From 496ba9bb6e150ad67c5c628c1c97f30d6da81dfb Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 10 Aug 2015 16:35:14 +0200 Subject: approved changes --- .../auth/engine/core/impl/EIDSectorShareImpl.java | 6 - .../eu/stork/peps/auth/commons/AttributeName.java | 11 +- .../peps/auth/commons/AttributeProvidersMap.java | 18 +++ .../stork/peps/auth/commons/AttributeSource.java | 14 ++- .../eu/stork/peps/auth/commons/AttributeUtil.java | 4 +- .../peps/auth/commons/IAttributeListProcessor.java | 49 +++++++- .../peps/auth/commons/IAttributeProvidersMap.java | 7 ++ .../peps/auth/commons/IPersonalAttributeList.java | 23 +++- .../java/eu/stork/peps/auth/commons/Linker.java | 31 ++++-- .../eu/stork/peps/auth/commons/PEPSErrors.java | 12 +- .../eu/stork/peps/auth/commons/PEPSParameters.java | 25 ++++- .../eu/stork/peps/auth/commons/PEPSValues.java | 6 +- .../stork/peps/auth/commons/PersonalAttribute.java | 57 +++++++++- .../peps/auth/commons/PersonalAttributeList.java | 88 +++++++++++++-- .../stork/peps/auth/commons/STORKAuthnRequest.java | 8 +- .../peps/auth/commons/STORKAuthnResponse.java | 35 +++--- .../tc/stork/_1_0/assertion/ObjectFactory.java | 16 +-- .../java/eu/stork/peps/auth/engine/SAMLEngine.java | 9 +- .../eu/stork/peps/auth/engine/STORKSAMLEngine.java | 99 +++++++++------- .../stork/peps/auth/engine/X509PrincipalUtil.java | 2 +- .../eu/stork/peps/auth/engine/core/SAMLCore.java | 3 + .../stork/peps/auth/engine/core/STORKSAMLCore.java | 26 ++++- .../core/impl/AuthenticationAttributesImpl.java | 5 - .../engine/core/impl/CitizenCountryCodeImpl.java | 5 - .../engine/core/impl/EIDCrossBorderShareImpl.java | 7 +- .../engine/core/impl/EIDCrossSectorShareImpl.java | 7 +- .../auth/engine/core/impl/QAAAttributeImpl.java | 5 - .../engine/core/impl/RequestedAttributeImpl.java | 5 - .../auth/engine/core/impl/SPApplicationImpl.java | 5 - .../peps/auth/engine/core/impl/SPCountryImpl.java | 5 - .../stork/peps/auth/engine/core/impl/SPIDImpl.java | 5 - .../auth/engine/core/impl/SPInformationImpl.java | 5 - .../auth/engine/core/impl/SPInstitutionImpl.java | 5 - .../stork/peps/auth/engine/core/impl/SignHW.java | 78 +++++-------- .../stork/peps/auth/engine/core/impl/SignP12.java | 45 ++++---- .../stork/peps/auth/engine/core/impl/SignSW.java | 96 ++++++++-------- .../impl/VIDPAuthenticationAttributesImpl.java | 6 - .../validator/QAAAttributeSchemaValidator.java | 8 +- .../peps/configuration/ConfigurationCreator.java | 18 +-- .../test/simple/StorkAttrQueryRequestTest.java | 12 ++ .../peps/test/simple/StorkAuthRequestTest.java | 12 +- .../src/test/resources/SamlEngine.xml | 124 ++++++++++++--------- .../src/test/resources/SignModule_Conf0.xml | 28 +++-- .../src/test/resources/SignModule_Conf1.xml | 14 +-- .../src/test/resources/SignModule_Conf2.xml | 14 +-- .../src/test/resources/SignModule_Conf3.xml | 14 +-- .../src/test/resources/SignModule_P11.xml | 13 ++- 47 files changed, 685 insertions(+), 405 deletions(-) (limited to 'id/server') diff --git a/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java b/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java index 9ed726a32..49ef68cb9 100644 --- a/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java +++ b/id/server/legacy-backup/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDSectorShareImpl.java @@ -76,10 +76,4 @@ public class EIDSectorShareImpl extends AbstractSAMLObject implements public final List getOrderedChildren() { return null; } - - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } \ No newline at end of file diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java index f47cca6be..28115ae62 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeName.java @@ -1,13 +1,20 @@ package eu.stork.peps.auth.commons; +import java.io.Serializable; + /** * This class is a bean used to store information relative to Attribute Names. - * + * * @author Stelios Lelis (stelios.lelis@aegean.gr), Elias Pastos (ilias@aegean.gr) * * @version $Revision: 1.00 $, $Date: 2013-11-26 $ */ -public final class AttributeName { +public final class AttributeName implements Serializable { + + /** + * + */ + private static final long serialVersionUID = -3537736618869722308L; /** * Attribute Id. diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java index 24d93f9bb..c59109092 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeProvidersMap.java @@ -91,4 +91,22 @@ public class AttributeProvidersMap extends LinkedHashMap maKeys = aPMap.keyIterator(); + while (maKeys.hasNext()) { + AttributeSource key = maKeys.next(); + IPersonalAttributeList l2 = aPMap.get(key); + if (containsKey(key)) { + IPersonalAttributeList l1 = get(key); + for (PersonalAttribute pa : l2) { + if (!l1.containsKey(pa.getName())) { + l1.add(pa); + } + } + } else { + put(key, l2); + } + } + } } diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java index 8064131a7..eb5e3ded4 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeSource.java @@ -148,10 +148,11 @@ public final class AttributeSource implements Serializable { LOG.debug("Calling equals with Object."); if (obj instanceof AttributeSource) { LOG.debug("Calling equals with AttributeSource."); - outcome = this.equals((AttributeSource) obj); + outcome = this.innerEquals((AttributeSource) obj); + } + if (LOG.isDebugEnabled()) { + LOG.debug("Object equals outcome: " + outcome); } - - LOG.debug("Object equals outcome: " + outcome); return outcome; } @@ -163,7 +164,7 @@ public final class AttributeSource implements Serializable { * * @return true if the two objects are equal */ - public boolean equals(AttributeSource obj) { + public boolean innerEquals(AttributeSource obj) { boolean outcome = false; if (this.sourceType == obj.getSourceType()) { @@ -175,8 +176,9 @@ public final class AttributeSource implements Serializable { outcome = true; } } - - LOG.debug("AttributeSource equals outcome: " + outcome); + if (LOG.isDebugEnabled()) { + LOG.debug("AttributeSource equals outcome: " + outcome); + } return outcome; } diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java index 18218dce4..f49986aaf 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/AttributeUtil.java @@ -108,7 +108,7 @@ public final class AttributeUtil { strBuilder.append(AttributeUtil.escape(s) + separator); } } - return strBuilder.toString(); + return strBuilder.substring(0, strBuilder.length() - 1).toString(); } /** @@ -132,7 +132,7 @@ public final class AttributeUtil { strBuilder.append(AttributeUtil.escape(entry.getValue())); strBuilder.append(separator); } - return strBuilder.toString(); + return strBuilder.substring(0, strBuilder.length() - 1).toString(); } /** diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java index ffae4ae67..bdcf58fec 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeListProcessor.java @@ -108,6 +108,18 @@ public interface IAttributeListProcessor { */ IPersonalAttributeList removeAPMandatoryAttributes(IPersonalAttributeList attrList, Map attributes); + /** + * Removes from attribute list the Stork list of attributes. + * + * @param attrList + * the requested attribute list + * + * @return the attribute list without rejected attributes. + * + * @see IPersonalAttributeList + */ + IPersonalAttributeList removeAPRejectedAttributes(IPersonalAttributeList attrList); + /** * Checks if mandate