aboutsummaryrefslogtreecommitdiff
path: root/id/server/stork2-saml-engine
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/stork2-saml-engine')
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java9
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java99
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java2
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java3
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java26
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java7
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java7
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java5
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java78
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java45
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java96
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java6
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java8
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java18
-rw-r--r--id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java12
-rw-r--r--id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java12
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml124
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml28
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml14
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml14
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml14
-rw-r--r--id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml13
30 files changed, 348 insertions, 332 deletions
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
index f4d084a79..1dcaf4c95 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java
@@ -97,7 +97,14 @@ public class SAMLEngine {
/** The Constant SAML_ENGINE_FILE_CONF. */
private static final String SAML_ENGINE_FILE_CONF = "fileConfiguration";
- /** The codification of characters. */
+ /**
+ * Additional trust store for HW signing
+ */
+ private static final String HW_TRUST_STORE_CONF = "softTrustStoreConfig";
+
+ /**
+ * The codification of characters.
+ */
private static final String CHARACTER_ENCODING = "UTF-8";
/** The SAML core. */
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
index 6a7e1f7c0..7bf5d5ca8 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java
@@ -202,8 +202,7 @@ public final class STORKSAMLEngine extends SAMLEngine {
try {
engine = new STORKSAMLEngine(nameInstance.trim());
} catch (Exception e) {
- LOG.error("Error getting instance: " + nameInstance);
- e.printStackTrace();
+ LOG.error("Error get instance: " + nameInstance);
}
return engine;
}
@@ -389,15 +388,9 @@ public final class STORKSAMLEngine extends SAMLEngine {
final Subject subject = SAMLEngineUtils.generateSubject();
- // Mandatory STORK verified
- // String format = NameID.UNSPECIFIED
- // specification: 'SAML:2.0' exist
- // opensaml: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- // opensaml "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
- final String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
+ final String format = super.getSamlCoreProperties().getFormat();
final String nameQualifier = "";
-
LOG.debug("Generate NameID");
final NameID nameId = SAMLEngineUtils.generateNameID(super.getSamlCoreProperties().getResponder(), format, nameQualifier);
nameId.setValue(format);
@@ -1102,7 +1095,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
// Validate Parameters mandatories
validateParamAttrQueryReq(request);
- // final AttributeQuery attrQueryRequestAux = SAMLEngineUtils
final CustomAttributeQuery attrQueryRequestAux = SAMLEngineUtils.generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime());
// Set name spaces.
@@ -1930,6 +1922,8 @@ public final class STORKSAMLEngine extends SAMLEngine {
citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils.createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME);
citizenCountryCode.setCitizenCountryCode(request.getCitizenCountryCode().toUpperCase());
+
+ extensions.getUnknownXMLObjects().add(citizenCountryCode);
}
SPID spid = null;
@@ -1938,6 +1932,8 @@ public final class STORKSAMLEngine extends SAMLEngine {
spid = (SPID) SAMLEngineUtils.createSamlObject(SPID.DEF_ELEMENT_NAME);
spid.setSPID(request.getSPID().toUpperCase());
+
+ extensions.getUnknownXMLObjects().add(spid);
}
return extensions;
@@ -2493,11 +2489,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
throw new STORKSAMLEngineException("StorkSamlEngine: Assertion Consumer Service URL it's mandatory.");
}
- // Destination of the request - not mandatory
- /*
- * if (StringUtils.isBlank(request.getDestination())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Destination is mandatory."); }
- */
-
// SP country is empty
if (StringUtils.isBlank(request.getSpCountry())) {
throw new STORKSAMLEngineException("StorkSamlEngine: SP country is mandatory.");
@@ -2525,12 +2516,7 @@ public final class STORKSAMLEngine extends SAMLEngine {
*/
private void validateParamLogoutReq(final STORKLogoutRequest request) throws STORKSAMLEngineException {
LOG.info("Validate parameters from logout request.");
-
// URL to which AP Response must be sent.
