From 5624eaf5d2f0305f92eb376cf5e4362da0f07e3a Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 14 Jan 2014 14:11:10 +0100 Subject: cleanup --- .../moa/id/auth/AuthenticationServer.java | 20 +-- .../moa/id/auth/data/AuthenticationSession.java | 2 + .../id/auth/stork/STORKAuthnRequestProcessor.java | 165 --------------------- .../id/config/auth/AuthConfigurationProvider.java | 6 +- 4 files changed, 6 insertions(+), 187 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index b30720501..3857cd15c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -29,17 +29,13 @@ import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; import java.io.ByteArrayInputStream; -import java.io.CharArrayWriter; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; -import java.net.HttpURLConnection; -import java.net.URL; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.cert.CertificateException; //import java.security.cert.CertificateFactory; -import java.util.ArrayList; import java.util.Calendar; import java.util.Date; import java.util.Iterator; @@ -58,14 +54,6 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.xpath.XPathAPI; -import org.opensaml.Configuration; -import org.opensaml.common.SAMLObjectBuilder; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.Endpoint; -import org.opensaml.ws.transport.http.HTTPOutTransport; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; import org.springframework.util.xml.DomUtils; @@ -104,7 +92,6 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; -import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; @@ -1860,16 +1847,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { for (OAStorkAttribute logReqAttr : attributesFromConfig) Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory()); } - - + //TODO: check Target in case of SSO!! String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; String spCountry = "AT"; - - String textToBeSigned = - CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession); //generate AuthnRquest STORKAuthnRequest authnRequest = new STORKAuthnRequest(); @@ -1931,7 +1914,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Preparing to send STORK AuthnRequest."); Logger.info("prepared STORKAuthnRequest: "); Logger.info(new String(authnRequest.getTokenSaml())); -// SAMLRequest = PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml()); try { Logger.trace("Initialize VelocityEngine..."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 43ba83f91..4a7676ec8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -26,6 +26,8 @@ import java.util.Vector; import org.w3c.dom.Element; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java deleted file mode 100644 index e5c55d038..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java +++ /dev/null @@ -1,165 +0,0 @@ -/** - * - */ -package at.gv.egovernment.moa.id.auth.stork; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.app.VelocityEngine; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.Endpoint; -import org.opensaml.ws.transport.http.HTTPOutTransport; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.security.credential.Credential; - -import at.gv.egovernment.moa.logging.Logger; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.exception.SAMLException; -import eu.stork.vidp.messages.exception.SAMLValidationException; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; -import eu.stork.vidp.messages.util.SAMLUtil; - -/** - * Class handling all necessary functionality for STORK AuthnRequest processing - * - * @author bzwattendorfer - * - */ -public class STORKAuthnRequestProcessor { - - /** - * Creates a STORK AuthnRequest - * @param destination Destination URL - * @param acsURL Assertion Consumer Service URL - * @param providerName SP Provider Name - * @param issuerValue Issuer Name - * @param qaaLevel STORK QAALevel to be requested - * @param requestedAttributes Requested Attributes to be requested - * @param spSector Sp Sector - * @param spInstitution SP Institution - * @param spApplication SP Application - * @param spCountry SP Country - * @param textToBeSigned text to be included in signedDoc element - * @param mimeType mimeType for the text to be signed in signedDoc - * @return STORK AuthnRequest - */ - public static STORKAuthnRequest generateSTORKAuthnRequest( - String destination, - String acsURL, - String providerName, - String issuerValue, - QualityAuthenticationAssuranceLevel qaaLevel, - RequestedAttributes requestedAttributes, - String spSector, - String spInstitution, - String spApplication, - String spCountry, - String textToBeSigned, - String mimeType) { - - - STORKAuthnRequest storkAuthnRequest = - STORKMessagesBuilder.buildSTORKAuthnRequest( - destination, - acsURL, - providerName, - issuerValue, - qaaLevel, - requestedAttributes, - spSector, - spInstitution, - spApplication, - spCountry); - - STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true); - - Logger.debug("Added signedDoc attribute to STORK AuthnRequest"); - - return storkAuthnRequest; - - } - - /** - * Signs a STORK AuthnRequest - * @param storkAuthnRequest STORK AuthRequest to sign - * @param keyStorePath KeyStorePath to the signing key - * @param keyStorePassword KeyStore Password - * @param keyName Signing key name - * @param keyPassword Signing key password - * @return Signed STORK AuthnRequest - * @throws SAMLException - */ - public static STORKAuthnRequest signSTORKAuthnRequest( - STORKAuthnRequest storkAuthnRequest, - String keyStorePath, - String keyStorePassword, - String keyName, - String keyPassword) throws SAMLException { - - Logger.trace("Building Credential Provider for signing process"); - - CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword); - - Credential credential = credentialProvider.getCredential(); - - Logger.trace("Credentials found"); - - SAMLUtil.signSAMLObject(storkAuthnRequest, credential); - - return storkAuthnRequest; - } - - /** - * Validates a STORK AuthnRequest - * @param storkAuthnRequest STORK AuthnRequest to validate - * @throws SAMLValidationException - */ - public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException { - - SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator"); - - } - - /** - * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest) - * @param request HttpServletRequest - * @param response HttpServletResponse - * @param storkAuthnRequest STORK AuthnRequest to send - * @throws Exception - */ - public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception { - - Logger.trace("Create endpoint..."); - Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME); - endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - endpoint.setLocation(storkAuthnRequest.getDestination()); - - - Logger.trace("Prepare SAMLMessageContext..."); - HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure()); - BasicSAMLMessageContext samlMessageContext = new BasicSAMLMessageContext(); - samlMessageContext.setOutboundMessageTransport(outTransport); - samlMessageContext.setPeerEntityEndpoint(endpoint); - - Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext..."); - samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest); - - Logger.trace("Initialize VelocityEngine..."); - - VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); - -// HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm"); - HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm"); - - Logger.trace("HTTP-Post encode SAMLMessageContext..."); - encoder.encode(samlMessageContext); - } - - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index f44f21db9..aa97c548a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -338,9 +338,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //Initialize OpenSAML for STORK - Logger.info("Starting initialization of OpenSAML..."); - STORKBootstrap.bootstrap(); - Logger.debug("OpenSAML successfully initialized"); +// Logger.info("Starting initialization of OpenSAML..."); +// STORKBootstrap.bootstrap(); +// Logger.debug("OpenSAML successfully initialized"); String legacyconfig = props.getProperty("configuration.xml.legacy"); -- cgit v1.2.3