attribute exist in the requested Attribute List. Power attribute name to lookup is loaded by implementation. * @@ -153,4 +165,39 @@ public interface IAttributeListProcessor { */ Map getNormalAttributesAdded(); -} \ No newline at end of file + /** + * Adds normal attributes to personal attribute list if exist in original list (allAttrList). + * + * @param attrList + * the list which will be updated + * @param allAttrList + * the list to check if attributes are to be included. + * + * + * @return the attributes list updated. + */ + IPersonalAttributeList addNormalAttributes(IPersonalAttributeList attrList, IPersonalAttributeList allAttrList); + + /** + * Updates list by filtering any attribute that must be requested instead of using a value obtained from cache (business and legal attrs) + * + * @param attrList + * the list which will be updated + * @return the filtered list + */ + IPersonalAttributeList filterAttrList(IPersonalAttributeList attrList); + + /** + * Updates the list of cached attrs by inserting the business and/or legal attrs requested by the user + * + * @param cachedAttrList + * @param requestedAttrsList + */ + void updateAttrList(IPersonalAttributeList cachedAttrList, IPersonalAttributeList requestedAttrsList); + + /** + * Verifies if normal attribute list contains any attribute that we must always request (usually business attributes) + */ + boolean hasAlwaysRequestAttributes(IPersonalAttributeList attributeList); + +} diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java index aa0ddf85b..cc5fe977f 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IAttributeProvidersMap.java @@ -78,4 +78,11 @@ public interface IAttributeProvidersMap { * @return an iterator of the keys contained in this map */ Iterator keyIterator(); + + /** + * Merges this Attribute Providers Map with another providers map changes the contents of this map so it returns null + * + * @param aPMap + */ + void mergeWith(IAttributeProvidersMap aPMap); } diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java index 71b3400b4..7eb788461 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/IPersonalAttributeList.java @@ -42,6 +42,20 @@ public interface IPersonalAttributeList extends Iterable, Clo */ PersonalAttribute put(String key, PersonalAttribute value); + /** + * Replaces the specified value with the specified key in this Personal Attribute List. + * + * @param key + * with which the specified value is to be replaced. + * @param value + * to be associated with the specified key. + * + * @return the previous value associated with key, or null if there was no mapping for key. + * + * @see PersonalAttribute + */ + PersonalAttribute replace(String key, PersonalAttribute value); + /** * Returns the value to which the specified key is mapped, or null if this map contains no mapping for the key. * @@ -146,6 +160,13 @@ public interface IPersonalAttributeList extends Iterable, Clo */ IPersonalAttributeList getMandatoryAttributes(); + /** + * Returns a IPersonalAttributeList merged with provided one. + * + * @return an IPersonalAttributeList the attribute list to merge with. + */ + IPersonalAttributeList merge(IPersonalAttributeList attrList); + /** * Returns a IPersonalAttributeList of the optional attributes in this map. * @@ -172,6 +193,6 @@ public interface IPersonalAttributeList extends Iterable, Clo * * @return The copy of this IPersonalAttributeList. */ - Object clone() throws CloneNotSupportedException; + Object clone(); } diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java index f82f6fbcc..87ab4275f 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/Linker.java @@ -5,6 +5,7 @@ import java.util.ArrayList; import java.util.Iterator; import java.util.LinkedHashMap; import java.util.List; +import java.util.Map; import org.apache.log4j.Logger; @@ -36,7 +37,7 @@ public final class Linker implements Serializable { /** * Assertion map. */ - private LinkedHashMap assertions; + private Map> assertions; /** * The current index of local (domestic) Attribute Providers. @@ -55,7 +56,7 @@ public final class Linker implements Serializable { localIndex = 0; remoteIndex = 0; - assertions = new LinkedHashMap(); + assertions = new LinkedHashMap>(); } /** @@ -143,13 +144,19 @@ public final class Linker implements Serializable { localIndex++; // Assertion storage - this.assertions.put(source, attrResponse); - // previously: getTotalPersonalAttributeList() in both cases - if (source.getSourceType() == AttributeSource.SOURCE_REMOTE_COUNTRY) + if (this.assertions.containsKey(source)) { + this.assertions.get(source).add(attrResponse); + } else { + List temp = new ArrayList(); + temp.add(attrResponse); + this.assertions.put(source, temp); + } + + if (source.getSourceType() == AttributeSource.SOURCE_REMOTE_COUNTRY) { this.attributeProvidersMap.put(source, attrResponse.getTotalPersonalAttributeList()); - else + } else { this.attributeProvidersMap.put(source, attrResponse.getPersonalAttributeList()); - // this.attributeProvidersMap.put(source, attrResponse.getTotalPersonalAttributeList()); + } } /** @@ -312,5 +319,13 @@ public final class Linker implements Serializable { LOG.debug("The attributeProvidersMap after the merge."); ((AttributeProvidersMap) this.attributeProvidersMap).trace(); } + + for (AttributeSource as : previous.assertions.keySet()) { + if (!assertions.containsKey(as)) { + assertions.put(as, previous.assertions.get(as)); + } else { + assertions.get(as).addAll(previous.assertions.get(as)); + } + } } -} \ No newline at end of file +} diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java index ac83d5ddf..7d758d754 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSErrors.java @@ -314,7 +314,17 @@ public enum PEPSErrors { /** * Represents the 'invalid.attr.country.code' constant error identifier. */ - INVALID_COUNTRY_CODE("invalid.attr.country.code"); + INVALID_COUNTRY_CODE("invalid.attr.country.code"), + /** + * DTL error codes. + */ + DTL_ERROR_ADD("dtl.error.adding.doc"), DTL_ERROR_GET("dtl.error.getting.doc"), DTL_ERROR_REQUEST("dtl.error.request.attribute"), DTL_INVALID_XML("dtl.invalid.xml"), DTL_EMPTY_REQUEST( + "dtl.empty.request"), DTL_ERROR_DOCUMENT_URL("dtl.error.no.document.url"), DTL_ERROR_NO_DOCUMENT("dtl.error.no.document"), DTL_ERROR_MARSHALL_SIGNREQUEST("dtl.error.marshall.signrequest"), DTL_ERROR_MARSHALL_SIGNRESPONSE( + "dtl.error.marshall.signresponse"), + /** + * Represents the 'colleagueAttributeRequest.invalidSAML' constant error identifier. + */ + COLLEAGUE_LOGOUT_INVALID_SAML("colleagueLogoutRequest.invalidSAML"); /** * Represents the constant's value. diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java index ec967a2ee..6b876b680 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSParameters.java @@ -68,6 +68,10 @@ public enum PEPSParameters { * Represents the 'attrList' parameter constant. */ ATTRIBUTE_LIST("attrList"), + /** + * Represents the 'allAttrList' parameter constant. + */ + ALL_ATTRIBUTE_LIST("allAttrList"), /** * Represents the 'apMandAttrList' parameter constant. */ @@ -106,7 +110,7 @@ public enum PEPSParameters { /** * Represents the complex attributes parameter constant. */ - COMPLEX_ADDRESS_VALUE("canonicalResidenceAddress"), COMPLEX_NEWATTRIBUTE_VALUE("newAttribute2"), COMPLEX_HASDEGREE_VALUE("hasDegree"), COMPLEX_MANDATECONTENT_VALUE("mandateContent"), + COMPLEX_ADDRESS_VALUE("canonicalResidenceAddress"), COMPLEX_NEWATTRIBUTE_VALUE("newAttribute2"), COMPLEX_HASDEGREE_VALUE("hasDegree"), COMPLEX_MANDATECONTENT_VALUE("mandate"), /** * Represents the 'consent-type' parameter constant. */ @@ -603,8 +607,23 @@ public enum PEPSParameters { /** * Represents the 'idPDerivedAttrList' parameter constant. */ - - IDP_DERIVED_ATTR_LIST("idPDerivedAttrList"); + IDP_DERIVED_ATTR_LIST("idPDerivedAttrList"), + /** + * Represents the 'apRejectedAttrsList' parameter constant. + */ + AP_REJECTED_ATTRS_LIST("apRejectedAttrsList"), + /** + * Represents the 'logoutRequest' parameter constant. + */ + LOGOUT_REQUEST("logoutRequest"), + /** + * Represents the 'logoutRequest' parameter constant. + */ + LOGOUT_RESPONSE("logoutResponse"), + /** + * Represents the 'logoutRequest' parameter constant. + */ + LOGOUT_DEST_URL("speps.logout.destination.url"); /** * Represents the constant's value. diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java index 9cc587d7f..a63db12e1 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PEPSValues.java @@ -246,7 +246,11 @@ public enum PEPSValues { /** * Represents the 'attr-filter' constant value. */ - AP_ATTRFILTER_PREFIX("attr-filter"); + AP_ATTRFILTER_PREFIX("attr-filter"), + /** + * Represents the 'save-session' constant value. + */ + SAVED_SESSION("saved-session"); /** * Represents the constant's value. diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java index 49ea3e695..8d1482f05 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java @@ -18,7 +18,7 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; +import java.util.Vector; import org.apache.log4j.Logger; @@ -60,7 +60,7 @@ public final class PersonalAttribute implements Serializable, Cloneable { /** * Complex values of the personal attribute. */ - private Map complexValue = new ConcurrentHashMap(); + private List> complexValue = new Vector>(); /** * Is the personal attribute mandatory? @@ -138,8 +138,7 @@ public final class PersonalAttribute implements Serializable, Cloneable { personalAttr.setValue(val); } if (!isEmptyComplexValue()) { - final Map complexVal = (Map) ((HashMap) this.getComplexValue()).clone(); - personalAttr.setComplexValue(complexVal); + personalAttr.addComplexValues(this.getComplexValues()); } return personalAttr; } catch (final CloneNotSupportedException e) { @@ -208,6 +207,18 @@ public final class PersonalAttribute implements Serializable, Cloneable { } } + /** + * Add new value to list of values. + * + * @param attrValue + * The personal attribute value. + */ + public void addValue(final String attrValue) { + if (attrValue != null) { + this.value.add(attrValue); + } + } + /** * Getter for the type value. * @@ -252,6 +263,19 @@ public final class PersonalAttribute implements Serializable, Cloneable { * @return The complex value. */ public Map getComplexValue() { + if (complexValue.size() > 0) { + return complexValue.get(0); + } else { + return new HashMap(); + } + } + + /** + * Getter for the complex values. + * + * @return The complex value. + */ + public List> getComplexValues() { return complexValue; } @@ -263,10 +287,20 @@ public final class PersonalAttribute implements Serializable, Cloneable { */ public void setComplexValue(final Map complexVal) { if (complexVal != null) { - this.complexValue = complexVal; + this.complexValue.add(complexVal); } } + /** + * Setter for the complex values. + * + * @param complexVal + * The personal attribute Complex values. + */ + public void addComplexValues(final List> complexVals) { + this.complexValue.addAll(complexVals); + } + /** * Getter for the personal's friendly name. * @@ -301,7 +335,7 @@ public final class PersonalAttribute implements Serializable, Cloneable { * @return True if the Complex Value is empty; */ public boolean isEmptyComplexValue() { - return complexValue.isEmpty(); + return complexValue.isEmpty() || complexValue.get(0).isEmpty(); } /** @@ -343,4 +377,15 @@ public final class PersonalAttribute implements Serializable, Cloneable { return strBuild.toString(); } + /** + * Empties the Value or ComplexValue field of a PersonalAttribute + */ + public void setEmptyValue() { + if (this.isEmptyValue()) { + this.complexValue = new Vector>(); + } else { + this.value = new ArrayList(); + } + } + } diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java index 8f60bdc0d..233cdebd0 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttributeList.java @@ -13,7 +13,6 @@ */ package eu.stork.peps.auth.commons; -import java.io.Serializable; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; @@ -34,7 +33,7 @@ import org.apache.log4j.Logger; * @see PersonalAttribute */ @SuppressWarnings("PMD") -public final class PersonalAttributeList extends ConcurrentHashMap implements IPersonalAttributeList, Serializable { +public final class PersonalAttributeList extends ConcurrentHashMap implements IPersonalAttributeList { /** * Logger object. @@ -88,10 +87,17 @@ public final class PersonalAttributeList extends ConcurrentHashMap this.attrAliasNumber.get(key).size()) { + index = 0; + } + + attrName = this.attrAliasNumber.get(key).get(index); + this.latestAttrAlias.put((String) key, Integer.valueOf(++index)); } else { if (this.attrAliasNumber.containsKey(key)) { - this.latestAttrAlias.put(attrName, this.attrAliasNumber.get(key)); + this.latestAttrAlias.put((String) key, Integer.valueOf(0)); + attrName = this.attrAliasNumber.get(key).get(0); } } return super.get(attrName); @@ -106,6 +112,13 @@ public final class PersonalAttributeList extends ConcurrentHashMap 4) { + LOG.info("Found attributes with special characters, escaping special characters"); + + if (s.split(reqRegex) == null) { + boolAttr = PEPSValues.FALSE.toString(); + } + + tempBuilder.setLength(0); + tempBuilder.append(AttributeUtil.escape(s.split(reqRegexSeparator)[0])); + tempBuilder.append(PEPSValues.ATTRIBUTE_TUPLE_SEP.toString()); + tempBuilder.append(boolAttr); + tempBuilder.append(PEPSValues.ATTRIBUTE_TUPLE_SEP.toString()); + tempBuilder.append(s.split(reqRegexSeparator)[1]); + + } + + finalAttr.append(tempBuilder.toString()); + finalAttr.append(PEPSValues.ATTRIBUTE_SEP.toString()); + } + return finalAttr.toString(); + } + + /** + * Unescape a string + * + * @see PersonalAttributeList#attrListEncoder + * */ + private String attrListDecoder(String string) { + return AttributeUtil.unescape(string); + } + public void populate(final String attrList) { - final StringTokenizer strToken = new StringTokenizer(attrList, PEPSValues.ATTRIBUTE_SEP.toString()); + + final StringTokenizer strToken = new StringTokenizer(attrListEncoder(attrList), PEPSValues.ATTRIBUTE_SEP.toString()); while (strToken.hasMoreTokens()) { final PersonalAttribute persAttr = new PersonalAttribute(); @@ -163,6 +222,9 @@ public final class PersonalAttributeList extends ConcurrentHashMap getNormalizedPersonalAttributeList() { + List returnAttrList = new ArrayList(); + + if (this.totalAttributeList.isEmpty()) { + this.totalAttributeList = this.attributeList; + } + + for (PersonalAttribute pa : this.totalAttributeList) { + // Get the shortname of the attribute by removing + // the attached assertionId, if there is one and + // put the shortname as the attribute name + pa.setName(pa.getName().split("_")[0]); + // We add it to the return list. + returnAttrList.add(pa); } - return personnalAttributeList; + return returnAttrList; } /** diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java index 6eaa63c5a..82ec6d3b4 100644 --- a/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java +++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/complex/attributes/eu/stork/names/tc/stork/_1_0/assertion/ObjectFactory.java @@ -71,19 +71,19 @@ public class ObjectFactory { } /** - * Create an instance of {@link MandateType } - * + * Create an instance of {@link RequestedAttributeType } + * */ - public MandateType createMandateType() { - return new MandateType(); + public RequestedAttributeType createRequestedAttributeType() { + return new RequestedAttributeType(); } /** - * Create an instance of {@link RequestedAttributeType } - * + * Create an instance of {@link MandateType } + * */ - public RequestedAttributeType createRequestedAttributeType() { - return new RequestedAttributeType(); + public MandateType createMandateType() { + return new MandateType(); } /** diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java index f4d084a79..1dcaf4c95 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java @@ -97,7 +97,14 @@ public class SAMLEngine { /** The Constant SAML_ENGINE_FILE_CONF. */ private static final String SAML_ENGINE_FILE_CONF = "fileConfiguration"; - /** The codification of characters. */ + /** + * Additional trust store for HW signing + */ + private static final String HW_TRUST_STORE_CONF = "softTrustStoreConfig"; + + /** + * The codification of characters. + */ private static final String CHARACTER_ENCODING = "UTF-8"; /** The SAML core. */ diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java index 6a7e1f7c0..7bf5d5ca8 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/STORKSAMLEngine.java @@ -202,8 +202,7 @@ public final class STORKSAMLEngine extends SAMLEngine { try { engine = new STORKSAMLEngine(nameInstance.trim()); } catch (Exception e) { - LOG.error("Error getting instance: " + nameInstance); - e.printStackTrace(); + LOG.error("Error get instance: " + nameInstance); } return engine; } @@ -389,15 +388,9 @@ public final class STORKSAMLEngine extends SAMLEngine { final Subject subject = SAMLEngineUtils.generateSubject(); - // Mandatory STORK verified - // String format = NameID.UNSPECIFIED - // specification: 'SAML:2.0' exist - // opensaml: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" - // opensaml "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" - final String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"; + final String format = super.getSamlCoreProperties().getFormat(); final String nameQualifier = ""; - LOG.debug("Generate NameID"); final NameID nameId = SAMLEngineUtils.generateNameID(super.getSamlCoreProperties().getResponder(), format, nameQualifier); nameId.setValue(format); @@ -1102,7 +1095,6 @@ public final class STORKSAMLEngine extends SAMLEngine { // Validate Parameters mandatories validateParamAttrQueryReq(request); - // final AttributeQuery attrQueryRequestAux = SAMLEngineUtils final CustomAttributeQuery attrQueryRequestAux = SAMLEngineUtils.generateSAMLAttrQueryRequest(SAMLEngineUtils.generateNCName(), SAMLVersion.VERSION_20, SAMLEngineUtils.getCurrentTime()); // Set name spaces. @@ -1930,6 +1922,8 @@ public final class STORKSAMLEngine extends SAMLEngine { citizenCountryCode = (CitizenCountryCode) SAMLEngineUtils.createSamlObject(CitizenCountryCode.DEF_ELEMENT_NAME); citizenCountryCode.setCitizenCountryCode(request.getCitizenCountryCode().toUpperCase()); + + extensions.getUnknownXMLObjects().add(citizenCountryCode); } SPID spid = null; @@ -1938,6 +1932,8 @@ public final class STORKSAMLEngine extends SAMLEngine { spid = (SPID) SAMLEngineUtils.createSamlObject(SPID.DEF_ELEMENT_NAME); spid.setSPID(request.getSPID().toUpperCase()); + + extensions.getUnknownXMLObjects().add(spid); } return extensions; @@ -2493,11 +2489,6 @@ public final class STORKSAMLEngine extends SAMLEngine { throw new STORKSAMLEngineException("StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); } - // Destination of the request - not mandatory - /* - * if (StringUtils.isBlank(request.getDestination())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Destination is mandatory."); } - */ - // SP country is empty if (StringUtils.isBlank(request.getSpCountry())) { throw new STORKSAMLEngineException("StorkSamlEngine: SP country is mandatory."); @@ -2525,12 +2516,7 @@ public final class STORKSAMLEngine extends SAMLEngine { */ private void validateParamLogoutReq(final STORKLogoutRequest request) throws STORKSAMLEngineException { LOG.info("Validate parameters from logout request."); - // URL to which AP Response must be sent. - /* - * if (StringUtils.isBlank(request.get())) { throw new STORKSAMLEngineException( "StorkSamlEngine: Assertion Consumer Service URL it's mandatory."); } - */ - // Destination of the request if (StringUtils.isBlank(request.getDestination())) { throw new STORKSAMLEngineException("StorkSamlEngine: Destination is mandatory."); @@ -2591,9 +2577,9 @@ public final class STORKSAMLEngine extends SAMLEngine { throw new STORKSAMLEngineException("Issuer must be not empty or null."); } - if (responseAuthReq.getPersonalAttributeList() == null || responseAuthReq.getPersonalAttributeList().isEmpty()) { - LOG.error("PersonalAttributeList is null or empty."); - throw new STORKSAMLEngineException("PersonalAttributeList is null or empty."); + if (responseAuthReq.getPersonalAttributeList() == null) { + LOG.error("PersonalAttributeList is null."); + throw new STORKSAMLEngineException("PersonalAttributeList is null."); } if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { @@ -2627,10 +2613,6 @@ public final class STORKSAMLEngine extends SAMLEngine { throw new STORKSAMLEngineException("PersonalAttributeList is null or empty."); } - /* - * if (StringUtils.isBlank(request.getAssertionConsumerServiceURL())) { throw new STORKSAMLEngineException( "assertionConsumerServiceURL is null or empty."); } - */ - if (StringUtils.isBlank(request.getSamlId())) { throw new STORKSAMLEngineException("request ID is null or empty."); } @@ -2840,7 +2822,6 @@ public final class STORKSAMLEngine extends SAMLEngine { attrRequest.setDestination(samlRequest.getDestination()); attrRequest.setAssertionConsumerServiceURL(samlRequest.getAssertionConsumerServiceURL()); - /* authnRequest.setProviderName(samlRequest.getProviderName()); */ attrRequest.setIssuer(samlRequest.getIssuer().getValue()); // Delete unknown elements from requested ones @@ -2881,13 +2862,15 @@ public final class STORKSAMLEngine extends SAMLEngine { final LogoutRequest samlRequest = (LogoutRequest) validateStorkSaml(tokenSaml); - LOG.debug("Validate Extensions."); - final Validator validatorExt = new ExtensionsSchemaValidator(); - try { - validatorExt.validate(samlRequest.getExtensions()); - } catch (ValidationException e) { - LOG.error("ValidationException: validate Extensions.", e); - throw new STORKSAMLEngineException(e); + if (samlRequest.getExtensions() != null) { + LOG.debug("Validate Extensions."); + final Validator validatorExt = new ExtensionsSchemaValidator(); + try { + validatorExt.validate(samlRequest.getExtensions()); + } catch (ValidationException