- /*
- * if (StringUtils.isBlank(request.get())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); }
- */
-
// Destination of the request
if (StringUtils.isBlank(request.getDestination())) {
throw new STORKSAMLEngineException("StorkSamlEngine: Destination is mandatory.");
@@ -2591,9 +2577,9 @@ public final class STORKSAMLEngine extends SAMLEngine {
throw new STORKSAMLEngineException("Issuer must be not empty or null.");
}
- if (responseAuthReq.getPersonalAttributeList() == null || responseAuthReq.getPersonalAttributeList().isEmpty()) {
- LOG.error("PersonalAttributeList is null or empty.");
- throw new STORKSAMLEngineException("PersonalAttributeList is null or empty.");
+ if (responseAuthReq.getPersonalAttributeList() == null) {
+ LOG.error("PersonalAttributeList is null.");
+ throw new STORKSAMLEngineException("PersonalAttributeList is null.");
}
if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) {
@@ -2627,10 +2613,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
throw new STORKSAMLEngineException("PersonalAttributeList is null or empty.");
}
- /*
- * if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { throw new STORKSAMLEngineException( "assertionConsumerServiceURL is null or empty."); }
- */
-
if (StringUtils.isBlank(request.getSamlId())) {
throw new STORKSAMLEngineException("request ID is null or empty.");
}
@@ -2840,7 +2822,6 @@ public final class STORKSAMLEngine extends SAMLEngine {
attrRequest.setDestination(samlRequest.getDestination());
attrRequest.setAssertionConsumerServiceURL(samlRequest.getAssertionConsumerServiceURL());
- /* authnRequest.setProviderName(samlRequest.getProviderName()); */
attrRequest.setIssuer(samlRequest.getIssuer().getValue());
// Delete unknown elements from requested ones
@@ -2881,13 +2862,15 @@ public final class STORKSAMLEngine extends SAMLEngine {
final LogoutRequest samlRequest = (LogoutRequest) validateStorkSaml(tokenSaml);
- LOG.debug("Validate Extensions.");
- final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
- try {
- validatorExt.validate(samlRequest.getExtensions());
- } catch (ValidationException e) {
- LOG.error("ValidationException: validate Extensions.", e);
- throw new STORKSAMLEngineException(e);
+ if (samlRequest.getExtensions() != null) {
+ LOG.debug("Validate Extensions.");
+ final Validator<Extensions> validatorExt = new ExtensionsSchemaValidator();
+ try {
+ validatorExt.validate(samlRequest.getExtensions());
+ } catch (ValidationException e) {
+ LOG.error("ValidationException: validate Extensions.", e);
+ throw new STORKSAMLEngineException(e);
+ }
}
LOG.debug("Generate STORKLogoutRequest.");
@@ -2909,6 +2892,43 @@ public final class STORKSAMLEngine extends SAMLEngine {
}
/**
+ * Validate stork logout response.
+ *
+ * @param tokenSaml
+ * The SAML token
+ *
+ * @return the STORK logout response
+ *
+ * @throws STORKSAMLEngineException
+ * the STORKSAML engine exception
+ */
+ public STORKLogoutResponse validateSTORKLogoutResponse(final byte[] tokenSaml) throws STORKSAMLEngineException {
+
+ LOG.info("validate STORK Logout Response");
+
+ final LogoutResponse samlRes = (LogoutResponse) validateStorkSaml(tokenSaml);
+
+ LOG.debug("Generate STORKLogoutResponse.");
+ final STORKLogoutResponse logoutRes = new STORKLogoutResponse();
+
+ try {
+ logoutRes.setTokenSaml(super.signAndMarshall(samlRes));
+ } catch (SAMLEngineException e) {
+ LOG.error("Sign and Marshall.", e);
+ throw new STORKSAMLEngineException(e);
+ }
+
+ logoutRes.setAlias(this.getAlias(samlRes.getSignature().getKeyInfo(), super.getSigner().getTrustStore()));
+ logoutRes.setSamlId(samlRes.getID());
+ logoutRes.setDestination(samlRes.getDestination());
+ logoutRes.setIssuer(samlRes.getIssuer().getValue());
+ logoutRes.setStatusCode(samlRes.getStatus().getStatusCode().getValue().toString());
+ logoutRes.setStatusMessage(samlRes.getStatus().getStatusMessage().getMessage().toString());
+ logoutRes.setInResponseTo(samlRes.getInResponseTo());
+ return logoutRes;
+ }
+
+ /**
* Validate stork authentication response.
