From 5337175cc7c9399f0018574c52c00e1dc504e938 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Lindstr=C3=B6m?= Date: Fri, 29 Sep 2023 17:47:34 +0200 Subject: [PATCH] IS-24 Port to OpenSAML5 --- pom.xml | 179 ++++---- .../opensaml/sweid/LibraryVersion.java | 47 ++ .../config/XMLObjectProviderInitializer.java | 5 +- .../saml2/attribute/AttributeConstants.java | 150 ++++--- .../attribute/AttributeSetConstants.java | 94 ++-- .../saml2/attribute/AttributeSetImpl.java | 83 ++-- .../AttributesValidationException.java | 23 +- .../saml2/authn/LevelOfAssuranceUris.java | 27 +- .../sweid/saml2/authn/psc/MatchValue.java | 20 +- .../saml2/authn/psc/PrincipalSelection.java | 10 +- .../sweid/saml2/authn/psc/PscConstants.java | 10 +- .../psc/RequestedPrincipalSelection.java | 8 +- .../authn/psc/build/MatchValueBuilder.java | 21 +- .../psc/build/PrincipalSelectionBuilder.java | 16 +- .../RequestedPrincipalSelectionBuilder.java | 16 +- .../authn/psc/impl/MatchValueBuilder.java | 6 +- .../saml2/authn/psc/impl/MatchValueImpl.java | 23 +- .../authn/psc/impl/MatchValueMarshaller.java | 6 +- .../psc/impl/MatchValueUnmarshaller.java | 8 +- .../psc/impl/PrincipalSelectionBuilder.java | 11 +- .../psc/impl/PrincipalSelectionImpl.java | 24 +- .../impl/PrincipalSelectionMarshaller.java | 4 +- .../impl/PrincipalSelectionUnmarshaller.java | 7 +- .../RequestedPrincipalSelectionBuilder.java | 11 +- .../impl/RequestedPrincipalSelectionImpl.java | 18 +- .../SwedishEidDiscoveryMatchingRules.java | 107 +++-- .../entitycategory/EntityCategory.java | 8 +- .../EntityCategoryConstants.java | 99 ++-- .../entitycategory/EntityCategoryImpl.java | 26 +- .../EntityCategoryRegistry.java | 15 +- .../EntityCategoryRegistryImpl.java | 17 +- .../entitycategory/EntityCategoryType.java | 27 +- .../entitycategory/ServiceEntityCategory.java | 12 +- .../ServiceEntityCategoryImpl.java | 28 +- .../SwedishEidAuthnRequestGenerator.java | 52 +-- ...wedishEidAuthnRequestGeneratorContext.java | 8 +- .../sweid/saml2/signservice/SADParser.java | 42 +- .../signservice/SADValidationException.java | 43 +- .../signservice/SignMessageDecrypter.java | 56 +-- .../signservice/SignMessageDigestIssuer.java | 26 +- .../signservice/SignMessageEncrypter.java | 49 +- .../signservice/build/SADRequestBuilder.java | 60 ++- .../signservice/build/SignMessageBuilder.java | 26 +- .../dss/DssExtensionsConstants.java | 12 +- .../signservice/dss/EncryptedMessage.java | 8 +- .../sweid/saml2/signservice/dss/Message.java | 21 +- .../saml2/signservice/dss/SignMessage.java | 66 ++- .../dss/SignMessageMimeTypeEnum.java | 16 +- .../dss/impl/EncryptedMessageBuilder.java | 8 +- .../dss/impl/EncryptedMessageImpl.java | 20 +- .../signservice/dss/impl/MessageBuilder.java | 4 +- .../signservice/dss/impl/MessageImpl.java | 23 +- .../dss/impl/SignMessageBuilder.java | 8 +- .../signservice/dss/impl/SignMessageImpl.java | 17 +- .../dss/impl/SignMessageMarshaller.java | 15 +- .../dss/impl/SignMessageUnmarshaller.java | 4 +- .../saml2/signservice/sap/Parameter.java | 17 +- .../saml2/signservice/sap/RequestParams.java | 6 +- .../sweid/saml2/signservice/sap/SAD.java | 113 ++--- .../saml2/signservice/sap/SADRequest.java | 58 ++- .../saml2/signservice/sap/SADVersion.java | 34 +- .../saml2/signservice/sap/SAPConstants.java | 12 +- .../sap/impl/ParameterBuilder.java | 6 +- .../signservice/sap/impl/ParameterImpl.java | 21 +- .../sap/impl/ParameterMarshaller.java | 6 +- .../sap/impl/ParameterUnmarshaller.java | 10 +- .../sap/impl/RequestParamsBuilder.java | 9 +- .../sap/impl/RequestParamsImpl.java | 21 +- .../sap/impl/RequestParamsMarshaller.java | 4 +- .../sap/impl/RequestParamsUnmarshaller.java | 10 +- .../sap/impl/SADRequestBuilder.java | 6 +- .../signservice/sap/impl/SADRequestImpl.java | 46 +- .../sap/impl/SADRequestMarshaller.java | 7 +- .../sap/impl/SADRequestUnmarshaller.java | 15 +- ...dAssertionValidationParametersBuilder.java | 12 +- .../SwedishEidAssertionValidator.java | 90 ++-- ...SwedishEidAttributeStatementValidator.java | 77 ++-- .../SwedishEidAuthnStatementValidator.java | 64 +-- .../SwedishEidResponseProcessorImpl.java | 9 +- .../SwedishEidResponseValidator.java | 37 +- .../SwedishEidSecurityConfiguration.java | 31 +- .../opensaml/sweid/LibraryVersionTest.java | 53 +++ .../opensaml/sweid/OpenSAMLTestBase.java | 96 ++-- .../authn/psc/PrincipalSelectionTest.java | 98 ++-- .../SwedishEidDiscoveryMatchingRulesTest.java | 119 ++--- .../saml2/signservice/SADFactoryTest.java | 30 +- .../saml2/signservice/SADParserTest.java | 421 +++++++++--------- .../signservice/SADRequestBuilderTest.java | 41 +- .../signservice/SignMessageBuilderTest.java | 20 +- .../signservice/SignMessageDecrypterTest.java | 39 +- .../SignMessageDigestIssuerTest.java | 28 +- .../signservice/SignMessageEncrypterTest.java | 34 +- .../saml2/signservice/sap/SADRequestTest.java | 70 +-- .../sweid/saml2/signservice/sap/SADTest.java | 24 +- src/test/resources/version.properties | 1 + 95 files changed, 1766 insertions(+), 1779 deletions(-) create mode 100644 src/main/java/se/swedenconnect/opensaml/sweid/LibraryVersion.java create mode 100644 src/test/java/se/swedenconnect/opensaml/sweid/LibraryVersionTest.java create mode 100644 src/test/resources/version.properties diff --git a/pom.xml b/pom.xml index 611379e..a5950c8 100644 --- a/pom.xml +++ b/pom.xml @@ -7,10 +7,10 @@ se.swedenconnect.opensaml opensaml-swedish-eid jar - 1.2.6-SNAPSHOT + 2.0.0-SNAPSHOT Sweden Connect :: Swedish eID OpenSAML extensions - OpenSAML 4.X extension library for the Swedish eID Framework + OpenSAML 5.X extension library for the Swedish eID Framework https://github.com/swedenconnect/opensaml-swedish-eid @@ -44,14 +44,16 @@ UTF-8 - 11 + 17 - 2.14.2 - 9.31 - - 1.7.36 - 4.13.2 - + 5.0.0 + 9.0.0 + + 2.15.2 + 9.35 + 6.0.12 + 2.0.7 + 5.10.0 @@ -86,41 +88,32 @@ org.slf4j slf4j-api ${slf4j.version} - jar - compile - org.cryptacular - cryptacular - 1.2.5 - - - org.bouncycastle - bcprov-jdk18on - - + commons-codec + commons-codec + 1.16.0 - org.apache.santuario - xmlsec - 2.3.2 - - - - com.fasterxml.woodstox - woodstox-core - - + org.apache.httpcomponents.core5 + httpcore5 + 5.2.2 - com.fasterxml.woodstox - woodstox-core - 6.4.0 + com.fasterxml.jackson.core + jackson-core + ${jackson.version} - + + + com.fasterxml.jackson.core + jackson-databind + ${jackson.version} + + @@ -137,17 +130,13 @@ se.swedenconnect.opensaml opensaml-security-ext - [3.1.2,) - jar - compile + 4.0.0-SNAPSHOT se.swedenconnect.opensaml opensaml-addons - [1.2.6,) - jar - compile + 2.0.0-SNAPSHOT @@ -160,74 +149,64 @@ com.fasterxml.jackson.core jackson-core - [${jackson.version},) - compile - jar + ${jackson.version} com.fasterxml.jackson.core jackson-annotations - [${jackson.version},) - compile - jar + ${jackson.version} com.fasterxml.jackson.core jackson-databind - [${jackson.version},) - compile - jar - - - com.fasterxml.jackson.core - jackson-annotations - - + ${jackson.version} org.springframework spring-core - [5.3.0, 6.0.0) + ${spring.version} test - jar org.springframework spring-beans - [5.3.0, 6.0.0) + ${spring.version} test - jar - junit - junit + org.springframework + spring-context + ${spring.version} + test + + + + org.junit.jupiter + junit-jupiter ${junit.version} test - jar + + + org.junit.jupiter + junit-jupiter-params + ${junit.version} + test + org.slf4j slf4j-simple ${slf4j.version} - jar test - - org.springframework - spring-context - [5.3.0, 6.0.0) - test - jar - - @@ -237,42 +216,35 @@ org.apache.maven.plugins maven-compiler-plugin - 3.8.1 + 3.11.0 ${java.version} ${java.version} - + org.apache.maven.plugins - maven-jar-plugin - 3.2.0 + maven-surefire-plugin + 3.1.2 org.apache.maven.plugins - maven-clean-plugin - 3.1.0 - - - - test-output - - - + maven-jar-plugin + 3.3.0 - + org.apache.maven.plugins - maven-project-info-reports-plugin - 2.9 + maven-clean-plugin + 3.3.1 - + org.apache.maven.plugins maven-enforcer-plugin - 3.0.0-M3 + 3.4.1 enforce @@ -291,21 +263,36 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.2.0 + 3.6.0 - OpenSAML 4.X extension library for the Swedish eID Framework - ${project.version} - OpenSAML 4.X extension library for the Swedish eID Framework - ${project.version} + OpenSAML 5.X extension library for the Swedish eID Framework - ${project.version} + OpenSAML 5.X extension library for the Swedish eID Framework - ${project.version} - https://build.shibboleth.net/nexus/content/sites/site/java-opensaml/4.2.0/apidocs/ - https://build.shibboleth.net/nexus/content/sites/site/java-support/8.2.1/apidocs/ + https://build.shibboleth.net/nexus/content/sites/site/java-opensaml/${opensaml.version}/apidocs/ + https://build.shibboleth.net/nexus/content/sites/site/java-shib-shared/${shib.support.version}/apidocs/ https://docs.swedenconnect.se/opensaml-security-ext/javadoc/latest/ https://docs.swedenconnect.se/opensaml-addons/apidoc/ true + all,-missing + + + + src/test/resources + true + + **/*.properties + + + + src/test/resources + false + + @@ -339,7 +326,7 @@ org.apache.maven.plugins maven-gpg-plugin - 1.6 + 3.0.1 sign-artifacts @@ -354,7 +341,7 @@ org.apache.maven.plugins maven-source-plugin - 3.2.0 + 3.3.0 attach-sources diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/LibraryVersion.java b/src/main/java/se/swedenconnect/opensaml/sweid/LibraryVersion.java new file mode 100644 index 0000000..2f5a8d6 --- /dev/null +++ b/src/main/java/se/swedenconnect/opensaml/sweid/LibraryVersion.java @@ -0,0 +1,47 @@ +/* + * Copyright 2023 Sweden Connect + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package se.swedenconnect.opensaml.sweid; + +/** + * Internal class used for serialization across library classes. + * + * @author Martin Lindström + */ +public final class LibraryVersion { + + private static final int MAJOR = 2; + private static final int MINOR = 0; + private static final int PATCH = 0; + + /** + * Global serialization value for library classes. + */ + public static final long SERIAL_VERSION_UID = getVersion().hashCode(); + + /** + * Gets the version string. + * + * @return the version string + */ + public static String getVersion() { + return MAJOR + "." + MINOR + "." + PATCH; + } + + // Hidden + private LibraryVersion() { + } + +} diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/config/XMLObjectProviderInitializer.java b/src/main/java/se/swedenconnect/opensaml/sweid/config/XMLObjectProviderInitializer.java index d01a151..e86c739 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/config/XMLObjectProviderInitializer.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/config/XMLObjectProviderInitializer.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ /** * XMLObject provider initializer for this module. - * + * * @author Martin Lindström (martin@idsec.se) */ public class XMLObjectProviderInitializer extends AbstractXMLObjectProviderInitializer { @@ -30,6 +30,7 @@ public class XMLObjectProviderInitializer extends AbstractXMLObjectProviderIniti }; /** {@inheritDoc} */ + @Override protected String[] getConfigResources() { return configs; } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeConstants.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeConstants.java index 938e3d8..d7018dc 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeConstants.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeConstants.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,9 +18,9 @@ import se.swedenconnect.opensaml.saml2.attribute.AttributeTemplate; /** - * Contains constants for all attributes defined in section 3.1 of - * "Attribute Specification for the Swedish eID Framework". - * + * Contains constants for all attributes defined in section 3.1 of "Attribute Specification for the Swedish eID + * Framework". + * * @author Martin Lindström (martin@idsec.se) */ public class AttributeConstants { @@ -33,7 +33,7 @@ public class AttributeConstants { /** Attribute template for the "Surname" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_SN = new AttributeTemplate(ATTRIBUTE_NAME_SN, - ATTRIBUTE_FRIENDLY_NAME_SN); + ATTRIBUTE_FRIENDLY_NAME_SN); /** The attribute name for the "Given Name" attribute (urn:oid:2.5.4.42). */ public static final String ATTRIBUTE_NAME_GIVEN_NAME = "urn:oid:2.5.4.42"; @@ -43,7 +43,7 @@ public class AttributeConstants { /** Attribute template for the "Given Name" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_GIVEN_NAME = new AttributeTemplate( - ATTRIBUTE_NAME_GIVEN_NAME, ATTRIBUTE_FRIENDLY_NAME_GIVEN_NAME); + ATTRIBUTE_NAME_GIVEN_NAME, ATTRIBUTE_FRIENDLY_NAME_GIVEN_NAME); /** The attribute name for the "Display Name" attribute (urn:oid:2.16.840.1.113730.3.1.241). */ public static final String ATTRIBUTE_NAME_DISPLAY_NAME = "urn:oid:2.16.840.1.113730.3.1.241"; @@ -53,7 +53,7 @@ public class AttributeConstants { /** Attribute template for the "Display Name" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_DISPLAY_NAME = new AttributeTemplate( - ATTRIBUTE_NAME_DISPLAY_NAME, ATTRIBUTE_FRIENDLY_NAME_DISPLAY_NAME); + ATTRIBUTE_NAME_DISPLAY_NAME, ATTRIBUTE_FRIENDLY_NAME_DISPLAY_NAME); /** The attribute name for the "Gender" attribute (urn:oid:1.3.6.1.5.5.7.9.3). */ public static final String ATTRIBUTE_NAME_GENDER = "urn:oid:1.3.6.1.5.5.7.9.3"; @@ -63,7 +63,7 @@ public class AttributeConstants { /** Attribute template for the "Gender" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_GENDER = new AttributeTemplate(ATTRIBUTE_NAME_GENDER, - ATTRIBUTE_FRIENDLY_NAME_GENDER); + ATTRIBUTE_FRIENDLY_NAME_GENDER); /** The attribute name for the "National civic registration number" attribute (urn:oid:1.2.752.29.4.13). */ public static final String ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER = "urn:oid:1.2.752.29.4.13"; @@ -73,17 +73,21 @@ public class AttributeConstants { /** Attribute template for the "National civic registration number" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_PERSONAL_IDENTITY_NUMBER = new AttributeTemplate( - ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, ATTRIBUTE_FRIENDLY_NAME_PERSONAL_IDENTITY_NUMBER); - + ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, ATTRIBUTE_FRIENDLY_NAME_PERSONAL_IDENTITY_NUMBER); + /** The attribute name for the "Previous national civic registration number" attribute (urn:oid:1.2.752.201.3.15). */ public static final String ATTRIBUTE_NAME_PREVIOUS_PERSONAL_IDENTITY_NUMBER = "urn:oid:1.2.752.201.3.15"; - /** The attribute friendly name for the "Previous national civic registration number" attribute (previousPersonalIdentityNumber). */ - public static final String ATTRIBUTE_FRIENDLY_NAME_PREVIOUS_PERSONAL_IDENTITY_NUMBER = "previousPersonalIdentityNumber"; + /** + * The attribute friendly name for the "Previous national civic registration number" attribute + * (previousPersonalIdentityNumber). + */ + public static final String ATTRIBUTE_FRIENDLY_NAME_PREVIOUS_PERSONAL_IDENTITY_NUMBER = + "previousPersonalIdentityNumber"; /** Attribute template for the "Previous national civic registration number" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_PREVIOUS_PERSONAL_IDENTITY_NUMBER = new AttributeTemplate( - ATTRIBUTE_NAME_PREVIOUS_PERSONAL_IDENTITY_NUMBER, ATTRIBUTE_FRIENDLY_NAME_PREVIOUS_PERSONAL_IDENTITY_NUMBER); + ATTRIBUTE_NAME_PREVIOUS_PERSONAL_IDENTITY_NUMBER, ATTRIBUTE_FRIENDLY_NAME_PREVIOUS_PERSONAL_IDENTITY_NUMBER); /** The attribute name for the "Date of birth" attribute (urn:oid:1.3.6.1.5.5.7.9.1). */ public static final String ATTRIBUTE_NAME_DATE_OF_BIRTH = "urn:oid:1.3.6.1.5.5.7.9.1"; @@ -93,8 +97,8 @@ public class AttributeConstants { /** Attribute template for the "Date of birth" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_DATE_OF_BIRTH = new AttributeTemplate( - ATTRIBUTE_NAME_DATE_OF_BIRTH, ATTRIBUTE_FRIENDLY_NAME_DATE_OF_BIRTH); - + ATTRIBUTE_NAME_DATE_OF_BIRTH, ATTRIBUTE_FRIENDLY_NAME_DATE_OF_BIRTH); + /** The attribute name for the "birth name" attribute (urn:oid:1.2.752.201.3.8). */ public static final String ATTRIBUTE_NAME_BIRTH_NAME = "urn:oid:1.2.752.201.3.8"; @@ -103,8 +107,8 @@ public class AttributeConstants { /** Attribute template for the "birth name" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_BIRTH_NAME = new AttributeTemplate( - ATTRIBUTE_NAME_BIRTH_NAME, ATTRIBUTE_FRIENDLY_NAME_BIRTH_NAME); - + ATTRIBUTE_NAME_BIRTH_NAME, ATTRIBUTE_FRIENDLY_NAME_BIRTH_NAME); + /** The attribute name for the "Street address" attribute (urn:oid:2.5.4.9). */ public static final String ATTRIBUTE_NAME_STREET = "urn:oid:2.5.4.9"; @@ -113,7 +117,7 @@ public class AttributeConstants { /** Attribute template for the "Street address" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_STREET = new AttributeTemplate(ATTRIBUTE_NAME_STREET, - ATTRIBUTE_FRIENDLY_NAME_STREET); + ATTRIBUTE_FRIENDLY_NAME_STREET); /** The attribute name for the "Post box" attribute (urn:oid:2.5.4.18). */ public static final String ATTRIBUTE_NAME_POST_OFFICE_BOX = "urn:oid:2.5.4.18"; @@ -123,7 +127,7 @@ public class AttributeConstants { /** Attribute template for the "Post box" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_POST_OFFICE_BOX = new AttributeTemplate( - ATTRIBUTE_NAME_POST_OFFICE_BOX, ATTRIBUTE_FRIENDLY_NAME_POST_OFFICE_BOX); + ATTRIBUTE_NAME_POST_OFFICE_BOX, ATTRIBUTE_FRIENDLY_NAME_POST_OFFICE_BOX); /** The attribute name for the "Postal code" attribute (urn:oid:2.5.4.17). */ public static final String ATTRIBUTE_NAME_POSTAL_CODE = "urn:oid:2.5.4.17"; @@ -133,7 +137,7 @@ public class AttributeConstants { /** Attribute template for the "Postal code" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_POSTAL_CODE = new AttributeTemplate( - ATTRIBUTE_NAME_POSTAL_CODE, ATTRIBUTE_FRIENDLY_NAME_POSTAL_CODE); + ATTRIBUTE_NAME_POSTAL_CODE, ATTRIBUTE_FRIENDLY_NAME_POSTAL_CODE); /** The attribute name for the "Locality" attribute (urn:oid:2.5.4.7). */ public static final String ATTRIBUTE_NAME_L = "urn:oid:2.5.4.7"; @@ -143,7 +147,7 @@ public class AttributeConstants { /** Attribute template for the "Locality" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_L = new AttributeTemplate(ATTRIBUTE_NAME_L, - ATTRIBUTE_FRIENDLY_NAME_L); + ATTRIBUTE_FRIENDLY_NAME_L); /** The attribute name for the "Country" attribute (urn:oid:2.5.4.6). */ public static final String ATTRIBUTE_NAME_C = "urn:oid:2.5.4.6"; @@ -153,7 +157,7 @@ public class AttributeConstants { /** Attribute template for the "Country" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_C = new AttributeTemplate(ATTRIBUTE_NAME_C, - ATTRIBUTE_FRIENDLY_NAME_C); + ATTRIBUTE_FRIENDLY_NAME_C); /** The attribute name for the "Place of birth" attribute (urn:oid:1.3.6.1.5.5.7.9.2). */ public static final String ATTRIBUTE_NAME_PLACE_OF_BIRTH = "urn:oid:1.3.6.1.5.5.7.9.2"; @@ -163,7 +167,7 @@ public class AttributeConstants { /** Attribute template for the "Place of birth" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_PLACE_OF_BIRTH = new AttributeTemplate( - ATTRIBUTE_NAME_PLACE_OF_BIRTH, ATTRIBUTE_FRIENDLY_NAME_PLACE_OF_BIRTH); + ATTRIBUTE_NAME_PLACE_OF_BIRTH, ATTRIBUTE_FRIENDLY_NAME_PLACE_OF_BIRTH); /** The attribute name for the "Country of citizenship" attribute (urn:oid:1.3.6.1.5.5.7.9.4). */ public static final String ATTRIBUTE_NAME_COUNTRY_OF_CITIZENSHIP = "urn:oid:1.3.6.1.5.5.7.9.4"; @@ -173,7 +177,7 @@ public class AttributeConstants { /** Attribute template for the "Country of citizenship" attribute (Multi-valued). */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_COUNTRY_OF_CITIZENSHIP = new AttributeTemplate( - ATTRIBUTE_NAME_COUNTRY_OF_CITIZENSHIP, ATTRIBUTE_FRIENDLY_NAME_COUNTRY_OF_CITIZENSHIP); + ATTRIBUTE_NAME_COUNTRY_OF_CITIZENSHIP, ATTRIBUTE_FRIENDLY_NAME_COUNTRY_OF_CITIZENSHIP); /** The attribute name for the "Country of Residence" attribute (urn:oid:1.3.6.1.5.5.7.9.5). */ public static final String ATTRIBUTE_NAME_COUNTRY_OF_RESIDENCE = "urn:oid:1.3.6.1.5.5.7.9.5"; @@ -183,7 +187,7 @@ public class AttributeConstants { /** Attribute template for the "Country of Residence" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_COUNTRY_OF_RESIDENCE = new AttributeTemplate( - ATTRIBUTE_NAME_COUNTRY_OF_RESIDENCE, ATTRIBUTE_FRIENDLY_NAME_COUNTRY_OF_RESIDENCE); + ATTRIBUTE_NAME_COUNTRY_OF_RESIDENCE, ATTRIBUTE_FRIENDLY_NAME_COUNTRY_OF_RESIDENCE); /** The attribute name for the "Telephone number" attribute (urn:oid:2.5.4.20). */ public static final String ATTRIBUTE_NAME_TELEPHONE_NUMBER = "urn:oid:2.5.4.20"; @@ -193,7 +197,7 @@ public class AttributeConstants { /** Attribute template for the "Telephone number" attribute (Multi-valued). */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_TELEPHONE_NUMBER = new AttributeTemplate( - ATTRIBUTE_NAME_TELEPHONE_NUMBER, ATTRIBUTE_FRIENDLY_NAME_TELEPHONE_NUMBER); + ATTRIBUTE_NAME_TELEPHONE_NUMBER, ATTRIBUTE_FRIENDLY_NAME_TELEPHONE_NUMBER); /** The attribute name for the "Mobile number" attribute (urn:oid:0.9.2342.19200300.100.1.41). */ public static final String ATTRIBUTE_NAME_MOBILE = "urn:oid:0.9.2342.19200300.100.1.41"; @@ -203,7 +207,7 @@ public class AttributeConstants { /** Attribute template for the "Mobile number" attribute (Multi-valued). */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_MOBILE = new AttributeTemplate(ATTRIBUTE_NAME_MOBILE, - ATTRIBUTE_FRIENDLY_NAME_MOBILE); + ATTRIBUTE_FRIENDLY_NAME_MOBILE); /** The attribute name for the "E-mail address" attribute (urn:oid:0.9.2342.19200300.100.1.3). */ public static final String ATTRIBUTE_NAME_MAIL = "urn:oid:0.9.2342.19200300.100.1.3"; @@ -213,7 +217,7 @@ public class AttributeConstants { /** Attribute template for the "E-mail address" attribute (Multi-valued). */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_MAIL = new AttributeTemplate(ATTRIBUTE_NAME_MAIL, - ATTRIBUTE_FRIENDLY_NAME_MAIL); + ATTRIBUTE_FRIENDLY_NAME_MAIL); /** The attribute name for the "Organization name" attribute (urn:oid:2.5.4.10). */ public static final String ATTRIBUTE_NAME_O = "urn:oid:2.5.4.10"; @@ -223,7 +227,7 @@ public class AttributeConstants { /** Attribute template for the "Organization name" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_O = new AttributeTemplate(ATTRIBUTE_NAME_O, - ATTRIBUTE_FRIENDLY_NAME_O); + ATTRIBUTE_FRIENDLY_NAME_O); /** The attribute name for the "Organizational unit name" attribute (urn:oid:2.5.4.11). */ public static final String ATTRIBUTE_NAME_OU = "urn:oid:2.5.4.11"; @@ -233,7 +237,7 @@ public class AttributeConstants { /** Attribute template for the "Organizational unit name" attribute (Multi-valued). */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_OU = new AttributeTemplate(ATTRIBUTE_NAME_OU, - ATTRIBUTE_FRIENDLY_NAME_OU); + ATTRIBUTE_FRIENDLY_NAME_OU); /** The attribute name for the "Organizational identifier code" attribute (urn:oid:2.5.4.97). */ public static final String ATTRIBUTE_NAME_ORGANIZATION_IDENTIFIER = "urn:oid:2.5.4.97"; @@ -243,7 +247,7 @@ public class AttributeConstants { /** Attribute template for the "Organizational identifier code" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_ORGANIZATION_IDENTIFIER = new AttributeTemplate( - ATTRIBUTE_NAME_ORGANIZATION_IDENTIFIER, ATTRIBUTE_FRIENDLY_NAME_ORGANIZATION_IDENTIFIER); + ATTRIBUTE_NAME_ORGANIZATION_IDENTIFIER, ATTRIBUTE_FRIENDLY_NAME_ORGANIZATION_IDENTIFIER); /** The attribute name for the "Organization affiliation" attribute (urn:oid:1.2.752.201.3.1). */ public static final String ATTRIBUTE_NAME_ORG_AFFILIATION = "urn:oid:1.2.752.201.3.1"; @@ -253,7 +257,7 @@ public class AttributeConstants { /** Attribute template for the "Organization affiliation" attribute (Multi-valued). */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_ORG_AFFILIATION = new AttributeTemplate( - ATTRIBUTE_NAME_ORG_AFFILIATION, ATTRIBUTE_FRIENDLY_NAME_ORG_AFFILIATION); + ATTRIBUTE_NAME_ORG_AFFILIATION, ATTRIBUTE_FRIENDLY_NAME_ORG_AFFILIATION); /** The attribute name for the "Transaction identifier" attribute (urn:oid:1.2.752.201.3.2). */ public static final String ATTRIBUTE_NAME_TRANSACTION_IDENTIFIER = "urn:oid:1.2.752.201.3.2"; @@ -263,7 +267,7 @@ public class AttributeConstants { /** Attribute template for the "Transaction identifier" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_TRANSACTION_IDENTIFIER = new AttributeTemplate( - ATTRIBUTE_NAME_TRANSACTION_IDENTIFIER, ATTRIBUTE_FRIENDLY_NAME_TRANSACTION_IDENTIFIER); + ATTRIBUTE_NAME_TRANSACTION_IDENTIFIER, ATTRIBUTE_FRIENDLY_NAME_TRANSACTION_IDENTIFIER); /** The attribute name for the "Authentication context parameters" attribute (urn:oid:1.2.752.201.3.3). */ public static final String ATTRIBUTE_NAME_AUTH_CONTEXT_PARAMS = "urn:oid:1.2.752.201.3.3"; @@ -273,8 +277,8 @@ public class AttributeConstants { /** Attribute template for the "Authentication context parameters" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_AUTH_CONTEXT_PARAMS = new AttributeTemplate( - ATTRIBUTE_NAME_AUTH_CONTEXT_PARAMS, ATTRIBUTE_FRIENDLY_NAME_AUTH_CONTEXT_PARAMS); - + ATTRIBUTE_NAME_AUTH_CONTEXT_PARAMS, ATTRIBUTE_FRIENDLY_NAME_AUTH_CONTEXT_PARAMS); + /** The attribute name for the "User certificate" attribute (urn:oid:1.2.752.201.3.10). */ public static final String ATTRIBUTE_NAME_USER_CERTIFICATE = "urn:oid:1.2.752.201.3.10"; @@ -283,8 +287,8 @@ public class AttributeConstants { /** Attribute template for the "user certificate" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_USER_CERTIFICATE = new AttributeTemplate( - ATTRIBUTE_NAME_USER_CERTIFICATE, ATTRIBUTE_FRIENDLY_NAME_USER_CERTIFICATE); - + ATTRIBUTE_NAME_USER_CERTIFICATE, ATTRIBUTE_FRIENDLY_NAME_USER_CERTIFICATE); + /** The attribute name for the "User signature" attribute (urn:oid:1.2.752.201.3.11). */ public static final String ATTRIBUTE_NAME_USER_SIGNATURE = "urn:oid:1.2.752.201.3.11"; @@ -293,8 +297,8 @@ public class AttributeConstants { /** Attribute template for the "user signature" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_USER_SIGNATURE = new AttributeTemplate( - ATTRIBUTE_NAME_USER_SIGNATURE, ATTRIBUTE_FRIENDLY_NAME_USER_SIGNATURE); - + ATTRIBUTE_NAME_USER_SIGNATURE, ATTRIBUTE_FRIENDLY_NAME_USER_SIGNATURE); + /** The attribute name for the "Authentication server signature" attribute (urn:oid:1.2.752.201.3.13). */ public static final String ATTRIBUTE_NAME_AUTH_SERVER_SIGNATURE = "urn:oid:1.2.752.201.3.13"; @@ -303,8 +307,8 @@ public class AttributeConstants { /** Attribute template for the "Authentication server signature" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_AUTH_SERVER_SIGNATURE = new AttributeTemplate( - ATTRIBUTE_NAME_AUTH_SERVER_SIGNATURE, ATTRIBUTE_FRIENDLY_NAME_AUTH_SERVER_SIGNATURE); - + ATTRIBUTE_NAME_AUTH_SERVER_SIGNATURE, ATTRIBUTE_FRIENDLY_NAME_AUTH_SERVER_SIGNATURE); + /** The attribute name for the "Signature activation data" attribute (urn:oid:1.2.752.201.3.12). */ public static final String ATTRIBUTE_NAME_SAD = "urn:oid:1.2.752.201.3.12"; @@ -313,18 +317,18 @@ public class AttributeConstants { /** Attribute template for the "Signature activation data" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_SAD = new AttributeTemplate( - ATTRIBUTE_NAME_SAD, ATTRIBUTE_FRIENDLY_NAME_SAD); - + ATTRIBUTE_NAME_SAD, ATTRIBUTE_FRIENDLY_NAME_SAD); + /** The attribute name for the "Sign message digest" attribute (urn:oid:1.2.752.201.3.14). */ public static final String ATTRIBUTE_NAME_SIGNMESSAGE_DIGEST = "urn:oid:1.2.752.201.3.14"; - + /** The attribute friendly name for the "Sign message digest" attribute (signMessageDigest). */ public static final String ATTRIBUTE_FRIENDLY_NAME_SIGNMESSAGE_DIGEST = "signMessageDigest"; - + /** Attribute template for the "Sign message digest" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_SIGNMESSAGE_DIGEST = new AttributeTemplate( - ATTRIBUTE_NAME_SIGNMESSAGE_DIGEST, ATTRIBUTE_FRIENDLY_NAME_SIGNMESSAGE_DIGEST); - + ATTRIBUTE_NAME_SIGNMESSAGE_DIGEST, ATTRIBUTE_FRIENDLY_NAME_SIGNMESSAGE_DIGEST); + /** The attribute name for the "Provisional identifier" attribute (urn:oid:1.2.752.201.3.4). */ public static final String ATTRIBUTE_NAME_PRID = "urn:oid:1.2.752.201.3.4"; @@ -333,8 +337,8 @@ public class AttributeConstants { /** Attribute template for the "Provisional identifier" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_PRID = new AttributeTemplate( - ATTRIBUTE_NAME_PRID, ATTRIBUTE_FRIENDLY_NAME_PRID); - + ATTRIBUTE_NAME_PRID, ATTRIBUTE_FRIENDLY_NAME_PRID); + /** The attribute name for the "Provisional identifier persistence indicator" attribute (urn:oid:1.2.752.201.3.5). */ public static final String ATTRIBUTE_NAME_PRID_PERSISTENCE = "urn:oid:1.2.752.201.3.5"; @@ -343,38 +347,52 @@ public class AttributeConstants { /** Attribute template for the "Provisional identifier persistence indicator" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_PRID_PERSISTENCE = new AttributeTemplate( - ATTRIBUTE_NAME_PRID_PERSISTENCE, ATTRIBUTE_FRIENDLY_NAME_PRID_PERSISTENCE); - - /** The attribute name for the "National civic registration number/code binding URI" attribute (urn:oid:1.2.752.201.3.6). */ + ATTRIBUTE_NAME_PRID_PERSISTENCE, ATTRIBUTE_FRIENDLY_NAME_PRID_PERSISTENCE); + + /** + * The attribute name for the "National civic registration number/code binding URI" attribute + * (urn:oid:1.2.752.201.3.6). + */ public static final String ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER_BINDING = "urn:oid:1.2.752.201.3.6"; - /** The attribute friendly name for the "National civic registration number/code binding URI" attribute (personalIdentityNumberBinding). */ + /** + * The attribute friendly name for the "National civic registration number/code binding URI" attribute + * (personalIdentityNumberBinding). + */ public static final String ATTRIBUTE_FRIENDLY_NAME_PERSONAL_IDENTITY_NUMBER_BINDING = "personalIdentityNumberBinding"; /** Attribute template for the "National civic registration number/code binding URI" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_PERSONAL_IDENTITY_NUMBER_BINDING = new AttributeTemplate( - ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER_BINDING, ATTRIBUTE_FRIENDLY_NAME_PERSONAL_IDENTITY_NUMBER_BINDING); - + ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER_BINDING, ATTRIBUTE_FRIENDLY_NAME_PERSONAL_IDENTITY_NUMBER_BINDING); + /** The attribute name for the "Mapped national civic registration number" attribute (urn:oid:1.2.752.201.3.16). */ public static final String ATTRIBUTE_NAME_MAPPED_PERSONAL_IDENTITY_NUMBER = "urn:oid:1.2.752.201.3.16"; - /** The attribute friendly name for the "Mapped national civic registration number" attribute (mappedPersonalIdentityNumber). */ + /** + * The attribute friendly name for the "Mapped national civic registration number" attribute + * (mappedPersonalIdentityNumber). + */ public static final String ATTRIBUTE_FRIENDLY_NAME_MAPPED_PERSONAL_IDENTITY_NUMBER = "mappedPersonalIdentityNumber"; /** Attribute template for the "National civic registration number/code binding URI" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_MAPPED_PERSONAL_IDENTITY_NUMBER = new AttributeTemplate( - ATTRIBUTE_NAME_MAPPED_PERSONAL_IDENTITY_NUMBER, ATTRIBUTE_FRIENDLY_NAME_MAPPED_PERSONAL_IDENTITY_NUMBER); - - /** The attribute name for the "eIDAS uniqueness identifier for natural persons" attribute (urn:oid:1.2.752.201.3.7). */ + ATTRIBUTE_NAME_MAPPED_PERSONAL_IDENTITY_NUMBER, ATTRIBUTE_FRIENDLY_NAME_MAPPED_PERSONAL_IDENTITY_NUMBER); + + /** + * The attribute name for the "eIDAS uniqueness identifier for natural persons" attribute (urn:oid:1.2.752.201.3.7). + */ public static final String ATTRIBUTE_NAME_EIDAS_PERSON_IDENTIFIER = "urn:oid:1.2.752.201.3.7"; - /** The attribute friendly name for the "eIDAS uniqueness identifier for natural persons" attribute (eidasPersonIdentifier). */ + /** + * The attribute friendly name for the "eIDAS uniqueness identifier for natural persons" attribute + * (eidasPersonIdentifier). + */ public static final String ATTRIBUTE_FRIENDLY_NAME_EIDAS_PERSON_IDENTIFIER = "eidasPersonIdentifier"; /** Attribute template for the "eIDAS uniqueness identifier for natural persons" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_EIDAS_PERSON_IDENTIFIER = new AttributeTemplate( - ATTRIBUTE_NAME_EIDAS_PERSON_IDENTIFIER, ATTRIBUTE_FRIENDLY_NAME_EIDAS_PERSON_IDENTIFIER); - + ATTRIBUTE_NAME_EIDAS_PERSON_IDENTIFIER, ATTRIBUTE_FRIENDLY_NAME_EIDAS_PERSON_IDENTIFIER); + /** The attribute name for the "eIDAS Natural Person Address" attribute (urn:oid:1.2.752.201.3.9). */ public static final String ATTRIBUTE_NAME_EIDAS_NATURAL_PERSON_ADDRESS = "urn:oid:1.2.752.201.3.9"; @@ -383,8 +401,8 @@ public class AttributeConstants { /** Attribute template for the "eIDAS Natural Person Address" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_EIDAS_NATURAL_PERSON_ADDRESS = new AttributeTemplate( - ATTRIBUTE_NAME_EIDAS_NATURAL_PERSON_ADDRESS, ATTRIBUTE_FRIENDLY_NAME_EIDAS_NATURAL_PERSON_ADDRESS); - + ATTRIBUTE_NAME_EIDAS_NATURAL_PERSON_ADDRESS, ATTRIBUTE_FRIENDLY_NAME_EIDAS_NATURAL_PERSON_ADDRESS); + /** The attribute name for the "Employee HSA-ID" attribute (urn:oid:1.2.752.29.6.2.1). */ public static final String ATTRIBUTE_NAME_EMPLOYEE_HSA_ID = "urn:oid:1.2.752.29.6.2.1"; @@ -393,8 +411,8 @@ public class AttributeConstants { /** Attribute template for the "Employee HSA-ID" attribute. */ public static final AttributeTemplate ATTRIBUTE_TEMPLATE_EMPLOYEE_HSA_ID = new AttributeTemplate( - ATTRIBUTE_NAME_EMPLOYEE_HSA_ID, ATTRIBUTE_FRIENDLY_NAME_EMPLOYEE_HSA_ID); - + ATTRIBUTE_NAME_EMPLOYEE_HSA_ID, ATTRIBUTE_FRIENDLY_NAME_EMPLOYEE_HSA_ID); + /* * Hidden constructor. */ diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeSetConstants.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeSetConstants.java index 44f97fb..ded8c76 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeSetConstants.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeSetConstants.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ /** * Defines all Attribute Set defined in section 2 of "Attribute Specification for the Swedish eID Framework". - * + * * @author Martin Lindström (martin@idsec.se) */ public class AttributeSetConstants { @@ -33,7 +33,7 @@ public class AttributeSetConstants { *

