From e1e410da00a399a8b059645a14a7848b39d3525c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 30 Jan 2014 20:59:16 +0100 Subject: removed old saml-engine --- id/server/idserverlib/pom.xml | 7 - .../moa/id/auth/stork/STORKResponseProcessor.java | 189 --------------------- 2 files changed, 196 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 245348d09..1efa46c7d 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -25,13 +25,6 @@ - - - MOA.id - stork-saml-engine - 1.5.2 - - eu.stork SamlEngine diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index 8385c5dbe..6d88a1684 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -40,11 +40,8 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import eu.stork.mw.messages.saml.STORKResponse; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.vidp.messages.common.STORKConstants; -import eu.stork.vidp.messages.util.SAMLUtil; /** * @@ -60,192 +57,6 @@ public class STORKResponseProcessor { /** OASIS DSS Success Message */ public static final String OASIS_DSS_SUCCESS_MSG = "urn:oasis:names:tc:dss:1.0:resultmajor:Success"; - /** - * Extracts a STORK response from a HTTP message - * @param request HttpServletRequest - * @param response HttpServletResponse - * @return STORK Response - * @throws STORKException - */ - public static STORKResponse receiveSTORKRepsonse(HttpServletRequest request, HttpServletResponse response) throws STORKException { - - HTTPInTransport httpInTransport = new HttpServletRequestAdapter(request); - HTTPOutTransport httpOutTransport = new HttpServletResponseAdapter(response, request.isSecure()); - - httpInTransport.getPeerAddress(); - - String samlResponseString = request.getParameter("SAMLResponse"); - - if (StringUtils.isEmpty(samlResponseString)) { - Logger.error("SAMLResponse not found in request."); - throw new STORKException("SAMLResponse not found in request."); - } - - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); - - samlMessageContext.setInboundMessageTransport(httpInTransport); - samlMessageContext.setOutboundMessageTransport(httpOutTransport); - - HTTPPostDecoder postDecoder = new HTTPPostDecoder(); - - try { - postDecoder.decode(samlMessageContext); - } catch (Exception e) { - Logger.error("Error decoding SAMLResponse message", e); - throw new STORKException("Error decoding SAMLResponse message", e); - } - - if (!(samlMessageContext.getInboundSAMLMessage() instanceof STORKResponse)) { - Logger.error("Message received is not a SAMLResponse message"); - throw new STORKException("Message received is not a SAMLResponse message"); - } - - STORKResponse samlResponse = (STORKResponse) samlMessageContext.getInboundSAMLMessage(); - - return samlResponse; - } - - /** - * Verifies a STORK response according STORK specification - * @param storkResponse STORK Response to verify - * @throws STORKException if validation fails - */ - public static void verifySTORKResponse(STORKResponse storkResponse) throws STORKException { - - ResponseVerifier responseVerifier = new PEPSConnectorResponseVerifier(); - try { - responseVerifier.verify(storkResponse); - } catch (SecurityException e) { - Logger.error("Error validating response message from PEPS.", e); - throw new STORKException("Error validating response message from PEPS."); - } - - } - - /** - * Verifies a STORK assertion - * @param assertion STORK assertion - * @param ipAddress Client IP address - * @param authnRequestID ID of the AuthnRequest - * @param recipient recipient for verification - * @param audience audience for verification - * @param reqAttributeList RequestedAttribute list for verification - * @throws STORKException - */ - public static void verifySTORKAssertion( - Assertion assertion, - String ipAddress, - String authnRequestID, - String recipient, - String audience, - List reqAttributeList) throws STORKException { - - //validate Assertion - AssertionVerifier assertionVerifier = new PEPSConnectorAssertionVerifier(); - try { - assertionVerifier.verify(assertion, ipAddress, authnRequestID, recipient, audience, reqAttributeList); - - //verify if all required attributes are present - PEPSConnectorAssertionVerifier.validateRequiredAttributes(reqAttributeList, assertion.getAttributeStatements().get(0).getAttributes()); - - } catch (SecurityException e) { - Logger.error("Error verifying assertion from PEPS", e); - throw new STORKException("Error validating assertion received from PEPS."); - } - - } - - /** - * Extracts the citizen signature from the signedDoc element present in the STORK assertion - * @param storkAssertion STORK assertion - * @return citizen signature as XML - * @throws STORKException - */ - public static Element extractCitizenSignature(Assertion storkAssertion) throws STORKException { - - Logger.debug("Processing DSS signature response from PEPS"); - - Element signatureResponse = getSignedDocAttributeValue(storkAssertion); - - if (signatureResponse == null) { - String msg = "Could not find DSS signature response in SAML assertion"; - Logger.error(msg); - throw new STORKException(msg); - } - - Logger.debug("Found DSS signature in SAML assertion"); - - Logger.debug("DSS Signature creation response received from PEPS (pretty print):"); - Logger.debug(XMLHelper.prettyPrintXML(signatureResponse)); - Logger.trace("DSS Signature creation response received from PEPS (original):"); - Logger.trace(XMLUtil.printXML(signatureResponse)); - - Element signature = getSignature(signatureResponse); - - if (signature == null) { - String msg = "Could not find citizen signature in SAML assertion"; - Logger.error(msg); - throw new STORKException(msg); - } - - Logger.debug("Found foreign citizen signature in SAML assertion (pretty print):"); - Logger.debug(XMLHelper.prettyPrintXML(signature)); - Logger.trace("Found foreign citizen signature in SAML assertion (original):"); - Logger.trace(XMLUtil.printXML(signature)); - - return signature; - } - - /** - * Extracts the signedDoc attribute from a STORK assertion as XML - * @param storkAssertion STORK assertion - * @return Value of signedDoc attribute - * @throws STORKException - */ - private static Element getSignedDocAttributeValue(Assertion storkAssertion) throws STORKException { - - XMLObject xmlObj = SAMLUtil.getAttributeValue(storkAssertion.getAttributeStatements().get(0).getAttributes(), STORKConstants.STORK_ATTRIBUTE_SIGNEDDOC); - - - if (xmlObj instanceof XSAny) - return getSignedDocAttributeValueFromAny((XSAny) xmlObj); - else if (xmlObj instanceof XSString) - return getSignedDocAttributValueFromString((XSString) xmlObj); - else - return null; - - } - - /** - * Get signedDoc as XML if provided as anyType - * @param any AttributeValue as anyType - * @return signedDoc as XML - */ - private static Element getSignedDocAttributeValueFromAny(XSAny any) { - if (!any.getUnknownXMLObjects(new QName(OASIS_DSS_NS, "SignResponse")).isEmpty()) { - XMLObject xmlObj = any.getUnknownXMLObjects(new QName(OASIS_DSS_NS, "SignResponse")).get(0); - return xmlObj.getDOM(); - } else { - return null; - } - } - - /** - * Get signedDoc as XML if provided as String - * @param string AttributeValue as String - * @return signedDoc as XML - * @throws STORKException - */ - private static Element getSignedDocAttributValueFromString(XSString string) throws STORKException { - try { - return XMLUtil.stringToDOM(string.getValue()); - } catch (Exception e) { - Logger.error("Error building DOM", e); - throw new STORKException(e); - - } - } - /** * Extracts the signature value out of a DSS response * @param signatureResponse DSS signature response -- cgit v1.2.3