*
* @param tokenSaml
@@ -3060,16 +3080,15 @@ public final class STORKSAMLEngine extends SAMLEngine {
authnResponse.setAssertions(samlResponse.getAssertions());
if (samlResponse.getAssertions().size() > 1) {
PersonalAttributeList total = new PersonalAttributeList();
- List<IPersonalAttributeList> attrList = new ArrayList();
+ List<IPersonalAttributeList> attrList = new ArrayList<IPersonalAttributeList>();
for (int i = 0; i < samlResponse.getAssertions().size(); i++) {
Assertion tempAssertion = (Assertion) samlResponse.getAssertions().get(i);
IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion);
if (temp != null) {
attrList.add(temp);
- for (PersonalAttribute attribute : temp) {
- PersonalAttribute attr = (PersonalAttribute) attribute.clone();
- attr.setName(attr.getName() + tempAssertion.getID());
- total.add(attr);
+ for (PersonalAttribute attribute : (IPersonalAttributeList) temp.clone()) {
+ attribute.setName(attribute.getName() + tempAssertion.getID());
+ total.add(attribute);
}
}
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java
index 175084048..73d7e4f62 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java
@@ -25,7 +25,7 @@ public final class X509PrincipalUtil {
* @param principal2
* @return true if arguments are not null and equals
*/
- public static boolean equals(X509Principal principal1, X509Principal principal2) {
+ public static boolean X509equals(X509Principal principal1, X509Principal principal2) {
boolean continueProcess = true;
if (principal1 == null || principal2 == null) {
return false;
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java
index 922e7e61e..16b9afd18 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java
@@ -55,6 +55,9 @@ public enum SAMLCore {
/** The RESPONDE r_ tag. */
RESPONDER_TAG("responder"),
+
+ /** The format r_tag. */
+ FORMAT_TAG("format"),
/** The STOR k10_ ns. */
STORK10_NS("urn:eu:stork:names:tc:STORK:1.0:assertion"),
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java
index 13d2f0af4..2a548ca6f 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java
@@ -73,7 +73,11 @@ public final class STORKSAMLCore {
/** The responder. */
private String responder = null;
- /** The SAML core properties. */
+ private String format = null;
+
+ /**
+ * The SAML core properties.
+ */
private Properties samlCoreProp = null;
/** The time not on or after. */
@@ -189,6 +193,15 @@ public final class STORKSAMLCore {
}
/**
+ * return the format string.
+ *
+ * @return
+ */
+ public String getFormat() {
+ return this.format;
+ }
+
+ /**
* Gets the time not on or after.
*
* @return the time not on or after
@@ -330,6 +343,8 @@ public final class STORKSAMLCore {
requester = samlCoreProp.getProperty(SAMLCore.REQUESTER_TAG.getValue());
responder = samlCoreProp.getProperty(SAMLCore.RESPONDER_TAG.getValue());
+ format = samlCoreProp.getProperty(SAMLCore.FORMAT_TAG.getValue(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
+
} catch (SAMLEngineException e) {
LOGGER.error("SAMLCore: error loadConfiguration. ", e);
throw new STORKSAMLEngineRuntimeException(e);
@@ -492,6 +507,15 @@ public final class STORKSAMLCore {
}
/**
+ * Sets the format string
+ *
+ * @param newFormat
+ */
+ public void setFormat(final String newFormat) {
+ this.format = newFormat;
+ }
+
+ /**
* Sets the time not on or after.
*
* @param newTimeNotOnOrAft
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
index 907b9bf68..9f602aba1 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java
@@ -102,9 +102,4 @@ public final class AuthenticationAttributesImpl extends AbstractSignableSAMLObje
vIDPAuthenAttr = prepareForAssignment(this.vIDPAuthenAttr, newVIDPAuthenAttr);
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
index 003d56b46..aa4c725f1 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java
@@ -77,9 +77,4 @@ public class CitizenCountryCodeImpl extends AbstractSAMLObject implements Citize
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
index b5d194c7f..13cc3d287 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java
@@ -77,9 +77,4 @@ public class EIDCrossBorderShareImpl extends AbstractSAMLObject implements EIDCr
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-} \ No newline at end of file
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
index f2762e327..2e3f6ab7e 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java
@@ -78,9 +78,4 @@ public class EIDCrossSectorShareImpl extends AbstractSAMLObject implements EIDCr
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
-} \ No newline at end of file
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
index 423cf8b25..e74ce1fec 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java
@@ -77,9 +77,4 @@ public class QAAAttributeImpl extends AbstractSAMLObject implements QAAAttribute
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
index e7ac7213b..2537d3794 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java
@@ -213,9 +213,4 @@ public class RequestedAttributeImpl extends AbstractSAMLObject implements Reques
this.unknownAttributes = newUnknownAttr;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
index 276697d6a..7f09d611f 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java
@@ -77,9 +77,4 @@ public class SPApplicationImpl extends AbstractSAMLObject implements SPApplicati
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
index 404a90079..ea9085867 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java
@@ -77,9 +77,4 @@ public class SPCountryImpl extends AbstractSAMLObject implements SPCountry {
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
index cea51a5a8..03dea20ed 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java
@@ -77,9 +77,4 @@ public class SPIDImpl extends AbstractSAMLObject implements SPID {
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
index 4089f0862..41b3d8998 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java
@@ -101,9 +101,4 @@ public final class SPInformationImpl extends AbstractSignableSAMLObject implemen
this.spId = prepareForAssignment(this.spId, newSPId);
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
index 054481744..ed0a75f35 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java
@@ -77,9 +77,4 @@ public class SPInstitutionImpl extends AbstractSAMLObject implements SPInstituti
return null;
}
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
index 6e23d7f24..1cd5fb761 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java
@@ -72,6 +72,7 @@ import eu.stork.peps.exceptions.SAMLEngineException;
* The Class HWSign. Module of sign.