*/ public static final AttributeSet ATTRIBUTE_SET_PSEUDONYM_IDENTITY = new AttributeSetImpl("ELN-AP-Pseudonym-01", - "http://id.elegnamnden.se/ap/1.0/pseudonym-01", "Pseudonym Identity", null, null); + "http://id.elegnamnden.se/ap/1.0/pseudonym-01", "Pseudonym Identity", null, null); /** * Natural Personal Identity without Civic Registration Number - The “Personal Identity without Civic Registration @@ -45,13 +45,13 @@ public class AttributeSetConstants { *

*/ public static final AttributeSet ATTRIBUTE_SET_NATURAL_PERSON_NO_PERSONAL_ID = new AttributeSetImpl( - "ELN-AP-NaturalPerson-01", "http://id.elegnamnden.se/ap/1.0/natural-person-01", - "Natural Personal Identity without Civic Registration Number", - new AttributeTemplate[] { - AttributeConstants.ATTRIBUTE_TEMPLATE_DISPLAY_NAME, - AttributeConstants.ATTRIBUTE_TEMPLATE_SN, - AttributeConstants.ATTRIBUTE_TEMPLATE_GIVEN_NAME }, - null); + "ELN-AP-NaturalPerson-01", "http://id.elegnamnden.se/ap/1.0/natural-person-01", + "Natural Personal Identity without Civic Registration Number", + new AttributeTemplate[] { + AttributeConstants.ATTRIBUTE_TEMPLATE_DISPLAY_NAME, + AttributeConstants.ATTRIBUTE_TEMPLATE_SN, + AttributeConstants.ATTRIBUTE_TEMPLATE_GIVEN_NAME }, + null); /** * Natural Personal Identity with Civic Registration Number - The “Personal Identity with Civic Registration Number” @@ -63,16 +63,16 @@ public class AttributeSetConstants { *

*/ public static final AttributeSet ATTRIBUTE_SET_NATURAL_PERSON_WITH_PERSONAL_ID = new AttributeSetImpl( - "ELN-AP-Pnr-01", "http://id.elegnamnden.se/ap/1.0/pnr-01", - "Natural Personal Identity with Civic Registration Number", - new AttributeTemplate[] { - AttributeConstants.ATTRIBUTE_TEMPLATE_PERSONAL_IDENTITY_NUMBER, - AttributeConstants.ATTRIBUTE_TEMPLATE_SN, - AttributeConstants.ATTRIBUTE_TEMPLATE_GIVEN_NAME, - AttributeConstants.ATTRIBUTE_TEMPLATE_DISPLAY_NAME }, - new AttributeTemplate[] { - AttributeConstants.ATTRIBUTE_TEMPLATE_DATE_OF_BIRTH - }); + "ELN-AP-Pnr-01", "http://id.elegnamnden.se/ap/1.0/pnr-01", + "Natural Personal Identity with Civic Registration Number", + new AttributeTemplate[] { + AttributeConstants.ATTRIBUTE_TEMPLATE_PERSONAL_IDENTITY_NUMBER, + AttributeConstants.ATTRIBUTE_TEMPLATE_SN, + AttributeConstants.ATTRIBUTE_TEMPLATE_GIVEN_NAME, + AttributeConstants.ATTRIBUTE_TEMPLATE_DISPLAY_NAME }, + new AttributeTemplate[] { + AttributeConstants.ATTRIBUTE_TEMPLATE_DATE_OF_BIRTH + }); /** * Organizational Identity for Natural Persons - The “Organizational Identity for Natural Persons” attribute set @@ -86,15 +86,15 @@ public class AttributeSetConstants { *

*/ public static final AttributeSet ATTRIBUTE_SET_ORGANIZATIONAL_IDENTITY_FOR_NATURAL_PERSONS = new AttributeSetImpl( - "ELN-AP-OrgPerson-01", "http://id.elegnamnden.se/ap/1.0/org-person-01", - "Organizational Identity for Natural Persons", - new AttributeTemplate[] { - AttributeConstants.ATTRIBUTE_TEMPLATE_DISPLAY_NAME, - AttributeConstants.ATTRIBUTE_TEMPLATE_ORG_AFFILIATION, - AttributeConstants.ATTRIBUTE_TEMPLATE_O }, - new AttributeTemplate[] { - AttributeConstants.ATTRIBUTE_TEMPLATE_ORGANIZATION_IDENTIFIER - }); + "ELN-AP-OrgPerson-01", "http://id.elegnamnden.se/ap/1.0/org-person-01", + "Organizational Identity for Natural Persons", + new AttributeTemplate[] { + AttributeConstants.ATTRIBUTE_TEMPLATE_DISPLAY_NAME, + AttributeConstants.ATTRIBUTE_TEMPLATE_ORG_AFFILIATION, + AttributeConstants.ATTRIBUTE_TEMPLATE_O }, + new AttributeTemplate[] { + AttributeConstants.ATTRIBUTE_TEMPLATE_ORGANIZATION_IDENTIFIER + }); /** * eIDAS Natural Person Attribute Set - The “eIDAS Natural Person Attribute Set” provides personal identity @@ -105,24 +105,24 @@ public class AttributeSetConstants { *