e) { + LOG.error("ValidationException: validate Extensions.", e); + throw new STORKSAMLEngineException(e); + } } LOG.debug("Generate STORKLogoutRequest."); @@ -2908,6 +2891,43 @@ public final class STORKSAMLEngine extends SAMLEngine { } + /** + * Validate stork logout response. + * + * @param tokenSaml + * The SAML token + * + * @return the STORK logout response + * + * @throws STORKSAMLEngineException + * the STORKSAML engine exception + */ + public STORKLogoutResponse validateSTORKLogoutResponse(final byte[] tokenSaml) throws STORKSAMLEngineException { + + LOG.info("validate STORK Logout Response"); + + final LogoutResponse samlRes = (LogoutResponse) validateStorkSaml(tokenSaml); + + LOG.debug("Generate STORKLogoutResponse."); + final STORKLogoutResponse logoutRes = new STORKLogoutResponse(); + + try { + logoutRes.setTokenSaml(super.signAndMarshall(samlRes)); + } catch (SAMLEngineException e) { + LOG.error("Sign and Marshall.", e); + throw new STORKSAMLEngineException(e); + } + + logoutRes.setAlias(this.getAlias(samlRes.getSignature().getKeyInfo(), super.getSigner().getTrustStore())); + logoutRes.setSamlId(samlRes.getID()); + logoutRes.setDestination(samlRes.getDestination()); + logoutRes.setIssuer(samlRes.getIssuer().getValue()); + logoutRes.setStatusCode(samlRes.getStatus().getStatusCode().getValue().toString()); + logoutRes.setStatusMessage(samlRes.getStatus().getStatusMessage().getMessage().toString()); + logoutRes.setInResponseTo(samlRes.getInResponseTo()); + return logoutRes; + } + /** * Validate stork authentication response. * @@ -3060,16 +3080,15 @@ public final class STORKSAMLEngine extends SAMLEngine { authnResponse.setAssertions(samlResponse.getAssertions()); if (samlResponse.getAssertions().size() > 1) { PersonalAttributeList total = new PersonalAttributeList(); - List attrList = new ArrayList(); + List attrList = new ArrayList(); for (int i = 0; i < samlResponse.getAssertions().size(); i++) { Assertion tempAssertion = (Assertion) samlResponse.getAssertions().get(i); IPersonalAttributeList temp = generatePersonalAttributeList(tempAssertion); if (temp != null) { attrList.add(temp); - for (PersonalAttribute attribute : temp) { - PersonalAttribute attr = (PersonalAttribute) attribute.clone(); - attr.setName(attr.getName() + tempAssertion.getID()); - total.add(attr); + for (PersonalAttribute attribute : (IPersonalAttributeList) temp.clone()) { + attribute.setName(attribute.getName() + tempAssertion.getID()); + total.add(attribute); } } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java index 175084048..73d7e4f62 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/X509PrincipalUtil.java @@ -25,7 +25,7 @@ public final class X509PrincipalUtil { * @param principal2 * @return true if arguments are not null and equals */ - public static boolean equals(X509Principal principal1, X509Principal principal2) { + public static boolean X509equals(X509Principal principal1, X509Principal principal2) { boolean continueProcess = true; if (principal1 == null || principal2 == null) { return false; diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java index 922e7e61e..16b9afd18 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/SAMLCore.java @@ -55,6 +55,9 @@ public enum SAMLCore { /** The RESPONDE r_ tag. */ RESPONDER_TAG("responder"), + + /** The format r_tag. */ + FORMAT_TAG("format"), /** The STOR k10_ ns. */ STORK10_NS("urn:eu:stork:names:tc:STORK:1.0:assertion"), diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java index 13d2f0af4..2a548ca6f 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/STORKSAMLCore.java @@ -73,7 +73,11 @@ public final class STORKSAMLCore { /** The responder. */ private String responder = null; - /** The SAML core properties. */ + private String format = null; + + /** + * The SAML core properties. + */ private Properties samlCoreProp = null; /** The time not on or after. */ @@ -188,6 +192,15 @@ public final class STORKSAMLCore { return responder; } + /** + * return the format string. + * + * @return + */ + public String getFormat() { + return this.format; + } + /** * Gets the time not on or after. * @@ -330,6 +343,8 @@ public final class STORKSAMLCore { requester = samlCoreProp.getProperty(SAMLCore.REQUESTER_TAG.getValue()); responder = samlCoreProp.getProperty(SAMLCore.RESPONDER_TAG.getValue()); + format = samlCoreProp.getProperty(SAMLCore.FORMAT_TAG.getValue(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"); + } catch (SAMLEngineException e) { LOGGER.error("SAMLCore: error loadConfiguration. ", e); throw new STORKSAMLEngineRuntimeException(e); @@ -491,6 +506,15 @@ public final class STORKSAMLCore { this.responder = newResponder; } + /** + * Sets the format string + * + * @param newFormat + */ + public void setFormat(final String newFormat) { + this.format = newFormat; + } + /** * Sets the time not on or after. * diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java index 907b9bf68..9f602aba1 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/AuthenticationAttributesImpl.java @@ -102,9 +102,4 @@ public final class AuthenticationAttributesImpl extends AbstractSignableSAMLObje vIDPAuthenAttr = prepareForAssignment(this.vIDPAuthenAttr, newVIDPAuthenAttr); } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java index 003d56b46..aa4c725f1 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/CitizenCountryCodeImpl.java @@ -77,9 +77,4 @@ public class CitizenCountryCodeImpl extends AbstractSAMLObject implements Citize return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java index b5d194c7f..13cc3d287 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossBorderShareImpl.java @@ -77,9 +77,4 @@ public class EIDCrossBorderShareImpl extends AbstractSAMLObject implements EIDCr return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } -} \ No newline at end of file +} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java index f2762e327..2e3f6ab7e 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/EIDCrossSectorShareImpl.java @@ -78,9 +78,4 @@ public class EIDCrossSectorShareImpl extends AbstractSAMLObject implements EIDCr return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } -} \ No newline at end of file +} diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java index 423cf8b25..e74ce1fec 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/QAAAttributeImpl.java @@ -77,9 +77,4 @@ public class QAAAttributeImpl extends AbstractSAMLObject implements QAAAttribute return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java index e7ac7213b..2537d3794 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/RequestedAttributeImpl.java @@ -213,9 +213,4 @@ public class RequestedAttributeImpl extends AbstractSAMLObject implements Reques this.unknownAttributes = newUnknownAttr; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java index 276697d6a..7f09d611f 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPApplicationImpl.java @@ -77,9 +77,4 @@ public class SPApplicationImpl extends AbstractSAMLObject implements SPApplicati return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java index 404a90079..ea9085867 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPCountryImpl.java @@ -77,9 +77,4 @@ public class SPCountryImpl extends AbstractSAMLObject implements SPCountry { return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java index cea51a5a8..03dea20ed 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPIDImpl.java @@ -77,9 +77,4 @@ public class SPIDImpl extends AbstractSAMLObject implements SPID { return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java index 4089f0862..41b3d8998 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInformationImpl.java @@ -101,9 +101,4 @@ public final class SPInformationImpl extends AbstractSignableSAMLObject implemen this.spId = prepareForAssignment(this.spId, newSPId); } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java index 054481744..ed0a75f35 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SPInstitutionImpl.java @@ -77,9 +77,4 @@ public class SPInstitutionImpl extends AbstractSAMLObject implements SPInstituti return null; } - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java index 6e23d7f24..1cd5fb761 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignHW.java @@ -72,6 +72,7 @@ import eu.stork.peps.exceptions.SAMLEngineException; * The Class HWSign. Module of sign. * * @author fjquevedo + * @author advania */ public final class SignHW implements SAMLEngineSignI { @@ -79,14 +80,19 @@ public final class SignHW implements SAMLEngineSignI { private static final String CONF_FILE = "configurationFile"; /** - * The Constant KEYSTORE_TYPE. private static final String KEYSTORE_TYPE = "keystoreType" + * The Constant KEYSTORE_TYPE. */ + private static final String KEYSTORE_TYPE = "keystoreType"; /** The logger. */ private static final Logger LOG = LoggerFactory.getLogger(SignHW.class.getName()); /** The stork own key store. */ private KeyStore storkOwnKeyStore = null; + /** + * The soft trust key store. + */ + private SignSW swTrustStore = null; /** * Gets the stork own key store. @@ -160,6 +166,12 @@ public final class SignHW implements SAMLEngineSignI { throw new SAMLEngineException(e); } finally { IOUtils.closeQuietly(inputStr); + /** + * Init the soft keystore to validate with. trustStoreConfig is read from the SignModule config file and should refer to the keystore containing trusted certificates. + */ + swTrustStore = new SignSW(); + swTrustStore.init(properties.getProperty("trustStoreConfig")); + swTrustStore.loadCryptServiceProvider(); } } @@ -204,7 +216,7 @@ public final class SignHW implements SAMLEngineSignI { X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); X509Principal issuerDNConf = new X509Principal(issuer); - if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) { + if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) { alias = aliasCert; find = true; } @@ -339,56 +351,14 @@ public final class SignHW implements SAMLEngineSignI { * exception in validate signature */ public SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException { - LOG.info("Start signature validation."); + LOG.info("Start signature validation HW."); + /* + * we are using the soft signature class to validate the signatures. This way we use the same key store code and validation that is used there. + */ try { - - // Validate structure signature - final SAMLSignatureProfileValidator signProfValidator = new SAMLSignatureProfileValidator(); - - // Indicates signature id conform to SAML Signature profile - signProfValidator.validate(tokenSaml.getSignature()); - - String aliasCert; - X509Certificate certificate; - - final List trustedCred = new ArrayList(); - - for (final Enumeration e = storkOwnKeyStore.aliases(); e.hasMoreElements();) { - aliasCert = e.nextElement(); - final BasicX509Credential credential = new BasicX509Credential(); - certificate = (X509Certificate) storkOwnKeyStore.getCertificate(aliasCert); - credential.setEntityCertificate(certificate); - trustedCred.add(credential); - } - - final KeyInfo keyInfo = tokenSaml.getSignature().getKeyInfo(); - final List listCertificates = KeyInfoHelper.getCertificates(keyInfo); - - if (listCertificates.size() != 1) { - throw new SAMLEngineException("Only must be one certificate"); - } - - // Exist only one certificate - final BasicX509Credential entityX509Cred = new BasicX509Credential(); - entityX509Cred.setEntityCertificate(listCertificates.get(0)); - - final ExplicitKeyTrustEvaluator keyTrustEvaluator = new ExplicitKeyTrustEvaluator(); - if (!keyTrustEvaluator.validate(entityX509Cred, trustedCred)) { - throw new SAMLEngineException("Certificate it is not trusted."); - } - - final SignatureValidator sigValidator = new SignatureValidator(entityX509Cred); - - sigValidator.validate(tokenSaml.getSignature()); - - } catch (final ValidationException e) { - LOG.error("ValidationException.", e); - throw new SAMLEngineException(e); - } catch (final KeyStoreException e) { - LOG.error("ValidationException.", e); - throw new SAMLEngineException(e); - } catch (final CertificateException e) { - LOG.error("CertificateException.", e); + swTrustStore.validateSignature(tokenSaml); + } catch (Exception e) { + LOG.error("SW ValidationException.", e); throw new SAMLEngineException(e); } return tokenSaml; @@ -408,6 +378,12 @@ public final class SignHW implements SAMLEngineSignI { try { inputStream = SignHW.class.getResourceAsStream("/" + properties.getProperty(CONF_FILE)); + final Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(inputStream); + if (Security.getProperty(pkcs11Provider.getName()) == null) { + Security.insertProviderAt(pkcs11Provider, Security.getProviders().length); + } + + storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE), pkcs11Provider); } catch (final Exception e) { throw new SAMLEngineException("Error loading CryptographicServiceProvider", e); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java index c91f11444..d5f01a4cc 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java @@ -41,6 +41,7 @@ import eu.stork.peps.auth.engine.X509PrincipalUtil; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.NotImplementedException; import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.opensaml.Configuration; import org.opensaml.common.SAMLObject; import org.opensaml.common.SignableSAMLObject; @@ -166,25 +167,25 @@ public final class SignP12 implements SAMLEngineSignI { properties = new Properties(); try { try { - LOG.debug("Fichero a cargar " + fileConf); + LOG.debug("Loading " + fileConf); fileProperties = new FileInputStream(fileConf); properties.loadFromXML(fileProperties); } catch (Exception e) { - LOG.error("Fallo al cargar el recurso externo. Se reintenta como fichero interno."); + LOG.error("Failed to load external resource. Retrieving internal file."); fileProperties = SignP12.class.getResourceAsStream("/" + fileConf); if (fileProperties == null) { fileProperties = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileConf); if (fileProperties == null) { Enumeration files = ClassLoader.getSystemClassLoader().getResources(fileConf); if (files != null && files.hasMoreElements()) { - LOG.info("Se han encontrado recurso/s. Se toma el primero."); + LOG.info("Found /s."); fileProperties = ClassLoader.getSystemClassLoader().getResourceAsStream(files.nextElement().getFile()); } else { - throw new IOException("No se pudo recuperar el fichero: " + fileConf, e); + throw new IOException("Could not load file: " + fileConf, e); } } } - LOG.debug("Recuperados " + fileProperties.available() + " bytes"); + LOG.debug("Recovered " + fileProperties.available() + " bytes"); properties.loadFromXML(fileProperties); } } catch (InvalidPropertiesFormatException e) { @@ -243,7 +244,7 @@ public final class SignP12 implements SAMLEngineSignI { X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); X509Principal issuerDNConf = new X509Principal(issuer); - if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) { + if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) { alias = aliasCert; find = true; } @@ -455,23 +456,21 @@ public final class SignP12 implements SAMLEngineSignI { FileInputStream fisTrustStore = null; try { - // // Dynamically register Bouncy Castle provider. - // boolean found = false; - // // Check if BouncyCastle is already registered as a provider - // final Provider[] providers = Security.getProviders(); - // for (int i = 0; i < providers.length; i++) { - // if (providers[i].getName().equals( - // BouncyCastleProvider.PROVIDER_NAME)) { - // found = true; - // } - // } - // - // // Register only if the provider has not been previously registered - // if (!found) { - // LOG.debug("SAMLCore: Register Bouncy Castle provider."); - // Security.insertProviderAt(new BouncyCastleProvider(), Security - // .getProviders().length); - // } + // Dynamically register Bouncy Castle provider. + boolean found = false; + // Check if BouncyCastle is already registered as a provider + final Provider[] providers = Security.getProviders(); + for (int i = 0; i < providers.length; i++) { + if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) { + found = true; + } + } + + // Register only if the provider has not been previously registered + if (!found) { + LOG.debug("SAMLCore: Register Bouncy Castle provider."); + Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length); + } p12Store = KeyStore.getInstance(properties.getProperty("keystoreType")); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java index e1ae2b8e2..1ca857e9e 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java @@ -12,17 +12,34 @@ * Licence for the specific language governing permissions and limitations under * the Licence. */ - package eu.stork.peps.auth.engine.core.impl; -import eu.stork.peps.auth.engine.X509PrincipalUtil; -import eu.stork.peps.auth.engine.core.CustomAttributeQuery; -import eu.stork.peps.auth.engine.core.SAMLEngineSignI; -import eu.stork.peps.exceptions.SAMLEngineException; +import java.io.ByteArrayInputStream; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.Security; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.InvalidPropertiesFormatException; +import java.util.List; +import java.util.Properties; + import org.apache.commons.io.IOUtils; import org.apache.commons.lang.NotImplementedException; import org.bouncycastle.jce.X509Principal; -//import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.opensaml.Configuration; import org.opensaml.common.SAMLObject; import org.opensaml.common.SignableSAMLObject; @@ -41,25 +58,22 @@ import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager; import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator; import org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEvaluator; import org.opensaml.xml.security.x509.BasicX509Credential; -import org.opensaml.xml.signature.*; +import org.opensaml.xml.signature.KeyInfo; import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.SignatureValidator; import org.opensaml.xml.signature.Signer; import org.opensaml.xml.util.Base64; import org.opensaml.xml.validation.ValidationException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.*; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.*; +import eu.stork.peps.auth.engine.X509PrincipalUtil; +import eu.stork.peps.auth.engine.core.CustomAttributeQuery; +import eu.stork.peps.auth.engine.core.SAMLEngineSignI; +import eu.stork.peps.exceptions.SAMLEngineException; + /** * The Class SWSign. Class responsible for signing and validating of messages SAML with a certificate store software. @@ -215,16 +229,12 @@ public class SignSW implements SAMLEngineSignI { final String serialNum = certificate.getSerialNumber().toString(16); - try { - X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); - X509Principal issuerDNConf = new X509Principal(issuer); + X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); + X509Principal issuerDNConf = new X509Principal(issuer); - if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) { - alias = aliasCert; - find = true; - } - } catch (Exception ex) { - LOG.error("Exception during signing: " + ex.getMessage()); // Added as a workaround for Bouncycastle email error + if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) { + alias = aliasCert; + find = true; } } if (!find) { @@ -344,7 +354,7 @@ public class SignSW implements SAMLEngineSignI { * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(org.opensaml.common.SignableSAMLObject) */ public final SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException { - LOG.info("Start signature validation."); + LOG.info("Start signature validation SW."); try { // Validate structure signature @@ -440,23 +450,21 @@ public class SignSW implements SAMLEngineSignI { LOG.info("Load Cryptographic Service Provider"); FileInputStream fis = null; try { - // // Dynamically register Bouncy Castle provider. - // boolean found = false; - // // Check if BouncyCastle is already registered as a provider - // final Provider[] providers = Security.getProviders(); - // for (int i = 0; i < providers.length; i++) { - // if (providers[i].getName().equals( - // BouncyCastleProvider.PROVIDER_NAME)) { - // found = true; - // } - // } - // - // // Register only if the provider has not been previously registered - // if (!found) { - // LOG.info("SAMLCore: Register Bouncy Castle provider."); - // Security.insertProviderAt(new BouncyCastleProvider(), Security - // .getProviders().length); - // } + // Dynamically register Bouncy Castle provider. + boolean found = false; + // Check if BouncyCastle is already registered as a provider + final Provider[] providers = Security.getProviders(); + for (int i = 0; i < providers.length; i++) { + if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) { + found = true; + } + } + + // Register only if the provider has not been previously registered + if (!found) { + LOG.info("SAMLCore: Register Bouncy Castle provider."); + Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length); + } storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE)); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java index d7d92ea74..bfb85e357 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/VIDPAuthenticationAttributesImpl.java @@ -125,10 +125,4 @@ public final class VIDPAuthenticationAttributesImpl extends AbstractSignableSAML public void setSPInformation(SPInformation newSPInformation) { this.spInformation = prepareForAssignment(this.spInformation, newSPInformation); } - - @Override - public int hashCode() { - LOGGER.warn("Hashcode has been called, passed to super. Nothing foreseen here"); - return super.hashCode(); - } } diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java index bf7626dc5..04ff153d3 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java @@ -54,8 +54,12 @@ public class