private STORKAuthnRequest processExtensions(final Extensions extensions)
- throws STORKSAMLEngineException {
- LOG.debug("Procces the extensions.");
-
- final STORKAuthnRequest request = new STORKAuthnRequest();
-
- final QAAAttribute qaa = (QAAAttribute) extensions
- .getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME).get(0);
- request.setQaa(Integer.parseInt(qaa.getQaaLevel()));
-
- List optionalElements = extensions.getUnknownXMLObjects(
- SPSector.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPSector sector = (SPSector) extensions.getUnknownXMLObjects(
- SPSector.DEF_ELEMENT_NAME).get(0);
- request.setSpSector(sector.getSPSector());
- }
-
- optionalElements = extensions.getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPApplication application = (SPApplication) extensions
- .getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME).get(0);
- request.setSpApplication(application.getSPApplication());
- }
-
- optionalElements = extensions.getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPCountry application = (SPCountry) extensions
- .getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME).get(0);
- request.setSpCountry(application.getSPCountry());
- }
-
-
- List listCrossBorderShare = extensions
- .getUnknownXMLObjects(EIDCrossBorderShare.DEF_ELEMENT_NAME);
-
- if (!listCrossBorderShare .isEmpty()) {
- final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) listCrossBorderShare.get(0);
- request.setEIDCrossBorderShare(Boolean.parseBoolean(crossBorderShare
- .getEIDCrossBorderShare()));
- }
-
-
- List listCrosSectorShare = extensions
- .getUnknownXMLObjects(EIDCrossSectorShare.DEF_ELEMENT_NAME);
-
- if (!listCrosSectorShare.isEmpty()) {
- final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) listCrosSectorShare.get(0);
- request.setEIDCrossSectorShare(Boolean.parseBoolean(crossSectorShare
- .getEIDCrossSectorShare()));
- }
-
- List listSectorShareExtension = extensions
- .getUnknownXMLObjects(EIDSectorShare.DEF_ELEMENT_NAME);
- if (!listSectorShareExtension.isEmpty()) {
- final EIDSectorShare sectorShare = (EIDSectorShare) listSectorShareExtension.get(0);
- request.setEIDSectorShare(Boolean.parseBoolean(sectorShare.getEIDSectorShare()));
- }
-
-
-
- List<XMLObject> authAttrs = extensions
- .getUnknownXMLObjects(AuthenticationAttributes.DEF_ELEMENT_NAME);
-
- if (authAttrs != null && !authAttrs.isEmpty()) {
-
- final AuthenticationAttributes authnAttr = (AuthenticationAttributes) authAttrs
- .get(0);
-
- VIDPAuthenticationAttributes vidpAuthnAttr = null;
- if (authnAttr != null && !authAttrs.isEmpty()){
- vidpAuthnAttr = authnAttr.getVIDPAuthenticationAttributes();
- }
-
- CitizenCountryCode citizenCountryCodeElement = null;
- SPInformation spInformation = null;
- if (vidpAuthnAttr != null){
- citizenCountryCodeElement = vidpAuthnAttr.getCitizenCountryCode();
- spInformation = vidpAuthnAttr.getSPInformation();
- }
-
- String citizenCountryCode = null;
- if(citizenCountryCodeElement!=null){
- citizenCountryCode = citizenCountryCodeElement.getCitizenCountryCode();
- }
-
- if(citizenCountryCode!= null && StringUtils.isNotBlank(citizenCountryCode)){
- request.setCitizenCountryCode(citizenCountryCode);
- }
-
- SPID spidElement = null;
- if (spInformation != null){
- spidElement = spInformation.getSPID();
- }
-
- String spid = null;
- if(spidElement!=null){
- spid = spidElement.getSPID();
- }
-
- if (spid != null && StringUtils.isNotBlank(spid)) {
- request.setSPID(spid);
- }
- }
-
- if (extensions
- .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) == null) {
- LOG.error("Extensions not contains any requested attribute.");
- throw new STORKSAMLEngineException(
- "Extensions not contains any requested attribute.");
- }
-
- final RequestedAttributes requestedAttr = (RequestedAttributes) extensions
- .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME)
- .get(0);
-
- final List<RequestedAttribute> reqAttrs = requestedAttr.getAttributes();
-
- final IPersonalAttributeList personalAttrList = new PersonalAttributeList();
-
- String attributeName;
- for (int nextAttribute = 0; nextAttribute < reqAttrs.size(); nextAttribute++) {
- final RequestedAttribute attribute = reqAttrs.get(nextAttribute);
- final PersonalAttribute personalAttribute = new PersonalAttribute();
- personalAttribute.setIsRequired(Boolean.valueOf(attribute.isRequired()));
- personalAttribute.setFriendlyName(attribute.getFriendlyName());
- attributeName = attribute.getName();
-
- // recover the last name from the string.
- personalAttribute.setName(attributeName.substring(attributeName
- .lastIndexOf('/') + 1));
-
- final ArrayList<String> valores = new ArrayList<String>();
- final List<XMLObject> values = attribute.getOrderedChildren();
-
- for (int nextSimpleValue = 0; nextSimpleValue < values.size(); nextSimpleValue++) {
-
- // Process attributes simples. An AuthenticationRequest only
- // must contains simple values.
-
- final XMLObject xmlObject = values.get(nextSimpleValue);
-
- if(xmlObject instanceof XSStringImpl){
-
- final XSStringImpl xmlString = (XSStringImpl) values
- .get(nextSimpleValue);
- valores.add(xmlString.getValue());
-
- }else{
-
- if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
-
- final XSAnyImpl xmlString = (XSAnyImpl) values
- .get(nextSimpleValue);
-
- TransformerFactory transFactory = TransformerFactory.newInstance();
- Transformer transformer = null;
- try {
- transformer = transFactory.newTransformer();
- transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- } catch (TransformerConfigurationException e) {
- LOG.error("Error transformer configuration exception", e);
- }
- StringWriter buffer = new StringWriter();
- try {
- if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){
- transformer.transform(new DOMSource(xmlString.getUnknownXMLObjects().get(0).getDOM()),
- new StreamResult(buffer));
- }
- } catch (TransformerException e) {
- LOG.error("Error transformer exception", e);
- }
- String str = buffer.toString();
-
- valores.add(str);
-
- }else{
-
- final XSAnyImpl xmlString = (XSAnyImpl) values
- .get(nextSimpleValue);
- valores.add(xmlString.getTextContent());
- }
-
-
-
- }
- }
- personalAttribute.setValue(valores);
- personalAttrList.add(personalAttribute);
- }
-
- request.setPersonalAttributeList(personalAttrList);
-
- return request;
- }
-
-
- /**
- * Process all elements XMLObjects from the extensions.
- *
- * @param extensions the extensions from the authentication request.
- *
- * @return the STORK authentication request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private STORKAttrQueryRequest processAttrExtensions(final Extensions extensions)
- throws STORKSAMLEngineException {
- LOG.debug("Procces the atribute query extensions.");
-
- final STORKAttrQueryRequest request = new STORKAttrQueryRequest();
-
- final QAAAttribute qaa = (QAAAttribute) extensions
- .getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME).get(0);
- request.setQaa(Integer.parseInt(qaa.getQaaLevel()));
-
- List optionalElements = extensions.getUnknownXMLObjects(
- SPSector.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPSector sector = (SPSector) extensions.getUnknownXMLObjects(
- SPSector.DEF_ELEMENT_NAME).get(0);
- request.setSpSector(sector.getSPSector());
- }
-
- optionalElements = extensions.getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPApplication application = (SPApplication) extensions
- .getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME).get(0);
- request.setSpApplication(application.getSPApplication());
- }
-
- optionalElements = extensions.getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME);
-
- if (!optionalElements.isEmpty()) {
- final SPCountry application = (SPCountry) extensions
- .getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME).get(0);
- request.setSpCountry(application.getSPCountry());
- }
-
-
- List listCrossBorderShare = extensions
- .getUnknownXMLObjects(EIDCrossBorderShare.DEF_ELEMENT_NAME);
-
- if (!listCrossBorderShare .isEmpty()) {
- final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) listCrossBorderShare.get(0);
- request.setEIDCrossBorderShare(Boolean.parseBoolean(crossBorderShare
- .getEIDCrossBorderShare()));
- }
-
-
- List listCrosSectorShare = extensions
- .getUnknownXMLObjects(EIDCrossSectorShare.DEF_ELEMENT_NAME);
-
- if (!listCrosSectorShare.isEmpty()) {
- final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) listCrosSectorShare.get(0);
- request.setEIDCrossSectorShare(Boolean.parseBoolean(crossSectorShare
- .getEIDCrossSectorShare()));
- }
-
- List listSectorShareExtension = extensions
- .getUnknownXMLObjects(EIDSectorShare.DEF_ELEMENT_NAME);
- if (!listSectorShareExtension.isEmpty()) {
- final EIDSectorShare sectorShare = (EIDSectorShare) listSectorShareExtension.get(0);
- request.setEIDSectorShare(Boolean.parseBoolean(sectorShare.getEIDSectorShare()));
- }
-
-
-
- List<XMLObject> authAttrs = extensions
- .getUnknownXMLObjects(AuthenticationAttributes.DEF_ELEMENT_NAME);
-
- if (authAttrs != null && !authAttrs.isEmpty()) {
-
- final AuthenticationAttributes authnAttr = (AuthenticationAttributes) authAttrs
- .get(0);
-
- VIDPAuthenticationAttributes vidpAuthnAttr = null;
- if (authnAttr != null && !authAttrs.isEmpty()){
- vidpAuthnAttr = authnAttr.getVIDPAuthenticationAttributes();
- }
-
- CitizenCountryCode citizenCountryCodeElement = null;
- SPInformation spInformation = null;
- if (vidpAuthnAttr != null){
- citizenCountryCodeElement = vidpAuthnAttr.getCitizenCountryCode();
- spInformation = vidpAuthnAttr.getSPInformation();
- }
-
- String citizenCountryCode = null;
- if(citizenCountryCodeElement!=null){
- citizenCountryCode = citizenCountryCodeElement.getCitizenCountryCode();
- }
-
- if(citizenCountryCode!= null && StringUtils.isNotBlank(citizenCountryCode)){
- request.setCitizenCountryCode(citizenCountryCode);
- }
-
- SPID spidElement = null;
- if (spInformation != null){
- spidElement = spInformation.getSPID();
- }
-
- String spid = null;
- if(spidElement!=null){
- spid = spidElement.getSPID();
- }
-
- if (spid != null && StringUtils.isNotBlank(spid)) {
- request.setSPID(spid);
- }
- }
-
- if (extensions
- .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) == null) {
- LOG.error("Extensions not contains any requested attribute.");
- throw new STORKSAMLEngineException(
- "Extensions not contains any requested attribute.");
- }
-
- final RequestedAttributes requestedAttr = (RequestedAttributes) extensions
- .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME)
- .get(0);
-
- final List<RequestedAttribute> reqAttrs = requestedAttr.getAttributes();
-
- final IPersonalAttributeList personalAttrList = new PersonalAttributeList();
-
- String attributeName;
- for (int nextAttribute = 0; nextAttribute < reqAttrs.size(); nextAttribute++) {
- final RequestedAttribute attribute = reqAttrs.get(nextAttribute);
- final PersonalAttribute personalAttribute = new PersonalAttribute();
- personalAttribute.setIsRequired(Boolean.valueOf(attribute.isRequired()));
- personalAttribute.setFriendlyName(attribute.getFriendlyName());
- attributeName = attribute.getName();
-
- // recover the last name from the string.
- personalAttribute.setName(attributeName.substring(attributeName
- .lastIndexOf('/') + 1));
-
- final ArrayList<String> valores = new ArrayList<String>();
- final List<XMLObject> values = attribute.getOrderedChildren();
-
- for (int nextSimpleValue = 0; nextSimpleValue < values.size(); nextSimpleValue++) {
-
- // Process attributes simples. An AuthenticationRequest only
- // must contains simple values.
-
- final XMLObject xmlObject = values.get(nextSimpleValue);
-
- if(xmlObject instanceof XSStringImpl){
-
- final XSStringImpl xmlString = (XSStringImpl) values
- .get(nextSimpleValue);
- valores.add(xmlString.getValue());
-
- }else{
-
- if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
-
- final XSAnyImpl xmlString = (XSAnyImpl) values
- .get(nextSimpleValue);
-
- TransformerFactory transFactory = TransformerFactory.newInstance();
- Transformer transformer = null;
- try {
- transformer = transFactory.newTransformer();
- transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- } catch (TransformerConfigurationException e) {
- LOG.error("Error transformer configuration exception", e);
- }
- StringWriter buffer = new StringWriter();
- try {
- if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){
- transformer.transform(new DOMSource(xmlString.getUnknownXMLObjects().get(0).getDOM()),
- new StreamResult(buffer));
- }
- } catch (TransformerException e) {
- LOG.error("Error transformer exception", e);
- }
- String str = buffer.toString();
-
- valores.add(str);
-
- }else{
-
- final XSAnyImpl xmlString = (XSAnyImpl) values
- .get(nextSimpleValue);
- valores.add(xmlString.getTextContent());
- }
-
-
-
- }
- }
- personalAttribute.setValue(valores);
- personalAttrList.add(personalAttribute);
- }
-
- request.setPersonalAttributeList(personalAttrList);
-
- return request;
- }
-
- /**
- * Sets the name spaces.
- *
- * @param tokenSaml the new name spaces
- */
- private void setNameSpaces(final XMLObject tokenSaml) {
- LOG.debug("Set namespaces.");
-
- final Namespace saml2 = new Namespace(SAMLConstants.SAML20_NS,
- SAMLConstants.SAML20_PREFIX);
- tokenSaml.addNamespace(saml2);
-
- final Namespace digSig = new Namespace(
- "http://www.w3.org/2000/09/xmldsig#", "ds");
- tokenSaml.addNamespace(digSig);
-
- final Namespace storkp = new Namespace(SAMLCore.STORK10P_NS.getValue(),
- SAMLCore.STORK10P_PREFIX.getValue());
- tokenSaml.addNamespace(storkp);
-
- final Namespace stork = new Namespace(SAMLCore.STORK10_NS.getValue(),
- SAMLCore.STORK10_PREFIX.getValue());
-
- tokenSaml.addNamespace(stork);
- }
-
- /**
- * Validate parameters from authentication request.
- *
- * @param request the request.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamAuthnReq(final STORKAuthnRequest request)
- throws STORKSAMLEngineException {
- LOG.info("Validate parameters from authentication request.");
-
- // URL to which Authentication Response must be sent.
- if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");
- }
-
- // the name of the original service provider requesting the
- // authentication.
- if (StringUtils.isBlank(request.getProviderName())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: Service Provider it's mandatory.");
- }
-
- // object that contain all attributes requesting.
- if (request.getPersonalAttributeList() == null
- || request.getPersonalAttributeList().isEmpty()) {
- throw new STORKSAMLEngineException(
- "attributeQueries is null or empty.");
- }
-
- // Quality authentication assurance level.
- if ((request.getQaa() < QAAAttribute.MIN_VALUE)
- || (request.getQaa() > QAAAttribute.MAX_VALUE)) {
- throw new STORKSAMLEngineException("Qaal: " + request.getQaa()
- + ", is invalid.");
- }
-
- }
-
- /**
- * Validate parameters from attribute query request.
- *
- * @param request the request.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamAttrQueryReq(final STORKAttrQueryRequest request)
- throws STORKSAMLEngineException {
- LOG.info("Validate parameters from attribute query request.");
-
- // URL to which AP Response must be sent.
- if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");
- }
-
- // Destination of the request - not mandatory
- /*if (StringUtils.isBlank(request.getDestination())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: Destination is mandatory.");
- }*/
-
- // SP country is empty
- if (StringUtils.isBlank(request.getSpCountry())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: SP country is mandatory.");
- }
-
- // object that contain all attributes requesting.
- if (request.getPersonalAttributeList() == null
- || request.getPersonalAttributeList().isEmpty()) {
- throw new STORKSAMLEngineException(
- "attributeQueries is null or empty.");
- }
-
- // Quality authentication assurance level.
- if ((request.getQaa() < QAAAttribute.MIN_VALUE)
- || (request.getQaa() > QAAAttribute.MAX_VALUE)) {
- throw new STORKSAMLEngineException("Qaal: " + request.getQaa()
- + ", is invalid.");
- }
- }
-
- /**
- * Validate parameters from logout request.
- *
- * @param request the request.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamLogoutReq(final STORKLogoutRequest request)
- throws STORKSAMLEngineException {
- LOG.info("Validate parameters from logout request.");
-
- // URL to which AP Response must be sent.
- /*if (StringUtils.isBlank(request.get())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");
- }*/
-
- // Destination of the request
- if (StringUtils.isBlank(request.getDestination())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: Destination is mandatory.");
- }
-
- // SP Provided Id
- if (StringUtils.isBlank(request.getSpProvidedId())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: SP provided Id is mandatory.");
- }
- }
-
- /**
- * Validate parameters from logout response.
- *
- * @param response the response.
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamLogoutRes(final STORKLogoutRequest request,
- final STORKLogoutResponse response) throws STORKSAMLEngineException {
- LOG.info("Validate parameters from logout request.");
-
- // Issuer is mandatory
- if (StringUtils.isBlank(request.getIssuer())) {
- throw new STORKSAMLEngineException(
- "Issuer must be not empty or null.");
- }
-
- // Destination of the request
- if (StringUtils.isBlank(response.getDestination())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: Destination is mandatory.");
- }
-
- // SP Provided Id
- if (StringUtils.isBlank(request.getSpProvidedId())) {
- throw new STORKSAMLEngineException(
- "StorkSamlEngine: SP provided Id is mandatory.");
- }
-
- if (StringUtils.isBlank(request.getSamlId())) {
- throw new STORKSAMLEngineException("request ID is null or empty.");
- }
- }
-
-
- /**
- * Validate parameters from response.
- *
- * @param request the request
- * @param responseAuthReq the response authentication request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamResponse(final STORKAuthnRequest request,
- final STORKAuthnResponse responseAuthReq)
- throws STORKSAMLEngineException {
- LOG.info("Validate parameters response.");
- if (StringUtils.isBlank(request.getIssuer())) {
- throw new STORKSAMLEngineException(
- "Issuer must be not empty or null.");
- }
-
- if (responseAuthReq.getPersonalAttributeList() == null
- || responseAuthReq.getPersonalAttributeList().isEmpty()) {
- LOG.error("PersonalAttributeList is null or empty.");
- throw new STORKSAMLEngineException(
- "PersonalAttributeList is null or empty.");
- }
-
- if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
- throw new STORKSAMLEngineException(
- "assertionConsumerServiceURL is null or empty.");
- }
-
- if (StringUtils.isBlank(request.getSamlId())) {
- throw new STORKSAMLEngineException("request ID is null or empty.");
- }
- }
-
- /**
- * Validate parameters from response.
- *
- * @param request the request
- * @param responseAttrQueryReq the response authentication request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamAttrQueryResponse(final STORKAttrQueryRequest request,
- final STORKAttrQueryResponse responseAttrQueryReq)
- throws STORKSAMLEngineException {
- LOG.info("Validate attribute querey parameters response.");
- if (StringUtils.isBlank(request.getIssuer())) {
- throw new STORKSAMLEngineException(
- "Issuer must be not empty or null.");
- }
-
- if (responseAttrQueryReq.getPersonalAttributeList() == null
- || responseAttrQueryReq.getPersonalAttributeList().isEmpty()) {
- LOG.error("PersonalAttributeList is null or empty.");
- throw new STORKSAMLEngineException(
- "PersonalAttributeList is null or empty.");
- }
-
- /*if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
- throw new STORKSAMLEngineException(
- "assertionConsumerServiceURL is null or empty.");
- }*/
-
- if (StringUtils.isBlank(request.getSamlId())) {
- throw new STORKSAMLEngineException("request ID is null or empty.");
- }
- }
-
- /**
- * Validate parameter from response fail.
- *
- * @param request the request
- * @param response the response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamResponseFail(final STORKAuthnRequest request,
- final STORKAuthnResponse response) throws STORKSAMLEngineException {
- LOG.info("Validate parameters response fail.");
- if (StringUtils.isBlank(response.getStatusCode())) {
- throw new STORKSAMLEngineException("Code error it's null or empty.");
- }
-
- if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
- throw new STORKSAMLEngineException(
- "assertionConsumerServiceURL is null or empty.");
- }
-
- if (StringUtils.isBlank(request.getSamlId())) {
- throw new STORKSAMLEngineException("request ID is null or empty.");
- }
- }
-
- /**
- * Validate parameter from response fail.
- *
- * @param request the request
- * @param response the response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamAttrQueryResponseFail(final STORKAttrQueryRequest request,
- final STORKAttrQueryResponse response) throws STORKSAMLEngineException {
- LOG.info("Validate parameters response fail.");
- if (StringUtils.isBlank(response.getStatusCode())) {
- throw new STORKSAMLEngineException("Code error it's null or empty.");
- }
-
- if (StringUtils.isBlank(request.getSamlId())) {
- throw new STORKSAMLEngineException("request ID is null or empty.");
- }
- }
-
- /**
- * Validate parameter from response fail.
- *
- * @param request the request
- * @param response the response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private void validateParamLogoutResFail(final STORKLogoutRequest request,
- final STORKLogoutResponse response) throws STORKSAMLEngineException {
- LOG.info("Validate parameters response fail.");
-
- if (StringUtils.isBlank(request.getIssuer())) {
- throw new STORKSAMLEngineException(
- "Issuer must be not empty or null.");
- }
-
- if (StringUtils.isBlank(response.getStatusCode())) {
- throw new STORKSAMLEngineException("Code error it's null or empty.");
- }
-
- if (StringUtils.isBlank(request.getSamlId())) {
- throw new STORKSAMLEngineException("request ID is null or empty.");
- }
- }
-
- /**
- * Validate stork authentication request.
- *
- * @param tokenSaml the token SAML
- *
- * @return the sTORK authentication request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnRequest validateSTORKAuthnRequest(final byte[] tokenSaml)
- throws STORKSAMLEngineException {
- LOG.info("validateSTORKAuthnRequest");
-
- final AuthnRequest samlRequest = (AuthnRequest) validateStorkSaml(tokenSaml);
-
- LOG.debug("Validate Extensions.");
- final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
- try {
- validatorExt.validate(samlRequest.getExtensions());
- } catch (ValidationException e) {
- LOG.error("ValidationException: validate Extensions.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- LOG.debug("Generate STORKAuthnRequest.");
- final STORKAuthnRequest authnRequest = processExtensions(samlRequest
- .getExtensions());
-
- authnRequest.setCountry(this.getCountry(samlRequest.getSignature()
- .getKeyInfo()));
-
- authnRequest.setAlias(this.getAlias(samlRequest.getSignature()
- .getKeyInfo(), super.getSigner().getTrustStore()));
-
- authnRequest.setSamlId(samlRequest.getID());
- authnRequest.setDestination(samlRequest.getDestination());
- authnRequest.setAssertionConsumerServiceURL(samlRequest
- .getAssertionConsumerServiceURL());
-
- authnRequest.setProviderName(samlRequest.getProviderName());
- authnRequest.setIssuer(samlRequest.getIssuer().getValue());
-
- //Delete unknown elements from requested ones
- final Iterator<PersonalAttribute> iterator = authnRequest.getPersonalAttributeList().iterator();
- IPersonalAttributeList cleanPerAttrList = (PersonalAttributeList) authnRequest.getPersonalAttributeList();
- while (iterator.hasNext()) {
-
- final PersonalAttribute attribute = iterator.next();
-
- // Verify if the attribute name exits.
- final String attributeName = super.getSamlCoreProperties()
- .getProperty(attribute.getName());
-
- if (StringUtils.isBlank(attributeName)) {
- LOG.info("Attribute name: {} was not found. It will be removed from the request object", attribute.getName());
- cleanPerAttrList.remove(attribute.getName());
- }
-
- }
- authnRequest.setPersonalAttributeList(cleanPerAttrList);
-
- return authnRequest;
-
- }
-
- /**
- * Validate stork attribute query request.
- *
- * @param tokenSaml the token SAML
- *
- * @return the STORK attribute query request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAttrQueryRequest validateSTORKAttrQueryRequest(final byte[] tokenSaml)
- throws STORKSAMLEngineException {
- LOG.info("validateSTORKAttrQueryRequest");
-
- //final AttributeQuery samlRequest = (AttributeQuery) validateStorkSaml(tokenSaml);
- final CustomRequestAbstractType samlRequest = (CustomRequestAbstractType) validateStorkSaml(tokenSaml);
-
- LOG.debug("Validate Extensions.");
- final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
- try {
- validatorExt.validate(samlRequest.getExtensions());
- } catch (ValidationException e) {
- LOG.error("ValidationException: validate Extensions.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- LOG.debug("Generate STORKAttrQueryRequest.");
- final STORKAttrQueryRequest attrRequest = processAttrExtensions(samlRequest
- .getExtensions());
-
- attrRequest.setCountry(this.getCountry(samlRequest.getSignature()
- .getKeyInfo()));
-
- attrRequest.setAlias(this.getAlias(samlRequest.getSignature()
- .getKeyInfo(), super.getSigner().getTrustStore()));
-
- attrRequest.setSamlId(samlRequest.getID());
- attrRequest.setDestination(samlRequest.getDestination());
- attrRequest.setAssertionConsumerServiceURL(samlRequest
- .getAssertionConsumerServiceURL());
-
- /*authnRequest.setProviderName(samlRequest.getProviderName());*/
- attrRequest.setIssuer(samlRequest.getIssuer().getValue());
-
- //Delete unknown elements from requested ones
- final Iterator<PersonalAttribute> iterator = attrRequest.getPersonalAttributeList().iterator();
- IPersonalAttributeList cleanPerAttrList = (PersonalAttributeList) attrRequest.getPersonalAttributeList();
- while (iterator.hasNext()) {
-
- final PersonalAttribute attribute = iterator.next();
-
- // Verify if the attribute name exits.
- final String attributeName = super.getSamlCoreProperties()
- .getProperty(attribute.getName());
-
- if (StringUtils.isBlank(attributeName)) {
- LOG.info("Attribute name: {} was not found. It will be removed from the request object", attribute.getName());
- cleanPerAttrList.remove(attribute.getName());
- }
-
- }
- attrRequest.setPersonalAttributeList(cleanPerAttrList);
-
- return attrRequest;
-
- }
-
- /**
- * Validate stork logout request.
- *
- * @param tokenSaml the token SAML
- *
- * @return the STORK logout request
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKLogoutRequest validateSTORKLogoutRequest(final byte[] tokenSaml)
- throws STORKSAMLEngineException {
- LOG.info("validateSTORKLogoutRequest");
-
- final LogoutRequest samlRequest = (LogoutRequest)validateStorkSaml(tokenSaml);
-
- LOG.debug("Validate Extensions.");
- final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
- try {
- validatorExt.validate(samlRequest.getExtensions());
- } catch (ValidationException e) {
- LOG.error("ValidationException: validate Extensions.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- LOG.debug("Generate STORKLogoutRequest.");
- final STORKLogoutRequest logoutRequest = new STORKLogoutRequest();
-
- logoutRequest.setCountry(this.getCountry(samlRequest.getSignature()
- .getKeyInfo()));
-
- logoutRequest.setAlias(this.getAlias(samlRequest.getSignature()
- .getKeyInfo(), super.getSigner().getTrustStore()));
-
- logoutRequest.setSamlId(samlRequest.getID());
- logoutRequest.setDestination(samlRequest.getDestination());
-
- logoutRequest.setIssuer(samlRequest.getIssuer().getValue());
-
- logoutRequest.setSpProvidedId(samlRequest.getNameID().getValue());
-
- return logoutRequest;
-
- }
-
- /**
- * Validate stork authentication response.
- *
- * @param tokenSaml the token SAML
- * @param userIP the user IP
- *
- * @return the Stork authentication response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnResponse validateSTORKAuthnResponse(
- final byte[] tokenSaml, final String userIP)
- throws STORKSAMLEngineException {
-
- LOG.info("validateSTORKAuthnResponse");
- final Response samlResponse = (Response) validateStorkSaml(tokenSaml);
-
- LOG.debug("Create StorkAuthResponse.");
- final STORKAuthnResponse authnResponse = new STORKAuthnResponse();
-
- authnResponse.setCountry(this.getCountry(samlResponse.getSignature()
- .getKeyInfo()));
-
- LOG.debug("Set ID.");
- authnResponse.setSamlId(samlResponse.getID());
- LOG.debug("Set InResponseTo.");
- authnResponse.setInResponseTo(samlResponse.getInResponseTo());
- LOG.debug("Set statusCode.");
- authnResponse.setStatusCode(samlResponse.getStatus().getStatusCode()
- .getValue());
-
- // Subordinate code.
- if (samlResponse.getStatus().getStatusCode().getStatusCode() != null) {
- authnResponse.setSubStatusCode(samlResponse.getStatus()
- .getStatusCode().getStatusCode().getValue());
- }
-
- if (samlResponse.getStatus().getStatusMessage() != null) {
- LOG.debug("Set statusMessage.");
- authnResponse.setMessage(samlResponse.getStatus()
- .getStatusMessage().getMessage());
- }
-
- LOG.debug("validateStorkResponse");
- final Assertion assertion = (Assertion) validateStorkResponse(
- samlResponse, userIP);
-
- if(assertion!=null){
- final DateTime serverDate = new DateTime();
-
- if (assertion.getConditions().getNotOnOrAfter().isBefore(serverDate)) {
- LOG.error("Token date expired (getNotOnOrAfter = "
- + assertion.getConditions().getNotOnOrAfter()
- + ", server_date: " + serverDate + ")");
- throw new STORKSAMLEngineException(
- "Token date expired (getNotOnOrAfter = "
- + assertion.getConditions().getNotOnOrAfter()
- + " ), server_date: " + serverDate);
- }
-
- LOG.debug("Set notOnOrAfter.");
- authnResponse.setNotOnOrAfter(assertion.getConditions()
- .getNotOnOrAfter());
-
- LOG.debug("Set notBefore.");
- authnResponse.setNotBefore(assertion.getConditions().getNotBefore());
-
- authnResponse.setNotBefore(assertion.getConditions().getNotBefore());
-
- authnResponse.setAudienceRestriction(((AudienceRestriction) assertion
- .getConditions().getAudienceRestrictions().get(0))
- .getAudiences().get(0).getAudienceURI());
- authnResponse.setAssertions(samlResponse.getAssertions());
- }
-
- // Case no error.
- if (assertion!=null && StatusCode.SUCCESS_URI.equalsIgnoreCase(authnResponse
- .getStatusCode())) {
- LOG.debug("Status Success. Set PersonalAttributeList.");
- authnResponse
- .setPersonalAttributeList(generatePersonalAttributeList(assertion));
- authnResponse.setFail(false);
- } else {
- LOG.debug("Status Fail.");
- authnResponse.setFail(true);
- }
- LOG.debug("Return result.");
- return authnResponse;
-
- }
-
- /**
- * Validate stork authentication response.
- *
- * @param tokenSaml the token SAML
- * @param userIP the user IP
- *
- * @return the Stork authentication response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAuthnResponse validateSTORKAuthnResponseWithQuery(
- final byte[] tokenSaml, final String userIP)
- throws STORKSAMLEngineException {
-
- LOG.info("validateSTORKAuthnResponse");
- final Response samlResponse = (Response) validateStorkSaml(tokenSaml);
-
- LOG.debug("Create StorkAuthResponse.");
- final STORKAuthnResponse authnResponse = new STORKAuthnResponse();
-
- authnResponse.setCountry(this.getCountry(samlResponse.getSignature()
- .getKeyInfo()));
-
- LOG.debug("Set ID.");
- authnResponse.setSamlId(samlResponse.getID());
- LOG.debug("Set InResponseTo.");
- authnResponse.setInResponseTo(samlResponse.getInResponseTo());
- LOG.debug("Set statusCode.");
- authnResponse.setStatusCode(samlResponse.getStatus().getStatusCode()
- .getValue());
-
- // Subordinate code.
- if (samlResponse.getStatus().getStatusCode().getStatusCode() != null) {
- authnResponse.setSubStatusCode(samlResponse.getStatus()
- .getStatusCode().getStatusCode().getValue());
- }
-
- if (samlResponse.getStatus().getStatusMessage() != null) {
- LOG.debug("Set statusMessage.");
- authnResponse.setMessage(samlResponse.getStatus()
- .getStatusMessage().getMessage());
- }
-
- LOG.debug("validateStorkResponse");
- final Assertion assertion = (Assertion) validateStorkResponse(
- samlResponse, userIP);
-
- if(assertion!=null){
- final DateTime serverDate = new DateTime();
-
- if (assertion.getConditions().getNotOnOrAfter().isBefore(serverDate)) {
- LOG.error("Token date expired (getNotOnOrAfter = "
- + assertion.getConditions().getNotOnOrAfter()
- + ", server_date: " + serverDate + ")");
- throw new STORKSAMLEngineException(
- "Token date expired (getNotOnOrAfter = "
- + assertion.getConditions().getNotOnOrAfter()
- + " ), server_date: " + serverDate);
- }
-
- LOG.debug("Set notOnOrAfter.");
- authnResponse.setNotOnOrAfter(assertion.getConditions()
- .getNotOnOrAfter());
-
- LOG.debug("Set notBefore.");
- authnResponse.setNotBefore(assertion.getConditions().getNotBefore());
-
- authnResponse.setNotBefore(assertion.getConditions().getNotBefore());
-
- authnResponse.setAudienceRestriction(((AudienceRestriction) assertion
- .getConditions().getAudienceRestrictions().get(0))
- .getAudiences().get(0).getAudienceURI());
- }
-
- // Case no error.
- if (assertion!=null && StatusCode.SUCCESS_URI.equalsIgnoreCase(authnResponse
- .getStatusCode())) {
- LOG.debug("Status Success. Set PersonalAttributeList.");
- authnResponse
- .setPersonalAttributeList(generatePersonalAttributeList(assertion));
- authnResponse.setFail(false);
- } else {
- LOG.debug("Status Fail.");
- authnResponse.setFail(true);
- }
-
- authnResponse.setAssertions(samlResponse.getAssertions());
- if (samlResponse.getAssertions().size() > 1)
- {
- PersonalAttributeList total = new PersonalAttributeList();
- List<IPersonalAttributeList> attrList = new ArrayList();
- for (int i = 0; i < samlResponse.getAssertions().size(); i++)
- {
- Assertion tempAssertion = (Assertion)samlResponse.getAssertions().get(i);
- IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion);
- if (temp != null)
- {
- attrList.add(temp);
- for (PersonalAttribute attribute : temp) {
- PersonalAttribute attr = (PersonalAttribute)attribute.clone();
- attr.setName(attr.getName()+tempAssertion.getID());
- total.add(attr);
- }
- }
- }
- authnResponse.setPersonalAttributeLists(attrList);
- authnResponse.setTotalPersonalAttributeList(total);
- }
-
- LOG.debug("Return result.");
- return authnResponse;
-
- }
-
- /**
- * Validate stork attribute query response.
- *
- * @param tokenSaml the token SAML
- * @param userIP the user IP
- *
- * @return the Stork attribute query response
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public STORKAttrQueryResponse validateSTORKAttrQueryResponse(
- final byte[] tokenSaml, final String userIP)
- throws STORKSAMLEngineException {
-
- LOG.info("validateSTORKAttrQueryResponse");
- final Response samlResponse = (Response) validateStorkSaml(tokenSaml);
-
- LOG.debug("Create StorkAttrQueryResponse.");
- final STORKAttrQueryResponse attrQueryResponse = new STORKAttrQueryResponse();
-
- attrQueryResponse.setCountry(this.getCountry(samlResponse.getSignature()
- .getKeyInfo()));
-
- LOG.debug("Set ID.");
- attrQueryResponse.setSamlId(samlResponse.getID());
- LOG.debug("Set InResponseTo.");
- attrQueryResponse.setInResponseTo(samlResponse.getInResponseTo());
- LOG.debug("Set statusCode.");
- attrQueryResponse.setStatusCode(samlResponse.getStatus().getStatusCode()
- .getValue());
-
-
- // Subordinate code.
- if (samlResponse.getStatus().getStatusCode().getStatusCode() != null) {
- attrQueryResponse.setSubStatusCode(samlResponse.getStatus()
- .getStatusCode().getStatusCode().getValue());
- }
-
- if (samlResponse.getStatus().getStatusMessage() != null) {
- LOG.debug("Set statusMessage.");
- attrQueryResponse.setMessage(samlResponse.getStatus()
- .getStatusMessage().getMessage());
- }
-
- LOG.debug("validateStorkResponse");
- final Assertion assertion = (Assertion) validateStorkResponse(
- samlResponse, userIP);
-
- if(assertion!=null){
- final DateTime serverDate = new DateTime();
-
- attrQueryResponse.setAssertion(assertion);
-
- if (assertion.getConditions().getNotOnOrAfter().isBefore(serverDate)) {
- LOG.error("Token date expired (getNotOnOrAfter = "
- + assertion.getConditions().getNotOnOrAfter()
- + ", server_date: " + serverDate + ")");
- throw new STORKSAMLEngineException(
- "Token date expired (getNotOnOrAfter = "
- + assertion.getConditions().getNotOnOrAfter()
- + " ), server_date: " + serverDate);
- }
-
- LOG.debug("Set notOnOrAfter.");
- attrQueryResponse.setNotOnOrAfter(assertion.getConditions()
- .getNotOnOrAfter());
-
- LOG.debug("Set notBefore.");
- attrQueryResponse.setNotBefore(assertion.getConditions().getNotBefore());
-
- attrQueryResponse.setNotBefore(assertion.getConditions().getNotBefore());
-
- attrQueryResponse.setAudienceRestriction(((AudienceRestriction) assertion
- .getConditions().getAudienceRestrictions().get(0))
- .getAudiences().get(0).getAudienceURI());
- }
-
- // Case no error.
- if (assertion!=null && StatusCode.SUCCESS_URI.equalsIgnoreCase(attrQueryResponse
- .getStatusCode())) {
- LOG.debug("Status Success. Set PersonalAttributeList.");
- attrQueryResponse
- .setPersonalAttributeList(generatePersonalAttributeList(assertion));
- attrQueryResponse.setFail(false);
- } else {
- LOG.debug("Status Fail.");
- attrQueryResponse.setFail(true);
- }
-
- attrQueryResponse.setAssertions(samlResponse.getAssertions());
- if (samlResponse.getAssertions().size() > 1)
- {
- PersonalAttributeList total = new PersonalAttributeList();
- List<IPersonalAttributeList> attrList = new ArrayList();
- for (int i = 0; i < samlResponse.getAssertions().size(); i++)
- {
- Assertion tempAssertion = (Assertion)samlResponse.getAssertions().get(i);
- IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion);
- if (temp != null)
- {
- attrList.add(temp);
- for (PersonalAttribute attribute : temp) {
- PersonalAttribute attr = (PersonalAttribute)attribute.clone();
- attr.setName(attr.getName()+tempAssertion.getID());
- total.add(attr);
- }
- }
- }
- attrQueryResponse.setPersonalAttributeLists(attrList);
- attrQueryResponse.setTotalPersonalAttributeList(total);
- }
-
- LOG.debug("Return result.");
- return attrQueryResponse;
-
- }
-
- /**
- * Validate stork response.
- *
- * @param samlResponse the SAML response
- * @param userIP the user IP
- *
- * @return the assertion
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private Assertion validateStorkResponse(final Response samlResponse,
- final String userIP) throws STORKSAMLEngineException {
- // Exist only one Assertion
-
- if (samlResponse.getAssertions() == null
- || samlResponse.getAssertions().isEmpty()) {
- LOG.info("Assertion is null or empty."); //in replace of throw new STORKSAMLEngineException("Assertion is null or empty.")
- return null;
- }
-
- final Assertion assertion = (Assertion) samlResponse.getAssertions()
- .get(0);
-
- LOG.debug("Verified method Bearer");
- for (final Iterator<SubjectConfirmation> iter = assertion.getSubject()
- .getSubjectConfirmations().iterator(); iter.hasNext();) {
- final SubjectConfirmation element = iter.next();
- final boolean isBearer = SubjectConfirmation.METHOD_BEARER
- .equals(element.getMethod());
-
- final boolean ipValidate = super.getSamlCoreProperties()
- .isIpValidation();
-
- if (ipValidate) {
- if (isBearer) {
- if (StringUtils.isBlank(userIP)) {
- LOG.error("browser_ip is null or empty.");
- throw new STORKSAMLEngineException(
- "browser_ip is null or empty.");
- } else if (StringUtils.isBlank(element
- .getSubjectConfirmationData().getAddress())) {
- LOG.error("token_ip attribute is null or empty.");
- throw new STORKSAMLEngineException(
- "token_ip attribute is null or empty.");
- }
- }
-
- final boolean ipEqual = element.getSubjectConfirmationData()
- .getAddress().equals(userIP);
-
- // Validation ipUser
- if (!ipEqual && ipValidate) {
- LOG.error("SubjectConfirmation BEARER: ");
- throw new STORKSAMLEngineException(
- "IPs doesn't match : token_ip ("
- + element.getSubjectConfirmationData()
- .getAddress() + ") browser_ip ("
- + userIP + ")");
- }
- }
-
- }
- return assertion;
- }
-
- /**
- * Validate stork SAML.
- *
- * @param tokenSaml the token SAML
- *
- * @return the signable SAML object
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- private SignableSAMLObject validateStorkSaml(final byte[] tokenSaml)
- throws STORKSAMLEngineException {
-
- LOG.info("Validate StorkSaml message.");
-
- if (tokenSaml == null) {
- LOG.error("Saml authentication request is null.");
- throw new STORKSAMLEngineException(
- "Saml authentication request is null.");
- }
-
- LOG.debug("Generate AuthnRequest from request.");
- SignableSAMLObject samlObject;
-
- try {
- samlObject = (SignableSAMLObject) super.unmarshall(tokenSaml);
- } catch (SAMLEngineException e) {
- LOG.error("SAMLEngineException unmarshall.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- boolean validateSign = true;
-
- if (StringUtils.isNotBlank(super.getSamlCoreProperties().getProperty(
- "validateSignature"))) {
- validateSign = Boolean.valueOf(super.getSamlCoreProperties()
- .getProperty("validateSignature"));
- }
-
- if (validateSign) {
- LOG.debug("Validate Signature.");
- try {
- super.validateSignature(samlObject);
- } catch (SAMLEngineException e) {
- LOG.error("SAMLEngineException validateSignature.", e);
- throw new STORKSAMLEngineException(e);
- }
- }
-
- LOG.debug("Validate Schema.");
- final ValidatorSuite validatorSuite = Configuration
- .getValidatorSuite("saml2-core-schema-validator");
- try {
- if (samlObject.getElementQName().toString().endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
- {
- CustomAttributeQueryValidator val =
- new CustomAttributeQueryValidator();
- val.validate((CustomAttributeQuery)samlObject);
- }
- else
- validatorSuite.validate(samlObject);
- } catch (ValidationException e) {
- LOG.error("ValidationException.", e);
- throw new STORKSAMLEngineException(e);
- }
-
- return samlObject;
- }
-
- private boolean isComplex(XMLObject xmlObject)
- {
- boolean isComplex = false;
-
- final XSAnyImpl complexValue = (XSAnyImpl) xmlObject;
-
- for (int nextComplexValue = 0; nextComplexValue < complexValue
- .getUnknownXMLObjects().size(); nextComplexValue++) {
-
- final XSAnyImpl simple = (XSAnyImpl) complexValue
- .getUnknownXMLObjects().get(
- nextComplexValue);
-
- if (simple.getElementQName().getLocalPart() != null)
- {
- isComplex = true;
- break;
- }
- }
-
- return isComplex;
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.commons.lang.StringUtils;
+import org.bouncycastle.jce.X509Principal;
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.AuthnContext;
+import org.opensaml.saml2.core.AuthnContextDecl;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.OneTimeUse;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.core.SubjectLocality;
+import org.opensaml.saml2.core.impl.SubjectConfirmationBuilder;
+import org.opensaml.xml.Namespace;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSAny;
+import org.opensaml.xml.schema.impl.XSAnyBuilder;
+import org.opensaml.xml.schema.impl.XSAnyImpl;
+import org.opensaml.xml.schema.impl.XSAnyMarshaller;
+import org.opensaml.xml.schema.impl.XSAnyUnmarshaller;
+import org.opensaml.xml.schema.impl.XSStringImpl;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.util.Base64;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+import org.opensaml.xml.validation.ValidatorSuite;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
+import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.commons.STORKLogoutRequest;
+import eu.stork.peps.auth.commons.STORKLogoutResponse;
+import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.CustomRequestAbstractType;
+import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
+import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
+import eu.stork.peps.auth.engine.core.EIDSectorShare;
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+import eu.stork.peps.auth.engine.core.RequestedAttributes;
+import eu.stork.peps.auth.engine.core.SAMLCore;
+import eu.stork.peps.auth.engine.core.SPApplication;
+import eu.stork.peps.auth.engine.core.SPCountry;
+import eu.stork.peps.auth.engine.core.SPID;
+import eu.stork.peps.auth.engine.core.SPInformation;
+import eu.stork.peps.auth.engine.core.SPInstitution;
+import eu.stork.peps.auth.engine.core.SPSector;
+import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
+import eu.stork.peps.auth.engine.core.impl.AuthenticationAttributesBuilder;
+import eu.stork.peps.auth.engine.core.impl.AuthenticationAttributesMarshaller;
+import eu.stork.peps.auth.engine.core.impl.AuthenticationAttributesUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.CitizenCountryCodeBuilder;
+import eu.stork.peps.auth.engine.core.impl.CitizenCountryCodeMarshaller;
+import eu.stork.peps.auth.engine.core.impl.CitizenCountryCodeUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.EIDCrossBorderShareBuilder;
+import eu.stork.peps.auth.engine.core.impl.EIDCrossBorderShareMarshaller;
+import eu.stork.peps.auth.engine.core.impl.EIDCrossBorderShareUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.EIDCrossSectorShareBuilder;
+import eu.stork.peps.auth.engine.core.impl.EIDCrossSectorShareMarshaller;
+import eu.stork.peps.auth.engine.core.impl.EIDCrossSectorShareUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.EIDSectorShareBuilder;
+import eu.stork.peps.auth.engine.core.impl.EIDSectorShareMarshaller;
+import eu.stork.peps.auth.engine.core.impl.EIDSectorShareUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.QAAAttributeBuilder;
+import eu.stork.peps.auth.engine.core.impl.QAAAttributeMarshaller;
+import eu.stork.peps.auth.engine.core.impl.QAAAttributeUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.RequestedAttributeBuilder;
+import eu.stork.peps.auth.engine.core.impl.RequestedAttributeMarshaller;
+import eu.stork.peps.auth.engine.core.impl.RequestedAttributeUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.RequestedAttributesBuilder;
+import eu.stork.peps.auth.engine.core.impl.RequestedAttributesMarshaller;
+import eu.stork.peps.auth.engine.core.impl.RequestedAttributesUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPApplicationBuilder;
+import eu.stork.peps.auth.engine.core.impl.SPApplicationMarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPApplicationUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPCountryBuilder;
+import eu.stork.peps.auth.engine.core.impl.SPCountryMarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPCountryUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPIDBuilder;
+import eu.stork.peps.auth.engine.core.impl.SPIDMarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPIDUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPInformationBuilder;
+import eu.stork.peps.auth.engine.core.impl.SPInformationMarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPInformationUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPInstitutionBuilder;
+import eu.stork.peps.auth.engine.core.impl.SPInstitutionMarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPInstitutionUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPSectorBuilder;
+import eu.stork.peps.auth.engine.core.impl.SPSectorMarshaller;
+import eu.stork.peps.auth.engine.core.impl.SPSectorUnmarshaller;
+import eu.stork.peps.auth.engine.core.impl.VIDPAuthenticationAttributesBuilder;
+import eu.stork.peps.auth.engine.core.impl.VIDPAuthenticationAttributesMarshaller;
+import eu.stork.peps.auth.engine.core.impl.VIDPAuthenticationAttributesUnmarshaller;
+import eu.stork.peps.auth.engine.core.validator.CustomAttributeQueryValidator;
+import eu.stork.peps.auth.engine.core.validator.ExtensionsSchemaValidator;
+import eu.stork.peps.auth.engine.core.validator.MultipleAssertionResponseValidator;
+import eu.stork.peps.auth.engine.core.validator.QAAAttributeSchemaValidator;
+import eu.stork.peps.exceptions.SAMLEngineException;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
+
+/**
+ * Class that wraps the operations over SAML tokens, both generation and
+ * validation of SAML STORK requests and SAML STORK responses. Complaint with
+ * "OASIS Secure Assertion Markup Language (SAML) 2.0, May 2005", but taking
+ * into account STORK specific requirements.
+ *
+ * @author fjquevedo
+ * @author iinigo
+ */
+public final class STORKSAMLEngine extends SAMLEngine {
+
+ /** The Constant LOG. */
+ private static final Logger LOG = LoggerFactory
+ .getLogger(STORKSAMLEngine.class.getName());
+
+ private static final String ATTRIBUTE_EMPTY_LITERAL = "Attribute name is null or empty.";
+ /**
+ * Gets the single instance of STORKSAMLEngine.
+ *
+ * @param nameInstance the name instance
+ *
+ * @return single instance of STORKSAMLEngine
+ */
+ public static synchronized STORKSAMLEngine getInstance(
+ final String nameInstance) {
+ STORKSAMLEngine engine = null;
+ LOG.info("Get instance: " + nameInstance);
+ try {
+ engine = new STORKSAMLEngine(nameInstance.trim());
+ } catch (Exception e) {
+ LOG.error("Error getting instance: " + nameInstance);
+ e.printStackTrace();
+ }
+ return engine;
+ }
+
+ /**
+ * Instantiate a new STORKSAML engine.
+ *
+ * @param nameInstance the name instance
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private STORKSAMLEngine(final String nameInstance)
+ throws STORKSAMLEngineException {
+ // Initialization OpenSAML.
+ super(nameInstance);
+ LOG.info("Register STORK objects provider.");
+ Configuration.registerObjectProvider(QAAAttribute.DEF_ELEMENT_NAME,
+ new QAAAttributeBuilder(), new QAAAttributeMarshaller(),
+ new QAAAttributeUnmarshaller());
+
+ Configuration.registerObjectProvider(EIDSectorShare.DEF_ELEMENT_NAME,
+ new EIDSectorShareBuilder(), new EIDSectorShareMarshaller(),
+ new EIDSectorShareUnmarshaller());
+
+ Configuration.registerObjectProvider(
+ EIDCrossSectorShare.DEF_ELEMENT_NAME,
+ new EIDCrossSectorShareBuilder(),
+ new EIDCrossSectorShareMarshaller(),
+ new EIDCrossSectorShareUnmarshaller());
+
+ Configuration.registerObjectProvider(
+ EIDCrossBorderShare.DEF_ELEMENT_NAME,
+ new EIDCrossBorderShareBuilder(),
+ new EIDCrossBorderShareMarshaller(),
+ new EIDCrossBorderShareUnmarshaller());
+
+ Configuration.registerObjectProvider(SPSector.DEF_ELEMENT_NAME,
+ new SPSectorBuilder(), new SPSectorMarshaller(),
+ new SPSectorUnmarshaller());
+
+ Configuration.registerObjectProvider(SPInstitution.DEF_ELEMENT_NAME,
+ new SPInstitutionBuilder(), new SPInstitutionMarshaller(),
+ new SPInstitutionUnmarshaller());
+
+ Configuration.registerObjectProvider(SPApplication.DEF_ELEMENT_NAME,
+ new SPApplicationBuilder(), new SPApplicationMarshaller(),
+ new SPApplicationUnmarshaller());
+
+ Configuration.registerObjectProvider(SPCountry.DEF_ELEMENT_NAME,
+ new SPCountryBuilder(), new SPCountryMarshaller(),
+ new SPCountryUnmarshaller());
+
+ Configuration.registerObjectProvider(XSAny.TYPE_NAME,
+ new XSAnyBuilder(), new XSAnyMarshaller(),
+ new XSAnyUnmarshaller());
+
+ Configuration.registerObjectProvider(
+ RequestedAttribute.DEF_ELEMENT_NAME,
+ new RequestedAttributeBuilder(),
+ new RequestedAttributeMarshaller(),
+ new RequestedAttributeUnmarshaller());
+
+ Configuration.registerObjectProvider(
+ RequestedAttributes.DEF_ELEMENT_NAME,
+ new RequestedAttributesBuilder(),
+ new RequestedAttributesMarshaller(),
+ new RequestedAttributesUnmarshaller());
+
+ Configuration.registerObjectProvider(
+ AuthenticationAttributes.DEF_ELEMENT_NAME,
+ new AuthenticationAttributesBuilder(),
+ new AuthenticationAttributesMarshaller(),
+ new AuthenticationAttributesUnmarshaller());
+
+ Configuration.registerObjectProvider(
+ VIDPAuthenticationAttributes.DEF_ELEMENT_NAME,
+ new VIDPAuthenticationAttributesBuilder(),
+ new VIDPAuthenticationAttributesMarshaller(),
+ new VIDPAuthenticationAttributesUnmarshaller());
+
+ Configuration.registerObjectProvider(
+ CitizenCountryCode.DEF_ELEMENT_NAME,
+ new CitizenCountryCodeBuilder(),
+ new CitizenCountryCodeMarshaller(),
+ new CitizenCountryCodeUnmarshaller());
+
+ Configuration.registerObjectProvider(
+ SPID.DEF_ELEMENT_NAME,
+ new SPIDBuilder(),
+ new SPIDMarshaller(),
+ new SPIDUnmarshaller());
+
+ Configuration.registerObjectProvider(
+ SPInformation.DEF_ELEMENT_NAME,
+ new SPInformationBuilder(),
+ new SPInformationMarshaller(),
+ new SPInformationUnmarshaller());
+
+ LOG.info("Register STORK object validators.");
+ final ValidatorSuite validatorSuite = new ValidatorSuite(
+ QAAAttribute.DEF_LOCAL_NAME);
+
+ validatorSuite.registerValidator(QAAAttribute.DEF_ELEMENT_NAME,
+ new QAAAttributeSchemaValidator());
+ final Extensions extensions = SAMLEngineUtils.generateExtension();
+ validatorSuite.registerValidator(extensions.getElementQName(),
+ new ExtensionsSchemaValidator());
+
+ Configuration.registerValidatorSuite(
+ "stork:QualityAuthenticationAssuranceLevel", validatorSuite);
+
+ }
+
+ /**
+ * Generate authentication response base.
+ *
+ * @param status the status
+ * @param assertConsumerURL the assert consumer URL.
+ * @param inResponseTo the in response to
+ *
+ * @return the response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private Response genAuthnRespBase(final Status status,
+ final String assertConsumerURL, final String inResponseTo)
+ throws STORKSAMLEngineException {
+ LOG.debug("Generate Authentication Response base.");
+ final Response response = SAMLEngineUtils.generateResponse(
+ SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(),
+ SAMLEngineUtils.getCurrentTime(), status);
+
+ // Set name Spaces
+ this.setNameSpaces(response);
+
+ // Mandatory STORK
+ LOG.debug("Generate Issuer");
+ final Issuer issuer = SAMLEngineUtils.generateIssuer();
+ issuer.setValue(super.getSamlCoreProperties().getResponder());
+
+ // Format Entity Optional STORK
+ issuer.setFormat(super.getSamlCoreProperties().getFormatEntity());
+
+ response.setIssuer(issuer);
+
+ // destination Mandatory Stork
+ response.setDestination(assertConsumerURL.trim());
+
+ // inResponseTo Mandatory Stork
+ response.setInResponseTo(inResponseTo.trim());
+
+ // Optional STORK
+ response.setConsent(super.getSamlCoreProperties()
+ .getConsentAuthnResponse());
+
+ return response;
+ }
+
+ /**
+ * Generate attribute query response base.
+ *
+ * @param status the status
+ * @param destinationURL the assert consumer URL.
+ * @param inResponseTo the in response to
+ *
+ * @return the response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private Response genAttrQueryRespBase(final Status status,
+ final String destinationURL, final String inResponseTo)
+ throws STORKSAMLEngineException {
+ LOG.debug("Generate Attribute query Response base.");
+ final Response response = SAMLEngineUtils.generateResponse(
+ SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(),
+ SAMLEngineUtils.getCurrentTime(), status);
+
+ // Set name Spaces
+ this.setNameSpaces(response);
+
+ // Mandatory STORK
+ LOG.debug("Generate Issuer");
+ final Issuer issuer = SAMLEngineUtils.generateIssuer();
+ issuer.setValue(super.getSamlCoreProperties().getResponder());
+
+ // Format Entity Optional STORK
+ issuer.setFormat(super.getSamlCoreProperties().getFormatEntity());
+
+ response.setIssuer(issuer);
+
+ // destination Mandatory Stork
+ response.setDestination(destinationURL.trim());
+
+ // inResponseTo Mandatory Stork
+ response.setInResponseTo(inResponseTo.trim());
+
+ // Optional STORK
+ response.setConsent(super.getSamlCoreProperties()
+ .getConsentAuthnResponse());
+
+ return response;
+ }
+
+ /**
+ * Generate assertion.
+ *
+ * @param ipAddress the IP address.
+ * @param assertConsumerURL the assert consumer URL.
+ * @param inResponseTo the in response to
+ * @param issuer the issuer
+ * @param notOnOrAfter the not on or after
+ *
+ * @return the assertion
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private Assertion generateAssertion(final String ipAddress,
+ final String assertConsumerURL, final String inResponseTo,
+ final String issuer, final DateTime notOnOrAfter)
+ throws STORKSAMLEngineException {
+ LOG.info("Generate Assertion.");
+
+ // Mandatory STORK
+ LOG.debug("Generate Issuer to Assertion");
+ final Issuer issuerAssertion = SAMLEngineUtils.generateIssuer();
+ issuerAssertion.setValue(super.getSamlCoreProperties().getResponder());
+
+ // Format Entity Optional STORK
+ issuerAssertion.setFormat(super.getSamlCoreProperties()
+ .getFormatEntity());
+
+ final Assertion assertion = SAMLEngineUtils.generateAssertion(
+ SAMLVersion.VERSION_20, SAMLEngineUtils.generateNCName(),
+ SAMLEngineUtils.getCurrentTime(), issuerAssertion);
+
+ final Subject subject = SAMLEngineUtils.generateSubject();
+
+ // Mandatory STORK verified
+ // String format = NameID.UNSPECIFIED
+ // specification: 'SAML:2.0' exist
+ // opensaml: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ // opensaml "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
+ final String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
+
+ final String nameQualifier = "";
+
+ LOG.debug("Generate NameID");
+ final NameID nameId = SAMLEngineUtils.generateNameID(super
+ .getSamlCoreProperties().getResponder(), format, nameQualifier);
+ nameId.setValue(format);
+ subject.setNameID(nameId);
+
+ // Mandatory if urn:oasis:names:tc:SAML:2.0:cm:bearer.
+ // Optional in other case.
+ LOG.debug("Generate SubjectConfirmationData.");
+ final SubjectConfirmationData dataBearer = SAMLEngineUtils
+ .generateSubjectConfirmationData(SAMLEngineUtils
+ .getCurrentTime(), assertConsumerURL, inResponseTo);
+
+ // Mandatory if urn:oasis:names:tc:SAML:2.0:cm:bearer.
+ // Optional in other case.
+ LOG.debug("Generate SubjectConfirmation");
+ final SubjectConfirmation subjectConf = SAMLEngineUtils
+ .generateSubjectConfirmation(SubjectConfirmation.METHOD_BEARER,
+ dataBearer);
+
+ final ArrayList<SubjectConfirmation> listSubjectConf = new ArrayList<SubjectConfirmation>();
+ listSubjectConf.add(subjectConf);
+
+ for (final Iterator<SubjectConfirmation> iter = listSubjectConf
+ .iterator(); iter.hasNext();) {
+ final SubjectConfirmation element = iter.next();
+
+ if (SubjectConfirmation.METHOD_BEARER.equals(element.getMethod())) {
+ // ipAddress Mandatory if method is Bearer.
+
+ if (StringUtils.isBlank(ipAddress)) {
+ throw new STORKSAMLEngineException(
+ "ipAddress is null or empty");
+ }
+ element.getSubjectConfirmationData().setAddress(
+ ipAddress.trim());
+ }
+
+ element.getSubjectConfirmationData()
+ .setRecipient(assertConsumerURL);
+ element.getSubjectConfirmationData().setNotOnOrAfter(notOnOrAfter);
+ }
+
+ // The SAML 2.0 specification allows multiple SubjectConfirmations
+ subject.getSubjectConfirmations().addAll(listSubjectConf);
+
+ // Mandatory Stork
+ assertion.setSubject(subject);
+
+ // Conditions that MUST be evaluated when assessing the validity of
+ // and/or when using the assertion.