*/ public static final AttributeSet ATTRIBUTE_SET_EIDAS_NATURAL_PERSON = new AttributeSetImpl( - "ELN-AP-eIDAS-NatPer-01", "http://id.elegnamnden.se/ap/1.0/eidas-natural-person-01", - "eIDAS Natural Person Attribute Set", new AttributeTemplate[] { - AttributeConstants.ATTRIBUTE_TEMPLATE_PRID, - AttributeConstants.ATTRIBUTE_TEMPLATE_PRID_PERSISTENCE, - AttributeConstants.ATTRIBUTE_TEMPLATE_EIDAS_PERSON_IDENTIFIER, - AttributeConstants.ATTRIBUTE_TEMPLATE_DATE_OF_BIRTH, - AttributeConstants.ATTRIBUTE_TEMPLATE_SN, - AttributeConstants.ATTRIBUTE_TEMPLATE_GIVEN_NAME, - AttributeConstants.ATTRIBUTE_TEMPLATE_TRANSACTION_IDENTIFIER, - AttributeConstants.ATTRIBUTE_TEMPLATE_C }, - new AttributeTemplate[] { - AttributeConstants.ATTRIBUTE_TEMPLATE_BIRTH_NAME, - AttributeConstants.ATTRIBUTE_TEMPLATE_PLACE_OF_BIRTH, - AttributeConstants.ATTRIBUTE_TEMPLATE_EIDAS_NATURAL_PERSON_ADDRESS, - AttributeConstants.ATTRIBUTE_TEMPLATE_GENDER, - AttributeConstants.ATTRIBUTE_TEMPLATE_MAPPED_PERSONAL_IDENTITY_NUMBER, - AttributeConstants.ATTRIBUTE_TEMPLATE_PERSONAL_IDENTITY_NUMBER_BINDING - }); + "ELN-AP-eIDAS-NatPer-01", "http://id.elegnamnden.se/ap/1.0/eidas-natural-person-01", + "eIDAS Natural Person Attribute Set", new AttributeTemplate[] { + AttributeConstants.ATTRIBUTE_TEMPLATE_PRID, + AttributeConstants.ATTRIBUTE_TEMPLATE_PRID_PERSISTENCE, + AttributeConstants.ATTRIBUTE_TEMPLATE_EIDAS_PERSON_IDENTIFIER, + AttributeConstants.ATTRIBUTE_TEMPLATE_DATE_OF_BIRTH, + AttributeConstants.ATTRIBUTE_TEMPLATE_SN, + AttributeConstants.ATTRIBUTE_TEMPLATE_GIVEN_NAME, + AttributeConstants.ATTRIBUTE_TEMPLATE_TRANSACTION_IDENTIFIER, + AttributeConstants.ATTRIBUTE_TEMPLATE_C }, + new AttributeTemplate[] { + AttributeConstants.ATTRIBUTE_TEMPLATE_BIRTH_NAME, + AttributeConstants.ATTRIBUTE_TEMPLATE_PLACE_OF_BIRTH, + AttributeConstants.ATTRIBUTE_TEMPLATE_EIDAS_NATURAL_PERSON_ADDRESS, + AttributeConstants.ATTRIBUTE_TEMPLATE_GENDER, + AttributeConstants.ATTRIBUTE_TEMPLATE_MAPPED_PERSONAL_IDENTITY_NUMBER, + AttributeConstants.ATTRIBUTE_TEMPLATE_PERSONAL_IDENTITY_NUMBER_BINDING + }); /* * Hidden constructor. diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeSetImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeSetImpl.java index 0fa01c4..ceec3ff 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeSetImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/attribute/AttributeSetImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -30,7 +30,7 @@ /** * A bean representing an Attribute Set as defined in Attribute Specification for the Swedish eID Framework. - * + * * @author Martin Lindström (martin@idsec.se) */ public class AttributeSetImpl implements AttributeSet { @@ -63,19 +63,14 @@ public AttributeSetImpl() { /** * A constructor setting all properties of this bean. - * - * @param identifier - * the unique profile identifier - * @param uri - * the unique profile URI - * @param friendlyName - * the "friendly name" of the attribute set - * @param requiredAttributes - * the required attributes for this attribute set - * @param recommendedAttributes - * the recommended attributes for this attribute set + * + * @param identifier the unique profile identifier + * @param uri the unique profile URI + * @param friendlyName the "friendly name" of the attribute set + * @param requiredAttributes the required attributes for this attribute set + * @param recommendedAttributes the recommended attributes for this attribute set */ - public AttributeSetImpl(final String identifier, final String uri, final String friendlyName, + public AttributeSetImpl(final String identifier, final String uri, final String friendlyName, final AttributeTemplate[] requiredAttributes, final AttributeTemplate[] recommendedAttributes) { this.setIdentifier(identifier); this.setUri(uri); @@ -88,29 +83,31 @@ public AttributeSetImpl(final String identifier, final String uri, final String * {@inheritDoc} */ @Override - public void validateAttributes(final Assertion assertion, final List explicitlyRequestedAttributes) + public void validateAttributes(final Assertion assertion, + final List explicitlyRequestedAttributes) throws AttributesValidationException { logger.trace("Validating the attributes from assertion '{}' against attribute set '{}' ({}) ...", - assertion.getID(), this.identifier, this.uri); + assertion.getID(), this.identifier, this.uri); List attributes = assertion.getAttributeStatements().get(0).getAttributes(); // Make sure that all attributes required by the attribute set was received in the assertion. // for (AttributeTemplate requiredAttribute : this.requiredAttributes) { - Optional found = attributes.stream().filter(a -> requiredAttribute.getName().equals(a.getName())).findFirst(); + Optional found = + attributes.stream().filter(a -> requiredAttribute.getName().equals(a.getName())).findFirst(); if (!found.isPresent()) { String msg = String.format( - "Attribute '%s' (%s) is required according to the attribute set '%s' (%s) but is not included in assertion '%s'", - requiredAttribute.getName(), requiredAttribute.getFriendlyName(), this.identifier, this.uri, - assertion.getID()); + "Attribute '%s' (%s) is required according to the attribute set '%s' (%s) but is not included in assertion '%s'", + requiredAttribute.getName(), requiredAttribute.getFriendlyName(), this.identifier, this.uri, + assertion.getID()); logger.error(msg); throw new AttributesValidationException(msg); } } logger.debug("All requested attributes according to attribute profile '{}' ({}) was received in assertion '{}'", - this.identifier, this.uri, assertion.getID()); + this.identifier, this.uri, assertion.getID()); // Next, check that all requested attributes are there. // @@ -120,15 +117,15 @@ public void validateAttributes(final Assertion assertion, final List * {@code * @@ -37,7 +37,7 @@ * * } * - * + * * @author Martin Lindström (martin@idsec.se) */ public interface MatchValue extends XSString, SAMLObject, AttributeExtensibleXMLObject { @@ -62,31 +62,29 @@ public interface MatchValue extends XSString, SAMLObject, AttributeExtensibleXML /** * Returns the {@code NameFormat} attribute. - * + * * @return the name format attribute */ String getNameFormat(); /** * Assigns the {@code NameFormat} attribute. - * - * @param nameFormat - * the name format + * + * @param nameFormat the name format */ void setNameFormat(final String nameFormat); /** * Returns the {@code Name} attribute. - * + * * @return the name */ String getName(); /** * Assigns the {@code Name} attribute. - * - * @param name - * the name + * + * @param name the name */ void setName(final String name); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PrincipalSelection.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PrincipalSelection.java index d11ecd3..fed5eac 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PrincipalSelection.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PrincipalSelection.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,11 +23,11 @@ /** * Definition for the {@code PrincipalSelection} type: - * + * * 
  * {@code
  * 
- * 
+ *
  * 
  *   
  *     
@@ -35,7 +35,7 @@
  * 
  * }
  *
- * + * * @author Martin Lindström (martin@idsec.se) */ public interface PrincipalSelection extends SAMLObject { @@ -57,7 +57,7 @@ public interface PrincipalSelection extends SAMLObject { /** * Returns a reference to the list of match values. - * + * * @return a list of match values */ List getMatchValues(); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PscConstants.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PscConstants.java index b275f47..49b0ca7 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PscConstants.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PscConstants.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,16 +17,16 @@ /** * Defines constants for the "Principal Selection in SAML Authentication Requests" specification. - * + * * @author Martin Lindström (martin@idsec.se) */ public class PscConstants { - + /** Namespace prefix for the PSC (Principal Selection Criteria) namespace. */ public static final String PSC_NS_PREFIX = "psc"; - + /** The namespace for the Principal Selection Criteria schema. */ - public static final String PSC_NS = "http://id.swedenconnect.se/authn/1.0/principal-selection/ns"; + public static final String PSC_NS = "http://id.swedenconnect.se/authn/1.0/principal-selection/ns"; private PscConstants() { } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/RequestedPrincipalSelection.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/RequestedPrincipalSelection.java index 314eb87..ad97738 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/RequestedPrincipalSelection.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/RequestedPrincipalSelection.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,11 +19,11 @@ /** * Definition for the {@code RequestedPrincipalSelection} type: - * + * * 
  * {@code
  * 
- * 
+ *
  * 
  *   
  *     
@@ -31,7 +31,7 @@
  * 
  * }
  *
- * + * * @author Martin Lindström (martin@idsec.se) */ public interface RequestedPrincipalSelection extends PrincipalSelection { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/MatchValueBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/MatchValueBuilder.java index ff4cdae..c68ea8c 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/MatchValueBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/MatchValueBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,14 +20,14 @@ /** * A builder for {@link MatchValue} objects. - * + * * @author Martin Lindström (martin@idsec.se) */ public class MatchValueBuilder extends AbstractSAMLObjectBuilder { /** * Creates a new {@code MatchValueBuilder} instance. - * + * * @return a MatchValueBuilder instance */ public static MatchValueBuilder builder() { @@ -42,9 +42,8 @@ protected Class getObjectType() { /** * Assigns the value. - * - * @param value - * the value + * + * @param value the value * @return the builder */ public MatchValueBuilder value(final String value) { @@ -54,9 +53,8 @@ public MatchValueBuilder value(final String value) { /** * Assigns the {@code Name} attribute of the {@code MatchValue} object. - * - * @param name - * the name + * + * @param name the name * @return the builder */ public MatchValueBuilder name(final String name) { @@ -66,9 +64,8 @@ public MatchValueBuilder name(final String name) { /** * Assigns the {@code NameFormat} attribute of the {@code MatchValue} object. - * - * @param nameFormat - * the name format URI + * + * @param nameFormat the name format URI * @return the builder */ public MatchValueBuilder nameFormat(final String nameFormat) { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/PrincipalSelectionBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/PrincipalSelectionBuilder.java index f498fd8..4299d6e 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/PrincipalSelectionBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/PrincipalSelectionBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,14 +29,14 @@ /** * A builder for {@link PrincipalSelection} objects. - * + * * @author Martin Lindström (martin@idsec.se) */ public class PrincipalSelectionBuilder extends AbstractSAMLObjectBuilder { /** * Creates a new {@code PrincipalSelectionBuilder} instance. - * + * * @return a PrincipalSelectionBuilder instance */ public static PrincipalSelectionBuilder builder() { @@ -51,9 +51,8 @@ protected Class getObjectType() { /** * Assigns the match values. - * - * @param matchValues - * a list of match values + * + * @param matchValues a list of match values * @return the builder */ public PrincipalSelectionBuilder matchValues(final List matchValues) { @@ -74,9 +73,8 @@ public PrincipalSelectionBuilder matchValues(final List matchValues) /** * Assigns the match values. - * - * @param matchValues - * the match values + * + * @param matchValues the match values * @return the builder */ public PrincipalSelectionBuilder matchValues(final MatchValue... matchValues) { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/RequestedPrincipalSelectionBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/RequestedPrincipalSelectionBuilder.java index 54ad0cc..b6aaa6f 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/RequestedPrincipalSelectionBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/build/RequestedPrincipalSelectionBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,14 +29,14 @@ /** * A builder for {@link RequestedPrincipalSelection} objects. - * + * * @author Martin Lindström (martin@idsec.se) */ public class RequestedPrincipalSelectionBuilder extends AbstractSAMLObjectBuilder { /** * Creates a new {@code RequestedPrincipalSelectionBuilder} instance. - * + * * @return a RequestedPrincipalSelectionBuilder instance */ public static RequestedPrincipalSelectionBuilder builder() { @@ -51,9 +51,8 @@ protected Class getObjectType() { /** * Assigns the match values. - * - * @param matchValues - * a list of match values + * + * @param matchValues a list of match values * @return the builder */ public RequestedPrincipalSelectionBuilder matchValues(final List matchValues) { @@ -74,9 +73,8 @@ public RequestedPrincipalSelectionBuilder matchValues(final List mat /** * Assigns the match values. - * - * @param matchValues - * the match values + * + * @param matchValues the match values * @return the builder */ public RequestedPrincipalSelectionBuilder matchValues(final MatchValue... matchValues) { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueBuilder.java index 0ce13fd..7f8d8ef 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ /** * A builder for {@link MatchValue} objects. - * + * * @author Martin Lindström (martin@idsec.se) */ public class MatchValueBuilder extends AbstractSAMLObjectBuilder { @@ -30,7 +30,7 @@ public class MatchValueBuilder extends AbstractSAMLObjectBuilder { @Override public MatchValue buildObject() { return this.buildObject(MatchValue.DEFAULT_ELEMENT_NAME.getNamespaceURI(), MatchValue.DEFAULT_ELEMENT_LOCAL_NAME, - MatchValue.DEFAULT_ELEMENT_NAME.getPrefix()); + MatchValue.DEFAULT_ELEMENT_NAME.getPrefix()); } /** {@inheritDoc} */ diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueImpl.java index 1c1d6d0..32bed85 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,30 +22,27 @@ /** * Implementation class for {@link MatchValue}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class MatchValueImpl extends XSStringImpl implements MatchValue { - + /** The NameFormat attribute. */ private String nameFormat; - + /** The Name attribute. */ private String name; - + /** "anyAttribute" attributes */ private final AttributeMap unknownAttributes; /** * Constructor. - * - * @param namespaceURI - * the namespace the element is in - * @param elementLocalName - * the local name of the XML element this Object represents - * @param namespacePrefix - * the prefix for the given namespace - */ + * + * @param namespaceURI the namespace the element is in + * @param elementLocalName the local name of the XML element this Object represents + * @param namespacePrefix the prefix for the given namespace + */ public MatchValueImpl(final String namespaceURI, final String elementLocalName, final String namespacePrefix) { super(namespaceURI, elementLocalName, namespacePrefix); this.unknownAttributes = new AttributeMap(this); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueMarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueMarshaller.java index 7959bdd..26d064a 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueMarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueMarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,7 +24,7 @@ /** * A marshaller for {@link MatchValue}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class MatchValueMarshaller extends XSStringMarshaller { @@ -32,7 +32,7 @@ public class MatchValueMarshaller extends XSStringMarshaller { /** {@inheritDoc} */ @Override protected void marshallAttributes(final XMLObject xmlObject, final Element domElement) throws MarshallingException { - + final MatchValue mv = (MatchValue) xmlObject; if (mv.getNameFormat() != null) { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueUnmarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueUnmarshaller.java index 3d816f0..9018224 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueUnmarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/MatchValueUnmarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,14 +24,14 @@ /** * Unmarshaller for {@link MatchValue}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class MatchValueUnmarshaller extends XSStringUnmarshaller { /** {@inheritDoc} */ @Override - protected void processAttribute(final XMLObject xmlObject, final Attr attribute) throws UnmarshallingException { + protected void processAttribute(final XMLObject xmlObject, final Attr attribute) throws UnmarshallingException { final MatchValue mv = (MatchValue) xmlObject; if (MatchValue.NAME_FORMAT_ATTR_NAME.equalsIgnoreCase(attribute.getLocalName())) { mv.setNameFormat(attribute.getValue()); @@ -43,5 +43,5 @@ else if (MatchValue.NAME_ATTR_NAME.equalsIgnoreCase(attribute.getLocalName())) { this.processUnknownAttribute(mv, attribute); } } - + } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionBuilder.java index 81444c3..45d5eea 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ /** * Builder for {@code PrincipalSelection} objects. - * + * * @author Martin Lindström (martin@idsec.se) */ public class PrincipalSelectionBuilder extends AbstractSAMLObjectBuilder { @@ -29,13 +29,14 @@ public class PrincipalSelectionBuilder extends AbstractSAMLObjectBuilder matchValues; + private final XMLObjectChildrenList matchValues; /** * Constructor. - * - * @param namespaceURI - * the namespace the element is in - * @param elementLocalName - * the local name of the XML element this Object represents - * @param namespacePrefix - * the prefix for the given namespace - */ - protected PrincipalSelectionImpl(final String namespaceURI, final String elementLocalName, final String namespacePrefix) { + * + * @param namespaceURI the namespace the element is in + * @param elementLocalName the local name of the XML element this Object represents + * @param namespacePrefix the prefix for the given namespace + */ + protected PrincipalSelectionImpl(final String namespaceURI, final String elementLocalName, + final String namespacePrefix) { super(namespaceURI, elementLocalName, namespacePrefix); this.matchValues = new XMLObjectChildrenList<>(this); } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionMarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionMarshaller.java index 0ccff18..541b69d 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionMarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionMarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ /** * A marshaller for {@link PrincipalSelection}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class PrincipalSelectionMarshaller extends AbstractSAMLObjectMarshaller { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionUnmarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionUnmarshaller.java index 281745d..d2931b7 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionUnmarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/PrincipalSelectionUnmarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,14 +24,15 @@ /** * An unmarshaller for {@link PrincipalSelection}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class PrincipalSelectionUnmarshaller extends AbstractSAMLObjectUnmarshaller { /** {@inheritDoc} */ @Override - protected void processChildElement(final XMLObject parentXMLObject, final XMLObject childXMLObject) throws UnmarshallingException { + protected void processChildElement(final XMLObject parentXMLObject, final XMLObject childXMLObject) + throws UnmarshallingException { final PrincipalSelection ps = (PrincipalSelection) parentXMLObject; if (childXMLObject instanceof MatchValue) { ps.getMatchValues().add((MatchValue) childXMLObject); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/RequestedPrincipalSelectionBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/RequestedPrincipalSelectionBuilder.java index c3bb4ca..9fb7889 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/RequestedPrincipalSelectionBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/RequestedPrincipalSelectionBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ /** * Builder for {@code RequestedPrincipalSelection} objects. - * + * * @author Martin Lindström (martin@idsec.se) */ public class RequestedPrincipalSelectionBuilder extends AbstractSAMLObjectBuilder { @@ -30,13 +30,14 @@ public class RequestedPrincipalSelectionBuilder extends AbstractSAMLObjectBuilde /** {@inheritDoc} */ @Override public RequestedPrincipalSelection buildObject() { - return this.buildObject(PrincipalSelection.DEFAULT_ELEMENT_NAME.getNamespaceURI(), - PrincipalSelection.DEFAULT_ELEMENT_LOCAL_NAME, PrincipalSelection.DEFAULT_ELEMENT_NAME.getPrefix()); + return this.buildObject(PrincipalSelection.DEFAULT_ELEMENT_NAME.getNamespaceURI(), + PrincipalSelection.DEFAULT_ELEMENT_LOCAL_NAME, PrincipalSelection.DEFAULT_ELEMENT_NAME.getPrefix()); } /** {@inheritDoc} */ @Override - public RequestedPrincipalSelection buildObject(final String namespaceURI, final String localName, final String namespacePrefix) { + public RequestedPrincipalSelection buildObject(final String namespaceURI, final String localName, + final String namespacePrefix) { return new RequestedPrincipalSelectionImpl(namespaceURI, localName, namespacePrefix); } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/RequestedPrincipalSelectionImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/RequestedPrincipalSelectionImpl.java index 33f81a8..71d2274 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/RequestedPrincipalSelectionImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/impl/RequestedPrincipalSelectionImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,22 +19,20 @@ /** * Implementation class for the {@link RequestedPrincipalSelection} interface. - * + * * @author Martin Lindström (martin@idsec.se) */ public class RequestedPrincipalSelectionImpl extends PrincipalSelectionImpl implements RequestedPrincipalSelection { /** * Constructor. - * - * @param namespaceURI - * the namespace the element is in - * @param elementLocalName - * the local name of the XML element this Object represents - * @param namespacePrefix - * the prefix for the given namespace + * + * @param namespaceURI the namespace the element is in + * @param elementLocalName the local name of the XML element this Object represents + * @param namespacePrefix the prefix for the given namespace */ - protected RequestedPrincipalSelectionImpl(final String namespaceURI, final String elementLocalName, final String namespacePrefix) { + protected RequestedPrincipalSelectionImpl(final String namespaceURI, final String elementLocalName, + final String namespacePrefix) { super(namespaceURI, elementLocalName, namespacePrefix); } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/discovery/SwedishEidDiscoveryMatchingRules.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/discovery/SwedishEidDiscoveryMatchingRules.java index 4c1c630..d3608fd 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/discovery/SwedishEidDiscoveryMatchingRules.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/discovery/SwedishEidDiscoveryMatchingRules.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,7 +27,7 @@ * A class that implements the Discovery matching rules described in section 1.3 and 1.4 in Entity * Categories for the Swedish eID Framework. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SwedishEidDiscoveryMatchingRules { @@ -41,9 +41,8 @@ public class SwedishEidDiscoveryMatchingRules { *