*
* @author fjquevedo
+ * @author advania
*/
public final class SignHW implements SAMLEngineSignI {
@@ -79,14 +80,19 @@ public final class SignHW implements SAMLEngineSignI {
private static final String CONF_FILE = "configurationFile";
/**
- * The Constant KEYSTORE_TYPE. private static final String KEYSTORE_TYPE = "keystoreType"
+ * The Constant KEYSTORE_TYPE.
*/
+ private static final String KEYSTORE_TYPE = "keystoreType";
/** The logger. */
private static final Logger LOG = LoggerFactory.getLogger(SignHW.class.getName());
/** The stork own key store. */
private KeyStore storkOwnKeyStore = null;
+ /**
+ * The soft trust key store.
+ */
+ private SignSW swTrustStore = null;
/**
* Gets the stork own key store.
@@ -160,6 +166,12 @@ public final class SignHW implements SAMLEngineSignI {
throw new SAMLEngineException(e);
} finally {
IOUtils.closeQuietly(inputStr);
+ /**
+ * Init the soft keystore to validate with. trustStoreConfig is read from the SignModule config file and should refer to the keystore containing trusted certificates.
+ */
+ swTrustStore = new SignSW();
+ swTrustStore.init(properties.getProperty("trustStoreConfig"));
+ swTrustStore.loadCryptServiceProvider();
}
}
@@ -204,7 +216,7 @@ public final class SignHW implements SAMLEngineSignI {
X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
X509Principal issuerDNConf = new X509Principal(issuer);
- if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
+ if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {
alias = aliasCert;
find = true;
}
@@ -339,56 +351,14 @@ public final class SignHW implements SAMLEngineSignI {
* exception in validate signature
*/
public SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException {
- LOG.info("Start signature validation.");
+ LOG.info("Start signature validation HW.");
+ /*
+ * we are using the soft signature class to validate the signatures. This way we use the same key store code and validation that is used there.
+ */
try {
-
- // Validate structure signature
- final SAMLSignatureProfileValidator signProfValidator = new SAMLSignatureProfileValidator();
-
- // Indicates signature id conform to SAML Signature profile
- signProfValidator.validate(tokenSaml.getSignature());
-
- String aliasCert;
- X509Certificate certificate;
-
- final List<Credential> trustedCred = new ArrayList<Credential>();
-
- for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements();) {
- aliasCert = e.nextElement();
- final BasicX509Credential credential = new BasicX509Credential();
- certificate = (X509Certificate) storkOwnKeyStore.getCertificate(aliasCert);
- credential.setEntityCertificate(certificate);
- trustedCred.add(credential);
- }
-
- final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo();
- final List<X509Certificate> listCertificates = KeyInfoHelper.getCertificates(keyInfo);
-
- if (listCertificates.size() != 1) {
- throw new SAMLEngineException("Only must be one certificate");
- }
-
- // Exist only one certificate
- final BasicX509Credential entityX509Cred = new BasicX509Credential();
- entityX509Cred.setEntityCertificate(listCertificates.get(0));
-
- final ExplicitKeyTrustEvaluator keyTrustEvaluator = new ExplicitKeyTrustEvaluator();
- if (!keyTrustEvaluator.validate(entityX509Cred, trustedCred)) {
- throw new SAMLEngineException("Certificate it is not trusted.");
- }
-
- final SignatureValidator sigValidator = new SignatureValidator(entityX509Cred);
-
- sigValidator.validate(tokenSaml.getSignature());
-
- } catch (final ValidationException e) {
- LOG.error("ValidationException.", e);
- throw new SAMLEngineException(e);
- } catch (final KeyStoreException e) {
- LOG.error("ValidationException.", e);
- throw new SAMLEngineException(e);
- } catch (final CertificateException e) {
- LOG.error("CertificateException.", e);
+ swTrustStore.validateSignature(tokenSaml);
+ } catch (Exception e) {
+ LOG.error("SW ValidationException.", e);
throw new SAMLEngineException(e);
}
return tokenSaml;
@@ -408,6 +378,12 @@ public final class SignHW implements SAMLEngineSignI {
try {
inputStream = SignHW.class.getResourceAsStream("/" + properties.getProperty(CONF_FILE));
