From 42e2547a52439611b52e6a42c6e1098acff997c6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Feb 2014 12:46:53 +0100 Subject: * use MOADefaultBootstrap to set SHA256 as default security parameter * SAMLEngine: deaktivate DefaultBootStrap. --- .../moa/id/demoOA/servlet/pvp2/DemoApplication.java | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'id/oa') diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index 0b30d7d86..dcd478864 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.demoOA.servlet.pvp2; import java.io.IOException; +import java.security.Key; import java.security.KeyStore; import java.util.ArrayList; import java.util.List; @@ -55,6 +56,7 @@ import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.SecurityHelper; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.criteria.EntityIDCriteria; import org.opensaml.xml.security.criteria.UsageCriteria; @@ -149,6 +151,11 @@ public class DemoApplication extends HttpServlet { Logger.info("PVP2 Assertion is valid"); + //set assertion + org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); + String assertion = DOMUtils.serializeNode(doc); + bean.setAssertion(assertion); + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { List saml2assertions = new ArrayList(); @@ -177,7 +184,7 @@ public class DemoApplication extends HttpServlet { encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); Decrypter samlDecrypter = - new Decrypter(null, skicr, encryptedKeyResolver); + new Decrypter(null, skicr, encryptedKeyResolver); for (EncryptedAssertion encAssertion : encryAssertionList) { saml2assertions.add(samlDecrypter.decrypt(encAssertion)); @@ -219,10 +226,6 @@ public class DemoApplication extends HttpServlet { } } - org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); - String assertion = DOMUtils.serializeNode(doc); - - bean.setAssertion(assertion); bean.setDateOfBirth(birthday); bean.setFamilyName(familyName); bean.setGivenName(givenName); -- cgit v1.2.3 From 9b67dbb64ed665be5430c213607854c8c7e3584b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 11 Feb 2014 08:07:20 +0100 Subject: change metadata validto area to 24 hours --- .../gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'id/oa') diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java index 652960bbc..4c9bc6d76 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java @@ -82,6 +82,8 @@ import at.iaik.commons.util.MiscUtil; public class BuildMetadata extends HttpServlet { private static final long serialVersionUID = 1L; + private static final int VALIDUNTIL_IN_HOURS = 24; + /** * @see HttpServlet#HttpServlet() */ @@ -111,6 +113,9 @@ public class BuildMetadata extends HttpServlet { EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. createSAMLObject(EntitiesDescriptor.class); + DateTime date = new DateTime(); + spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); + String name = config.getPVP2MetadataEntitiesName(); if (MiscUtil.isEmpty(name)) { Logger.info("NO Metadata EntitiesName configurated"); @@ -128,6 +133,8 @@ public class BuildMetadata extends HttpServlet { EntityDescriptor spEntityDescriptor = SAML2Utils .createSAMLObject(EntityDescriptor.class); + spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); + spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); //set OA-ID (PublicURL Prefix) as identifier -- cgit v1.2.3