From 42e2547a52439611b52e6a42c6e1098acff997c6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 7 Feb 2014 12:46:53 +0100
Subject: * use MOADefaultBootstrap to set SHA256 as default security parameter
 * SAMLEngine: deaktivate DefaultBootStrap.

---
 .../moa/id/demoOA/servlet/pvp2/DemoApplication.java         | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'id/oa')

diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index 0b30d7d86..dcd478864 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.demoOA.servlet.pvp2;
 
 import java.io.IOException;
+import java.security.Key;
 import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.List;
@@ -55,6 +56,7 @@ import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
 import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.SecurityHelper;
 import org.opensaml.xml.security.credential.UsageType;
 import org.opensaml.xml.security.criteria.EntityIDCriteria;
 import org.opensaml.xml.security.criteria.UsageCriteria;
@@ -149,6 +151,11 @@ public class DemoApplication extends HttpServlet {
 				
 				Logger.info("PVP2 Assertion is valid");
 				
+				//set assertion
+				org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
+				String assertion = DOMUtils.serializeNode(doc);				
+				bean.setAssertion(assertion);
+				
 				if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
 			
 					List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
@@ -177,7 +184,7 @@ public class DemoApplication extends HttpServlet {
 						encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() );
 						
 						Decrypter samlDecrypter =
-								  new Decrypter(null, skicr, encryptedKeyResolver);
+								new Decrypter(null, skicr, encryptedKeyResolver);
 						
 						for (EncryptedAssertion encAssertion : encryAssertionList) {							
 							saml2assertions.add(samlDecrypter.decrypt(encAssertion));
@@ -219,10 +226,6 @@ public class DemoApplication extends HttpServlet {
 						}
 					}
 					
-					org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
-					String assertion = DOMUtils.serializeNode(doc);
-					
-					bean.setAssertion(assertion);
 					bean.setDateOfBirth(birthday);
 					bean.setFamilyName(familyName);
 					bean.setGivenName(givenName);
-- 
cgit v1.2.3


From 9b67dbb64ed665be5430c213607854c8c7e3584b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 11 Feb 2014 08:07:20 +0100
Subject: change metadata validto area to 24 hours

---
 .../moa/id/configuration/auth/pvp2/BuildMetadata.java          |  8 ++++++++
 .../egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java  |  7 +++++++
 .../gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java  | 10 +++-------
 3 files changed, 18 insertions(+), 7 deletions(-)

(limited to 'id/oa')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
index 56f593ce7..9a0f73a1f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
@@ -45,6 +45,7 @@ import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 
 import org.apache.log4j.Logger;
+import org.joda.time.DateTime;
 import org.opensaml.Configuration;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.common.xml.SAMLConstants;
@@ -87,6 +88,8 @@ public class BuildMetadata extends HttpServlet {
 	
 	private static final Logger log = Logger.getLogger(BuildMetadata.class);
 
+	private static final int VALIDUNTIL_IN_HOURS = 24;
+	
 	/**
 	 * @see HttpServlet#HttpServlet()
 	 */
@@ -118,6 +121,9 @@ public class BuildMetadata extends HttpServlet {
 			EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.
 					createSAMLObject(EntitiesDescriptor.class);
 			
+			DateTime date = new DateTime();	
+			spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS));
+			
 			String name = config.getPVP2MetadataEntitiesName();
 			if (MiscUtil.isEmpty(name)) {
 				log.info("NO Metadata EntitiesName configurated");
@@ -130,6 +136,8 @@ public class BuildMetadata extends HttpServlet {
 			EntityDescriptor spEntityDescriptor = SAML2Utils
 					.createSAMLObject(EntityDescriptor.class);
 
+			spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
+			
 			spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor);
 			
 			String serviceURL = config.getPublicUrlPreFix(request);
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
index 652960bbc..4c9bc6d76 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
@@ -82,6 +82,8 @@ import at.iaik.commons.util.MiscUtil;
 public class BuildMetadata extends HttpServlet {
 	private static final long serialVersionUID = 1L;
 	
+	private static final int VALIDUNTIL_IN_HOURS = 24;
+	
 	/**
 	 * @see HttpServlet#HttpServlet()
 	 */
@@ -111,6 +113,9 @@ public class BuildMetadata extends HttpServlet {
 			EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.
 					createSAMLObject(EntitiesDescriptor.class);
 			
+			DateTime date = new DateTime();	
+			spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS));
+			
 			String name = config.getPVP2MetadataEntitiesName();
 			if (MiscUtil.isEmpty(name)) {
 				Logger.info("NO Metadata EntitiesName configurated");
@@ -128,6 +133,8 @@ public class BuildMetadata extends HttpServlet {
 			EntityDescriptor spEntityDescriptor = SAML2Utils
 					.createSAMLObject(EntityDescriptor.class);
 
+			spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
+			
 			spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor);
 			
 			//set OA-ID (PublicURL Prefix) as identifier
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 7e6d1e2c7..1668c31ce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -36,7 +36,6 @@ import javax.xml.transform.stream.StreamResult;
 
 import org.joda.time.DateTime;
 import org.opensaml.Configuration;
-import org.opensaml.common.impl.SAMLObjectContentReference;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.core.NameIDType;
 import org.opensaml.saml2.metadata.ContactPerson;
@@ -46,15 +45,12 @@ import org.opensaml.saml2.metadata.IDPSSODescriptor;
 import org.opensaml.saml2.metadata.KeyDescriptor;
 import org.opensaml.saml2.metadata.NameIDFormat;
 import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.io.Marshaller;
 import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.credential.UsageType;
 import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
 import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.ContentReference;
 import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
 import org.opensaml.xml.signature.Signer;
 import org.w3c.dom.Document;
 
@@ -70,7 +66,7 @@ import at.gv.egovernment.moa.logging.Logger;
 
 public class MetadataAction implements IAction {
 
-	private static final int VALIDUNTIL_IN_DAYES = 30;
+	private static final int VALIDUNTIL_IN_HOURS = 24;
 		
 	public String processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
@@ -85,7 +81,7 @@ public class MetadataAction implements IAction {
 			
 			DateTime date = new DateTime();
 			
-			idpEntitiesDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_DAYES));
+			idpEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS));
 				
 			EntityDescriptor idpEntityDescriptor = SAML2Utils
 					.createSAMLObject(EntityDescriptor.class);
@@ -99,7 +95,7 @@ public class MetadataAction implements IAction {
 			idpEntityDescriptor
 			.setEntityID(PVPConfiguration.getInstance().getIDPPublicPath());
 			
-			idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_DAYES));
+			idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
 			
 			List<ContactPerson> persons = PVPConfiguration.getInstance()
 					.getIDPContacts();
-- 
cgit v1.2.3