+ final Conditions conditions = this.generateConditions(SAMLEngineUtils
+ .getCurrentTime(), notOnOrAfter, issuer);
+
+ assertion.setConditions(conditions);
+
+ LOG.debug("Generate stork Authentication Statement.");
+ final AuthnStatement storkAuthnStat = this
+ .generateStorkAuthStatement(ipAddress);
+ assertion.getAuthnStatements().add(storkAuthnStat);
+
+ return assertion;
+ }
+
+ private String getAttributeName(final PersonalAttribute attribute) throws STORKSAMLEngineException {
+ if (StringUtils.isBlank(attribute.getName())) {
+ LOG.error(ATTRIBUTE_EMPTY_LITERAL);
+ throw new STORKSAMLEngineException(ATTRIBUTE_EMPTY_LITERAL);
+ }
+
+ final String attributeName = super.getSamlCoreProperties()
+ .getProperty(attribute.getName());
+
+ if (StringUtils.isBlank(attributeName)) {
+ LOG.error("Attribute name: {} it is not known.", attribute
+ .getName());
+ throw new STORKSAMLEngineException("Attribute name: "
+ + attribute.getName() + " it is not known.");
+ }
+ return attributeName;
+ }
+ /**
+ * Generate attribute statement.
+ *
+ * @param personalAttrList the personal attribute list
+ * @param isHashing the is hashing
+ *
+ * @return the attribute statement
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ * @throws IOException
+ */
+ private AttributeStatement generateAttributeStatement(
+ final IPersonalAttributeList personalAttrList,
+ final boolean isHashing) throws STORKSAMLEngineException {
+ LOG.debug("Generate attribute statement");
+
+ final AttributeStatement attrStatement = (AttributeStatement) SAMLEngineUtils
+ .createSamlObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
+
+ for (PersonalAttribute attribute : personalAttrList) {
+
+ String attributeName = getAttributeName(attribute);
+
+ // Verification that only one value it's permitted, simple or
+ // complex, not both.
+
+ final boolean simpleNull = (attribute.getValue() == null);
+ final boolean simpleEmpty = (simpleNull || (!simpleNull && attribute
+ .getValue().isEmpty()));
+
+ final boolean complexNull = (attribute.getComplexValue() == null);
+ final boolean complexEmpty = (complexNull || (!complexNull && attribute
+ .getComplexValue().isEmpty()));
+
+ if ((!simpleEmpty && !complexEmpty)) {
+ throw new STORKSAMLEngineException(
+ "Attribute name: "
+ + attribute.getName()
+ + " must be contain one value, simple or complex value.");
+ } else {
+
+ if (!simpleEmpty) {
+ attrStatement.getAttributes().add(
+ this.generateAttrSimple(attributeName, attribute
+ .getStatus(), attribute.getValue(),
+ isHashing));
+ } else if (!complexEmpty) {
+ attrStatement.getAttributes().add(
+ SAMLEngineUtils.generateAttrComplex(attributeName,
+ attribute.getStatus(), attribute
+ .getComplexValue(), isHashing));
+ } else if (!simpleNull) {
+ attrStatement.getAttributes().add(
+ this.generateAttrSimple(attributeName, attribute
+ .getStatus(), new ArrayList<String>(),
+ isHashing));
+ } else {
+ // Add attribute complex.
+ attrStatement.getAttributes().add(
+ SAMLEngineUtils.generateAttrComplex(attributeName,
+ attribute.getStatus(),
+ new HashMap<String, String>(), isHashing));
+ }
+ }
+ }
+ return attrStatement;
+ }
+ private XSAny createAttributeValueForSignedDoc(final String value, final boolean isHashing) throws STORKSAMLEngineException {
+ DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
+ domFactory.setNamespaceAware(true);
+ Document document = null;
+ DocumentBuilder builder;
+
+ // Parse the signedDoc value into an XML DOM Document
+ try {
+ builder = domFactory.newDocumentBuilder();
+ InputStream is;
+ is = new ByteArrayInputStream(value.trim().getBytes("UTF-8"));
+ document = builder.parse(is);
+ is.close();
+ } catch (SAXException e1) {
+ LOG.error("SAX Error while parsing signModule attribute", e1);
+ throw new STORKSAMLEngineRuntimeException(e1);
+ } catch (ParserConfigurationException e2) {
+ LOG.error("Parser Configuration Error while parsing signModule attribute", e2);
+ throw new STORKSAMLEngineRuntimeException(e2);
+ } catch (UnsupportedEncodingException e3) {
+ LOG.error("Unsupported encoding Error while parsing signModule attribute", e3);
+ throw new STORKSAMLEngineRuntimeException(e3);
+ } catch (IOException e4) {
+ LOG.error("IO Error while parsing signModule attribute", e4);
+ throw new STORKSAMLEngineRuntimeException(e4);
+ }
+
+ // Create the attribute statement
+ final XSAny xmlValue = (XSAny) SAMLEngineUtils
+ .createSamlObject(
+ AttributeValue.DEFAULT_ELEMENT_NAME,
+ XSAny.TYPE_NAME);
+
+ //Set the signedDoc XML content to this element
+ xmlValue.setDOM(document.getDocumentElement());
+
+ // Create the attribute statement
+ final XSAny attrValue = (XSAny) SAMLEngineUtils
+ .createSamlObject(
+ AttributeValue.DEFAULT_ELEMENT_NAME,
+ XSAny.TYPE_NAME);
+
+ //Add previous signedDocXML to the AttributeValue Element
+
+ // if it's necessary encode the information.
+ if (!isHashing) {
+ attrValue.getUnknownXMLObjects().add(xmlValue);
+ }
+ return attrValue;
+ }
+
+ private XSAny createAttributeValueForNonSignedDoc(final String value, final boolean isHashing) throws STORKSAMLEngineException {
+ // Create the attribute statement
+ final XSAny attrValue = (XSAny) SAMLEngineUtils
+ .createSamlObject(
+ AttributeValue.DEFAULT_ELEMENT_NAME,
+ XSAny.TYPE_NAME);
+ // if it's necessary encode the information.
+ if (isHashing) {
+ attrValue.setTextContent(SAMLEngineUtils.encode(value, SAMLEngineUtils.SHA_512));
+ } else {
+ attrValue.setTextContent(value);
+ }
+ return attrValue;
+ }
+
+ /**
+ * Generate attribute from a list of values.
+ *
+ * @param name the name of the attribute.
+ * @param values the value of the attribute.
+ * @param isHashing the is hashing with "SHA-512" algorithm.
+ * @param status the status of the parameter: "Available", "NotAvailable" or
+ * "Withheld".
+ *
+ * @return the attribute
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private Attribute generateAttrSimple(final String name,
+ final String status, final List<String> values,
+ final boolean isHashing) throws STORKSAMLEngineException {
+ LOG.debug("Generate attribute simple: " + name);
+ final Attribute attribute = (Attribute) SAMLEngineUtils
+ .createSamlObject(Attribute.DEFAULT_ELEMENT_NAME);
+
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+
+ attribute.getUnknownAttributes().put(
+ new QName(SAMLCore.STORK10_NS.getValue(), "AttributeStatus",
+ SAMLCore.STORK10_PREFIX.getValue()), status);
+
+ if (values != null) {
+ LOG.debug("Add attribute values.");
+ for (int i = 0; i < values.size(); i++) {
+ final String value = values.get(i);
+ if (StringUtils.isNotBlank(value)) {
+ XSAny attrValue = null;
+ if (!name.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
+ // Create the attribute statement
+ attrValue = createAttributeValueForNonSignedDoc(value, isHashing);
+
+ } else {
+ attrValue = createAttributeValueForSignedDoc(value, isHashing);
+ attribute.getAttributeValues().add(attrValue);
+ }
+ attribute.getAttributeValues().add(attrValue);
+ }
+ }
+ }
+ return attribute;
+ }
+
+ /**
+ * Generate conditions that MUST be evaluated when assessing the validity of
+ * and/or when using the assertion.
+ *
+ * @param notBefore the not before
+ * @param notOnOrAfter the not on or after
+ * @param audienceURI the audience URI.
+ *
+ * @return the conditions
+ */
+ private Conditions generateConditions(final DateTime notBefore,
+ final DateTime notOnOrAfter, final String audienceURI) {
+ LOG.debug("Generate conditions.");
+ final Conditions conditions = (Conditions) SAMLEngineUtils
+ .createSamlObject(Conditions.DEFAULT_ELEMENT_NAME);
+ conditions.setNotBefore(notBefore);
+ conditions.setNotOnOrAfter(notOnOrAfter);
+
+ final AudienceRestriction restrictions = (AudienceRestriction) SAMLEngineUtils
+ .createSamlObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
+
+ final Audience audience = (Audience) SAMLEngineUtils
+ .createSamlObject(Audience.DEFAULT_ELEMENT_NAME);
+ audience.setAudienceURI(audienceURI);
+
+ restrictions.getAudiences().add(audience);
+ conditions.getAudienceRestrictions().add(restrictions);
+
+ if (super.getSamlCoreProperties().isOneTimeUse()) {
+ final OneTimeUse oneTimeUse = (OneTimeUse) SAMLEngineUtils
+ .createSamlObject(OneTimeUse.DEFAULT_ELEMENT_NAME);
+ conditions.getConditions().add(oneTimeUse);
+ }
+ return conditions;
+ }
+
+ /**
+ * Generate personal attribute list.
+ *
+ * @param assertion the assertion
+ *
+ * @return the personal attribute list
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private IPersonalAttributeList generatePersonalAttributeList(
+ final Assertion assertion) throws STORKSAMLEngineException {
+ LOG.debug("Generate personal attribute list from XMLObject.");
+ final List<XMLObject> listExtensions = assertion.getOrderedChildren();
+
+ boolean find = false;
+ AttributeStatement requestedAttr = null;
+
+ // Search the attribute statement.
+ for (int i = 0; i < listExtensions.size() && !find; i++) {
+ final XMLObject xml = listExtensions.get(i);
+ if (xml instanceof AttributeStatement) {
+ requestedAttr = (AttributeStatement) xml;
+ find = true;
+ }
+ }
+
+ if (!find) {
+ LOG.error("Error: AttributeStatement it's not present.");
+ throw new STORKSAMLEngineException(
+ "AttributeStatement it's not present.");
+ }
+
+ final List<Attribute> reqAttrs = requestedAttr.getAttributes();
+
+ final IPersonalAttributeList personalAttrList = new PersonalAttributeList();
+ String attributeName;
+
+ // Process the attributes.
+ for (int nextAttribute = 0; nextAttribute < reqAttrs.size(); nextAttribute++) {
+ final Attribute attribute = reqAttrs.get(nextAttribute);
+
+ final PersonalAttribute personalAttribute = new PersonalAttribute();
+
+ attributeName = attribute.getName();
+ personalAttribute.setName(attributeName.substring(attributeName
+ .lastIndexOf('/') + 1));
+
+ personalAttribute.setStatus(attribute.getUnknownAttributes().get(
+ new QName(SAMLCore.STORK10_NS.getValue(),
+ "AttributeStatus", SAMLCore.STORK10_PREFIX
+ .getValue())));
+
+ final ArrayList<String> simpleValues = new ArrayList<String>();
+ final HashMap<String, String> multiValues = new HashMap<String, String>();
+
+ final List<XMLObject> values = attribute.getOrderedChildren();
+
+
+ // Process the values.
+ for (int nextValue = 0; nextValue < values.size(); nextValue++) {
+
+ final XMLObject xmlObject = values.get(nextValue);
+
+ if (xmlObject instanceof XSStringImpl) {
+
+ simpleValues.add(((XSStringImpl) xmlObject).getValue());
+
+ } else if (xmlObject instanceof XSAnyImpl) {
+
+ if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
+
+ final XSAnyImpl xmlString = (XSAnyImpl) values
+ .get(nextValue);
+
+ TransformerFactory transFactory = TransformerFactory
+ .newInstance();
+ Transformer transformer = null;
+ try {
+ transformer = transFactory.newTransformer();
+ transformer.setOutputProperty(
+ OutputKeys.OMIT_XML_DECLARATION, "yes");
+ } catch (TransformerConfigurationException e) {
+ LOG.error("Error transformer configuration exception", e);
+ }
+ StringWriter buffer = new StringWriter();
+ try {
+ if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){
+ transformer.transform(new DOMSource(xmlString
+ .getUnknownXMLObjects().get(0).getDOM()),
+ new StreamResult(buffer));
+ }
+ } catch (TransformerException e) {
+ LOG.error("Error transformer exception", e);
+ }
+ String str = buffer.toString();
+
+ simpleValues.add(str);
+
+ } else if (isComplex(xmlObject))
+ {
+ LOG.info(attributeName + " found");
+ // Process complex value.
+ final XSAnyImpl complexValue = (XSAnyImpl) xmlObject;
+
+ for (int nextComplexValue = 0; nextComplexValue < complexValue
+ .getUnknownXMLObjects().size(); nextComplexValue++) {
+
+ final XSAnyImpl simple = (XSAnyImpl) complexValue
+ .getUnknownXMLObjects().get(
+ nextComplexValue);
+
+ multiValues.put(simple.getElementQName()
+ .getLocalPart(), simple.getTextContent());
+ }
+
+ }
+ else {
+ // Process simple value.
+ simpleValues.add(((XSAnyImpl) xmlObject)
+ .getTextContent());
+ }
+
+ } else {
+ LOG.error("Error: attribute value it's unknown.");
+ throw new STORKSAMLEngineException(
+ "Attribute value it's unknown.");
+ }
+ }
+
+ personalAttribute.setValue(simpleValues);
+ personalAttribute.setComplexValue(multiValues);
+ personalAttrList.add(personalAttribute);
+ }
+
+ return personalAttrList;
+ }
+
+ /**
+ * Generate stork authentication request.
+ *
+ * @param request the request that contain all parameters for generate an
+ * authentication request.
+ *
+ * @return the STORK authentication request that has been processed.
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAuthnRequest generateSTORKAuthnRequest(
+ final STORKAuthnRequest request) throws STORKSAMLEngineException {
+ LOG.info("Generate SAMLAuthnRequest.");
+
+ // Validate Parameters mandatories
+ validateParamAuthnReq(request);
+
+ final AuthnRequest authnRequestAux = SAMLEngineUtils
+ .generateSAMLAuthnRequest(SAMLEngineUtils.generateNCName(),
+ SAMLVersion.VERSION_20, SAMLEngineUtils
+ .getCurrentTime());
+
+ // Set name spaces.
+ setNameSpaces(authnRequestAux);
+
+ // Add parameter Mandatory STORK
+ authnRequestAux.setForceAuthn(Boolean.TRUE);
+
+ // Add parameter Mandatory STORK
+ authnRequestAux.setIsPassive(Boolean.FALSE);
+
+ authnRequestAux.setAssertionConsumerServiceURL(request
+ .getAssertionConsumerServiceURL());
+
+ authnRequestAux.setProviderName(request.getProviderName());
+
+ // Add protocol binding
+ authnRequestAux.setProtocolBinding(super.getSamlCoreProperties()
+ .getProtocolBinding());
+
+ // Add parameter optional STORK
+ // Destination is mandatory if the destination is a C-PEPS
+ // The application must to know if the destination is a C-PEPS.
+ if (StringUtils.isNotBlank(request.getDestination())) {
+ authnRequestAux.setDestination(request.getDestination());
+ }
+
+ // Consent is optional. Set from SAMLEngine.xml - consent.
+ authnRequestAux.setConsent(super.getSamlCoreProperties()
+ .getConsentAuthnRequest());
+
+ final Issuer issuer = SAMLEngineUtils.generateIssuer();
+
+ if(request.getIssuer()!=null){
+ issuer.setValue(request.getIssuer());
+ } else {
+ issuer.setValue(super.getSamlCoreProperties().getRequester());
+ }
+
+ // Optional STORK
+ final String formatEntity = super.getSamlCoreProperties()
+ .getFormatEntity();
+ if (StringUtils.isNotBlank(formatEntity)) {
+ issuer.setFormat(formatEntity);
+ }
+
+ authnRequestAux.setIssuer(issuer);
+
+ // Generate stork extensions.
+ final Extensions storkExtensions = this
+ .generateSTORKExtensions(request);
+ // add the extensions to the SAMLAuthnRequest
+ authnRequestAux.setExtensions(storkExtensions);
+
+ // the result contains an authentication request token (byte[]),
+ // identifier of the token, and all parameters from the request.
+ final STORKAuthnRequest authRequest = processExtensions(authnRequestAux
+ .getExtensions());
+
+ try {
+ authRequest.setTokenSaml(super.signAndMarshall(authnRequestAux));
+ } catch (SAMLEngineException e) {
+ LOG.error("Sign and Marshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ authRequest.setSamlId(authnRequestAux.getID());
+ authRequest.setDestination(authnRequestAux.getDestination());
+ authRequest.setAssertionConsumerServiceURL(authnRequestAux
+ .getAssertionConsumerServiceURL());
+
+ authRequest.setProviderName(authnRequestAux.getProviderName());
+ authRequest.setIssuer(authnRequestAux.getIssuer().getValue());
+
+ return authRequest;
+ }
+
+ /**
+ * Generate stork authentication response.
+ *
+ * @param request the request
+ * @param responseAuthReq the response authentication request
+ * @param ipAddress the IP address
+ * @param isHashing the is hashing
+ *
+ * @return the sTORK authentication response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAuthnResponse generateSTORKAuthnResponse(
+ final STORKAuthnRequest request,
+ final STORKAuthnResponse responseAuthReq, final String ipAddress,
+ final boolean isHashing) throws STORKSAMLEngineException {
+ LOG.info("generateSTORKAuthnResponse");
+
+ // Validate parameters
+ validateParamResponse(request, responseAuthReq);
+
+ // Mandatory SAML
+ LOG.debug("Generate StatusCode");
+ final StatusCode statusCode = SAMLEngineUtils
+ .generateStatusCode(StatusCode.SUCCESS_URI);
+
+ LOG.debug("Generate Status");
+ final Status status = SAMLEngineUtils.generateStatus(statusCode);
+
+ LOG.debug("Generate StatusMessage");
+ final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
+ .generateStatusMessage(StatusCode.SUCCESS_URI);
+
+ status.setStatusMessage(statusMessage);
+
+ LOG.debug("Generate Response");
+
+ // RESPONSE
+ final Response response = genAuthnRespBase(status, request
+ .getAssertionConsumerServiceURL(), request.getSamlId());
+
+ DateTime notOnOrAfter = new DateTime();
+
+ notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
+ .getTimeNotOnOrAfter());
+
+ final Assertion assertion = this.generateAssertion(ipAddress, request
+ .getAssertionConsumerServiceURL(), request.getSamlId(), request
+ .getIssuer(), notOnOrAfter);
+
+ final AttributeStatement attrStatement = this
+ .generateAttributeStatement(responseAuthReq
+ .getPersonalAttributeList(), isHashing);
+
+ assertion.getAttributeStatements().add(attrStatement);
+
+ // Add assertions
+ response.getAssertions().add(assertion);
+
+ final STORKAuthnResponse authresponse = new STORKAuthnResponse();
+
+ try {
+ authresponse.setTokenSaml(super.signAndMarshall(response));
+ authresponse.setSamlId(response.getID());
+ } catch (SAMLEngineException e) {
+ LOG.error("Sign and Marshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+ return authresponse;
+ }
+
+ /**
+ * Generate stork authentication response.
+ *
+ * @param request the request
+ * @param responseAuthReq the response authentication request
+ * @param ipAddress the IP address
+ * @param isHashing the is hashing
+ *
+ * @return the sTORK authentication response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAuthnResponse generateSTORKAuthnResponseAfterQuery(
+ final STORKAuthnRequest request,
+ final STORKAuthnResponse responseAuthReq, final String ipAddress,
+ final boolean isHashing, List<STORKAttrQueryResponse> res) throws STORKSAMLEngineException {
+ LOG.info("generateSTORKAuthnResponse");
+
+ // Validate parameters
+ validateParamResponse(request, responseAuthReq);
+
+ // Mandatory SAML
+ LOG.debug("Generate StatusCode");
+ final StatusCode statusCode = SAMLEngineUtils
+ .generateStatusCode(StatusCode.SUCCESS_URI);
+
+ LOG.debug("Generate Status");
+ final Status status = SAMLEngineUtils.generateStatus(statusCode);
+
+ LOG.debug("Generate StatusMessage");
+ final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
+ .generateStatusMessage(StatusCode.SUCCESS_URI);
+
+ status.setStatusMessage(statusMessage);
+
+ LOG.debug("Generate Response");
+
+ // RESPONSE
+ final Response response = genAuthnRespBase(status, request
+ .getAssertionConsumerServiceURL(), request.getSamlId());
+
+ DateTime notOnOrAfter = new DateTime();
+
+ notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
+ .getTimeNotOnOrAfter());
+
+ final Assertion assertion = this.generateAssertion(ipAddress, request
+ .getAssertionConsumerServiceURL(), request.getSamlId(), request
+ .getIssuer(), notOnOrAfter);
+
+ final AttributeStatement attrStatement = this
+ .generateAttributeStatement(responseAuthReq
+ .getPersonalAttributeList(), isHashing);
+
+ assertion.getAttributeStatements().add(attrStatement);
+
+ // Add assertions
+ response.getAssertions().add(assertion);
+ // Check for response queries
+ if (res != null && res.size() > 0)
+ {
+ //Iterate through them
+ for (int i = 0; i < res.size(); i++)
+ {
+ //If response contains multiple assertions iterate through them as well
+ if (res.get(i).getAssertions().size() > 1)
+ {
+ for (int j = 0; j < res.get(i).getAssertions().size(); j++)
+ {
+ Assertion tempAssertion = res.get(i).getAssertions().get(j);
+ tempAssertion.setParent(response);
+ response.getAssertions().add(tempAssertion);
+ }
+ } else {
+ Assertion tempAssertion = res.get(i).getAssertion();
+ tempAssertion.setParent(response);
+ response.getAssertions().add(tempAssertion);
+ }
+ }
+ }
+
+ final STORKAuthnResponse authresponse = new STORKAuthnResponse();
+
+ try {
+ authresponse.setTokenSaml(super.signAndMarshall(response));
+ authresponse.setSamlId(response.getID());
+ } catch (SAMLEngineException e) {
+ LOG.error("Sign and Marshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+ return authresponse;
+ }
+
+ /**
+ * Generate stork authentication response fail.
+ *
+ * @param request the request
+ * @param response the response
+ * @param ipAddress the IP address
+ * @param isHashing the is hashing
+ *
+ * @return the sTORK authentication response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAuthnResponse generateSTORKAuthnResponseFail(
+ final STORKAuthnRequest request, final STORKAuthnResponse response,
+ final String ipAddress, final boolean isHashing)
+ throws STORKSAMLEngineException {
+ LOG.info("generateSTORKAuthnResponseFail");
+
+ validateParamResponseFail(request, response);
+
+ // Mandatory
+ final StatusCode statusCode = SAMLEngineUtils
+ .generateStatusCode(response.getStatusCode());
+
+ // Mandatory SAML
+ LOG.debug("Generate StatusCode.");
+ // Subordinate code it's optional in case not covered into next codes:
+ // - urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
+ // - urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue
+ // - urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy
+ // - urn:oasis:names:tc:SAML:2.0:status:RequestDenied
+ // - http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported
+
+ if (StringUtils.isNotBlank(response.getSubStatusCode())) {
+ final StatusCode newStatusCode = SAMLEngineUtils
+ .generateStatusCode(response.getSubStatusCode());
+ statusCode.setStatusCode(newStatusCode);
+ }
+
+ LOG.debug("Generate Status.");
+ final Status status = SAMLEngineUtils.generateStatus(statusCode);
+
+ if (StringUtils.isNotBlank(response.getMessage())) {
+ final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
+ .generateStatusMessage(response.getMessage());
+
+ status.setStatusMessage(statusMessage);
+ }
+
+ LOG.debug("Generate Response.");
+ // RESPONSE
+ final Response responseFail = genAuthnRespBase(status, request
+ .getAssertionConsumerServiceURL(), request.getSamlId());
+
+ DateTime notOnOrAfter = new DateTime();
+
+ notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
+ .getTimeNotOnOrAfter());
+
+ final Assertion assertion = this.generateAssertion(ipAddress, request
+ .getAssertionConsumerServiceURL(), request.getSamlId(), request
+ .getIssuer(), notOnOrAfter);
+
+ responseFail.getAssertions().add(assertion);
+
+ LOG.debug("Sign and Marshall ResponseFail.");
+
+ final STORKAuthnResponse storkResponse = new STORKAuthnResponse();
+
+ try {
+ storkResponse.setTokenSaml(super.signAndMarshall(responseFail));
+ storkResponse.setSamlId(responseFail.getID());
+ } catch (SAMLEngineException e) {
+ LOG.error("SAMLEngineException.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+ return storkResponse;
+ }
+
+ /**
+ * Generate stork attribute query request.
+ *
+ * @param request the request that contain all parameters for generate an
+ * attribute query request.
+ *
+ * @return the STORK attribute query request that has been processed.
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAttrQueryRequest generateSTORKAttrQueryRequest(
+ final STORKAttrQueryRequest request) throws STORKSAMLEngineException {
+ LOG.info("Generate STORKAttrQueryRequest.");
+
+ // Validate Parameters mandatories
+ validateParamAttrQueryReq(request);
+
+ //final AttributeQuery attrQueryRequestAux = SAMLEngineUtils
+ final CustomAttributeQuery attrQueryRequestAux = SAMLEngineUtils
+ .generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(),
+ SAMLVersion.VERSION_20, SAMLEngineUtils
+ .getCurrentTime());
+
+ // Set name spaces.
+ setNameSpaces(attrQueryRequestAux);
+
+
+ // Add parameter optional STORK
+ // Destination is mandatory if the destination is a C-PEPS
+ // The application must to know if the destination is a C-PEPS.
+ if (StringUtils.isNotBlank(request.getDestination())) {
+ attrQueryRequestAux.setDestination(request.getDestination());
+ }
+
+ // Add parameter optional STORK
+ // Consumer URL is needed if using HTTP-Post
+ if (StringUtils.isNotBlank(request.getAssertionConsumerServiceURL())) {
+ attrQueryRequestAux.setAssertionConsumerServiceURL(request.getAssertionConsumerServiceURL());
+ }
+
+ // Consent is optional. Set from SAMLEngine.xml - consent.
+ attrQueryRequestAux.setConsent(super.getSamlCoreProperties()
+ .getConsentAuthnRequest());
+
+ final Issuer issuer = SAMLEngineUtils.generateIssuer();
+
+ //Set the subject - needed for attribute query validation
+ Subject subject = SAMLEngineUtils.generateSubject();
+ SubjectConfirmationBuilder builder = new SubjectConfirmationBuilder();
+ SubjectConfirmation subjectConfirmation = builder.buildObject();
+ subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
+ subject.getSubjectConfirmations().add(subjectConfirmation);
+ attrQueryRequestAux.setSubject(subject);
+
+ if(request.getIssuer()!=null){
+ issuer.setValue(request.getIssuer());
+ } else {
+ issuer.setValue(super.getSamlCoreProperties().getRequester());
+ }
+
+ // Optional STORK
+ final String formatEntity = super.getSamlCoreProperties()
+ .getFormatEntity();
+ if (StringUtils.isNotBlank(formatEntity)) {
+ issuer.setFormat(formatEntity);
+ }
+
+ attrQueryRequestAux.setIssuer(issuer);
+
+ // Generate stork extensions.
+ final Extensions storkExtensions = this
+ .generateSTORKAttrExtensions(request);
+ // add the extensions to the SAMLAuthnRequest
+ attrQueryRequestAux.setExtensions(storkExtensions);
+
+ // the result contains an authentication request token (byte[]),
+ // identifier of the token, and all parameters from the request.
+ final STORKAttrQueryRequest attrQueryRequest = processAttrExtensions(attrQueryRequestAux
+ .getExtensions());
+
+ try {
+ attrQueryRequest.setTokenSaml(super.signAndMarshall(attrQueryRequestAux));
+ } catch (SAMLEngineException e) {
+ LOG.error("Sign and Marshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ attrQueryRequest.setSamlId(attrQueryRequestAux.getID());
+ attrQueryRequest.setDestination(attrQueryRequestAux.getDestination());
+ attrQueryRequest.setAssertionConsumerServiceURL(attrQueryRequestAux.getAssertionConsumerServiceURL());
+ attrQueryRequest.setIssuer(attrQueryRequestAux.getIssuer().getValue());
+
+ return attrQueryRequest;
+ }
+
+ /**
+ * Generate stork attribute query response.
+ *
+ * @param request the request
+ * @param responseAttrQueryRes the response authentication request
+ * @param ipAddress the IP address
+ * @param isHashing the hashing of values
+ *
+ * @return the sTORK authentication response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAttrQueryResponse generateSTORKAttrQueryResponse(
+ final STORKAttrQueryRequest request,
+ final STORKAttrQueryResponse responseAttrQueryRes, final String ipAddress,
+ final String destinationUrl, final boolean isHashing) throws STORKSAMLEngineException {
+ LOG.info("generateSTORKAttrQueryResponse");
+
+ // Validate parameters
+ validateParamAttrQueryResponse(request, responseAttrQueryRes);
+
+ // Mandatory SAML
+ LOG.debug("Generate StatusCode");
+ final StatusCode statusCode = SAMLEngineUtils
+ .generateStatusCode(StatusCode.SUCCESS_URI);
+
+ LOG.debug("Generate Status");
+ final Status status = SAMLEngineUtils.generateStatus(statusCode);
+
+ LOG.debug("Generate StatusMessage");
+ final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
+ .generateStatusMessage(StatusCode.SUCCESS_URI);
+
+ status.setStatusMessage(statusMessage);
+
+ LOG.debug("Generate Response");
+
+ // RESPONSE
+ final Response response = genAuthnRespBase(status, destinationUrl,
+ request.getSamlId());
+
+ DateTime notOnOrAfter = new DateTime();
+
+ notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
+ .getTimeNotOnOrAfter());
+
+ final Assertion assertion = this.generateAssertion(ipAddress, ""
+ ,request.getSamlId(), request.getIssuer(), notOnOrAfter);
+
+ final AttributeStatement attrStatement = this
+ .generateAttributeStatement(responseAttrQueryRes
+ .getPersonalAttributeList(), isHashing);
+
+ assertion.getAttributeStatements().add(attrStatement);
+
+ // Add assertions
+ response.getAssertions().add(assertion);
+
+ final STORKAttrQueryResponse attrQueryResponse = new STORKAttrQueryResponse();
+
+ try {
+ attrQueryResponse.setTokenSaml(super.signAndMarshall(response));
+ attrQueryResponse.setSamlId(response.getID());
+ } catch (SAMLEngineException e) {
+ LOG.error("Sign and Marshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+ return attrQueryResponse;
+ }
+
+ /**
+ * Generate stork attribute query response from multiple assertions
+ *
+ * @param request the request
+ * @param responseAttrQueryRes the response to the query request
+ * @param responses the responses to include in the response (aggregation)
+ * @param ipAddress the IP address
+ * @param isHashing the hashing of values
+ *
+ * @return the sTORK attribute query response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAttrQueryResponse generateSTORKAttrQueryResponseWithAssertions(
+ final STORKAttrQueryRequest request, final STORKAttrQueryResponse responseAttrQueryRes,
+ final List<STORKAttrQueryResponse> responses, final String ipAddress,
+ final String destinationUrl, final boolean isHashing) throws STORKSAMLEngineException {
+ LOG.info("generateSTORKAttrQueryResponse");
+
+ // Validate parameters
+ validateParamAttrQueryResponseFromAssertions(request, responseAttrQueryRes);
+
+ // Mandatory SAML
+ LOG.debug("Generate StatusCode");
+ final StatusCode statusCode = SAMLEngineUtils
+ .generateStatusCode(StatusCode.SUCCESS_URI);
+
+ LOG.debug("Generate Status");
+ final Status status = SAMLEngineUtils.generateStatus(statusCode);
+
+ LOG.debug("Generate StatusMessage");
+ final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
+ .generateStatusMessage(StatusCode.SUCCESS_URI);
+
+ status.setStatusMessage(statusMessage);
+
+ LOG.debug("Generate Response");
+
+ // RESPONSE
+ final Response response = genAuthnRespBase(status, destinationUrl,
+ request.getSamlId());
+
+ DateTime notOnOrAfter = new DateTime();
+
+ notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
+ .getTimeNotOnOrAfter());
+
+ final Assertion assertion = this.generateAssertion(ipAddress, ""
+ ,request.getSamlId(), request.getIssuer(), notOnOrAfter);
+
+ final AttributeStatement attrStatement = this
+ .generateAttributeStatement(responseAttrQueryRes
+ .getPersonalAttributeList(), isHashing);
+
+ assertion.getAttributeStatements().add(attrStatement);
+
+ // Add the assertions from the former Query responses
+ response.getAssertions().add(assertion);
+ if (responses != null && responses.size() > 0)
+ {
+ for (int i = 0; i < responses.size(); i++)
+ {
+ Assertion tempAssertion = responses.get(i).getAssertion();
+ tempAssertion.setParent(response);
+ response.getAssertions().add(tempAssertion);
+ }
+ }
+
+ final STORKAttrQueryResponse attrQueryResponse = new STORKAttrQueryResponse();
+
+ try {
+ attrQueryResponse.setTokenSaml(super.signAndMarshall(response));
+ attrQueryResponse.setSamlId(response.getID());
+ } catch (SAMLEngineException e) {
+ LOG.error("Sign and Marshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+ return attrQueryResponse;
+ }
+
+ /**
+ * Generate stork attribute query response fail.
+ *
+ * @param request the request
+ * @param response the response
+ * @param ipAddress the IP address
+ * @param isHashing the is hashing
+ *
+ * @return the STORK attribute query response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAttrQueryResponse generateSTORKAttrQueryResponseFail(
+ final STORKAttrQueryRequest request, final STORKAttrQueryResponse response,
+ final String ipAddress, final String destinationUrl, final boolean isHashing)
+ throws STORKSAMLEngineException {
+ LOG.info("generateSTORKAttrQueryResponseFail");
+
+ validateParamAttrQueryResponseFail(request, response);
+
+ // Mandatory
+ final StatusCode statusCode = SAMLEngineUtils
+ .generateStatusCode(response.getStatusCode());
+
+ // Mandatory SAML
+ LOG.debug("Generate StatusCode.");
+ // Subordinate code it's optional in case not covered into next codes:
+ // - urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
+ // - urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue
+ // - urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy
+ // - urn:oasis:names:tc:SAML:2.0:status:RequestDenied
+ // - http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported
+
+ if (StringUtils.isNotBlank(response.getSubStatusCode())) {
+ final StatusCode newStatusCode = SAMLEngineUtils
+ .generateStatusCode(response.getSubStatusCode());
+ statusCode.setStatusCode(newStatusCode);
+ }
+
+ LOG.debug("Generate Status.");
+ final Status status = SAMLEngineUtils.generateStatus(statusCode);
+
+ if (StringUtils.isNotBlank(response.getMessage())) {
+ final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
+ .generateStatusMessage(response.getMessage());
+
+ status.setStatusMessage(statusMessage);
+ }
+
+ LOG.debug("Generate Response.");
+ // RESPONSE
+ final Response responseFail = genAuthnRespBase(status, destinationUrl,
+ request.getSamlId());
+
+ DateTime notOnOrAfter = new DateTime();
+
+ notOnOrAfter = notOnOrAfter.plusSeconds(super.getSamlCoreProperties()
+ .getTimeNotOnOrAfter());
+
+ final Assertion assertion = this.generateAssertion(ipAddress, "",
+ request.getSamlId(), request
+ .getIssuer(), notOnOrAfter);
+
+ responseFail.getAssertions().add(assertion);
+
+ LOG.debug("Sign and Marshall ResponseFail.");
+
+ final STORKAttrQueryResponse storkResponse = new STORKAttrQueryResponse();
+
+ try {
+ storkResponse.setTokenSaml(super.signAndMarshall(responseFail));
+ storkResponse.setSamlId(responseFail.getID());
+ } catch (SAMLEngineException e) {
+ LOG.error("SAMLEngineException.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+ return storkResponse;
+ }
+
+ /**
+ * Generate stork logout request.
+ *
+ * @param request the request that contain all parameters for generate an
+ * logout request.
+ *
+ * @return the STORK logout request that has been processed.
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKLogoutRequest generateSTORKLogoutRequest(
+ final STORKLogoutRequest request) throws STORKSAMLEngineException {
+ LOG.info("Generate STORKLogoutRequest.");
+
+ // Validate Parameters mandatories
+ validateParamLogoutReq(request);
+
+ final LogoutRequest logoutRequestAux = SAMLEngineUtils
+ .generateSAMLLogoutRequest(SAMLEngineUtils.generateNCName(),
+ SAMLVersion.VERSION_20, SAMLEngineUtils
+ .getCurrentTime());
+
+ // Set name spaces.
+ setNameSpaces(logoutRequestAux);
+
+
+ // Add parameter optional STORK
+ // Destination is mandatory if the destination is a C-PEPS
+ // The application must to know if the destination is a C-PEPS.
+ if (StringUtils.isNotBlank(request.getDestination())) {
+ logoutRequestAux.setDestination(request.getDestination());
+ }
+
+ // Consent is optional. Set from SAMLEngine.xml - consent.
+ logoutRequestAux.setConsent(super.getSamlCoreProperties()
+ .getConsentAuthnRequest());
+
+ final Issuer issuer = SAMLEngineUtils.generateIssuer();
+
+
+ if(request.getIssuer()!=null){
+ issuer.setValue(request.getIssuer());
+ } else {
+ issuer.setValue(super.getSamlCoreProperties().getRequester());
+ }
+
+ // Optional STORK
+ final String formatEntity = super.getSamlCoreProperties()
+ .getFormatEntity();
+ if (StringUtils.isNotBlank(formatEntity)) {
+ issuer.setFormat(formatEntity);
+ }
+
+ logoutRequestAux.setIssuer(issuer);
+
+ // Set the name ID
+ final NameID newNameID = SAMLEngineUtils.generateNameID();
+ newNameID.setValue(request.getSpProvidedId());
+ logoutRequestAux.setNameID(newNameID);
+
+
+ // the result contains an authentication request token (byte[]),
+ // identifier of the token, and all parameters from the request.
+ final STORKLogoutRequest logoutRequest = new STORKLogoutRequest();
+
+ try {
+ logoutRequest.setTokenSaml(super.signAndMarshall(logoutRequestAux));
+ } catch (SAMLEngineException e) {
+ LOG.error("Sign and Marshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ logoutRequest.setSamlId(logoutRequestAux.getID());
+ logoutRequest.setDestination(logoutRequestAux.getDestination());
+ logoutRequest.setIssuer(logoutRequestAux.getIssuer().getValue());
+ logoutRequest.setSpProvidedId(logoutRequestAux.getNameID().getValue());
+
+ return logoutRequest;
+ }
+
+
+ /**
+ * Generate stork logout response.
+ * @param request the request thats being responded to
+ * @param response the tesponse that contain all parameters for generate an
+ * logout request.
+ *
+ * @return the STORK logout response that has been processed.
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKLogoutResponse generateSTORKLogoutResponse(
+ final STORKLogoutRequest request,
+ final STORKLogoutResponse response) throws STORKSAMLEngineException {
+ LOG.info("Generate STORKLogoutResponse.");
+
+ // Validate Parameters mandatories
+ validateParamLogoutRes(request, response);
+
+ // Mandatory SAML
+ LOG.debug("Generate StatusCode");
+ final StatusCode statusCode = SAMLEngineUtils
+ .generateStatusCode(StatusCode.SUCCESS_URI);
+
+ LOG.debug("Generate Status");
+ final Status status = SAMLEngineUtils.generateStatus(statusCode);
+
+ LOG.debug("Generate StatusMessage");
+ final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
+ .generateStatusMessage(StatusCode.SUCCESS_URI);
+
+ status.setStatusMessage(statusMessage);
+
+ final LogoutResponse logoutResponseAux= SAMLEngineUtils
+ .generateSAMLLogoutResponse(SAMLEngineUtils.generateNCName(),
+ SAMLVersion.VERSION_20, SAMLEngineUtils
+ .getCurrentTime(), status, request.getSamlId());
+
+ // Set name spaces.
+ setNameSpaces(logoutResponseAux);
+
+
+ // Add parameter optional STORK
+ // Destination is mandatory if the destination is a C-PEPS
+ // The application must to know if the destination is a C-PEPS.
+ if (StringUtils.isNotBlank(response.getDestination())) {
+ logoutResponseAux.setDestination(response.getDestination());
+ }
+
+ // Consent is optional. Set from SAMLEngine.xml - consent.
+ logoutResponseAux.setConsent(super.getSamlCoreProperties()
+ .getConsentAuthnRequest());
+
+ final Issuer issuer = SAMLEngineUtils.generateIssuer();
+
+
+ if(response.getIssuer()!=null){
+ issuer.setValue(response.getIssuer());
+ } else {
+ issuer.setValue(super.getSamlCoreProperties().getRequester());
+ }
+
+ // Optional STORK
+ final String formatEntity = super.getSamlCoreProperties()
+ .getFormatEntity();
+ if (StringUtils.isNotBlank(formatEntity)) {
+ issuer.setFormat(formatEntity);
+ }
+
+ logoutResponseAux.setIssuer(issuer);
+
+
+ // the result contains an authentication request token (byte[]),
+ // identifier of the token, and all parameters from the request.
+ final STORKLogoutResponse logoutResponse = new STORKLogoutResponse();
+
+ try {
+ logoutResponse.setTokenSaml(super.signAndMarshall(logoutResponseAux));
+ } catch (SAMLEngineException e) {
+ LOG.error("Sign and Marshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ logoutResponse.setSamlId(logoutResponseAux.getID());
+ logoutResponse.setDestination(logoutResponseAux.getDestination());
+ logoutResponse.setIssuer(logoutResponseAux.getIssuer().getValue());
+ logoutResponse.setStatusCode(logoutResponseAux.getStatus().getStatusCode().toString());
+ logoutResponse.setStatusMessage(logoutResponseAux.getStatus().getStatusMessage().toString());
+
+ return logoutResponse;
+ }
+
+ /**
+ * Generate failed stork logout response.
+ *
+ * @param response the response that contain all parameters for generate an
+ * logout request.
+ *
+ * @return the STORK logout response that has been processed.
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKLogoutResponse generateSTORKLogoutResponseFail(
+ final STORKLogoutRequest request,
+ final STORKLogoutResponse response ) throws STORKSAMLEngineException {
+ LOG.info("Generate STORKLogoutResponse.");
+
+ // Validate Parameters mandatories
+ validateParamLogoutResFail(request, response);
+
+ // Mandatory
+ final StatusCode statusCode = SAMLEngineUtils
+ .generateStatusCode(response.getStatusCode());
+
+ // Mandatory SAML
+ LOG.debug("Generate StatusCode.");
+ // Subordinate code it's optional in case not covered into next codes:
+ // - urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
+ // - urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue
+ // - urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy
+ // - urn:oasis:names:tc:SAML:2.0:status:RequestDenied
+ // - http://www.stork.gov.eu/saml20/statusCodes/QAANotSupported
+
+ if (StringUtils.isNotBlank(response.getSubStatusCode())) {
+ final StatusCode newStatusCode = SAMLEngineUtils
+ .generateStatusCode(response.getSubStatusCode());
+ statusCode.setStatusCode(newStatusCode);
+ }
+
+ LOG.debug("Generate Status.");
+ final Status status = SAMLEngineUtils.generateStatus(statusCode);
+
+ if (StringUtils.isNotBlank(response.getStatusMessage())) {
+ final StatusMessage statusMessage = (StatusMessage) SAMLEngineUtils
+ .generateStatusMessage(response.getStatusMessage());
+
+ status.setStatusMessage(statusMessage);
+ }
+
+ final LogoutResponse logoutResponseAux= SAMLEngineUtils
+ .generateSAMLLogoutResponse(SAMLEngineUtils.generateNCName(),
+ SAMLVersion.VERSION_20, SAMLEngineUtils
+ .getCurrentTime(), status, request.getSamlId());
+
+ // Set name spaces.
+ setNameSpaces(logoutResponseAux);
+
+
+ // Add parameter optional STORK
+ // Destination is mandatory if the destination is a C-PEPS
+ // The application must to know if the destination is a C-PEPS.
+ if (StringUtils.isNotBlank(response.getDestination())) {
+ logoutResponseAux.setDestination(response.getDestination());
+ }
+
+ // Consent is optional. Set from SAMLEngine.xml - consent.
+ logoutResponseAux.setConsent(super.getSamlCoreProperties()
+ .getConsentAuthnRequest());
+
+ final Issuer issuer = SAMLEngineUtils.generateIssuer();
+
+
+ if(response.getIssuer()!=null){
+ issuer.setValue(response.getIssuer());
+ } else {
+ issuer.setValue(super.getSamlCoreProperties().getRequester());
+ }
+
+ // Optional STORK
+ final String formatEntity = super.getSamlCoreProperties()
+ .getFormatEntity();
+ if (StringUtils.isNotBlank(formatEntity)) {
+ issuer.setFormat(formatEntity);
+ }
+
+ logoutResponseAux.setIssuer(issuer);
+
+
+ // the result contains an authentication request token (byte[]),
+ // identifier of the token, and all parameters from the request.
+ final STORKLogoutResponse logoutResponse = new STORKLogoutResponse();
+
+ try {
+ logoutResponse.setTokenSaml(super.signAndMarshall(logoutResponseAux));
+ } catch (SAMLEngineException e) {
+ LOG.error("Sign and Marshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ logoutResponse.setSamlId(logoutResponseAux.getID());
+ logoutResponse.setDestination(logoutResponseAux.getDestination());
+ logoutResponse.setIssuer(logoutResponseAux.getIssuer().getValue());
+ logoutResponse.setStatusCode(logoutResponseAux.getStatus().getStatusCode().toString());
+ logoutResponse.setStatusMessage(logoutResponseAux.getStatus().getStatusMessage().toString());
+
+ return logoutResponse;
+ }
+
+ /**
+ * Generate stork authentication statement for the authentication statement.
+ *
+ * @param ipAddress the IP address
+ *
+ * @return the authentication statement
+ */
+ private AuthnStatement generateStorkAuthStatement(final String ipAddress) {
+ LOG.debug("Generate stork authenticate statement.");
+ final SubjectLocality subjectLocality = SAMLEngineUtils
+ .generateSubjectLocality(ipAddress);
+
+ final AuthnContext authnContext = (AuthnContext) SAMLEngineUtils
+ .createSamlObject(AuthnContext.DEFAULT_ELEMENT_NAME);
+
+ final AuthnContextDecl authnContextDecl = (AuthnContextDecl) SAMLEngineUtils
+ .createSamlObject(AuthnContextDecl.DEFAULT_ELEMENT_NAME);
+
+ authnContext.setAuthnContextDecl(authnContextDecl);
+
+ final AuthnStatement authnStatement = SAMLEngineUtils
+ .generateAthnStatement(new DateTime(), authnContext);
+
+ // Optional STORK
+ authnStatement.setSessionIndex(null);
+ authnStatement.setSubjectLocality(subjectLocality);
+
+ return authnStatement;
+ }
+
+ /**
+ * Generate stork extensions.
+ *
+ * @param request the request
+ *
+ * @return the extensions
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private Extensions generateSTORKExtensions(final STORKAuthnRequest request)
+ throws STORKSAMLEngineException {
+ LOG.debug("Generate STORKExtensions");
+
+ final Extensions extensions = SAMLEngineUtils.generateExtension();
+
+ LOG.debug("Generate QAAAttribute");
+ final QAAAttribute qaaAttribute = SAMLEngineUtils
+ .generateQAAAttribute(request.getQaa());
+ extensions.getUnknownXMLObjects().add(qaaAttribute);
+
+
+ if (StringUtils.isNotEmpty(request
+ .getSpSector())) {
+ // Add information about service provider.
+ LOG.debug("Generate SPSector");
+ final SPSector sector = SAMLEngineUtils.generateSPSector(request
+ .getSpSector());
+ extensions.getUnknownXMLObjects().add(sector);
+ }
+
+ //Delete from specification. Kept for compatibility with Provider Name value
+ LOG.debug("Generate SPInstitution");
+ final SPInstitution institution = SAMLEngineUtils
+ .generateSPInstitution(request.getProviderName());
+ extensions.getUnknownXMLObjects().add(institution);
+
+
+ if (StringUtils.isNotEmpty(request.getSpApplication())) {
+ LOG.debug("Generate SPApplication");
+ final SPApplication application = SAMLEngineUtils
+ .generateSPApplication(request.getSpApplication());
+ extensions.getUnknownXMLObjects().add(application);
+ }
+
+ if (StringUtils.isNotEmpty(request.getSpCountry())) {
+ LOG.debug("Generate SPCountry");
+ final SPCountry country = SAMLEngineUtils.generateSPCountry(request
+ .getSpCountry());
+ extensions.getUnknownXMLObjects().add(country);
+ }
+
+ //eIDSectorShare: optional; default value: false.
+ String valueSectorShare = super.getSamlCoreProperties()
+ .iseIDSectorShare();
+
+ if (StringUtils.isNotEmpty(valueSectorShare)) {
+ // Add information about the use of the SAML message.
+ LOG.debug("Generate EIDSectorShare");
+ final EIDSectorShare eIdSectorShare = (EIDSectorShare) SAMLEngineUtils
+ .createSamlObject(EIDSectorShare.DEF_ELEMENT_NAME);
+
+ eIdSectorShare.setEIDSectorShare(String.valueOf(Boolean.valueOf(valueSectorShare)));
+
+ extensions.getUnknownXMLObjects().add(eIdSectorShare);
+ }
+
+ String valueCrossSectorShare = super.getSamlCoreProperties()
+ .iseIDCrossSectorShare();
+
+ if (StringUtils.isNotEmpty(valueCrossSectorShare)) {
+ LOG.debug("Generate EIDCrossSectorShare");
+ final EIDCrossSectorShare eIdCrossSecShare = (EIDCrossSectorShare) SAMLEngineUtils
+ .createSamlObject(EIDCrossSectorShare.DEF_ELEMENT_NAME);
+ eIdCrossSecShare.setEIDCrossSectorShare(String.valueOf(Boolean.valueOf(valueCrossSectorShare)));
+ extensions.getUnknownXMLObjects().add(eIdCrossSecShare);
+ }
+
+
+ String valueCrossBorderShare = super.getSamlCoreProperties()
+ .iseIDCrossBorderShare();
+
+ if (StringUtils.isNotEmpty(valueCrossBorderShare)) {
+ LOG.debug("Generate EIDCrossBorderShare");
+ final EIDCrossBorderShare eIdCrossBordShare = (EIDCrossBorderShare) SAMLEngineUtils
+ .createSamlObject(EIDCrossBorderShare.DEF_ELEMENT_NAME);
+ eIdCrossBordShare.setEIDCrossBorderShare(String.valueOf(Boolean.valueOf(valueCrossBorderShare)));
+ extensions.getUnknownXMLObjects().add(eIdCrossBordShare);
+ }
+
+
+ // Add information about requested attributes.
+ LOG.debug("Generate RequestedAttributes.");
+ final RequestedAttributes reqAttributes = (RequestedAttributes) SAMLEngineUtils
+ .createSamlObject(RequestedAttributes.DEF_ELEMENT_NAME);
+
+ LOG.debug("SAML Engine configuration properties load.");
+ final Iterator<PersonalAttribute> iterator = request
+ .getPersonalAttributeList().iterator();
+
+ while (iterator.hasNext()) {
+
+ final PersonalAttribute attribute = iterator.next();
+
+ if (attribute == null || StringUtils.isBlank(attribute.getName())) {
+ LOG.error(ATTRIBUTE_EMPTY_LITERAL);
+ throw new STORKSAMLEngineException(ATTRIBUTE_EMPTY_LITERAL);
+ }
+
+ // Verified if exits the attribute name.
+ final String attributeName = super.getSamlCoreProperties()
+ .getProperty(attribute.getName());
+
+ if (StringUtils.isBlank(attributeName)) {
+ LOG.debug("Attribute name: {} was not found.", attribute
+ .getName());
+ throw new STORKSAMLEngineException("Attribute name: "
+ + attribute.getName() + " was not found.");
+ }
+
+ // Friendly name it's an optional attribute.
+ String friendlyName = null;
+
+ if (super.getSamlCoreProperties().isFriendlyName()) {
+ friendlyName = attribute.getName();
+ }
+
+
+ String isRequired = null;
+ if (super.getSamlCoreProperties().isRequired()) {
+ isRequired = String.valueOf(attribute.isRequired());
+ }
+
+
+ LOG.debug("Generate requested attribute: " + attributeName);
+ final RequestedAttribute requestedAttr = SAMLEngineUtils
+ .generateReqAuthnAttributeSimple(attributeName,
+ friendlyName, isRequired, attribute
+ .getValue());
+
+ // Add requested attribute.
+ reqAttributes.getAttributes().add(requestedAttr);
+ }
+
+ // Add requested attributes.
+ extensions.getUnknownXMLObjects().add(reqAttributes);
+
+ CitizenCountryCode citizenCountryCode = null;
+ if (request.getCitizenCountryCode() != null && StringUtils.isNotBlank(request.getCitizenCountryCode())){
+ LOG.debug("Generate CitizenCountryCode");
+ citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils
+ .createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME);
+
+ citizenCountryCode.setCitizenCountryCode(request
+ .getCitizenCountryCode().toUpperCase());
+ }
+
+ SPID spid = null;
+ if(request.getSPID()!=null && StringUtils.isNotBlank(request.getSPID())) {
+ LOG.debug("Generate SPID");
+ spid = (SPID) SAMLEngineUtils
+ .createSamlObject(SPID.DEF_ELEMENT_NAME);
+
+ spid.setSPID(request.getSPID().toUpperCase());
+ }
+
+ AuthenticationAttributes authenticationAttr = (AuthenticationAttributes) SAMLEngineUtils
+ .createSamlObject(AuthenticationAttributes.DEF_ELEMENT_NAME);
+
+ final VIDPAuthenticationAttributes vIDPauthenticationAttr = (VIDPAuthenticationAttributes) SAMLEngineUtils
+ .createSamlObject(VIDPAuthenticationAttributes.DEF_ELEMENT_NAME);
+
+ final SPInformation spInformation = (SPInformation) SAMLEngineUtils
+ .createSamlObject(SPInformation.DEF_ELEMENT_NAME);
+
+ if(citizenCountryCode!=null){
+ vIDPauthenticationAttr.setCitizenCountryCode(citizenCountryCode);
+ }
+
+ if(spid!=null){
+ spInformation.setSPID(spid);
+ }
+
+ vIDPauthenticationAttr.setSPInformation(spInformation);
+
+ authenticationAttr
+ .setVIDPAuthenticationAttributes(vIDPauthenticationAttr);
+ extensions.getUnknownXMLObjects().add(authenticationAttr);
+
+
+ return extensions;
+
+ }
+
+ /**
+ * Generate stork extensions.
+ *
+ * @param request the attribute query request
+ *
+ * @return the extensions
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private Extensions generateSTORKAttrExtensions(final STORKAttrQueryRequest request)
+ throws STORKSAMLEngineException {
+ LOG.debug("Generate STORKExtensions");
+
+ final Extensions extensions = SAMLEngineUtils.generateExtension();
+
+ LOG.debug("Generate QAAAttribute");
+ final QAAAttribute qaaAttribute = SAMLEngineUtils
+ .generateQAAAttribute(request.getQaa());
+ extensions.getUnknownXMLObjects().add(qaaAttribute);
+
+
+ if (StringUtils.isNotEmpty(request
+ .getSpSector())) {
+ // Add information about service provider.
+ LOG.debug("Generate SPSector");
+ final SPSector sector = SAMLEngineUtils.generateSPSector(request
+ .getSpSector());
+ extensions.getUnknownXMLObjects().add(sector);
+ }
+
+
+ if (StringUtils.isNotEmpty(request.getSpApplication())) {
+ LOG.debug("Generate SPApplication");
+ final SPApplication application = SAMLEngineUtils
+ .generateSPApplication(request.getSpApplication());
+ extensions.getUnknownXMLObjects().add(application);
+ }
+
+ if (StringUtils.isNotEmpty(request.getSpCountry())) {
+ LOG.debug("Generate SPCountry");
+ final SPCountry country = SAMLEngineUtils.generateSPCountry(request
+ .getSpCountry());
+ extensions.getUnknownXMLObjects().add(country);
+ }
+
+ final EIDSectorShare eIdSectorShare = (EIDSectorShare) SAMLEngineUtils
+ .createSamlObject(EIDSectorShare.DEF_ELEMENT_NAME);
+
+ eIdSectorShare.setEIDSectorShare(String.valueOf(request.isEIDSectorShare()));
+
+ extensions.getUnknownXMLObjects().add(eIdSectorShare);
+
+ final EIDCrossSectorShare eIdCrossSecShare = (EIDCrossSectorShare) SAMLEngineUtils
+ .createSamlObject(EIDCrossSectorShare.DEF_ELEMENT_NAME);
+ eIdCrossSecShare.setEIDCrossSectorShare(String.valueOf(request.isEIDCrossSectorShare()));
+ extensions.getUnknownXMLObjects().add(eIdCrossSecShare);
+
+ final EIDCrossBorderShare eIdCrossBordShare = (EIDCrossBorderShare) SAMLEngineUtils
+ .createSamlObject(EIDCrossBorderShare.DEF_ELEMENT_NAME);
+ eIdCrossBordShare.setEIDCrossBorderShare(String.valueOf(request.isEIDCrossBorderShare()));
+ extensions.getUnknownXMLObjects().add(eIdCrossBordShare);
+
+
+ // Add information about requested attributes.
+ LOG.debug("Generate RequestedAttributes.");
+ final RequestedAttributes reqAttributes = (RequestedAttributes) SAMLEngineUtils
+ .createSamlObject(RequestedAttributes.DEF_ELEMENT_NAME);
+
+ LOG.debug("SAML Engine configuration properties load.");
+ final Iterator<PersonalAttribute> iterator = request
+ .getPersonalAttributeList().iterator();
+
+ while (iterator.hasNext()) {
+
+ final PersonalAttribute attribute = iterator.next();
+
+ if (attribute == null || StringUtils.isBlank(attribute.getName())) {
+ LOG.error(ATTRIBUTE_EMPTY_LITERAL);
+ throw new STORKSAMLEngineException(ATTRIBUTE_EMPTY_LITERAL);
+ }
+
+ // Verified if exits the attribute name.
+ final String attributeName = super.getSamlCoreProperties()
+ .getProperty(attribute.getName());
+
+ if (StringUtils.isBlank(attributeName)) {
+ LOG.debug("Attribute name: {} was not found.", attribute
+ .getName());
+ throw new STORKSAMLEngineException("Attribute name: "
+ + attribute.getName() + " was not found.");
+ }
+
+ // Friendly name it's an optional attribute.
+ String friendlyName = null;
+
+ if (super.getSamlCoreProperties().isFriendlyName()) {
+ friendlyName = attribute.getName();
+ }
+
+
+ String isRequired = null;
+ if (super.getSamlCoreProperties().isRequired()) {
+ isRequired = String.valueOf(attribute.isRequired());
+ }
+
+
+ LOG.debug("Generate requested attribute: " + attributeName);
+ final RequestedAttribute requestedAttr = SAMLEngineUtils
+ .generateReqAuthnAttributeSimple(attributeName,
+ friendlyName, isRequired, attribute
+ .getValue());
+
+ // Add requested attribute.
+ reqAttributes.getAttributes().add(requestedAttr);
+ }
+
+ // Add requested attributes.
+ extensions.getUnknownXMLObjects().add(reqAttributes);
+
+ CitizenCountryCode citizenCountryCode = null;
+ if (request.getCitizenCountryCode() != null && StringUtils.isNotBlank(request.getCitizenCountryCode())){
+ LOG.debug("Generate CitizenCountryCode");
+ citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils
+ .createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME);
+
+ citizenCountryCode.setCitizenCountryCode(request
+ .getCitizenCountryCode().toUpperCase());
+ }
+
+ SPID spid = null;
+ if(request.getSPID()!=null && StringUtils.isNotBlank(request.getSPID())) {
+ LOG.debug("Generate SPID");
+ spid = (SPID) SAMLEngineUtils
+ .createSamlObject(SPID.DEF_ELEMENT_NAME);
+
+ spid.setSPID(request.getSPID().toUpperCase());
+ }
+
+
+ return extensions;
+
+ }
+
+ /**
+ * Gets the alias from X.509 Certificate at keystore.
