From f6f2512c90058f677ceee99c4aae9ddfaa54ed3a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 27 Jan 2017 23:14:03 +0100 Subject: add MOA specific eIDAS engine. --- .../modules/eidas/engine/MOAProtocolEngine.java | 68 ++++++++++++++++++++++ .../eidas/utils/MOAProtocolEngineFactory.java | 24 ++++++++ 2 files changed, 92 insertions(+) create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java new file mode 100644 index 000000000..d8fcd1694 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas.engine; + +import java.security.cert.X509Certificate; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml2.core.Response; + +import at.gv.egovernment.moa.logging.Logger; +import eu.eidas.auth.commons.EidasErrorKey; +import eu.eidas.auth.commons.protocol.IAuthenticationRequest; +import eu.eidas.auth.engine.ProtocolEngine; +import eu.eidas.auth.engine.configuration.ProtocolConfigurationAccessor; +import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils; +import eu.eidas.engine.exceptions.EIDASSAMLEngineException; + +public class MOAProtocolEngine extends ProtocolEngine { + + public MOAProtocolEngine(ProtocolConfigurationAccessor configurationAccessor) { + super(configurationAccessor); + + } + +// @Override +// protected X509Certificate getEncryptionCertificate(String requestIssuer, +// String destinationCountryCode) throws EIDASSAMLEngineException { +// if ((StringUtils.isNotBlank(destinationCountryCode)) && (null != getProtocolEncrypter()) +// && (getProtocolEncrypter().isEncryptionEnabled(destinationCountryCode))) { +// X509Certificate encryptionCertificate = getProtocolProcessor().getEncryptionCertificate(requestIssuer); +// +// if (null == encryptionCertificate) { +// return getProtocolEncrypter().getEncryptionCertificate(destinationCountryCode); +// +// } +// return encryptionCertificate; +// } +// return null; +// } +// +// @Override +// protected Response signResponse(IAuthenticationRequest request, Response response) +// throws EIDASSAMLEngineException { +// Response responseToSign = response; +// +// if ((null != getProtocolEncrypter()) && (!(SAMLEngineUtils.isErrorSamlResponse(responseToSign)))) { +// X509Certificate destinationCertificate = getEncryptionCertificate(request.getIssuer(), +// request.getOriginCountryCode()); +// +// if (null != destinationCertificate) { +// responseToSign = getProtocolEncrypter().encryptSamlResponse(responseToSign, destinationCertificate); +// +// } else if (getProtocolEncrypter().isEncryptionEnabled(request.getOriginCountryCode())) { +//// Logger.error(SAML_EXCHANGE, +//// "BUSINESS EXCEPTION : encryption cannot be performed, no matching certificate for issuer=" +//// + request.getIssuer() + " and country=" + request.getOriginCountryCode()); +// +// throw new EIDASSAMLEngineException(EidasErrorKey.SAML_ENGINE_INVALID_CERTIFICATE.errorCode(), +// EidasErrorKey.SAML_ENGINE_INVALID_CERTIFICATE.errorMessage()); +// } +// +// } else if (!(SAMLEngineUtils.isErrorSamlResponse(responseToSign))) { +// checkSendingUnencryptedResponsesAllowed(); +// +// } +// +// Logger.debug("Signing SAML Response."); +// return ((Response) getSigner().sign(responseToSign)); +// } +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java index f29d2bb65..75a2c059c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAProtocolEngineFactory.java @@ -23,10 +23,17 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl; +import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAProtocolEngine; import at.gv.egovernment.moa.logging.Logger; +import eu.eidas.auth.engine.AbstractProtocolEngine; import eu.eidas.auth.engine.ProtocolEngineFactory; +import eu.eidas.auth.engine.ProtocolEngineI; +import eu.eidas.auth.engine.SamlEngineClock; +import eu.eidas.auth.engine.configuration.FixedProtocolConfigurationAccessor; +import eu.eidas.auth.engine.configuration.ProtocolEngineConfiguration; import eu.eidas.auth.engine.configuration.SamlEngineConfigurationException; import eu.eidas.auth.engine.configuration.dom.ProtocolEngineConfigurationFactory; +import eu.eidas.auth.engine.core.ProtocolProcessorI; import eu.eidas.samlengineconfig.CertificateConfigurationManager; /** @@ -95,5 +102,22 @@ public class MOAProtocolEngineFactory extends ProtocolEngineFactory { } +// public static ProtocolEngineI createProtocolEngine(String instanceName, +// ProtocolEngineConfigurationFactory protocolEngineConfigurationFactory, +// ProtocolProcessorI protocolProcessor, SamlEngineClock samlEngineClock) +// throws SamlEngineConfigurationException { +// +// ProtocolEngineConfiguration preConfiguration = protocolEngineConfigurationFactory +// .getConfiguration(instanceName); +// +// protocolProcessor.configure(); +// +// ProtocolEngineConfiguration configuration = ProtocolEngineConfiguration.builder(preConfiguration) +// .protocolProcessor(protocolProcessor).clock(samlEngineClock).build(); +// +// ProtocolEngineI samlEngine = new MOAProtocolEngine(new FixedProtocolConfigurationAccessor(configuration)); +// +// return samlEngine; +// } } -- cgit v1.2.3