* The algorithm is defined in section 1.4 of Entity - * Categories for the Swedish eID Framework. - * The discovery process SHOULD display Identity Providers as a plausible choice, if and only if, the following - * conditions apply; + * Categories for the Swedish eID Framework. The discovery process SHOULD display Identity Providers as a + * plausible choice, if and only if, the following conditions apply; *

*
    *
  • the Identity Provider declares at least of the Service Entity Category identifiers declared by the Service @@ -51,13 +50,11 @@ public class SwedishEidDiscoveryMatchingRules { *
  • f the Identity Provider declares at least one Service Contract identifier, the Service Provider must declare at * least one of declared identifiers ({@link #isServiceContractMatch(Collection, Collection)}), and,
    • *
  • all of the Service Property identifiers declared by the Service Provider must be declared by the Identity - * Provider ({@link #isServicePropertyMatch(Collection, Collection)}).
    • - *
- * - * @param consumingService - * the entity categories declared by the consuming service (SP) - * @param providingService - * the entity categories declared by the providing service (IdP) + * Provider ({@link #isServicePropertyMatch(Collection, Collection)}). + * + * + * @param consumingService the entity categories declared by the consuming service (SP) + * @param providingService the entity categories declared by the providing service (IdP) * @return true if the above algorithm evaluates to {@code true} and {@code false} otherwise * @see #isServiceEntityMatch(Collection, Collection) * @see #isServiceContractMatch(Collection, Collection) @@ -91,31 +88,31 @@ public static boolean isMatch(final Collection consumingService, final C * service. This is the first condition (out of three) of the algorithm defined in section 1.4 of Entity * Categories for the Swedish eID Framework. - * - * @param consumingService - * the entity categories declared by the consuming service (SP) - * @param providingService - * the entity categories declared by the providing service (IdP) + * + * @param consumingService the entity categories declared by the consuming service (SP) + * @param providingService the entity categories declared by the providing service (IdP) * @return {@code true} if the providing service declares at least one of the service entity categories declared by - * the consuming service and {@code false} otherwise + * the consuming service and {@code false} otherwise */ - public static boolean isServiceEntityMatch(final Collection consumingService, final Collection providingService) { + public static boolean isServiceEntityMatch(final Collection consumingService, + final Collection providingService) { final Collection csServiceEntityCategories = consumingService.stream() - .filter(c -> EntityCategoryType.isType(c, EntityCategoryType.SERVICE_ENTITY)) - .collect(Collectors.toList()); + .filter(c -> EntityCategoryType.isType(c, EntityCategoryType.SERVICE_ENTITY)) + .collect(Collectors.toList()); if (!csServiceEntityCategories.isEmpty()) { final String matchingServiceEntityCategory = csServiceEntityCategories.stream() - .filter(c -> providingService.contains(c)) - .findFirst() - .orElse(null); + .filter(c -> providingService.contains(c)) + .findFirst() + .orElse(null); if (matchingServiceEntityCategory == null) { log.debug( - "The providing service did not declare any of the service entity categories declared by the consuming service ({}) -> no match", - csServiceEntityCategories); + "The providing service did not declare any of the service entity categories declared by the consuming service ({}) -> no match", + csServiceEntityCategories); return false; } - log.debug("Consuming service declared {} which is also declared by providing service -> service entity category match", - matchingServiceEntityCategory); + log.debug( + "Consuming service declared {} which is also declared by providing service -> service entity category match", + matchingServiceEntityCategory); } else { log.debug("No Service entity entity categories declared by the consuming service -> match"); @@ -128,31 +125,30 @@ public static boolean isServiceEntityMatch(final Collection consumingSer * providing service. This is the second condition (out of threee) of the algorithm defined in section 1.4 of Entity * Categories for the Swedish eID Framework. - * - * @param consumingService - * the entity categories declared by the consuming service (SP) - * @param providingService - * the entity categories declared by the providing service (IdP) + * + * @param consumingService the entity categories declared by the consuming service (SP) + * @param providingService the entity categories declared by the providing service (IdP) * @return if the providing service declares at least one service contract category and the consuming service declares - * at least one of those declared identifiers {@code true} is returned + * at least one of those declared identifiers {@code true} is returned */ - public static boolean isServiceContractMatch(final Collection consumingService, final Collection providingService) { + public static boolean isServiceContractMatch(final Collection consumingService, + final Collection providingService) { final Collection psServiceContractCategories = providingService.stream() - .filter(c -> EntityCategoryType.isType(c, EntityCategoryType.SERVICE_CONTRACT)) - .collect(Collectors.toList()); + .filter(c -> EntityCategoryType.isType(c, EntityCategoryType.SERVICE_CONTRACT)) + .collect(Collectors.toList()); if (!psServiceContractCategories.isEmpty()) { final String matchingServiceContractCategory = psServiceContractCategories.stream() - .filter(c -> consumingService.contains(c)) - .findFirst() - .orElse(null); + .filter(c -> consumingService.contains(c)) + .findFirst() + .orElse(null); if (matchingServiceContractCategory == null) { log.debug( - "The providing service declared service contract category/categories {}. The consuming service did not declare any of these -> no match", - psServiceContractCategories); + "The providing service declared service contract category/categories {}. The consuming service did not declare any of these -> no match", + psServiceContractCategories); return false; } log.debug("Providing service declared {} which is also declared by consuming service -> service contract match", - matchingServiceContractCategory); + matchingServiceContractCategory); } else { log.debug("No service contract categories defined by providing service -> match"); @@ -165,28 +161,27 @@ public static boolean isServiceContractMatch(final Collection consumingS * providing service. This is the third condition (out of threee) of the algorithm defined in section 1.4 of Entity * Categories for the Swedish eID Framework. - * - * @param consumingService - * the entity categories declared by the consuming service (SP) - * @param providingService - * the entity categories declared by the providing service (IdP) + * + * @param consumingService the entity categories declared by the consuming service (SP) + * @param providingService the entity categories declared by the providing service (IdP) * @return if all of the Service Property identifiers declared by the consuming service is declared by the providing - * service {@code true} is returned + * service {@code true} is returned */ - public static boolean isServicePropertyMatch(final Collection consumingService, final Collection providingService) { + public static boolean isServicePropertyMatch(final Collection consumingService, + final Collection providingService) { final Collection csServicePropertyCategories = consumingService.stream() - .filter(c -> EntityCategoryType.isType(c, EntityCategoryType.SERVICE_PROPERTY)) - .collect(Collectors.toList()); + .filter(c -> EntityCategoryType.isType(c, EntityCategoryType.SERVICE_PROPERTY)) + .collect(Collectors.toList()); if (!csServicePropertyCategories.isEmpty()) { if (!csServicePropertyCategories.stream().allMatch(c -> providingService.contains(c))) { log.debug( - "Consuming service declared the service property category/categories {} - Not all are defined by providing service -> no match", - csServicePropertyCategories); + "Consuming service declared the service property category/categories {} - Not all are defined by providing service -> no match", + csServicePropertyCategories); return false; } log.debug( - "Consuming service declared the category/categories {} which are also declared by providing service -> service property match", - csServicePropertyCategories); + "Consuming service declared the category/categories {} which are also declared by providing service -> service property match", + csServicePropertyCategories); } else { log.debug("No service property categories defined by consuming service -> match"); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategory.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategory.java index dcf7584..8696a74 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategory.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategory.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,21 +19,21 @@ /** * Represents an Entity Category according to the Swedish eID Framework. - * + * * @author Martin Lindström (martin@idsec.se) */ public interface EntityCategory extends Serializable { /** * Each entity category is assigned an unique URI. This method returns this value. - * + * * @return the entity category URI */ String getUri(); /** * Returns the type of entity category. - * + * * @return the type of entity category */ EntityCategoryType getType(); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryConstants.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryConstants.java index ffd4ec0..e5bfc2f 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryConstants.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryConstants.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ /** * Represents the Entity Categories defined by the Swedish eID Framework. - * + * * @author Martin Lindström (martin@idsec.se) */ public class EntityCategoryConstants { @@ -50,135 +50,142 @@ public class EntityCategoryConstants { * attribute set "Natural Personal Identity with Civic Registration Number". */ public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_LOA2_PNR = new ServiceEntityCategoryImpl( - SERVICE_ENTITY_CATEGORY_PREFIX + "1.0/loa2-pnr", - Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA2, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA2), - AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_WITH_PERSONAL_ID); + SERVICE_ENTITY_CATEGORY_PREFIX + "1.0/loa2-pnr", + Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA2, + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA2), + AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_WITH_PERSONAL_ID); /** * Service entity category: User authentication according to assurance level 3 and attribute release according to the * attribute set "Natural Personal Identity with Civic Registration Number". */ public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_LOA3_PNR = new ServiceEntityCategoryImpl( - SERVICE_ENTITY_CATEGORY_PREFIX + "1.0/loa3-pnr", - Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA3), - AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_WITH_PERSONAL_ID); + SERVICE_ENTITY_CATEGORY_PREFIX + "1.0/loa3-pnr", + Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA3), + AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_WITH_PERSONAL_ID); /** * Service entity category: User authentication according to assurance level 4 and attribute release according to the * attribute set "Natural Personal Identity with Civic Registration Number". */ public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_LOA4_PNR = new ServiceEntityCategoryImpl( - SERVICE_ENTITY_CATEGORY_PREFIX + "1.0/loa4-pnr", Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4), - AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_WITH_PERSONAL_ID); + SERVICE_ENTITY_CATEGORY_PREFIX + "1.0/loa4-pnr", Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4), + AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_WITH_PERSONAL_ID); /** * Service entity category: For asserting a Swedish identity to a foreign service provider via the Swedish eIDAS Proxy * Service. This entity category MUST NOT be set by any entity other than Identity Provider providing identity * assertions to the Swedish eIDAS Proxy Service and by the Swedish eIDAS Proxy Service itself. - * + * * Note that the Identity Providers release attributes according to the "Natural Personal Identity with Civic * Registration Number" attribute set. It is the responsibility of the Swedish eIDAS Proxy Service to transform these * attributes into eIDAS attributes. */ public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_EIDAS_PNR_DELIVERY = new ServiceEntityCategoryImpl( - SERVICE_ENTITY_CATEGORY_PREFIX + "1.0/eidas-pnr-delivery", null, - AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_WITH_PERSONAL_ID); + SERVICE_ENTITY_CATEGORY_PREFIX + "1.0/eidas-pnr-delivery", null, + AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_WITH_PERSONAL_ID); /** * Service entity category: User authentication according to any of the eIDAS assurance levels and attribute release * according to "eIDAS Natural Person Attribute Set". */ - public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_EIDAS_NATURAL_PERSON = new ServiceEntityCategoryImpl( - SERVICE_ENTITY_CATEGORY_PREFIX + "1.0/eidas-naturalperson", null, - AttributeSetConstants.ATTRIBUTE_SET_EIDAS_NATURAL_PERSON); + public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_EIDAS_NATURAL_PERSON = + new ServiceEntityCategoryImpl( + SERVICE_ENTITY_CATEGORY_PREFIX + "1.0/eidas-naturalperson", null, + AttributeSetConstants.ATTRIBUTE_SET_EIDAS_NATURAL_PERSON); /** * Service entity category: User authentication according to LoA 2 and attributes release according to "Organizational * Identity for Natural Persons" (http://id.elegnamnden.se/ap/1.0/org-person-01). */ public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_LOA2_ORGID = new ServiceEntityCategoryImpl( - SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa2-orgid", Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA2, - LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA2, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA2_NONRESIDENT), - AttributeSetConstants.ATTRIBUTE_SET_ORGANIZATIONAL_IDENTITY_FOR_NATURAL_PERSONS); + SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa2-orgid", Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA2, + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA2, + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA2_NONRESIDENT), + AttributeSetConstants.ATTRIBUTE_SET_ORGANIZATIONAL_IDENTITY_FOR_NATURAL_PERSONS); /** * Service entity category: User authentication according to LoA 3 and attributes release according to "Organizational * Identity for Natural Persons" (http://id.elegnamnden.se/ap/1.0/org-person-01). */ public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_LOA3_ORGID = new ServiceEntityCategoryImpl( - SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa3-orgid", Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, - LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA3, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3_NONRESIDENT), - AttributeSetConstants.ATTRIBUTE_SET_ORGANIZATIONAL_IDENTITY_FOR_NATURAL_PERSONS); + SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa3-orgid", Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA3, + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3_NONRESIDENT), + AttributeSetConstants.ATTRIBUTE_SET_ORGANIZATIONAL_IDENTITY_FOR_NATURAL_PERSONS); /** * Service entity category: User authentication according to LoA 4 and attributes release according to "Organizational * Identity for Natural Persons" (http://id.elegnamnden.se/ap/1.0/org-person-01). */ public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_LOA4_ORGID = new