+ *
+ * @param keyInfo the key info
+ * @param storkOwnKeyStore
+ * @param storkOwnKeyStore
+ *
+ * @return the alias
+ */
+ private String getAlias(final KeyInfo keyInfo, KeyStore storkOwnKeyStore) {
+
+ LOG.debug("Recover alias information");
+
+ String alias = null;
+ try {
+ final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
+ .getX509Datas().get(0).getX509Certificates().get(0);
+
+ // Transform the KeyInfo to X509Certificate.
+ CertificateFactory certFact;
+ certFact = CertificateFactory.getInstance("X.509");
+
+ final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
+ .decode(xmlCert.getValue()));
+
+ final X509Certificate cert = (X509Certificate) certFact
+ .generateCertificate(bis);
+
+ final String tokenSerialNumber = cert.getSerialNumber().toString(16);
+ final X509Principal tokenIssuerDN = new X509Principal(cert.getIssuerDN().getName());
+
+
+ String aliasCert;
+ X509Certificate certificate;
+ boolean find = false;
+
+ for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
+ .hasMoreElements()
+ && !find; ) {
+ aliasCert = e.nextElement();
+ certificate = (X509Certificate) storkOwnKeyStore
+ .getCertificate(aliasCert);
+
+ final String serialNum = certificate.getSerialNumber()
+ .toString(16);
+
+ X509Principal issuerDN = new X509Principal(certificate
+ .getIssuerDN().getName());
+
+ if(serialNum.equalsIgnoreCase(tokenSerialNumber)
+ && X509PrincipalUtil.equals2(issuerDN, tokenIssuerDN)){
+ alias = aliasCert;
+ find = true;
+ }
+
+ }
+
+ } catch (KeyStoreException e) {
+ LOG.error("Procces getAlias from certificate associated into the signing keystore..", e);
+ } catch (CertificateException e) {
+ LOG.error("Procces getAlias from certificate associated into the signing keystore..", e);
+ } catch (RuntimeException e) {
+ LOG.error("Procces getAlias from certificate associated into the signing keystore..", e);
+ }
+ return alias;
+ }
+
+ /**
+ * Gets the country from X.509 Certificate.
+ *
+ * @param keyInfo the key info
+ *
+ * @return the country
+ */
+ private String getCountry(final KeyInfo keyInfo) {
+ LOG.debug("Recover country information.");
+
+ String result = "";
+ try {
+ final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
+ .getX509Datas().get(0).getX509Certificates().get(0);
+
+ // Transform the KeyInfo to X509Certificate.
+ CertificateFactory certFact;
+ certFact = CertificateFactory.getInstance("X.509");
+
+ final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
+ .decode(xmlCert.getValue()));
+
+ final X509Certificate cert = (X509Certificate) certFact
+ .generateCertificate(bis);
+
+ String distName = cert.getSubjectDN().toString();
+
+ distName = StringUtils.deleteWhitespace(StringUtils
+ .upperCase(distName));
+
+ final String countryCode = "C=";
+ final int init = distName.indexOf(countryCode);
+
+ if (init > StringUtils.INDEX_NOT_FOUND) { // Exist country code.
+ int end = distName.indexOf(',', init);
+
+ if (end <= StringUtils.INDEX_NOT_FOUND) {
+ end = distName.length();
+ }
+
+ if (init < end && end > StringUtils.INDEX_NOT_FOUND) {
+ result = distName.substring(init + countryCode.length(),
+ end);
+ //It must be a two characters value
+ if(result.length()>2){
+ result = result.substring(0, 2);
+ }
+ }
+ }
+
+ } catch (CertificateException e) {
+ LOG.error("Procces getCountry from certificate.");
+ }
+ return result.trim();
+ }
+
+ /**
+ * Process all elements XMLObjects from the extensions.
+ *
+ * @param extensions the extensions from the authentication request.
+ *
+ * @return the STORK authentication request
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private STORKAuthnRequest processExtensions(final Extensions extensions)
+ throws STORKSAMLEngineException {
+ LOG.debug("Procces the extensions.");
+
+ final STORKAuthnRequest request = new STORKAuthnRequest();
+
+ final QAAAttribute qaa = (QAAAttribute) extensions
+ .getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME).get(0);
+ request.setQaa(Integer.parseInt(qaa.getQaaLevel()));
+
+ List optionalElements = extensions.getUnknownXMLObjects(
+ SPSector.DEF_ELEMENT_NAME);
+
+ if (!optionalElements.isEmpty()) {
+ final SPSector sector = (SPSector) extensions.getUnknownXMLObjects(
+ SPSector.DEF_ELEMENT_NAME).get(0);
+ request.setSpSector(sector.getSPSector());
+ }
+
+ optionalElements = extensions.getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME);
+
+ if (!optionalElements.isEmpty()) {
+ final SPApplication application = (SPApplication) extensions
+ .getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME).get(0);
+ request.setSpApplication(application.getSPApplication());
+ }
+
+ optionalElements = extensions.getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME);
+
+ if (!optionalElements.isEmpty()) {
+ final SPCountry application = (SPCountry) extensions
+ .getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME).get(0);
+ request.setSpCountry(application.getSPCountry());
+ }
+
+
+ List listCrossBorderShare = extensions
+ .getUnknownXMLObjects(EIDCrossBorderShare.DEF_ELEMENT_NAME);
+
+ if (!listCrossBorderShare .isEmpty()) {
+ final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) listCrossBorderShare.get(0);
+ request.setEIDCrossBorderShare(Boolean.parseBoolean(crossBorderShare
+ .getEIDCrossBorderShare()));
+ }
+
+
+ List listCrosSectorShare = extensions
+ .getUnknownXMLObjects(EIDCrossSectorShare.DEF_ELEMENT_NAME);
+
+ if (!listCrosSectorShare.isEmpty()) {
+ final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) listCrosSectorShare.get(0);
+ request.setEIDCrossSectorShare(Boolean.parseBoolean(crossSectorShare
+ .getEIDCrossSectorShare()));
+ }
+
+ List listSectorShareExtension = extensions
+ .getUnknownXMLObjects(EIDSectorShare.DEF_ELEMENT_NAME);
+ if (!listSectorShareExtension.isEmpty()) {
+ final EIDSectorShare sectorShare = (EIDSectorShare) listSectorShareExtension.get(0);
+ request.setEIDSectorShare(Boolean.parseBoolean(sectorShare.getEIDSectorShare()));
+ }
+
+
+
+ List<XMLObject> authAttrs = extensions
+ .getUnknownXMLObjects(AuthenticationAttributes.DEF_ELEMENT_NAME);
+
+ if (authAttrs != null && !authAttrs.isEmpty()) {
+
+ final AuthenticationAttributes authnAttr = (AuthenticationAttributes) authAttrs
+ .get(0);
+
+ VIDPAuthenticationAttributes vidpAuthnAttr = null;
+ if (authnAttr != null && !authAttrs.isEmpty()){
+ vidpAuthnAttr = authnAttr.getVIDPAuthenticationAttributes();
+ }
+
+ CitizenCountryCode citizenCountryCodeElement = null;
+ SPInformation spInformation = null;
+ if (vidpAuthnAttr != null){
+ citizenCountryCodeElement = vidpAuthnAttr.getCitizenCountryCode();
+ spInformation = vidpAuthnAttr.getSPInformation();
+ }
+
+ String citizenCountryCode = null;
+ if(citizenCountryCodeElement!=null){
+ citizenCountryCode = citizenCountryCodeElement.getCitizenCountryCode();
+ }
+
+ if(citizenCountryCode!= null && StringUtils.isNotBlank(citizenCountryCode)){
+ request.setCitizenCountryCode(citizenCountryCode);
+ }
+
+ SPID spidElement = null;
+ if (spInformation != null){
+ spidElement = spInformation.getSPID();
+ }
+
+ String spid = null;
+ if(spidElement!=null){
+ spid = spidElement.getSPID();
+ }
+
+ if (spid != null && StringUtils.isNotBlank(spid)) {
+ request.setSPID(spid);
+ }
+ }
+
+ if (extensions
+ .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) == null) {
+ LOG.error("Extensions not contains any requested attribute.");
+ throw new STORKSAMLEngineException(
+ "Extensions not contains any requested attribute.");
+ }
+
+ final RequestedAttributes requestedAttr = (RequestedAttributes) extensions
+ .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME)
+ .get(0);
+
+ final List<RequestedAttribute> reqAttrs = requestedAttr.getAttributes();
+
+ final IPersonalAttributeList personalAttrList = new PersonalAttributeList();
+
+ String attributeName;
+ for (int nextAttribute = 0; nextAttribute < reqAttrs.size(); nextAttribute++) {
+ final RequestedAttribute attribute = reqAttrs.get(nextAttribute);
+ final PersonalAttribute personalAttribute = new PersonalAttribute();
+ personalAttribute.setIsRequired(Boolean.valueOf(attribute.isRequired()));
+ personalAttribute.setFriendlyName(attribute.getFriendlyName());
+ attributeName = attribute.getName();
+
+ // recover the last name from the string.
+ personalAttribute.setName(attributeName.substring(attributeName
+ .lastIndexOf('/') + 1));
+
+ final ArrayList<String> valores = new ArrayList<String>();
+ final List<XMLObject> values = attribute.getOrderedChildren();
+
+ for (int nextSimpleValue = 0; nextSimpleValue < values.size(); nextSimpleValue++) {
+
+ // Process attributes simples. An AuthenticationRequest only
+ // must contains simple values.
+
+ final XMLObject xmlObject = values.get(nextSimpleValue);
+
+ if(xmlObject instanceof XSStringImpl){
+
+ final XSStringImpl xmlString = (XSStringImpl) values
+ .get(nextSimpleValue);
+ valores.add(xmlString.getValue());
+
+ }else{
+
+ if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
+
+ final XSAnyImpl xmlString = (XSAnyImpl) values
+ .get(nextSimpleValue);
+
+ TransformerFactory transFactory = TransformerFactory.newInstance();
+ Transformer transformer = null;
+ try {
+ transformer = transFactory.newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ } catch (TransformerConfigurationException e) {
+ LOG.error("Error transformer configuration exception", e);
+ }
+ StringWriter buffer = new StringWriter();
+ try {
+ if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){
+ transformer.transform(new DOMSource(xmlString.getUnknownXMLObjects().get(0).getDOM()),
+ new StreamResult(buffer));
+ }
+ } catch (TransformerException e) {
+ LOG.error("Error transformer exception", e);
+ }
+ String str = buffer.toString();
+
+ valores.add(str);
+
+ }else{
+
+ final XSAnyImpl xmlString = (XSAnyImpl) values
+ .get(nextSimpleValue);
+ valores.add(xmlString.getTextContent());
+ }
+
+
+
+ }
+ }
+ personalAttribute.setValue(valores);
+ personalAttrList.add(personalAttribute);
+ }
+
+ request.setPersonalAttributeList(personalAttrList);
+
+ return request;
+ }
+
+
+ /**
+ * Process all elements XMLObjects from the extensions.
+ *
+ * @param extensions the extensions from the authentication request.
+ *
+ * @return the STORK authentication request
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private STORKAttrQueryRequest processAttrExtensions(final Extensions extensions)
+ throws STORKSAMLEngineException {
+ LOG.debug("Procces the atribute query extensions.");
+
+ final STORKAttrQueryRequest request = new STORKAttrQueryRequest();
+
+ final QAAAttribute qaa = (QAAAttribute) extensions
+ .getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME).get(0);
+ request.setQaa(Integer.parseInt(qaa.getQaaLevel()));
+
+ List optionalElements = extensions.getUnknownXMLObjects(
+ SPSector.DEF_ELEMENT_NAME);
+
+ if (!optionalElements.isEmpty()) {
+ final SPSector sector = (SPSector) extensions.getUnknownXMLObjects(
+ SPSector.DEF_ELEMENT_NAME).get(0);
+ request.setSpSector(sector.getSPSector());
+ }
+
+ optionalElements = extensions.getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME);
+
+ if (!optionalElements.isEmpty()) {
+ final SPApplication application = (SPApplication) extensions
+ .getUnknownXMLObjects(SPApplication.DEF_ELEMENT_NAME).get(0);
+ request.setSpApplication(application.getSPApplication());
+ }
+
+ optionalElements = extensions.getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME);
+
+ if (!optionalElements.isEmpty()) {
+ final SPCountry application = (SPCountry) extensions
+ .getUnknownXMLObjects(SPCountry.DEF_ELEMENT_NAME).get(0);
+ request.setSpCountry(application.getSPCountry());
+ }
+
+
+ List listCrossBorderShare = extensions
+ .getUnknownXMLObjects(EIDCrossBorderShare.DEF_ELEMENT_NAME);
+
+ if (!listCrossBorderShare .isEmpty()) {
+ final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) listCrossBorderShare.get(0);
+ request.setEIDCrossBorderShare(Boolean.parseBoolean(crossBorderShare
+ .getEIDCrossBorderShare()));
+ }
+
+
+ List listCrosSectorShare = extensions
+ .getUnknownXMLObjects(EIDCrossSectorShare.DEF_ELEMENT_NAME);
+
+ if (!listCrosSectorShare.isEmpty()) {
+ final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) listCrosSectorShare.get(0);
+ request.setEIDCrossSectorShare(Boolean.parseBoolean(crossSectorShare
+ .getEIDCrossSectorShare()));
+ }
+
+ List listSectorShareExtension = extensions
+ .getUnknownXMLObjects(EIDSectorShare.DEF_ELEMENT_NAME);
+ if (!listSectorShareExtension.isEmpty()) {
+ final EIDSectorShare sectorShare = (EIDSectorShare) listSectorShareExtension.get(0);
+ request.setEIDSectorShare(Boolean.parseBoolean(sectorShare.getEIDSectorShare()));
+ }
+
+
+
+ List<XMLObject> authAttrs = extensions
+ .getUnknownXMLObjects(AuthenticationAttributes.DEF_ELEMENT_NAME);
+
+ if (authAttrs != null && !authAttrs.isEmpty()) {
+
+ final AuthenticationAttributes authnAttr = (AuthenticationAttributes) authAttrs
+ .get(0);
+
+ VIDPAuthenticationAttributes vidpAuthnAttr = null;
+ if (authnAttr != null && !authAttrs.isEmpty()){
+ vidpAuthnAttr = authnAttr.getVIDPAuthenticationAttributes();
+ }
+
+ CitizenCountryCode citizenCountryCodeElement = null;
+ SPInformation spInformation = null;
+ if (vidpAuthnAttr != null){
+ citizenCountryCodeElement = vidpAuthnAttr.getCitizenCountryCode();
+ spInformation = vidpAuthnAttr.getSPInformation();
+ }
+
+ String citizenCountryCode = null;
+ if(citizenCountryCodeElement!=null){
+ citizenCountryCode = citizenCountryCodeElement.getCitizenCountryCode();
+ }
+
+ if(citizenCountryCode!= null && StringUtils.isNotBlank(citizenCountryCode)){
+ request.setCitizenCountryCode(citizenCountryCode);
+ }
+
+ SPID spidElement = null;
+ if (spInformation != null){
+ spidElement = spInformation.getSPID();
+ }
+
+ String spid = null;
+ if(spidElement!=null){
+ spid = spidElement.getSPID();
+ }
+
+ if (spid != null && StringUtils.isNotBlank(spid)) {
+ request.setSPID(spid);
+ }
+ }
+
+ if (extensions
+ .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME) == null) {
+ LOG.error("Extensions not contains any requested attribute.");
+ throw new STORKSAMLEngineException(
+ "Extensions not contains any requested attribute.");
+ }
+
+ final RequestedAttributes requestedAttr = (RequestedAttributes) extensions
+ .getUnknownXMLObjects(RequestedAttributes.DEF_ELEMENT_NAME)
+ .get(0);
+
+ final List<RequestedAttribute> reqAttrs = requestedAttr.getAttributes();
+
+ final IPersonalAttributeList personalAttrList = new PersonalAttributeList();
+
+ String attributeName;
+ for (int nextAttribute = 0; nextAttribute < reqAttrs.size(); nextAttribute++) {
+ final RequestedAttribute attribute = reqAttrs.get(nextAttribute);
+ final PersonalAttribute personalAttribute = new PersonalAttribute();
+ personalAttribute.setIsRequired(Boolean.valueOf(attribute.isRequired()));
+ personalAttribute.setFriendlyName(attribute.getFriendlyName());
+ attributeName = attribute.getName();
+
+ // recover the last name from the string.
+ personalAttribute.setName(attributeName.substring(attributeName
+ .lastIndexOf('/') + 1));
+
+ final ArrayList<String> valores = new ArrayList<String>();
+ final List<XMLObject> values = attribute.getOrderedChildren();
+
+ for (int nextSimpleValue = 0; nextSimpleValue < values.size(); nextSimpleValue++) {
+
+ // Process attributes simples. An AuthenticationRequest only
+ // must contains simple values.
+
+ final XMLObject xmlObject = values.get(nextSimpleValue);
+
+ if(xmlObject instanceof XSStringImpl){
+
+ final XSStringImpl xmlString = (XSStringImpl) values
+ .get(nextSimpleValue);
+ valores.add(xmlString.getValue());
+
+ }else{
+
+ if (attributeName.equals("http://www.stork.gov.eu/1.0/signedDoc")) {
+
+ final XSAnyImpl xmlString = (XSAnyImpl) values
+ .get(nextSimpleValue);
+
+ TransformerFactory transFactory = TransformerFactory.newInstance();
+ Transformer transformer = null;
+ try {
+ transformer = transFactory.newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ } catch (TransformerConfigurationException e) {
+ LOG.error("Error transformer configuration exception", e);
+ }
+ StringWriter buffer = new StringWriter();
+ try {
+ if (xmlString != null && xmlString.getUnknownXMLObjects() != null && xmlString.getUnknownXMLObjects().size() > 0 ){
+ transformer.transform(new DOMSource(xmlString.getUnknownXMLObjects().get(0).getDOM()),
+ new StreamResult(buffer));
+ }
+ } catch (TransformerException e) {
+ LOG.error("Error transformer exception", e);
+ }
+ String str = buffer.toString();
+
+ valores.add(str);
+
+ }else{
+
+ final XSAnyImpl xmlString = (XSAnyImpl) values
+ .get(nextSimpleValue);
+ valores.add(xmlString.getTextContent());
+ }
+
+
+
+ }
+ }
+ personalAttribute.setValue(valores);
+ personalAttrList.add(personalAttribute);
+ }
+
+ request.setPersonalAttributeList(personalAttrList);
+
+ return request;
+ }
+
+ /**
+ * Sets the name spaces.
+ *
+ * @param tokenSaml the new name spaces
+ */
+ private void setNameSpaces(final XMLObject tokenSaml) {
+ LOG.debug("Set namespaces.");
+
+ final Namespace saml2 = new Namespace(SAMLConstants.SAML20_NS,
+ SAMLConstants.SAML20_PREFIX);
+ tokenSaml.addNamespace(saml2);
+
+ final Namespace digSig = new Namespace(
+ "http://www.w3.org/2000/09/xmldsig#", "ds");
+ tokenSaml.addNamespace(digSig);
+
+ final Namespace storkp = new Namespace(SAMLCore.STORK10P_NS.getValue(),
+ SAMLCore.STORK10P_PREFIX.getValue());
+ tokenSaml.addNamespace(storkp);
+
+ final Namespace stork = new Namespace(SAMLCore.STORK10_NS.getValue(),
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ tokenSaml.addNamespace(stork);
+ }
+
+ /**
+ * Validate parameters from authentication request.
+ *
+ * @param request the request.
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private void validateParamAuthnReq(final STORKAuthnRequest request)
+ throws STORKSAMLEngineException {
+ LOG.info("Validate parameters from authentication request.");
+
+ // URL to which Authentication Response must be sent.
+ if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
+ throw new STORKSAMLEngineException(
+ "StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");
+ }
+
+ // the name of the original service provider requesting the
+ // authentication.
+ if (StringUtils.isBlank(request.getProviderName())) {
+ throw new STORKSAMLEngineException(
+ "StorkSamlEngine: Service Provider it's mandatory.");
+ }
+
+ // object that contain all attributes requesting.
+ if (request.getPersonalAttributeList() == null
+ || request.getPersonalAttributeList().isEmpty()) {
+ throw new STORKSAMLEngineException(
+ "attributeQueries is null or empty.");
+ }
+
+ // Quality authentication assurance level.
+ if ((request.getQaa() < QAAAttribute.MIN_VALUE)
+ || (request.getQaa() > QAAAttribute.MAX_VALUE)) {
+ throw new STORKSAMLEngineException("Qaal: " + request.getQaa()
+ + ", is invalid.");
+ }
+
+ }
+
+ /**
+ * Validate parameters from attribute query request.
+ *
+ * @param request the request.
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private void validateParamAttrQueryReq(final STORKAttrQueryRequest request)
+ throws STORKSAMLEngineException {
+ LOG.info("Validate parameters from attribute query request.");
+
+ // URL to which AP Response must be sent.
+ if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
+ throw new STORKSAMLEngineException(
+ "StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");
+ }
+
+ // Destination of the request - not mandatory
+ /*if (StringUtils.isBlank(request.getDestination())) {
+ throw new STORKSAMLEngineException(
+ "StorkSamlEngine: Destination is mandatory.");
+ }*/
+
+ // SP country is empty
+ if (StringUtils.isBlank(request.getSpCountry())) {
+ throw new STORKSAMLEngineException(
+ "StorkSamlEngine: SP country is mandatory.");
+ }
+
+ // object that contain all attributes requesting.
+ if (request.getPersonalAttributeList() == null
+ || request.getPersonalAttributeList().isEmpty()) {
+ throw new STORKSAMLEngineException(
+ "attributeQueries is null or empty.");
+ }
+
+ // Quality authentication assurance level.
+ if ((request.getQaa() < QAAAttribute.MIN_VALUE)
+ || (request.getQaa() > QAAAttribute.MAX_VALUE)) {
+ throw new STORKSAMLEngineException("Qaal: " + request.getQaa()
+ + ", is invalid.");
+ }
+ }
+
+ /**
+ * Validate parameters from logout request.
+ *
+ * @param request the request.
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private void validateParamLogoutReq(final STORKLogoutRequest request)
+ throws STORKSAMLEngineException {
+ LOG.info("Validate parameters from logout request.");
+
+ // URL to which AP Response must be sent.
+ /*if (StringUtils.isBlank(request.get())) {
+ throw new STORKSAMLEngineException(
+ "StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");
+ }*/
+
+ // Destination of the request
+ if (StringUtils.isBlank(request.getDestination())) {
+ throw new STORKSAMLEngineException(
+ "StorkSamlEngine: Destination is mandatory.");
+ }
+
+ // SP Provided Id
+ if (StringUtils.isBlank(request.getSpProvidedId())) {
+ throw new STORKSAMLEngineException(
+ "StorkSamlEngine: SP provided Id is mandatory.");
+ }
+ }
+
+ /**
+ * Validate parameters from logout response.
+ *
+ * @param response the response.
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private void validateParamLogoutRes(final STORKLogoutRequest request,
+ final STORKLogoutResponse response) throws STORKSAMLEngineException {
+ LOG.info("Validate parameters from logout request.");
+
+ // Issuer is mandatory
+ if (StringUtils.isBlank(request.getIssuer())) {
+ throw new STORKSAMLEngineException(
+ "Issuer must be not empty or null.");
+ }
+
+ // Destination of the request
+ if (StringUtils.isBlank(response.getDestination())) {
+ throw new STORKSAMLEngineException(
+ "StorkSamlEngine: Destination is mandatory.");
+ }
+
+ // SP Provided Id
+ if (StringUtils.isBlank(request.getSpProvidedId())) {
+ throw new STORKSAMLEngineException(
+ "StorkSamlEngine: SP provided Id is mandatory.");
+ }
+
+ if (StringUtils.isBlank(request.getSamlId())) {
+ throw new STORKSAMLEngineException("request ID is null or empty.");
+ }
+ }
+
+
+ /**
+ * Validate parameters from response.
+ *
+ * @param request the request
+ * @param responseAuthReq the response authentication request
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private void validateParamResponse(final STORKAuthnRequest request,
+ final STORKAuthnResponse responseAuthReq)
+ throws STORKSAMLEngineException {
+ LOG.info("Validate parameters response.");
+ if (StringUtils.isBlank(request.getIssuer())) {
+ throw new STORKSAMLEngineException(
+ "Issuer must be not empty or null.");
+ }
+
+ if (responseAuthReq.getPersonalAttributeList() == null
+ || responseAuthReq.getPersonalAttributeList().isEmpty()) {
+ LOG.error("PersonalAttributeList is null or empty.");
+ throw new STORKSAMLEngineException(
+ "PersonalAttributeList is null or empty.");
+ }
+
+ if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
+ throw new STORKSAMLEngineException(
+ "assertionConsumerServiceURL is null or empty.");
+ }
+
+ if (StringUtils.isBlank(request.getSamlId())) {
+ throw new STORKSAMLEngineException("request ID is null or empty.");
+ }
+ }
+
+ /**
+ * Validate parameters from response.
+ *
+ * @param request the request
+ * @param responseAttrQueryReq the response authentication request
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private void validateParamAttrQueryResponse(final STORKAttrQueryRequest request,
+ final STORKAttrQueryResponse responseAttrQueryReq)
+ throws STORKSAMLEngineException {
+ LOG.info("Validate attribute querey parameters response.");
+ if (StringUtils.isBlank(request.getIssuer())) {
+ throw new STORKSAMLEngineException(
+ "Issuer must be not empty or null.");
+ }
+
+ if (responseAttrQueryReq.getPersonalAttributeList() == null
+ || responseAttrQueryReq.getPersonalAttributeList().isEmpty()) {
+ LOG.error("PersonalAttributeList is null or empty.");
+ throw new STORKSAMLEngineException(
+ "PersonalAttributeList is null or empty.");
+ }
+
+ /*if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
+ throw new STORKSAMLEngineException(
+ "assertionConsumerServiceURL is null or empty.");
+ }*/
+
+ if (StringUtils.isBlank(request.getSamlId())) {
+ throw new STORKSAMLEngineException("request ID is null or empty.");
+ }
+ }
+
+ /**
+ * Validate parameters from response.
+ *
+ * @param request the request
+ * @param responseAttrQueryReq the response authentication request
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private void validateParamAttrQueryResponseFromAssertions(final STORKAttrQueryRequest request,
+ final STORKAttrQueryResponse responseAttrQueryReq)
+ throws STORKSAMLEngineException {
+ LOG.info("Validate attribute querey parameters response.");
+ if (StringUtils.isBlank(request.getIssuer())) {
+ throw new STORKSAMLEngineException(
+ "Issuer must be not empty or null.");
+ }
+
+ /*if (responseAttrQueryReq.getPersonalAttributeList() == null
+ || responseAttrQueryReq.getPersonalAttributeList().isEmpty()) {
+ LOG.error("PersonalAttributeList is null or empty.");
+ throw new STORKSAMLEngineException(
+ "PersonalAttributeList is null or empty.");
+ }*/
+
+ /*if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
+ throw new STORKSAMLEngineException(
+ "assertionConsumerServiceURL is null or empty.");
+ }*/
+
+ if (StringUtils.isBlank(request.getSamlId())) {
+ throw new STORKSAMLEngineException("request ID is null or empty.");
+ }
+ }
+
+ /**
+ * Validate parameter from response fail.
+ *
+ * @param request the request
+ * @param response the response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private void validateParamResponseFail(final STORKAuthnRequest request,
+ final STORKAuthnResponse response) throws STORKSAMLEngineException {
+ LOG.info("Validate parameters response fail.");
+ if (StringUtils.isBlank(response.getStatusCode())) {
+ throw new STORKSAMLEngineException("Code error it's null or empty.");
+ }
+
+ if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
+ throw new STORKSAMLEngineException(
+ "assertionConsumerServiceURL is null or empty.");
+ }
+
+ if (StringUtils.isBlank(request.getSamlId())) {
+ throw new STORKSAMLEngineException("request ID is null or empty.");
+ }
+ }
+
+ /**
+ * Validate parameter from response fail.
+ *
+ * @param request the request
+ * @param response the response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private void validateParamAttrQueryResponseFail(final STORKAttrQueryRequest request,
+ final STORKAttrQueryResponse response) throws STORKSAMLEngineException {
+ LOG.info("Validate parameters response fail.");
+ if (StringUtils.isBlank(response.getStatusCode())) {
+ throw new STORKSAMLEngineException("Code error it's null or empty.");
+ }
+
+ if (StringUtils.isBlank(request.getSamlId())) {
+ throw new STORKSAMLEngineException("request ID is null or empty.");
+ }
+ }
+
+ /**
+ * Validate parameter from response fail.
+ *
+ * @param request the request
+ * @param response the response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private void validateParamLogoutResFail(final STORKLogoutRequest request,
+ final STORKLogoutResponse response) throws STORKSAMLEngineException {
+ LOG.info("Validate parameters response fail.");
+
+ if (StringUtils.isBlank(request.getIssuer())) {
+ throw new STORKSAMLEngineException(
+ "Issuer must be not empty or null.");
+ }
+
+ if (StringUtils.isBlank(response.getStatusCode())) {
+ throw new STORKSAMLEngineException("Code error it's null or empty.");
+ }
+
+ if (StringUtils.isBlank(request.getSamlId())) {
+ throw new STORKSAMLEngineException("request ID is null or empty.");
+ }
+ }
+
+ /**
+ * Validate stork authentication request.
+ *
+ * @param tokenSaml the token SAML
+ *
+ * @return the sTORK authentication request
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAuthnRequest validateSTORKAuthnRequest(final byte[] tokenSaml)
+ throws STORKSAMLEngineException {
+ LOG.info("validateSTORKAuthnRequest");
+
+ final AuthnRequest samlRequest = (AuthnRequest) validateStorkSaml(tokenSaml);
+
+ LOG.debug("Validate Extensions.");
+ final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
+ try {
+ validatorExt.validate(samlRequest.getExtensions());
+ } catch (ValidationException e) {
+ LOG.error("ValidationException: validate Extensions.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ LOG.debug("Generate STORKAuthnRequest.");
+ final STORKAuthnRequest authnRequest = processExtensions(samlRequest
+ .getExtensions());
+
+ authnRequest.setCountry(this.getCountry(samlRequest.getSignature()
+ .getKeyInfo()));
+
+ authnRequest.setAlias(this.getAlias(samlRequest.getSignature()
+ .getKeyInfo(), super.getSigner().getTrustStore()));
+
+ authnRequest.setSamlId(samlRequest.getID());
+ authnRequest.setDestination(samlRequest.getDestination());
+ authnRequest.setAssertionConsumerServiceURL(samlRequest
+ .getAssertionConsumerServiceURL());
+
+ authnRequest.setProviderName(samlRequest.getProviderName());
+ authnRequest.setIssuer(samlRequest.getIssuer().getValue());
+
+ //Delete unknown elements from requested ones
+ final Iterator<PersonalAttribute> iterator = authnRequest.getPersonalAttributeList().iterator();
+ IPersonalAttributeList cleanPerAttrList = (PersonalAttributeList) authnRequest.getPersonalAttributeList();
+ while (iterator.hasNext()) {
+
+ final PersonalAttribute attribute = iterator.next();
+
+ // Verify if the attribute name exits.
+ final String attributeName = super.getSamlCoreProperties()
+ .getProperty(attribute.getName());
+
+ if (StringUtils.isBlank(attributeName)) {
+ LOG.info("Attribute name: {} was not found. It will be removed from the request object", attribute.getName());
+ cleanPerAttrList.remove(attribute.getName());
+ }
+
+ }
+ authnRequest.setPersonalAttributeList(cleanPerAttrList);
+
+ return authnRequest;
+
+ }
+
+ /**
+ * Validate stork attribute query request.
+ *
+ * @param tokenSaml the token SAML
+ *
+ * @return the STORK attribute query request
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAttrQueryRequest validateSTORKAttrQueryRequest(final byte[] tokenSaml)
+ throws STORKSAMLEngineException {
+ LOG.info("validateSTORKAttrQueryRequest");
+
+ //final AttributeQuery samlRequest = (AttributeQuery) validateStorkSaml(tokenSaml);
+ final CustomRequestAbstractType samlRequest = (CustomRequestAbstractType) validateStorkSaml(tokenSaml);
+
+ LOG.debug("Validate Extensions.");
+ final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
+ try {
+ validatorExt.validate(samlRequest.getExtensions());
+ } catch (ValidationException e) {
+ LOG.error("ValidationException: validate Extensions.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ LOG.debug("Generate STORKAttrQueryRequest.");
+ final STORKAttrQueryRequest attrRequest = processAttrExtensions(samlRequest
+ .getExtensions());
+
+ attrRequest.setCountry(this.getCountry(samlRequest.getSignature()
+ .getKeyInfo()));
+
+ attrRequest.setAlias(this.getAlias(samlRequest.getSignature()
+ .getKeyInfo(), super.getSigner().getTrustStore()));
+
+ attrRequest.setSamlId(samlRequest.getID());
+ attrRequest.setDestination(samlRequest.getDestination());
+ attrRequest.setAssertionConsumerServiceURL(samlRequest
+ .getAssertionConsumerServiceURL());
+
+ /*authnRequest.setProviderName(samlRequest.getProviderName());*/
+ attrRequest.setIssuer(samlRequest.getIssuer().getValue());
+
+ //Delete unknown elements from requested ones
+ final Iterator<PersonalAttribute> iterator = attrRequest.getPersonalAttributeList().iterator();
+ IPersonalAttributeList cleanPerAttrList = (PersonalAttributeList) attrRequest.getPersonalAttributeList();
+ while (iterator.hasNext()) {
+
+ final PersonalAttribute attribute = iterator.next();
+
+ // Verify if the attribute name exits.
+ final String attributeName = super.getSamlCoreProperties()
+ .getProperty(attribute.getName());
+
+ if (StringUtils.isBlank(attributeName)) {
+ LOG.info("Attribute name: {} was not found. It will be removed from the request object", attribute.getName());
+ cleanPerAttrList.remove(attribute.getName());
+ }
+
+ }
+ attrRequest.setPersonalAttributeList(cleanPerAttrList);
+
+ return attrRequest;
+
+ }
+
+ /**
+ * Validate stork logout request.
+ *
+ * @param tokenSaml the token SAML
+ *
+ * @return the STORK logout request
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKLogoutRequest validateSTORKLogoutRequest(final byte[] tokenSaml)
+ throws STORKSAMLEngineException {
+ LOG.info("validateSTORKLogoutRequest");
+
+ final LogoutRequest samlRequest = (LogoutRequest)validateStorkSaml(tokenSaml);
+
+ LOG.debug("Validate Extensions.");
+ final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
+ try {
+ validatorExt.validate(samlRequest.getExtensions());
+ } catch (ValidationException e) {
+ LOG.error("ValidationException: validate Extensions.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ LOG.debug("Generate STORKLogoutRequest.");
+ final STORKLogoutRequest logoutRequest = new STORKLogoutRequest();
+
+ logoutRequest.setCountry(this.getCountry(samlRequest.getSignature()
+ .getKeyInfo()));
+
+ logoutRequest.setAlias(this.getAlias(samlRequest.getSignature()
+ .getKeyInfo(), super.getSigner().getTrustStore()));
+
+ logoutRequest.setSamlId(samlRequest.getID());
+ logoutRequest.setDestination(samlRequest.getDestination());
+
+ logoutRequest.setIssuer(samlRequest.getIssuer().getValue());
+
+ logoutRequest.setSpProvidedId(samlRequest.getNameID().getValue());
+
+ return logoutRequest;
+
+ }
+
+ /**
+ * Validate stork authentication response.
+ *
+ * @param tokenSaml the token SAML
+ * @param userIP the user IP
+ *
+ * @return the Stork authentication response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAuthnResponse validateSTORKAuthnResponse(
+ final byte[] tokenSaml, final String userIP)
+ throws STORKSAMLEngineException {
+
+ LOG.info("validateSTORKAuthnResponse");
+ final Response samlResponse = (Response) validateStorkSaml(tokenSaml);
+
+ LOG.debug("Create StorkAuthResponse.");
+ final STORKAuthnResponse authnResponse = new STORKAuthnResponse();
+
+ authnResponse.setCountry(this.getCountry(samlResponse.getSignature()
+ .getKeyInfo()));
+
+ LOG.debug("Set ID.");
+ authnResponse.setSamlId(samlResponse.getID());
+ LOG.debug("Set InResponseTo.");
+ authnResponse.setInResponseTo(samlResponse.getInResponseTo());
+ LOG.debug("Set statusCode.");
+ authnResponse.setStatusCode(samlResponse.getStatus().getStatusCode()
+ .getValue());
+
+ // Subordinate code.
+ if (samlResponse.getStatus().getStatusCode().getStatusCode() != null) {
+ authnResponse.setSubStatusCode(samlResponse.getStatus()
+ .getStatusCode().getStatusCode().getValue());
+ }
+
+ if (samlResponse.getStatus().getStatusMessage() != null) {
+ LOG.debug("Set statusMessage.");
+ authnResponse.setMessage(samlResponse.getStatus()
+ .getStatusMessage().getMessage());
+ }
+
+ LOG.debug("validateStorkResponse");
+ final Assertion assertion = (Assertion) validateStorkResponse(
+ samlResponse, userIP);
+
+ if(assertion!=null){
+ final DateTime serverDate = new DateTime();
+
+ if (assertion.getConditions().getNotOnOrAfter().isBefore(serverDate)) {
+ LOG.error("Token date expired (getNotOnOrAfter = "
+ + assertion.getConditions().getNotOnOrAfter()
+ + ", server_date: " + serverDate + ")");
+ throw new STORKSAMLEngineException(
+ "Token date expired (getNotOnOrAfter = "
+ + assertion.getConditions().getNotOnOrAfter()
+ + " ), server_date: " + serverDate);
+ }
+
+ LOG.debug("Set notOnOrAfter.");
+ authnResponse.setNotOnOrAfter(assertion.getConditions()
+ .getNotOnOrAfter());
+
+ LOG.debug("Set notBefore.");
+ authnResponse.setNotBefore(assertion.getConditions().getNotBefore());
+
+ authnResponse.setNotBefore(assertion.getConditions().getNotBefore());
+
+ authnResponse.setAudienceRestriction(((AudienceRestriction) assertion
+ .getConditions().getAudienceRestrictions().get(0))
+ .getAudiences().get(0).getAudienceURI());
+ authnResponse.setAssertions(samlResponse.getAssertions());
+ }
+
+ // Case no error.
+ if (assertion!=null && StatusCode.SUCCESS_URI.equalsIgnoreCase(authnResponse
+ .getStatusCode())) {
+ LOG.debug("Status Success. Set PersonalAttributeList.");
+ authnResponse
+ .setPersonalAttributeList(generatePersonalAttributeList(assertion));
+ authnResponse.setFail(false);
+ } else {
+ LOG.debug("Status Fail.");
+ authnResponse.setFail(true);
+ }
+ LOG.debug("Return result.");
+ return authnResponse;
+
+ }
+
+ /**
+ * Validate stork authentication response.
+ *
+ * @param tokenSaml the token SAML
+ * @param userIP the user IP
+ *
+ * @return the Stork authentication response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAuthnResponse validateSTORKAuthnResponseWithQuery(
+ final byte[] tokenSaml, final String userIP)
+ throws STORKSAMLEngineException {
+
+ LOG.info("validateSTORKAuthnResponse");
+ final Response samlResponse = (Response) validateStorkSaml(tokenSaml);
+
+ LOG.debug("Create StorkAuthResponse.");
+ final STORKAuthnResponse authnResponse = new STORKAuthnResponse();
+
+ authnResponse.setCountry(this.getCountry(samlResponse.getSignature()
+ .getKeyInfo()));
+
+ LOG.debug("Set ID.");
+ authnResponse.setSamlId(samlResponse.getID());
+ LOG.debug("Set InResponseTo.");
+ authnResponse.setInResponseTo(samlResponse.getInResponseTo());
+ LOG.debug("Set statusCode.");
+ authnResponse.setStatusCode(samlResponse.getStatus().getStatusCode()
+ .getValue());
+
+ // Subordinate code.
+ if (samlResponse.getStatus().getStatusCode().getStatusCode() != null) {
+ authnResponse.setSubStatusCode(samlResponse.getStatus()
+ .getStatusCode().getStatusCode().getValue());
+ }
+
+ if (samlResponse.getStatus().getStatusMessage() != null) {
+ LOG.debug("Set statusMessage.");
+ authnResponse.setMessage(samlResponse.getStatus()
+ .getStatusMessage().getMessage());
+ }
+
+ LOG.debug("validateStorkResponse");
+ final Assertion assertion = (Assertion) validateStorkResponse(
+ samlResponse, userIP);
+
+ if(assertion!=null){
+ final DateTime serverDate = new DateTime();
+
+ if (assertion.getConditions().getNotOnOrAfter().isBefore(serverDate)) {
+ LOG.error("Token date expired (getNotOnOrAfter = "
+ + assertion.getConditions().getNotOnOrAfter()
+ + ", server_date: " + serverDate + ")");
+ throw new STORKSAMLEngineException(
+ "Token date expired (getNotOnOrAfter = "
+ + assertion.getConditions().getNotOnOrAfter()
+ + " ), server_date: " + serverDate);
+ }
+
+ LOG.debug("Set notOnOrAfter.");
+ authnResponse.setNotOnOrAfter(assertion.getConditions()
+ .getNotOnOrAfter());
+
+ LOG.debug("Set notBefore.");
+ authnResponse.setNotBefore(assertion.getConditions().getNotBefore());
+
+ authnResponse.setNotBefore(assertion.getConditions().getNotBefore());
+
+ authnResponse.setAudienceRestriction(((AudienceRestriction) assertion
+ .getConditions().getAudienceRestrictions().get(0))
+ .getAudiences().get(0).getAudienceURI());
+ }
+
+ // Case no error.
+ if (assertion!=null && StatusCode.SUCCESS_URI.equalsIgnoreCase(authnResponse
+ .getStatusCode())) {
+ LOG.debug("Status Success. Set PersonalAttributeList.");
+ authnResponse
+ .setPersonalAttributeList(generatePersonalAttributeList(assertion));
+ authnResponse.setFail(false);
+ } else {
+ LOG.debug("Status Fail.");
+ authnResponse.setFail(true);
+ }
+
+ authnResponse.setAssertions(samlResponse.getAssertions());
+ if (samlResponse.getAssertions().size() > 1)
+ {
+ PersonalAttributeList total = new PersonalAttributeList();
+ List<IPersonalAttributeList> attrList = new ArrayList();
+ for (int i = 0; i < samlResponse.getAssertions().size(); i++)
+ {
+ Assertion tempAssertion = (Assertion)samlResponse.getAssertions().get(i);
+ IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion);
+ if (temp != null)
+ {
+ attrList.add(temp);
+ for (PersonalAttribute attribute : temp) {
+ PersonalAttribute attr = (PersonalAttribute)attribute.clone();
+ attr.setName(attr.getName()+tempAssertion.getID());
+ total.add(attr);
+ }
+ }
+ }
+ authnResponse.setPersonalAttributeLists(attrList);
+ authnResponse.setTotalPersonalAttributeList(total);
+ }
+
+ LOG.debug("Return result.");
+ return authnResponse;
+
+ }
+
+ /**
+ * Validate stork attribute query response.
+ *
+ * @param tokenSaml the token SAML
+ * @param userIP the user IP
+ *
+ * @return the Stork attribute query response
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public STORKAttrQueryResponse validateSTORKAttrQueryResponse(
+ final byte[] tokenSaml, final String userIP)
+ throws STORKSAMLEngineException {
+
+ LOG.info("validateSTORKAttrQueryResponse");
+ final Response samlResponse = (Response) validateStorkSaml(tokenSaml);
+
+ LOG.debug("Create StorkAttrQueryResponse.");
+ final STORKAttrQueryResponse attrQueryResponse = new STORKAttrQueryResponse();
+
+ attrQueryResponse.setCountry(this.getCountry(samlResponse.getSignature()
+ .getKeyInfo()));
+
+ LOG.debug("Set ID.");
+ attrQueryResponse.setSamlId(samlResponse.getID());
+ LOG.debug("Set InResponseTo.");
+ attrQueryResponse.setInResponseTo(samlResponse.getInResponseTo());
+ LOG.debug("Set statusCode.");
+ attrQueryResponse.setStatusCode(samlResponse.getStatus().getStatusCode()
+ .getValue());
+
+
+ // Subordinate code.
+ if (samlResponse.getStatus().getStatusCode().getStatusCode() != null) {
+ attrQueryResponse.setSubStatusCode(samlResponse.getStatus()
+ .getStatusCode().getStatusCode().getValue());
+ }
+
+ if (samlResponse.getStatus().getStatusMessage() != null) {
+ LOG.debug("Set statusMessage.");
+ attrQueryResponse.setMessage(samlResponse.getStatus()
+ .getStatusMessage().getMessage());
+ }
+
+ LOG.debug("validateStorkResponse");
+ final Assertion assertion = (Assertion) validateStorkResponse(
+ samlResponse, userIP);
+
+ if(assertion!=null){
+ final DateTime serverDate = new DateTime();
+
+ attrQueryResponse.setAssertion(assertion);
+
+ if (assertion.getConditions().getNotOnOrAfter().isBefore(serverDate)) {
+ LOG.error("Token date expired (getNotOnOrAfter = "
+ + assertion.getConditions().getNotOnOrAfter()
+ + ", server_date: " + serverDate + ")");
+ throw new STORKSAMLEngineException(
+ "Token date expired (getNotOnOrAfter = "
+ + assertion.getConditions().getNotOnOrAfter()
+ + " ), server_date: " + serverDate);
+ }
+
+ LOG.debug("Set notOnOrAfter.");
+ attrQueryResponse.setNotOnOrAfter(assertion.getConditions()
+ .getNotOnOrAfter());
+
+ LOG.debug("Set notBefore.");
+ attrQueryResponse.setNotBefore(assertion.getConditions().getNotBefore());
+
+ attrQueryResponse.setNotBefore(assertion.getConditions().getNotBefore());
+
+ attrQueryResponse.setAudienceRestriction(((AudienceRestriction) assertion
+ .getConditions().getAudienceRestrictions().get(0))
+ .getAudiences().get(0).getAudienceURI());
+ }
+
+ // Case no error.
+ if (assertion!=null && StatusCode.SUCCESS_URI.equalsIgnoreCase(attrQueryResponse
+ .getStatusCode())) {
+ LOG.debug("Status Success. Set PersonalAttributeList.");
+ attrQueryResponse
+ .setPersonalAttributeList(generatePersonalAttributeList(assertion));
+ attrQueryResponse.setFail(false);
+ } else {
+ LOG.debug("Status Fail.");
+ attrQueryResponse.setFail(true);
+ }
+
+ attrQueryResponse.setAssertions(samlResponse.getAssertions());
+ if (samlResponse.getAssertions().size() > 1)
+ {
+ PersonalAttributeList total = new PersonalAttributeList();
+ List<IPersonalAttributeList> attrList = new ArrayList();
+ for (int i = 0; i < samlResponse.getAssertions().size(); i++)
+ {
+ Assertion tempAssertion = (Assertion)samlResponse.getAssertions().get(i);
+ IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion);
+ if (temp != null)
+ {
+ attrList.add(temp);
+ for (PersonalAttribute attribute : temp) {
+ PersonalAttribute attr = (PersonalAttribute)attribute.clone();
+ attr.setName(attr.getName()+tempAssertion.getID());
+ total.add(attr);
+ }
+ }
+ }
+ attrQueryResponse.setPersonalAttributeLists(attrList);
+ attrQueryResponse.setTotalPersonalAttributeList(total);
+ }
+
+ LOG.debug("Return result.");
+ return attrQueryResponse;
+
+ }
+
+ /**
+ * Validate stork response.
+ *
+ * @param samlResponse the SAML response
+ * @param userIP the user IP
+ *
+ * @return the assertion
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private Assertion validateStorkResponse(final Response samlResponse,
+ final String userIP) throws STORKSAMLEngineException {
+ // Exist only one Assertion
+
+ if (samlResponse.getAssertions() == null
+ || samlResponse.getAssertions().isEmpty()) {
+ LOG.info("Assertion is null or empty."); //in replace of throw new STORKSAMLEngineException("Assertion is null or empty.")
+ return null;
+ }
+
+ final Assertion assertion = (Assertion) samlResponse.getAssertions()
+ .get(0);
+
+ LOG.debug("Verified method Bearer");
+ for (final Iterator<SubjectConfirmation> iter = assertion.getSubject()
+ .getSubjectConfirmations().iterator(); iter.hasNext();) {
+ final SubjectConfirmation element = iter.next();
+ final boolean isBearer = SubjectConfirmation.METHOD_BEARER
+ .equals(element.getMethod());
+
+ final boolean ipValidate = super.getSamlCoreProperties()
+ .isIpValidation();
+
+ if (ipValidate) {
+ if (isBearer) {
+ if (StringUtils.isBlank(userIP)) {
+ LOG.error("browser_ip is null or empty.");
+ throw new STORKSAMLEngineException(
+ "browser_ip is null or empty.");
+ } else if (StringUtils.isBlank(element
+ .getSubjectConfirmationData().getAddress())) {
+ LOG.error("token_ip attribute is null or empty.");
+ throw new STORKSAMLEngineException(
+ "token_ip attribute is null or empty.");
+ }
+ }
+
+ final boolean ipEqual = element.getSubjectConfirmationData()
+ .getAddress().equals(userIP);
+
+ // Validation ipUser
+ if (!ipEqual && ipValidate) {
+ LOG.error("SubjectConfirmation BEARER: ");
+ throw new STORKSAMLEngineException(
+ "IPs doesn't match : token_ip ("
+ + element.getSubjectConfirmationData()
+ .getAddress() + ") browser_ip ("
+ + userIP + ")");
+ }
+ }
+
+ }
+ return assertion;
+ }
+
+ /**
+ * Validate stork SAML.
+ *
+ * @param tokenSaml the token SAML
+ *
+ * @return the signable SAML object
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ private SignableSAMLObject validateStorkSaml(final byte[] tokenSaml)
+ throws STORKSAMLEngineException {
+
+ LOG.info("Validate StorkSaml message.");
+
+ if (tokenSaml == null) {
+ LOG.error("Saml authentication request is null.");
+ throw new STORKSAMLEngineException(
+ "Saml authentication request is null.");
+ }
+
+ LOG.debug("Generate AuthnRequest from request.");
+ SignableSAMLObject samlObject;
+
+ try {
+ samlObject = (SignableSAMLObject) super.unmarshall(tokenSaml);
+ } catch (SAMLEngineException e) {
+ LOG.error("SAMLEngineException unmarshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ boolean validateSign = true;
+
+ if (StringUtils.isNotBlank(super.getSamlCoreProperties().getProperty(
+ "validateSignature"))) {
+ validateSign = Boolean.valueOf(super.getSamlCoreProperties()
+ .getProperty("validateSignature"));
+ }
+
+ if (validateSign) {
+ LOG.debug("Validate Signature.");
+ try {
+ super.validateSignature(samlObject);
+ } catch (SAMLEngineException e) {
+ LOG.error("SAMLEngineException validateSignature.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+ }
+
+ LOG.debug("Validate Schema.");
+ final ValidatorSuite validatorSuite = Configuration
+ .getValidatorSuite("saml2-core-schema-validator");
+ try {
+ if (samlObject.getElementQName().toString().endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
+ {
+ CustomAttributeQueryValidator val =
+ new CustomAttributeQueryValidator();
+ val.validate((CustomAttributeQuery)samlObject);
+ }
+ else if (samlObject instanceof Response
+ && ((Response) samlObject).getAssertions().size() > 1) {
+ MultipleAssertionResponseValidator val =
+ new MultipleAssertionResponseValidator();
+ val.validate((Response)samlObject);
+ }
+ else
+ validatorSuite.validate(samlObject);
+ } catch (ValidationException e) {
+ LOG.error("ValidationException.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ return samlObject;
+ }
+
+ private boolean isComplex(XMLObject xmlObject)
+ {
+ boolean isComplex = false;
+
+ final XSAnyImpl complexValue = (XSAnyImpl) xmlObject;
+
+ for (int nextComplexValue = 0; nextComplexValue < complexValue
+ .getUnknownXMLObjects().size(); nextComplexValue++) {
+
+ final XSAnyImpl simple = (XSAnyImpl) complexValue
+ .getUnknownXMLObjects().get(
+ nextComplexValue);
+
+ if (simple.getElementQName().getLocalPart() != null)
+ {
+ isComplex = true;
+ break;
+ }
+ }
+
+ return isComplex;
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java
index e38cc5f0b..724a522d1 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java
@@ -1,69 +1,69 @@
-package eu.stork.peps.auth.engine;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.jce.X509Principal;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Utility class used to decrease complexity of comparison of 2 X509principal
- *
- * @author vanegdi
- * @version $Revision: 1.00 $, $Date: 2013-05-24 20:53:51 $
- */
-public final class X509PrincipalUtil{
-
- private static final DERObjectIdentifier[] DER_OBJECT_IDENTIFIERS_ARRAY= {
- X509Principal.CN,
- X509Principal.OU,
- X509Principal.O,
- X509Principal.L,
- X509Principal.ST,
- X509Principal.C,
- X509Principal.E
- };
-
- private static final Logger LOG = LoggerFactory.getLogger(eu.stork.peps.auth.engine.X509PrincipalUtil.class);
-
- /**
- * Compares 2 X509Principals to detect if they equals
- * @param principal1
- * @param principal2
- * @return true if arguments are not null and equals
- */
- public static boolean equals(X509Principal principal1, X509Principal principal2) {
- boolean continueProcess = true;
- if (principal1 == null || principal2 == null){
- return false;
- }
-
- int cpt = 0;
- while(continueProcess && cpt < DER_OBJECT_IDENTIFIERS_ARRAY.length){
- continueProcess = continueProcess && x509ValuesByIdentifierEquals(principal1, principal2, DER_OBJECT_IDENTIFIERS_ARRAY[cpt]);
- cpt++;
- }
- return continueProcess;
- }
-
- public static boolean equals2(X509Principal principal1, X509Principal principal2) {
-
- if (principal1 == null || principal2 == null){
- return false;
- }
-
- if (principal1.getName().equals(principal2.getName()))
- return true;
- else
- return false;
-
- }
-
- private static boolean x509ValuesByIdentifierEquals(X509Principal principal1, X509Principal principal2, DERObjectIdentifier identifier){
- return principal1.getValues(identifier).equals(principal2.getValues(identifier));
- }
-
- private X509PrincipalUtil(){
- // default contructor
- LOG.error("Fake X509PrincipalUtil : never be called");
- }
-}
+package eu.stork.peps.auth.engine;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.jce.X509Principal;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Utility class used to decrease complexity of comparison of 2 X509principal
+ *
+ * @author vanegdi
+ * @version $Revision: 1.00 $, $Date: 2013-05-24 20:53:51 $
+ */
+public final class X509PrincipalUtil{
+
+ private static final DERObjectIdentifier[] DER_OBJECT_IDENTIFIERS_ARRAY= {
+ X509Principal.CN,
+ X509Principal.OU,
+ X509Principal.O,
+ X509Principal.L,
+ X509Principal.ST,
+ X509Principal.C,
+ X509Principal.E
+ };
+
+ private static final Logger LOG = LoggerFactory.getLogger(eu.stork.peps.auth.engine.X509PrincipalUtil.class);
+
+ /**
+ * Compares 2 X509Principals to detect if they equals
+ * @param principal1
+ * @param principal2
+ * @return true if arguments are not null and equals
+ */
+ public static boolean equals(X509Principal principal1, X509Principal principal2) {
+ boolean continueProcess = true;
+ if (principal1 == null || principal2 == null){
+ return false;
+ }
+
+ int cpt = 0;
+ while(continueProcess && cpt < DER_OBJECT_IDENTIFIERS_ARRAY.length){
+ continueProcess = continueProcess && x509ValuesByIdentifierEquals(principal1, principal2, DER_OBJECT_IDENTIFIERS_ARRAY[cpt]);
+ cpt++;
+ }
+ return continueProcess;
+ }
+
+ public static boolean equals2(X509Principal principal1, X509Principal principal2) {
+
+ if (principal1 == null || principal2 == null){
+ return false;
+ }
+
+ if (principal1.getName().equals(principal2.getName()))
+ return true;
+ else
+ return false;
+
+ }
+
+ private static boolean x509ValuesByIdentifierEquals(X509Principal principal1, X509Principal principal2, DERObjectIdentifier identifier){
+ return principal1.getValues(identifier).equals(principal2.getValues(identifier));
+ }
+
+ private X509PrincipalUtil(){
+ // default contructor
+ LOG.error("Fake X509PrincipalUtil : never be called");
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/AuthenticationAttributes.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/AuthenticationAttributes.java
index 07157073c..a9efe6362 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/AuthenticationAttributes.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/AuthenticationAttributes.java
@@ -1,57 +1,57 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface AuthenticationAttributes.
- * @author fjquevedo
- */
-public interface AuthenticationAttributes extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "AuthenticationAttributes";
-
- /** Default element name. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /** Local name of the XSI type. */
- String TYPE_LOCAL_NAME = "AuthenticationAttributesType";
-
- /** QName of the XSI type. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
-
- /**
- * Gets the citizen country code.
- *
- * @return the citizen country code
- */
- VIDPAuthenticationAttributes getVIDPAuthenticationAttributes();
-
-
- /**
- * Sets the vIDP authentication attributes.
- *
- * @param newVIDPAuthenticationAttr the new vIDP authentication attributes
- */
- void setVIDPAuthenticationAttributes(VIDPAuthenticationAttributes newVIDPAuthenticationAttr);
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface AuthenticationAttributes.
+ * @author fjquevedo
+ */
+public interface AuthenticationAttributes extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "AuthenticationAttributes";
+
+ /** Default element name. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /** Local name of the XSI type. */
+ String TYPE_LOCAL_NAME = "AuthenticationAttributesType";
+
+ /** QName of the XSI type. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+
+ /**
+ * Gets the citizen country code.
+ *
+ * @return the citizen country code
+ */
+ VIDPAuthenticationAttributes getVIDPAuthenticationAttributes();
+
+
+ /**
+ * Sets the vIDP authentication attributes.
+ *
+ * @param newVIDPAuthenticationAttr the new vIDP authentication attributes
+ */
+ void setVIDPAuthenticationAttributes(VIDPAuthenticationAttributes newVIDPAuthenticationAttr);
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CitizenCountryCode.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CitizenCountryCode.java
index 859d37feb..4af7524ea 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CitizenCountryCode.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CitizenCountryCode.java
@@ -1,56 +1,56 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface EIDCrossBorderShare.
- * @author fjquevedo
- */
-public interface CitizenCountryCode extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "CitizenCountryCode";
-
- /** The Constant DEFAULT_ELEMENT_NAME. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /** The Constant TYPE_LOCAL_NAME. */
- String TYPE_LOCAL_NAME = "CitizenCountryCodeType";
-
- /** The Constant TYPE_NAME. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /**
- * Gets the SP country.
- *
- * @return the sP country
- */
- String getCitizenCountryCode();
-
-
- /**
- * Sets the citizen country code.
- *
- * @param citizenCountryCode the new citizen country code
- */
- void setCitizenCountryCode(String citizenCountryCode);
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface EIDCrossBorderShare.
+ * @author fjquevedo
+ */
+public interface CitizenCountryCode extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "CitizenCountryCode";
+
+ /** The Constant DEFAULT_ELEMENT_NAME. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /** The Constant TYPE_LOCAL_NAME. */
+ String TYPE_LOCAL_NAME = "CitizenCountryCodeType";
+
+ /** The Constant TYPE_NAME. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /**
+ * Gets the SP country.
+ *
+ * @return the sP country
+ */
+ String getCitizenCountryCode();
+
+
+ /**
+ * Sets the citizen country code.