QAAAttributeSchemaValidator implements Validator { if (DatatypeHelper.isEmpty(qaaAttribute.getQaaLevel())) { throw new ValidationException("QAALevel label must be specified."); } - - final int qaa = Integer.valueOf(qaaAttribute.getQaaLevel()); + int qaa = 0; + try { + qaa = Integer.valueOf(qaaAttribute.getQaaLevel()); + } catch (Exception e) { + throw new ValidationException("QAALevel is not a valid number!"); + } if (qaa < QAAAttribute.MIN_VALUE || qaa > QAAAttribute.MAX_VALUE) { throw new ValidationException("QAALevel label must be greater than 0."); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java index 6e76c52a6..c0197b9db 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/configuration/ConfigurationCreator.java @@ -12,15 +12,8 @@ * Licence for the specific language governing permissions and limitations under * the Licence. */ - package eu.stork.peps.configuration; -import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.commons.io.IOUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.util.HashMap; @@ -28,6 +21,12 @@ import java.util.InvalidPropertiesFormatException; import java.util.Map; import java.util.Properties; +import org.apache.commons.io.IOUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import eu.stork.peps.exceptions.STORKSAMLEngineException; + /** * The Class InstanceCreator. * @@ -90,6 +89,7 @@ public final class ConfigurationCreator { * the STORKSAML engine runtime exception */ private static Properties getNewInstance(final String fileName) throws STORKSAMLEngineException { + LOGGER.info("Create file configuration properties to Stork Saml Engine: " + fileName); InputStream fileEngineProp = null; // fetch base from system properties, give a default if there is nothing configured @@ -115,10 +115,10 @@ public final class ConfigurationCreator { configuration.loadFromXML(fileEngineProp); return configuration; } catch (InvalidPropertiesFormatException e) { - LOGGER.error("Invalid properties format."); + LOGGER.error("Invalid properties format: " + fileName); throw new STORKSAMLEngineException(e); } catch (IOException e) { - LOGGER.error("Error read file: " + base + fileName); + LOGGER.error("Error read file: " + fileName); throw new STORKSAMLEngineException(e); } finally { IOUtils.closeQuietly(fileEngineProp); diff --git a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java index 502e0e461..4f22df7fb 100644 --- a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java +++ b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java @@ -59,6 +59,18 @@ public class StorkAttrQueryRequestTest { givenName.setValue(Arrays.asList("Sveinbjorn")); pal.add(givenName); + final PersonalAttribute fiscalNumber = new PersonalAttribute(); + fiscalNumber.setName("fiscalNumber"); + fiscalNumber.setIsRequired(true); + fiscalNumber.setValue(Arrays.asList("fiscalNumber")); + pal.add(fiscalNumber); + + final PersonalAttribute LPFiscalNumber = new PersonalAttribute(); + LPFiscalNumber.setName("LPFiscalNumber"); + LPFiscalNumber.setIsRequired(true); + LPFiscalNumber.setValue(Arrays.asList("LPFiscalNumber")); + pal.add(LPFiscalNumber); + destination = "http://A-PEPS.gov.xx/PEPS/AttributeColleagueRequest"; assertConsumerUrl = "http://S-PEPS.gov.xx/PEPS/ColleagueResponse"; // spName = "University of Oxford"; diff --git a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java index beca213ac..d476ad26e 100644 --- a/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java +++ b/id/server/stork2-saml-engine/src/test/java/eu/stork/peps/test/simple/StorkAuthRequestTest.java @@ -21,15 +21,12 @@ import java.util.ArrayList; import org.junit.Ignore; import org.junit.Test; - import org.opensaml.xml.parse.BasicParserPool; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnRequest; +import eu.stork.peps.*; +import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -68,6 +65,11 @@ public class StorkAuthRequestTest { eIDNumber.setIsRequired(true); pal.add(eIDNumber); + final PersonalAttribute LPFiscalNumber = new PersonalAttribute(); + LPFiscalNumber.setName("LPFiscalNumber"); + LPFiscalNumber.setIsRequired(true); + pal.add(LPFiscalNumber); + destination = "http://C-PEPS.gov.xx/PEPS/ColleagueRequest"; assertConsumerUrl = "http://S-PEPS.gov.xx/PEPS/ColleagueResponse"; diff --git a/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml b/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml index 171e05f12..fadef82b2 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SamlEngine.xml @@ -1,67 +1,85 @@ - - - - - - + + + + + + - - - - - - - - + + + + + + + + + - - - - - - - + + + + + + + - - - - - - - - + + + + + + + + - + - - - - + + + + - - - - - + + + + + - + - - - - + + + + - - - - - + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml index abb071044..295258bb2 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf0.xml @@ -1,17 +1,21 @@ - + - SWModule sign with JKS. - C:\opt\keystores\storkDemoKeysTest.jks - local-demo - local-demo - CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES - 4BA89DB2 - JKS + SWModule sign with JKS. + C:\opt\keystores\storkDemoKeysTest.jks + local-demo + local-demo + CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES + 4BA89DB2 + JKS \ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml index e556a7331..ffd41cb61 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf1.xml @@ -2,11 +2,11 @@ - SWModule sign with JKS. - C:\opt\keystores\storkDemoKeysTest.jks - local-demo - local-demo - CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES - 4BA89DB2 - JKS + SWModule sign with JKS. + C:\opt\keystores\storkDemoKeysTest.jks + local-demo + local-demo + CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES + 4BA89DB2 + JKS \ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml index 3da1e33df..21b73d49d 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf2.xml @@ -2,11 +2,11 @@ - SWModule sign with JKS. - C:\opt\keystores\keyStoreCountry2.jks - local-demo - local-demo - CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES - 4BA89DB2 - JKS + SWModule sign with JKS. + C:\opt\keystores\keyStoreCountry2.jks + local-demo + local-demo + CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES + 4BA89DB2 + JKS \ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml index 4c14a1711..f9ebc85cc 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_Conf3.xml @@ -2,11 +2,11 @@ - SWModule sign with JKS. - C:\opt\keystores\keyStoreCountry3.jks - local-demo - local-demo - CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES - 4BA89DB2 - JKS + SWModule sign with JKS. + C:\opt\keystores\keyStoreCountry3.jks + local-demo + local-demo + CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES + 4BA89DB2 + JKS \ No newline at end of file diff --git a/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml b/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml index c683d97c3..0e95da1f2 100644 --- a/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml +++ b/id/server/stork2-saml-engine/src/test/resources/SignModule_P11.xml @@ -2,10 +2,11 @@ - HWModule sign with interface PKCS11. - p11Config.cfg - ******* - CN=XXXXXXXXX - xxxxxxxxxxxxxx - PKCS11 + HWModule sign with interface PKCS11. + p11Conf.cfg + 12345 + CN=Test Certificate + 147d4b07db8 + PKCS11 + SignModule_Conf0.xml \ No newline at end of file -- cgit v1.2.3