From 9a1114a1ba64e0236b09c1a9e94b4da7507d3411 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 16 Nov 2016 16:03:23 +0100 Subject: fix some more bugs in eIDAS SAML-engine * different problems with SAML metadata generation --- .../eidas/utils/MOAeIDASMetadataGenerator.java | 47 ++++++++++++++++++---- 1 file changed, 39 insertions(+), 8 deletions(-) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java index ab41c2369..dd14972e3 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java @@ -53,6 +53,7 @@ import org.opensaml.saml2.metadata.LocalizedString; import org.opensaml.saml2.metadata.NameIDFormat; import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.OrganizationDisplayName; +import org.opensaml.saml2.metadata.OrganizationName; import org.opensaml.saml2.metadata.OrganizationURL; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.SSODescriptor; @@ -77,6 +78,7 @@ import com.google.common.collect.ImmutableSortedSet; import com.google.common.collect.Ordering; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import eu.eidas.auth.commons.EIDASUtil; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -127,8 +129,17 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator { entityDescriptor.setEntityID(params.getEntityID()); entityDescriptor.setOrganization(buildOrganization()); - entityDescriptor.getContactPersons().add(buildContact(ContactPersonTypeEnumeration.SUPPORT)); - entityDescriptor.getContactPersons().add(buildContact(ContactPersonTypeEnumeration.TECHNICAL)); + + /**FIXME: + * HOTFIX: do not add empty contactPerson elements + */ + ContactPerson contactSupport = buildContact(ContactPersonTypeEnumeration.SUPPORT); + if (contactSupport != null) + entityDescriptor.getContactPersons().add(contactSupport); + ContactPerson contactTech = buildContact(ContactPersonTypeEnumeration.TECHNICAL); + if (contactTech != null) + entityDescriptor.getContactPersons().add(contactTech); + entityDescriptor.setValidUntil(getExpireDate()); X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory(); @@ -165,8 +176,15 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator { //the node has SP role spSSODescriptor.setWantAssertionsSigned(params.isWantAssertionsSigned()); spSSODescriptor.setAuthnRequestsSigned(true); - spSSODescriptor.setID(idpSSODescriptor == null ? params.getEntityID() - : ("SP" + params.getEntityID())); + + + /**FIXME: + * "SP" + params.getEntityID()) is not a valid XML ID attribute value + */ + //spSSODescriptor.setID(idpSSODescriptor == null ? params.getEntityID() : ("SP" + params.getEntityID())); + spSSODescriptor.setID(SAML2Utils.getSecureIdentifier()); + + if (params.getSPSignature() != null) { spSSODescriptor.setSignature(params.getSPSignature()); } @@ -221,8 +239,13 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator { SAMLEngineException, EIDASSAMLEngineException { //the node has IDP role idpSSODescriptor.setWantAuthnRequestsSigned(true); - idpSSODescriptor.setID(spSSODescriptor == null ? params.getEntityID() - : ("IDP" + params.getEntityID())); + + /**FIXME: + * "IDP" + params.getEntityID()) is not a valid XML ID attribute value + */ + //idpSSODescriptor.setID(spSSODescriptor == null ? params.getEntityID() : ("IDP" + params.getEntityID())); + idpSSODescriptor.setID(SAML2Utils.getSecureIdentifier()); + if (params.getIDPSignature() != null) { idpSSODescriptor.setSignature(params.getIDPSignature()); } @@ -342,8 +365,16 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator { private Organization buildOrganization() { Organization organization = null; - try { + try { organization = BuilderFactoryUtil.buildXmlObject(Organization.class); + + /**FIXME: + * set correct OrganizationName value if it is not fixed in next eIDAS node version + */ + OrganizationName orgName = BuilderFactoryUtil.buildXmlObject(OrganizationName.class); + orgName.setName(new LocalizedString(params.getNodeUrl(), "en")); + organization.getOrganizationNames().add(orgName); + OrganizationDisplayName odn = BuilderFactoryUtil.buildXmlObject(OrganizationDisplayName.class); odn.setName(new LocalizedString(params.getCountryName(), "en")); organization.getDisplayNames().add(odn); @@ -374,7 +405,7 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator { contact = BuilderFactoryUtil.buildXmlObject(ContactPerson.class); if (currentContact == null) { LOGGER.error("ERROR: cannot retrieve contact from the configuration"); - return contact; + return null; } EmailAddress emailAddressObj = BuilderFactoryUtil.buildXmlObject(EmailAddress.class); -- cgit v1.2.3