+ *
+ * @param citizenCountryCode the new citizen country code
+ */
+ void setCitizenCountryCode(String citizenCountryCode);
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CustomAttributeQuery.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CustomAttributeQuery.java
index c326ae8d9..b558fc19d 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CustomAttributeQuery.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CustomAttributeQuery.java
@@ -1,51 +1,51 @@
-package eu.stork.peps.auth.engine.core;
-
-import java.util.List;
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectQuery;
-
-public interface CustomAttributeQuery extends CustomRequestAbstractType {
- /** Element local name. */
- public static final String DEFAULT_ELEMENT_LOCAL_NAME = "AttributeQuery";
-
- /** Default element name. */
- public static final QName DEFAULT_ELEMENT_NAME = new QName(SAMLConstants.SAML20P_NS, DEFAULT_ELEMENT_LOCAL_NAME,
- SAMLConstants.SAML20P_PREFIX);
-
- /** Local name of the XSI type. */
- public static final String TYPE_LOCAL_NAME = "CustomAttributeQueryType";
-
- /** QName of the XSI type. */
- public static final QName TYPE_NAME = new QName(SAMLConstants.SAML20P_NS, TYPE_LOCAL_NAME,
- SAMLConstants.SAML20P_PREFIX);
-
- /** AssertionConsumerServiceURL attribute name. */
- public static final String ASSERTION_CONSUMER_SERVICE_URL_ATTRIB_NAME
- = "AssertionConsumerServiceURL";
-
- /**
- * Gets the Attributes of this query.
- *
- * @return the list of Attributes of this query
- */
- public List<Attribute> getAttributes();
-
- /**
- * Gets the Subject of this request.
- *
- * @return the Subject of this request
- */
- public Subject getSubject();
-
- /**
- * Sets the Subject of this request.
- *
- * @param newSubject the Subject of this request
- */
- public void setSubject(Subject newSubject);
-
-}
+package eu.stork.peps.auth.engine.core;
+
+import java.util.List;
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectQuery;
+
+public interface CustomAttributeQuery extends CustomRequestAbstractType {
+ /** Element local name. */
+ public static final String DEFAULT_ELEMENT_LOCAL_NAME = "AttributeQuery";
+
+ /** Default element name. */
+ public static final QName DEFAULT_ELEMENT_NAME = new QName(SAMLConstants.SAML20P_NS, DEFAULT_ELEMENT_LOCAL_NAME,
+ SAMLConstants.SAML20P_PREFIX);
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "CustomAttributeQueryType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(SAMLConstants.SAML20P_NS, TYPE_LOCAL_NAME,
+ SAMLConstants.SAML20P_PREFIX);
+
+ /** AssertionConsumerServiceURL attribute name. */
+ public static final String ASSERTION_CONSUMER_SERVICE_URL_ATTRIB_NAME
+ = "AssertionConsumerServiceURL";
+
+ /**
+ * Gets the Attributes of this query.
+ *
+ * @return the list of Attributes of this query
+ */
+ public List<Attribute> getAttributes();
+
+ /**
+ * Gets the Subject of this request.
+ *
+ * @return the Subject of this request
+ */
+ public Subject getSubject();
+
+ /**
+ * Sets the Subject of this request.
+ *
+ * @param newSubject the Subject of this request
+ */
+ public void setSubject(Subject newSubject);
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CustomRequestAbstractType.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CustomRequestAbstractType.java
index fa847378b..77dd8c4a5 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CustomRequestAbstractType.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/CustomRequestAbstractType.java
@@ -1,176 +1,176 @@
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.Issuer;
-
-public interface CustomRequestAbstractType extends SignableSAMLObject {
-
- /** Local name of the XSI type. */
- public static final String TYPE_LOCAL_NAME = "RequestAbstractType";
-
- /** QName of the XSI type. */
- public static final QName TYPE_NAME = new QName(SAMLConstants.SAML20P_NS, TYPE_LOCAL_NAME,
- SAMLConstants.SAML20P_PREFIX);
-
- /** ID attribute name. */
- public static final String ID_ATTRIB_NAME = "ID";
-
- /** Version attribute name. */
- public static final String VERSION_ATTRIB_NAME = "Version";
-
- /** IssueInstant attribute name. */
- public static final String ISSUE_INSTANT_ATTRIB_NAME = "IssueInstant";
-
- /** Destination attribute name. */
- public static final String DESTINATION_ATTRIB_NAME = "Destination";
-
- /** Destination attribute name. */
- public static final String ASSERTION_CONSUMER_SERVICE_URL_ATTRIB_NAME = "AssertionConsumerServiceURL";
-
- /** Consent attribute name. */
- public static final String CONSENT_ATTRIB_NAME = "Consent";
-
- /** Unspecified consent URI. */
- public static final String UNSPECIFIED_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:unspecified";
-
- /** Obtained consent URI. */
- public static final String OBTAINED_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:obtained";
-
- /** Prior consent URI. */
- public static final String PRIOR_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:prior";
-
- /** Implicit consent URI. */
- public static final String IMPLICIT_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:current-implicit";
-
- /** Explicit consent URI. */
- public static final String EXPLICIT_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:current-explicit";
-
- /** Unavailable consent URI. */
- public static final String UNAVAILABLE_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:unavailable";
-
- /** Inapplicable consent URI. */
- public static final String INAPPLICABLE_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:inapplicable";
-
- /**
- * Gets the SAML Version of this request.
- *
- * @return the SAML Version of this request.
- */
- public SAMLVersion getVersion();
-
- /**
- * Sets the SAML Version of this request.
- *
- * @param newVersion the SAML Version of this request
- */
- public void setVersion(SAMLVersion newVersion);
-
- /**
- * Gets the unique identifier of the request.
- *
- * @return the unique identifier of the request
- */
- public String getID();
-
- /**
- * Sets the unique identifier of the request.
- *
- * @param newID the unique identifier of the request
- */
-
- public void setID(String newID);
-
- /**
- * Gets the date/time the request was issued.
- *
- * @return the date/time the request was issued
- */
-
- public DateTime getIssueInstant();
-
- /**
- * Sets the date/time the request was issued.
- *
- * @param newIssueInstant the date/time the request was issued
- */
- public void setIssueInstant(DateTime newIssueInstant);
-
- /**
- * Gets the URI of the destination of the request.
- *
- * @return the URI of the destination of the request
- */
- public String getDestination();
-
- /**
- * Sets the URI of the destination of the request.
- *
- * @param newDestination the URI of the destination of the request
- */
- public void setDestination(String newDestination);
-
- /**
- * Sets the index of the particular Assertion Consumer Service to which the response to this request should be
- * delivered.
- *
- * @param newAssertionConsumerServiceIndex the new value of the AssertionConsumerServiceIndex attribute
- */
- public void setAssertionConsumerServiceURL(String newServiceUrl);
-
- /**
- * Gets the URL of the particular Assertion Consumer Service to which the response to this request should be
- * delivered.
- *
- * @return the value of the AssertionConsumerServiceURL attribute
- */
- public String getAssertionConsumerServiceURL();
-
- /**
- * Gets the consent obtained from the principal for sending this request.
- *
- * @return the consent obtained from the principal for sending this request
- */
- public String getConsent();
-
- /**
- * Sets the consent obtained from the principal for sending this request.
- *
- * @param newConsent the new consent obtained from the principal for sending this request
- */
- public void setConsent(String newConsent);
-
- /**
- * Gets the issuer of this request.
- *
- * @return the issuer of this request
- */
- public Issuer getIssuer();
-
- /**
- * Sets the issuer of this request.
- *
- * @param newIssuer the issuer of this request
- */
- public void setIssuer(Issuer newIssuer);
-
- /**
- * Gets the Extensions of this request.
- *
- * @return the Status of this request
- */
- public Extensions getExtensions();
-
- /**
- * Sets the Extensions of this request.
- *
- * @param newExtensions the Extensions of this request
- */
- public void setExtensions(Extensions newExtensions);
-
-}
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
+import org.opensaml.saml2.core.Issuer;
+
+public interface CustomRequestAbstractType extends SignableSAMLObject {
+
+ /** Local name of the XSI type. */
+ public static final String TYPE_LOCAL_NAME = "RequestAbstractType";
+
+ /** QName of the XSI type. */
+ public static final QName TYPE_NAME = new QName(SAMLConstants.SAML20P_NS, TYPE_LOCAL_NAME,
+ SAMLConstants.SAML20P_PREFIX);
+
+ /** ID attribute name. */
+ public static final String ID_ATTRIB_NAME = "ID";
+
+ /** Version attribute name. */
+ public static final String VERSION_ATTRIB_NAME = "Version";
+
+ /** IssueInstant attribute name. */
+ public static final String ISSUE_INSTANT_ATTRIB_NAME = "IssueInstant";
+
+ /** Destination attribute name. */
+ public static final String DESTINATION_ATTRIB_NAME = "Destination";
+
+ /** Destination attribute name. */
+ public static final String ASSERTION_CONSUMER_SERVICE_URL_ATTRIB_NAME = "AssertionConsumerServiceURL";
+
+ /** Consent attribute name. */
+ public static final String CONSENT_ATTRIB_NAME = "Consent";
+
+ /** Unspecified consent URI. */
+ public static final String UNSPECIFIED_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:unspecified";
+
+ /** Obtained consent URI. */
+ public static final String OBTAINED_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:obtained";
+
+ /** Prior consent URI. */
+ public static final String PRIOR_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:prior";
+
+ /** Implicit consent URI. */
+ public static final String IMPLICIT_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:current-implicit";
+
+ /** Explicit consent URI. */
+ public static final String EXPLICIT_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:current-explicit";
+
+ /** Unavailable consent URI. */
+ public static final String UNAVAILABLE_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:unavailable";
+
+ /** Inapplicable consent URI. */
+ public static final String INAPPLICABLE_CONSENT = "urn:oasis:names:tc:SAML:2.0:consent:inapplicable";
+
+ /**
+ * Gets the SAML Version of this request.
+ *
+ * @return the SAML Version of this request.
+ */
+ public SAMLVersion getVersion();
+
+ /**
+ * Sets the SAML Version of this request.
+ *
+ * @param newVersion the SAML Version of this request
+ */
+ public void setVersion(SAMLVersion newVersion);
+
+ /**
+ * Gets the unique identifier of the request.
+ *
+ * @return the unique identifier of the request
+ */
+ public String getID();
+
+ /**
+ * Sets the unique identifier of the request.
+ *
+ * @param newID the unique identifier of the request
+ */
+
+ public void setID(String newID);
+
+ /**
+ * Gets the date/time the request was issued.
+ *
+ * @return the date/time the request was issued
+ */
+
+ public DateTime getIssueInstant();
+
+ /**
+ * Sets the date/time the request was issued.
+ *
+ * @param newIssueInstant the date/time the request was issued
+ */
+ public void setIssueInstant(DateTime newIssueInstant);
+
+ /**
+ * Gets the URI of the destination of the request.
+ *
+ * @return the URI of the destination of the request
+ */
+ public String getDestination();
+
+ /**
+ * Sets the URI of the destination of the request.
+ *
+ * @param newDestination the URI of the destination of the request
+ */
+ public void setDestination(String newDestination);
+
+ /**
+ * Sets the index of the particular Assertion Consumer Service to which the response to this request should be
+ * delivered.
+ *
+ * @param newAssertionConsumerServiceIndex the new value of the AssertionConsumerServiceIndex attribute
+ */
+ public void setAssertionConsumerServiceURL(String newServiceUrl);
+
+ /**
+ * Gets the URL of the particular Assertion Consumer Service to which the response to this request should be
+ * delivered.
+ *
+ * @return the value of the AssertionConsumerServiceURL attribute
+ */
+ public String getAssertionConsumerServiceURL();
+
+ /**
+ * Gets the consent obtained from the principal for sending this request.
+ *
+ * @return the consent obtained from the principal for sending this request
+ */
+ public String getConsent();
+
+ /**
+ * Sets the consent obtained from the principal for sending this request.
+ *
+ * @param newConsent the new consent obtained from the principal for sending this request
+ */
+ public void setConsent(String newConsent);
+
+ /**
+ * Gets the issuer of this request.
+ *
+ * @return the issuer of this request
+ */
+ public Issuer getIssuer();
+
+ /**
+ * Sets the issuer of this request.
+ *
+ * @param newIssuer the issuer of this request
+ */
+ public void setIssuer(Issuer newIssuer);
+
+ /**
+ * Gets the Extensions of this request.
+ *
+ * @return the Status of this request
+ */
+ public Extensions getExtensions();
+
+ /**
+ * Sets the Extensions of this request.
+ *
+ * @param newExtensions the Extensions of this request
+ */
+ public void setExtensions(Extensions newExtensions);
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDCrossBorderShare.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDCrossBorderShare.java
index c892eae78..03541ece1 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDCrossBorderShare.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDCrossBorderShare.java
@@ -1,58 +1,58 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface EIDCrossBorderShare.
- * @author fjquevedo
- */
-public interface EIDCrossBorderShare extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "eIDCrossBorderShare";
-
- /** The Constant DEFAULT_ELEMENT_NAME. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /** The Constant TYPE_LOCAL_NAME. */
- String TYPE_LOCAL_NAME = "eIDCrossBorderShareType";
-
- /** The Constant TYPE_NAME. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
-
- /**
- * Gets the eID cross border share.
- *
- * @return the eID cross border share
- */
- String getEIDCrossBorderShare();
-
-
- /**
- * Sets the eID cross border share.
- *
- * @param eIDCrossBorderShare the new eID cross border share
- */
- void setEIDCrossBorderShare(String eIDCrossBorderShare);
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface EIDCrossBorderShare.
+ * @author fjquevedo
+ */
+public interface EIDCrossBorderShare extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "eIDCrossBorderShare";
+
+ /** The Constant DEFAULT_ELEMENT_NAME. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /** The Constant TYPE_LOCAL_NAME. */
+ String TYPE_LOCAL_NAME = "eIDCrossBorderShareType";
+
+ /** The Constant TYPE_NAME. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+
+ /**
+ * Gets the eID cross border share.
+ *
+ * @return the eID cross border share
+ */
+ String getEIDCrossBorderShare();
+
+
+ /**
+ * Sets the eID cross border share.
+ *
+ * @param eIDCrossBorderShare the new eID cross border share
+ */
+ void setEIDCrossBorderShare(String eIDCrossBorderShare);
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDCrossSectorShare.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDCrossSectorShare.java
index f879914f9..14c504510 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDCrossSectorShare.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDCrossSectorShare.java
@@ -1,56 +1,56 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface EIDCrossSectorShare.
- * @author fjquevedo
- */
-public interface EIDCrossSectorShare extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String ELEM_LOCAL_NAME = "eIDCrossSectorShare";
-
- /** The Constant DEFAULT_ELEMENT_NAME. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), ELEM_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /** The Constant TYPE_LOCAL_NAME. */
- String TYPE_LOCAL_NAME = "eIDCrossSectorShareType";
-
- /** The Constant TYPE_NAME. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /**
- * Gets the eID cross sector share.
- *
- * @return the eID cross sector share
- */
- String getEIDCrossSectorShare();
-
- /**
- * Sets the eID cross sector share.
- *
- * @param eIDCrossSectorShare the new eID cross sector share
- */
- void setEIDCrossSectorShare(String eIDCrossSectorShare);
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface EIDCrossSectorShare.
+ * @author fjquevedo
+ */
+public interface EIDCrossSectorShare extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String ELEM_LOCAL_NAME = "eIDCrossSectorShare";
+
+ /** The Constant DEFAULT_ELEMENT_NAME. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), ELEM_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /** The Constant TYPE_LOCAL_NAME. */
+ String TYPE_LOCAL_NAME = "eIDCrossSectorShareType";
+
+ /** The Constant TYPE_NAME. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /**
+ * Gets the eID cross sector share.
+ *
+ * @return the eID cross sector share
+ */
+ String getEIDCrossSectorShare();
+
+ /**
+ * Sets the eID cross sector share.
+ *
+ * @param eIDCrossSectorShare the new eID cross sector share
+ */
+ void setEIDCrossSectorShare(String eIDCrossSectorShare);
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDSectorShare.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDSectorShare.java
index dc88f3318..0202f000c 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDSectorShare.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/EIDSectorShare.java
@@ -1,57 +1,57 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface EIDSectorShare.
- * @author fjquevedo
- */
-public interface EIDSectorShare extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "eIDSectorShare";
-
- /** The Constant DEFAULT_ELEMENT_NAME. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /** The Constant TYPE_LOCAL_NAME. */
- String TYPE_LOCAL_NAME = "eIDSectorShare";
-
- /** The Constant TYPE_NAME. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
-
- /**
- * Gets the eID sector share.
- *
- * @return the eID sector share
- */
- String getEIDSectorShare();
-
- /**
- * Sets the eID sector share.
- *
- * @param eIDSectorShare the new eID sector share
- */
- void setEIDSectorShare(String eIDSectorShare);
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface EIDSectorShare.
+ * @author fjquevedo
+ */
+public interface EIDSectorShare extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "eIDSectorShare";
+
+ /** The Constant DEFAULT_ELEMENT_NAME. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /** The Constant TYPE_LOCAL_NAME. */
+ String TYPE_LOCAL_NAME = "eIDSectorShare";
+
+ /** The Constant TYPE_NAME. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+
+ /**
+ * Gets the eID sector share.
+ *
+ * @return the eID sector share
+ */
+ String getEIDSectorShare();
+
+ /**
+ * Sets the eID sector share.
+ *
+ * @param eIDSectorShare the new eID sector share
+ */
+ void setEIDSectorShare(String eIDSectorShare);
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/QAAAttribute.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/QAAAttribute.java
index 2c09cf85b..d99d23896 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/QAAAttribute.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/QAAAttribute.java
@@ -1,63 +1,63 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * STORK Quality Authentication Assurance Level Attribute Interface.
- *
- * @author fjquevedo
- */
-public interface QAAAttribute extends SAMLObject {
-
- /** Element local name. */
- String DEF_LOCAL_NAME = "QualityAuthenticationAssuranceLevel";
-
- /** Default element name. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /** Local name of the XSI type. */
- String TYPE_LOCAL_NAME = "QualityAuthenticationAssuranceLevelAbstractType";
-
- /** QName of the XSI type. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /** The minimum value allowed. */
- int MIN_VALUE = 1;
-
- /** The Max value allowed. */
- int MAX_VALUE = 4;
-
- /**
- * Gets the qAA level.
- *
- * @return the qAA level
- */
- String getQaaLevel();
-
- /**
- * Sets the qAA level.
- *
- * @param qaaLevel the new qAA level
- *
- */
- void setQaaLevel(String qaaLevel);
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * STORK Quality Authentication Assurance Level Attribute Interface.
+ *
+ * @author fjquevedo
+ */
+public interface QAAAttribute extends SAMLObject {
+
+ /** Element local name. */
+ String DEF_LOCAL_NAME = "QualityAuthenticationAssuranceLevel";
+
+ /** Default element name. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /** Local name of the XSI type. */
+ String TYPE_LOCAL_NAME = "QualityAuthenticationAssuranceLevelAbstractType";
+
+ /** QName of the XSI type. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /** The minimum value allowed. */
+ int MIN_VALUE = 1;
+
+ /** The Max value allowed. */
+ int MAX_VALUE = 4;
+
+ /**
+ * Gets the qAA level.
+ *
+ * @return the qAA level
+ */
+ String getQaaLevel();
+
+ /**
+ * Sets the qAA level.
+ *
+ * @param qaaLevel the new qAA level
+ *
+ */
+ void setQaaLevel(String qaaLevel);
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/RequestedAttribute.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/RequestedAttribute.java
index 02be9e104..ffd32b3cf 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/RequestedAttribute.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/RequestedAttribute.java
@@ -1,140 +1,140 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.xml.AttributeExtensibleXMLObject;
-import org.opensaml.xml.schema.XSBooleanValue;
-import org.opensaml.xml.XMLObject;
-
-/**
- * The Interface RequestedAttribute.
- *
- * @author fjquevedo
- */
-public interface RequestedAttribute extends SAMLObject,
- AttributeExtensibleXMLObject {
-
- /** Element local name. */
- String DEF_LOCAL_NAME = "RequestedAttribute";
-
- /** Default element name. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /** Local name of the XSI type. */
- String TYPE_LOCAL_NAME = "RequestedAttributeAbstractType";
-
- /** QName of the XSI type. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /** NAME_ATTRIB_NAME attribute name. */
- String NAME_ATTRIB_NAME = "Name";
-
- /** NAME_FORMAT_ATTRIB_NAME attribute name. */
- String NAME_FORMAT_ATTR = "NameFormat";
-
- /** IS_REQUIRED_ATTRIB_NAME attribute name. */
- String IS_REQUIRED_ATTR = "isRequired";
-
- /** FRIENDLY_NAME_ATTRIB_NAME attribute name. */
- String FRIENDLY_NAME_ATT = "FriendlyName";
-
- /** Unspecified attribute format ID. */
- String UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";
-
- /** URI reference attribute format ID. */
- String URI_REFERENCE = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri";
-
- /** Basic attribute format ID. */
- String BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
-
- /**
- * Gets the name.
- *
- * @return the name
- */
- String getName();
-
- /**
- * Sets the name.
- *
- * @param name the new name
- */
- void setName(String name);
-
- /**
- * Gets the name format.
- *
- * @return the name format
- */
- String getNameFormat();
-
- /**
- * Sets the name format.
- *
- * @param nameFormat the new name format
- */
- void setNameFormat(String nameFormat);
-
- /**
- * Gets the friendly name.
- *
- * @return the friendly name
- */
- String getFriendlyName();
-
- /**
- * Sets the friendly name.
- *
- * @param friendlyName the new friendly name
- */
- void setFriendlyName(String friendlyName);
-
- /**
- * Gets the checks if is required.
- *
- * @return the checks if is required
- */
- String isRequired();
-
- /**
- * Gets the checks if is required xs boolean.
- *
- * @return the checks if is required xs boolean
- */
- String getIsRequiredXSBoolean();
-
- /**
- * Sets the checks if is required.
- *
- * @param newIsRequired the new checks if is required
- */
- void setIsRequired(String newIsRequired);
-
- /**
- * Gets the attribute values.
- *
- * @return the attribute values
- */
- List<XMLObject> getAttributeValues();
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+import org.opensaml.xml.AttributeExtensibleXMLObject;
+import org.opensaml.xml.schema.XSBooleanValue;
+import org.opensaml.xml.XMLObject;
+
+/**
+ * The Interface RequestedAttribute.
+ *
+ * @author fjquevedo
+ */
+public interface RequestedAttribute extends SAMLObject,
+ AttributeExtensibleXMLObject {
+
+ /** Element local name. */
+ String DEF_LOCAL_NAME = "RequestedAttribute";
+
+ /** Default element name. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /** Local name of the XSI type. */
+ String TYPE_LOCAL_NAME = "RequestedAttributeAbstractType";
+
+ /** QName of the XSI type. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /** NAME_ATTRIB_NAME attribute name. */
+ String NAME_ATTRIB_NAME = "Name";
+
+ /** NAME_FORMAT_ATTRIB_NAME attribute name. */
+ String NAME_FORMAT_ATTR = "NameFormat";
+
+ /** IS_REQUIRED_ATTRIB_NAME attribute name. */
+ String IS_REQUIRED_ATTR = "isRequired";
+
+ /** FRIENDLY_NAME_ATTRIB_NAME attribute name. */
+ String FRIENDLY_NAME_ATT = "FriendlyName";
+
+ /** Unspecified attribute format ID. */
+ String UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";
+
+ /** URI reference attribute format ID. */
+ String URI_REFERENCE = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri";
+
+ /** Basic attribute format ID. */
+ String BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic";
+
+ /**
+ * Gets the name.
+ *
+ * @return the name
+ */
+ String getName();
+
+ /**
+ * Sets the name.
+ *
+ * @param name the new name
+ */
+ void setName(String name);
+
+ /**
+ * Gets the name format.
+ *
+ * @return the name format
+ */
+ String getNameFormat();
+
+ /**
+ * Sets the name format.
+ *
+ * @param nameFormat the new name format
+ */
+ void setNameFormat(String nameFormat);
+
+ /**
+ * Gets the friendly name.
+ *
+ * @return the friendly name
+ */
+ String getFriendlyName();
+
+ /**
+ * Sets the friendly name.
+ *
+ * @param friendlyName the new friendly name
+ */
+ void setFriendlyName(String friendlyName);
+
+ /**
+ * Gets the checks if is required.
+ *
+ * @return the checks if is required
+ */
+ String isRequired();
+
+ /**
+ * Gets the checks if is required xs boolean.
+ *
+ * @return the checks if is required xs boolean
+ */
+ String getIsRequiredXSBoolean();
+
+ /**
+ * Sets the checks if is required.
+ *
+ * @param newIsRequired the new checks if is required
+ */
+ void setIsRequired(String newIsRequired);
+
+ /**
+ * Gets the attribute values.
+ *
+ * @return the attribute values
+ */
+ List<XMLObject> getAttributeValues();
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/RequestedAttributes.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/RequestedAttributes.java
index 9004b10f4..6e3da28c3 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/RequestedAttributes.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/RequestedAttributes.java
@@ -1,51 +1,51 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface RequestedAttributes.
- *
- * @author fjquevedo
- */
-public interface RequestedAttributes extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "RequestedAttributes";
-
- /** Default element name. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /** Local name of the XSI type. */
- String TYPE_LOCAL_NAME = "RequestedAttributesType";
-
- /** QName of the XSI type. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /**
- * Gets the attributes.
- *
- * @return the attributes
- */
- List<RequestedAttribute> getAttributes();
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface RequestedAttributes.
+ *
+ * @author fjquevedo
+ */
+public interface RequestedAttributes extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "RequestedAttributes";
+
+ /** Default element name. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /** Local name of the XSI type. */
+ String TYPE_LOCAL_NAME = "RequestedAttributesType";
+
+ /** QName of the XSI type. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /**
+ * Gets the attributes.
+ *
+ * @return the attributes
+ */
+ List<RequestedAttribute> getAttributes();
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java
index e511bbaeb..cbedcf7d9 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java
@@ -1,98 +1,98 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-/**
- * The Enumeration SAMLCore.
- *
- * @author fjquevedo
- */
-
-public enum SAMLCore {
-
- /** The consent authentication request. */
- CONSENT_AUTHN_REQ("consentAuthnRequest"),
-
- /** The consent authentication response. */
- CONSENT_AUTHN_RES("consentAuthnResponse"),
-
- /** The FORC e_ auth n_ tag. */
- FORCE_AUTHN_TAG("forceAuthN"),
-
- /** The I s_ passiv e_ tag. */
- IS_PASSIVE_TAG("isPassive"),
-
- /** The FORMA t_ entity. */
- FORMAT_ENTITY("formatEntity"),
-
- /** The FRIENDLY name. */
- FRIENDLY_NAME("friendlyName"),
-
- /** The IS_REQUIRED AN ATTRIBUTE */
- IS_REQUIRED("isRequired"),
-
- /** The PRO t_ bindin g_ tag. */
- PROT_BINDING_TAG("protocolBinding"),
-
- /** The ASSER t_ con s_ tag. */
- ASSERT_CONS_TAG("assertionConsumerServiceURL"),
-
- /** The REQUESTE r_ tag. */
- REQUESTER_TAG("requester"),
-
- /** The RESPONDE r_ tag. */
- RESPONDER_TAG("responder"),
-
- /** The STOR k10_ ns. */
- STORK10_NS("urn:eu:stork:names:tc:STORK:1.0:assertion"),
-
- /** The STOR k10 p_ ns. */
- STORK10P_NS("urn:eu:stork:names:tc:STORK:1.0:protocol"),
-
- /** The STOR k10_ prefix. */
- STORK10_PREFIX("stork"),
-
- /** The STOR k10 p_ prefix. */
- STORK10P_PREFIX("storkp"),
-
- /** The STOR k10_ bas e_ uri. */
- STORK10_BASE_URI("http://www.stork.gov.eu/1.0/"),
-
- /** The ON e_ tim e_ use. */
- ONE_TIME_USE("oneTimeUse");
-
- /** The value. */
- private String value;
-
- /**
- * Instantiates a new sAML core.
- *
- * @param fullName the full name
- */
- private SAMLCore(final String fullName) {
- this.value = fullName;
- }
-
- /**
- * Gets the value.
- *
- * @return the value
- */
- public String getValue() {
- return value;
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+/**
+ * The Enumeration SAMLCore.
+ *
+ * @author fjquevedo
+ */
+
+public enum SAMLCore {
+
+ /** The consent authentication request. */
+ CONSENT_AUTHN_REQ("consentAuthnRequest"),
+
+ /** The consent authentication response. */
+ CONSENT_AUTHN_RES("consentAuthnResponse"),
+
+ /** The FORC e_ auth n_ tag. */
+ FORCE_AUTHN_TAG("forceAuthN"),
+
+ /** The I s_ passiv e_ tag. */
+ IS_PASSIVE_TAG("isPassive"),
+
+ /** The FORMA t_ entity. */
+ FORMAT_ENTITY("formatEntity"),
+
+ /** The FRIENDLY name. */
+ FRIENDLY_NAME("friendlyName"),
+
+ /** The IS_REQUIRED AN ATTRIBUTE */
+ IS_REQUIRED("isRequired"),
+
+ /** The PRO t_ bindin g_ tag. */
+ PROT_BINDING_TAG("protocolBinding"),
+
+ /** The ASSER t_ con s_ tag. */
+ ASSERT_CONS_TAG("assertionConsumerServiceURL"),
+
+ /** The REQUESTE r_ tag. */
+ REQUESTER_TAG("requester"),
+
+ /** The RESPONDE r_ tag. */
+ RESPONDER_TAG("responder"),
+
+ /** The STOR k10_ ns. */
+ STORK10_NS("urn:eu:stork:names:tc:STORK:1.0:assertion"),
+
+ /** The STOR k10 p_ ns. */
+ STORK10P_NS("urn:eu:stork:names:tc:STORK:1.0:protocol"),
+
+ /** The STOR k10_ prefix. */
+ STORK10_PREFIX("stork"),
+
+ /** The STOR k10 p_ prefix. */
+ STORK10P_PREFIX("storkp"),
+
+ /** The STOR k10_ bas e_ uri. */
+ STORK10_BASE_URI("http://www.stork.gov.eu/1.0/"),
+
+ /** The ON e_ tim e_ use. */
+ ONE_TIME_USE("oneTimeUse");
+
+ /** The value. */
+ private String value;
+
+ /**
+ * Instantiates a new sAML core.
+ *
+ * @param fullName the full name
+ */
+ private SAMLCore(final String fullName) {
+ this.value = fullName;
+ }
+
+ /**
+ * Gets the value.
+ *
+ * @return the value
+ */
+ public String getValue() {
+ return value;
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLEngineSignI.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLEngineSignI.java
index b382646be..e846983d8 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLEngineSignI.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLEngineSignI.java
@@ -1,88 +1,88 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import java.security.KeyStore;
-import java.security.cert.X509Certificate;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.SignableSAMLObject;
-
-import eu.stork.peps.exceptions.SAMLEngineException;
-
-/**
- * The Interface SAMLEngineSignI.
- *
- * @author fjquevedo
- */
-public interface SAMLEngineSignI {
-
- /**
- * Sign.
- *
- * @param tokenSaml the token SAML
- *
- * @return the sAML object
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- SAMLObject sign(SignableSAMLObject tokenSaml) throws SAMLEngineException;
-
- /**
- * Gets the certificate.
- *
- * @return the certificate
- */
- X509Certificate getCertificate();
-
- /**
- * Gets the trustStore used when validating SAMLTokens
- *
- * @return the trustStore
- *
- */
- KeyStore getTrustStore();
-
- /**
- * Validate signature.
- *
- * @param tokenSaml the token SAML
- *
- * @return the sAML object
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- SAMLObject validateSignature(SignableSAMLObject tokenSaml)
- throws SAMLEngineException;
-
- /**
- * Initialize the signature module.
- *
- * @param fileConf the configuration file.
- *
- * @throws SAMLEngineException the STORKSAML engine runtime
- * exception
- */
- void init(String fileConf) throws SAMLEngineException;
-
- /**
- * Load cryptographic service provider.
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- void loadCryptServiceProvider() throws SAMLEngineException;
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.SignableSAMLObject;
+
+import eu.stork.peps.exceptions.SAMLEngineException;
+
+/**
+ * The Interface SAMLEngineSignI.
+ *
+ * @author fjquevedo
+ */
+public interface SAMLEngineSignI {
+
+ /**
+ * Sign.
+ *
+ * @param tokenSaml the token SAML
+ *
+ * @return the sAML object
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ SAMLObject sign(SignableSAMLObject tokenSaml) throws SAMLEngineException;
+
+ /**
+ * Gets the certificate.
+ *
+ * @return the certificate
+ */
+ X509Certificate getCertificate();
+
+ /**
+ * Gets the trustStore used when validating SAMLTokens
+ *
+ * @return the trustStore
+ *
+ */
+ KeyStore getTrustStore();
+
+ /**
+ * Validate signature.
+ *
+ * @param tokenSaml the token SAML
+ *
+ * @return the sAML object
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ SAMLObject validateSignature(SignableSAMLObject tokenSaml)
+ throws SAMLEngineException;
+
+ /**
+ * Initialize the signature module.
+ *
+ * @param fileConf the configuration file.
+ *
+ * @throws SAMLEngineException the STORKSAML engine runtime
+ * exception
+ */
+ void init(String fileConf) throws SAMLEngineException;
+
+ /**
+ * Load cryptographic service provider.
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ void loadCryptServiceProvider() throws SAMLEngineException;
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPApplication.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPApplication.java
index 9ace6d37c..9510bf790 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPApplication.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPApplication.java
@@ -1,56 +1,56 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface SPApplication.
- *
- * @author fjquevedo
- */
-public interface SPApplication extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "spApplication";
-
- /** The Constant DEFAULT_ELEMENT_NAME. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /** The Constant TYPE_LOCAL_NAME. */
- String TYPE_LOCAL_NAME = "spApplicationType";
-
- /** The Constant TYPE_NAME. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /**
- * Gets the service provider application.
- *
- * @return the service provider application
- */
- String getSPApplication();
-
- /**
- * Sets the service provider application.
- *
- * @param spApplication the new service provider application
- */
- void setSPApplication(String spApplication);
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface SPApplication.
+ *
+ * @author fjquevedo
+ */
+public interface SPApplication extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "spApplication";
+
+ /** The Constant DEFAULT_ELEMENT_NAME. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /** The Constant TYPE_LOCAL_NAME. */
+ String TYPE_LOCAL_NAME = "spApplicationType";
+
+ /** The Constant TYPE_NAME. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /**
+ * Gets the service provider application.
+ *
+ * @return the service provider application
+ */
+ String getSPApplication();
+
+ /**
+ * Sets the service provider application.
+ *
+ * @param spApplication the new service provider application
+ */
+ void setSPApplication(String spApplication);
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPCountry.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPCountry.java
index 569ea48c2..829ace878 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPCountry.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPCountry.java
@@ -1,56 +1,56 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface SPCountry.
- *
- * @author fjquevedo
- */
-public interface SPCountry extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "spCountry";
-
- /** The Constant DEFAULT_ELEMENT_NAME. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /** The Constant TYPE_LOCAL_NAME. */
- String TYPE_LOCAL_NAME = "spCountryType";
-
- /** The Constant TYPE_NAME. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /**
- * Gets the service provider country.
- *
- * @return the service provider country
- */
- String getSPCountry();
-
- /**
- * Sets the service provider country.
- *
- * @param spCountry the new service provider country
- */
- void setSPCountry(String spCountry);
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface SPCountry.
+ *
+ * @author fjquevedo
+ */
+public interface SPCountry extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "spCountry";
+
+ /** The Constant DEFAULT_ELEMENT_NAME. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /** The Constant TYPE_LOCAL_NAME. */
+ String TYPE_LOCAL_NAME = "spCountryType";
+
+ /** The Constant TYPE_NAME. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /**
+ * Gets the service provider country.
+ *
+ * @return the service provider country
+ */
+ String getSPCountry();
+
+ /**
+ * Sets the service provider country.
+ *
+ * @param spCountry the new service provider country
+ */
+ void setSPCountry(String spCountry);
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPID.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPID.java
index c0cf02ad0..bd13f6dbf 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPID.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPID.java
@@ -1,56 +1,56 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface EIDCrossBorderShare.
- * @author iinigo
- */
-public interface SPID extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "SPID";
-
- /** The Constant DEFAULT_ELEMENT_NAME. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /** The Constant TYPE_LOCAL_NAME. */
- String TYPE_LOCAL_NAME = "SPIDType";
-
- /** The Constant TYPE_NAME. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /**
- * Gets the SP ID.
- *
- * @return the SP ID
- */
- String getSPID();
-
-
- /**
- * Sets the SP ID.
- *
- * @param SPID the new SP ID
- */
- void setSPID(String newSPID);
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface EIDCrossBorderShare.
+ * @author iinigo
+ */
+public interface SPID extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "SPID";
+
+ /** The Constant DEFAULT_ELEMENT_NAME. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /** The Constant TYPE_LOCAL_NAME. */
+ String TYPE_LOCAL_NAME = "SPIDType";
+
+ /** The Constant TYPE_NAME. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /**
+ * Gets the SP ID.
+ *
+ * @return the SP ID
+ */
+ String getSPID();
+
+
+ /**
+ * Sets the SP ID.
+ *
+ * @param SPID the new SP ID
+ */
+ void setSPID(String newSPID);
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPInformation.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPInformation.java
index 34ba9c9c5..bc870c2cc 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPInformation.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPInformation.java
@@ -1,56 +1,56 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface EIDCrossBorderShare.
- * @author iinigo
- */
-public interface SPInformation extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "SPInformation";
-
- /** The Constant DEFAULT_ELEMENT_NAME. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /** The Constant TYPE_LOCAL_NAME. */
- String TYPE_LOCAL_NAME = "SPInformationType";
-
- /** The Constant TYPE_NAME. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /**
- * Gets the SP Id.
- *
- * @return the SP Id
- */
- SPID getSPID();
-
-
- /**
- * Sets the SP Id.
- *
- * @param newSPId the new SP Id
- */
- void setSPID(SPID newSPID);
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface EIDCrossBorderShare.
+ * @author iinigo
+ */
+public interface SPInformation extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "SPInformation";
+
+ /** The Constant DEFAULT_ELEMENT_NAME. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /** The Constant TYPE_LOCAL_NAME. */
+ String TYPE_LOCAL_NAME = "SPInformationType";
+
+ /** The Constant TYPE_NAME. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /**
+ * Gets the SP Id.
+ *
+ * @return the SP Id
+ */
+ SPID getSPID();
+
+
+ /**
+ * Sets the SP Id.
+ *
+ * @param newSPId the new SP Id
+ */
+ void setSPID(SPID newSPID);
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPInstitution.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPInstitution.java
index 33dad474b..add45023c 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPInstitution.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPInstitution.java
@@ -1,56 +1,56 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface EIDCrossBorderShare.
- *
- * @author fjquevedo
- */
-public interface SPInstitution extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "spInstitution";
-
- /** The Constant DEFAULT_ELEMENT_NAME. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /** The Constant TYPE_LOCAL_NAME. */
- String TYPE_LOCAL_NAME = "spInstitutionType";
-
- /** The Constant TYPE_NAME. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /**
- * Gets the service provider institution.
- *
- * @return the service provider institution
- */
- String getSPInstitution();
-
- /**
- * Sets the service provider institution.
- *
- * @param spInstitution the new service provider institution
- */
- void setSPInstitution(String spInstitution);
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface EIDCrossBorderShare.
+ *
+ * @author fjquevedo
+ */
+public interface SPInstitution extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "spInstitution";
+
+ /** The Constant DEFAULT_ELEMENT_NAME. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /** The Constant TYPE_LOCAL_NAME. */
+ String TYPE_LOCAL_NAME = "spInstitutionType";
+
+ /** The Constant TYPE_NAME. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /**
+ * Gets the service provider institution.
+ *
+ * @return the service provider institution
+ */
+ String getSPInstitution();
+
+ /**
+ * Sets the service provider institution.
+ *
+ * @param spInstitution the new service provider institution
+ */
+ void setSPInstitution(String spInstitution);
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPSector.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPSector.java
index 1f49a4015..8322a0d47 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPSector.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SPSector.java
@@ -1,56 +1,56 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface SPSector.
- *
- * @author fjquevedo
- */
-public interface SPSector extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "spSector";
-
- /** The Constant DEFAULT_ELEMENT_NAME. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /** The Constant TYPE_LOCAL_NAME. */
- String TYPE_LOCAL_NAME = "spSectorType";
-
- /** The Constant TYPE_NAME. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10_PREFIX.getValue());
-
- /**
- * Gets the service provider sector.
- *
- * @return the service provider sector
- */
- String getSPSector();
-
- /**
- * Sets the service provider sector.
- *
- * @param spSector the new service provider sector
- */
- void setSPSector(String spSector);
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface SPSector.
+ *
+ * @author fjquevedo
+ */
+public interface SPSector extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "spSector";
+
+ /** The Constant DEFAULT_ELEMENT_NAME. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /** The Constant TYPE_LOCAL_NAME. */
+ String TYPE_LOCAL_NAME = "spSectorType";
+
+ /** The Constant TYPE_NAME. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10_PREFIX.getValue());
+
+ /**
+ * Gets the service provider sector.
+ *
+ * @return the service provider sector
+ */
+ String getSPSector();
+
+ /**
+ * Sets the service provider sector.
+ *
+ * @param spSector the new service provider sector
+ */
+ void setSPSector(String spSector);
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java
index 19c71dd74..4c314ae68 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java
@@ -1,508 +1,508 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import java.util.Properties;
-
-import org.apache.commons.lang.StringUtils;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import eu.stork.peps.exceptions.SAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
-
-/**
- * The Class SAMLCore.
- *
- * @author fjquevedo
- */
-public final class STORKSAMLCore {
-
- /** The Constant LOGGER. */
- private static final Logger LOGGER = LoggerFactory
- .getLogger(STORKSAMLCore.class.getName());
-
- /** The consent authentication request. */
- private String consentAuthnReq = null;
-
- /** The consent authentication response. */
- private String consentAuthnResp = null;
-
- /** The id cross border share. */
- private String eIDCrossBordShare = null;
-
- /** The e id cross sect share. */
- private String eIDCrossSectShare = null;
-
- /** The e id sector share. */
- private String eIDSectorShare = null;
-
- /** The format entity. */
- private String formatEntity = null;
-
- /** The friendly name. */
- private boolean friendlyName = false;
-
- /** The IP validation. */
- private boolean ipValidation = false;
-
- /** The one time use. */
- private boolean oneTimeUse = true;
-
- /** The protocol binding. */
- private String protocolBinding = null;
-
- /** The requester. */
- private String requester = null;
-
-
- /** The responder. */
- private String responder = null;
-
- /** The SAML core properties. */
- private Properties samlCoreProp = null;
-
- /** The time not on or after. */
- private Integer timeNotOnOrAfter = null;
-
- /** The is required parameter. */
- private boolean isRequired = true;
-
- private static final String SAML_ENGINE_LITERAL = "SamlEngine.xml: ";
-
- /**
- * Gets the isRequired.
- *
- * @return the isRequired
- */
- public boolean isRequired() {
- return isRequired;
- }
-
- /**
- * Sets the isRequired.
- *
- * @param isRequired the required.
- */
- public void setRequired(boolean isRequired) {
- this.isRequired = isRequired;
- }
-
- /**
- * Instantiates a new sAML core.
- *
- * @param instance the instance
- */
- public STORKSAMLCore(final Properties instance) {
- loadConfiguration(instance);
- }
-
- /**
- * Gets the consent.
- *
- * @return the consent
- */
- public String getConsentAuthnRequest() {
- return consentAuthnReq;
- }
-
- /**
- * Gets the consent authentication response.
- *
- * @return the consent authentication response.
- */
- public String getConsentAuthnResp() {
- return consentAuthnResp;
- }
-
- /**
- * Gets the consent authentication response.
- *
- * @return the consent authentication response
- */
- public String getConsentAuthnResponse() {
- return consentAuthnResp;
- }
-
- /**
- * Gets the format entity.
- *
- * @return the format entity
- */
- public String getFormatEntity() {
- return formatEntity;
- }
-
- /**
- * Gets the property.
- *
- * @param key the key
- *
- * @return the property
- */
- public String getProperty(final String key) {
- return samlCoreProp.getProperty(key);
- }
-
- /**
- * Gets the protocol binding.
- *
- * @return the protocol binding
- */
- public String getProtocolBinding() {
- return protocolBinding;
- }
-
- /**
- * Gets the requester.
- *
- * @return the requester
- */
- public String getRequester() {
- return requester;
- }
-
- /**
- * Gets the responder.
- *
- * @return the responder
- */
- public String getResponder() {
- return responder;
- }
-
- /**
- * Gets the time not on or after.
- *
- * @return the time not on or after
- */
- public Integer getTimeNotOnOrAfter() {
- return timeNotOnOrAfter;
- }
-
- /**
- * Checks if is e id cross border share.
- *
- * @return true, if is e id cross border share
- */
- public String iseIDCrossBorderShare() {
- return eIDCrossBordShare;
- }
-
- /**
- * Checks if is e id cross border share.
- *
- * @return true, if is e id cross border share
- */
- public String iseIDCrossBordShare() {
- return eIDCrossBordShare;
- }
-
- /**
- * Checks if is e id cross sector share.
- *
- * @return true, if is e id cross sector share
- */
- public String iseIDCrossSectorShare() {
- return eIDCrossSectShare;
- }
-
- /**
- * Checks if is e id cross sect share.
- *
- * @return true, if is e id cross sect share
- */
- public String iseIDCrossSectShare() {
- return eIDCrossSectShare;
- }
-
- /**
- * Checks if is e id sector share.
- *
- * @return true, if is e id sector share
- */
- public String iseIDSectorShare() {
- return eIDSectorShare;
- }
-
- /**
- * Checks if is friendly name.
- *
- * @return true, if checks if is friendly name
- */
- public boolean isFriendlyName() {
- return friendlyName;
- }
-
- /**
- * Checks if is IP validation.
- *
- * @return true, if is IP validation
- */
- public boolean isIpValidation() {
- return ipValidation;
- }
-
- /**
- * Checks if is one time use.
- *
- * @return true, if is one time use
- */
- public boolean isOneTimeUse() {
- return oneTimeUse;
- }
-
- /**
- * Method that loads the configuration file for the SAML Engine.
- *
- * @param instance the instance of the Engine properties.
- */
- private void loadConfiguration(final Properties instance) {
-
- try {
- LOGGER.info("SAMLCore: Loading SAMLEngine properties.");
-
- samlCoreProp = instance;
-
- final String parameter = samlCoreProp
- .getProperty(SAMLCore.FORMAT_ENTITY.getValue());
-
- if ("entity".equalsIgnoreCase(parameter)) {
- formatEntity = NameIDType.ENTITY;
- }
-
- friendlyName = Boolean.valueOf(samlCoreProp
- .getProperty(SAMLCore.FRIENDLY_NAME.getValue()));
-
- String isRequiredValue = samlCoreProp.
- getProperty(SAMLCore.IS_REQUIRED.getValue());
- if (isRequiredValue != null) {
- isRequired = Boolean.valueOf(isRequiredValue);
- }
-
- eIDSectorShare = samlCoreProp
- .getProperty("eIDSectorShare");
- eIDCrossSectShare = samlCoreProp
- .getProperty("eIDCrossSectorShare");
- eIDCrossBordShare = samlCoreProp
- .getProperty("eIDCrossBorderShare");
-
- ipValidation = Boolean.valueOf(samlCoreProp
- .getProperty("ipAddrValidation"));
-
- final String oneTimeUseProp = samlCoreProp
- .getProperty(SAMLCore.ONE_TIME_USE.getValue());
-
- if (StringUtils.isNotBlank(oneTimeUseProp)) {
- oneTimeUse = Boolean.valueOf(oneTimeUseProp);
- }
-
- // Protocol Binding
- loadProtocolBiding();
-
- // Consent Authentication Request
- consentAuthnReq = samlCoreProp
- .getProperty(SAMLCore.CONSENT_AUTHN_REQ.getValue());
-
- if ("unspecified".equalsIgnoreCase(consentAuthnReq)) {
- consentAuthnReq = RequestAbstractType.UNSPECIFIED_CONSENT;
- }
-
- loadConsentAuthResp();
-
- timeNotOnOrAfter = Integer.valueOf(samlCoreProp
- .getProperty("timeNotOnOrAfter"));
-
- if (timeNotOnOrAfter.intValue() < 0) {
- LOGGER.error(SAML_ENGINE_LITERAL + "timeNotOnOrAfter"
- + " is negative number.");
-
- throw new SAMLEngineException(SAML_ENGINE_LITERAL
- + "timeNotOnOrAfter" + " is negative number.");
- }
-
- requester = samlCoreProp.getProperty(SAMLCore.REQUESTER_TAG.getValue());
- responder = samlCoreProp.getProperty(SAMLCore.RESPONDER_TAG.getValue());
-
- } catch (SAMLEngineException e) {
- LOGGER.error("SAMLCore: error loadConfiguration. ", e);
- throw new STORKSAMLEngineRuntimeException(e);
- } catch (RuntimeException e) {
- LOGGER.error("SAMLCore: error loadConfiguration. ", e);
- throw new STORKSAMLEngineRuntimeException(e);
- }
- }
-
- /**
- * Load consent authentication response.
- */
- private void loadConsentAuthResp() {
- // Consent Authentication Response
- consentAuthnResp = samlCoreProp
- .getProperty(SAMLCore.CONSENT_AUTHN_RES.getValue());
-
- if ("obtained".equalsIgnoreCase(consentAuthnResp)) {
- consentAuthnResp = RequestAbstractType.OBTAINED_CONSENT;
- } else if ("prior".equalsIgnoreCase(consentAuthnResp)) {
- consentAuthnResp = RequestAbstractType.PRIOR_CONSENT;
- } else if ("curent-implicit".equalsIgnoreCase(consentAuthnResp)) {
- consentAuthnResp =
- "urn:oasis:names:tc:SAML:2.0:consent:current-implicit";
- } else if ("curent-explicit".equalsIgnoreCase(consentAuthnResp)) {
- consentAuthnResp =
- "urn:oasis:names:tc:SAML:2.0:consent:current-explicit";
- } else if ("unspecified".equalsIgnoreCase(consentAuthnResp)) {
- consentAuthnResp = RequestAbstractType.UNSPECIFIED_CONSENT;
- }
- }
-
- /**
- * Load protocol biding.
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- private void loadProtocolBiding() throws SAMLEngineException {
- // Protocol Binding
- protocolBinding = samlCoreProp.getProperty(SAMLCore.PROT_BINDING_TAG.getValue());
-
- if (StringUtils.isBlank(protocolBinding)) {
- LOGGER.error(SAML_ENGINE_LITERAL + SAMLCore.PROT_BINDING_TAG
- + " it's mandatory.");
- throw new SAMLEngineException(SAML_ENGINE_LITERAL
- + SAMLCore.PROT_BINDING_TAG + " it's mandatory.");
- } else if (protocolBinding.equalsIgnoreCase("HTTP-POST")) {
- protocolBinding = SAMLConstants.SAML2_POST_BINDING_URI;
- } else {
- LOGGER.error(SAML_ENGINE_LITERAL + SAMLCore.PROT_BINDING_TAG
- + " it's not supporting.");
-
- throw new SAMLEngineException(SAML_ENGINE_LITERAL
- + SAMLCore.PROT_BINDING_TAG + " it's not supporting.");
- }
- }
-
- /**
- * Sets the consent authentication response.
- *
- * @param newConsAuthnResp the new consent authentication response
- */
- public void setConsentAuthnResp(final String newConsAuthnResp) {
- this.consentAuthnResp = newConsAuthnResp;
- }
-
- /**
- * Sets an eID that can be shared outside of the Service Provider’s member state.
- *
- * @param newEIDCrossBord the new eid cross border share
- */
- public void setEIDCrossBordShare(final String newEIDCrossBord) {
- this.eIDCrossBordShare = newEIDCrossBord;
- }
-
- /**
- * Sets an eID that can be shared outside of the Service Provider’s sector.
- *
- * @param newEIDCrossSect the new eid cross sect share
- */
- public void setEIDCrossSectShare(final String newEIDCrossSect) {
- this.eIDCrossSectShare = newEIDCrossSect;
- }
-
- /**
- * Sets an eID that can be shared within the Service Provider’s sector.
- *
- * @param newEIDSectorShare the new eid sector share
- */
- public void seteIDSectorShare(final String newEIDSectorShare) {
- this.eIDSectorShare = newEIDSectorShare;
- }
-
- /**
- * Sets the format entity.
- *
- * @param newFormatEntity the new format entity
- */
- public void setFormatEntity(final String newFormatEntity) {
- this.formatEntity = newFormatEntity;
- }
-
- /**
- * Sets the friendly name.
- *
- * @param newFriendlyName the new friendly name
- */
- public void setFriendlyName(final boolean newFriendlyName) {
- this.friendlyName = newFriendlyName;
- }
-
- /**
- * Sets the IP validation.
- *
- * @param newIpValidation the new IP validation
- */
- public void setIpValidation(final boolean newIpValidation) {
- this.ipValidation = newIpValidation;
- }
-
- /**
- * Sets the one time use.
- *
- * @param newOneTimeUse the new one time use
- */
- public void setOneTimeUse(final boolean newOneTimeUse) {
- this.oneTimeUse = newOneTimeUse;
- }
-
- /**
- * Sets the protocol binding.
- *
- * @param newProtBinding the new protocol binding
- */
- public void setProtocolBinding(final String newProtBinding) {
- this.protocolBinding = newProtBinding;
- }
-
- /**
- * Sets the requester.
- *
- * @param newRequester the new requester
- */
- public void setRequester(final String newRequester) {
- this.requester = newRequester;
- }
-
- /**
- * Sets the responder.
- *
- * @param newResponder the new responder
- */
- public void setResponder(final String newResponder) {
- this.responder = newResponder;
- }
-
- /**
- * Sets the time not on or after.
- *
- * @param newTimeNotOnOrAft the new time not on or after
- */
- public void setTimeNotOnOrAfter(final Integer newTimeNotOnOrAft) {
- this.timeNotOnOrAfter = newTimeNotOnOrAft;
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import java.util.Properties;
+
+import org.apache.commons.lang.StringUtils;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import eu.stork.peps.exceptions.SAMLEngineException;
+import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
+
+/**
+ * The Class SAMLCore.
+ *
+ * @author fjquevedo
+ */
+public final class STORKSAMLCore {
+
+ /** The Constant LOGGER. */
+ private static final Logger LOGGER = LoggerFactory
+ .getLogger(STORKSAMLCore.class.getName());
+
+ /** The consent authentication request. */
+ private String consentAuthnReq = null;
+
+ /** The consent authentication response. */
+ private String consentAuthnResp = null;
+
+ /** The id cross border share. */
+ private String eIDCrossBordShare = null;
+
+ /** The e id cross sect share. */
+ private String eIDCrossSectShare = null;
+
+ /** The e id sector share. */
+ private String eIDSectorShare = null;
+
+ /** The format entity. */
+ private String formatEntity = null;
+
+ /** The friendly name. */
+ private boolean friendlyName = false;
+
+ /** The IP validation. */
+ private boolean ipValidation = false;
+
+ /** The one time use. */
+ private boolean oneTimeUse = true;
+
+ /** The protocol binding. */
+ private String protocolBinding = null;
+
+ /** The requester. */
+ private String requester = null;
+
+
+ /** The responder. */
+ private String responder = null;
+
+ /** The SAML core properties. */
+ private Properties samlCoreProp = null;
+
+ /** The time not on or after. */
+ private Integer timeNotOnOrAfter = null;
+
+ /** The is required parameter. */
+ private boolean isRequired = true;
+
+ private static final String SAML_ENGINE_LITERAL = "SamlEngine.xml: ";
+
+ /**
+ * Gets the isRequired.
+ *
+ * @return the isRequired
+ */
+ public boolean isRequired() {
+ return isRequired;
+ }
+
+ /**
+ * Sets the isRequired.
+ *
+ * @param isRequired the required.
+ */
+ public void setRequired(boolean isRequired) {
+ this.isRequired = isRequired;
+ }
+
+ /**
+ * Instantiates a new sAML core.
+ *
+ * @param instance the instance
+ */
+ public STORKSAMLCore(final Properties instance) {
+ loadConfiguration(instance);
+ }
+
+ /**
+ * Gets the consent.
+ *
+ * @return the consent
+ */
+ public String getConsentAuthnRequest() {
+ return consentAuthnReq;
+ }
+
+ /**
+ * Gets the consent authentication response.
+ *
+ * @return the consent authentication response.
+ */
+ public String getConsentAuthnResp() {
+ return consentAuthnResp;
+ }
+
+ /**
+ * Gets the consent authentication response.
+ *
+ * @return the consent authentication response
+ */
+ public String getConsentAuthnResponse() {
+ return consentAuthnResp;
+ }
+
+ /**
+ * Gets the format entity.
+ *
+ * @return the format entity
+ */
+ public String getFormatEntity() {
+ return formatEntity;
+ }
+
+ /**
+ * Gets the property.
+ *
+ * @param key the key
+ *
+ * @return the property
+ */
+ public String getProperty(final String key) {
+ return samlCoreProp.getProperty(key);
+ }
+
+ /**
+ * Gets the protocol binding.
+ *
+ * @return the protocol binding
+ */
+ public String getProtocolBinding() {
+ return protocolBinding;
+ }
+
+ /**
+ * Gets the requester.
+ *
+ * @return the requester
+ */
+ public String getRequester() {
+ return requester;
+ }
+
+ /**
+ * Gets the responder.
+ *
+ * @return the responder
+ */
+ public String getResponder() {
+ return responder;
+ }
+
+ /**
+ * Gets the time not on or after.
+ *
+ * @return the time not on or after
+ */
+ public Integer getTimeNotOnOrAfter() {
+ return timeNotOnOrAfter;
+ }
+
+ /**
+ * Checks if is e id cross border share.
+ *
+ * @return true, if is e id cross border share
+ */
+ public String iseIDCrossBorderShare() {
+ return eIDCrossBordShare;
+ }
+
+ /**
+ * Checks if is e id cross border share.
+ *
+ * @return true, if is e id cross border share
+ */
+ public String iseIDCrossBordShare() {
+ return eIDCrossBordShare;
+ }
+
+ /**
+ * Checks if is e id cross sector share.
+ *
+ * @return true, if is e id cross sector share
+ */
+ public String iseIDCrossSectorShare() {
+ return eIDCrossSectShare;
+ }
+
+ /**
+ * Checks if is e id cross sect share.
+ *
+ * @return true, if is e id cross sect share
+ */
+ public String iseIDCrossSectShare() {
+ return eIDCrossSectShare;
+ }
+
+ /**
+ * Checks if is e id sector share.
+ *
+ * @return true, if is e id sector share
+ */
+ public String iseIDSectorShare() {
+ return eIDSectorShare;
+ }
+
+ /**
+ * Checks if is friendly name.
+ *
+ * @return true, if checks if is friendly name
+ */
+ public boolean isFriendlyName() {
+ return friendlyName;
+ }
+
+ /**
+ * Checks if is IP validation.
+ *
+ * @return true, if is IP validation
+ */
+ public boolean isIpValidation() {
+ return ipValidation;
+ }
+
+ /**
+ * Checks if is one time use.
+ *
+ * @return true, if is one time use
+ */
+ public boolean isOneTimeUse() {
+ return oneTimeUse;
+ }
+
+ /**
+ * Method that loads the configuration file for the SAML Engine.
+ *
+ * @param instance the instance of the Engine properties.
+ */
+ private void loadConfiguration(final Properties instance) {
+
+ try {
+ LOGGER.info("SAMLCore: Loading SAMLEngine properties.");
+
+ samlCoreProp = instance;
+
+ final String parameter = samlCoreProp
+ .getProperty(SAMLCore.FORMAT_ENTITY.getValue());
+
+ if ("entity".equalsIgnoreCase(parameter)) {
+ formatEntity = NameIDType.ENTITY;
+ }
+
+ friendlyName = Boolean.valueOf(samlCoreProp
+ .getProperty(SAMLCore.FRIENDLY_NAME.getValue()));
+
+ String isRequiredValue = samlCoreProp.
