From 1626ac9867cd5406b83e73651080e33c11fb98d1 Mon Sep 17 00:00:00 2001 From: kstranacher_eGovL Date: Thu, 12 Jul 2012 11:27:13 +0000 Subject: Integration of STORK git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1285 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../saml/impl/STORKAuthnRequestUnmarshaller.java | 137 +++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java (limited to 'id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java') diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java new file mode 100644 index 000000000..7924400fa --- /dev/null +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/saml/impl/STORKAuthnRequestUnmarshaller.java @@ -0,0 +1,137 @@ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package eu.stork.vidp.messages.saml.impl; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; + +import org.opensaml.saml2.core.impl.AuthnRequestUnmarshaller; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.UnmarshallingException; +import org.opensaml.xml.signature.X509Data; +import org.opensaml.xml.util.Base64; + +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.messages.saml.STORKExtensions; +import eu.stork.vidp.messages.stork.SPCertEnc; +import eu.stork.vidp.messages.stork.SPCertSig; +import eu.stork.vidp.messages.stork.SPCertType; +import eu.stork.vidp.messages.stork.SPInformation; +import eu.stork.vidp.messages.stork.VIDPAuthenticationAttributes; + +public class STORKAuthnRequestUnmarshaller extends AuthnRequestUnmarshaller { + + protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) + throws UnmarshallingException { + STORKAuthnRequest req = (STORKAuthnRequest) parentSAMLObject; + + if (childSAMLObject instanceof STORKExtensions) { + STORKExtensions ext = (STORKExtensions) childSAMLObject; + req.setExtensions(ext); + + if (ext.getQAALevel() != null) + req.setQAALevel(ext.getQAALevel().getValue()); + + if (ext.getRequestedAttributes() != null) { + //List reqAttrList = new ArrayList(); +// for (RequestedAttribute reqAtt : ext.getRequestedAttributes().getRequestedAttributes()) { +// req.getRequestedAttributes().add(reqAtt); +// } + req.setRequestedAttributes(ext.getRequestedAttributes().getRequestedAttributes()); + + } + + if (ext.getAuthenticationAttributes() != null) { + VIDPAuthenticationAttributes vidpAuthAttributes = ext.getAuthenticationAttributes().getVIDPAuthenticationAttributes(); + if (vidpAuthAttributes != null) { + if (vidpAuthAttributes.getCitizenCountryCode() != null) + req.setCitizenCountryCode(vidpAuthAttributes.getCitizenCountryCode().getValue()); + + SPInformation spInformation = vidpAuthAttributes.getSPInformation(); + if (spInformation != null) { + if (spInformation.getSPID() != null) + req.setSPID(spInformation.getSPID().getValue()); + + if (spInformation.getSPCertSig() != null) { + SPCertSig spCertSig = spInformation.getSPCertSig(); + try { + req.setSPCertSig(getCertificateFromX509Data(spCertSig)); + } catch (Exception e) { + throw new UnmarshallingException("Error reading SP signing certificate"); + } + } + + if (spInformation.getSPCertEnc() != null) { + SPCertEnc spCertEnc = spInformation.getSPCertEnc(); + try { + req.setSPCertEnc(getCertificateFromX509Data(spCertEnc)); + } catch (Exception e) { + throw new UnmarshallingException("Error reading SP encryption certificate"); + } + } + + if (spInformation.getSPAuthRequest() != null) { + req.setOriginalSPAuthRequest(spInformation.getSPAuthRequest()); + } + + } + } + } + + } else { + super.processChildElement(parentSAMLObject, childSAMLObject); + } + } + + private X509Certificate getCertificateFromX509Data(SPCertType spCert) throws CertificateException { + if (spCert.getKeyInfo() != null) + if (!spCert.getKeyInfo().getX509Datas().isEmpty()) { + X509Data samlX509Data = spCert.getKeyInfo().getX509Datas().get(0); + + if (samlX509Data != null) { + if (!samlX509Data.getX509Certificates().isEmpty()) { + org.opensaml.xml.signature.X509Certificate samlX509Cert = samlX509Data.getX509Certificates().get(0); + if (samlX509Cert != null) { + if (samlX509Cert.getValue() != null && samlX509Cert.getValue().length() != 0) { + InputStream inStream = new ByteArrayInputStream( Base64.decode(samlX509Cert.getValue())); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream); + return cert; + } + + } + + } + } + } + + return null; + } + +} -- cgit v1.2.3