+ final Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(inputStream);
+ if (Security.getProperty(pkcs11Provider.getName()) == null) {
+ Security.insertProviderAt(pkcs11Provider, Security.getProviders().length);
+ }
+
+ storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE), pkcs11Provider);
} catch (final Exception e) {
throw new SAMLEngineException("Error loading CryptographicServiceProvider", e);
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
index c91f11444..d5f01a4cc 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java
@@ -41,6 +41,7 @@ import eu.stork.peps.auth.engine.X509PrincipalUtil;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.NotImplementedException;
import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
@@ -166,25 +167,25 @@ public final class SignP12 implements SAMLEngineSignI {
properties = new Properties();
try {
try {
- LOG.debug("Fichero a cargar " + fileConf);
+ LOG.debug("Loading " + fileConf);
fileProperties = new FileInputStream(fileConf);
properties.loadFromXML(fileProperties);
} catch (Exception e) {
- LOG.error("Fallo al cargar el recurso externo. Se reintenta como fichero interno.");
+ LOG.error("Failed to load external resource. Retrieving internal file.");
fileProperties = SignP12.class.getResourceAsStream("/" + fileConf);
if (fileProperties == null) {
fileProperties = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileConf);
if (fileProperties == null) {
Enumeration<URL> files = ClassLoader.getSystemClassLoader().getResources(fileConf);
if (files != null && files.hasMoreElements()) {
- LOG.info("Se han encontrado recurso/s. Se toma el primero.");
+ LOG.info("Found /s.");
fileProperties = ClassLoader.getSystemClassLoader().getResourceAsStream(files.nextElement().getFile());
} else {
- throw new IOException("No se pudo recuperar el fichero: " + fileConf, e);
+ throw new IOException("Could not load file: " + fileConf, e);
}
}
}
- LOG.debug("Recuperados " + fileProperties.available() + " bytes");
+ LOG.debug("Recovered " + fileProperties.available() + " bytes");
properties.loadFromXML(fileProperties);
}
} catch (InvalidPropertiesFormatException e) {
@@ -243,7 +244,7 @@ public final class SignP12 implements SAMLEngineSignI {
X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
X509Principal issuerDNConf = new X509Principal(issuer);
- if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
+ if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {
alias = aliasCert;
find = true;
}
@@ -455,23 +456,21 @@ public final class SignP12 implements SAMLEngineSignI {
FileInputStream fisTrustStore = null;
try {
- // // Dynamically register Bouncy Castle provider.
- // boolean found = false;
- // // Check if BouncyCastle is already registered as a provider
- // final Provider[] providers = Security.getProviders();
- // for (int i = 0; i < providers.length; i++) {
- // if (providers[i].getName().equals(
- // BouncyCastleProvider.PROVIDER_NAME)) {
- // found = true;
- // }
- // }
- //
- // // Register only if the provider has not been previously registered
- // if (!found) {
- // LOG.debug("SAMLCore: Register Bouncy Castle provider.");
- // Security.insertProviderAt(new BouncyCastleProvider(), Security
- // .getProviders().length);
- // }
+ // Dynamically register Bouncy Castle provider.
+ boolean found = false;
+ // Check if BouncyCastle is already registered as a provider
+ final Provider[] providers = Security.getProviders();
+ for (int i = 0; i < providers.length; i++) {
+ if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) {
+ found = true;
+ }
+ }
+
+ // Register only if the provider has not been previously registered
+ if (!found) {
+ LOG.debug("SAMLCore: Register Bouncy Castle provider.");
+ Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length);
+ }
p12Store = KeyStore.getInstance(properties.getProperty("keystoreType"));
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
index e1ae2b8e2..1ca857e9e 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
@@ -12,17 +12,34 @@
* Licence for the specific language governing permissions and limitations under
* the Licence.