+ getProperty(SAMLCore.IS_REQUIRED.getValue());
+ if (isRequiredValue != null) {
+ isRequired = Boolean.valueOf(isRequiredValue);
+ }
+
+ eIDSectorShare = samlCoreProp
+ .getProperty("eIDSectorShare");
+ eIDCrossSectShare = samlCoreProp
+ .getProperty("eIDCrossSectorShare");
+ eIDCrossBordShare = samlCoreProp
+ .getProperty("eIDCrossBorderShare");
+
+ ipValidation = Boolean.valueOf(samlCoreProp
+ .getProperty("ipAddrValidation"));
+
+ final String oneTimeUseProp = samlCoreProp
+ .getProperty(SAMLCore.ONE_TIME_USE.getValue());
+
+ if (StringUtils.isNotBlank(oneTimeUseProp)) {
+ oneTimeUse = Boolean.valueOf(oneTimeUseProp);
+ }
+
+ // Protocol Binding
+ loadProtocolBiding();
+
+ // Consent Authentication Request
+ consentAuthnReq = samlCoreProp
+ .getProperty(SAMLCore.CONSENT_AUTHN_REQ.getValue());
+
+ if ("unspecified".equalsIgnoreCase(consentAuthnReq)) {
+ consentAuthnReq = RequestAbstractType.UNSPECIFIED_CONSENT;
+ }
+
+ loadConsentAuthResp();
+
+ timeNotOnOrAfter = Integer.valueOf(samlCoreProp
+ .getProperty("timeNotOnOrAfter"));
+
+ if (timeNotOnOrAfter.intValue() < 0) {
+ LOGGER.error(SAML_ENGINE_LITERAL + "timeNotOnOrAfter"
+ + " is negative number.");
+
+ throw new SAMLEngineException(SAML_ENGINE_LITERAL
+ + "timeNotOnOrAfter" + " is negative number.");
+ }
+
+ requester = samlCoreProp.getProperty(SAMLCore.REQUESTER_TAG.getValue());
+ responder = samlCoreProp.getProperty(SAMLCore.RESPONDER_TAG.getValue());
+
+ } catch (SAMLEngineException e) {
+ LOGGER.error("SAMLCore: error loadConfiguration. ", e);
+ throw new STORKSAMLEngineRuntimeException(e);
+ } catch (RuntimeException e) {
+ LOGGER.error("SAMLCore: error loadConfiguration. ", e);
+ throw new STORKSAMLEngineRuntimeException(e);
+ }
+ }
+
+ /**
+ * Load consent authentication response.
+ */
+ private void loadConsentAuthResp() {
+ // Consent Authentication Response
+ consentAuthnResp = samlCoreProp
+ .getProperty(SAMLCore.CONSENT_AUTHN_RES.getValue());
+
+ if ("obtained".equalsIgnoreCase(consentAuthnResp)) {
+ consentAuthnResp = RequestAbstractType.OBTAINED_CONSENT;
+ } else if ("prior".equalsIgnoreCase(consentAuthnResp)) {
+ consentAuthnResp = RequestAbstractType.PRIOR_CONSENT;
+ } else if ("curent-implicit".equalsIgnoreCase(consentAuthnResp)) {
+ consentAuthnResp =
+ "urn:oasis:names:tc:SAML:2.0:consent:current-implicit";
+ } else if ("curent-explicit".equalsIgnoreCase(consentAuthnResp)) {
+ consentAuthnResp =
+ "urn:oasis:names:tc:SAML:2.0:consent:current-explicit";
+ } else if ("unspecified".equalsIgnoreCase(consentAuthnResp)) {
+ consentAuthnResp = RequestAbstractType.UNSPECIFIED_CONSENT;
+ }
+ }
+
+ /**
+ * Load protocol biding.
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ private void loadProtocolBiding() throws SAMLEngineException {
+ // Protocol Binding
+ protocolBinding = samlCoreProp.getProperty(SAMLCore.PROT_BINDING_TAG.getValue());
+
+ if (StringUtils.isBlank(protocolBinding)) {
+ LOGGER.error(SAML_ENGINE_LITERAL + SAMLCore.PROT_BINDING_TAG
+ + " it's mandatory.");
+ throw new SAMLEngineException(SAML_ENGINE_LITERAL
+ + SAMLCore.PROT_BINDING_TAG + " it's mandatory.");
+ } else if (protocolBinding.equalsIgnoreCase("HTTP-POST")) {
+ protocolBinding = SAMLConstants.SAML2_POST_BINDING_URI;
+ } else {
+ LOGGER.error(SAML_ENGINE_LITERAL + SAMLCore.PROT_BINDING_TAG
+ + " it's not supporting.");
+
+ throw new SAMLEngineException(SAML_ENGINE_LITERAL
+ + SAMLCore.PROT_BINDING_TAG + " it's not supporting.");
+ }
+ }
+
+ /**
+ * Sets the consent authentication response.
+ *
+ * @param newConsAuthnResp the new consent authentication response
+ */
+ public void setConsentAuthnResp(final String newConsAuthnResp) {
+ this.consentAuthnResp = newConsAuthnResp;
+ }
+
+ /**
+ * Sets an eID that can be shared outside of the Service Provider’s member state.
+ *
+ * @param newEIDCrossBord the new eid cross border share
+ */
+ public void setEIDCrossBordShare(final String newEIDCrossBord) {
+ this.eIDCrossBordShare = newEIDCrossBord;
+ }
+
+ /**
+ * Sets an eID that can be shared outside of the Service Provider’s sector.
+ *
+ * @param newEIDCrossSect the new eid cross sect share
+ */
+ public void setEIDCrossSectShare(final String newEIDCrossSect) {
+ this.eIDCrossSectShare = newEIDCrossSect;
+ }
+
+ /**
+ * Sets an eID that can be shared within the Service Provider’s sector.
+ *
+ * @param newEIDSectorShare the new eid sector share
+ */
+ public void seteIDSectorShare(final String newEIDSectorShare) {
+ this.eIDSectorShare = newEIDSectorShare;
+ }
+
+ /**
+ * Sets the format entity.
+ *
+ * @param newFormatEntity the new format entity
+ */
+ public void setFormatEntity(final String newFormatEntity) {
+ this.formatEntity = newFormatEntity;
+ }
+
+ /**
+ * Sets the friendly name.
+ *
+ * @param newFriendlyName the new friendly name
+ */
+ public void setFriendlyName(final boolean newFriendlyName) {
+ this.friendlyName = newFriendlyName;
+ }
+
+ /**
+ * Sets the IP validation.
+ *
+ * @param newIpValidation the new IP validation
+ */
+ public void setIpValidation(final boolean newIpValidation) {
+ this.ipValidation = newIpValidation;
+ }
+
+ /**
+ * Sets the one time use.
+ *
+ * @param newOneTimeUse the new one time use
+ */
+ public void setOneTimeUse(final boolean newOneTimeUse) {
+ this.oneTimeUse = newOneTimeUse;
+ }
+
+ /**
+ * Sets the protocol binding.
+ *
+ * @param newProtBinding the new protocol binding
+ */
+ public void setProtocolBinding(final String newProtBinding) {
+ this.protocolBinding = newProtBinding;
+ }
+
+ /**
+ * Sets the requester.
+ *
+ * @param newRequester the new requester
+ */
+ public void setRequester(final String newRequester) {
+ this.requester = newRequester;
+ }
+
+ /**
+ * Sets the responder.
+ *
+ * @param newResponder the new responder
+ */
+ public void setResponder(final String newResponder) {
+ this.responder = newResponder;
+ }
+
+ /**
+ * Sets the time not on or after.
+ *
+ * @param newTimeNotOnOrAft the new time not on or after
+ */
+ public void setTimeNotOnOrAfter(final Integer newTimeNotOnOrAft) {
+ this.timeNotOnOrAfter = newTimeNotOnOrAft;
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/VIDPAuthenticationAttributes.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/VIDPAuthenticationAttributes.java
index 3f812393e..6ee9e0e1b 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/VIDPAuthenticationAttributes.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/VIDPAuthenticationAttributes.java
@@ -1,72 +1,72 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SAMLObject;
-
-/**
- * The Interface VIDPAuthenticationAttributes.
- *
- * @author fjquevedo
- */
-public interface VIDPAuthenticationAttributes extends SAMLObject {
-
- /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
- String DEF_LOCAL_NAME = "VIDPAuthenticationAttributes";
-
- /** Default element name. */
- QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
- /** Local name of the XSI type. */
- String TYPE_LOCAL_NAME = "VIDPAuthenticationAttributesType";
-
- /** QName of the XSI type. */
- QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
- SAMLCore.STORK10P_PREFIX.getValue());
-
-
- /**
- * Gets the citizen country code.
- *
- * @return the citizen country code
- */
- CitizenCountryCode getCitizenCountryCode();
-
- /**
- * Sets the citizen country code.
- *
- * @param newCitizenCountryCode the new citizen country code
- */
- void setCitizenCountryCode(CitizenCountryCode newCitizenCountryCode);
-
- /**
- * Gets the SP information
- *
- * @return the SP information
- */
- SPInformation getSPInformation();
-
- /**
- * Sets the SP information
- *
- * @param newSPInformation the new SPInformation
- */
- void setSPInformation(SPInformation newSPInformation);
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SAMLObject;
+
+/**
+ * The Interface VIDPAuthenticationAttributes.
+ *
+ * @author fjquevedo
+ */
+public interface VIDPAuthenticationAttributes extends SAMLObject {
+
+ /** The Constant DEFAULT_ELEMENT_LOCAL_NAME. */
+ String DEF_LOCAL_NAME = "VIDPAuthenticationAttributes";
+
+ /** Default element name. */
+ QName DEF_ELEMENT_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), DEF_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+ /** Local name of the XSI type. */
+ String TYPE_LOCAL_NAME = "VIDPAuthenticationAttributesType";
+
+ /** QName of the XSI type. */
+ QName TYPE_NAME = new QName(SAMLCore.STORK10P_NS.getValue(), TYPE_LOCAL_NAME,
+ SAMLCore.STORK10P_PREFIX.getValue());
+
+
+ /**
+ * Gets the citizen country code.
+ *
+ * @return the citizen country code
+ */
+ CitizenCountryCode getCitizenCountryCode();
+
+ /**
+ * Sets the citizen country code.
+ *
+ * @param newCitizenCountryCode the new citizen country code
+ */
+ void setCitizenCountryCode(CitizenCountryCode newCitizenCountryCode);
+
+ /**
+ * Gets the SP information
+ *
+ * @return the SP information
+ */
+ SPInformation getSPInformation();
+
+ /**
+ * Sets the SP information
+ *
+ * @param newSPInformation the new SPInformation
+ */
+ void setSPInformation(SPInformation newSPInformation);
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesBuilder.java
index 74840e135..2d9039d4c 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesBuilder.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesBuilder.java
@@ -1,56 +1,56 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
-
-import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
-
-/**
- * The Class AuthenticationAttributesBuilder.
- *
- * @author fjquevedo
- */
-public class AuthenticationAttributesBuilder extends
- AbstractSAMLObjectBuilder<AuthenticationAttributes> {
-
-
-
- /**
- * Builds the object.
- *
- * @return the authentication attributes
- */
- public final AuthenticationAttributes buildObject() {
- return buildObject(AuthenticationAttributes.DEF_ELEMENT_NAME);
- }
-
- /**
- * Builds the object.
- *
- * @param namespaceURI the namespace URI
- * @param localName the local name
- * @param namespacePrefix the namespace prefix
- *
- * @return the authentication attributes
- */
- public final AuthenticationAttributes buildObject(final String namespaceURI,
- final String localName, final String namespacePrefix) {
- return new AuthenticationAttributesImpl(namespaceURI, localName,
- namespacePrefix);
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
+
+/**
+ * The Class AuthenticationAttributesBuilder.
+ *
+ * @author fjquevedo
+ */
+public class AuthenticationAttributesBuilder extends
+ AbstractSAMLObjectBuilder<AuthenticationAttributes> {
+
+
+
+ /**
+ * Builds the object.
+ *
+ * @return the authentication attributes
+ */
+ public final AuthenticationAttributes buildObject() {
+ return buildObject(AuthenticationAttributes.DEF_ELEMENT_NAME);
+ }
+
+ /**
+ * Builds the object.
+ *
+ * @param namespaceURI the namespace URI
+ * @param localName the local name
+ * @param namespacePrefix the namespace prefix
+ *
+ * @return the authentication attributes
+ */
+ public final AuthenticationAttributes buildObject(final String namespaceURI,
+ final String localName, final String namespacePrefix) {
+ return new AuthenticationAttributesImpl(namespaceURI, localName,
+ namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
index 1e43e7ec3..e0de20f7d 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
@@ -1,109 +1,109 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSignableSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
-import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The Class AuthenticationAttributesImpl.
- *
- * @author fjquevedo
- */
-public final class AuthenticationAttributesImpl extends AbstractSignableSAMLObject implements
-AuthenticationAttributes {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticationAttributesImpl.class.getName());
-
- /** The indexed children. */
- private VIDPAuthenticationAttributes vIDPAuthenAttr;
-
- /**
- * Instantiates a new authentication attributes implementation.
- *
- * @param namespaceURI the namespace uri
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected AuthenticationAttributesImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- *
- */
- public List<XMLObject> getOrderedChildren() {
- final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
-
- children.add(vIDPAuthenAttr);
-
- if (getSignature() != null) {
- children.add(getSignature());
- }
-
- return Collections.unmodifiableList(children);
- }
-
- /**
- * Gets the signature reference id.
- *
- * @return the signature reference id
- *
- */
- public String getSignatureReferenceID() {
- return null;
- }
-
- /**
- * Gets the vidp authentication attributes.
- *
- * @return the VIDP authentication attributes
- *
- */
- public VIDPAuthenticationAttributes getVIDPAuthenticationAttributes() {
- return vIDPAuthenAttr;
- }
-
- /**
- * Sets the vidp authentication attributes.
- *
- * @param newVIDPAuthenAttr the new vidp authen attr
- *
- */
- public void setVIDPAuthenticationAttributes(
- final VIDPAuthenticationAttributes newVIDPAuthenAttr) {
- vIDPAuthenAttr = prepareForAssignment(this.vIDPAuthenAttr, newVIDPAuthenAttr);
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSignableSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
+import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class AuthenticationAttributesImpl.
+ *
+ * @author fjquevedo
+ */
+public final class AuthenticationAttributesImpl extends AbstractSignableSAMLObject implements
+AuthenticationAttributes {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticationAttributesImpl.class.getName());
+
+ /** The indexed children. */
+ private VIDPAuthenticationAttributes vIDPAuthenAttr;
+
+ /**
+ * Instantiates a new authentication attributes implementation.
+ *
+ * @param namespaceURI the namespace uri
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected AuthenticationAttributesImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ *
+ */
+ public List<XMLObject> getOrderedChildren() {
+ final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ children.add(vIDPAuthenAttr);
+
+ if (getSignature() != null) {
+ children.add(getSignature());
+ }
+
+ return Collections.unmodifiableList(children);
+ }
+
+ /**
+ * Gets the signature reference id.
+ *
+ * @return the signature reference id
+ *
+ */
+ public String getSignatureReferenceID() {
+ return null;
+ }
+
+ /**
+ * Gets the vidp authentication attributes.
+ *
+ * @return the VIDP authentication attributes
+ *
+ */
+ public VIDPAuthenticationAttributes getVIDPAuthenticationAttributes() {
+ return vIDPAuthenAttr;
+ }
+
+ /**
+ * Sets the vidp authentication attributes.
+ *
+ * @param newVIDPAuthenAttr the new vidp authen attr
+ *
+ */
+ public void setVIDPAuthenticationAttributes(
+ final VIDPAuthenticationAttributes newVIDPAuthenAttr) {
+ vIDPAuthenAttr = prepareForAssignment(this.vIDPAuthenAttr, newVIDPAuthenAttr);
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesMarshaller.java
index 698bf56b9..d31c052fe 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesMarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesMarshaller.java
@@ -1,30 +1,27 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
-
-/**
- * The Class AuthenticationAttributesMarshaller.
- *
- * @author fjquevedo
- */
-public class AuthenticationAttributesMarshaller extends AbstractSAMLObjectMarshaller {
-
-
-
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+
+/**
+ * The Class AuthenticationAttributesMarshaller.
+ *
+ * @author fjquevedo
+ */
+public class AuthenticationAttributesMarshaller extends AbstractSAMLObjectMarshaller {
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesUnmarshaller.java
index af3e5c234..113214712 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesUnmarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesUnmarshaller.java
@@ -1,54 +1,54 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.UnmarshallingException;
-
-import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
-
-import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
-
-/**
- * The Class AuthenticationAttributesUnmarshaller.
- *
- * @author fjquevedo
- */
-public class AuthenticationAttributesUnmarshaller extends
- AbstractSAMLObjectUnmarshaller {
-
- /**
- * Process child element.
- *
- * @param parentObject the parent object
- * @param childObject the child object
- *
- * @throws UnmarshallingException the unmarshalling exception
- *
- */
- protected final void processChildElement(final XMLObject parentObject,
- final XMLObject childObject) throws UnmarshallingException {
- final AuthenticationAttributes attrStatement = (AuthenticationAttributes) parentObject;
-
- if (childObject instanceof VIDPAuthenticationAttributes) {
- attrStatement.setVIDPAuthenticationAttributes((VIDPAuthenticationAttributes) childObject);
- } else {
- super.processChildElement(parentObject, childObject);
- }
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
+
+import eu.stork.peps.auth.engine.core.AuthenticationAttributes;
+
+/**
+ * The Class AuthenticationAttributesUnmarshaller.
+ *
+ * @author fjquevedo
+ */
+public class AuthenticationAttributesUnmarshaller extends
+AbstractSAMLObjectUnmarshaller {
+
+ /**
+ * Process child element.
+ *
+ * @param parentObject the parent object
+ * @param childObject the child object
+ *
+ * @throws UnmarshallingException the unmarshalling exception
+ *
+ */
+ protected final void processChildElement(final XMLObject parentObject,
+ final XMLObject childObject) throws UnmarshallingException {
+ final AuthenticationAttributes attrStatement = (AuthenticationAttributes) parentObject;
+
+ if (childObject instanceof VIDPAuthenticationAttributes) {
+ attrStatement.setVIDPAuthenticationAttributes((VIDPAuthenticationAttributes) childObject);
+ } else {
+ super.processChildElement(parentObject, childObject);
+ }
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
index 4df8084a9..374398cf1 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
@@ -1,82 +1,82 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.CitizenCountryCode;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The Class CitizenCountryCodeImpl.
- *
- * @author fjquevedo
- */
-public class CitizenCountryCodeImpl extends AbstractSAMLObject implements CitizenCountryCode {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(CitizenCountryCodeImpl.class.getName());
- /** The citizen country code. */
- private String citizenCountryCode;
-
- /**
- * Instantiates a new sP country impl.
- *
- * @param namespaceURI the namespace uri
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected CitizenCountryCodeImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
- /**
- * Gets the citizen country code.
- *
- * @return the citizen country code
- */
- public final String getCitizenCountryCode() {
- return citizenCountryCode;
- }
-
- /**
- * Sets the citizen country code.
- *
- * @param newCitizenCountryCode the new citizen country code
- */
- public final void setCitizenCountryCode(final String newCitizenCountryCode) {
- this.citizenCountryCode = prepareForAssignment(this.citizenCountryCode, newCitizenCountryCode);
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- */
- public final List<XMLObject> getOrderedChildren() {
- return null;
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class CitizenCountryCodeImpl.
+ *
+ * @author fjquevedo
+ */
+public class CitizenCountryCodeImpl extends AbstractSAMLObject implements CitizenCountryCode {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(CitizenCountryCodeImpl.class.getName());
+ /** The citizen country code. */
+ private String citizenCountryCode;
+
+ /**
+ * Instantiates a new sP country impl.
+ *
+ * @param namespaceURI the namespace uri
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected CitizenCountryCodeImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /**
+ * Gets the citizen country code.
+ *
+ * @return the citizen country code
+ */
+ public final String getCitizenCountryCode() {
+ return citizenCountryCode;
+ }
+
+ /**
+ * Sets the citizen country code.
+ *
+ * @param newCitizenCountryCode the new citizen country code
+ */
+ public final void setCitizenCountryCode(final String newCitizenCountryCode) {
+ this.citizenCountryCode = prepareForAssignment(this.citizenCountryCode, newCitizenCountryCode);
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ */
+ public final List<XMLObject> getOrderedChildren() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryBuilder.java
index ca529d283..48da2a24b 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryBuilder.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryBuilder.java
@@ -1,26 +1,26 @@
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
-import org.opensaml.common.xml.SAMLConstants;
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-
-public class CustomAttributeQueryBuilder extends AbstractSAMLObjectBuilder<CustomAttributeQuery> {
- /**
- * Constructor.
- */
- public CustomAttributeQueryBuilder() {
-
- }
-
- /** {@inheritDoc} */
- public CustomAttributeQuery buildObject() {
- return buildObject(SAMLConstants.SAML20P_NS, CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME,
- SAMLConstants.SAML20P_PREFIX);
- }
-
- /** {@inheritDoc} */
- public CustomAttributeQuery buildObject(String namespaceURI, String localName, String namespacePrefix) {
- return new CustomAttributeQueryImpl(namespaceURI, localName, namespacePrefix);
- }
-
-}
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+import org.opensaml.common.xml.SAMLConstants;
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+
+public class CustomAttributeQueryBuilder extends AbstractSAMLObjectBuilder<CustomAttributeQuery> {
+ /**
+ * Constructor.
+ */
+ public CustomAttributeQueryBuilder() {
+
+ }
+
+ /** {@inheritDoc} */
+ public CustomAttributeQuery buildObject() {
+ return buildObject(SAMLConstants.SAML20P_NS, CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME,
+ SAMLConstants.SAML20P_PREFIX);
+ }
+
+ /** {@inheritDoc} */
+ public CustomAttributeQuery buildObject(String namespaceURI, String localName, String namespacePrefix) {
+ return new CustomAttributeQueryImpl(namespaceURI, localName, namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java
index e485827c8..cbf9221eb 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryImpl.java
@@ -1,65 +1,65 @@
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.impl.SubjectQueryImpl;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.util.XMLObjectChildrenList;
-
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-
-
-public class CustomAttributeQueryImpl extends SubjectQueryImpl implements CustomAttributeQuery {
- /** Attribute child elements. */
- private final XMLObjectChildrenList<Attribute> attributes;
- private String serviceURL;
-
- /**
- * Constructor.
- *
- * @param namespaceURI the namespace the element is in
- * @param elementLocalName the local name of the XML element this Object represents
- * @param namespacePrefix the prefix for the given namespace
- */
- protected CustomAttributeQueryImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- attributes = new XMLObjectChildrenList<Attribute>(this);
- }
-
- /** {@inheritDoc} */
- public List<Attribute> getAttributes() {
- return attributes;
- }
-
- /** {@inheritDoc} */
- public List<XMLObject> getOrderedChildren() {
- ArrayList<XMLObject> children = new ArrayList<XMLObject>();
-
- if (super.getOrderedChildren() != null) {
- children.addAll(super.getOrderedChildren());
- }
- children.addAll(attributes);
-
- if (children.size() == 0) {
- return null;
- }
-
- return Collections.unmodifiableList(children);
- }
-
- @Override
- public String getAssertionConsumerServiceURL() {
- // TODO Auto-generated method stub
- return this.serviceURL;
- }
-
- @Override
- public void setAssertionConsumerServiceURL(String newServiceUrl) {
- // TODO Auto-generated method stub
- this.serviceURL = newServiceUrl;
- }
-
-}
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.impl.SubjectQueryImpl;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.util.XMLObjectChildrenList;
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+
+
+public class CustomAttributeQueryImpl extends SubjectQueryImpl implements CustomAttributeQuery {
+ /** Attribute child elements. */
+ private final XMLObjectChildrenList<Attribute> attributes;
+ private String serviceURL;
+
+ /**
+ * Constructor.
+ *
+ * @param namespaceURI the namespace the element is in
+ * @param elementLocalName the local name of the XML element this Object represents
+ * @param namespacePrefix the prefix for the given namespace
+ */
+ protected CustomAttributeQueryImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ attributes = new XMLObjectChildrenList<Attribute>(this);
+ }
+
+ /** {@inheritDoc} */
+ public List<Attribute> getAttributes() {
+ return attributes;
+ }
+
+ /** {@inheritDoc} */
+ public List<XMLObject> getOrderedChildren() {
+ ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ if (super.getOrderedChildren() != null) {
+ children.addAll(super.getOrderedChildren());
+ }
+ children.addAll(attributes);
+
+ if (children.size() == 0) {
+ return null;
+ }
+
+ return Collections.unmodifiableList(children);
+ }
+
+ @Override
+ public String getAssertionConsumerServiceURL() {
+ // TODO Auto-generated method stub
+ return this.serviceURL;
+ }
+
+ @Override
+ public void setAssertionConsumerServiceURL(String newServiceUrl) {
+ // TODO Auto-generated method stub
+ this.serviceURL = newServiceUrl;
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryMarshaller.java
index 51b6a20f8..7f2013ca8 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryMarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryMarshaller.java
@@ -1,50 +1,50 @@
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.impl.SubjectQueryMarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.MarshallingException;
-import org.w3c.dom.Element;
-
-import eu.stork.peps.auth.engine.core.CustomRequestAbstractType;
-
-public class CustomAttributeQueryMarshaller extends SubjectQueryMarshaller {
-
- /** {@inheritDoc} */
- protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException {
- CustomRequestAbstractType req = (CustomRequestAbstractType) samlObject;
-
- if (req.getVersion() != null) {
- domElement.setAttributeNS(null, RequestAbstractType.VERSION_ATTRIB_NAME, req.getVersion().toString());
- }
-
- if (req.getID() != null) {
- domElement.setAttributeNS(null, RequestAbstractType.ID_ATTRIB_NAME, req.getID());
- domElement.setIdAttributeNS(null, RequestAbstractType.ID_ATTRIB_NAME, true);
- }
-
- if (req.getVersion() != null) {
- domElement.setAttributeNS(null, RequestAbstractType.VERSION_ATTRIB_NAME, req.getVersion().toString());
- }
-
- if (req.getIssueInstant() != null) {
- String iiStr = Configuration.getSAMLDateFormatter().print(req.getIssueInstant());
- domElement.setAttributeNS(null, RequestAbstractType.ISSUE_INSTANT_ATTRIB_NAME, iiStr);
- }
-
- if (req.getDestination() != null) {
- domElement.setAttributeNS(null, RequestAbstractType.DESTINATION_ATTRIB_NAME, req.getDestination());
- }
-
- if (req.getAssertionConsumerServiceURL() != null) {
- domElement.setAttributeNS(null, CustomRequestAbstractType.ASSERTION_CONSUMER_SERVICE_URL_ATTRIB_NAME, req.getAssertionConsumerServiceURL());
- }
-
- if (req.getConsent() != null) {
- domElement.setAttributeNS(null, RequestAbstractType.CONSENT_ATTRIB_NAME, req.getConsent());
- }
- }
-
-
-}
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.impl.SubjectQueryMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.CustomRequestAbstractType;
+
+public class CustomAttributeQueryMarshaller extends SubjectQueryMarshaller {
+
+ /** {@inheritDoc} */
+ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException {
+ CustomRequestAbstractType req = (CustomRequestAbstractType) samlObject;
+
+ if (req.getVersion() != null) {
+ domElement.setAttributeNS(null, RequestAbstractType.VERSION_ATTRIB_NAME, req.getVersion().toString());
+ }
+
+ if (req.getID() != null) {
+ domElement.setAttributeNS(null, RequestAbstractType.ID_ATTRIB_NAME, req.getID());
+ domElement.setIdAttributeNS(null, RequestAbstractType.ID_ATTRIB_NAME, true);
+ }
+
+ if (req.getVersion() != null) {
+ domElement.setAttributeNS(null, RequestAbstractType.VERSION_ATTRIB_NAME, req.getVersion().toString());
+ }
+
+ if (req.getIssueInstant() != null) {
+ String iiStr = Configuration.getSAMLDateFormatter().print(req.getIssueInstant());
+ domElement.setAttributeNS(null, RequestAbstractType.ISSUE_INSTANT_ATTRIB_NAME, iiStr);
+ }
+
+ if (req.getDestination() != null) {
+ domElement.setAttributeNS(null, RequestAbstractType.DESTINATION_ATTRIB_NAME, req.getDestination());
+ }
+
+ if (req.getAssertionConsumerServiceURL() != null) {
+ domElement.setAttributeNS(null, CustomRequestAbstractType.ASSERTION_CONSUMER_SERVICE_URL_ATTRIB_NAME, req.getAssertionConsumerServiceURL());
+ }
+
+ if (req.getConsent() != null) {
+ domElement.setAttributeNS(null, RequestAbstractType.CONSENT_ATTRIB_NAME, req.getConsent());
+ }
+ }
+
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryUnmarshaller.java
index f28ec1fef..e351b65b0 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryUnmarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CustomAttributeQueryUnmarshaller.java
@@ -1,114 +1,114 @@
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.joda.time.DateTime;
-import org.joda.time.chrono.ISOChronology;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.impl.SubjectQueryUnmarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.AbstractXMLObjectUnmarshaller;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.util.DatatypeHelper;
-import org.opensaml.xml.util.XMLHelper;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.Text;
-
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.CustomRequestAbstractType;
-
-public class CustomAttributeQueryUnmarshaller extends SubjectQueryUnmarshaller {
-
- private final Logger log = LoggerFactory.getLogger(AbstractXMLObjectUnmarshaller.class);
- /** {@inheritDoc} */
- protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
- throws UnmarshallingException {
- CustomAttributeQuery query = (CustomAttributeQuery) parentSAMLObject;
-
- if (childSAMLObject instanceof Attribute) {
- query.getAttributes().add((Attribute) childSAMLObject);
- } else {
- super.processChildElement(parentSAMLObject, childSAMLObject);
- }
- }
-
- /** {@inheritDoc} */
- public XMLObject unmarshall(Element domElement) throws UnmarshallingException {
- if (log.isTraceEnabled()) {
- log.trace("Starting to unmarshall DOM element {}", XMLHelper.getNodeQName(domElement));
- }
-
- checkElementIsTarget(domElement);
-
- //String namespaceURI, String elementLocalName, String namespacePrefix
- XMLObject xmlObject = new CustomAttributeQueryImpl(SAMLConstants.SAML20P_NS, CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME,
- SAMLConstants.SAML20P_PREFIX);
-
- if (log.isTraceEnabled()) {
- log.trace("Unmarshalling attributes of DOM Element {}", XMLHelper.getNodeQName(domElement));
- }
-
- NamedNodeMap attributes = domElement.getAttributes();
- Node attribute;
- for (int i = 0; i < attributes.getLength(); i++) {
- attribute = attributes.item(i);
-
- // These should allows be attribute nodes, but just in case...
- if (attribute.getNodeType() == Node.ATTRIBUTE_NODE) {
- unmarshallAttribute(xmlObject, (Attr) attribute);
- }
- }
-
- if (log.isTraceEnabled()) {
- log.trace("Unmarshalling other child nodes of DOM Element {}", XMLHelper.getNodeQName(domElement));
- }
-
- Node childNode = domElement.getFirstChild();
- while (childNode != null) {
-
- if (childNode.getNodeType() == Node.ATTRIBUTE_NODE) {
- unmarshallAttribute(xmlObject, (Attr) childNode);
- } else if (childNode.getNodeType() == Node.ELEMENT_NODE) {
- unmarshallChildElement(xmlObject, (Element) childNode);
- } else if (childNode.getNodeType() == Node.TEXT_NODE
- || childNode.getNodeType() == Node.CDATA_SECTION_NODE) {
- unmarshallTextContent(xmlObject, (Text) childNode);
- }
-
- childNode = childNode.getNextSibling();
- }
-
- xmlObject.setDOM(domElement);
- return xmlObject;
- }
-
- /** {@inheritDoc} */
- protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
- CustomRequestAbstractType req = (CustomRequestAbstractType) samlObject;
-
- if (attribute.getLocalName().equals(RequestAbstractType.VERSION_ATTRIB_NAME)) {
- req.setVersion(SAMLVersion.valueOf(attribute.getValue()));
- } else if (attribute.getLocalName().equals(RequestAbstractType.ID_ATTRIB_NAME)) {
- req.setID(attribute.getValue());
- attribute.getOwnerElement().setIdAttributeNode(attribute, true);
- } else if (attribute.getLocalName().equals(RequestAbstractType.ISSUE_INSTANT_ATTRIB_NAME)
- && !DatatypeHelper.isEmpty(attribute.getValue())) {
- req.setIssueInstant(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
- } else if (attribute.getLocalName().equals(RequestAbstractType.DESTINATION_ATTRIB_NAME)) {
- req.setDestination(attribute.getValue());
- } else if (attribute.getLocalName().equals(RequestAbstractType.CONSENT_ATTRIB_NAME)) {
- req.setConsent(attribute.getValue());
- } else if (attribute.getLocalName().equals(CustomRequestAbstractType.ASSERTION_CONSUMER_SERVICE_URL_ATTRIB_NAME)) {
- req.setAssertionConsumerServiceURL(attribute.getValue());
- }else {
- super.processAttribute(samlObject, attribute);
- }
- }
-
-}
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.joda.time.DateTime;
+import org.joda.time.chrono.ISOChronology;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.impl.SubjectQueryUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.AbstractXMLObjectUnmarshaller;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.util.XMLHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.Text;
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.CustomRequestAbstractType;
+
+public class CustomAttributeQueryUnmarshaller extends SubjectQueryUnmarshaller {
+
+ private final Logger log = LoggerFactory.getLogger(AbstractXMLObjectUnmarshaller.class);
+ /** {@inheritDoc} */
+ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
+ throws UnmarshallingException {
+ CustomAttributeQuery query = (CustomAttributeQuery) parentSAMLObject;
+
+ if (childSAMLObject instanceof Attribute) {
+ query.getAttributes().add((Attribute) childSAMLObject);
+ } else {
+ super.processChildElement(parentSAMLObject, childSAMLObject);
+ }
+ }
+
+ /** {@inheritDoc} */
+ public XMLObject unmarshall(Element domElement) throws UnmarshallingException {
+ if (log.isTraceEnabled()) {
+ log.trace("Starting to unmarshall DOM element {}", XMLHelper.getNodeQName(domElement));
+ }
+
+ checkElementIsTarget(domElement);
+
+ //String namespaceURI, String elementLocalName, String namespacePrefix
+ XMLObject xmlObject = new CustomAttributeQueryImpl(SAMLConstants.SAML20P_NS, CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME,
+ SAMLConstants.SAML20P_PREFIX);
+
+ if (log.isTraceEnabled()) {
+ log.trace("Unmarshalling attributes of DOM Element {}", XMLHelper.getNodeQName(domElement));
+ }
+
+ NamedNodeMap attributes = domElement.getAttributes();
+ Node attribute;
+ for (int i = 0; i < attributes.getLength(); i++) {
+ attribute = attributes.item(i);
+
+ // These should allows be attribute nodes, but just in case...
+ if (attribute.getNodeType() == Node.ATTRIBUTE_NODE) {
+ unmarshallAttribute(xmlObject, (Attr) attribute);
+ }
+ }
+
+ if (log.isTraceEnabled()) {
+ log.trace("Unmarshalling other child nodes of DOM Element {}", XMLHelper.getNodeQName(domElement));
+ }
+
+ Node childNode = domElement.getFirstChild();
+ while (childNode != null) {
+
+ if (childNode.getNodeType() == Node.ATTRIBUTE_NODE) {
+ unmarshallAttribute(xmlObject, (Attr) childNode);
+ } else if (childNode.getNodeType() == Node.ELEMENT_NODE) {
+ unmarshallChildElement(xmlObject, (Element) childNode);
+ } else if (childNode.getNodeType() == Node.TEXT_NODE
+ || childNode.getNodeType() == Node.CDATA_SECTION_NODE) {
+ unmarshallTextContent(xmlObject, (Text) childNode);
+ }
+
+ childNode = childNode.getNextSibling();
+ }
+
+ xmlObject.setDOM(domElement);
+ return xmlObject;
+ }
+
+ /** {@inheritDoc} */
+ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
+ CustomRequestAbstractType req = (CustomRequestAbstractType) samlObject;
+
+ if (attribute.getLocalName().equals(RequestAbstractType.VERSION_ATTRIB_NAME)) {
+ req.setVersion(SAMLVersion.valueOf(attribute.getValue()));
+ } else if (attribute.getLocalName().equals(RequestAbstractType.ID_ATTRIB_NAME)) {
+ req.setID(attribute.getValue());
+ attribute.getOwnerElement().setIdAttributeNode(attribute, true);
+ } else if (attribute.getLocalName().equals(RequestAbstractType.ISSUE_INSTANT_ATTRIB_NAME)
+ && !DatatypeHelper.isEmpty(attribute.getValue())) {
+ req.setIssueInstant(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
+ } else if (attribute.getLocalName().equals(RequestAbstractType.DESTINATION_ATTRIB_NAME)) {
+ req.setDestination(attribute.getValue());
+ } else if (attribute.getLocalName().equals(RequestAbstractType.CONSENT_ATTRIB_NAME)) {
+ req.setConsent(attribute.getValue());
+ } else if (attribute.getLocalName().equals(CustomRequestAbstractType.ASSERTION_CONSUMER_SERVICE_URL_ATTRIB_NAME)) {
+ req.setAssertionConsumerServiceURL(attribute.getValue());
+ }else {
+ super.processAttribute(samlObject, attribute);
+ }
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareBuilder.java
index b939da776..3f4fc633d 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareBuilder.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareBuilder.java
@@ -1,52 +1,52 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
-
-import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
-
-/**
- * The Class EIDCrossBorderShareBuilder.
- *
- * @author fjquevedo
- */
-public class EIDCrossBorderShareBuilder extends AbstractSAMLObjectBuilder<EIDCrossBorderShare> {
-
-
- /**
- * Builds the object.
- *
- * @return the identifier cross border share
- */
- public final EIDCrossBorderShare buildObject() {
- return buildObject(EIDCrossBorderShare.DEF_ELEMENT_NAME);
- }
-
-
- /**
- * Builds the object.
- *
- * @param namespaceURI the namespace uri
- * @param localName the local name
- * @param namespacePrefix the namespace prefix
- * @return the eID cross border share
- */
- public final EIDCrossBorderShare buildObject(final String namespaceURI,
- final String localName, final String namespacePrefix) {
- return new EIDCrossBorderShareImpl(namespaceURI, localName, namespacePrefix);
- }
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
+
+/**
+ * The Class EIDCrossBorderShareBuilder.
+ *
+ * @author fjquevedo
+ */
+public class EIDCrossBorderShareBuilder extends AbstractSAMLObjectBuilder<EIDCrossBorderShare> {
+
+
+ /**
+ * Builds the object.
+ *
+ * @return the identifier cross border share
+ */
+ public final EIDCrossBorderShare buildObject() {
+ return buildObject(EIDCrossBorderShare.DEF_ELEMENT_NAME);
+ }
+
+
+ /**
+ * Builds the object.
+ *
+ * @param namespaceURI the namespace uri
+ * @param localName the local name
+ * @param namespacePrefix the namespace prefix
+ * @return the eID cross border share
+ */
+ public final EIDCrossBorderShare buildObject(final String namespaceURI,
+ final String localName, final String namespacePrefix) {
+ return new EIDCrossBorderShareImpl(namespaceURI, localName, namespacePrefix);
+ }
} \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
index 50a997031..3827f5085 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
@@ -1,87 +1,87 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The Class EIDCrossBorderShareImpl.
- *
- * @author fjquevedo
- */
-public class EIDCrossBorderShareImpl extends AbstractSAMLObject implements
- EIDCrossBorderShare {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(EIDCrossBorderShareImpl.class.getName());
- /** The citizen country code. */
- private String eIDCrossBorderShare;
-
- /**
- * Instantiates a new eID cross border share implementation.
- *
- * @param namespaceURI the namespace URI
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected EIDCrossBorderShareImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
-
-
- /**
- * Gets the eID cross border share.
- *
- * @return the eID cross border share
- */
- public final String getEIDCrossBorderShare() {
- return eIDCrossBorderShare;
- }
-
-
- /**
- * Sets the eID cross border share.
- *
- * @param newEIDCrossBorderShare the new eID cross border share
- */
- public final void setEIDCrossBorderShare(String newEIDCrossBorderShare) {
- this.eIDCrossBorderShare = prepareForAssignment(this.eIDCrossBorderShare, newEIDCrossBorderShare);
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- * {@inheritDoc}
- */
- public final List<XMLObject> getOrderedChildren() {
- return null;
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class EIDCrossBorderShareImpl.
+ *
+ * @author fjquevedo
+ */
+public class EIDCrossBorderShareImpl extends AbstractSAMLObject implements
+ EIDCrossBorderShare {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(EIDCrossBorderShareImpl.class.getName());
+ /** The citizen country code. */
+ private String eIDCrossBorderShare;
+
+ /**
+ * Instantiates a new eID cross border share implementation.
+ *
+ * @param namespaceURI the namespace URI
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected EIDCrossBorderShareImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+
+
+ /**
+ * Gets the eID cross border share.
+ *
+ * @return the eID cross border share
+ */
+ public final String getEIDCrossBorderShare() {
+ return eIDCrossBorderShare;
+ }
+
+
+ /**
+ * Sets the eID cross border share.
+ *
+ * @param newEIDCrossBorderShare the new eID cross border share
+ */
+ public final void setEIDCrossBorderShare(String newEIDCrossBorderShare) {
+ this.eIDCrossBorderShare = prepareForAssignment(this.eIDCrossBorderShare, newEIDCrossBorderShare);
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ * {@inheritDoc}
+ */
+ public final List<XMLObject> getOrderedChildren() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
} \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareMarshaller.java
index 58fa8af65..c5e113013 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareMarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareMarshaller.java
@@ -1,47 +1,47 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.util.XMLHelper;
-import org.w3c.dom.Element;
-
-import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
-
-
-/**
- * The Class EIDCrossBorderShareMarshaller.
- *
- * @author fjquevedo
- */
-public class EIDCrossBorderShareMarshaller extends AbstractSAMLObjectMarshaller {
-
-
- /**
- * Marshall element content.
- *
- * @param samlObject the SAML object
- * @param domElement the DOM element
- * @throws MarshallingException the marshalling exception
- */
- protected final void marshallElementContent(final XMLObject samlObject,
- final Element domElement) throws MarshallingException {
- final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) samlObject;
- XMLHelper.appendTextContent(domElement, crossBorderShare.getEIDCrossBorderShare());
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
+
+
+/**
+ * The Class EIDCrossBorderShareMarshaller.
+ *
+ * @author fjquevedo
+ */
+public class EIDCrossBorderShareMarshaller extends AbstractSAMLObjectMarshaller {
+
+
+ /**
+ * Marshall element content.
+ *
+ * @param samlObject the SAML object
+ * @param domElement the DOM element
+ * @throws MarshallingException the marshalling exception
+ */
+ protected final void marshallElementContent(final XMLObject samlObject,
+ final Element domElement) throws MarshallingException {
+ final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) samlObject;
+ XMLHelper.appendTextContent(domElement, crossBorderShare.getEIDCrossBorderShare());
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareUnmarshaller.java
index 457e70c23..e74bee6ca 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareUnmarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareUnmarshaller.java
@@ -1,43 +1,43 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
-
-/**
- * The Class EIDCrossBorderShareUnmarshaller.
- *
- * @author fjquevedo
- */
-public class EIDCrossBorderShareUnmarshaller extends
- AbstractSAMLObjectUnmarshaller {
-
-
- /**
- * Process element content.
- *
- * @param samlObject the SAML object
- * @param elementContent the element content
- */
- protected final void processElementContent(final XMLObject samlObject,
- final String elementContent) {
- final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) samlObject;
- crossBorderShare.setEIDCrossBorderShare(elementContent);
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.EIDCrossBorderShare;
+
+/**
+ * The Class EIDCrossBorderShareUnmarshaller.
+ *
+ * @author fjquevedo
+ */
+public class EIDCrossBorderShareUnmarshaller extends
+ AbstractSAMLObjectUnmarshaller {
+
+
+ /**
+ * Process element content.
+ *
+ * @param samlObject the SAML object
+ * @param elementContent the element content
+ */
+ protected final void processElementContent(final XMLObject samlObject,
+ final String elementContent) {
+ final EIDCrossBorderShare crossBorderShare = (EIDCrossBorderShare) samlObject;
+ crossBorderShare.setEIDCrossBorderShare(elementContent);
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareBuilder.java
index 9683d2ad8..5e91e18fd 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareBuilder.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareBuilder.java
@@ -1,52 +1,52 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
-
-import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
-
-/**
- * The Class EIDCrossSectorShareBuilder.
- *
- * @author fjquevedo
- */
-public class EIDCrossSectorShareBuilder extends
- AbstractSAMLObjectBuilder<EIDCrossSectorShare> {
-
- /**
- * Builds the object.
- *
- * @return the eID cross sector share
- */
- public final EIDCrossSectorShare buildObject() {
- return buildObject(EIDCrossSectorShare.DEF_ELEMENT_NAME);
- }
-
- /**
- * Builds the object.
- *
- * @param namespaceURI the namespace uri
- * @param localName the local name
- * @param namespacePrefix the namespace prefix
- * @return the eID cross sector share implementation
- */
- public final EIDCrossSectorShareImpl buildObject(final String namespaceURI,
- final String localName, final String namespacePrefix) {
- return new EIDCrossSectorShareImpl(namespaceURI, localName,
- namespacePrefix);
- }
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
+
+/**
+ * The Class EIDCrossSectorShareBuilder.
+ *
+ * @author fjquevedo
+ */
+public class EIDCrossSectorShareBuilder extends
+ AbstractSAMLObjectBuilder<EIDCrossSectorShare> {
+
+ /**
+ * Builds the object.
+ *
+ * @return the eID cross sector share
+ */
+ public final EIDCrossSectorShare buildObject() {
+ return buildObject(EIDCrossSectorShare.DEF_ELEMENT_NAME);
+ }
+
+ /**
+ * Builds the object.
+ *
+ * @param namespaceURI the namespace uri
+ * @param localName the local name
+ * @param namespacePrefix the namespace prefix
+ * @return the eID cross sector share implementation
+ */
+ public final EIDCrossSectorShareImpl buildObject(final String namespaceURI,
+ final String localName, final String namespacePrefix) {
+ return new EIDCrossSectorShareImpl(namespaceURI, localName,
+ namespacePrefix);
+ }
} \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
index 30502f429..7b2ad3dbd 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
@@ -1,89 +1,89 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-/**
- * The Class EIDCrossSectorShareImpl.
- *
- * @author fjquevedo
- */
-public class EIDCrossSectorShareImpl extends AbstractSAMLObject implements
- EIDCrossSectorShare {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(EIDCrossSectorShareImpl.class.getName());
- /** The citizen country code. */
- private String eIDCrossSectorShare;
-
-
- /**
- * Instantiates a new eID cross sector share implementation.
- *
- * @param namespaceURI the namespace URI
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected EIDCrossSectorShareImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
-
-
- /**
- * Gets the eID cross sector share.
- *
- * @return the eID cross sector share
- */
- public final String getEIDCrossSectorShare() {
- return eIDCrossSectorShare;
- }
-
-
- /**
- * Sets the eID cross sector share.
- *
- * @param newEIDCrossSectorShare the new eID cross sector share
- */
- public final void setEIDCrossSectorShare(String newEIDCrossSectorShare) {
- this.eIDCrossSectorShare = prepareForAssignment(this.eIDCrossSectorShare, newEIDCrossSectorShare);
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- */
- public final List<XMLObject> getOrderedChildren() {
- return null;
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * The Class EIDCrossSectorShareImpl.
+ *
+ * @author fjquevedo
+ */
+public class EIDCrossSectorShareImpl extends AbstractSAMLObject implements
+ EIDCrossSectorShare {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(EIDCrossSectorShareImpl.class.getName());
+ /** The citizen country code. */
+ private String eIDCrossSectorShare;
+
+
+ /**
+ * Instantiates a new eID cross sector share implementation.
+ *
+ * @param namespaceURI the namespace URI
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected EIDCrossSectorShareImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+
+
+ /**
+ * Gets the eID cross sector share.
+ *
+ * @return the eID cross sector share
+ */
+ public final String getEIDCrossSectorShare() {
+ return eIDCrossSectorShare;
+ }
+
+
+ /**
+ * Sets the eID cross sector share.
+ *
+ * @param newEIDCrossSectorShare the new eID cross sector share
+ */
+ public final void setEIDCrossSectorShare(String newEIDCrossSectorShare) {
+ this.eIDCrossSectorShare = prepareForAssignment(this.eIDCrossSectorShare, newEIDCrossSectorShare);
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ */
+ public final List<XMLObject> getOrderedChildren() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
} \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareMarshaller.java
index dfd2b81dc..3ee9df698 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareMarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareMarshaller.java
@@ -1,46 +1,46 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.util.XMLHelper;
-import org.w3c.dom.Element;
-
-import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
-
-
-/**
- * The Class EIDCrossSectorShareMarshaller.
- *
- * @author fjquevedo
- */
-public class EIDCrossSectorShareMarshaller extends AbstractSAMLObjectMarshaller {
-
- /**
- * Marshall element content.
- *
- * @param samlObject the SAML object
- * @param domElement the DOM element
- * @throws MarshallingException the marshalling exception
- */
- protected final void marshallElementContent(final XMLObject samlObject,
- final Element domElement) throws MarshallingException {
- final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) samlObject;
- XMLHelper.appendTextContent(domElement, crossSectorShare.getEIDCrossSectorShare());
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
+
+
+/**
+ * The Class EIDCrossSectorShareMarshaller.
+ *
+ * @author fjquevedo
+ */
+public class EIDCrossSectorShareMarshaller extends AbstractSAMLObjectMarshaller {
+
+ /**
+ * Marshall element content.
+ *
+ * @param samlObject the SAML object
+ * @param domElement the DOM element
+ * @throws MarshallingException the marshalling exception
+ */
+ protected final void marshallElementContent(final XMLObject samlObject,
+ final Element domElement) throws MarshallingException {
+ final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) samlObject;
+ XMLHelper.appendTextContent(domElement, crossSectorShare.getEIDCrossSectorShare());
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareUnmarshaller.java
index 6a9711ca2..94c7689be 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareUnmarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareUnmarshaller.java
@@ -1,47 +1,47 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.util.XMLHelper;
-import org.w3c.dom.Element;
-
-import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
-
-/**
- * The Class EIDCrossSectorShareUnmarshaller.
- *
- * @author fjquevedo
- */
-public class EIDCrossSectorShareUnmarshaller extends
- AbstractSAMLObjectUnmarshaller {
-
- /**
- * Process element content.
- *
- * @param samlObject the SAML object
- * @param domElement the DOM element
- * @throws MarshallingException the marshalling exception
- */
- protected final void processElementContent(final XMLObject samlObject,
- final String domElement) {
-
- final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) samlObject;
- crossSectorShare.setEIDCrossSectorShare(domElement);
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.EIDCrossSectorShare;
+
+/**
+ * The Class EIDCrossSectorShareUnmarshaller.
+ *
+ * @author fjquevedo
+ */
+public class EIDCrossSectorShareUnmarshaller extends
+ AbstractSAMLObjectUnmarshaller {
+
+ /**
+ * Process element content.
+ *
+ * @param samlObject the SAML object
+ * @param domElement the DOM element
+ * @throws MarshallingException the marshalling exception
+ */
+ protected final void processElementContent(final XMLObject samlObject,
+ final String domElement) {
+
+ final EIDCrossSectorShare crossSectorShare = (EIDCrossSectorShare) samlObject;
+ crossSectorShare.setEIDCrossSectorShare(domElement);
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareBuilder.java
index 75062dc69..230ff3ca4 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareBuilder.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareBuilder.java
@@ -1,51 +1,51 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
-
-import eu.stork.peps.auth.engine.core.EIDSectorShare;
-
-/**
- * The Class EIDSectorShareBuilder.
- *
- * @author fjquevedo
- */
-public class EIDSectorShareBuilder extends
- AbstractSAMLObjectBuilder<EIDSectorShare> {
-
- /**
- * Builds the object.
- *
- * @return the eID sector share
- */
- public final EIDSectorShare buildObject() {
- return buildObject(EIDSectorShare.DEF_ELEMENT_NAME);
- }
-
- /**
- * Builds the object.
- *
- * @param namespaceURI the namespace uri
- * @param localName the local name
- * @param namespacePrefix the namespace prefix
- * @return the eID sector share
- */
- public final EIDSectorShare buildObject(final String namespaceURI,
- final String localName, final String namespacePrefix) {
- return new EIDSectorShareImpl(namespaceURI, localName, namespacePrefix);
- }
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.EIDSectorShare;
+
+/**
+ * The Class EIDSectorShareBuilder.
+ *
+ * @author fjquevedo
+ */
+public class EIDSectorShareBuilder extends
+ AbstractSAMLObjectBuilder<EIDSectorShare> {
+
+ /**
+ * Builds the object.
+ *
+ * @return the eID sector share
+ */
+ public final EIDSectorShare buildObject() {
+ return buildObject(EIDSectorShare.DEF_ELEMENT_NAME);
+ }
+
+ /**
+ * Builds the object.
+ *
+ * @param namespaceURI the namespace uri
+ * @param localName the local name
+ * @param namespacePrefix the namespace prefix
+ * @return the eID sector share
+ */
+ public final EIDSectorShare buildObject(final String namespaceURI,
+ final String localName, final String namespacePrefix) {
+ return new EIDSectorShareImpl(namespaceURI, localName, namespacePrefix);
+ }
} \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java
index c548841f7..9ed726a32 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java
@@ -1,85 +1,85 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.EIDSectorShare;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-// TODO: Auto-generated Javadoc
-/**
- * The Class EIDSectorShareImpl.
- *
- * @author fjquevedo
- */
-public class EIDSectorShareImpl extends AbstractSAMLObject implements
- EIDSectorShare {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(EIDSectorShareImpl.class.getName());
-
- /** The e id sector share. */
- private String eIDSectorShare;
- /**
- * Instantiates a new eID sector share implementation.
- *
- * @param namespaceURI the namespace URI
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected EIDSectorShareImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
-
- /**
- * Gets the eID sector share.
- *
- * @return the eID sector share
- */
- public final String getEIDSectorShare() {
- return eIDSectorShare;
- }
-
- /**
- * Sets the eID sector share.
- *
- * @param newEIDSectorShare the new eID sector share
- */
- public final void setEIDSectorShare(String newEIDSectorShare) {
- this.eIDSectorShare = prepareForAssignment(this.eIDSectorShare, newEIDSectorShare);
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- */
- public final List<XMLObject> getOrderedChildren() {
- return null;
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.EIDSectorShare;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+// TODO: Auto-generated Javadoc
+/**
+ * The Class EIDSectorShareImpl.
+ *
+ * @author fjquevedo
+ */
+public class EIDSectorShareImpl extends AbstractSAMLObject implements
+ EIDSectorShare {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(EIDSectorShareImpl.class.getName());
+
+ /** The e id sector share. */
+ private String eIDSectorShare;
+ /**
+ * Instantiates a new eID sector share implementation.
+ *
+ * @param namespaceURI the namespace URI
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected EIDSectorShareImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+
+ /**
+ * Gets the eID sector share.
+ *
+ * @return the eID sector share
+ */
+ public final String getEIDSectorShare() {
+ return eIDSectorShare;
+ }
+
+ /**
+ * Sets the eID sector share.
+ *
+ * @param newEIDSectorShare the new eID sector share
+ */
+ public final void setEIDSectorShare(String newEIDSectorShare) {
+ this.eIDSectorShare = prepareForAssignment(this.eIDSectorShare, newEIDSectorShare);
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ */
+ public final List<XMLObject> getOrderedChildren() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
} \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareMarshaller.java
index 87ab23660..0ce449cd1 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareMarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareMarshaller.java
@@ -1,46 +1,46 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
-import org.opensaml.saml2.core.impl.AbstractNameIDTypeMarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.util.XMLHelper;
-import org.w3c.dom.Element;
-
-import eu.stork.peps.auth.engine.core.EIDSectorShare;
-
-/**
- * The Class EIDSectorShareMarshaller.
- *
- * @author fjquevedo
- */
-public class EIDSectorShareMarshaller extends AbstractSAMLObjectMarshaller {
-
- /**
- * Marshall element content.
- *
- * @param samlObject the SAML object
- * @param domElement the DOM element
- * @throws MarshallingException the marshalling exception
- */
- protected final void marshallElementContent(final XMLObject samlObject,
- final Element domElement) throws MarshallingException {
- final EIDSectorShare sectorShare = (EIDSectorShare) samlObject;
- XMLHelper.appendTextContent(domElement, sectorShare.getEIDSectorShare());
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.saml2.core.impl.AbstractNameIDTypeMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.EIDSectorShare;
+
+/**
+ * The Class EIDSectorShareMarshaller.
+ *
+ * @author fjquevedo
+ */
+public class EIDSectorShareMarshaller extends AbstractSAMLObjectMarshaller {
+
+ /**
+ * Marshall element content.
+ *
+ * @param samlObject the SAML object
+ * @param domElement the DOM element
+ * @throws MarshallingException the marshalling exception
+ */
+ protected final void marshallElementContent(final XMLObject samlObject,
+ final Element domElement) throws MarshallingException {
+ final EIDSectorShare sectorShare = (EIDSectorShare) samlObject;
+ XMLHelper.appendTextContent(domElement, sectorShare.getEIDSectorShare());
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareUnmarshaller.java
index 9c661813f..f7f00adb9 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareUnmarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareUnmarshaller.java
@@ -1,47 +1,47 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.util.XMLHelper;
-import org.w3c.dom.Element;
-
-import eu.stork.peps.auth.engine.core.EIDSectorShare;
-
-
-/**
- * The Class EIDSectorShareUnmarshaller.
- *
- * @author fjquevedo
- */
-public class EIDSectorShareUnmarshaller extends AbstractSAMLObjectUnmarshaller {
-
-
- /**
- * Process element content.
- *
- * @param samlObject the SAML object
- * @param domElement the DOM element
- * @throws MarshallingException the marshalling exception
- */
- protected final void processElementContent(final XMLObject samlObject,
- final String domElement) {
- final EIDSectorShare sectorShare = (EIDSectorShare) samlObject;
- sectorShare.setEIDSectorShare(domElement);
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.EIDSectorShare;
+
+
+/**
+ * The Class EIDSectorShareUnmarshaller.
+ *
+ * @author fjquevedo
+ */
+public class EIDSectorShareUnmarshaller extends AbstractSAMLObjectUnmarshaller {
+
+
+ /**
+ * Process element content.
+ *
+ * @param samlObject the SAML object
+ * @param domElement the DOM element
+ * @throws MarshallingException the marshalling exception
+ */
+ protected final void processElementContent(final XMLObject samlObject,
+ final String domElement) {
+ final EIDSectorShare sectorShare = (EIDSectorShare) samlObject;
+ sectorShare.setEIDSectorShare(domElement);
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
index c08986026..46f3bb402 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
@@ -1,84 +1,84 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The Class QAAAttributeImpl.
- *
- * @author fjquevedo
- */
-public class QAAAttributeImpl extends AbstractSAMLObject implements
- QAAAttribute {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(QAAAttributeImpl.class.getName());
- /** The quality authentication assurance level. */
- private String qaaLevel;
-
- /**
- * Constructor.
- *
- * @param namespaceURI the namespace the element is in
- * @param elementLocalName the local name of the XML element this Object
- * represents
- * @param namespacePrefix the prefix for the given namespace
- */
- protected QAAAttributeImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
- /**
- * Gets the quality authentication assurance level.
- *
- * @return the quality authentication assurance level
- */
- public final String getQaaLevel() {
- return qaaLevel;
- }
-
- /**
- * Sets the quality authentication assurance level.
- *
- * @param newQaaLevel the new quality authentication assurance level
- */
- public final void setQaaLevel(final String newQaaLevel) {
- this.qaaLevel = prepareForAssignment(this.qaaLevel, newQaaLevel);
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- */
- public final List<XMLObject> getOrderedChildren() {
- return null;
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class QAAAttributeImpl.
+ *
+ * @author fjquevedo
+ */
+public class QAAAttributeImpl extends AbstractSAMLObject implements
+ QAAAttribute {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(QAAAttributeImpl.class.getName());
+ /** The quality authentication assurance level. */
+ private String qaaLevel;
+
+ /**
+ * Constructor.
+ *
+ * @param namespaceURI the namespace the element is in
+ * @param elementLocalName the local name of the XML element this Object
+ * represents
+ * @param namespacePrefix the prefix for the given namespace
+ */
+ protected QAAAttributeImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /**
+ * Gets the quality authentication assurance level.
+ *
+ * @return the quality authentication assurance level
+ */
+ public final String getQaaLevel() {
+ return qaaLevel;
+ }
+
+ /**
+ * Sets the quality authentication assurance level.