ServiceEntityCategoryImpl( - SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa4-orgid", Arrays.asList( - LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4_NONRESIDENT), - AttributeSetConstants.ATTRIBUTE_SET_ORGANIZATIONAL_IDENTITY_FOR_NATURAL_PERSONS); + SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa4-orgid", Arrays.asList( + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4_NONRESIDENT), + AttributeSetConstants.ATTRIBUTE_SET_ORGANIZATIONAL_IDENTITY_FOR_NATURAL_PERSONS); /** * Service entity category: User authentication according to LoA 2 and attributes release according to "Natural * Personal Identity without Civic Registration Number" (http://id.elegnamnden.se/ap/1.0/natural-person-01). */ public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_LOA2_NAME = new ServiceEntityCategoryImpl( - SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa2-name", Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA2, - LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA2, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA2_NONRESIDENT), - AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_NO_PERSONAL_ID); + SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa2-name", Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA2, + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA2, + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA2_NONRESIDENT), + AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_NO_PERSONAL_ID); /** * Service entity category: User authentication according to LoA 3 and attributes release according to "Natural * Personal Identity without Civic Registration Number" (http://id.elegnamnden.se/ap/1.0/natural-person-01). */ public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_LOA3_NAME = new ServiceEntityCategoryImpl( - SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa3-name", Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, - LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA3, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3_NONRESIDENT), - AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_NO_PERSONAL_ID); + SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa3-name", Arrays.asList(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_UNCERTIFIED_LOA3, + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3_NONRESIDENT), + AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_NO_PERSONAL_ID); /** * Service entity category: User authentication according to LoA 4 and attributes release according to "Natural * Personal Identity without Civic Registration Number" (http://id.elegnamnden.se/ap/1.0/natural-person-01). */ public static final ServiceEntityCategory SERVICE_ENTITY_CATEGORY_LOA4_NAME = new ServiceEntityCategoryImpl( - SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa4-name", Arrays.asList( - LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4_NONRESIDENT), - AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_NO_PERSONAL_ID); + SERVICE_ENTITY_CATEGORY_PREFIX_SC + "1.0/loa4-name", Arrays.asList( + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4_NONRESIDENT), + AttributeSetConstants.ATTRIBUTE_SET_NATURAL_PERSON_NO_PERSONAL_ID); /** * Service property category: For a providing service, i.e. an Identity Provider, inclusion of the mobile-auth * category states that the Identity Provider supports authentication using mobile devices, and that the end-user * interface of the Identity Provider is adapted for mobile clients. - * + * * Note that an Identity Provider may of course support authentication for both desktop and mobile users. In these * cases the service must be able to display end user interfaces for both types of clients. */ public static final EntityCategory SERVICE_PROPERTY_CATEGORY_MOBILE_AUTH = new EntityCategoryImpl( - SERVICE_PROPERTY_CATEGORY_PREFIX + "1.0/mobile-auth", EntityCategoryType.SERVICE_PROPERTY); + SERVICE_PROPERTY_CATEGORY_PREFIX + "1.0/mobile-auth", EntityCategoryType.SERVICE_PROPERTY); /** * Service property category: A service property declaring that the service is adapted to support Sole Control * Assurance Level 2 (SCAL2) in accordance with the "Signature Activation Protocol for Federated Signing" * specification. - * + * * For a providing service, i.e. an Identity Provider, inclusion of the scal2 service property states that the * Identity Provider will return a "SAD" in response to a {@code SADRequest} in an authentication requests from a * signing service. - * + * * For consuming services, Signature Services MAY include this service property if all authentication requests from * the particular Signature Service include a {@code SADRequest} extension. A Service Provider that is not declared as * a Signature Service MUST NOT include this service property in its metadata. */ public static final EntityCategory SERVICE_PROPERTY_CATEGORY_SCAL2 = new EntityCategoryImpl( - SERVICE_PROPERTY_CATEGORY_PREFIX + "1.0/scal2", EntityCategoryType.SERVICE_PROPERTY); + SERVICE_PROPERTY_CATEGORY_PREFIX + "1.0/scal2", EntityCategoryType.SERVICE_PROPERTY); /** * Service type category: A service type for a Service Provider that provides electronic signature services within the * Swedish eID framework. */ public static final EntityCategory SERVICE_TYPE_CATEGORY_SIGSERVICE = new EntityCategoryImpl( - SERVICE_TYPE_CATEGORY_PREFIX + "1.0/sigservice", EntityCategoryType.SERVICE_TYPE); + SERVICE_TYPE_CATEGORY_PREFIX + "1.0/sigservice", EntityCategoryType.SERVICE_TYPE); /** * Service type category: A service type that indicates that an Service Provider is a "public sector" SP. This @@ -186,7 +193,7 @@ public class EntityCategoryConstants { * eIDAS connector may include this information in the eIDAS authentication request. */ public static final EntityCategory SERVICE_TYPE_CATEGORY_PUBLIC_SECTOR_SP = new EntityCategoryImpl( - SERVICE_TYPE_CATEGORY_PREFIX + "1.0/public-sector-sp", EntityCategoryType.SERVICE_TYPE); + SERVICE_TYPE_CATEGORY_PREFIX + "1.0/public-sector-sp", EntityCategoryType.SERVICE_TYPE); /** * Service type category: A service type that indicates that an Service Provider is a "private sector" SP. This @@ -194,34 +201,34 @@ public class EntityCategoryConstants { * eIDAS connector may include this information in the eIDAS authentication request. */ public static final EntityCategory SERVICE_TYPE_CATEGORY_PRIVATE_SECTOR_SP = new EntityCategoryImpl( - SERVICE_TYPE_CATEGORY_PREFIX + "1.0/private-sector-sp", EntityCategoryType.SERVICE_TYPE); + SERVICE_TYPE_CATEGORY_PREFIX + "1.0/private-sector-sp", EntityCategoryType.SERVICE_TYPE); /** * Service contract category: A service contract type that indicates that the holder has signed the Sweden Connect * federation contract. */ public static final EntityCategory SERVICE_CONTRACT_CATEGORY_SWEDEN_CONNECT = new EntityCategoryImpl( - SERVICE_CONTRACT_CATEGORY_PREFIX + "sc/sweden-connect", EntityCategoryType.SERVICE_CONTRACT); + SERVICE_CONTRACT_CATEGORY_PREFIX + "sc/sweden-connect", EntityCategoryType.SERVICE_CONTRACT); /** * Service contract category: A service contract type that indicates that the holder has signed the "eID system of * choice 2017" (Valfrihetssystem 2017) contract. */ public static final EntityCategory SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017 = new EntityCategoryImpl( - SERVICE_CONTRACT_CATEGORY_PREFIX + "sc/eid-choice-2017", EntityCategoryType.SERVICE_CONTRACT); + SERVICE_CONTRACT_CATEGORY_PREFIX + "sc/eid-choice-2017", EntityCategoryType.SERVICE_CONTRACT); /** * General category: A category that indicates that secure authenticator binding is requested (SP) or is supported * (IdP). */ public static final EntityCategory GENERAL_CATEGORY_SECURE_AUTHENTICATOR_BINDING = new EntityCategoryImpl( - GENERAL_CATEGORY_PREFIX + "1.0/secure-authenticator-binding", EntityCategoryType.GENERAL); + GENERAL_CATEGORY_PREFIX + "1.0/secure-authenticator-binding", EntityCategoryType.GENERAL); /** * General category: A category that indicates that the SP accepts a Swedish coordination number. */ public static final EntityCategory GENERAL_CATEGORY_ACCEPTS_COORDINATION_NUMBER = new EntityCategoryImpl( - GENERAL_CATEGORY_PREFIX + "1.0/accepts-coordination-number", EntityCategoryType.GENERAL); + GENERAL_CATEGORY_PREFIX + "1.0/accepts-coordination-number", EntityCategoryType.GENERAL); /* * Hidden. diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryImpl.java index 630e9e1..d63251c 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,14 +15,16 @@ */ package se.swedenconnect.opensaml.sweid.saml2.metadata.entitycategory; +import se.swedenconnect.opensaml.sweid.LibraryVersion; + /** * Implementation of the {@link EntityCategory} interface. - * + * * @author Martin Lindström (martin@idsec.se) */ public class EntityCategoryImpl implements EntityCategory { - private static final long serialVersionUID = 7370276371052265483L; + private static final long serialVersionUID = LibraryVersion.SERIAL_VERSION_UID; /** The unique URI for this category. */ protected String uri; @@ -38,11 +40,9 @@ public EntityCategoryImpl() { /** * Constructor assigning the unique URI and the category type. - * - * @param uri - * the URI - * @param type - * the type + * + * @param uri the URI + * @param type the type */ public EntityCategoryImpl(final String uri, final EntityCategoryType type) { this.uri = uri; @@ -57,9 +57,8 @@ public String getUri() { /** * Each entity category is assigned an unique URI. This method assigns this value. - * - * @param uri - * the URI to assign. + * + * @param uri the URI to assign. */ public void setUri(final String uri) { this.uri = uri; @@ -73,9 +72,8 @@ public EntityCategoryType getType() { /** * Assigns the type of entity category. - * - * @param type - * the type to assign. + * + * @param type the type to assign. */ public void setType(final EntityCategoryType type) { this.type = type; diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryRegistry.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryRegistry.java index e9d7803..c980516 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryRegistry.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryRegistry.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Litsec AB + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,30 +21,29 @@ /** * A registry that handles all "registered" entity categories. It is used to find the definition of an entity category * based on its URI. - * - * @author Martin Lindström (martin.lindstrom@litsec.se) + * + * @author Martin Lindström (martin@idsec.se) */ public interface EntityCategoryRegistry { /** * Given an URI, the method will find the {@link EntityCategory} object that is registered for this identifier. - * - * @param uri - * the entity category URI + * + * @param uri the entity category URI * @return the {@code EntityCategory} object */ Optional getEntityCategory(String uri); /** * Returns a list of all registered entity categories. - * + * * @return a list of all registered entity categories */ List getEntityCategories(); /** * Returns a list of all registered entity categories that are of the type "Service entity category". - * + * * @return a list of all registered service entity categories */ List getServiceEntityCategories(); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryRegistryImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryRegistryImpl.java index a1c2bd2..97f9dba 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryRegistryImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryRegistryImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Litsec AB + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,8 +22,8 @@ /** * Implementation of the {@link EntityCategoryRegistry} interface. - * - * @author Martin Lindström (martin.lindstrom@litsec.se) + * + * @author Martin Lindström (martin@idsec.se) */ public class EntityCategoryRegistryImpl implements EntityCategoryRegistry { @@ -32,9 +32,8 @@ public class EntityCategoryRegistryImpl implements EntityCategoryRegistry { /** * Constructor. - * - * @param entityCategories - * registered entity categories + * + * @param entityCategories registered entity categories */ public EntityCategoryRegistryImpl(List entityCategories) { this.entityCategories = entityCategories; @@ -58,9 +57,9 @@ public List getEntityCategories() { @Override public List getServiceEntityCategories() { return this.entityCategories.stream() - .filter(e -> EntityCategoryType.SERVICE_ENTITY.equals(e.getType())) - .map(ServiceEntityCategory.class::cast) - .collect(Collectors.toList()); + .filter(e -> EntityCategoryType.SERVICE_ENTITY.equals(e.getType())) + .map(ServiceEntityCategory.class::cast) + .collect(Collectors.toList()); } } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryType.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryType.java index 8fe8588..b4d4397 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryType.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/EntityCategoryType.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,7 +17,7 @@ /** * Represents the different Entity Category types defined within the Swedish eiD Framework. - * + * * @author Martin Lindström (martin@idsec.se) */ public enum EntityCategoryType { @@ -27,7 +27,8 @@ public enum EntityCategoryType { * service. Meaning for a providing service: Represents the ability to deliver assertions in accordance with each * declared category. */ - SERVICE_ENTITY(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_PREFIX, EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_PREFIX_SC), + SERVICE_ENTITY(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_PREFIX, + EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_PREFIX_SC), /** * Meaning for a consuming service: Represents a property of this service. Meaning for a providing service: Represents * the ability to deliver assertions to a consuming service that has the declared property. @@ -42,7 +43,7 @@ public enum EntityCategoryType { * Declares a service contract entity category. */ SERVICE_CONTRACT(EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_PREFIX), - + /** * Declares a general entity category. */ @@ -50,9 +51,8 @@ public enum EntityCategoryType { /** * Given an entity category URI, the method returns the type of entity category. - * - * @param uri - * entity category URI + * + * @param uri entity category URI * @return the entity category type, or null if no match is found */ public static EntityCategoryType getType(final String uri) { @@ -71,11 +71,9 @@ public static EntityCategoryType getType(final String uri) { /** * Predicate that tells if the supplied entity category URI is of the supplied entity category type. - * - * @param uri - * entity category URI - * @param type - * the entity category type to test for + * + * @param uri entity category URI + * @param type the entity category type to test for * @return if the supplied URI is of the given type true is returned, otherwise false */ public static boolean isType(final String uri, final EntityCategoryType type) { @@ -92,9 +90,8 @@ public static boolean isType(final String uri, final EntityCategoryType type) { /** * Hidden constructor. - * - * @param prefix - * the URI prefix(es) for the type + * + * @param prefix the URI prefix(es) for the type */ private EntityCategoryType(final String... prefix) { this.prefix = prefix; diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/ServiceEntityCategory.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/ServiceEntityCategory.java index bce1162..418e92b 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/ServiceEntityCategory.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/ServiceEntityCategory.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ /** * Represents a "Service Entity Category". - * + * * @author Martin Lindström (martin@idsec.se) */ public interface ServiceEntityCategory extends EntityCategory { @@ -33,9 +33,9 @@ public interface ServiceEntityCategory extends EntityCategory { * capability to satisfy the security requirements of the Service Provider. An Identity Provider declaring this * Service Entity Category MUST be able to provide this level of assurance. *