*/
-
package eu.stork.peps.auth.engine.core.impl;
-import eu.stork.peps.auth.engine.X509PrincipalUtil;
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.exceptions.SAMLEngineException;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.InvalidPropertiesFormatException;
+import java.util.List;
+import java.util.Properties;
+
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.NotImplementedException;
import org.bouncycastle.jce.X509Principal;
-//import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
@@ -41,25 +58,22 @@ import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
import org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEvaluator;
import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.*;
+import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.*;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.*;
+import eu.stork.peps.auth.engine.X509PrincipalUtil;
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.SAMLEngineException;
+
/**
* The Class SWSign. Class responsible for signing and validating of messages SAML with a certificate store software.
@@ -215,16 +229,12 @@ public class SignSW implements SAMLEngineSignI {
final String serialNum = certificate.getSerialNumber().toString(16);
- try {
- X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
- X509Principal issuerDNConf = new X509Principal(issuer);
+ X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
+ X509Principal issuerDNConf = new X509Principal(issuer);
- if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
- alias = aliasCert;
- find = true;
- }
- } catch (Exception ex) {
- LOG.error("Exception during signing: " + ex.getMessage()); // Added as a workaround for Bouncycastle email error
+ if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {
+ alias = aliasCert;
+ find = true;
}
}
if (!find) {
@@ -344,7 +354,7 @@ public class SignSW implements SAMLEngineSignI {
* @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(org.opensaml.common.SignableSAMLObject)
*/
public final SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException {
- LOG.info("Start signature validation.");
+ LOG.info("Start signature validation SW.");
try {
// Validate structure signature
@@ -440,23 +450,21 @@ public class SignSW implements SAMLEngineSignI {
LOG.info("Load Cryptographic Service Provider");
FileInputStream fis = null;
try {
- // // Dynamically register Bouncy Castle provider.
- // boolean found = false;
- // // Check if BouncyCastle is already registered as a provider
- // final Provider[] providers = Security.getProviders();
- // for (int i = 0; i < providers.length; i++) {
- // if (providers[i].getName().equals(
- // BouncyCastleProvider.PROVIDER_NAME)) {
- // found = true;
- // }
- // }
- //
- // // Register only if the provider has not been previously registered
- // if (!found) {
- // LOG.info("SAMLCore: Register Bouncy Castle provider.");
- // Security.insertProviderAt(new BouncyCastleProvider(), Security
- // .getProviders().length);
- // }
+ // Dynamically register Bouncy Castle provider.
+ boolean found = false;
+ // Check if BouncyCastle is already registered as a provider
+ final Provider[] providers = Security.getProviders();
+ for (int i = 0; i < providers.length; i++) {
+ if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) {
+ found = true;
+ }
+ }
+
+ // Register only if the provider has not been previously registered
+ if (!found) {
+ LOG.info("SAMLCore: Register Bouncy Castle provider.");
+ Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length);
+ }
storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE));
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
index d7d92ea74..bfb85e357 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java
@@ -125,10 +125,4 @@ public final class VIDPAuthenticationAttributesImpl extends AbstractSignableSAML
public void setSPInformation(SPInformation newSPInformation) {
this.spInformation = prepareForAssignment(this.spInformation, newSPInformation);
}
-
- @Override
- public int hashCode() {
- LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here");
- return super.hashCode();
- }
}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
index bf7626dc5..04ff153d3 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
@@ -54,8 +54,12 @@ public class QAAAttributeSchemaValidator implements Validator<QAAAttribute> {
if (DatatypeHelper.isEmpty(qaaAttribute.getQaaLevel())) {
throw new ValidationException("QAALevel label must be specified.");
}
-
- final int qaa = Integer.valueOf(qaaAttribute.getQaaLevel());
+ int qaa = 0;
+ try {
+ qaa = Integer.valueOf(qaaAttribute.getQaaLevel());
+ } catch (Exception e) {
+ throw new ValidationException("QAALevel is not a valid number!");
+ }
if (qaa < QAAAttribute.MIN_VALUE || qaa > QAAAttribute.MAX_VALUE) {
throw new ValidationException("QAALevel label must be greater than 0.");
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java
index 6e76c52a6..c0197b9db 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java
@@ -12,15 +12,8 @@
* Licence for the specific language governing permissions and limitations under
* the Licence.
*/
-
package eu.stork.peps.configuration;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
@@ -28,6 +21,12 @@ import java.util.InvalidPropertiesFormatException;
import java.util.Map;
import java.util.Properties;
+import org.apache.commons.io.IOUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
/**
* The Class InstanceCreator.