+ *
+ * @param newQaaLevel the new quality authentication assurance level
+ */
+ public final void setQaaLevel(final String newQaaLevel) {
+ this.qaaLevel = prepareForAssignment(this.qaaLevel, newQaaLevel);
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ */
+ public final List<XMLObject> getOrderedChildren() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeBuilder.java
index 70bd6ac1f..c9881c439 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeBuilder.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeBuilder.java
@@ -1,54 +1,54 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
-
-import eu.stork.peps.auth.engine.core.RequestedAttribute;
-
-/**
- * The Class RequestedAttributeBuilder.
- *
- * @author fjquevedo
- */
-public class RequestedAttributeBuilder extends
- AbstractSAMLObjectBuilder<RequestedAttribute> {
-
-
- /**
- * Builds the object.
- *
- * @return the requested attribute
- */
- public final RequestedAttribute buildObject() {
- return buildObject(RequestedAttribute.DEF_ELEMENT_NAME);
- }
-
- /**
- * Builds the object.
- *
- * @param namespaceURI the namespace uri
- * @param localName the local name
- * @param namespacePrefix the namespace prefix
- * @return the requested attribute
- */
- public final RequestedAttribute buildObject(final String namespaceURI,
- final String localName, final String namespacePrefix) {
- return new RequestedAttributeImpl(namespaceURI, localName,
- namespacePrefix);
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+
+/**
+ * The Class RequestedAttributeBuilder.
+ *
+ * @author fjquevedo
+ */
+public class RequestedAttributeBuilder extends
+ AbstractSAMLObjectBuilder<RequestedAttribute> {
+
+
+ /**
+ * Builds the object.
+ *
+ * @return the requested attribute
+ */
+ public final RequestedAttribute buildObject() {
+ return buildObject(RequestedAttribute.DEF_ELEMENT_NAME);
+ }
+
+ /**
+ * Builds the object.
+ *
+ * @param namespaceURI the namespace uri
+ * @param localName the local name
+ * @param namespacePrefix the namespace prefix
+ * @return the requested attribute
+ */
+ public final RequestedAttribute buildObject(final String namespaceURI,
+ final String localName, final String namespacePrefix) {
+ return new RequestedAttributeImpl(namespaceURI, localName,
+ namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
index ad759230a..ac2e8a3ee 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
@@ -1,220 +1,220 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSBooleanValue;
-import org.opensaml.xml.util.AttributeMap;
-import org.opensaml.xml.util.XMLObjectChildrenList;
-
-import eu.stork.peps.auth.engine.core.RequestedAttribute;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-// TODO: Auto-generated Javadoc
-/**
- * The Class RequestedAttributeImpl.
- *
- * @author fjquevedo
- */
-public class RequestedAttributeImpl extends AbstractSAMLObject implements
- RequestedAttribute {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(RequestedAttributeImpl.class.getName());
- /**
- * The attribute values.
- */
- private final XMLObjectChildrenList<XMLObject> attributeValues;
-
- /**
- * The friendly name.
- *
- */
- private String friendlyName;
-
- /**
- * The is required.
- */
- private String isRequired;
-
- /**
- * The name.
- *
- */
- private String name;
-
- /**
- * The name format.
- *
- */
- private String nameFormat;
-
- /**
- * The unknown attributes.
- *
- */
- private AttributeMap unknownAttributes;
-
- /**
- * Instantiates a new requested attribute impl.
- *
- * @param namespaceURI the namespace uri
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected RequestedAttributeImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- unknownAttributes = new AttributeMap(this);
- attributeValues = new XMLObjectChildrenList<XMLObject>(this);
- }
-
-
- /**
- * Gets the attribute values.
- *
- * @return the attribute values
- */
- public final List<XMLObject> getAttributeValues() {
- return attributeValues;
- }
-
- /**
- * Gets the friendly name.
- *
- * @return the friendly name.
- */
- public final String getFriendlyName() {
- return friendlyName;
- }
-
-
- /**
- * Gets the checks if is required.
- *
- * @return the boolean if it's required.
- */
- public final String isRequired() {
- return isRequired;
- }
-
-
- /**
- * Gets the is required xs boolean.
- *
- * @return the XSBoolean if it's required.
- */
- public final String getIsRequiredXSBoolean() {
- return isRequired;
- }
-
-
- /**
- * Gets the name.
- *
- * @return the name
- */
- public final String getName() {
- return name;
- }
-
-
- /**
- * Gets the name format.
- *
- * @return the name format.
- */
- public final String getNameFormat() {
- return nameFormat;
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the list of XMLObject.
- */
- public final List<XMLObject> getOrderedChildren() {
- final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
- children.addAll(attributeValues);
- return Collections.unmodifiableList(children);
- }
-
- /**
- * Gets the unknown attributes.
- *
- * @return the attribute map
- */
- public final AttributeMap getUnknownAttributes() {
- return unknownAttributes;
- }
-
- /**
- * Sets the friendly name.
- *
- * @param newFriendlyName the new friendly name format
- */
- public final void setFriendlyName(final String newFriendlyName) {
- this.friendlyName = prepareForAssignment(this.friendlyName,
- newFriendlyName);
- }
-
- /**
- * Set new boolean value isRequired.
- * @param newIsRequired then new value
- */
- public final void setIsRequired(final String newIsRequired) {
- isRequired = prepareForAssignment(this.isRequired, newIsRequired);
-
- }
-
- /**
- * Sets the name.
- *
- * @param newName the new name
- */
- public final void setName(final String newName) {
- this.name = prepareForAssignment(this.name, newName);
- }
-
- /**
- * Sets the name format.
- *
- * @param newNameFormat the new name format
- */
- public final void setNameFormat(final String newNameFormat) {
- this.nameFormat = prepareForAssignment(this.nameFormat, newNameFormat);
- }
-
- /**
- * Sets the unknown attributes.
- *
- * @param newUnknownAttr the new unknown attributes
- */
- public final void setUnknownAttributes(final AttributeMap newUnknownAttr) {
- this.unknownAttributes = newUnknownAttr;
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSBooleanValue;
+import org.opensaml.xml.util.AttributeMap;
+import org.opensaml.xml.util.XMLObjectChildrenList;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+// TODO: Auto-generated Javadoc
+/**
+ * The Class RequestedAttributeImpl.
+ *
+ * @author fjquevedo
+ */
+public class RequestedAttributeImpl extends AbstractSAMLObject implements
+ RequestedAttribute {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(RequestedAttributeImpl.class.getName());
+ /**
+ * The attribute values.
+ */
+ private final XMLObjectChildrenList<XMLObject> attributeValues;
+
+ /**
+ * The friendly name.
+ *
+ */
+ private String friendlyName;
+
+ /**
+ * The is required.
+ */
+ private String isRequired;
+
+ /**
+ * The name.
+ *
+ */
+ private String name;
+
+ /**
+ * The name format.
+ *
+ */
+ private String nameFormat;
+
+ /**
+ * The unknown attributes.
+ *
+ */
+ private AttributeMap unknownAttributes;
+
+ /**
+ * Instantiates a new requested attribute impl.
+ *
+ * @param namespaceURI the namespace uri
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected RequestedAttributeImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ unknownAttributes = new AttributeMap(this);
+ attributeValues = new XMLObjectChildrenList<XMLObject>(this);
+ }
+
+
+ /**
+ * Gets the attribute values.
+ *
+ * @return the attribute values
+ */
+ public final List<XMLObject> getAttributeValues() {
+ return attributeValues;
+ }
+
+ /**
+ * Gets the friendly name.
+ *
+ * @return the friendly name.
+ */
+ public final String getFriendlyName() {
+ return friendlyName;
+ }
+
+
+ /**
+ * Gets the checks if is required.
+ *
+ * @return the boolean if it's required.
+ */
+ public final String isRequired() {
+ return isRequired;
+ }
+
+
+ /**
+ * Gets the is required xs boolean.
+ *
+ * @return the XSBoolean if it's required.
+ */
+ public final String getIsRequiredXSBoolean() {
+ return isRequired;
+ }
+
+
+ /**
+ * Gets the name.
+ *
+ * @return the name
+ */
+ public final String getName() {
+ return name;
+ }
+
+
+ /**
+ * Gets the name format.
+ *
+ * @return the name format.
+ */
+ public final String getNameFormat() {
+ return nameFormat;
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the list of XMLObject.
+ */
+ public final List<XMLObject> getOrderedChildren() {
+ final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+ children.addAll(attributeValues);
+ return Collections.unmodifiableList(children);
+ }
+
+ /**
+ * Gets the unknown attributes.
+ *
+ * @return the attribute map
+ */
+ public final AttributeMap getUnknownAttributes() {
+ return unknownAttributes;
+ }
+
+ /**
+ * Sets the friendly name.
+ *
+ * @param newFriendlyName the new friendly name format
+ */
+ public final void setFriendlyName(final String newFriendlyName) {
+ this.friendlyName = prepareForAssignment(this.friendlyName,
+ newFriendlyName);
+ }
+
+ /**
+ * Set new boolean value isRequired.
+ * @param newIsRequired then new value
+ */
+ public final void setIsRequired(final String newIsRequired) {
+ isRequired = prepareForAssignment(this.isRequired, newIsRequired);
+
+ }
+
+ /**
+ * Sets the name.
+ *
+ * @param newName the new name
+ */
+ public final void setName(final String newName) {
+ this.name = prepareForAssignment(this.name, newName);
+ }
+
+ /**
+ * Sets the name format.
+ *
+ * @param newNameFormat the new name format
+ */
+ public final void setNameFormat(final String newNameFormat) {
+ this.nameFormat = prepareForAssignment(this.nameFormat, newNameFormat);
+ }
+
+ /**
+ * Sets the unknown attributes.
+ *
+ * @param newUnknownAttr the new unknown attributes
+ */
+ public final void setUnknownAttributes(final AttributeMap newUnknownAttr) {
+ this.unknownAttributes = newUnknownAttr;
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeMarshaller.java
index 6d0669241..1a14a118a 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeMarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeMarshaller.java
@@ -1,89 +1,89 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.Map.Entry;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.Configuration;
-import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.util.XMLHelper;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-
-import eu.stork.peps.auth.engine.core.RequestedAttribute;
-
-/**
- * The Class RequestedAttributeMarshaller.
- *
- * @author fjquevedo
- */
-public class RequestedAttributeMarshaller extends AbstractSAMLObjectMarshaller {
-
- /**
- * Marshall attributes.
- *
- * @param samlElement the SAML element
- * @param domElement the DOM element
- * @throws MarshallingException the marshalling exception
- */
- protected final void marshallAttributes(final XMLObject samlElement,
- final Element domElement) throws MarshallingException {
- final RequestedAttribute requestedAttr = (RequestedAttribute) samlElement;
-
- if (requestedAttr.getName() != null) {
- domElement.setAttributeNS(null,
- RequestedAttribute.NAME_ATTRIB_NAME, requestedAttr
- .getName());
- }
-
- if (requestedAttr.getNameFormat() != null) {
- domElement.setAttributeNS(null,
- RequestedAttribute.NAME_FORMAT_ATTR, requestedAttr
- .getNameFormat());
- }
-
- if (requestedAttr.getFriendlyName() != null) {
- domElement.setAttributeNS(null,
- RequestedAttribute.FRIENDLY_NAME_ATT, requestedAttr
- .getFriendlyName());
- }
-
- if (requestedAttr.getIsRequiredXSBoolean() != null) {
- domElement.setAttributeNS(null,
- RequestedAttribute.IS_REQUIRED_ATTR, requestedAttr
- .getIsRequiredXSBoolean().toString());
- }
-
- Attr attr;
- for (Entry<QName, String> entry : requestedAttr.getUnknownAttributes()
- .entrySet()) {
- attr = XMLHelper.constructAttribute(domElement.getOwnerDocument(),
- entry.getKey());
- attr.setValue(entry.getValue());
- domElement.setAttributeNodeNS(attr);
- if (Configuration.isIDAttribute(entry.getKey())
- || requestedAttr.getUnknownAttributes().isIDAttribute(
- entry.getKey())) {
- attr.getOwnerElement().setIdAttributeNode(attr, true);
- }
- }
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.Map.Entry;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.Configuration;
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+
+/**
+ * The Class RequestedAttributeMarshaller.
+ *
+ * @author fjquevedo
+ */
+public class RequestedAttributeMarshaller extends AbstractSAMLObjectMarshaller {
+
+ /**
+ * Marshall attributes.
+ *
+ * @param samlElement the SAML element
+ * @param domElement the DOM element
+ * @throws MarshallingException the marshalling exception
+ */
+ protected final void marshallAttributes(final XMLObject samlElement,
+ final Element domElement) throws MarshallingException {
+ final RequestedAttribute requestedAttr = (RequestedAttribute) samlElement;
+
+ if (requestedAttr.getName() != null) {
+ domElement.setAttributeNS(null,
+ RequestedAttribute.NAME_ATTRIB_NAME, requestedAttr
+ .getName());
+ }
+
+ if (requestedAttr.getNameFormat() != null) {
+ domElement.setAttributeNS(null,
+ RequestedAttribute.NAME_FORMAT_ATTR, requestedAttr
+ .getNameFormat());
+ }
+
+ if (requestedAttr.getFriendlyName() != null) {
+ domElement.setAttributeNS(null,
+ RequestedAttribute.FRIENDLY_NAME_ATT, requestedAttr
+ .getFriendlyName());
+ }
+
+ if (requestedAttr.getIsRequiredXSBoolean() != null) {
+ domElement.setAttributeNS(null,
+ RequestedAttribute.IS_REQUIRED_ATTR, requestedAttr
+ .getIsRequiredXSBoolean().toString());
+ }
+
+ Attr attr;
+ for (Entry<QName, String> entry : requestedAttr.getUnknownAttributes()
+ .entrySet()) {
+ attr = XMLHelper.constructAttribute(domElement.getOwnerDocument(),
+ entry.getKey());
+ attr.setValue(entry.getValue());
+ domElement.setAttributeNodeNS(attr);
+ if (Configuration.isIDAttribute(entry.getKey())
+ || requestedAttr.getUnknownAttributes().isIDAttribute(
+ entry.getKey())) {
+ attr.getOwnerElement().setIdAttributeNode(attr, true);
+ }
+ }
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeUnmarshaller.java
index 551f4239d..c07f852d9 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeUnmarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeUnmarshaller.java
@@ -1,96 +1,96 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
-
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.schema.XSBooleanValue;
-import org.opensaml.xml.util.XMLHelper;
-import org.w3c.dom.Attr;
-
-import eu.stork.peps.auth.engine.core.RequestedAttribute;
-import eu.stork.peps.auth.engine.core.SAMLCore;
-
-/**
- * The Class RequestedAttributeUnmarshaller.
- *
- * @author fjquevedo
- */
-public class RequestedAttributeUnmarshaller extends
- AbstractSAMLObjectUnmarshaller {
-
- /**
- * Process child element.
- *
- * @param parentSAMLObject parent SAMLObject
- * @param childSAMLObject child SAMLObject
- *
- * @throws UnmarshallingException error at unmarshall XML object
- */
- protected final void processChildElement(final XMLObject parentSAMLObject,
- final XMLObject childSAMLObject) throws UnmarshallingException {
-
- final RequestedAttribute requestedAttr = (RequestedAttribute) parentSAMLObject;
-
- final QName childQName = childSAMLObject.getElementQName();
- if (childQName.getLocalPart().equals("AttributeValue")
- && childQName.getNamespaceURI().equals(SAMLCore.STORK10_NS.getValue())) {
- requestedAttr.getAttributeValues().add(childSAMLObject);
- } else {
- super.processChildElement(parentSAMLObject, childSAMLObject);
- }
- }
-
- /**
- * Process attribute.
- *
- * @param samlObject the SAML object
- * @param attribute the attribute
- * @throws UnmarshallingException the unmarshalling exception
- */
- protected final void processAttribute(final XMLObject samlObject,
- final Attr attribute) throws UnmarshallingException {
-
- final RequestedAttribute requestedAttr = (RequestedAttribute) samlObject;
-
- if (attribute.getLocalName()
- .equals(RequestedAttribute.NAME_ATTRIB_NAME)) {
- requestedAttr.setName(attribute.getValue());
- } else if (attribute.getLocalName().equals(
- RequestedAttribute.NAME_FORMAT_ATTR)) {
- requestedAttr.setNameFormat(attribute.getValue());
- } else if (attribute.getLocalName().equals(
- RequestedAttribute.FRIENDLY_NAME_ATT)) {
- requestedAttr.setFriendlyName(attribute.getValue());
- } else if (attribute.getLocalName().equals(
- RequestedAttribute.IS_REQUIRED_ATTR)) {
- requestedAttr.setIsRequired(attribute
- .getValue());
-
- } else {
- final QName attribQName = XMLHelper.getNodeQName(attribute);
- if (attribute.isId()) {
- requestedAttr.getUnknownAttributes().registerID(attribQName);
- }
- requestedAttr.getUnknownAttributes().put(attribQName,
- attribute.getValue());
- }
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.schema.XSBooleanValue;
+import org.opensaml.xml.util.XMLHelper;
+import org.w3c.dom.Attr;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+import eu.stork.peps.auth.engine.core.SAMLCore;
+
+/**
+ * The Class RequestedAttributeUnmarshaller.
+ *
+ * @author fjquevedo
+ */
+public class RequestedAttributeUnmarshaller extends
+ AbstractSAMLObjectUnmarshaller {
+
+ /**
+ * Process child element.
+ *
+ * @param parentSAMLObject parent SAMLObject
+ * @param childSAMLObject child SAMLObject
+ *
+ * @throws UnmarshallingException error at unmarshall XML object
+ */
+ protected final void processChildElement(final XMLObject parentSAMLObject,
+ final XMLObject childSAMLObject) throws UnmarshallingException {
+
+ final RequestedAttribute requestedAttr = (RequestedAttribute) parentSAMLObject;
+
+ final QName childQName = childSAMLObject.getElementQName();
+ if (childQName.getLocalPart().equals("AttributeValue")
+ && childQName.getNamespaceURI().equals(SAMLCore.STORK10_NS.getValue())) {
+ requestedAttr.getAttributeValues().add(childSAMLObject);
+ } else {
+ super.processChildElement(parentSAMLObject, childSAMLObject);
+ }
+ }
+
+ /**
+ * Process attribute.
+ *
+ * @param samlObject the SAML object
+ * @param attribute the attribute
+ * @throws UnmarshallingException the unmarshalling exception
+ */
+ protected final void processAttribute(final XMLObject samlObject,
+ final Attr attribute) throws UnmarshallingException {
+
+ final RequestedAttribute requestedAttr = (RequestedAttribute) samlObject;
+
+ if (attribute.getLocalName()
+ .equals(RequestedAttribute.NAME_ATTRIB_NAME)) {
+ requestedAttr.setName(attribute.getValue());
+ } else if (attribute.getLocalName().equals(
+ RequestedAttribute.NAME_FORMAT_ATTR)) {
+ requestedAttr.setNameFormat(attribute.getValue());
+ } else if (attribute.getLocalName().equals(
+ RequestedAttribute.FRIENDLY_NAME_ATT)) {
+ requestedAttr.setFriendlyName(attribute.getValue());
+ } else if (attribute.getLocalName().equals(
+ RequestedAttribute.IS_REQUIRED_ATTR)) {
+ requestedAttr.setIsRequired(attribute
+ .getValue());
+
+ } else {
+ final QName attribQName = XMLHelper.getNodeQName(attribute);
+ if (attribute.isId()) {
+ requestedAttr.getUnknownAttributes().registerID(attribQName);
+ }
+ requestedAttr.getUnknownAttributes().put(attribQName,
+ attribute.getValue());
+ }
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesBuilder.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesBuilder.java
index 138177995..d421c53d2 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesBuilder.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesBuilder.java
@@ -1,54 +1,54 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
-
-import eu.stork.peps.auth.engine.core.RequestedAttributes;
-
-/**
- * The Class RequestedAttributesBuilder.
- *
- * @author fjquevedo
- */
-public class RequestedAttributesBuilder extends
- AbstractSAMLObjectBuilder<RequestedAttributes> {
-
-
- /**
- * Builds the object.
- *
- * @return the requested attributes
- */
- public final RequestedAttributes buildObject() {
- return buildObject(RequestedAttributes.DEF_ELEMENT_NAME);
- }
-
- /**
- * Builds the object.
- *
- * @param namespaceURI the namespace uri
- * @param localName the local name
- * @param namespacePrefix the namespace prefix
- * @return the requested attributes
- */
- public final RequestedAttributes buildObject(final String namespaceURI,
- final String localName, final String namespacePrefix) {
- return new RequestedAttributesImpl(namespaceURI, localName,
- namespacePrefix);
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectBuilder;
+
+import eu.stork.peps.auth.engine.core.RequestedAttributes;
+
+/**
+ * The Class RequestedAttributesBuilder.
+ *
+ * @author fjquevedo
+ */
+public class RequestedAttributesBuilder extends
+ AbstractSAMLObjectBuilder<RequestedAttributes> {
+
+
+ /**
+ * Builds the object.
+ *
+ * @return the requested attributes
+ */
+ public final RequestedAttributes buildObject() {
+ return buildObject(RequestedAttributes.DEF_ELEMENT_NAME);
+ }
+
+ /**
+ * Builds the object.
+ *
+ * @param namespaceURI the namespace uri
+ * @param localName the local name
+ * @param namespacePrefix the namespace prefix
+ * @return the requested attributes
+ */
+ public final RequestedAttributes buildObject(final String namespaceURI,
+ final String localName, final String namespacePrefix) {
+ return new RequestedAttributesImpl(namespaceURI, localName,
+ namespacePrefix);
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesImpl.java
index a58a08a05..0a5b37add 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesImpl.java
@@ -1,95 +1,95 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.util.IndexedXMLObjectChildrenList;
-
-import eu.stork.peps.auth.engine.core.RequestedAttribute;
-import eu.stork.peps.auth.engine.core.RequestedAttributes;
-
-/**
- * The Class RequestedAttributesImpl.
- *
- * @author fjquevedo
- */
-public class RequestedAttributesImpl extends AbstractSAMLObject implements
- RequestedAttributes {
-
- /**
- * Instantiates a new requested attributes implement.
- *
- * @param namespaceURI the namespace URI
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected RequestedAttributesImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- indexedChildren = new IndexedXMLObjectChildrenList<XMLObject>(this);
- }
-
- /** The indexed children. */
- private final IndexedXMLObjectChildrenList<XMLObject> indexedChildren;
-
- /**
- * Gets the indexed children.
- *
- * @return the indexed children
- */
- public final IndexedXMLObjectChildrenList<XMLObject> getIndexedChildren() {
- return indexedChildren;
- }
-
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- */
- public final List<XMLObject> getOrderedChildren() {
-
- final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
-
- children.addAll(indexedChildren);
-
- return Collections.unmodifiableList(children);
-
- }
-
- /**
- * Gets the attributes.
- *
- * @return the attributes
- *
- * @see eu.stork.peps.auth.engine.core.RequestedAttributes#getAttributes()
- */
- @SuppressWarnings("unchecked")
- public final List<RequestedAttribute> getAttributes() {
- return (List<RequestedAttribute>) indexedChildren
- .subList(RequestedAttribute.DEF_ELEMENT_NAME);
- }
-
- @Override
- public int hashCode() {
- throw new UnsupportedOperationException("hashCode method not implemented");
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.util.IndexedXMLObjectChildrenList;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+import eu.stork.peps.auth.engine.core.RequestedAttributes;
+
+/**
+ * The Class RequestedAttributesImpl.
+ *
+ * @author fjquevedo
+ */
+public class RequestedAttributesImpl extends AbstractSAMLObject implements
+ RequestedAttributes {
+
+ /**
+ * Instantiates a new requested attributes implement.
+ *
+ * @param namespaceURI the namespace URI
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected RequestedAttributesImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ indexedChildren = new IndexedXMLObjectChildrenList<XMLObject>(this);
+ }
+
+ /** The indexed children. */
+ private final IndexedXMLObjectChildrenList<XMLObject> indexedChildren;
+
+ /**
+ * Gets the indexed children.
+ *
+ * @return the indexed children
+ */
+ public final IndexedXMLObjectChildrenList<XMLObject> getIndexedChildren() {
+ return indexedChildren;
+ }
+
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ */
+ public final List<XMLObject> getOrderedChildren() {
+
+ final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ children.addAll(indexedChildren);
+
+ return Collections.unmodifiableList(children);
+
+ }
+
+ /**
+ * Gets the attributes.
+ *
+ * @return the attributes
+ *
+ * @see eu.stork.peps.auth.engine.core.RequestedAttributes#getAttributes()
+ */
+ @SuppressWarnings("unchecked")
+ public final List<RequestedAttribute> getAttributes() {
+ return (List<RequestedAttribute>) indexedChildren
+ .subList(RequestedAttribute.DEF_ELEMENT_NAME);
+ }
+
+ @Override
+ public int hashCode() {
+ throw new UnsupportedOperationException("hashCode method not implemented");
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesMarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesMarshaller.java
index 955fe0318..dfc42adf3 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesMarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesMarshaller.java
@@ -1,33 +1,33 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
-
-/**
- * The Class RequestedAttributesMarshaller.
- *
- * @author fjquevedo
- */
-public class RequestedAttributesMarshaller extends AbstractSAMLObjectMarshaller {
-
- /**
- * Instantiates a new requested attributes marshaller.
- */
- public RequestedAttributesMarshaller() {
- super();
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectMarshaller;
+
+/**
+ * The Class RequestedAttributesMarshaller.
+ *
+ * @author fjquevedo
+ */
+public class RequestedAttributesMarshaller extends AbstractSAMLObjectMarshaller {
+
+ /**
+ * Instantiates a new requested attributes marshaller.
+ */
+ public RequestedAttributesMarshaller() {
+ super();
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesUnmarshaller.java
index 132d6cc59..41b3afa40 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesUnmarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributesUnmarshaller.java
@@ -1,52 +1,52 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.UnmarshallingException;
-
-import eu.stork.peps.auth.engine.core.RequestedAttribute;
-import eu.stork.peps.auth.engine.core.RequestedAttributes;
-
-/**
- * The Class RequestedAttributesUnmarshaller.
- *
- * @author fjquevedo
- */
-public class RequestedAttributesUnmarshaller extends
- AbstractSAMLObjectUnmarshaller {
-
- /**
- * Process child element.
- *
- * @param parentObject the parent object
- * @param childObject the child object
- *
- * @throws UnmarshallingException error in unmarshall
- */
- protected final void processChildElement(final XMLObject parentObject,
- final XMLObject childObject) throws UnmarshallingException {
- final RequestedAttributes attrStatement = (RequestedAttributes) parentObject;
-
- if (childObject instanceof RequestedAttribute) {
- attrStatement.getAttributes().add((RequestedAttribute) childObject);
- } else {
- super.processChildElement(parentObject, childObject);
- }
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.peps.auth.engine.core.RequestedAttribute;
+import eu.stork.peps.auth.engine.core.RequestedAttributes;
+
+/**
+ * The Class RequestedAttributesUnmarshaller.
+ *
+ * @author fjquevedo
+ */
+public class RequestedAttributesUnmarshaller extends
+ AbstractSAMLObjectUnmarshaller {
+
+ /**
+ * Process child element.
+ *
+ * @param parentObject the parent object
+ * @param childObject the child object
+ *
+ * @throws UnmarshallingException error in unmarshall
+ */
+ protected final void processChildElement(final XMLObject parentObject,
+ final XMLObject childObject) throws UnmarshallingException {
+ final RequestedAttributes attrStatement = (RequestedAttributes) parentObject;
+
+ if (childObject instanceof RequestedAttribute) {
+ attrStatement.getAttributes().add((RequestedAttribute) childObject);
+ } else {
+ super.processChildElement(parentObject, childObject);
+ }
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
index 6bb631a74..0a428a521 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
@@ -1,84 +1,84 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.SPApplication;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The Class SPApplicationImpl.
- *
- * @author fjquevedo
- */
-public class SPApplicationImpl extends AbstractSAMLObject implements
- SPApplication {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(SPApplicationImpl.class.getName());
- /** The service provider application. */
- private String spApplication;
-
- /**
- * Instantiates a new service provider application.
- *
- * @param namespaceURI the namespace uri
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected SPApplicationImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
- /**
- * Gets the service provider application.
- *
- * @return the service provider application
- */
- public final String getSPApplication() {
- return spApplication;
- }
-
- /**
- * Sets the service provider application.
- *
- * @param newSpApplication the new service provider application
- */
- public final void setSPApplication(final String newSpApplication) {
- this.spApplication = prepareForAssignment(this.spApplication,
- newSpApplication);
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- */
- public final List<XMLObject> getOrderedChildren() {
- return null;
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPApplication;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class SPApplicationImpl.
+ *
+ * @author fjquevedo
+ */
+public class SPApplicationImpl extends AbstractSAMLObject implements
+ SPApplication {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(SPApplicationImpl.class.getName());
+ /** The service provider application. */
+ private String spApplication;
+
+ /**
+ * Instantiates a new service provider application.
+ *
+ * @param namespaceURI the namespace uri
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected SPApplicationImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /**
+ * Gets the service provider application.
+ *
+ * @return the service provider application
+ */
+ public final String getSPApplication() {
+ return spApplication;
+ }
+
+ /**
+ * Sets the service provider application.
+ *
+ * @param newSpApplication the new service provider application
+ */
+ public final void setSPApplication(final String newSpApplication) {
+ this.spApplication = prepareForAssignment(this.spApplication,
+ newSpApplication);
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ */
+ public final List<XMLObject> getOrderedChildren() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
index db58fb8be..40a1ac86a 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
@@ -1,82 +1,82 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.SPCountry;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The Class SPCountryImpl.
- *
- * @author fjquevedo
- */
-public class SPCountryImpl extends AbstractSAMLObject implements SPCountry {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(SPCountryImpl.class.getName());
- /** The service provider country. */
- private String spCountry;
-
- /**
- * Instantiates a new service provider country.
- *
- * @param namespaceURI the namespace uri
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected SPCountryImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
- /**
- * Gets the service provider country.
- *
- * @return the service provider country
- */
- public final String getSPCountry() {
- return spCountry;
- }
-
- /**
- * Sets the service provider country.
- *
- * @param newSpCountry the new service provider country
- */
- public final void setSPCountry(final String newSpCountry) {
- this.spCountry = prepareForAssignment(this.spCountry, newSpCountry);
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- */
- public final List<XMLObject> getOrderedChildren() {
- return null;
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPCountry;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class SPCountryImpl.
+ *
+ * @author fjquevedo
+ */
+public class SPCountryImpl extends AbstractSAMLObject implements SPCountry {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(SPCountryImpl.class.getName());
+ /** The service provider country. */
+ private String spCountry;
+
+ /**
+ * Instantiates a new service provider country.
+ *
+ * @param namespaceURI the namespace uri
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected SPCountryImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /**
+ * Gets the service provider country.
+ *
+ * @return the service provider country
+ */
+ public final String getSPCountry() {
+ return spCountry;
+ }
+
+ /**
+ * Sets the service provider country.
+ *
+ * @param newSpCountry the new service provider country
+ */
+ public final void setSPCountry(final String newSpCountry) {
+ this.spCountry = prepareForAssignment(this.spCountry, newSpCountry);
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ */
+ public final List<XMLObject> getOrderedChildren() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
index 0c7127273..68611997b 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
@@ -1,82 +1,82 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.SPID;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The Class SPIDImpl.
- *
- * @author iinigo
- */
-public class SPIDImpl extends AbstractSAMLObject implements SPID {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(SPIDImpl.class.getName());
- /** The citizen country code. */
- private String spId;
-
- /**
- * Instantiates a new sP country impl.
- *
- * @param namespaceURI the namespace uri
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected SPIDImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
- /**
- * Gets the SP ID.
- *
- * @return the SP ID
- */
- public final String getSPID() {
- return spId;
- }
-
- /**
- * Sets the SP ID.
- *
- * @param newSPID the new SP ID
- */
- public final void setSPID(final String newSPID) {
- this.spId = prepareForAssignment(this.spId, newSPID);
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- */
- public final List<XMLObject> getOrderedChildren() {
- return null;
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPID;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class SPIDImpl.
+ *
+ * @author iinigo
+ */
+public class SPIDImpl extends AbstractSAMLObject implements SPID {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(SPIDImpl.class.getName());
+ /** The citizen country code. */
+ private String spId;
+
+ /**
+ * Instantiates a new sP country impl.
+ *
+ * @param namespaceURI the namespace uri
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected SPIDImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /**
+ * Gets the SP ID.
+ *
+ * @return the SP ID
+ */
+ public final String getSPID() {
+ return spId;
+ }
+
+ /**
+ * Sets the SP ID.
+ *
+ * @param newSPID the new SP ID
+ */
+ public final void setSPID(final String newSPID) {
+ this.spId = prepareForAssignment(this.spId, newSPID);
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ */
+ public final List<XMLObject> getOrderedChildren() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
index b5609600d..ff6e90999 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
@@ -1,110 +1,110 @@
-/*
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSignableSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.SPID;
-import eu.stork.peps.auth.engine.core.SPInformation;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-/**
- * The Class SPInformationImpl.
- *
- * @author iinigo
- */
-public final class SPInformationImpl extends AbstractSignableSAMLObject implements
-SPInformation {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(SPInformationImpl.class.getName());
- /** The citizen country code. */
- private SPID spId;
-
-
- /**
- * Instantiates a new requested attributes implement.
- *
- * @param namespaceURI the namespace URI
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected SPInformationImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
-
- /**
- * getSPId.
- *
- * @return the SP ID
- */
- public SPID getSPID() {
- return spId;
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- *
- */
- public List<XMLObject> getOrderedChildren() {
- final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
-
- children.add(spId);
-
- if (getSignature() != null) {
- children.add(getSignature());
- }
-
- return Collections.unmodifiableList(children);
-
- }
-
- /**
- * Gets the signature reference id.
- *
- * @return the signature reference id
- *
- */
- public String getSignatureReferenceID() {
- return null;
- }
-
- /**
- * Sets the SP Id.
- *
- * @param newSPId the new SP Id
- *
- */
- public void setSPID(SPID newSPId) {
- this.spId = prepareForAssignment(this.spId, newSPId);
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSignableSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPID;
+import eu.stork.peps.auth.engine.core.SPInformation;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * The Class SPInformationImpl.
+ *
+ * @author iinigo
+ */
+public final class SPInformationImpl extends AbstractSignableSAMLObject implements
+SPInformation {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(SPInformationImpl.class.getName());
+ /** The citizen country code. */
+ private SPID spId;
+
+
+ /**
+ * Instantiates a new requested attributes implement.
+ *
+ * @param namespaceURI the namespace URI
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected SPInformationImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+
+ /**
+ * getSPId.
+ *
+ * @return the SP ID
+ */
+ public SPID getSPID() {
+ return spId;
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ *
+ */
+ public List<XMLObject> getOrderedChildren() {
+ final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ children.add(spId);
+
+ if (getSignature() != null) {
+ children.add(getSignature());
+ }
+
+ return Collections.unmodifiableList(children);
+
+ }
+
+ /**
+ * Gets the signature reference id.
+ *
+ * @return the signature reference id
+ *
+ */
+ public String getSignatureReferenceID() {
+ return null;
+ }
+
+ /**
+ * Sets the SP Id.
+ *
+ * @param newSPId the new SP Id
+ *
+ */
+ public void setSPID(SPID newSPId) {
+ this.spId = prepareForAssignment(this.spId, newSPId);
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationUnmarshaller.java
index 79b0b0f35..414b93386 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationUnmarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationUnmarshaller.java
@@ -1,52 +1,52 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.UnmarshallingException;
-
-import eu.stork.peps.auth.engine.core.SPID;
-import eu.stork.peps.auth.engine.core.SPInformation;
-
-/**
- * The Class SPInformationUnmarshaller.
- *
- * @author iinigo
- */
-public class SPInformationUnmarshaller extends
- AbstractSAMLObjectUnmarshaller {
-
- /**
- * Process child element.
- *
- * @param parentObject the parent object
- * @param childObject the child object
- *
- * @throws UnmarshallingException the unmarshalling exception
- *
- */
- protected final void processChildElement(final XMLObject parentObject,
- final XMLObject childObject) throws UnmarshallingException {
- final SPInformation spInformation = (SPInformation) parentObject;
-
- if (childObject instanceof SPID) {
- spInformation.setSPID((SPID) childObject);
- } else {
- super.processChildElement(parentObject, childObject);
- }
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.peps.auth.engine.core.SPID;
+import eu.stork.peps.auth.engine.core.SPInformation;
+
+/**
+ * The Class SPInformationUnmarshaller.
+ *
+ * @author iinigo
+ */
+public class SPInformationUnmarshaller extends
+ AbstractSAMLObjectUnmarshaller {
+
+ /**
+ * Process child element.
+ *
+ * @param parentObject the parent object
+ * @param childObject the child object
+ *
+ * @throws UnmarshallingException the unmarshalling exception
+ *
+ */
+ protected final void processChildElement(final XMLObject parentObject,
+ final XMLObject childObject) throws UnmarshallingException {
+ final SPInformation spInformation = (SPInformation) parentObject;
+
+ if (childObject instanceof SPID) {
+ spInformation.setSPID((SPID) childObject);
+ } else {
+ super.processChildElement(parentObject, childObject);
+ }
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
index cf1760446..38438613a 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
@@ -1,84 +1,84 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.SPInstitution;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The Class SPInstitutionImpl.
- *
- * @author fjquevedo
- */
-public class SPInstitutionImpl extends AbstractSAMLObject implements
- SPInstitution {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(SPInstitutionImpl.class.getName());
- /** The service provider institution. */
- private String spInstitution;
-
- /**
- * Instantiates a new service provider institution.
- *
- * @param namespaceURI the namespace uri
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected SPInstitutionImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
- /**
- * Gets the service provider institution.
- *
- * @return the service provider institution
- */
- public final String getSPInstitution() {
- return spInstitution;
- }
-
- /**
- * Sets the service provider institution.
- *
- * @param newSpInstitution the new service provider institution
- */
- public final void setSPInstitution(final String newSpInstitution) {
- this.spInstitution = prepareForAssignment(this.spInstitution,
- newSpInstitution);
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- */
- public final List<XMLObject> getOrderedChildren() {
- return null;
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
- }
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPInstitution;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class SPInstitutionImpl.
+ *
+ * @author fjquevedo
+ */
+public class SPInstitutionImpl extends AbstractSAMLObject implements
+ SPInstitution {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(SPInstitutionImpl.class.getName());
+ /** The service provider institution. */
+ private String spInstitution;
+
+ /**
+ * Instantiates a new service provider institution.
+ *
+ * @param namespaceURI the namespace uri
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected SPInstitutionImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+ /**
+ * Gets the service provider institution.
+ *
+ * @return the service provider institution
+ */
+ public final String getSPInstitution() {
+ return spInstitution;
+ }
+
+ /**
+ * Sets the service provider institution.
+ *
+ * @param newSpInstitution the new service provider institution
+ */
+ public final void setSPInstitution(final String newSpInstitution) {
+ this.spInstitution = prepareForAssignment(this.spInstitution,
+ newSpInstitution);
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ */
+ public final List<XMLObject> getOrderedChildren() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
+ }
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorImpl.java
index a29810dd4..4ac822876 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPSectorImpl.java
@@ -1,84 +1,84 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.SPSector;
-
-
-/**
- * The Class SPSectorImpl.
- *
- * @author fjquevedo
- */
-public class SPSectorImpl extends AbstractSAMLObject implements SPSector {
-
- /** The service provider sector. */
- private String spSector;
-
- /**
- * Instantiates a new Service provider sector implementation.
- *
- * @param namespaceURI the namespace URI
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected SPSectorImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
-
- /**
- * Gets the service provider sector.
- *
- * @return the SP sector
- *
- * @see eu.stork.peps.auth.engine.core.SPSector#getSPSector()
- */
- public final String getSPSector() {
- return spSector;
- }
-
-
- /**
- * Sets the service provider sector.
- *
- * @param newSpSector the new service provider sector
- */
- public final void setSPSector(final String newSpSector) {
- this.spSector = prepareForAssignment(this.spSector, newSpSector);
- }
-
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- */
- public final List<XMLObject> getOrderedChildren() {
- return null;
- }
-
- @Override
- public int hashCode() {
- throw new UnsupportedOperationException("hashCode method not implemented");
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.SPSector;
+
+
+/**
+ * The Class SPSectorImpl.
+ *
+ * @author fjquevedo
+ */
+public class SPSectorImpl extends AbstractSAMLObject implements SPSector {
+
+ /** The service provider sector. */
+ private String spSector;
+
+ /**
+ * Instantiates a new Service provider sector implementation.
+ *
+ * @param namespaceURI the namespace URI
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected SPSectorImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+
+ /**
+ * Gets the service provider sector.
+ *
+ * @return the SP sector
+ *
+ * @see eu.stork.peps.auth.engine.core.SPSector#getSPSector()
+ */
+ public final String getSPSector() {
+ return spSector;
+ }
+
+
+ /**
+ * Sets the service provider sector.
+ *
+ * @param newSpSector the new service provider sector
+ */
+ public final void setSPSector(final String newSpSector) {
+ this.spSector = prepareForAssignment(this.spSector, newSpSector);
+ }
+
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ */
+ public final List<XMLObject> getOrderedChildren() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ throw new UnsupportedOperationException("hashCode method not implemented");
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
index 5e9c753ae..80796ea86 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
@@ -1,468 +1,468 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.Security;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.InvalidPropertiesFormatException;
-import java.util.List;
-import java.util.Properties;
-
-import eu.stork.peps.auth.engine.X509PrincipalUtil;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.NotImplementedException;
-import org.bouncycastle.jce.X509Principal;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityConfiguration;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
-import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
-import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
-import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
-import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.SignatureValidator;
-import org.opensaml.xml.signature.Signer;
-import org.opensaml.xml.validation.ValidationException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.exceptions.SAMLEngineException;
-
-/**
- * The Class HWSign. Module of sign.
- *
- * @author fjquevedo
- */
-public final class SignHW implements SAMLEngineSignI {
-
- /** The Constant CONFIGURATION_FILE. */
- private static final String CONF_FILE = "configurationFile";
-
- /** The Constant KEYSTORE_TYPE.
- private static final String KEYSTORE_TYPE = "keystoreType" */
-
- /** The logger. */
- private static final Logger LOG = LoggerFactory.getLogger(SignHW.class
- .getName());
-
- /** The stork own key store. */
- private KeyStore storkOwnKeyStore = null;
-
- /**
- * Gets the stork own key store.
- *
- * @return the stork own key store
- */
- public KeyStore getStorkOwnKeyStore() {
- return storkOwnKeyStore;
- }
-
- /**
- * Gets the stork trustStore.
- *
- * @return the stork own key store
- */
- public KeyStore getTrustStore() {
- return storkOwnKeyStore;
- }
-
- /**
- * Sets the stork own key store.
- *
- * @param newkOwnKeyStore the new stork own key store
- */
- public void setStorkOwnKeyStore(final KeyStore newkOwnKeyStore) {
- this.storkOwnKeyStore = newkOwnKeyStore;
- }
-
- /**
- * Gets the properties.
- *
- * @return the properties
- */
- public Properties getProperties() {
- return properties;
- }
-
- /**
- * Sets the properties.
- *
- * @param newProperties the new properties
- */
- public void setProperties(final Properties newProperties) {
- this.properties = newProperties;
- }
-
- /** The HW sign prop. */
- private Properties properties = null;
-
- /**
- * @see
- * eu.stork.peps.auth.engine.core.SAMLEngineSignI#init(java.lang.String)
- * @param fileConf file of configuration
- * @throws SAMLEngineException error in read file
- */
- public void init(final String fileConf)
- throws SAMLEngineException {
- InputStream inputStr = null;
- try {
- inputStr = SignHW.class.getResourceAsStream("/"
- + fileConf);
- properties = new Properties();
-
- properties.loadFromXML(inputStr);
- } catch (final InvalidPropertiesFormatException e) {
- LOG.info("Exception: invalid properties format.");
- throw new SAMLEngineException(e);
- } catch (IOException e) {
- LOG.info("Exception: invalid file: " + fileConf);
- throw new SAMLEngineException(e);
- } finally {
- IOUtils.closeQuietly(inputStr);
- }
- }
-
-
- /**
- * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#getCertificate()
- * @return the X509Certificate.
- */
- public X509Certificate getCertificate() {
- throw new NotImplementedException();
- }
-
- /**
- * @see
- * eu.stork.peps.auth.engine.core.SAMLEngineSignI#sign(SignableSAMLObject tokenSaml)
- * @param tokenSaml signable SAML Object
- * @return the SAMLObject signed.
- * @throws SAMLEngineException error in sign token saml
- */
- public SAMLObject sign(final SignableSAMLObject tokenSaml) throws SAMLEngineException {
-
- try {
- LOG.info("Star procces of sign");
- final char[] pin = properties.getProperty("keyPassword")
- .toCharArray();
-
- storkOwnKeyStore.load(null, pin);
-
- final String serialNumber = properties.getProperty("serialNumber");
- final String issuer = properties.getProperty("issuer");
-
- String alias = null;
- String aliasCert;
- X509Certificate certificate;
-
- boolean find = false;
- for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
- .hasMoreElements() && !find;) {
- aliasCert = e.nextElement();
- certificate = (X509Certificate) storkOwnKeyStore
- .getCertificate(aliasCert);
- // Verified serial number, issuer
-
- final String serialNum = certificate.getSerialNumber()
- .toString(16);
- X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
- X509Principal issuerDNConf = new X509Principal(issuer);
-
- if(serialNum.equalsIgnoreCase(serialNumber)
- && X509PrincipalUtil.equals(issuerDN, issuerDNConf)){
- alias = aliasCert;
- find = true;
- }
-
- }
-
- if (!find) {
- throw new SAMLEngineException("Certificate cannot be found in keystore ");
- }
- certificate = (X509Certificate) storkOwnKeyStore.getCertificate(alias);
- final PrivateKey privateKey = (PrivateKey) storkOwnKeyStore.getKey(
- alias, pin);
-
- LOG.info("Recover BasicX509Credential.");
- final BasicX509Credential credential = new BasicX509Credential();
-
- LOG.debug("Load certificate");
- credential.setEntityCertificate(certificate);
-
- LOG.debug("Load privateKey");
- credential.setPrivateKey(privateKey);
-
- LOG.info("Star procces of sign");
- final Signature signature = (Signature) org.opensaml.xml.Configuration
- .getBuilderFactory().getBuilder(
- Signature.DEFAULT_ELEMENT_NAME).buildObject(
- Signature.DEFAULT_ELEMENT_NAME);
-
- LOG.debug("Begin signature with openSaml");
- signature.setSigningCredential(credential);
-
- /*signature.setSignatureAlgorithm(
- SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);*/
- signature.setSignatureAlgorithm(
- SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
-
-
- final SecurityConfiguration securityConf =
- org.opensaml.xml.Configuration.getGlobalSecurityConfiguration();
- final NamedKeyInfoGeneratorManager keyInfoManager = securityConf
- .getKeyInfoGeneratorManager();
- final KeyInfoGeneratorManager keyInfoGenManager = keyInfoManager
- .getDefaultManager();
- final KeyInfoGeneratorFactory keyInfoGenFac = keyInfoGenManager
- .getFactory(credential);
- final KeyInfoGenerator keyInfoGenerator = keyInfoGenFac
- .newInstance();
-
- final KeyInfo keyInfo = keyInfoGenerator.generate(credential);
-
- signature.setKeyInfo(keyInfo);
-
- LOG.debug("Set Canonicalization Algorithm");
- signature.setCanonicalizationAlgorithm(
- SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
-
- //Create a second signature which will be used when signing assertion and response
- final Signature signature2 = (Signature) Configuration
- .getBuilderFactory().getBuilder(
- Signature.DEFAULT_ELEMENT_NAME).buildObject(
- Signature.DEFAULT_ELEMENT_NAME);
- final SecurityConfiguration secConfiguration2 = Configuration
- .getGlobalSecurityConfiguration();
- final NamedKeyInfoGeneratorManager keyInfoManager2 = secConfiguration2
- .getKeyInfoGeneratorManager();
- final KeyInfoGeneratorManager keyInfoGenManager2 = keyInfoManager2
- .getDefaultManager();
- final KeyInfoGeneratorFactory keyInfoGenFac2 = keyInfoGenManager2
- .getFactory(credential);
- final KeyInfoGenerator keyInfoGenerator2 = keyInfoGenFac2
- .newInstance();
-
- KeyInfo keyInfo2 = keyInfoGenerator2.generate(credential);
- signature2.setSigningCredential(credential);
- signature2.setSignatureAlgorithm(
- SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
- signature2.setKeyInfo(keyInfo2);
- signature2.setCanonicalizationAlgorithm(
- SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
-
-
- LOG.info("Marshall samlToken.");
- String qn = tokenSaml.getElementQName().toString();
-
- if (qn.endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
- {
- tokenSaml.setSignature(signature);
- CustomAttributeQueryMarshaller mars = new CustomAttributeQueryMarshaller();
- mars.marshall(tokenSaml);
- Signer.signObject(signature);
- }
- else if (qn.endsWith(Response.DEFAULT_ELEMENT_LOCAL_NAME) && !qn.contains(LogoutResponse.DEFAULT_ELEMENT_LOCAL_NAME))
- {
- Response res = (Response)tokenSaml;
- List<Assertion> asserts = res.getAssertions();
- //If multiple assertions we just sign the response and not the assertion
- if (asserts.size() > 1)
- {
- tokenSaml.setSignature(signature);
- Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
- .marshall(tokenSaml);
- LOG.info("Sign samlToken.");
- Signer.signObject(signature);
- }
- //If single assertion we sign the assertion and response
- else
- {
- Assertion assertion = (Assertion)asserts.get(0);
- assertion.setSignature(signature);
- tokenSaml.setSignature(signature2);
- Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
- .marshall(tokenSaml);
- LOG.info("Sign samlToken.");
- Signer.signObject(signature);
- Signer.signObject(signature2);
- }
- }
- //Normally we just sign the total saml response
- else
- {
- tokenSaml.setSignature(signature);
- Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
- .marshall(tokenSaml);
- LOG.info("Sign samlToken.");
- Signer.signObject(signature);
- }
-
- } catch (final MarshallingException e) {
- LOG.error("MarshallingException");
- throw new SAMLEngineException(e);
- } catch (final NoSuchAlgorithmException e) {
- LOG.error("A 'xmldsig#rsa-sha1' cryptographic algorithm is requested but is not available in the environment.");
- throw new SAMLEngineException(e);
- } catch (final KeyStoreException e) {
- LOG.error("Generic KeyStore exception.");
- throw new SAMLEngineException(e);
- } catch (final SignatureException e) {
- LOG.error("Signature exception.");
- throw new SAMLEngineException(e);
- } catch (final SecurityException e) {
- LOG.error("Security exception.");
- throw new SAMLEngineException(e);
- } catch (final CertificateException e) {
- LOG.error("Certificate exception.");
- throw new SAMLEngineException(e);
- } catch (final IOException e) {
- LOG.error("IO exception.");
- throw new SAMLEngineException(e);
- } catch (final UnrecoverableKeyException e) {
- LOG.error("UnrecoverableKeyException exception.");
- throw new SAMLEngineException(e);
- }
-
- return tokenSaml;
- }
-
- /**
- * @see
- * eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(SignableSAMLObject)
- * @param tokenSaml the token saml
- * @return the SAMLObject validated.
- * @throws SAMLEngineException exception in validate signature
- */
- public SAMLObject validateSignature(final SignableSAMLObject tokenSaml)
- throws SAMLEngineException {
- LOG.info("Start signature validation.");
- try {
-
- // Validate structure signature
- final SAMLSignatureProfileValidator signProfValidator =
- new SAMLSignatureProfileValidator();
-
- // Indicates signature id conform to SAML Signature profile
- signProfValidator.validate(tokenSaml.getSignature());
-
- String aliasCert;
- X509Certificate certificate;
-
- final List<Credential> trustedCred = new ArrayList<Credential>();
-
- for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
- .hasMoreElements();) {
- aliasCert = e.nextElement();
- final BasicX509Credential credential = new BasicX509Credential();
- certificate = (X509Certificate) storkOwnKeyStore
- .getCertificate(aliasCert);
- credential.setEntityCertificate(certificate);
- trustedCred.add(credential);
- }
-
- final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
- final List<X509Certificate> listCertificates = KeyInfoHelper
- .getCertificates(keyInfo);
-
- if (listCertificates.size() != 1) {
- throw new SAMLEngineException("Only must be one certificate");
- }
-
- // Exist only one certificate
- final BasicX509Credential entityX509Cred = new BasicX509Credential();
- entityX509Cred.setEntityCertificate(listCertificates.get(0));
-
- final ExplicitKeyTrustEvaluator keyTrustEvaluator =
- new ExplicitKeyTrustEvaluator();
- if (!keyTrustEvaluator.validate(entityX509Cred, trustedCred)) {
- throw new SAMLEngineException("Certificate it is not trusted.");
- }
-
- final SignatureValidator sigValidator = new SignatureValidator(
- entityX509Cred);
-
- sigValidator.validate(tokenSaml.getSignature());
-
- } catch (final ValidationException e) {
- LOG.error("ValidationException.", e);
- throw new SAMLEngineException(e);
- } catch (final KeyStoreException e) {
- LOG.error("ValidationException.", e);
- throw new SAMLEngineException(e);
- } catch (final CertificateException e) {
- LOG.error("CertificateException.", e);
- throw new SAMLEngineException(e);
- }
- return tokenSaml;
- }
-
- /**
- * load cryptographic service provider.
- *
- * @throws SAMLEngineException the SAML engine exception
- * Note this class was using pkcs11Provider
- * final Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(inputStream)
- * if (Security.getProperty(pkcs11Provider.getName()) == null) {
- * Security.insertProviderAt(pkcs11Provider, Security .getProviders().length)
- * }
- * storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE))
- */
- public void loadCryptServiceProvider() throws SAMLEngineException {
- LOG.info("Load Cryptographic Service Provider");
- InputStream inputStream = null;
-
- try {
- inputStream = SignHW.class.getResourceAsStream("/"
- + properties.getProperty(CONF_FILE));
-
- } catch (final Exception e) {
- throw new SAMLEngineException(
- "Error loading CryptographicServiceProvider", e);
- } finally {
- IOUtils.closeQuietly(inputStream);
- }
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.InvalidPropertiesFormatException;
+import java.util.List;
+import java.util.Properties;
+
+import eu.stork.peps.auth.engine.X509PrincipalUtil;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.NotImplementedException;
+import org.bouncycastle.jce.X509Principal;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityConfiguration;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
+import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
+import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.signature.Signer;
+import org.opensaml.xml.validation.ValidationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.SAMLEngineException;
+
+/**
+ * The Class HWSign. Module of sign.
+ *
+ * @author fjquevedo
+ */
+public final class SignHW implements SAMLEngineSignI {
+
+ /** The Constant CONFIGURATION_FILE. */
+ private static final String CONF_FILE = "configurationFile";
+
+ /** The Constant KEYSTORE_TYPE.
+ private static final String KEYSTORE_TYPE = "keystoreType" */
+
+ /** The logger. */
+ private static final Logger LOG = LoggerFactory.getLogger(SignHW.class
+ .getName());
+
+ /** The stork own key store. */
+ private KeyStore storkOwnKeyStore = null;
+
+ /**
+ * Gets the stork own key store.
+ *
+ * @return the stork own key store
+ */
+ public KeyStore getStorkOwnKeyStore() {
+ return storkOwnKeyStore;
+ }
+
+ /**
+ * Gets the stork trustStore.
+ *
+ * @return the stork own key store
+ */
+ public KeyStore getTrustStore() {
+ return storkOwnKeyStore;
+ }
+
+ /**
+ * Sets the stork own key store.
+ *
+ * @param newkOwnKeyStore the new stork own key store
+ */
+ public void setStorkOwnKeyStore(final KeyStore newkOwnKeyStore) {
+ this.storkOwnKeyStore = newkOwnKeyStore;
+ }
+
+ /**
+ * Gets the properties.
+ *
+ * @return the properties
+ */
+ public Properties getProperties() {
+ return properties;
+ }
+
+ /**
+ * Sets the properties.
+ *
+ * @param newProperties the new properties
+ */
+ public void setProperties(final Properties newProperties) {
+ this.properties = newProperties;
+ }
+
+ /** The HW sign prop. */
+ private Properties properties = null;
+
+ /**
+ * @see
+ * eu.stork.peps.auth.engine.core.SAMLEngineSignI#init(java.lang.String)
+ * @param fileConf file of configuration
+ * @throws SAMLEngineException error in read file
+ */
+ public void init(final String fileConf)
+ throws SAMLEngineException {
+ InputStream inputStr = null;
+ try {
+ inputStr = SignHW.class.getResourceAsStream("/"
+ + fileConf);
+ properties = new Properties();
+
+ properties.loadFromXML(inputStr);
+ } catch (final InvalidPropertiesFormatException e) {
+ LOG.info("Exception: invalid properties format.");
+ throw new SAMLEngineException(e);
+ } catch (IOException e) {
+ LOG.info("Exception: invalid file: " + fileConf);
+ throw new SAMLEngineException(e);
+ } finally {
+ IOUtils.closeQuietly(inputStr);
+ }
+ }
+
+
+ /**
+ * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#getCertificate()
+ * @return the X509Certificate.
+ */
+ public X509Certificate getCertificate() {
+ throw new NotImplementedException();
+ }
+
+ /**
+ * @see
+ * eu.stork.peps.auth.engine.core.SAMLEngineSignI#sign(SignableSAMLObject tokenSaml)
+ * @param tokenSaml signable SAML Object
+ * @return the SAMLObject signed.