- * - * @return the URI:s representing the Level of Assurance, or null if no level of assurance is associated with - * the category + * + * @return the URI:s representing the Level of Assurance, or null if no level of assurance is associated with the + * category */ List getLevelOfAssuranceUris(); @@ -46,7 +46,7 @@ public interface ServiceEntityCategory extends EntityCategory { * attribute set have the capability to satisfy the minimum attribute requirements of the Service Provider. An * Identity Provider declaring this Service Entity Category MUST be able to provide these attributes. *

- * + * * @return the attribute set */ AttributeSet getAttributeSet(); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/ServiceEntityCategoryImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/ServiceEntityCategoryImpl.java index bc1006b..978bb66 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/ServiceEntityCategoryImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/metadata/entitycategory/ServiceEntityCategoryImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,16 +18,17 @@ import java.util.Collections; import java.util.List; +import se.swedenconnect.opensaml.sweid.LibraryVersion; import se.swedenconnect.opensaml.sweid.saml2.attribute.AttributeSet; /** * Implementation of the {@link ServiceEntityCategory} interface. - * + * * @author Martin Lindström (martin@idsec.se) */ public class ServiceEntityCategoryImpl extends EntityCategoryImpl implements ServiceEntityCategory { - private static final long serialVersionUID = -8531917204430501608L; + private static final long serialVersionUID = LibraryVersion.SERIAL_VERSION_UID; /** The level of assurance URI of this category. */ private List loaUris; @@ -44,13 +45,10 @@ public ServiceEntityCategoryImpl() { /** * Constructor assigning the URI, Level of Assurance URI:s and the attribute set. - * - * @param uri - * the unique URI - * @param loaUris - * the Level of Assurance URI:s - * @param attributeSet - * the attribute set + * + * @param uri the unique URI + * @param loaUris the Level of Assurance URI:s + * @param attributeSet the attribute set */ public ServiceEntityCategoryImpl(final String uri, final List loaUris, final AttributeSet attributeSet) { super(uri, EntityCategoryType.SERVICE_ENTITY); @@ -78,9 +76,8 @@ public List getLevelOfAssuranceUris() { /** * Sets the Level of Assurance URI:s associated with this service entity category. - * - * @param loaUris - * the LoA URI:s + * + * @param loaUris the LoA URI:s */ public void setLevelOfAssuranceUris(final List loaUris) { this.loaUris = loaUris; @@ -94,9 +91,8 @@ public AttributeSet getAttributeSet() { /** * Assigns the attribute set tied to this service entity category. - * - * @param attributeSet - * the attribute set to assign + * + * @param attributeSet the attribute set to assign */ public void setAttributeProfile(final AttributeSet attributeSet) { this.attributeSet = attributeSet; diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/request/SwedishEidAuthnRequestGenerator.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/request/SwedishEidAuthnRequestGenerator.java index 6911921..1070346 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/request/SwedishEidAuthnRequestGenerator.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/request/SwedishEidAuthnRequestGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright 2021 Sweden Connect + * Copyright 2021-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,9 +29,9 @@ import se.swedenconnect.opensaml.saml2.metadata.EntityDescriptorUtils; import se.swedenconnect.opensaml.saml2.request.AuthnRequestGenerator; import se.swedenconnect.opensaml.saml2.request.AuthnRequestGeneratorContext; +import se.swedenconnect.opensaml.saml2.request.AuthnRequestGeneratorContext.HokRequirement; import se.swedenconnect.opensaml.saml2.request.DefaultAuthnRequestGenerator; import se.swedenconnect.opensaml.saml2.request.RequestGenerationException; -import se.swedenconnect.opensaml.saml2.request.AuthnRequestGeneratorContext.HokRequirement; import se.swedenconnect.opensaml.sweid.saml2.authn.psc.PrincipalSelection; import se.swedenconnect.opensaml.sweid.saml2.metadata.entitycategory.EntityCategoryConstants; import se.swedenconnect.opensaml.sweid.saml2.signservice.SignMessageEncrypter; @@ -39,7 +39,7 @@ /** * An {@link AuthnRequestGenerator} for the Swedish eID Framework. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SwedishEidAuthnRequestGenerator extends DefaultAuthnRequestGenerator { @@ -55,13 +55,10 @@ public class SwedishEidAuthnRequestGenerator extends DefaultAuthnRequestGenerato /** * Constructor. - * - * @param spEntityID - * the SP entityID - * @param signCredential - * the signing credential - * @param metadataResolver - * the metadata resolver + * + * @param spEntityID the SP entityID + * @param signCredential the signing credential + * @param metadataResolver the metadata resolver */ public SwedishEidAuthnRequestGenerator(final String spEntityID, final X509Credential signCredential, final MetadataResolver metadataResolver) { @@ -70,13 +67,10 @@ public SwedishEidAuthnRequestGenerator(final String spEntityID, final X509Creden /** * Constructor. - * - * @param spMetadata - * the SP metadata - * @param signCredential - * the signing credential - * @param metadataResolver - * the metadata resolver + * + * @param spMetadata the SP metadata + * @param signCredential the signing credential + * @param metadataResolver the metadata resolver */ public SwedishEidAuthnRequestGenerator(final EntityDescriptor spMetadata, final X509Credential signCredential, final MetadataResolver metadataResolver) { @@ -100,9 +94,9 @@ protected void addExtensions(final AuthnRequestBuilder builder, final AuthnReque if (signMessage != null || principalSelection != null) { builder.extensions(ExtensionsBuilder.builder() - .extension(signMessage) - .extension(principalSelection) - .build()); + .extension(signMessage) + .extension(principalSelection) + .build()); } } } @@ -112,10 +106,11 @@ protected void addExtensions(final AuthnRequestBuilder builder, final AuthnReque */ @Override protected List getAssuranceCertificationUris( - final EntityDescriptor idpMetadata, final AuthnRequestGeneratorContext context) throws RequestGenerationException { + final EntityDescriptor idpMetadata, final AuthnRequestGeneratorContext context) + throws RequestGenerationException { final List defaultUris = super.getAssuranceCertificationUris(idpMetadata, context); - + final List uris = new ArrayList<>(); for (final String uri : defaultUris) { if (uri.contains("sigm")) { @@ -139,19 +134,18 @@ else if (HokRequirement.DONT_USE.equals(context.getHokRequirement()) && uri.cont protected boolean isSignatureService() { if (this.signServiceFlag == null) { this.signServiceFlag = EntityDescriptorUtils.getEntityCategories(this.getSpMetadata()) - .stream() - .filter(c -> c.equals(EntityCategoryConstants.SERVICE_TYPE_CATEGORY_SIGSERVICE.getUri())) - .findFirst() - .isPresent(); + .stream() + .filter(c -> c.equals(EntityCategoryConstants.SERVICE_TYPE_CATEGORY_SIGSERVICE.getUri())) + .findFirst() + .isPresent(); } return this.signServiceFlag; } /** * Adds the sign message encrypter. - * - * @param signMessageEncrypter - * the encrypter to add + * + * @param signMessageEncrypter the encrypter to add */ public void setSignMessageEncrypter(final SignMessageEncrypter signMessageEncrypter) { this.signMessageEncrypter = signMessageEncrypter; diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/request/SwedishEidAuthnRequestGeneratorContext.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/request/SwedishEidAuthnRequestGeneratorContext.java index f7dd7df..be7c6c1 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/request/SwedishEidAuthnRequestGeneratorContext.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/request/SwedishEidAuthnRequestGeneratorContext.java @@ -1,5 +1,5 @@ /* - * Copyright 2021 Sweden Connect + * Copyright 2021-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,7 +27,7 @@ /** * An extension to {@code AuthnRequestGeneratorContext} with added functionality for the Swedish eID Framework. - * + * * @author Martin Lindström (martin@idsec.se) */ public interface SwedishEidAuthnRequestGeneratorContext extends AuthnRequestGeneratorContext { @@ -37,7 +37,7 @@ public interface SwedishEidAuthnRequestGeneratorContext extends AuthnRequestGene *

* The default implementation does not create a {@code SignMessage} extension. *

- * + * * @return the builder function */ default SignMessageBuilderFunction getSignMessageBuilderFunction() { @@ -49,7 +49,7 @@ default SignMessageBuilderFunction getSignMessageBuilderFunction() { *

* The default implementation does not create a {@code PrincipalSelection} extension. *

- * + * * @return the builder function */ default PrincipalSelectionBuilderFunction getPrincipalSelectionBuilderFunction() { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADParser.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADParser.java index 9a30593..696ca35 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADParser.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADParser.java @@ -47,7 +47,7 @@ import com.nimbusds.jose.proc.JWSVerifierFactory; import com.nimbusds.jwt.SignedJWT; -import net.shibboleth.utilities.java.support.resolver.ResolverException; +import net.shibboleth.shared.resolver.ResolverException; import se.swedenconnect.opensaml.saml2.attribute.AttributeUtils; import se.swedenconnect.opensaml.saml2.metadata.EntityDescriptorUtils; import se.swedenconnect.opensaml.saml2.metadata.provider.MetadataProvider; @@ -59,7 +59,7 @@ /** * Class for parsing and validation of SAD JWT:s. - * + * * @author Martin Lindström (martin.lindstrom@litsec.se) */ public class SADParser { @@ -73,7 +73,7 @@ private SADParser() { *

* Note: The parse method does not peform any validation. Use the {@link SADValidator} class for this purpose. *

- * + * * @param sadJwt the signed JWT holding the SAD * @return the SAD object * @throws IOException for parsing errors @@ -92,7 +92,7 @@ public static SAD parse(final String sadJwt) throws IOException { /** * Returns a SAD validator initialized with a set of certificates that are to be used for JWT signature validation. * These certificates are the IdP signing certificates obtained from the IdP metadata entry. - * + * * @param validationCertificates certificate(s) to be used when verifying the JWT signature * @return a SADValidator instance */ @@ -103,7 +103,7 @@ public static SADValidator getValidator(final X509Certificate... validationCerti /** * Returns a SAD validator initialized with a {@link MetadataProvider} instance. During JWT signature validation the * IdP signature certificate will be obtained from the IdP metadata entry held by the metadata provider. - * + * * @param metadataProvider metadata provider * @return a SADValidator instance */ @@ -114,7 +114,7 @@ public static SADValidator getValidator(final MetadataProvider metadataProvider) /** * Returns a SAD validator initialized with the IdP {@link EntityDescriptor} (metadata) from which the IdP signing * key/certificate will be read (needed for JWT signature validation). - * + * * @param idpMetadata the IdP metadata * @return a SADValidator instance */ @@ -124,7 +124,7 @@ public static SADValidator getValidator(final EntityDescriptor idpMetadata) { /** * A validator for verifying the SAD JWT. - * + * * @author Martin Lindström (martin@idsec.se) */ public static class SADValidator { @@ -149,7 +149,7 @@ public static class SADValidator { /** * Constructor initializing the validator with a set of certificates that are to be used for JWT signature * validation. These certificates are the IdP signing certificates obtained from the IdP metadata entry. - * + * * @param certificates certificate(s) to be used when verifying the JWT signature */ public SADValidator(final X509Certificate... certificates) { @@ -160,7 +160,7 @@ public SADValidator(final X509Certificate... certificates) { * Constructor creating a SAD validator initialized with a {@link MetadataProvider} instance. During JWT signature * validation the IdP signature certificate will be obtained from the IdP metadata entry held by the metadata * provider. - * + * * @param metadataProvider metadata provider */ public SADValidator(final MetadataProvider metadataProvider) { @@ -170,7 +170,7 @@ public SADValidator(final MetadataProvider metadataProvider) { /** * Creates a SAD validator initialized with the IdP {@link EntityDescriptor} (metadata) from which the IdP signing * key/certificate will be read (needed for JWT signature validation). - * + * * @param idpMetadata the IdP metadata */ public SADValidator(final EntityDescriptor idpMetadata) { @@ -185,7 +185,7 @@ public SADValidator(final EntityDescriptor idpMetadata) { /** * A method that validates the SAD issued in an {@code Assertion} based on the {@code AuthnRequest} containing a * {@code SADRequest}. - * + * * @param authnRequest the AuthnRequest holding the SADRequest * @param assertion the Assertion holding the sad attribute (as a encoded JWT) * @return a SAD object, or null if no SAD was requested (and issued) @@ -298,14 +298,14 @@ public SAD validate(final AuthnRequest authnRequest, final Assertion assertion) /** * Validates a SAD based on expected data. If the {@code AuthnRequest} and issued {@code Assertion} is available, * the method {@link #validate(AuthnRequest, Assertion)} is a better option. - * + * *

* Note: It is assumed that the supplied {@code expectedSubject} parameter is a attribute value read from the * assertion having the attribute name indicated in the 'attr' field of the SAD. If this attribute name is not known * in advance, the SAD needs to be parsed ({@link SADParser#parse(String)}) so that the 'attr' field can be read, * and the correct attribute value be located from the assertion. *