*
@@ -90,6 +89,7 @@ public final class ConfigurationCreator {
* the STORKSAML engine runtime exception
*/
private static Properties getNewInstance(final String fileName) throws STORKSAMLEngineException {
+ LOGGER.info("Create file configuration properties to Stork Saml Engine: " + fileName);
InputStream fileEngineProp = null;
// fetch base from system properties, give a default if there is nothing configured
@@ -115,10 +115,10 @@ public final class ConfigurationCreator {
configuration.loadFromXML(fileEngineProp);
return configuration;
} catch (InvalidPropertiesFormatException e) {
- LOGGER.error("Invalid properties format.");
+ LOGGER.error("Invalid properties format: " + fileName);
throw new STORKSAMLEngineException(e);
} catch (IOException e) {
- LOGGER.error("Error read file: " + base + fileName);
+ LOGGER.error("Error read file: " + fileName);
throw new STORKSAMLEngineException(e);
} finally {
IOUtils.closeQuietly(fileEngineProp);
diff --git a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java
index 502e0e461..4f22df7fb 100644
--- a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java
+++ b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java
@@ -59,6 +59,18 @@ public class StorkAttrQueryRequestTest {
givenName.setValue(Arrays.asList("Sveinbjorn"));
pal.add(givenName);
+ final PersonalAttribute fiscalNumber = new PersonalAttribute();
+ fiscalNumber.setName("fiscalNumber");
+ fiscalNumber.setIsRequired(true);
+ fiscalNumber.setValue(Arrays.asList("fiscalNumber"));
+ pal.add(fiscalNumber);
+
+ final PersonalAttribute LPFiscalNumber = new PersonalAttribute();
+ LPFiscalNumber.setName("LPFiscalNumber");
+ LPFiscalNumber.setIsRequired(true);
+ LPFiscalNumber.setValue(Arrays.asList("LPFiscalNumber"));
+ pal.add(LPFiscalNumber);
+
destination = "http://A-PEPS.gov.xx/PEPS/AttributeColleagueRequest";
assertConsumerUrl = "http://S-PEPS.gov.xx/PEPS/ColleagueResponse";
// spName = "University of Oxford";
diff --git a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java
index beca213ac..d476ad26e 100644
--- a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java
+++ b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java
@@ -21,15 +21,12 @@ import java.util.ArrayList;
import org.junit.Ignore;
import org.junit.Test;
-
import org.opensaml.xml.parse.BasicParserPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.*;
+import eu.stork.peps.auth.commons.*;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
@@ -68,6 +65,11 @@ public class StorkAuthRequestTest {
eIDNumber.setIsRequired(true);
pal.add(eIDNumber);
+ final PersonalAttribute LPFiscalNumber = new PersonalAttribute();
+ LPFiscalNumber.setName("LPFiscalNumber");
+ LPFiscalNumber.setIsRequired(true);
+ pal.add(LPFiscalNumber);
+
destination = "http://C-PEPS.gov.xx/PEPS/ColleagueRequest";
assertConsumerUrl = "http://S-PEPS.gov.xx/PEPS/ColleagueResponse";
diff --git a/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml b/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml
index 171e05f12..fadef82b2 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml
@@ -1,67 +1,85 @@
<?xml version="1.0" encoding="UTF-8"?>
<instances>
- <!-- Configuration name -->
- <instance name="CONF0">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" />
- </configuration>
+ <!-- Configuration name -->
+ <instance name="CONF0">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" />
+ </configuration>
- <!-- Settings module signature -->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class"
- value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_Conf0.xml" />
- </configuration>
- </instance>
+ <!-- Settings module signature -->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class"
+ value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_Conf0.xml" />
+ <parameter name="softTrustStoreConfig" value="SignModule_Conf0.xml" />
+ </configuration>
+ </instance>
- <!-- ******************** CONF1 ******************** -->
- <!-- Configuration name -->
- <instance name="CONF1">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_Conf1.xml" />
- </configuration>
+ <!-- ******************** CONF1 ******************** -->
+ <!-- Configuration name -->
+ <instance name="CONF1">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_Conf1.xml" />
+ </configuration>
- <!-- Settings module signature -->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class"
- value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_Conf1.xml" />
- </configuration>
- </instance>
+ <!-- Settings module signature -->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class"
+ value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_Conf1.xml" />
+ </configuration>
+ </instance>
- <!-- ******************** CONF2 ******************** -->
+ <!-- ******************** CONF2 ******************** -->
- <instance name="CONF2">
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_Conf2.xml" />
- </configuration>
+ <instance name="CONF2">
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_Conf2.xml" />
+ </configuration>
- <configuration name="SignatureConf">