+ * @throws SAMLEngineException error in sign token saml
+ */
+ public SAMLObject sign(final SignableSAMLObject tokenSaml) throws SAMLEngineException {
+
+ try {
+ LOG.info("Star procces of sign");
+ final char[] pin = properties.getProperty("keyPassword")
+ .toCharArray();
+
+ storkOwnKeyStore.load(null, pin);
+
+ final String serialNumber = properties.getProperty("serialNumber");
+ final String issuer = properties.getProperty("issuer");
+
+ String alias = null;
+ String aliasCert;
+ X509Certificate certificate;
+
+ boolean find = false;
+ for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
+ .hasMoreElements() && !find;) {
+ aliasCert = e.nextElement();
+ certificate = (X509Certificate) storkOwnKeyStore
+ .getCertificate(aliasCert);
+ // Verified serial number, issuer
+
+ final String serialNum = certificate.getSerialNumber()
+ .toString(16);
+ X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
+ X509Principal issuerDNConf = new X509Principal(issuer);
+
+ if(serialNum.equalsIgnoreCase(serialNumber)
+ && X509PrincipalUtil.equals(issuerDN, issuerDNConf)){
+ alias = aliasCert;
+ find = true;
+ }
+
+ }
+
+ if (!find) {
+ throw new SAMLEngineException("Certificate cannot be found in keystore ");
+ }
+ certificate = (X509Certificate) storkOwnKeyStore.getCertificate(alias);
+ final PrivateKey privateKey = (PrivateKey) storkOwnKeyStore.getKey(
+ alias, pin);
+
+ LOG.info("Recover BasicX509Credential.");
+ final BasicX509Credential credential = new BasicX509Credential();
+
+ LOG.debug("Load certificate");
+ credential.setEntityCertificate(certificate);
+
+ LOG.debug("Load privateKey");
+ credential.setPrivateKey(privateKey);
+
+ LOG.info("Star procces of sign");
+ final Signature signature = (Signature) org.opensaml.xml.Configuration
+ .getBuilderFactory().getBuilder(
+ Signature.DEFAULT_ELEMENT_NAME).buildObject(
+ Signature.DEFAULT_ELEMENT_NAME);
+
+ LOG.debug("Begin signature with openSaml");
+ signature.setSigningCredential(credential);
+
+ /*signature.setSignatureAlgorithm(
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);*/
+ signature.setSignatureAlgorithm(
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+
+
+
+ final SecurityConfiguration securityConf =
+ org.opensaml.xml.Configuration.getGlobalSecurityConfiguration();
+ final NamedKeyInfoGeneratorManager keyInfoManager = securityConf
+ .getKeyInfoGeneratorManager();
+ final KeyInfoGeneratorManager keyInfoGenManager = keyInfoManager
+ .getDefaultManager();
+ final KeyInfoGeneratorFactory keyInfoGenFac = keyInfoGenManager
+ .getFactory(credential);
+ final KeyInfoGenerator keyInfoGenerator = keyInfoGenFac
+ .newInstance();
+
+ final KeyInfo keyInfo = keyInfoGenerator.generate(credential);
+
+ signature.setKeyInfo(keyInfo);
+
+ LOG.debug("Set Canonicalization Algorithm");
+ signature.setCanonicalizationAlgorithm(
+ SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+
+ //Create a second signature which will be used when signing assertion and response
+ final Signature signature2 = (Signature) Configuration
+ .getBuilderFactory().getBuilder(
+ Signature.DEFAULT_ELEMENT_NAME).buildObject(
+ Signature.DEFAULT_ELEMENT_NAME);
+ final SecurityConfiguration secConfiguration2 = Configuration
+ .getGlobalSecurityConfiguration();
+ final NamedKeyInfoGeneratorManager keyInfoManager2 = secConfiguration2
+ .getKeyInfoGeneratorManager();
+ final KeyInfoGeneratorManager keyInfoGenManager2 = keyInfoManager2
+ .getDefaultManager();
+ final KeyInfoGeneratorFactory keyInfoGenFac2 = keyInfoGenManager2
+ .getFactory(credential);
+ final KeyInfoGenerator keyInfoGenerator2 = keyInfoGenFac2
+ .newInstance();
+
+ KeyInfo keyInfo2 = keyInfoGenerator2.generate(credential);
+ signature2.setSigningCredential(credential);
+ signature2.setSignatureAlgorithm(
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ signature2.setKeyInfo(keyInfo2);
+ signature2.setCanonicalizationAlgorithm(
+ SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+
+
+ LOG.info("Marshall samlToken.");
+ String qn = tokenSaml.getElementQName().toString();
+
+ if (qn.endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
+ {
+ tokenSaml.setSignature(signature);
+ CustomAttributeQueryMarshaller mars = new CustomAttributeQueryMarshaller();
+ mars.marshall(tokenSaml);
+ Signer.signObject(signature);
+ }
+ else if (qn.endsWith(Response.DEFAULT_ELEMENT_LOCAL_NAME) && !qn.contains(LogoutResponse.DEFAULT_ELEMENT_LOCAL_NAME))
+ {
+ Response res = (Response)tokenSaml;
+ List<Assertion> asserts = res.getAssertions();
+ //If multiple assertions we just sign the response and not the assertion
+ if (asserts.size() > 1)
+ {
+ tokenSaml.setSignature(signature);
+ Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+ .marshall(tokenSaml);
+ LOG.info("Sign samlToken.");
+ Signer.signObject(signature);
+ }
+ //If single assertion we sign the assertion and response
+ else
+ {
+ Assertion assertion = (Assertion)asserts.get(0);
+ assertion.setSignature(signature);
+ tokenSaml.setSignature(signature2);
+ Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+ .marshall(tokenSaml);
+ LOG.info("Sign samlToken.");
+ Signer.signObject(signature);
+ Signer.signObject(signature2);
+ }
+ }
+ //Normally we just sign the total saml response
+ else
+ {
+ tokenSaml.setSignature(signature);
+ Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+ .marshall(tokenSaml);
+ LOG.info("Sign samlToken.");
+ Signer.signObject(signature);
+ }
+
+ } catch (final MarshallingException e) {
+ LOG.error("MarshallingException");
+ throw new SAMLEngineException(e);
+ } catch (final NoSuchAlgorithmException e) {
+ LOG.error("A 'xmldsig#rsa-sha1' cryptographic algorithm is requested but is not available in the environment.");
+ throw new SAMLEngineException(e);
+ } catch (final KeyStoreException e) {
+ LOG.error("Generic KeyStore exception.");
+ throw new SAMLEngineException(e);
+ } catch (final SignatureException e) {
+ LOG.error("Signature exception.");
+ throw new SAMLEngineException(e);
+ } catch (final SecurityException e) {
+ LOG.error("Security exception.");
+ throw new SAMLEngineException(e);
+ } catch (final CertificateException e) {
+ LOG.error("Certificate exception.");
+ throw new SAMLEngineException(e);
+ } catch (final IOException e) {
+ LOG.error("IO exception.");
+ throw new SAMLEngineException(e);
+ } catch (final UnrecoverableKeyException e) {
+ LOG.error("UnrecoverableKeyException exception.");
+ throw new SAMLEngineException(e);
+ }
+
+ return tokenSaml;
+ }
+
+ /**
+ * @see
+ * eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(SignableSAMLObject)
+ * @param tokenSaml the token saml
+ * @return the SAMLObject validated.
+ * @throws SAMLEngineException exception in validate signature
+ */
+ public SAMLObject validateSignature(final SignableSAMLObject tokenSaml)
+ throws SAMLEngineException {
+ LOG.info("Start signature validation.");
+ try {
+
+ // Validate structure signature
+ final SAMLSignatureProfileValidator signProfValidator =
+ new SAMLSignatureProfileValidator();
+
+ // Indicates signature id conform to SAML Signature profile
+ signProfValidator.validate(tokenSaml.getSignature());
+
+ String aliasCert;
+ X509Certificate certificate;
+
+ final List<Credential> trustedCred = new ArrayList<Credential>();
+
+ for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
+ .hasMoreElements();) {
+ aliasCert = e.nextElement();
+ final BasicX509Credential credential = new BasicX509Credential();
+ certificate = (X509Certificate) storkOwnKeyStore
+ .getCertificate(aliasCert);
+ credential.setEntityCertificate(certificate);
+ trustedCred.add(credential);
+ }
+
+ final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
+ final List<X509Certificate> listCertificates = KeyInfoHelper
+ .getCertificates(keyInfo);
+
+ if (listCertificates.size() != 1) {
+ throw new SAMLEngineException("Only must be one certificate");
+ }
+
+ // Exist only one certificate
+ final BasicX509Credential entityX509Cred = new BasicX509Credential();
+ entityX509Cred.setEntityCertificate(listCertificates.get(0));
+
+ final ExplicitKeyTrustEvaluator keyTrustEvaluator =
+ new ExplicitKeyTrustEvaluator();
+ if (!keyTrustEvaluator.validate(entityX509Cred, trustedCred)) {
+ throw new SAMLEngineException("Certificate it is not trusted.");
+ }
+
+ final SignatureValidator sigValidator = new SignatureValidator(
+ entityX509Cred);
+
+ sigValidator.validate(tokenSaml.getSignature());
+
+ } catch (final ValidationException e) {
+ LOG.error("ValidationException.", e);
+ throw new SAMLEngineException(e);
+ } catch (final KeyStoreException e) {
+ LOG.error("ValidationException.", e);
+ throw new SAMLEngineException(e);
+ } catch (final CertificateException e) {
+ LOG.error("CertificateException.", e);
+ throw new SAMLEngineException(e);
+ }
+ return tokenSaml;
+ }
+
+ /**
+ * load cryptographic service provider.
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ * Note this class was using pkcs11Provider
+ * final Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(inputStream)
+ * if (Security.getProperty(pkcs11Provider.getName()) == null) {
+ * Security.insertProviderAt(pkcs11Provider, Security .getProviders().length)
+ * }
+ * storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE))
+ */
+ public void loadCryptServiceProvider() throws SAMLEngineException {
+ LOG.info("Load Cryptographic Service Provider");
+ InputStream inputStream = null;
+
+ try {
+ inputStream = SignHW.class.getResourceAsStream("/"
+ + properties.getProperty(CONF_FILE));
+
+ } catch (final Exception e) {
+ throw new SAMLEngineException(
+ "Error loading CryptographicServiceProvider", e);
+ } finally {
+ IOUtils.closeQuietly(inputStream);
+ }
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignModuleFactory.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignModuleFactory.java
index 2adefddbd..c37074eab 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignModuleFactory.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignModuleFactory.java
@@ -1,64 +1,64 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-
-/**
- * The Class ModuleSignFactory.
- *
- * @author fjquevedo
- *
- */
-
-public final class SignModuleFactory {
-
- /** The Constant LOG. */
- private static final Logger LOG = LoggerFactory
- .getLogger(SignModuleFactory.class.getName());
-
- /**
- * Instantiates a new module sign factory.
- */
- private SignModuleFactory() {
-
- }
-
- /**
- * Gets the single instance of SignModuleFactory.
- *
- * @param className the class name
- *
- * @return single instance of SignModuleFactory
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static SAMLEngineSignI getInstance(final String className)
- throws STORKSAMLEngineException {
- LOG.info("[START]SignModuleFactory static");
- try {
- final Class cls = Class.forName(className);
- return (SAMLEngineSignI) cls.newInstance();
- } catch (Exception e) {
- throw new STORKSAMLEngineException(e);
- }
-
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+/**
+ * The Class ModuleSignFactory.
+ *
+ * @author fjquevedo
+ *
+ */
+
+public final class SignModuleFactory {
+
+ /** The Constant LOG. */
+ private static final Logger LOG = LoggerFactory
+ .getLogger(SignModuleFactory.class.getName());
+
+ /**
+ * Instantiates a new module sign factory.
+ */
+ private SignModuleFactory() {
+
+ }
+
+ /**
+ * Gets the single instance of SignModuleFactory.
+ *
+ * @param className the class name
+ *
+ * @return single instance of SignModuleFactory
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public static SAMLEngineSignI getInstance(final String className)
+ throws STORKSAMLEngineException {
+ LOG.info("[START]SignModuleFactory static");
+ try {
+ final Class cls = Class.forName(className);
+ return (SAMLEngineSignI) cls.newInstance();
+ } catch (Exception e) {
+ throw new STORKSAMLEngineException(e);
+ }
+
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
index 50ad9936d..6d9ac9ce3 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
@@ -1,556 +1,565 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.Security;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.InvalidPropertiesFormatException;
-import java.util.List;
-import java.util.Properties;
-
-import eu.stork.peps.auth.engine.X509PrincipalUtil;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.NotImplementedException;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityConfiguration;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
-import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
-import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
-import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.SignatureValidator;
-import org.opensaml.xml.signature.Signer;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.validation.ValidationException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.exceptions.SAMLEngineException;
-
-/**
- * The Class SWSign. Class responsible for signing and validating of messages
- * SAML with a certificate store software.
- *
- * @author fjquevedo
- */
-public final class SignP12 implements SAMLEngineSignI {
-
- /** The logger. */
- private static final Logger LOG = LoggerFactory.getLogger(SignP12.class
- .getName());
-
-
- /** The p12 store. */
- private KeyStore p12Store = null;
-
-
- /** The trust store. */
- private KeyStore trustStore = null;
-
-
- /**
- * Gets the trust store.
- *
- * @return the trust store
- */
- public KeyStore getTrustStore() {
- return trustStore;
- }
-
- /**
- * Sets the trust store.
- *
- * @param newTrustStore the new trust store
- */
- public void setTrustStore(final KeyStore newTrustStore) {
- this.trustStore = newTrustStore;
- }
-
- /**
- * The instance.
- *
- * @return the properties
- */
-
- public Properties getProperties() {
- return properties;
- }
-
-
-
- /**
- * Gets the p12 store.
- *
- * @return the p12 store
- */
- public KeyStore getP12Store() {
- return p12Store;
- }
-
-
-
- /**
- * Sets the p12 store.
- *
- * @param newP12Store the new p12 store
- */
- public void setP12Store(final KeyStore newP12Store) {
- this.p12Store = newP12Store;
- }
-
-
-
- /**
- * Sets the properties.
- *
- * @param newProperties the new properties
- */
- public void setProperties(final Properties newProperties) {
- this.properties = newProperties;
- }
-
- /** The SW sign prop. */
- private Properties properties = null;
-
-
- /**
- * Initialize the file configuration.
- *
- * @param fileConf name of the file configuration
- *
- * @throws SAMLEngineException error at the load from file configuration
- */
- public void init(final String fileConf) throws SAMLEngineException {
- InputStream fileProperties = null;
- properties = new Properties();
- try {
- try {
- LOG.debug("Fichero a cargar " + fileConf);
- fileProperties = new FileInputStream(fileConf);
- properties.loadFromXML(fileProperties);
- } catch (Exception e) {
- LOG.error("Fallo al cargar el recurso externo. Se reintenta como fichero interno.");
- fileProperties = SignP12.class.getResourceAsStream("/" + fileConf);
- if (fileProperties == null) {
- fileProperties = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileConf);
- if (fileProperties == null) {
- Enumeration<URL> files = ClassLoader.getSystemClassLoader().getResources(fileConf);
- if (files != null && files.hasMoreElements()) {
- LOG.info("Se han encontrado recurso/s. Se toma el primero.");
- fileProperties = ClassLoader.getSystemClassLoader().getResourceAsStream(files.nextElement().getFile());
- } else {
- throw new IOException("No se pudo recuperar el fichero: " + fileConf, e);
- }
- }
- }
- LOG.debug("Recuperados " + fileProperties.available() + " bytes");
- properties.loadFromXML(fileProperties);
- }
- } catch (InvalidPropertiesFormatException e) {
- LOG.info("Exception: invalid properties format.");
- throw new SAMLEngineException(e);
- } catch (IOException e) {
- LOG.info("Exception: invalid file: " + fileConf);
- throw new SAMLEngineException(e);
- } finally {
- IOUtils.closeQuietly(fileProperties);
- }
- }
-
- /**
- * Gets the certificate.
- *
- * @return the X509Certificate
- *
- */
- public X509Certificate getCertificate() {
- throw new NotImplementedException();
- }
-
- /**
- * Sign the token SAML.
- *
- * @param tokenSaml token SAML
- *
- * @return the X509Certificate signed.
- *
- * @throws SAMLEngineException error at sign SAML token
- *
- */
- public SAMLObject sign(final SignableSAMLObject tokenSaml)
- throws SAMLEngineException {
- LOG.info("Start Sign process");
- try {
-
- final String serialNumber = properties.getProperty("serialNumber");
- final String issuer = properties.getProperty("issuer");
-
- String alias = null;
- String aliasCert;
- X509Certificate certificate;
-
- boolean find = false;
- for (final Enumeration<String> e = p12Store.aliases(); e
- .hasMoreElements() && !find;) {
- aliasCert = e.nextElement();
- certificate = (X509Certificate) p12Store
- .getCertificate(aliasCert);
-
- final String serialNum = certificate.getSerialNumber()
- .toString(16);
-
- X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
- X509Principal issuerDNConf = new X509Principal(issuer);
-
- if(serialNum.equalsIgnoreCase(serialNumber)
- && X509PrincipalUtil.equals(issuerDN, issuerDNConf)){
- alias = aliasCert;
- find = true;
- }
-
- }
-
- certificate = (X509Certificate) p12Store
- .getCertificate(alias);
- final PrivateKey privateKey = (PrivateKey) p12Store.getKey(
- alias, properties.getProperty("keyPassword").toCharArray());
-
- LOG.info("Recover BasicX509Credential.");
- final BasicX509Credential credential = new BasicX509Credential();
-
- LOG.debug("Load certificate");
- credential.setEntityCertificate(certificate);
-
- LOG.debug("Load privateKey");
- credential.setPrivateKey(privateKey);
-
- LOG.debug("Begin signature with openSaml");
- final Signature signature = (Signature) Configuration
- .getBuilderFactory().getBuilder(
- Signature.DEFAULT_ELEMENT_NAME).buildObject(
- Signature.DEFAULT_ELEMENT_NAME);
-
- signature.setSigningCredential(credential);
-
- /*signature.setSignatureAlgorithm(
- SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);*/
- signature.setSignatureAlgorithm(
- SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
- final SecurityConfiguration secConfiguration = Configuration
- .getGlobalSecurityConfiguration();
- final NamedKeyInfoGeneratorManager keyInfoManager = secConfiguration
- .getKeyInfoGeneratorManager();
- final KeyInfoGeneratorManager keyInfoGenManager = keyInfoManager
- .getDefaultManager();
- final KeyInfoGeneratorFactory keyInfoGenFac = keyInfoGenManager
- .getFactory(credential);
- final KeyInfoGenerator keyInfoGenerator = keyInfoGenFac
- .newInstance();
-
- final KeyInfo keyInfo = keyInfoGenerator.generate(credential);
-
- signature.setKeyInfo(keyInfo);
- signature.setCanonicalizationAlgorithm(
- SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
-
- //Create a second signature which will be used when signing assertion and response
- final Signature signature2 = (Signature) Configuration
- .getBuilderFactory().getBuilder(
- Signature.DEFAULT_ELEMENT_NAME).buildObject(
- Signature.DEFAULT_ELEMENT_NAME);
- final SecurityConfiguration secConfiguration2 = Configuration
- .getGlobalSecurityConfiguration();
- final NamedKeyInfoGeneratorManager keyInfoManager2 = secConfiguration2
- .getKeyInfoGeneratorManager();
- final KeyInfoGeneratorManager keyInfoGenManager2 = keyInfoManager2
- .getDefaultManager();
- final KeyInfoGeneratorFactory keyInfoGenFac2 = keyInfoGenManager2
- .getFactory(credential);
- final KeyInfoGenerator keyInfoGenerator2 = keyInfoGenFac2
- .newInstance();
-
- KeyInfo keyInfo2 = keyInfoGenerator2.generate(credential);
- signature2.setSigningCredential(credential);
- signature2.setSignatureAlgorithm(
- SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
- signature2.setKeyInfo(keyInfo2);
- signature2.setCanonicalizationAlgorithm(
- SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
-
-
- LOG.info("Marshall samlToken.");
- String qn = tokenSaml.getElementQName().toString();
-
- if (qn.endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
- {
- tokenSaml.setSignature(signature);
- CustomAttributeQueryMarshaller mars = new CustomAttributeQueryMarshaller();
- mars.marshall(tokenSaml);
- Signer.signObject(signature);
- }
- else if (qn.endsWith(Response.DEFAULT_ELEMENT_LOCAL_NAME) && !qn.contains(LogoutResponse.DEFAULT_ELEMENT_LOCAL_NAME))
- {
- Response res = (Response)tokenSaml;
- List<Assertion> asserts = res.getAssertions();
- //If multiple assertions we just sign the response and not the assertion
- if (asserts.size() > 1)
- {
- tokenSaml.setSignature(signature);
- Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
- .marshall(tokenSaml);
- LOG.info("Sign samlToken.");
- Signer.signObject(signature);
- }
- //If single assertion we sign the assertion and response
- else
- {
- Assertion assertion = (Assertion)asserts.get(0);
- assertion.setSignature(signature);
- tokenSaml.setSignature(signature2);
- Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
- .marshall(tokenSaml);
- LOG.info("Sign samlToken.");
- Signer.signObject(signature);
- Signer.signObject(signature2);
- }
- }
- //Normally we just sign the total saml response
- else
- {
- tokenSaml.setSignature(signature);
- Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
- .marshall(tokenSaml);
- LOG.info("Sign samlToken.");
- Signer.signObject(signature);
- }
-
- } catch (MarshallingException e) {
- LOG.error("MarshallingException");
- throw new SAMLEngineException(e);
- } catch (NoSuchAlgorithmException e) {
- LOG.error("A 'xmldsig#rsa-sha1' cryptographic algorithm is requested but is not available in the environment.");
- throw new SAMLEngineException(e);
- } catch (KeyStoreException e) {
- LOG.error("Generic KeyStore exception.");
- throw new SAMLEngineException(e);
- } catch (SignatureException e) {
- LOG.error("Signature exception.");
- throw new SAMLEngineException(e);
- } catch (SecurityException e) {
- LOG.error("Security exception.");
- throw new SAMLEngineException(e);
- } catch (UnrecoverableKeyException e) {
- LOG.error("UnrecoverableKey exception.");
- throw new SAMLEngineException(e);
- }
-
- return tokenSaml;
- }
-
- /**
- * Validate signature.
- *
- * @param tokenSaml token SAML
- *
- * @return the SAMLObject validated.
- *
- * @throws SAMLEngineException error validate signature
- *
- */
- public SAMLObject validateSignature(final SignableSAMLObject tokenSaml)
- throws SAMLEngineException {
- LOG.info("Start signature validation.");
- try {
-
- // Validate structure signature
- final SAMLSignatureProfileValidator sigProfValidator =
- new SAMLSignatureProfileValidator();
- try {
- // Indicates signature id conform to SAML Signature profile
- sigProfValidator.validate(tokenSaml.getSignature());
- } catch (ValidationException e) {
- LOG.error("ValidationException: signature isn't conform to SAML Signature profile.");
- throw new SAMLEngineException(e);
- }
-
- String aliasCert = null;
- X509Certificate certificate;
-
- /*final List<Credential> trustCred = new ArrayList<Credential>();
-
- for (final Enumeration<String> e = trustStore.aliases(); e
- .hasMoreElements();) {
- aliasCert = e.nextElement();
- final BasicX509Credential credential = new BasicX509Credential();
- certificate = (X509Certificate) trustStore
- .getCertificate(aliasCert);
- credential.setEntityCertificate(certificate);
- trustCred.add(credential);
- }*/
-
- final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
-
- final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
- .getX509Datas().get(0).getX509Certificates().get(0);
-
- final CertificateFactory certFact = CertificateFactory
- .getInstance("X.509");
- final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
- .decode(xmlCert.getValue()));
- final X509Certificate cert = (X509Certificate) certFact
- .generateCertificate(bis);
-
- // Exist only one certificate
- final BasicX509Credential entityX509Cred = new BasicX509Credential();
- entityX509Cred.setEntityCertificate(cert);
-
- boolean trusted = false;
-
- for (final Enumeration<String> e = trustStore.aliases(); e.hasMoreElements();)
- {
- aliasCert = e.nextElement();
- certificate = (X509Certificate) trustStore.getCertificate(aliasCert);
- try {
- cert.verify(certificate.getPublicKey());
- trusted = true;
- break;
- }
- catch (Exception ex) {
- //Do nothing - cert not trusted yet
- }
- }
-
- if (!trusted)
- throw new SAMLEngineException("Certificate is not trusted.");
-
- /*
- // Validate trust certificates
- final ExplicitKeyTrustEvaluator keyTrustEvaluator =
- new ExplicitKeyTrustEvaluator();
- if (!keyTrustEvaluator.validate(entityX509Cred, trustCred)) {
- throw new SAMLEngineException("Certificate it is not trusted.");
- }*/
-
- // Validate signature
- final SignatureValidator sigValidator = new SignatureValidator(
- entityX509Cred);
- sigValidator.validate(tokenSaml.getSignature());
-
- } catch (ValidationException e) {
- LOG.error("ValidationException.");
- throw new SAMLEngineException(e);
- } catch (KeyStoreException e) {
- LOG.error("KeyStoreException.", e);
- throw new SAMLEngineException(e);
- } catch (GeneralSecurityException e) {
- LOG.error("GeneralSecurityException.", e);
- throw new SAMLEngineException(e);
- }
- return tokenSaml;
- }
-
-
- /**
- * Load cryptographic service provider.
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- public void loadCryptServiceProvider() throws SAMLEngineException {
- LOG.info("Load Cryptographic Service Provider");
-
- FileInputStream fis = null;
- FileInputStream fisTrustStore = null;
-
- try {
- // Dynamically register Bouncy Castle provider.
- boolean found = false;
- // Check if BouncyCastle is already registered as a provider
- final Provider[] providers = Security.getProviders();
- for (int i = 0; i < providers.length; i++) {
- if (providers[i].getName().equals(
- BouncyCastleProvider.PROVIDER_NAME)) {
- found = true;
- }
- }
-
- // Register only if the provider has not been previously registered
- if (!found) {
- LOG.debug("SAMLCore: Register Bouncy Castle provider.");
- Security.insertProviderAt(new BouncyCastleProvider(), Security
- .getProviders().length);
- }
-
- p12Store = KeyStore.getInstance(properties
- .getProperty("keystoreType"));
-
- fis = new FileInputStream(properties
- .getProperty("keystorePath"));
-
- p12Store.load(fis, properties.getProperty(
- "keyStorePassword").toCharArray());
-
-
- trustStore = KeyStore.getInstance(properties
- .getProperty("trustStoreType"));
-
- fisTrustStore = new FileInputStream(properties
- .getProperty("trustStorePath"));
- trustStore.load(fisTrustStore, properties.getProperty(
- "trustStorePassword").toCharArray());
-
- } catch (Exception e) {
- throw new SAMLEngineException(
- "Error loading CryptographicServiceProvider", e);
- } finally {
- IOUtils.closeQuietly(fis);
- IOUtils.closeQuietly(fisTrustStore);
- }
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.InvalidPropertiesFormatException;
+import java.util.List;
+import java.util.Properties;
+
+import eu.stork.peps.auth.engine.X509PrincipalUtil;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.NotImplementedException;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityConfiguration;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
+import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.signature.Signer;
+import org.opensaml.xml.util.Base64;
+import org.opensaml.xml.validation.ValidationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.SAMLEngineException;
+
+/**
+ * The Class SWSign. Class responsible for signing and validating of messages
+ * SAML with a certificate store software.
+ *
+ * @author fjquevedo
+ */
+public final class SignP12 implements SAMLEngineSignI {
+
+ /** The logger. */
+ private static final Logger LOG = LoggerFactory.getLogger(SignP12.class
+ .getName());
+
+
+ /** The p12 store. */
+ private KeyStore p12Store = null;
+
+
+ /** The trust store. */
+ private KeyStore trustStore = null;
+
+
+ /**
+ * Gets the trust store.
+ *
+ * @return the trust store
+ */
+ @Override
+ public KeyStore getTrustStore() {
+ return trustStore;
+ }
+
+ /**
+ * Sets the trust store.
+ *
+ * @param newTrustStore the new trust store
+ */
+ public void setTrustStore(final KeyStore newTrustStore) {
+ this.trustStore = newTrustStore;
+ }
+
+ /**
+ * The instance.
+ *
+ * @return the properties
+ */
+
+ public Properties getProperties() {
+ return properties;
+ }
+
+
+
+ /**
+ * Gets the p12 store.
+ *
+ * @return the p12 store
+ */
+ public KeyStore getP12Store() {
+ return p12Store;
+ }
+
+
+
+ /**
+ * Sets the p12 store.
+ *
+ * @param newP12Store the new p12 store
+ */
+ public void setP12Store(final KeyStore newP12Store) {
+ this.p12Store = newP12Store;
+ }
+
+
+
+ /**
+ * Sets the properties.
+ *
+ * @param newProperties the new properties
+ */
+ public void setProperties(final Properties newProperties) {
+ this.properties = newProperties;
+ }
+
+ /** The SW sign prop. */
+ private Properties properties = null;
+
+
+ /**
+ * Initialize the file configuration.
+ *
+ * @param fileConf name of the file configuration
+ *
+ * @throws SAMLEngineException error at the load from file configuration
+ */
+ @Override
+ public void init(final String fileConf) throws SAMLEngineException {
+ InputStream fileProperties = null;
+ properties = new Properties();
+ try {
+ try {
+ LOG.debug("Fichero a cargar " + fileConf);
+ fileProperties = new FileInputStream(fileConf);
+ properties.loadFromXML(fileProperties);
+ } catch (Exception e) {
+ LOG.error("Fallo al cargar el recurso externo. Se reintenta como fichero interno.");
+ fileProperties = SignP12.class.getResourceAsStream("/" + fileConf);
+ if (fileProperties == null) {
+ fileProperties = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileConf);
+ if (fileProperties == null) {
+ Enumeration<URL> files = ClassLoader.getSystemClassLoader().getResources(fileConf);
+ if (files != null && files.hasMoreElements()) {
+ LOG.info("Se han encontrado recurso/s. Se toma el primero.");
+ fileProperties = ClassLoader.getSystemClassLoader().getResourceAsStream(files.nextElement().getFile());
+ } else {
+ throw new IOException("No se pudo recuperar el fichero: " + fileConf, e);
+ }
+ }
+ }
+ LOG.debug("Recuperados " + fileProperties.available() + " bytes");
+ properties.loadFromXML(fileProperties);
+ }
+ } catch (InvalidPropertiesFormatException e) {
+ LOG.info("Exception: invalid properties format.");
+ throw new SAMLEngineException(e);
+ } catch (IOException e) {
+ LOG.info("Exception: invalid file: " + fileConf);
+ throw new SAMLEngineException(e);
+ } finally {
+ IOUtils.closeQuietly(fileProperties);
+ }
+ }
+
+ /**
+ * Gets the certificate.
+ *
+ * @return the X509Certificate
+ *
+ */
+ @Override
+ public X509Certificate getCertificate() {
+ throw new NotImplementedException();
+ }
+
+ /**
+ * Sign the token SAML.
+ *
+ * @param tokenSaml token SAML
+ *
+ * @return the X509Certificate signed.
+ *
+ * @throws SAMLEngineException error at sign SAML token
+ *
+ */
+ @Override
+ public SAMLObject sign(final SignableSAMLObject tokenSaml)
+ throws SAMLEngineException {
+ LOG.info("Start Sign process");
+ try {
+
+ final String serialNumber = properties.getProperty("serialNumber");
+ final String issuer = properties.getProperty("issuer");
+
+ String alias = null;
+ String aliasCert;
+ X509Certificate certificate;
+
+ boolean find = false;
+ for (final Enumeration<String> e = p12Store.aliases(); e
+ .hasMoreElements() && !find;) {
+ aliasCert = e.nextElement();
+ certificate = (X509Certificate) p12Store
+ .getCertificate(aliasCert);
+
+ final String serialNum = certificate.getSerialNumber()
+ .toString(16);
+
+ X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
+ X509Principal issuerDNConf = new X509Principal(issuer);
+
+ if(serialNum.equalsIgnoreCase(serialNumber)
+ && X509PrincipalUtil.equals(issuerDN, issuerDNConf)){
+ alias = aliasCert;
+ find = true;
+ }
+
+ }
+
+ certificate = (X509Certificate) p12Store
+ .getCertificate(alias);
+ final PrivateKey privateKey = (PrivateKey) p12Store.getKey(
+ alias, properties.getProperty("keyPassword").toCharArray());
+
+ LOG.info("Recover BasicX509Credential.");
+ final BasicX509Credential credential = new BasicX509Credential();
+
+ LOG.debug("Load certificate");
+ credential.setEntityCertificate(certificate);
+
+ LOG.debug("Load privateKey");
+ credential.setPrivateKey(privateKey);
+
+ LOG.debug("Begin signature with openSaml");
+ final Signature signature = (Signature) org.opensaml.xml.Configuration
+ .getBuilderFactory().getBuilder(
+ Signature.DEFAULT_ELEMENT_NAME).buildObject(
+ Signature.DEFAULT_ELEMENT_NAME);
+
+ signature.setSigningCredential(credential);
+
+ /*signature.setSignatureAlgorithm(
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);*/
+ signature.setSignatureAlgorithm(
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+
+ final SecurityConfiguration secConfiguration = org.opensaml.xml.Configuration
+ .getGlobalSecurityConfiguration();
+ final NamedKeyInfoGeneratorManager keyInfoManager = secConfiguration
+ .getKeyInfoGeneratorManager();
+ final KeyInfoGeneratorManager keyInfoGenManager = keyInfoManager
+ .getDefaultManager();
+ final KeyInfoGeneratorFactory keyInfoGenFac = keyInfoGenManager
+ .getFactory(credential);
+ final KeyInfoGenerator keyInfoGenerator = keyInfoGenFac
+ .newInstance();
+
+ final KeyInfo keyInfo = keyInfoGenerator.generate(credential);
+
+ signature.setKeyInfo(keyInfo);
+ signature.setCanonicalizationAlgorithm(
+ SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+
+ //Create a second signature which will be used when signing assertion and response
+ final Signature signature2 = (Signature) org.opensaml.xml.Configuration
+ .getBuilderFactory().getBuilder(
+ Signature.DEFAULT_ELEMENT_NAME).buildObject(
+ Signature.DEFAULT_ELEMENT_NAME);
+ final SecurityConfiguration secConfiguration2 = org.opensaml.xml.Configuration
+ .getGlobalSecurityConfiguration();
+ final NamedKeyInfoGeneratorManager keyInfoManager2 = secConfiguration2
+ .getKeyInfoGeneratorManager();
+ final KeyInfoGeneratorManager keyInfoGenManager2 = keyInfoManager2
+ .getDefaultManager();
+ final KeyInfoGeneratorFactory keyInfoGenFac2 = keyInfoGenManager2
+ .getFactory(credential);
+ final KeyInfoGenerator keyInfoGenerator2 = keyInfoGenFac2
+ .newInstance();
+
+ KeyInfo keyInfo2 = keyInfoGenerator2.generate(credential);
+ signature2.setSigningCredential(credential);
+ signature2.setSignatureAlgorithm(
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ signature2.setKeyInfo(keyInfo2);
+ signature2.setCanonicalizationAlgorithm(
+ SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+
+
+ LOG.info("Marshall samlToken.");
+ String qn = tokenSaml.getElementQName().toString();
+
+ if (qn.endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
+ {
+ tokenSaml.setSignature(signature);
+ CustomAttributeQueryMarshaller mars = new CustomAttributeQueryMarshaller();
+ mars.marshall(tokenSaml);
+ Signer.signObject(signature);
+ }
+ else if (qn.endsWith(Response.DEFAULT_ELEMENT_LOCAL_NAME) && !qn.contains(LogoutResponse.DEFAULT_ELEMENT_LOCAL_NAME))
+ {
+ Response res = (Response)tokenSaml;
+ List<Assertion> asserts = res.getAssertions();
+ //If multiple assertions we just sign the response and not the assertion
+ if (asserts.size() > 1)
+ {
+ tokenSaml.setSignature(signature);
+ org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+ .marshall(tokenSaml);
+ LOG.info("Sign samlToken.");
+ Signer.signObject(signature);
+ }
+ //If single assertion we sign the assertion and response
+ else
+ {
+ Assertion assertion = asserts.get(0);
+ assertion.setSignature(signature);
+ tokenSaml.setSignature(signature2);
+ org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+ .marshall(tokenSaml);
+ LOG.info("Sign samlToken.");
+ Signer.signObject(signature);
+ Signer.signObject(signature2);
+ }
+ }
+ //Normally we just sign the total saml response
+ else
+ {
+ tokenSaml.setSignature(signature);
+ org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+ .marshall(tokenSaml);
+ LOG.info("Sign samlToken.");
+ Signer.signObject(signature);
+ }
+
+ } catch (MarshallingException e) {
+ LOG.error("MarshallingException");
+ throw new SAMLEngineException(e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("A 'xmldsig#rsa-sha1' cryptographic algorithm is requested but is not available in the environment.");
+ throw new SAMLEngineException(e);
+ } catch (KeyStoreException e) {
+ LOG.error("Generic KeyStore exception.");
+ throw new SAMLEngineException(e);
+ } catch (SignatureException e) {
+ LOG.error("Signature exception.");
+ throw new SAMLEngineException(e);
+ } catch (SecurityException e) {
+ LOG.error("Security exception.");
+ throw new SAMLEngineException(e);
+ } catch (UnrecoverableKeyException e) {
+ LOG.error("UnrecoverableKey exception.");
+ throw new SAMLEngineException(e);
+ }
+
+ return tokenSaml;
+ }
+
+ /**
+ * Validate signature.
+ *
+ * @param tokenSaml token SAML
+ *
+ * @return the SAMLObject validated.
+ *
+ * @throws SAMLEngineException error validate signature
+ *
+ */
+ @Override
+ public SAMLObject validateSignature(final SignableSAMLObject tokenSaml)
+ throws SAMLEngineException {
+ LOG.info("Start signature validation.");
+ try {
+
+ // Validate structure signature
+ final SAMLSignatureProfileValidator sigProfValidator =
+ new SAMLSignatureProfileValidator();
+ try {
+ // Indicates signature id conform to SAML Signature profile
+ sigProfValidator.validate(tokenSaml.getSignature());
+ } catch (ValidationException e) {
+ LOG.error("ValidationException: signature isn't conform to SAML Signature profile.");
+ throw new SAMLEngineException(e);
+ }
+
+ String aliasCert = null;
+ X509Certificate certificate;
+
+ final List<Credential> trustCred = new ArrayList<Credential>();
+
+ for (final Enumeration<String> e = trustStore.aliases(); e
+ .hasMoreElements();)
+ {
+ aliasCert = e.nextElement();
+ final BasicX509Credential credential = new BasicX509Credential();
+ certificate = (X509Certificate) trustStore
+ .getCertificate(aliasCert);
+ credential.setEntityCertificate(certificate);
+ trustCred.add(credential);
+ }
+
+ final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
+
+ final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
+ .getX509Datas().get(0).getX509Certificates().get(0);
+
+ final CertificateFactory certFact = CertificateFactory
+ .getInstance("X.509");
+ final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
+ .decode(xmlCert.getValue()));
+ final X509Certificate cert = (X509Certificate) certFact
+ .generateCertificate(bis);
+
+ // Exist only one certificate
+ final BasicX509Credential entityX509Cred = new BasicX509Credential();
+ entityX509Cred.setEntityCertificate(cert);
+
+ /* A better use of PKI based validation but not wanted for STORK...
+ boolean trusted = false;
+
+ for (final Enumeration<String> e = trustStore.aliases(); e.hasMoreElements();)
+ {
+ aliasCert = e.nextElement();
+ certificate = (X509Certificate) trustStore.getCertificate(aliasCert);
+ try {
+ cert.verify(certificate.getPublicKey());
+ trusted = true;
+ break;
+ }
+ catch (Exception ex) {
+ //Do nothing - cert not trusted yet
+ }
+ }
+
+ if (!trusted)
+ throw new SAMLEngineException("Certificate is not trusted.");*/
+
+ // Validate trust certificates
+ final ExplicitKeyTrustEvaluator keyTrustEvaluator =
+ new ExplicitKeyTrustEvaluator();
+ if (!keyTrustEvaluator.validate(entityX509Cred, trustCred))
+ {
+ throw new SAMLEngineException("Certificate it is not trusted.");
+ }
+
+ // Validate signature
+ final SignatureValidator sigValidator = new SignatureValidator(
+ entityX509Cred);
+ sigValidator.validate(tokenSaml.getSignature());
+
+ } catch (ValidationException e) {
+ LOG.error("ValidationException.");
+ throw new SAMLEngineException(e);
+ } catch (KeyStoreException e) {
+ LOG.error("KeyStoreException.", e);
+ throw new SAMLEngineException(e);
+ } catch (GeneralSecurityException e) {
+ LOG.error("GeneralSecurityException.", e);
+ throw new SAMLEngineException(e);
+ }
+ return tokenSaml;
+ }
+
+
+ /**
+ * Load cryptographic service provider.
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ @Override
+ public void loadCryptServiceProvider() throws SAMLEngineException {
+ LOG.info("Load Cryptographic Service Provider");
+
+ FileInputStream fis = null;
+ FileInputStream fisTrustStore = null;
+
+ try {
+ // Dynamically register Bouncy Castle provider.
+ boolean found = false;
+ // Check if BouncyCastle is already registered as a provider
+ final Provider[] providers = Security.getProviders();
+ for (int i = 0; i < providers.length; i++) {
+ if (providers[i].getName().equals(
+ BouncyCastleProvider.PROVIDER_NAME)) {
+ found = true;
+ }
+ }
+
+ // Register only if the provider has not been previously registered
+ if (!found) {
+ LOG.debug("SAMLCore: Register Bouncy Castle provider.");
+ Security.insertProviderAt(new BouncyCastleProvider(), Security
+ .getProviders().length);
+ }
+
+ p12Store = KeyStore.getInstance(properties
+ .getProperty("keystoreType"));
+
+ fis = new FileInputStream(properties
+ .getProperty("keystorePath"));
+
+ p12Store.load(fis, properties.getProperty(
+ "keyStorePassword").toCharArray());
+
+
+ trustStore = KeyStore.getInstance(properties
+ .getProperty("trustStoreType"));
+
+ fisTrustStore = new FileInputStream(properties
+ .getProperty("trustStorePath"));
+ trustStore.load(fisTrustStore, properties.getProperty(
+ "trustStorePassword").toCharArray());
+
+ } catch (Exception e) {
+ throw new SAMLEngineException(
+ "Error loading CryptographicServiceProvider", e);
+ } finally {
+ IOUtils.closeQuietly(fis);
+ IOUtils.closeQuietly(fisTrustStore);
+ }
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
index 4554a9586..e31688069 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
@@ -1,538 +1,527 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.Security;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.InvalidPropertiesFormatException;
-import java.util.List;
-import java.util.Properties;
-
-import eu.stork.peps.auth.engine.SAMLEngineUtils;
-import eu.stork.peps.auth.engine.X509PrincipalUtil;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.NotImplementedException;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityConfiguration;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
-import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
-import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
-import org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEvaluator;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
-import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.SignatureValidator;
-import org.opensaml.xml.signature.Signer;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.validation.ValidationException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.configuration.ConfigurationReader;
-import eu.stork.peps.exceptions.SAMLEngineException;
-
-
-/**
- * The Class SWSign. Class responsible for signing and validating of messages
- * SAML with a certificate store software.
- *
- * @author fjquevedo
- */
-public class SignSW implements SAMLEngineSignI {
-
- /** The Constant KEYSTORE_TYPE. */
- private static final String KEYSTORE_TYPE = "keystoreType";
-
- /** The Constant KEY_STORE_PASSWORD. */
- private static final String KEY_STORE_PASS = "keyStorePassword";
-
- /** The logger. */
- private static final Logger LOG = LoggerFactory.getLogger(SignSW.class
- .getName());
-
- /** The stork own key store. */
- private KeyStore storkOwnKeyStore = null;
-
- /**
- * The instance.
- *
- * @return the properties
- */
-
- public final Properties getProperties() {
- return properties;
- }
-
- /**
- * Gets the stork own key store.
- *
- * @return the stork own key store
- */
- public final KeyStore getStorkOwnKeyStore() {
- return storkOwnKeyStore;
- }
-
- /**
- * Gets the stork trustStore.
- *
- * @return the stork own key store
- */
- public KeyStore getTrustStore() {
- return storkOwnKeyStore;
- }
-
- /**
- * Sets the stork own key store.
- *
- * @param newkOwnKeyStore the new stork own key store
- */
- public final void setStorkOwnKeyStore(final KeyStore newkOwnKeyStore) {
- this.storkOwnKeyStore = newkOwnKeyStore;
- }
-
- /**
- * Sets the properties.
- *
- * @param newProperties the new properties
- */
- public final void setProperties(final Properties newProperties) {
- this.properties = newProperties;
- }
-
- /** The SW sign prop. */
- private Properties properties = null;
-
-
- /**
- * Inits the file configuration.
- *
- * @param fileConf name of the file configuration
- *
- * @throws SAMLEngineException error at the load from file configuration
- */
- public final void init(final String fileConf)
- throws SAMLEngineException {
- InputStream fileProperties = null;
- try {
- // fetch base from system properties, give a default if there is nothing configured
- String base = System.getProperty("eu.stork.samlengine.config.location");
- if(null != base)
- if(!base.endsWith("/"))
- base += "/";
-
- if(null != base)
- fileProperties = new FileInputStream(base + fileConf);
- else
- fileProperties = SignSW.class.getResourceAsStream("/" + fileConf);
- properties = new Properties();
-
- properties.loadFromXML(fileProperties);
- fileProperties.close();
- } catch (InvalidPropertiesFormatException e) {
- LOG.info("Exception: invalid properties format.");
- throw new SAMLEngineException(e);
- } catch (IOException e) {
- LOG.info("Exception: invalid file: " + fileConf);
- throw new SAMLEngineException(e);
- } finally {
- IOUtils.closeQuietly(fileProperties);
- }
- }
-
- /**
- * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#getCertificate()
- * @return the X509Certificate
- */
- public final X509Certificate getCertificate() {
- throw new NotImplementedException();
- }
-
-
- /**
- * Sign the token SAML.
- *
- * @param tokenSaml the token SAML.
- *
- * @return the SAML object
- *
- * @throws SAMLEngineException the SAML engine exception
- *
- */
- public final SAMLObject sign(final SignableSAMLObject tokenSaml)
- throws SAMLEngineException {
- LOG.info("Start Sign process.");
- try {
- final String serialNumber = properties.getProperty("serialNumber");
- final String issuer = properties.getProperty("issuer");
-
- String alias = null;
- String aliasCert;
- X509Certificate certificate;
- boolean find = false;
-
- for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
- .hasMoreElements() && !find; ) {
- aliasCert = e.nextElement();
- certificate = (X509Certificate) storkOwnKeyStore
- .getCertificate(aliasCert);
-
- final String serialNum = certificate.getSerialNumber()
- .toString(16);
-
- X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
- X509Principal issuerDNConf = new X509Principal(issuer);
-
- if(serialNum.equalsIgnoreCase(serialNumber)
- && X509PrincipalUtil.equals(issuerDN, issuerDNConf)){
- alias = aliasCert;
- find = true;
- }
- }
- if (!find) {
- throw new SAMLEngineException("Certificate cannot be found in keystore ");
- }
- certificate = (X509Certificate) storkOwnKeyStore.getCertificate(alias);
- final PrivateKey privateKey = (PrivateKey) storkOwnKeyStore.getKey(
- alias, properties.getProperty("keyPassword").toCharArray());
-
- LOG.info("Recover BasicX509Credential.");
- final BasicX509Credential credential = new BasicX509Credential();
-
- LOG.debug("Load certificate");
- credential.setEntityCertificate(certificate);
-
- LOG.debug("Load privateKey");
- credential.setPrivateKey(privateKey);
-
- LOG.debug("Begin signature with openSaml");
- final Signature signature = (Signature) Configuration
- .getBuilderFactory().getBuilder(
- Signature.DEFAULT_ELEMENT_NAME).buildObject(
- Signature.DEFAULT_ELEMENT_NAME);
-
- signature.setSigningCredential(credential);
- signature.setSignatureAlgorithm(
- SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-
-
- final SecurityConfiguration secConfiguration = Configuration
- .getGlobalSecurityConfiguration();
- final NamedKeyInfoGeneratorManager keyInfoManager = secConfiguration
- .getKeyInfoGeneratorManager();
- final KeyInfoGeneratorManager keyInfoGenManager = keyInfoManager
- .getDefaultManager();
- final KeyInfoGeneratorFactory keyInfoGenFac = keyInfoGenManager
- .getFactory(credential);
- final KeyInfoGenerator keyInfoGenerator = keyInfoGenFac
- .newInstance();
-
- KeyInfo keyInfo = keyInfoGenerator.generate(credential);
-
- signature.setKeyInfo(keyInfo);
- signature.setCanonicalizationAlgorithm(
- SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
-
- //Create a second signature which will be used when signing assertion and response
- final Signature signature2 = (Signature) Configuration
- .getBuilderFactory().getBuilder(
- Signature.DEFAULT_ELEMENT_NAME).buildObject(
- Signature.DEFAULT_ELEMENT_NAME);
- final SecurityConfiguration secConfiguration2 = Configuration
- .getGlobalSecurityConfiguration();
- final NamedKeyInfoGeneratorManager keyInfoManager2 = secConfiguration2
- .getKeyInfoGeneratorManager();
- final KeyInfoGeneratorManager keyInfoGenManager2 = keyInfoManager2
- .getDefaultManager();
- final KeyInfoGeneratorFactory keyInfoGenFac2 = keyInfoGenManager2
- .getFactory(credential);
- final KeyInfoGenerator keyInfoGenerator2 = keyInfoGenFac2
- .newInstance();
-
- KeyInfo keyInfo2 = keyInfoGenerator2.generate(credential);
- signature2.setSigningCredential(credential);
- signature2.setSignatureAlgorithm(
- SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
- signature2.setKeyInfo(keyInfo2);
- signature2.setCanonicalizationAlgorithm(
- SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
-
-
- LOG.info("Marshall samlToken.");
- String qn = tokenSaml.getElementQName().toString();
-
- if (qn.endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME))
- {
- tokenSaml.setSignature(signature);
- CustomAttributeQueryMarshaller mars = new CustomAttributeQueryMarshaller();
- mars.marshall(tokenSaml);
- Signer.signObject(signature);
- }
- else if (qn.endsWith(Response.DEFAULT_ELEMENT_LOCAL_NAME) && !qn.contains(LogoutResponse.DEFAULT_ELEMENT_LOCAL_NAME))
- {
- Response res = (Response)tokenSaml;
- List<Assertion> asserts = res.getAssertions();
- //If multiple assertions we just sign the response and not the assertion
- if (asserts.size() > 1)
- {
- tokenSaml.setSignature(signature);
- Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
- .marshall(tokenSaml);
- LOG.info("Sign samlToken.");
- Signer.signObject(signature);
- }
- //If single assertion we sign the assertion and response
- else
- {
- Assertion assertion = (Assertion)asserts.get(0);
- assertion.setSignature(signature);
- tokenSaml.setSignature(signature2);
- Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
- .marshall(tokenSaml);
- LOG.info("Sign samlToken.");
- Signer.signObject(signature);
- Signer.signObject(signature2);
- }
- }
- //Normally we just sign the total saml response
- else
- {
- tokenSaml.setSignature(signature);
- Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
- .marshall(tokenSaml);
- LOG.info("Sign samlToken.");
- Signer.signObject(signature);
- }
-
-
- } catch (MarshallingException e) {
- LOG.error("MarshallingException");
- throw new SAMLEngineException(e);
- } catch (NoSuchAlgorithmException e) {
- LOG.error("A 'xmldsig#rsa-sha1' cryptographic algorithm is requested but is not available in the environment.");
- throw new SAMLEngineException(e);
- } catch (KeyStoreException e) {
- LOG.error("Generic KeyStore exception.");
- throw new SAMLEngineException(e);
- } catch (SignatureException e) {
- LOG.error("Signature exception.");
- throw new SAMLEngineException(e);
- } catch (SecurityException e) {
- LOG.error("Security exception.");
- throw new SAMLEngineException(e);
- } catch (UnrecoverableKeyException e) {
- LOG.error("UnrecoverableKey exception.");
- throw new SAMLEngineException(e);
- }
-
- return tokenSaml;
- }
-
- /**
- * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(org.opensaml.common.SignableSAMLObject)
- * @param tokenSaml token SAML
- * @return the SAMLObject validated.
- * @throws SAMLEngineException error validate signature
- */
- public final SAMLObject validateSignature(final SignableSAMLObject tokenSaml)
- throws SAMLEngineException {
- LOG.info("Start signature validation.");
- try {
-
- // Validate structure signature
- final SAMLSignatureProfileValidator sigProfValidator =
- new SAMLSignatureProfileValidator();
- try {
- // Indicates signature id conform to SAML Signature profile
- sigProfValidator.validate(tokenSaml.getSignature());
- } catch (ValidationException e) {
- LOG.error("ValidationException: signature isn't conform to SAML Signature profile.");
- throw new SAMLEngineException(e);
- }
-
- String aliasCert = null;
- X509Certificate certificate;
-
- /*final List<Credential> trustCred = new ArrayList<Credential>();
-
- for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
- .hasMoreElements();) {
- aliasCert = e.nextElement();
- final BasicX509Credential credential = new BasicX509Credential();
- certificate = (X509Certificate) storkOwnKeyStore
- .getCertificate(aliasCert);
- credential.setEntityCertificate(certificate);
- trustCred.add(credential);
- }*/
-
- final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
-
- final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
- .getX509Datas().get(0).getX509Certificates().get(0);
-
- final CertificateFactory certFact = CertificateFactory
- .getInstance("X.509");
- final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
- .decode(xmlCert.getValue()));
- final X509Certificate cert = (X509Certificate) certFact
- .generateCertificate(bis);
-
- // Exist only one certificate
- final BasicX509Credential entityX509Cred = new BasicX509Credential();
- entityX509Cred.setEntityCertificate(cert);
-
- try {
- cert.checkValidity();
- }
- catch (CertificateExpiredException exp) {
- throw new SAMLEngineException("Certificate expired.");
- }
- catch (CertificateNotYetValidException exp) {
- throw new SAMLEngineException("Certificate not yet valid.");
- }
-
- boolean trusted = false;
-
- for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements();)
- {
- aliasCert = e.nextElement();
- certificate = (X509Certificate) storkOwnKeyStore.getCertificate(aliasCert);
- try {
- cert.verify(certificate.getPublicKey());
- trusted = true;
- break;
- }
- catch (Exception ex) {
- //Do nothing - cert not trusted yet
- }
- }
-
- if (!trusted)
- throw new SAMLEngineException("Certificate is not trusted.");
-
- /*
- // Validate trust certificates
- final ExplicitX509CertificateTrustEvaluator chainTrustEvaluator = new ExplicitX509CertificateTrustEvaluator();
-
- if (!chainTrustEvaluator.validate(entityX509Cred, trustCred)) {
- throw new SAMLEngineException("Certificate is not trusted.");
- }
- /*final ExplicitKeyTrustEvaluator keyTrustEvaluator =
- new ExplicitKeyTrustEvaluator();
-
- if (!keyTrustEvaluator.validate(entityX509Cred, trustCred)) {
- throw new SAMLEngineException("Certificate is not trusted.");
- }*/
-
- // Validate signature
- final SignatureValidator sigValidator = new SignatureValidator(
- entityX509Cred);
- sigValidator.validate(tokenSaml.getSignature());
-
- } catch (ValidationException e) {
- LOG.error("ValidationException.");
- throw new SAMLEngineException(e);
- } catch (KeyStoreException e) {
- LOG.error("KeyStoreException.", e);
- throw new SAMLEngineException(e);
- } catch (GeneralSecurityException e) {
- LOG.error("GeneralSecurityException.", e);
- throw new SAMLEngineException(e);
- }
- LOG.info(tokenSaml.getSignatureReferenceID());
- LOG.info("Start signature validation - END." );
- return tokenSaml;
- }
-
-
- /**
- * Load cryptographic service provider.
- *
- * @throws SAMLEngineException the SAML engine exception
- */
- public final void loadCryptServiceProvider() throws SAMLEngineException {
- LOG.info("Load Cryptographic Service Provider");
- FileInputStream fis = null;
- try {
- // Dynamically register Bouncy Castle provider.
- boolean found = false;
- // Check if BouncyCastle is already registered as a provider
- final Provider[] providers = Security.getProviders();
- for (int i = 0; i < providers.length; i++) {
- if (providers[i].getName().equals(
- BouncyCastleProvider.PROVIDER_NAME)) {
- found = true;
- }
- }
-
- // Register only if the provider has not been previously registered
- if (!found) {
- LOG.info("SAMLCore: Register Bouncy Castle provider.");
- Security.insertProviderAt(new BouncyCastleProvider(), Security
- .getProviders().length);
- }
-
- storkOwnKeyStore = KeyStore.getInstance(properties
- .getProperty(KEYSTORE_TYPE));
-
- LOG.info("Loading KeyInfo from keystore file " + properties.getProperty("keystorePath"));
- fis = new FileInputStream(properties
- .getProperty("keystorePath"));
-
- storkOwnKeyStore.load(fis, properties.getProperty(
- KEY_STORE_PASS).toCharArray());
-
- } catch (Exception e) {
- LOG.error("Error loading CryptographicServiceProvider", e);
- throw new SAMLEngineException(
- "Error loading CryptographicServiceProvider", e);
- } finally {
- IOUtils.closeQuietly(fis);
- }
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import eu.stork.peps.auth.engine.X509PrincipalUtil;
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.SAMLEngineException;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.NotImplementedException;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityConfiguration;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
+import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
+import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
+import org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEvaluator;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.signature.*;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.Signer;
+import org.opensaml.xml.util.Base64;
+import org.opensaml.xml.validation.ValidationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.*;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.*;
+
+
+/**
+ * The Class SWSign. Class responsible for signing and validating of messages
+ * SAML with a certificate store software.
+ *
+ * @author fjquevedo
+ */
+public class SignSW implements SAMLEngineSignI {
+
+ /**
+ * The Constant KEYSTORE_TYPE.
+ */
+ private static final String KEYSTORE_TYPE = "keystoreType";
+
+ /**
+ * The Constant KEY_STORE_PASSWORD.
+ */
+ private static final String KEY_STORE_PASS = "keyStorePassword";
+
+ /**
+ * The logger.
+ */
+ private static final Logger LOG = LoggerFactory.getLogger(SignSW.class
+ .getName());
+
+ /**
+ * The stork own key store.
+ */
+ private KeyStore storkOwnKeyStore = null;
+
+ /**
+ * The instance.
+ *
+ * @return the properties
+ */
+
+ public final Properties getProperties() {
+ return properties;
+ }
+
+ /**
+ * Gets the stork own key store.
+ *
+ * @return the stork own key store
+ */
+ public final KeyStore getStorkOwnKeyStore() {
+ return storkOwnKeyStore;
+ }
+
+ /**
+ * Gets the stork trustStore.
+ *
+ * @return the stork own key store
+ */
+ public KeyStore getTrustStore() {
+ return storkOwnKeyStore;
+ }
+
+ /**
+ * Sets the stork own key store.
+ *
+ * @param newkOwnKeyStore the new stork own key store
+ */
+ public final void setStorkOwnKeyStore(final KeyStore newkOwnKeyStore) {
+ this.storkOwnKeyStore = newkOwnKeyStore;
+ }
+
+ /**
+ * Sets the properties.
+ *
+ * @param newProperties the new properties
+ */
+ public final void setProperties(final Properties newProperties) {
+ this.properties = newProperties;
+ }
+
+ /**
+ * The SW sign prop.
+ */
+ private Properties properties = null;
+
+
+ /**
+ * Inits the file configuration.
+ *
+ * @param fileConf name of the file configuration
+ * @throws SAMLEngineException error at the load from file configuration
+ */
+ public final void init(final String fileConf)
+ throws SAMLEngineException {
+ InputStream fileProperties = null;
+ // fetch base from system properties, give a default if there is nothing configured
+ String base = System.getProperty("eu.stork.samlengine.config.location");
+ if (null != base) {
+ if (!base.endsWith("/")) {
+ base += "/";
+ }
+ } else {
+ base = "/";
+ }
+
+ try {
+ if (null != base)
+ fileProperties = new FileInputStream(base + fileConf);
+ else
+ fileProperties = SignSW.class.getResourceAsStream("/"
+ + fileConf);
+ properties = new Properties();
+
+ properties.loadFromXML(fileProperties);
+ fileProperties.close();
+ } catch (InvalidPropertiesFormatException e) {
+ LOG.info("Exception: invalid properties format.");
+ throw new SAMLEngineException(e);
+ } catch (IOException e) {
+ LOG.info("Exception: invalid file: " + fileConf);
+ throw new SAMLEngineException(e);
+ } finally {
+ IOUtils.closeQuietly(fileProperties);
+ }
+ }
+
+ /**
+ * @return the X509Certificate
+ * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#getCertificate()
+ */
+ public final X509Certificate getCertificate() {
+ throw new NotImplementedException();
+ }
+
+
+ /**
+ * Sign the token SAML.
+ *
+ * @param tokenSaml the token SAML.