- <parameter name="class"
- value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <parameter name="fileConfiguration" value="SignModule_Conf2.xml" />
- </configuration>
- </instance>
+ <configuration name="SignatureConf">
+ <parameter name="class"
+ value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <parameter name="fileConfiguration" value="SignModule_Conf2.xml" />
+ </configuration>
+ </instance>
- <!-- ******************** CONF3 ******************** -->
+ <!-- ******************** CONF3 ******************** -->
- <instance name="CONF3">
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_Conf3.xml" />
- </configuration>
+ <instance name="CONF3">
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_Conf3.xml" />
+ </configuration>
- <configuration name="SignatureConf">
- <parameter name="class"
- value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <parameter name="fileConfiguration" value="SignModule_Conf3.xml" />
- </configuration>
- </instance>
+ <configuration name="SignatureConf">
+ <parameter name="class"
+ value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <parameter name="fileConfiguration" value="SignModule_Conf3.xml" />
+ </configuration>
+ </instance>
+
+ <!-- ******************** CONF4 ******************** -->
+ <instance name="CONF4">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_Conf0.xml" />
+ </configuration>
+
+ <!-- Settings module signature -->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignHW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_P11.xml" />
+ <parameter name="softTrustStoreConfig" value="SignModule_Conf0.xml" />
+ </configuration>
+ </instance>
</instances> \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml
index abb071044..295258bb2 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml
@@ -1,17 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-<!-- properties> <comment>SWModule sign with JKS.</comment> <entry key="keystorePath">C:\opt\keystores\keyStoreCountry0.jks</entry>
- <entry key="keyStorePassword">local-demo</entry> <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=saml-demo-cert,OU=STORK2,O=Advania,L=Reykjavik,ST=Reykjavik,C=IS</entry>
- <entry key="serialNumber">524D4C6C</entry> <entry key="keystoreType">JKS</entry>
- </properties -->
+<!-- properties>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">C:\opt\keystores\keyStoreCountry0.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=saml-demo-cert,OU=STORK2,O=Advania,L=Reykjavik,ST=Reykjavik,C=IS</entry>
+ <entry key="serialNumber">524D4C6C</entry>
+ <entry key="keystoreType">JKS</entry>
+</properties-->
<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
</properties> \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml
index e556a7331..ffd41cb61 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml
@@ -2,11 +2,11 @@
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">C:\opt\keystores\storkDemoKeysTest.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
</properties> \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml
index 3da1e33df..21b73d49d 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml
@@ -2,11 +2,11 @@
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">C:\opt\keystores\keyStoreCountry2.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">C:\opt\keystores\keyStoreCountry2.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
</properties> \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml
index 4c14a1711..f9ebc85cc 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml
@@ -2,11 +2,11 @@
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">C:\opt\keystores\keyStoreCountry3.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
+ <comment>SWModule sign with JKS.</comment>
+ <entry key="keystorePath">C:\opt\keystores\keyStoreCountry3.jks</entry>
+ <entry key="keyStorePassword">local-demo</entry>
+ <entry key="keyPassword">local-demo</entry>
+ <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
+ <entry key="serialNumber">4BA89DB2</entry>
+ <entry key="keystoreType">JKS</entry>
</properties> \ No newline at end of file
diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml
index c683d97c3..0e95da1f2 100644
--- a/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml
+++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml
@@ -2,10 +2,11 @@
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
- <comment>HWModule sign with interface PKCS11.</comment>
- <entry key="configurationFile">p11Config.cfg</entry>
- <entry key="keyPassword">*******</entry>
- <entry key="issuer">CN=XXXXXXXXX</entry>
- <entry key="serialNumber">xxxxxxxxxxxxxx</entry>
- <entry key="keystoreType">PKCS11</entry>
+ <comment>HWModule sign with interface PKCS11.</comment>
+ <entry key="configurationFile">p11Conf.cfg</entry>
+ <entry key="keyPassword">12345</entry>
+ <entry key="issuer">CN=Test Certificate</entry>
+ <entry key="serialNumber">147d4b07db8</entry>
+ <entry key="keystoreType">PKCS11</entry>
+ <entry key="trustStoreConfig">SignModule_Conf0.xml</entry>
</properties> \ No newline at end of file