+ * @return the SAML object
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ public final SAMLObject sign(final SignableSAMLObject tokenSaml)
+ throws SAMLEngineException {
+ LOG.info("Start Sign process.");
+ try {
+ final String serialNumber = properties.getProperty("serialNumber");
+ final String issuer = properties.getProperty("issuer");
+
+ String alias = null;
+ String aliasCert;
+ X509Certificate certificate;
+ boolean find = false;
+
+ for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
+ .hasMoreElements() && !find; ) {
+ aliasCert = e.nextElement();
+ certificate = (X509Certificate) storkOwnKeyStore
+ .getCertificate(aliasCert);
+
+ final String serialNum = certificate.getSerialNumber()
+ .toString(16);
+
+ X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
+ X509Principal issuerDNConf = new X509Principal(issuer);
+
+ if (serialNum.equalsIgnoreCase(serialNumber)
+ && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
+ alias = aliasCert;
+ find = true;
+ }
+ }
+ if (!find) {
+ throw new SAMLEngineException("Certificate cannot be found in keystore ");
+ }
+ certificate = (X509Certificate) storkOwnKeyStore.getCertificate(alias);
+ final PrivateKey privateKey = (PrivateKey) storkOwnKeyStore.getKey(
+ alias, properties.getProperty("keyPassword").toCharArray());
+
+ LOG.info("Recover BasicX509Credential.");
+ final BasicX509Credential credential = new BasicX509Credential();
+
+ LOG.debug("Load certificate");
+ credential.setEntityCertificate(certificate);
+
+ LOG.debug("Load privateKey");
+ credential.setPrivateKey(privateKey);
+
+ LOG.debug("Begin signature with openSaml");
+ final Signature signature = (Signature) Configuration
+ .getBuilderFactory().getBuilder(
+ Signature.DEFAULT_ELEMENT_NAME).buildObject(
+ Signature.DEFAULT_ELEMENT_NAME);
+
+ signature.setSigningCredential(credential);
+ signature.setSignatureAlgorithm(
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ //signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+
+
+ final SecurityConfiguration secConfiguration = Configuration
+ .getGlobalSecurityConfiguration();
+ final NamedKeyInfoGeneratorManager keyInfoManager = secConfiguration
+ .getKeyInfoGeneratorManager();
+ final KeyInfoGeneratorManager keyInfoGenManager = keyInfoManager
+ .getDefaultManager();
+ final KeyInfoGeneratorFactory keyInfoGenFac = keyInfoGenManager
+ .getFactory(credential);
+ final KeyInfoGenerator keyInfoGenerator = keyInfoGenFac
+ .newInstance();
+
+ KeyInfo keyInfo = keyInfoGenerator.generate(credential);
+
+ signature.setKeyInfo(keyInfo);
+ signature.setCanonicalizationAlgorithm(
+ SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+
+ //Create a second signature which will be used when signing assertion and response
+ final Signature signature2 = (Signature) Configuration
+ .getBuilderFactory().getBuilder(
+ Signature.DEFAULT_ELEMENT_NAME).buildObject(
+ Signature.DEFAULT_ELEMENT_NAME);
+ final SecurityConfiguration secConfiguration2 = Configuration
+ .getGlobalSecurityConfiguration();
+ final NamedKeyInfoGeneratorManager keyInfoManager2 = secConfiguration2
+ .getKeyInfoGeneratorManager();
+ final KeyInfoGeneratorManager keyInfoGenManager2 = keyInfoManager2
+ .getDefaultManager();
+ final KeyInfoGeneratorFactory keyInfoGenFac2 = keyInfoGenManager2
+ .getFactory(credential);
+ final KeyInfoGenerator keyInfoGenerator2 = keyInfoGenFac2
+ .newInstance();
+
+ KeyInfo keyInfo2 = keyInfoGenerator2.generate(credential);
+ signature2.setSigningCredential(credential);
+ signature2.setSignatureAlgorithm(
+ SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ //signature2.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signature2.setKeyInfo(keyInfo2);
+ signature2.setCanonicalizationAlgorithm(
+ SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+
+
+ LOG.info("Marshall samlToken.");
+ String qn = tokenSaml.getElementQName().toString();
+
+ if (qn.endsWith(CustomAttributeQuery.DEFAULT_ELEMENT_LOCAL_NAME)) {
+ tokenSaml.setSignature(signature);
+ CustomAttributeQueryMarshaller mars = new CustomAttributeQueryMarshaller();
+ mars.marshall(tokenSaml);
+ Signer.signObject(signature);
+ } else if (qn.endsWith(Response.DEFAULT_ELEMENT_LOCAL_NAME) && !qn.contains(LogoutResponse.DEFAULT_ELEMENT_LOCAL_NAME)) {
+ Response res = (Response) tokenSaml;
+ List<Assertion> asserts = res.getAssertions();
+ //If multiple assertions we just sign the response and not the assertion
+ if (asserts.size() > 1) {
+ tokenSaml.setSignature(signature);
+ Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+ .marshall(tokenSaml);
+ LOG.info("Sign samlToken.");
+ Signer.signObject(signature);
+ }
+ //If single assertion we sign the assertion and response
+ else {
+ Assertion assertion = (Assertion) asserts.get(0);
+ assertion.setSignature(signature);
+ tokenSaml.setSignature(signature2);
+ Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+ .marshall(tokenSaml);
+ LOG.info("Sign samlToken.");
+ Signer.signObject(signature);
+ Signer.signObject(signature2);
+ }
+ }
+ //Normally we just sign the total saml response
+ else {
+ tokenSaml.setSignature(signature);
+ Configuration.getMarshallerFactory().getMarshaller(tokenSaml)
+ .marshall(tokenSaml);
+ LOG.info("Sign samlToken.");
+ Signer.signObject(signature);
+ }
+
+
+ } catch (MarshallingException e) {
+ LOG.error("MarshallingException");
+ throw new SAMLEngineException(e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("A 'xmldsig#rsa-sha1' cryptographic algorithm is requested but is not available in the environment.");
+ throw new SAMLEngineException(e);
+ } catch (KeyStoreException e) {
+ LOG.error("Generic KeyStore exception.");
+ throw new SAMLEngineException(e);
+ } catch (SignatureException e) {
+ LOG.error("Signature exception.");
+ throw new SAMLEngineException(e);
+ } catch (SecurityException e) {
+ LOG.error("Security exception.");
+ throw new SAMLEngineException(e);
+ } catch (UnrecoverableKeyException e) {
+ LOG.error("UnrecoverableKey exception.");
+ throw new SAMLEngineException(e);
+ }
+
+ return tokenSaml;
+ }
+
+ /**
+ * @param tokenSaml token SAML
+ * @return the SAMLObject validated.
+ * @throws SAMLEngineException error validate signature
+ * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(org.opensaml.common.SignableSAMLObject)
+ */
+ public final SAMLObject validateSignature(final SignableSAMLObject tokenSaml)
+ throws SAMLEngineException {
+ LOG.info("Start signature validation.");
+ try {
+
+ // Validate structure signature
+ final SAMLSignatureProfileValidator sigProfValidator =
+ new SAMLSignatureProfileValidator();
+ try {
+ // Indicates signature id conform to SAML Signature profile
+ sigProfValidator.validate(tokenSaml.getSignature());
+ } catch (ValidationException e) {
+ LOG.error("ValidationException: signature isn't conform to SAML Signature profile.");
+ throw new SAMLEngineException(e);
+ }
+
+ String aliasCert = null;
+ X509Certificate certificate;
+
+ final List<Credential> trustCred = new ArrayList<Credential>();
+
+ for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e
+ .hasMoreElements(); ) {
+ aliasCert = e.nextElement();
+ final BasicX509Credential credential = new BasicX509Credential();
+ certificate = (X509Certificate) storkOwnKeyStore
+ .getCertificate(aliasCert);
+ credential.setEntityCertificate(certificate);
+ trustCred.add(credential);
+ }
+
+ final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
+
+ final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo
+ .getX509Datas().get(0).getX509Certificates().get(0);
+
+ final CertificateFactory certFact = CertificateFactory
+ .getInstance("X.509");
+ final ByteArrayInputStream bis = new ByteArrayInputStream(Base64
+ .decode(xmlCert.getValue()));
+ final X509Certificate cert = (X509Certificate) certFact
+ .generateCertificate(bis);
+
+ // Exist only one certificate
+ final BasicX509Credential entityX509Cred = new BasicX509Credential();
+ entityX509Cred.setEntityCertificate(cert);
+
+ try {
+ cert.checkValidity();
+ } catch (CertificateExpiredException exp) {
+ throw new SAMLEngineException("Certificate expired.");
+ } catch (CertificateNotYetValidException exp) {
+ throw new SAMLEngineException("Certificate not yet valid.");
+ }
+
+ /* A better use of PKI based validation but not wanted for STORK...
+ boolean trusted = false;
+
+ for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements();)
+ {
+ aliasCert = e.nextElement();
+ certificate = (X509Certificate) storkOwnKeyStore.getCertificate(aliasCert);
+ try {
+ cert.verify(certificate.getPublicKey());
+ trusted = true;
+ break;
+ }
+ catch (Exception ex) {
+ //Do nothing - cert not trusted yet
+ }
+ }
+
+ if (!trusted)
+ throw new SAMLEngineException("Certificate is not trusted.");*/
+
+ // Validate trust certificates
+ final ExplicitX509CertificateTrustEvaluator chainTrustEvaluator = new ExplicitX509CertificateTrustEvaluator();
+
+ if (!chainTrustEvaluator.validate(entityX509Cred, trustCred)) {
+ throw new SAMLEngineException("Certificate is not trusted.");
+ }
+ final ExplicitKeyTrustEvaluator keyTrustEvaluator =
+ new ExplicitKeyTrustEvaluator();
+
+ if (!keyTrustEvaluator.validate(entityX509Cred, trustCred)) {
+ throw new SAMLEngineException("Certificate is not trusted.");
+ }
+
+ // Validate signature
+ final SignatureValidator sigValidator = new SignatureValidator(
+ entityX509Cred);
+ sigValidator.validate(tokenSaml.getSignature());
+
+ } catch (ValidationException e) {
+ LOG.error("ValidationException.");
+ throw new SAMLEngineException(e);
+ } catch (KeyStoreException e) {
+ LOG.error("KeyStoreException.", e);
+ throw new SAMLEngineException(e);
+ } catch (GeneralSecurityException e) {
+ LOG.error("GeneralSecurityException.", e);
+ throw new SAMLEngineException(e);
+ }
+ LOG.info(tokenSaml.getSignatureReferenceID());
+ LOG.info("Start signature validation - END.");
+ return tokenSaml;
+ }
+
+
+ /**
+ * Load cryptographic service provider.
+ *
+ * @throws SAMLEngineException the SAML engine exception
+ */
+ public final void loadCryptServiceProvider() throws SAMLEngineException {
+ LOG.info("Load Cryptographic Service Provider");
+ FileInputStream fis = null;
+ try {
+ // Dynamically register Bouncy Castle provider.
+ boolean found = false;
+ // Check if BouncyCastle is already registered as a provider
+ final Provider[] providers = Security.getProviders();
+ for (int i = 0; i < providers.length; i++) {
+ if (providers[i].getName().equals(
+ BouncyCastleProvider.PROVIDER_NAME)) {
+ found = true;
+ }
+ }
+
+ // Register only if the provider has not been previously registered
+ if (!found) {
+ LOG.info("SAMLCore: Register Bouncy Castle provider.");
+ Security.insertProviderAt(new BouncyCastleProvider(), Security
+ .getProviders().length);
+ }
+
+ storkOwnKeyStore = KeyStore.getInstance(properties
+ .getProperty(KEYSTORE_TYPE));
+
+ LOG.info("Loading KeyInfo from keystore file " + properties.getProperty("keystorePath"));
+ fis = new FileInputStream(properties
+ .getProperty("keystorePath"));
+
+ storkOwnKeyStore.load(fis, properties.getProperty(
+ KEY_STORE_PASS).toCharArray());
+
+ } catch (Exception e) {
+ LOG.error("Error loading CryptographicServiceProvider", e);
+ throw new SAMLEngineException(
+ "Error loading CryptographicServiceProvider", e);
+ } finally {
+ IOUtils.closeQuietly(fis);
+ }
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
index a6e7e7f60..25737e307 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
@@ -1,132 +1,132 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.common.impl.AbstractSignableSAMLObject;
-import org.opensaml.xml.XMLObject;
-
-import eu.stork.peps.auth.engine.core.CitizenCountryCode;
-import eu.stork.peps.auth.engine.core.SPInformation;
-import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The Class VIDPAuthenticationAttributesImpl.
- *
- * @author fjquevedo
- */
-public final class VIDPAuthenticationAttributesImpl extends AbstractSignableSAMLObject implements
-VIDPAuthenticationAttributes {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(VIDPAuthenticationAttributesImpl.class.getName());
- /** The citizen country code. */
- private CitizenCountryCode citizenCountryCode;
-
- /** The SP information. */
- private SPInformation spInformation;
-
- /**
- * Instantiates a new requested attributes implement.
- *
- * @param namespaceURI the namespace URI
- * @param elementLocalName the element local name
- * @param namespacePrefix the namespace prefix
- */
- protected VIDPAuthenticationAttributesImpl(final String namespaceURI,
- final String elementLocalName, final String namespacePrefix) {
- super(namespaceURI, elementLocalName, namespacePrefix);
- }
-
-
- /**
- * getCitizenCountryCode.
- *
- * @return the citizen country code
- */
- public CitizenCountryCode getCitizenCountryCode() {
- return citizenCountryCode;
- }
-
- /**
- * getSPInformation
- *
- * @return the SP information
- */
- public SPInformation getSPInformation() {
- return spInformation;
- }
-
- /**
- * Gets the ordered children.
- *
- * @return the ordered children
- *
- */
- public List<XMLObject> getOrderedChildren() {
- final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
-
- children.add(citizenCountryCode);
- children.add(spInformation);
-
- if (getSignature() != null) {
- children.add(getSignature());
- }
-
- return Collections.unmodifiableList(children);
-
- }
-
- /**
- * Gets the signature reference id.
- *
- * @return the signature reference id
- *
- */
- public String getSignatureReferenceID() {
- return null;
- }
-
- /**
- * Sets the citizen country code.
- *
- * @param newCitizenCountryCode the new citizen country code
- *
- */
- public void setCitizenCountryCode(CitizenCountryCode newCitizenCountryCode) {
- this.citizenCountryCode = prepareForAssignment(this.citizenCountryCode, newCitizenCountryCode);
- }
-
- /**
- * Sets the SP information.
- *
- * @param newSPInformation the new SP information
- *
- */
- public void setSPInformation(SPInformation newSPInformation) {
- this.spInformation = prepareForAssignment(this.spInformation, newSPInformation);
- }
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.opensaml.common.impl.AbstractSignableSAMLObject;
+import org.opensaml.xml.XMLObject;
+
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
+import eu.stork.peps.auth.engine.core.SPInformation;
+import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The Class VIDPAuthenticationAttributesImpl.
+ *
+ * @author fjquevedo
+ */
+public final class VIDPAuthenticationAttributesImpl extends AbstractSignableSAMLObject implements
+VIDPAuthenticationAttributes {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(VIDPAuthenticationAttributesImpl.class.getName());
+ /** The citizen country code. */
+ private CitizenCountryCode citizenCountryCode;
+
+ /** The SP information. */
+ private SPInformation spInformation;
+
+ /**
+ * Instantiates a new requested attributes implement.
+ *
+ * @param namespaceURI the namespace URI
+ * @param elementLocalName the element local name
+ * @param namespacePrefix the namespace prefix
+ */
+ protected VIDPAuthenticationAttributesImpl(final String namespaceURI,
+ final String elementLocalName, final String namespacePrefix) {
+ super(namespaceURI, elementLocalName, namespacePrefix);
+ }
+
+
+ /**
+ * getCitizenCountryCode.
+ *
+ * @return the citizen country code
+ */
+ public CitizenCountryCode getCitizenCountryCode() {
+ return citizenCountryCode;
+ }
+
+ /**
+ * getSPInformation
+ *
+ * @return the SP information
+ */
+ public SPInformation getSPInformation() {
+ return spInformation;
+ }
+
+ /**
+ * Gets the ordered children.
+ *
+ * @return the ordered children
+ *
+ */
+ public List<XMLObject> getOrderedChildren() {
+ final ArrayList<XMLObject> children = new ArrayList<XMLObject>();
+
+ children.add(citizenCountryCode);
+ children.add(spInformation);
+
+ if (getSignature() != null) {
+ children.add(getSignature());
+ }
+
+ return Collections.unmodifiableList(children);
+
+ }
+
+ /**
+ * Gets the signature reference id.
+ *
+ * @return the signature reference id
+ *
+ */
+ public String getSignatureReferenceID() {
+ return null;
+ }
+
+ /**
+ * Sets the citizen country code.
+ *
+ * @param newCitizenCountryCode the new citizen country code
+ *
+ */
+ public void setCitizenCountryCode(CitizenCountryCode newCitizenCountryCode) {
+ this.citizenCountryCode = prepareForAssignment(this.citizenCountryCode, newCitizenCountryCode);
+ }
+
+ /**
+ * Sets the SP information.
+ *
+ * @param newSPInformation the new SP information
+ *
+ */
+ public void setSPInformation(SPInformation newSPInformation) {
+ this.spInformation = prepareForAssignment(this.spInformation, newSPInformation);
+ }
+
+ @Override
+ public int hashCode() {
+ LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
+ return super.hashCode();
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesUnmarshaller.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesUnmarshaller.java
index 1de300c03..ba4a4fe3a 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesUnmarshaller.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesUnmarshaller.java
@@ -1,55 +1,55 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.impl;
-
-import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.UnmarshallingException;
-
-import eu.stork.peps.auth.engine.core.CitizenCountryCode;
-import eu.stork.peps.auth.engine.core.SPInformation;
-import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
-
-/**
- * The Class VIDPAuthenticationAttributesUnmarshaller.
- *
- * @author fjquevedo
- */
-public class VIDPAuthenticationAttributesUnmarshaller extends
- AbstractSAMLObjectUnmarshaller {
-
- /**
- * Process child element.
- *
- * @param parentObject the parent object
- * @param childObject the child object
- *
- * @throws UnmarshallingException the unmarshalling exception
- *
- */
- protected final void processChildElement(final XMLObject parentObject,
- final XMLObject childObject) throws UnmarshallingException {
- final VIDPAuthenticationAttributes vIDPAuthenticationAttr = (VIDPAuthenticationAttributes) parentObject;
-
- if (childObject instanceof CitizenCountryCode) {
- vIDPAuthenticationAttr.setCitizenCountryCode((CitizenCountryCode) childObject);
- } else if (childObject instanceof SPInformation) {
- vIDPAuthenticationAttr.setSPInformation((SPInformation) childObject);
- } else {
- super.processChildElement(parentObject, childObject);
- }
- }
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.impl;
+
+import org.opensaml.common.impl.AbstractSAMLObjectUnmarshaller;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import eu.stork.peps.auth.engine.core.CitizenCountryCode;
+import eu.stork.peps.auth.engine.core.SPInformation;
+import eu.stork.peps.auth.engine.core.VIDPAuthenticationAttributes;
+
+/**
+ * The Class VIDPAuthenticationAttributesUnmarshaller.
+ *
+ * @author fjquevedo
+ */
+public class VIDPAuthenticationAttributesUnmarshaller extends
+ AbstractSAMLObjectUnmarshaller {
+
+ /**
+ * Process child element.
+ *
+ * @param parentObject the parent object
+ * @param childObject the child object
+ *
+ * @throws UnmarshallingException the unmarshalling exception
+ *
+ */
+ protected final void processChildElement(final XMLObject parentObject,
+ final XMLObject childObject) throws UnmarshallingException {
+ final VIDPAuthenticationAttributes vIDPAuthenticationAttr = (VIDPAuthenticationAttributes) parentObject;
+
+ if (childObject instanceof CitizenCountryCode) {
+ vIDPAuthenticationAttr.setCitizenCountryCode((CitizenCountryCode) childObject);
+ } else if (childObject instanceof SPInformation) {
+ vIDPAuthenticationAttr.setSPInformation((SPInformation) childObject);
+ } else {
+ super.processChildElement(parentObject, childObject);
+ }
+ }
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/package-info.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/package-info.java
index e26da6d04..07db9c9db 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/package-info.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/package-info.java
@@ -1,19 +1,19 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-/**
- * Implementations of STORK 1.0 core specification types and elements.
- */
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+/**
+ * Implementations of STORK 1.0 core specification types and elements.
+ */
package eu.stork.peps.auth.engine.core.impl; \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/package-info.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/package-info.java
index 3393dcf78..51745d796 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/package-info.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/package-info.java
@@ -1,19 +1,19 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-/**
- * Interfaces for STORK 1.0 core specification types and elements.
- */
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+/**
+ * Interfaces for STORK 1.0 core specification types and elements.
+ */
package eu.stork.peps.auth.engine.core; \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java
index beceac57f..c602ad38a 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java
@@ -1,57 +1,69 @@
-package eu.stork.peps.auth.engine.core.validator;
-
-import java.util.List;
-
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.SubjectQuery;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.util.DatatypeHelper;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.Validator;
-
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-
-public class CustomAttributeQueryValidator implements Validator<CustomAttributeQuery> {
-
- /*
- * Validate action.
- *
- * @param qaa the quality authentication assurance level attribute
- *
- * @throws ValidationException the validation exception
- */
- public final void validate(final CustomAttributeQuery attrQuery) throws ValidationException {
- validateAssertion(attrQuery);
- validateSubject(attrQuery);
- validateDestination(attrQuery);
- }
-
-
- /**
- * Validate assertion.
- *
- * @param attrQuery the attribute query
- *
- * @throws ValidationException the validation exception
- */
- protected final void validateAssertion(final CustomAttributeQuery attrQuery)
- throws ValidationException {
- if (DatatypeHelper.isEmpty(attrQuery.getAssertionConsumerServiceURL())) {
- throw new ValidationException("Consumer Service URL must be specified.");
- }
- }
-
- //Validate subject
- protected void validateSubject(CustomAttributeQuery query) throws ValidationException {
- if (query.getSubject() == null)
- throw new ValidationException("Subject is required");
- }
-
- //Validate destination
- protected void validateDestination(CustomAttributeQuery query) throws ValidationException {
- if (query.getDestination() == null)
- throw new ValidationException("Destination is required");
- }
-
-}
+package eu.stork.peps.auth.engine.core.validator;
+
+import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+
+public class CustomAttributeQueryValidator implements Validator<CustomAttributeQuery> {
+
+ /**
+ * Validate action.
+ *
+ * @param attrQuery the attribute query to validate
+ *
+ * @throws ValidationException the validation exception
+ */
+ public final void validate(final CustomAttributeQuery attrQuery) throws ValidationException {
+ validateAssertion(attrQuery);
+ validateSubject(attrQuery);
+ validateDestination(attrQuery);
+ }
+
+
+ /**
+ * Validate assertion.
+ *
+ * @param attrQuery the attribute query
+ *
+ * @throws ValidationException the validation exception
+ */
+ protected final void validateAssertion(final CustomAttributeQuery attrQuery)
+ throws ValidationException {
+ if (DatatypeHelper.isEmpty(attrQuery.getAssertionConsumerServiceURL())) {
+ throw new ValidationException("Consumer Service URL must be specified.");
+ }
+ }
+
+ /**
+ * Validate subject
+ * @param query the attribute query to validate
+ * @throws ValidationException the validation exception
+ */
+ protected void validateSubject(CustomAttributeQuery query) throws ValidationException {
+ if (query.getSubject() == null)
+ throw new ValidationException("Subject is required");
+ }
+
+ /**
+ * Validate the destination
+ * @param query the query to validate
+ * @throws ValidationException the validation exception
+ */
+ protected void validateDestination(CustomAttributeQuery query) throws ValidationException {
+ if (query.getDestination() == null)
+ throw new ValidationException("Destination is required");
+ }
+
+ /**
+ * Validate the destination
+ * @param query the query to validate
+ * @throws ValidationException the validation exception
+ */
+ protected void validateTime(CustomAttributeQuery query) throws ValidationException {
+ if (query.getIssueInstant().isAfterNow())
+ throw new ValidationException("Issue time is in the futue");
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java
index 760d9c188..491549aac 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java
@@ -1,61 +1,61 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.validator;
-
-import java.util.List;
-
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.Validator;
-
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-
-/**
- * The Class ExtensionsSchemaValidator.
- *
- * @author fjquevedo
- */
-public class ExtensionsSchemaValidator implements Validator<Extensions> {
-
-
- /**
- * validate the extensions.
- *
- * @param extensions the extensions
- *
- * @throws ValidationException the validation exception
- */
- public final void validate(final Extensions extensions)
- throws ValidationException {
- if (extensions.getUnknownXMLObjects() == null
- || extensions.getUnknownXMLObjects().size() <= 0) {
- throw new ValidationException("Extension element is empty or not exist.");
- }
-
- List<XMLObject> qaa = extensions.getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME);
-
- if (qaa.size() == 1) {
- final Validator<QAAAttribute> validatorQaa = new QAAAttributeSchemaValidator();
- validatorQaa.validate((QAAAttribute) qaa.get(0));
- } else {
- throw new ValidationException(
- "Extensions must contain only one element QAALevel.");
- }
-
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.validator;
+
+import java.util.List;
+
+import org.opensaml.saml2.common.Extensions;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+
+/**
+ * The Class ExtensionsSchemaValidator.
+ *
+ * @author fjquevedo
+ */
+public class ExtensionsSchemaValidator implements Validator<Extensions> {
+
+
+ /**
+ * validate the extensions.
+ *
+ * @param extensions the extensions
+ *
+ * @throws ValidationException the validation exception
+ */
+ public final void validate(final Extensions extensions)
+ throws ValidationException {
+ if (extensions.getUnknownXMLObjects() == null
+ || extensions.getUnknownXMLObjects().size() <= 0) {
+ throw new ValidationException("Extension element is empty or not exist.");
+ }
+
+ List<XMLObject> qaa = extensions.getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME);
+
+ if (qaa.size() == 1) {
+ final Validator<QAAAttribute> validatorQaa = new QAAAttributeSchemaValidator();
+ validatorQaa.validate((QAAAttribute) qaa.get(0));
+ } else {
+ throw new ValidationException(
+ "Extensions must contain only one element QAALevel.");
+ }
+
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java
new file mode 100644
index 000000000..72639c8ee
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java
@@ -0,0 +1,80 @@
+package eu.stork.peps.auth.engine.core.validator;
+
+import org.opensaml.saml2.core.Response;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+
+public class MultipleAssertionResponseValidator implements Validator<Response> {
+
+ /**
+ * Validate action.
+ *
+ * @param response the response to validate
+ *
+ * @throws ValidationException the validation exception
+ */
+ public final void validate(final Response response) throws ValidationException {
+ validateAssertion(response);
+ validateConsent(response);
+ validateDestination(response);
+ validateTime(response);
+ validateId(response);
+ }
+
+
+ /**
+ * Validate assertion.
+ *
+ * @param response the attribute query
+ *
+ * @throws ValidationException the validation exception
+ */
+ protected final void validateAssertion(final Response response)
+ throws ValidationException {
+ if (response.getAssertions() == null || response.getAssertions().size() < 2) {
+ throw new ValidationException("Multiple assertions must be specified.");
+ }
+ }
+
+ /**
+ * Validate the Consent
+ * @param response the response to validate
+ * @throws ValidationException the validation exception
+ */
+ protected void validateConsent(Response response) throws ValidationException {
+ if (response.getConsent() == null)
+ throw new ValidationException("Consent is required");
+ }
+
+ /**
+ * Validate the destination
+ * @param response the response to validate
+ * @throws ValidationException the validation exception
+ */
+ protected void validateDestination(Response response) throws ValidationException {
+ if (response.getDestination() == null)
+ throw new ValidationException("Destination is required");
+ }
+
+ /**
+ * Validate issue times
+ * @param response the response to validate
+ * @throws ValidationException the validation exception
+ */
+ protected void validateTime(Response response) throws ValidationException {
+ if (response.getIssueInstant().isAfterNow())
+ throw new ValidationException("Issue time is in the futue");
+ }
+
+ /**
+ * Validate ids
+ * @param response the response to validate
+ * @throws ValidationException the validation exception
+ */
+ protected void validateId(Response response) throws ValidationException {
+ if (response.getID() == null || response.getInResponseTo() == null)
+ throw new ValidationException("Id and response id is required");
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
index be5dc8c34..44c9db380 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
@@ -1,65 +1,65 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.validator;
-
-import org.opensaml.xml.util.DatatypeHelper;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.Validator;
-
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-
-/**
- * The Class QAAAttributeSchemaValidator.
- *
- * @author fjquevedo
- */
-public class QAAAttributeSchemaValidator implements Validator<QAAAttribute> {
-
-
- /**
- * Validate action.
- *
- * @param qaa the quality authentication assurance level attribute
- *
- * @throws ValidationException the validation exception
- */
- public final void validate(final QAAAttribute qaa) throws ValidationException {
- validateAction(qaa);
- }
-
-
- /**
- * Validate action.
- *
- * @param qaaAttribute the quality authentication assurance level attribute.
- *
- * @throws ValidationException the validation exception
- */
- protected final void validateAction(final QAAAttribute qaaAttribute)
- throws ValidationException {
- if (DatatypeHelper.isEmpty(qaaAttribute.getQaaLevel())) {
- throw new ValidationException("QAALevel label must be specified.");
- }
-
- final int qaa = Integer.valueOf(qaaAttribute.getQaaLevel());
-
- if (qaa < QAAAttribute.MIN_VALUE || qaa > QAAAttribute.MAX_VALUE) {
- throw new ValidationException(
- "QAALevel label must be greater than 0.");
- }
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.validator;
+
+import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+
+/**
+ * The Class QAAAttributeSchemaValidator.
+ *
+ * @author fjquevedo
+ */
+public class QAAAttributeSchemaValidator implements Validator<QAAAttribute> {
+
+
+ /**
+ * Validate action.
+ *
+ * @param qaa the quality authentication assurance level attribute
+ *
+ * @throws ValidationException the validation exception
+ */
+ public final void validate(final QAAAttribute qaa) throws ValidationException {
+ validateAction(qaa);
+ }
+
+
+ /**
+ * Validate action.
+ *
+ * @param qaaAttribute the quality authentication assurance level attribute.
+ *
+ * @throws ValidationException the validation exception
+ */
+ protected final void validateAction(final QAAAttribute qaaAttribute)
+ throws ValidationException {
+ if (DatatypeHelper.isEmpty(qaaAttribute.getQaaLevel())) {
+ throw new ValidationException("QAALevel label must be specified.");
+ }
+
+ final int qaa = Integer.valueOf(qaaAttribute.getQaaLevel());
+
+ if (qaa < QAAAttribute.MIN_VALUE || qaa > QAAAttribute.MAX_VALUE) {
+ throw new ValidationException(
+ "QAALevel label must be greater than 0.");
+ }
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java
index b98cf7157..07b632773 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java
@@ -1,19 +1,19 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-/**
- * Validation rules for STORK 1.0 core types and elements.
- */
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+/**
+ * Validation rules for STORK 1.0 core types and elements.
+ */
package eu.stork.peps.auth.engine.core.validator; \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/package-info.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/package-info.java
index d3e353e51..30130b7f6 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/package-info.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/package-info.java
@@ -1,19 +1,19 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-/**
- * Provides the classes necessary to create a SAML message.
- */
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+/**
+ * Provides the classes necessary to create a SAML message.
+ */
package eu.stork.peps.auth.engine; \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java
index b40e3f7dd..c53e18662 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java
@@ -1,136 +1,142 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.configuration;
-
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.InvalidPropertiesFormatException;
-import java.util.Map;
-import java.util.Properties;
-
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-
-/**
- * The Class InstanceCreator.
- *
- * @author fjquevedo
- */
-public final class ConfigurationCreator {
-
- /** The Constant LOGGER. */
- private static final Logger LOGGER = LoggerFactory
- .getLogger(ConfigurationCreator.class.getName());
-
- /**
- * Creates the configuration.
- *
- * @param instanceConfs the instance configuration
- *
- * @return the map< string, map< string, object>>
- *
- * @throws STORKSAMLEngineException the STORKSAML engine exception
- */
- public static Map<String, Map<String, Object>> createConfiguration(
- final Map<String, InstanceEngine> instanceConfs) throws STORKSAMLEngineException {
-
- final HashMap<String, Map<String, Object>> instances =
- new HashMap<String, Map<String, Object>>();
-
- LOGGER.info("Create configuration.");
- try {
- // Only create instances for SAMLEngine configuration.
- // INSTANCE
- for (Map.Entry<String, InstanceEngine> entry : instanceConfs
- .entrySet()) {
- final InstanceEngine iEngine = entry.getValue();
-
- final Map<String, Object> intance = new HashMap<String, Object>();
-
- // CONFIGURATION
- for (ConfigurationEngine configuration : iEngine
- .getConfiguration()) {
- // Properties only for configuration SamlEngine.
- if (configuration.getName().equalsIgnoreCase(
- "SamlEngineConf")) {
- intance.put(configuration.getName(),
- getNewInstance(configuration.getParameters()
- .get("fileConfiguration")));
- } else {
- intance.put(configuration.getName(), configuration
- .getParameters());
- }
- }
- instances.put(entry.getKey(), intance);
- }
- } catch (STORKSAMLEngineException ex) {
- LOGGER.error("Can not create instance from file configuration.");
- throw new STORKSAMLEngineException(ex);
- }
- return instances;
- }
-
-
- /**
- * Gets the new instance.
- *
- * @param fileName the file name
- *
- * @return the properties from the new instance
- *
- * @throws STORKSAMLEngineException the STORKSAML engine
- * runtime exception
- */
- private static Properties getNewInstance(final String fileName)
- throws STORKSAMLEngineException {
- LOGGER.info("Create file configuration properties to Stork Saml Engine.");
- InputStream fileEngineProp = null;
- try {
- // fetch base from system properties, give a default if there is nothing configured
- String base = System.getProperty("eu.stork.samlengine.config.location");
- if(null != base)
- if(!base.endsWith("/"))
- base += "/";
-
- if(null != base)
- fileEngineProp = new FileInputStream(base + fileName);
- else
- fileEngineProp = ConfigurationCreator.class.getResourceAsStream("/" + fileName);
- final Properties configuration = new Properties();
- configuration.loadFromXML(fileEngineProp);
- return configuration;
- } catch (InvalidPropertiesFormatException e) {
- LOGGER.error("Invalid properties format.");
- throw new STORKSAMLEngineException(e);
- } catch (IOException e) {
- LOGGER.error("Error read file: " + fileName);
- throw new STORKSAMLEngineException(e);
- } finally {
- IOUtils.closeQuietly(fileEngineProp);
- }
- }
-
- /**
- * Instantiates a new instance creator.
- */
- private ConfigurationCreator() {
- }
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.configuration;
+
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import org.apache.commons.io.IOUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.InvalidPropertiesFormatException;
+import java.util.Map;
+import java.util.Properties;
+
+/**
+ * The Class InstanceCreator.
+ *
+ * @author fjquevedo
+ */
+public final class ConfigurationCreator {
+
+ /**
+ * The Constant LOGGER.
+ */
+ private static final Logger LOGGER = LoggerFactory
+ .getLogger(ConfigurationCreator.class.getName());
+
+ /**
+ * Creates the configuration.
+ *
+ * @param instanceConfs the instance configuration
+ * @return the map< string, map< string, object>>
+ * @throws STORKSAMLEngineException the STORKSAML engine exception
+ */
+ public static Map<String, Map<String, Object>> createConfiguration(
+ final Map<String, InstanceEngine> instanceConfs) throws STORKSAMLEngineException {
+
+ final HashMap<String, Map<String, Object>> instances =
+ new HashMap<String, Map<String, Object>>();
+
+ LOGGER.info("Create configuration.");
+ try {
+ // Only create instances for SAMLEngine configuration.
+ // INSTANCE
+ for (Map.Entry<String, InstanceEngine> entry : instanceConfs
+ .entrySet()) {
+ final InstanceEngine iEngine = entry.getValue();
+
+ final Map<String, Object> intance = new HashMap<String, Object>();
+
+ // CONFIGURATION
+ for (ConfigurationEngine configuration : iEngine
+ .getConfiguration()) {
+ // Properties only for configuration SamlEngine.
+ if (configuration.getName().equalsIgnoreCase(
+ "SamlEngineConf")) {
+ intance.put(configuration.getName(),
+ getNewInstance(configuration.getParameters()
+ .get("fileConfiguration")));
+ } else {
+ intance.put(configuration.getName(), configuration
+ .getParameters());
+ }
+ }
+ instances.put(entry.getKey(), intance);
+ }
+ } catch (STORKSAMLEngineException ex) {
+ LOGGER.error("Can not create instance from file configuration.");
+ throw new STORKSAMLEngineException(ex);
+ }
+ return instances;
+ }
+
+
+ /**
+ * Gets the new instance.
+ *
+ * @param fileName the file name
+ * @return the properties from the new instance
+ * @throws STORKSAMLEngineException the STORKSAML engine
+ * runtime exception
+ */
+ private static Properties getNewInstance(final String fileName)
+ throws STORKSAMLEngineException {
+ InputStream fileEngineProp = null;
+
+ // fetch base from system properties, give a default if there is nothing configured
+ String base = System.getProperty("eu.stork.samlengine.config.location");
+ if (null != base) {
+ if (!base.endsWith("/")) {
+ base += "/";
+ }
+ } else {
+ base = "/";
+ }
+
+ LOGGER.info("Create file configuration properties to Stork Saml Engine: " + base + fileName);
+
+ try {
+
+ if (null != base)
+ fileEngineProp = new FileInputStream(base + fileName);
+ else
+ fileEngineProp = ConfigurationCreator.class
+ .getResourceAsStream(base + fileName);
+
+ final Properties configuration = new Properties();
+ configuration.loadFromXML(fileEngineProp);
+ return configuration;
+ } catch (InvalidPropertiesFormatException e) {
+ LOGGER.error("Invalid properties format.");
+ throw new STORKSAMLEngineException(e);
+ } catch (IOException e) {
+ LOGGER.error("Error read file: " + base + fileName);
+ throw new STORKSAMLEngineException(e);
+ } finally {
+ IOUtils.closeQuietly(fileEngineProp);
+ }
+ }
+
+ /**
+ * Instantiates a new instance creator.
+ */
+ private ConfigurationCreator() {
+ }
} \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationEngine.java
index 910f4398e..d9e7e467a 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationEngine.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationEngine.java
@@ -1,69 +1,69 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.configuration;
-
-import java.util.Map;
-
-/**
- * The Class ConfigurationEngine.
- *
- * @author fjquevedo
- */
-public class ConfigurationEngine {
-
- /** The name of the configuration file. */
- private String name;
-
- /** The parameters. */
- private Map<String, String> parameters;
-
- /**
- * Gets the name.
- *
- * @return the name
- */
- public final String getName() {
- return name;
- }
-
- /**
- * Gets the parameters.
- *
- * @return the parameters
- */
- public final Map<String, String> getParameters() {
- return parameters;
- }
-
- /**
- * Sets the name.
- *
- * @param newName the new name
- */
- public final void setName(final String newName) {
- this.name = newName;
- }
-
- /**
- * Sets the parameters.
- *
- * @param newParameters the parameters
- */
- public final void setParameters(final Map<String, String> newParameters) {
- this.parameters = newParameters;
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.configuration;
+
+import java.util.Map;
+
+/**
+ * The Class ConfigurationEngine.
+ *
+ * @author fjquevedo
+ */
+public class ConfigurationEngine {
+
+ /** The name of the configuration file. */
+ private String name;
+
+ /** The parameters. */
+ private Map<String, String> parameters;
+
+ /**
+ * Gets the name.
+ *
+ * @return the name
+ */
+ public final String getName() {
+ return name;
+ }
+
+ /**
+ * Gets the parameters.
+ *
+ * @return the parameters
+ */
+ public final Map<String, String> getParameters() {
+ return parameters;
+ }
+
+ /**
+ * Sets the name.
+ *
+ * @param newName the new name
+ */
+ public final void setName(final String newName) {
+ this.name = newName;
+ }
+
+ /**
+ * Sets the parameters.
+ *
+ * @param newParameters the parameters
+ */
+ public final void setParameters(final Map<String, String> newParameters) {
+ this.parameters = newParameters;
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationReader.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationReader.java
index e9b067e76..7968c77ff 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationReader.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationReader.java
@@ -1,233 +1,234 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.configuration;
-
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-import org.xml.sax.SAXException;
-
-import eu.stork.peps.exceptions.SAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
-
-/**
- * The Class ConfigurationReader.
- *
- * @author fjquevedo
- */
-public final class ConfigurationReader {
-
- /** The Constant SAML_ENGINE_CONFIGURATION_FILE. */
- private static final String ENGINE_CONF_FILE = "SamlEngine.xml";
-
- /** The Constant LOGGER. */
- private static final Logger LOGGER = LoggerFactory
- .getLogger(ConfigurationReader.class.getName());
-
- /** The Constant NODE_CONFIGURATION. */
- private static final String NODE_CONF = "configuration";
-
- /** The Constant NODE_CONFIGURATION_NAME. */
- private static final String NODE_CONF_NAME = "name";
-
- /** The Constant NODE_INSTANCE_NAME. */
- private static final String NODE_INST_NAME = "name";
-
- /** The Constant NODE_INSTANCE. */
- private static final String NODE_INSTANCE = "instance";
-
- /** The Constant NODE_CONFIGURATION_NAME. */
- private static final String NODE_PARAM_NAME = "name";
-
- /** The Constant NODE_CONFIGURATION_NAME. */
- private static final String NODE_PARAM_VALUE = "value";
-
- /** The Constant NODE_CONFIGURATION_NAME. */
- private static final String NODE_PARAMETER = "parameter";
-
- /**
- * Generate parameters.
- *
- * @param configurationNode the configuration node
- *
- * @return the map< string, string>
- */
- private static Map<String, String> generateParam(
- final Element configurationNode) {
-
- final HashMap<String, String> parameters = new HashMap<String, String>();
-
- final NodeList parameterNodes = configurationNode
- .getElementsByTagName(NODE_PARAMETER);
-
- String parameterName;
- String parameterValue;
-
- for (int k = 0; k < parameterNodes.getLength(); ++k) {
- // for every parameter find, process.
- final Element parameterNode = (Element) parameterNodes.item(k);
- parameterName = parameterNode.getAttribute(NODE_PARAM_NAME);
- parameterValue = parameterNode.getAttribute(NODE_PARAM_VALUE);
-
- // verified the content.
- if (StringUtils.isBlank(parameterName)
- || StringUtils.isBlank(parameterValue)) {
- throw new STORKSAMLEngineRuntimeException(
- "Error reader parameters (name - value).");
- } else {
- parameters.put(parameterName.trim(), parameterValue.trim());
- }
- }
- return parameters;
- }
-
- /**
- * Read configuration.
- *
- * @return the map< string, instance engine>
- *
- * @throws SAMLEngineException the STORKSAML engine runtime
- * exception
- */
- public static Map<String, InstanceEngine> readConfiguration()
- throws SAMLEngineException {
-
- // fetch base from system properties, give a default if there is nothing configured
- String base = System.getProperty("eu.stork.samlengine.config.location");
- if(null != base)
- if(!base.endsWith("/"))
- base += "/";
-
- LOGGER.info("Init reader: " + base + ENGINE_CONF_FILE);
- final Map<String, InstanceEngine> instanceConfs =
- new HashMap<String, InstanceEngine>();
-
- Document document = null;
- // Load configuration file
- final DocumentBuilderFactory factory = DocumentBuilderFactory
- .newInstance();
- DocumentBuilder builder;
-
- InputStream engineConf = null;
- try {
-
- factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-
- builder = factory.newDocumentBuilder();
-
- if(null != base)
- engineConf = new FileInputStream(base + ENGINE_CONF_FILE);
- else
- engineConf = ConfigurationReader.class.getResourceAsStream("/" + ENGINE_CONF_FILE);
-
- document = builder.parse(engineConf);
-
- // Read instance
- final NodeList list = document.getElementsByTagName(NODE_INSTANCE);
-
- for (int indexElem = 0; indexElem < list.getLength(); ++indexElem) {
- final Element element = (Element) list.item(indexElem);
-
- final InstanceEngine instanceConf = new InstanceEngine();
-
- // read every configuration.
- final String instanceName = element
- .getAttribute(NODE_INST_NAME);
-
- if (StringUtils.isBlank(instanceName)) {
- throw new STORKSAMLEngineRuntimeException(
- "Error reader instance name.");
- }
- instanceConf.setName(instanceName.trim());
-
- final NodeList confNodes = element
- .getElementsByTagName(NODE_CONF);
-
- for (int indexNode = 0; indexNode < confNodes.getLength(); ++indexNode) {
-
- final Element configurationNode = (Element) confNodes
- .item(indexNode);
-
- final String configurationName = configurationNode
- .getAttribute(NODE_CONF_NAME);
-
- if (StringUtils.isBlank(configurationName)) {
- throw new STORKSAMLEngineRuntimeException(
- "Error reader configuration name.");
- }
-
- final ConfigurationEngine confSamlEngine =
- new ConfigurationEngine();
-
- // Set configuration name.
- confSamlEngine.setName(configurationName.trim());
-
- // Read every parameter for this configuration.
- final Map<String, String> parameters =
- generateParam(configurationNode);
-
- // Set parameters
- confSamlEngine.setParameters(parameters);
-
- // Add parameters to the configuration.
- instanceConf.getConfiguration().add(confSamlEngine);
- }
-
- // Add to the list of configurations.
- instanceConfs.put(element.getAttribute(NODE_INST_NAME),
- instanceConf);
- }
-
- } catch (SAXException e) {
- LOGGER.error("Error: init library parser.");
- throw new SAMLEngineException(e);
- } catch (ParserConfigurationException e) {
- LOGGER.error("Error: parser configuration file xml.");
- throw new SAMLEngineException(e);
- } catch (IOException e) {
- LOGGER.error("Error: read configuration file.");
- throw new SAMLEngineException(e);
- } finally {
- IOUtils.closeQuietly(engineConf);
- }
-
- return instanceConfs;
- }
-
- /**
- * Instantiates a new configuration reader.
- */
- private ConfigurationReader() {
-
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.configuration;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
+
+import eu.stork.peps.exceptions.SAMLEngineException;
+import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
+
+/**
+ * The Class ConfigurationReader.
+ *
+ * @author fjquevedo
+ */
+public final class ConfigurationReader {
+
+ /** The Constant SAML_ENGINE_CONFIGURATION_FILE. */
+ private static final String ENGINE_CONF_FILE = "SamlEngine.xml";
+
+ /** The Constant LOGGER. */
+ private static final Logger LOGGER = LoggerFactory
+ .getLogger(ConfigurationReader.class.getName());
+
+ /** The Constant NODE_CONFIGURATION. */
+ private static final String NODE_CONF = "configuration";
+
+ /** The Constant NODE_CONFIGURATION_NAME. */
+ private static final String NODE_CONF_NAME = "name";
+
+ /** The Constant NODE_INSTANCE_NAME. */
+ private static final String NODE_INST_NAME = "name";
+
+ /** The Constant NODE_INSTANCE. */
+ private static final String NODE_INSTANCE = "instance";
+
+ /** The Constant NODE_CONFIGURATION_NAME. */
+ private static final String NODE_PARAM_NAME = "name";
+
+ /** The Constant NODE_CONFIGURATION_NAME. */
+ private static final String NODE_PARAM_VALUE = "value";
+
+ /** The Constant NODE_CONFIGURATION_NAME. */
+ private static final String NODE_PARAMETER = "parameter";
+
+ /**
+ * Generate parameters.
+ *
+ * @param configurationNode the configuration node
+ *
+ * @return the map< string, string>
+ */
+ private static Map<String, String> generateParam(
+ final Element configurationNode) {
+
+ final HashMap<String, String> parameters = new HashMap<String, String>();
+
+ final NodeList parameterNodes = configurationNode
+ .getElementsByTagName(NODE_PARAMETER);
+
+ String parameterName;
+ String parameterValue;
+
+ for (int k = 0; k < parameterNodes.getLength(); ++k) {
+ // for every parameter find, process.
+ final Element parameterNode = (Element) parameterNodes.item(k);
+ parameterName = parameterNode.getAttribute(NODE_PARAM_NAME);
+ parameterValue = parameterNode.getAttribute(NODE_PARAM_VALUE);
+
+ // verified the content.
+ if (StringUtils.isBlank(parameterName)
+ || StringUtils.isBlank(parameterValue)) {
+ throw new STORKSAMLEngineRuntimeException(
+ "Error reader parameters (name - value).");
+ } else {
+ parameters.put(parameterName.trim(), parameterValue.trim());
+ }
+ }
+ return parameters;
+ }
+
+ /**
+ * Read configuration.
+ *
+ * @return the map< string, instance engine>
+ *
+ * @throws SAMLEngineException the STORKSAML engine runtime
+ * exception
+ */
+ public static Map<String, InstanceEngine> readConfiguration()
+ throws SAMLEngineException {
+
+ // fetch base from system properties, give a default if there is nothing configured
+ String base = System.getProperty("eu.stork.samlengine.config.location");
+ if(null != base)
+ if(!base.endsWith("/"))
+ base += "/";
+
+
+ LOGGER.info("Init reader: " + base + ENGINE_CONF_FILE);
+ final Map<String, InstanceEngine> instanceConfs =
+ new HashMap<String, InstanceEngine>();
+
+ Document document = null;
+ // Load configuration file
+ final DocumentBuilderFactory factory = DocumentBuilderFactory
+ .newInstance();
+ DocumentBuilder builder;
+
+ InputStream engineConf = null;
+ try {
+
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+
+ builder = factory.newDocumentBuilder();
+
+ if (null != base)
+ engineConf = new FileInputStream(base + ENGINE_CONF_FILE);
+ else
+ engineConf = ConfigurationReader.class.getResourceAsStream("/" + ENGINE_CONF_FILE);
+
+ document = builder.parse(engineConf);
+
+ // Read instance
+ final NodeList list = document.getElementsByTagName(NODE_INSTANCE);
+
+ for (int indexElem = 0; indexElem < list.getLength(); ++indexElem) {
+ final Element element = (Element) list.item(indexElem);
+
+ final InstanceEngine instanceConf = new InstanceEngine();
+
+ // read every configuration.
+ final String instanceName = element
+ .getAttribute(NODE_INST_NAME);
+
+ if (StringUtils.isBlank(instanceName)) {
+ throw new STORKSAMLEngineRuntimeException(
+ "Error reader instance name.");
+ }
+ instanceConf.setName(instanceName.trim());
+
+ final NodeList confNodes = element
+ .getElementsByTagName(NODE_CONF);
+
+ for (int indexNode = 0; indexNode < confNodes.getLength(); ++indexNode) {
+
+ final Element configurationNode = (Element) confNodes
+ .item(indexNode);
+
+ final String configurationName = configurationNode
+ .getAttribute(NODE_CONF_NAME);
+
+ if (StringUtils.isBlank(configurationName)) {
+ throw new STORKSAMLEngineRuntimeException(
+ "Error reader configuration name.");
+ }
+
+ final ConfigurationEngine confSamlEngine =
+ new ConfigurationEngine();
+
+ // Set configuration name.
+ confSamlEngine.setName(configurationName.trim());
+
+ // Read every parameter for this configuration.
+ final Map<String, String> parameters =
+ generateParam(configurationNode);
+
+ // Set parameters
+ confSamlEngine.setParameters(parameters);
+
+ // Add parameters to the configuration.
+ instanceConf.getConfiguration().add(confSamlEngine);
+ }
+
+ // Add to the list of configurations.
+ instanceConfs.put(element.getAttribute(NODE_INST_NAME),
+ instanceConf);
+ }
+
+ } catch (SAXException e) {
+ LOGGER.error("Error: init library parser.");
+ throw new SAMLEngineException(e);
+ } catch (ParserConfigurationException e) {
+ LOGGER.error("Error: parser configuration file xml.");
+ throw new SAMLEngineException(e);
+ } catch (IOException e) {
+ LOGGER.error("Error: read configuration file.");
+ throw new SAMLEngineException(e);
+ } finally {
+ IOUtils.closeQuietly(engineConf);
+ }
+
+ return instanceConfs;
+ }
+
+ /**
+ * Instantiates a new configuration reader.
+ */
+ private ConfigurationReader() {
+
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationSingleton.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationSingleton.java
index 53cea621d..d00607853 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationSingleton.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationSingleton.java
@@ -1,74 +1,74 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.configuration;
-
-import java.util.Map;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import eu.stork.peps.exceptions.SAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
-
-/**
- * The Class InstanceCreator.
- *
- * @author fjquevedo
- */
-public final class ConfigurationSingleton {
-
- /** The instance of every engine SAML. */
- private static Map<String, InstanceEngine> instanceConfigs;
-
- /** The instances of SAML engine. */
- private static Map<String, Map<String, Object>> instances;
-
- /** The Constant LOGGER. */
- private static final Logger LOGGER = LoggerFactory
- .getLogger(ConfigurationSingleton.class.getName());
-
- static {
- LOGGER.debug("Read all file configurations. (instances of SAMLEngine)");
- try {
- instanceConfigs = ConfigurationReader.readConfiguration();
- } catch (SAMLEngineException e) {
- LOGGER.error("Error read configuration file.");
- throw new STORKSAMLEngineRuntimeException(e);
- }
- }
-
- /**
- * Gets the new instance.
- *
- * @param fileName the file name
- *
- * @return the properties from the new instance
- *
- * @throws STORKSAMLEngineException the STORKSAML engine runtime exception
- */
- private static Map<String, Map<String, Object>> getInstance(
- final String fileName) throws STORKSAMLEngineException {
- return ConfigurationCreator.createConfiguration(instanceConfigs);
- }
-
- /**
- * Instantiates a new instance creator.
- */
- private ConfigurationSingleton() {
- }
-
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.configuration;
+
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import eu.stork.peps.exceptions.SAMLEngineException;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import eu.stork.peps.exceptions.STORKSAMLEngineRuntimeException;
+
+/**
+ * The Class InstanceCreator.
+ *
+ * @author fjquevedo
+ */
+public final class ConfigurationSingleton {
+
+ /** The instance of every engine SAML. */
+ private static Map<String, InstanceEngine> instanceConfigs;
+
+ /** The instances of SAML engine. */
+ private static Map<String, Map<String, Object>> instances;
+
+ /** The Constant LOGGER. */
+ private static final Logger LOGGER = LoggerFactory
+ .getLogger(ConfigurationSingleton.class.getName());
+
+ static {
+ LOGGER.debug("Read all file configurations. (instances of SAMLEngine)");
+ try {
+ instanceConfigs = ConfigurationReader.readConfiguration();
+ } catch (SAMLEngineException e) {
+ LOGGER.error("Error read configuration file.");
+ throw new STORKSAMLEngineRuntimeException(e);
+ }
+ }
+
+ /**
+ * Gets the new instance.
+ *
+ * @param fileName the file name
+ *
+ * @return the properties from the new instance
+ *
+ * @throws STORKSAMLEngineException the STORKSAML engine runtime exception
+ */
+ private static Map<String, Map<String, Object>> getInstance(
+ final String fileName) throws STORKSAMLEngineException {
+ return ConfigurationCreator.createConfiguration(instanceConfigs);
+ }
+
+ /**
+ * Instantiates a new instance creator.
+ */
+ private ConfigurationSingleton() {
+ }
+
} \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/InstanceEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/InstanceEngine.java
index e0e2d1965..4d9bba8e7 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/InstanceEngine.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/InstanceEngine.java
@@ -1,70 +1,70 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.configuration;
-
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * The Class InstanceConfiguration.
- *
- * @author fjquevedo
- */
-public class InstanceEngine {
-
- /** The configuration. */
- private List<ConfigurationEngine> configuration = new ArrayList<ConfigurationEngine>();
-
- /** The name. */
- private String name;
-
- /**
- * Gets the parameters.
- *
- * @return the parameters
- */
- public final List<ConfigurationEngine> getConfiguration() {
- return this.configuration;
- }
-
- /**
- * Gets the name.
- *
- * @return the name
- */
- public final String getName() {
- return name;
- }
-
- /**
- * Sets the parameters.
- *
- * @param newConfiguration the new parameters
- */
- public final void setConfiguration(final List<ConfigurationEngine> newConfiguration) {
- this.configuration = newConfiguration;
- }
-
- /**
- * Sets the name.
- *
- * @param newName the new name
- */
- public final void setName(final String newName) {
- this.name = newName;
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.configuration;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * The Class InstanceConfiguration.
+ *
+ * @author fjquevedo
+ */
+public class InstanceEngine {
+
+ /** The configuration. */
+ private List<ConfigurationEngine> configuration = new ArrayList<ConfigurationEngine>();
+
+ /** The name. */
+ private String name;
+
+ /**
+ * Gets the parameters.
+ *
+ * @return the parameters
+ */
+ public final List<ConfigurationEngine> getConfiguration() {
+ return this.configuration;
+ }
+
+ /**
+ * Gets the name.
+ *
+ * @return the name
+ */
+ public final String getName() {
+ return name;
+ }
+
+ /**
+ * Sets the parameters.
+ *
+ * @param newConfiguration the new parameters
+ */
+ public final void setConfiguration(final List<ConfigurationEngine> newConfiguration) {
+ this.configuration = newConfiguration;
+ }
+
+ /**
+ * Sets the name.
+ *
+ * @param newName the new name
+ */
+ public final void setName(final String newName) {
+ this.name = newName;
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/package-info.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/package-info.java
index 6d0b54297..344368e03 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/package-info.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/package-info.java
@@ -1,19 +1,19 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-/**
- * Provides the classes necessary to create a SAML message instance.
- */
-package eu.stork.peps.configuration;
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+/**
+ * Provides the classes necessary to create a SAML message instance.
+ */
+package eu.stork.peps.configuration;
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/SAMLEngineException.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/SAMLEngineException.java
index 366379ad0..ac46f73e4 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/SAMLEngineException.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/SAMLEngineException.java
@@ -1,57 +1,57 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.exceptions;
-
-/**
- * The Class SAMLEngineException.
- *
- * @author fjquevedo
- */
-public class SAMLEngineException extends Exception {
-
- /** The Constant serialVersionUID. */
- private static final long serialVersionUID = 2611361164977849837L;
-
- /**
- * Instantiates a new SAMLEngine exception.
- *
- * @param wrappedException the wrapped exception
- */
- public SAMLEngineException(final Exception wrappedException) {
- super(wrappedException);
- }
-
- /**
- * Instantiates a new SAMLEngine exception.
- *
- * @param message the message
- */
- public SAMLEngineException(final String message) {
- super(message);
- }
-
- /**
- * Instantiates a new SAMLEngine exception.
- *
- * @param message the message
- * @param wrappedException the wrapped exception
- */
- public SAMLEngineException(final String message,
- final Exception wrappedException) {
- super(message, wrappedException);
- }
-
-}
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.exceptions;
+
+/**
+ * The Class SAMLEngineException.
+ *
+ * @author fjquevedo
+ */
+public class SAMLEngineException extends Exception {
+
+ /** The Constant serialVersionUID. */
+ private static final long serialVersionUID = 2611361164977849837L;
+
+ /**
+ * Instantiates a new SAMLEngine exception.
+ *
+ * @param wrappedException the wrapped exception
+ */
+ public SAMLEngineException(final Exception wrappedException) {
+ super(wrappedException);
+ }
+
+ /**
+ * Instantiates a new SAMLEngine exception.
+ *
+ * @param message the message
+ */
+ public SAMLEngineException(final String message) {
+ super(message);
+ }
+
+ /**
+ * Instantiates a new SAMLEngine exception.
+ *
+ * @param message the message
+ * @param wrappedException the wrapped exception
+ */
+ public SAMLEngineException(final String message,
+ final Exception wrappedException) {
+ super(message, wrappedException);
+ }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/STORKSAMLEngineRuntimeException.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/STORKSAMLEngineRuntimeException.java
index 30b9b49b4..fb01fd5aa 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/STORKSAMLEngineRuntimeException.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/STORKSAMLEngineRuntimeException.java
@@ -1,56 +1,56 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.exceptions;
-
-/**
- * The Class STORKSAMLEngineRuntimeException.
- *
- * @author fjquevedo
- */
-public class STORKSAMLEngineRuntimeException extends RuntimeException {
-
- /** The Constant serialVersionUID. */
- private static final long serialVersionUID = 5829810358581493517L;
-
- /**
- * Instantiates a new sTORKSAML engine runtime exception.
- *
- * @param wrappedException the wrapped exception
- */
- public STORKSAMLEngineRuntimeException(final Exception wrappedException) {
- super(wrappedException);
- }
-
- /**
- * Creates a new instance of application exception.
- *
- * @param cause the exception cause.
- */
- public STORKSAMLEngineRuntimeException(final String cause) {
- super(cause);
- }
-
- /**
- * Instantiates a new sTORKSAML engine runtime exception.
- *
- * @param message the message
- * @param wrappedException the wrapped exception
- */
- public STORKSAMLEngineRuntimeException(final String message,
- final Exception wrappedException) {
- super(message, wrappedException);
- }
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.exceptions;
+
+/**
+ * The Class STORKSAMLEngineRuntimeException.
+ *
+ * @author fjquevedo
+ */
+public class STORKSAMLEngineRuntimeException extends RuntimeException {
+
+ /** The Constant serialVersionUID. */
+ private static final long serialVersionUID = 5829810358581493517L;
+
+ /**
+ * Instantiates a new sTORKSAML engine runtime exception.
+ *
+ * @param wrappedException the wrapped exception
+ */
+ public STORKSAMLEngineRuntimeException(final Exception wrappedException) {
+ super(wrappedException);
+ }
+
+ /**
+ * Creates a new instance of application exception.
+ *
+ * @param cause the exception cause.
+ */
+ public STORKSAMLEngineRuntimeException(final String cause) {
+ super(cause);
+ }
+
+ /**
+ * Instantiates a new sTORKSAML engine runtime exception.
+ *
+ * @param message the message
+ * @param wrappedException the wrapped exception
+ */
+ public STORKSAMLEngineRuntimeException(final String message,
+ final Exception wrappedException) {
+ super(message, wrappedException);
+ }
} \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/package-info.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/package-info.java
index 0c34528fc..0c7341995 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/package-info.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/exceptions/package-info.java
@@ -1,19 +1,19 @@
-/*
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- *
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-/**
- * Provides the classes for STORK exceptions management.
- */
+/*
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ *
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+/**
+ * Provides the classes for STORK exceptions management.
+ */
package eu.stork.peps.exceptions; \ No newline at end of file