- * + * * @param sadJwt the encoded SAD JWT (found in the sad attribute of a received assertion) * @param idpEntityID the entityID of the issuing IdP (the issuer of the received assertion holding the sad * attribute) @@ -346,7 +346,7 @@ public SAD validate(final String sadJwt, final String idpEntityID, final String /** * Validates the supplied SAD JWT. - * + * * @param signedJwt the SAD JWT * @param sad the SAD (parsed for pre-checks) * @param now the current time (seconds since 1970-01-01) @@ -405,14 +405,14 @@ private SAD validate(final SignedJWT signedJwt, final SAD sad, final long now, f logger.info(msg); throw new SADValidationException(ErrorCode.BAD_SAD_FORMAT, msg); } - + if (sad.getExpiry() < now - this.allowedClockSkew.getSeconds()) { final String msg = String.format("SAD has expired - expiration: '%s', current time: '%s'", sad.getExpiryDateTime(), Instant.ofEpochSecond(now)); logger.info(msg); throw new SADValidationException(ErrorCode.SAD_EXPIRED, msg); } - + if (sad.getIssuedAt() > now + this.allowedClockSkew.getSeconds()) { final String msg = String.format("SAD is not yet valid - issue-time: '%s', current time: '%s'", sad.getIssuedAtDateTime(), Instant.ofEpochSecond(now)); @@ -480,7 +480,7 @@ private SAD validate(final SignedJWT signedJwt, final SAD sad, final long now, f /** * Verifies the signature on the supplied SAD JWT. - * + * * @param sadJwt the SAD JWT * @param idpEntityID the entityID of the IdP that signed the JWT * @throws SADValidationException for signature validation errors @@ -496,7 +496,7 @@ public void verifyJwtSignature(final String sadJwt, final String idpEntityID) th /** * Verifies the signature on the supplied SAD JWT. - * + * * @param sadJwt the SAD JWT * @param idpEntityID the entityID of the IdP that signed the JWT * @throws SADValidationException for signature validation errors @@ -541,7 +541,7 @@ private void verifyJwtSignature(final SignedJWT signedJwt, final String idpEntit /** * Returns a list of possible IdP validation certificates to use when verifying the SAD signature. - * + * * @param idpEntityID the IdP entityID * @return a list of certificates * @throws ResolverException for metadata resolver errors @@ -569,7 +569,7 @@ else if (this.metadataProvider != null) { /** * Returns the LoA (level of assurance) URI from the supplied assertion. - * + * * @param assertion the assertion * @return the LoA URI, or null */ @@ -584,7 +584,7 @@ private static String getLoa(final Assertion assertion) { /** * Assigned the allowed clock skew. The default is {@link #DEFAULT_ALLOWED_CLOCK_SKEW}. - * + * * @param allowedClockSkew allowed clock skew */ public void setAllowedClockSkew(final Duration allowedClockSkew) { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADValidationException.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADValidationException.java index 66debec..d2a6daa 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADValidationException.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADValidationException.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,9 +15,11 @@ */ package se.swedenconnect.opensaml.sweid.saml2.signservice; +import se.swedenconnect.opensaml.sweid.LibraryVersion; + /** * Exception class for SAD validation errors. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SADValidationException extends Exception { @@ -26,7 +28,7 @@ public class SADValidationException extends Exception { * Possible validation errors. */ public enum ErrorCode { - + /** The JWT or its contained JSON could not be successfully parsed. */ JWT_PARSE_ERROR, @@ -47,40 +49,38 @@ public enum ErrorCode { /** Mismatching subject - the subject in the SAD does not match corresponding attribute from assertion. */ VALIDATION_BAD_SUBJECT, - + /** Mismatching in-response-to - the irt claim does not match expected SADRequest ID. */ VALIDATION_BAD_IRT, - + /** Mismatching LoA - The LoA in the SAD does not correspond with the LoA in the assertion. */ VALIDATION_BAD_LOA, - + /** Mismatching number of documents between SAD and corresponding SADRequest. */ VALIDATION_BAD_DOCS, - + /** Mismatching SignRequest ID (SAD has different value that what was expected). */ VALIDATION_BAD_SIGNREQUESTID, - + /** SAD is missing from assertion. */ NO_SAD_ATTRIBUTE, - + /** The attribute name given in the SAD for the subject was not found in the assertion. */ MISSING_SUBJECT_ATTRIBUTE } /** For serializing. */ - private static final long serialVersionUID = -3945612687253407453L; + private static final long serialVersionUID = LibraryVersion.SERIAL_VERSION_UID; /** The SAD validation error code. */ private ErrorCode errorCode; /** * Constructor assigning the error code and error message. - * - * @param errorCode - * the error code - * @param message - * the error message + * + * @param errorCode the error code + * @param message the error message */ public SADValidationException(final ErrorCode errorCode, final String message) { super(message); @@ -89,13 +89,10 @@ public SADValidationException(final ErrorCode errorCode, final String message) { /** * Constructor assigning the error code, the error message and the cause of the error. - * - * @param errorCode - * the error code - * @param message - * the error message - * @param cause - * the cause of the error + * + * @param errorCode the error code + * @param message the error message + * @param cause the cause of the error */ public SADValidationException(final ErrorCode errorCode, final String message, final Throwable cause) { super(message, cause); @@ -104,7 +101,7 @@ public SADValidationException(final ErrorCode errorCode, final String message, f /** * Returns the error code. - * + * * @return error code */ public ErrorCode getErrorCode() { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDecrypter.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDecrypter.java index 7b53924..bb8cdd2 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDecrypter.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDecrypter.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -35,7 +35,7 @@ /** * A bean for decrypting encrypted messages within {@link SignMessage} objects. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SignMessageDecrypter { @@ -57,20 +57,19 @@ public class SignMessageDecrypter { /** The decrypter. */ private Decrypter decrypter; - + /** * If using a HSM it is likely that the SunPKCS11 crypto provider is used. This provider does not have support for * OAEP padding. This is used commonly for XML encryption since * {@code http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p} is the default algorithm to use for key encryption. This * class has a workaround for this limitation that is enabled by setting the {@code pkcs11Workaround} flag. */ - private boolean pkcs11Workaround = false; + private boolean pkcs11Workaround = false; /** * Constructor given the credential to use to decrypt the messages (certificate or key pair) - * - * @param decryptionCredential - * decryption credential + * + * @param decryptionCredential decryption credential */ public SignMessageDecrypter(final Credential decryptionCredential) { this.keyEncryptionKeyResolver = new StaticKeyInfoCredentialResolver(decryptionCredential); @@ -79,9 +78,8 @@ public SignMessageDecrypter(final Credential decryptionCredential) { /** * Constructor accepting several credentials (certificates or key pairs) to be used when decrypting. This may be * useful after a key rollover. - * - * @param decryptionCredentials - * decryption credentials + * + * @param decryptionCredentials decryption credentials */ public SignMessageDecrypter(final List decryptionCredentials) { this.keyEncryptionKeyResolver = new StaticKeyInfoCredentialResolver(decryptionCredentials); @@ -89,22 +87,19 @@ public SignMessageDecrypter(final List decryptionCredentials) { /** * Constructor accepting a key encryption key resolver. - * - * @param keyEncryptionKeyResolver - * the resolver + * + * @param keyEncryptionKeyResolver the resolver */ public SignMessageDecrypter(final KeyInfoCredentialResolver keyEncryptionKeyResolver) { this.keyEncryptionKeyResolver = keyEncryptionKeyResolver; } - + /** * Decrypts the encrypted message of a {@link SignMessage} and returns the cleartext {@code Message}. - * - * @param signMessage - * the element holding the encrypted message + * + * @param signMessage the element holding the encrypted message * @return a cleartext {@code Message} element - * @throws DecryptionException - * for decryption errors + * @throws DecryptionException for decryption errors */ public Message decrypt(final SignMessage signMessage) throws DecryptionException { if (signMessage.getEncryptedMessage() == null && signMessage.getMessage() != null) { @@ -121,7 +116,7 @@ public Message decrypt(final SignMessage signMessage) throws DecryptionException /** * Returns the decrypter to use. - * + * * @return the decrypter */ private Decrypter getDecrypter() { @@ -130,7 +125,7 @@ private Decrypter getDecrypter() { pars.setKEKKeyInfoCredentialResolver(this.keyEncryptionKeyResolver); pars.setEncryptedKeyResolver(this.encryptedKeyResolver); pars.setExcludedAlgorithms(this.blacklistedAlgorithms); - pars.setIncludedAlgorithms(this.whitelistedAlgorithms); + pars.setIncludedAlgorithms(this.whitelistedAlgorithms); this.decrypter = this.pkcs11Workaround ? new Pkcs11Decrypter(pars) : new Decrypter(pars); this.decrypter.setRootInNewDocument(true); } @@ -139,9 +134,8 @@ private Decrypter getDecrypter() { /** * Assigns a list of black listed algorithms - * - * @param blacklistedAlgorithms - * non allowed algorithms + * + * @param blacklistedAlgorithms non allowed algorithms */ public void setBlacklistedAlgorithms(final Collection blacklistedAlgorithms) { this.blacklistedAlgorithms = blacklistedAlgorithms; @@ -149,25 +143,23 @@ public void setBlacklistedAlgorithms(final Collection blacklistedAlgorit /** * Assigns a list of white listed algorithms - * - * @param whitelistedAlgorithms - * white listed algorithms + * + * @param whitelistedAlgorithms white listed algorithms */ public void setWhitelistedAlgorithms(final Collection whitelistedAlgorithms) { this.whitelistedAlgorithms = whitelistedAlgorithms; } - + /** * If using a HSM it is likely that the SunPKCS11 crypto provider is used. This provider does not have support for * OAEP padding. This is used commonly for XML encryption since * {@code http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p} is the default algorithm to use for key encryption. This * class has a workaround for this limitation that is enabled by setting the {@code pkcs11Workaround} flag. - * - * @param pkcs11Workaround - * whether to run in PKCS11 workaround mode + * + * @param pkcs11Workaround whether to run in PKCS11 workaround mode */ public void setPkcs11Workaround(final boolean pkcs11Workaround) { this.pkcs11Workaround = pkcs11Workaround; - } + } } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDigestIssuer.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDigestIssuer.java index 8d4a5ce..31577f9 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDigestIssuer.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDigestIssuer.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -56,8 +56,7 @@ public class SignMessageDigestIssuer { /** * Creates a signMessageDigest attribute using the default digest method. * - * @param message - * the sign message + * @param message the sign message * @return a signMessageDigest attribute */ public Attribute create(final Message message) { @@ -68,10 +67,8 @@ public Attribute create(final Message message) { * Creates a signMessageDigest attribute using the preferred digest method of the recipient, or the default digest * method if none is specified in the recipient metadata. * - * @param message - * the sign message - * @param recipient - * the recipient metadata (may be null) + * @param message the sign message + * @param recipient the recipient metadata (may be null) * @return a signMessageDigest attribute */ public Attribute create(final Message message, final EntityDescriptor recipient) { @@ -105,20 +102,20 @@ public Attribute create(final Message message, final EntityDescriptor recipient) catch (final NoSuchAlgorithmException e) { throw new SecurityException(e); } - final byte[] digestValue = messageDigest.digest(message.getContent().getBytes(StandardCharsets.UTF_8)); - final String attributeValue = String.format("%s;%s", digestAlgorithm, Base64.getEncoder().encodeToString(digestValue)); + final byte[] digestValue = messageDigest.digest(message.getContent().getBytes(StandardCharsets.UTF_8)); + final String attributeValue = + String.format("%s;%s", digestAlgorithm, Base64.getEncoder().encodeToString(digestValue)); return AttributeConstants.ATTRIBUTE_TEMPLATE_SIGNMESSAGE_DIGEST.createBuilder() - .value(attributeValue) - .build(); + .value(attributeValue) + .build(); } /** * The recipient may specify the digest algorithm it prefers by including the {@code } element in * its metadata. * - * @param metadata - * the recipient's metadata + * @param metadata the recipient's metadata * @return the preferred digest algorithm, or null if none is specified */ public static String getDigestPreference(final EntityDescriptor metadata) { @@ -159,8 +156,7 @@ public String getDefaultDigestMethod() { /** * Assigns the default digest method to use. * - * @param defaultDigestMethod - * the algorithm URI for the default digest method + * @param defaultDigestMethod the algorithm URI for the default digest method */ public void setDefaultDigestMethod(final String defaultDigestMethod) { final AlgorithmRegistry registry = AlgorithmSupport.getGlobalAlgorithmRegistry(); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageEncrypter.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageEncrypter.java index 5b56433..61e0580 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageEncrypter.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageEncrypter.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,15 +22,15 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import net.shibboleth.utilities.java.support.component.ComponentInitializationException; -import net.shibboleth.utilities.java.support.logic.Constraint; +import net.shibboleth.shared.component.ComponentInitializationException; +import net.shibboleth.shared.logic.Constraint; import se.swedenconnect.opensaml.sweid.saml2.signservice.dss.EncryptedMessage; import se.swedenconnect.opensaml.sweid.saml2.signservice.dss.SignMessage; import se.swedenconnect.opensaml.xmlsec.encryption.support.SAMLObjectEncrypter; /** * Bean for encrypting {@code SignMessage} objects. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SignMessageEncrypter { @@ -43,11 +43,9 @@ public class SignMessageEncrypter { /** * Constructor. - * - * @param encrypter - * the encrypter bean - * @throws ComponentInitializationException - * for init errors + * + * @param encrypter the encrypter bean + * @throws ComponentInitializationException for init errors */ public SignMessageEncrypter(final SAMLObjectEncrypter encrypter) throws ComponentInitializationException { this.encrypter = Constraint.isNotNull(encrypter, "encrypter must not be null"); @@ -57,13 +55,10 @@ public SignMessageEncrypter(final SAMLObjectEncrypter encrypter) throws Componen * Given a sign message holding a cleartext {@code Message} element, the method encrypts the message using the default * encryption configuration and updates the supplied {@code signMessage} so that it holds an {@code EncryptedMessage} * instead. - * - * @param signMessage - * the sign message holding the message to encrypt - * @param entityID - * the SAML entityID of the IdP that is the recipient of the message (and to whom we encrypt for) - * @throws EncryptionException - * for errors during encryption + * + * @param signMessage the sign message holding the message to encrypt + * @param entityID the SAML entityID of the IdP that is the recipient of the message (and to whom we encrypt for) + * @throws EncryptionException for errors during encryption * @see #encrypt(SignMessage, String, EncryptionConfiguration) */ public void encrypt(final SignMessage signMessage, final String entityID) throws EncryptionException { @@ -74,15 +69,11 @@ public void encrypt(final SignMessage signMessage, final String entityID) throws * Given a sign message holding a cleartext {@code Message} element, the method encrypts the message using the * supplied encryption configuration and updates the supplied {@code signMessage} so that it holds an * {@code EncryptedMessage} instead. - * - * @param signMessage - * the sign message holding the message to encrypt - * @param entityID - * the SAML entityID of the IdP that is the recipient of the message (and to whom we encrypt for) - * @param configuration - * the encryption configuration to use - * @throws EncryptionException - * for errors during encryption + * + * @param signMessage the sign message holding the message to encrypt + * @param entityID the SAML entityID of the IdP that is the recipient of the message (and to whom we encrypt for) + * @param configuration the encryption configuration to use + * @throws EncryptionException for errors during encryption */ public void encrypt(final SignMessage signMessage, final String entityID, final EncryptionConfiguration configuration) throws EncryptionException { @@ -103,11 +94,13 @@ public void encrypt(final SignMessage signMessage, final String entityID, final } else if (!signMessage.getDisplayEntity().equals(entityID)) { throw new EncryptionException(String.format("Assigned DisplayEntity (%s) does not match supplied entityID (%s)", - signMessage.getDisplayEntity(), entityID)); + signMessage.getDisplayEntity(), entityID)); } - final EncryptedData encryptedData = this.encrypter.encrypt(signMessage.getMessage(), new SAMLObjectEncrypter.Peer(entityID), configuration); - final EncryptedMessage encryptedMessage = (EncryptedMessage) XMLObjectSupport.buildXMLObject(EncryptedMessage.DEFAULT_ELEMENT_NAME); + final EncryptedData encryptedData = + this.encrypter.encrypt(signMessage.getMessage(), new SAMLObjectEncrypter.Peer(entityID), configuration); + final EncryptedMessage encryptedMessage = + (EncryptedMessage) XMLObjectSupport.buildXMLObject(EncryptedMessage.DEFAULT_ELEMENT_NAME); encryptedMessage.setEncryptedData(encryptedData); signMessage.setMessage(null); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/build/SADRequestBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/build/SADRequestBuilder.java index b16acf6..8be5324 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/build/SADRequestBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/build/SADRequestBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,14 +28,14 @@ /** * Builder for creating a {@link SADRequest} using the builder pattern. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SADRequestBuilder extends AbstractSAMLObjectBuilder { /** * Utility method that creates a builder. - * + * * @return a builder */ public static SADRequestBuilder builder() { @@ -44,9 +44,8 @@ public static SADRequestBuilder builder() { /** * Assigns the ID attribute for the {@code SADRequest}. - * - * @param id - * the ID attribute + * + * @param id the ID attribute * @return the builder */ public SADRequestBuilder id(final String id) { @@ -56,9 +55,8 @@ public SADRequestBuilder id(final String id) { /** * Assigns the requester ID (entityID of the SP requesting the SAD). - * - * @param requesterID - * the entityID of the requester + * + * @param requesterID the entityID of the requester * @return the builder */ public SADRequestBuilder requesterID(final String requesterID) { @@ -68,9 +66,8 @@ public SADRequestBuilder requesterID(final String requesterID) { /** * Assigns the value of the {@code RequestID} attribute of the associated {@code SignRequest}. - * - * @param signRequestID - * the signature request ID + * + * @param signRequestID the signature request ID * @return the builder */ public SADRequestBuilder signRequestID(final String signRequestID) { @@ -80,9 +77,8 @@ public SADRequestBuilder signRequestID(final String signRequestID) { /** * Assigns the number of requested signatures in the associated sign request. - * - * @param docCount - * the document count + * + * @param docCount the document count * @return the builder */ public SADRequestBuilder docCount(final Integer docCount) { @@ -92,9 +88,8 @@ public SADRequestBuilder docCount(final Integer docCount) { /** * Assigns the requested version of the SAD. - * - * @param sadVersion - * the SAD version + * + * @param sadVersion the SAD version * @return the builder */ public SADRequestBuilder requestedVersion(final SADVersion sadVersion) { @@ -104,9 +99,8 @@ public SADRequestBuilder requestedVersion(final SADVersion sadVersion) { /** * Assigns the {@code RequestParams} element. - * - * @param requestParams - * the RequestParams + * + * @param requestParams the RequestParams * @return the builder */ public SADRequestBuilder requestParams(final RequestParams requestParams) { @@ -122,14 +116,14 @@ protected Class getObjectType() { /** * Builder for creating a {@link RequestParams} using the builder pattern. - * + * * @author Martin Lindström (martin@idsec.se) */ public static class RequestParamsBuilder extends AbstractSAMLObjectBuilder { /** * Utility method that creates a builder. - * + * * @return a builder */ public static RequestParamsBuilder builder() { @@ -138,11 +132,9 @@ public static RequestParamsBuilder builder() { /** * Utility method creating a {@link Parameter} object. - * - * @param name - * the parameter name - * @param value - * the parameter value + * + * @param name the parameter name + * @param value the parameter value * @return the Parameter object */ public static Parameter parameter(final String name, final String value) { @@ -154,9 +146,8 @@ public static Parameter parameter(final String name, final String value) { /** * Assigns the parameters to the request params. - * - * @param parameters - * a list of parameters + * + * @param parameters a list of parameters * @return the builder */ public RequestParamsBuilder parameters(final List parameters) { @@ -166,12 +157,11 @@ public RequestParamsBuilder parameters(final List parameters) { } return this; } - + /** * Assigns the parameters to the request params. - * - * @param parameters - * a list of parameters + * + * @param parameters a list of parameters * @return the builder */ public RequestParamsBuilder parameters(final Parameter... parameters) { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/build/SignMessageBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/build/SignMessageBuilder.java index 156a731..bf07af6 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/build/SignMessageBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/build/SignMessageBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,14 +25,14 @@ /** * Creates a {@link SignMessage} instance using the builder patterns. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SignMessageBuilder extends AbstractSAMLObjectBuilder { /** * Utility method that creates a builder. - * + * * @return a builder */ public static SignMessageBuilder builder() { @@ -44,9 +44,8 @@ public static SignMessageBuilder builder() { *

* If the message should be encrypted, use {@link SignMessageEncrypter} after the {@code SignMessage} has been built. *

- * - * @param message - * the message to include (in cleartext) + * + * @param message the message to include (in cleartext) * @return the builder */ public SignMessageBuilder message(final String message) { @@ -60,9 +59,8 @@ public SignMessageBuilder message(final String message) { * Assigns the entityID of the entity responsible for displaying the sign message to the signer. When the sign message * is encrypted, then this entity is also the holder of the private decryption key necessary to decrypt the sign * message. - * - * @param displayEntity - * the entityID of the recipient + * + * @param displayEntity the entityID of the recipient * @return the builder */ public SignMessageBuilder displayEntity(final String displayEntity) { @@ -72,9 +70,8 @@ public SignMessageBuilder displayEntity(final String displayEntity) { /** * Assigns the MIME type of the message. - * - * @param mimeType - * the MIME type + * + * @param mimeType the MIME type * @return the builder */ public SignMessageBuilder mimeType(final SignMessageMimeTypeEnum mimeType) { @@ -85,9 +82,8 @@ public SignMessageBuilder mimeType(final SignMessageMimeTypeEnum mimeType) { /** * Assigns the {@code MustShow} attribute. When this parameter is set to {@code true} then the requested signature * MUST NOT be created unless this message has been displayed and accepted by the signer. - * - * @param mustShow - * the must show flag + * + * @param mustShow the must show flag * @return the builder */ public SignMessageBuilder mustShow(final Boolean mustShow) { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/DssExtensionsConstants.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/DssExtensionsConstants.java index 3e68c66..03dacc9 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/DssExtensionsConstants.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/DssExtensionsConstants.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,19 +16,19 @@ package se.swedenconnect.opensaml.sweid.saml2.signservice.dss; /** - * Holds constants defined in "DSS Extension for Federated Central Signing Services". - * + * Holds constants defined in "DSS Extension for Federated Central Signing Services". + * * @author Martin Lindström (martin@idsec.se) */ public class DssExtensionsConstants { /** Namespace prefix for the DSS extension for the Swedish eID Framework. */ public static final String SWEID_DSS_EXT_PREFIX = "csig"; - + /** The namespace for the DSS extension for the Swedish eID Framework. */ public static final String SWEID_DSS_EXT_NS = "http://id.elegnamnden.se/csig/1.1/dss-ext/ns"; - + private DssExtensionsConstants() { } - + } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/EncryptedMessage.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/EncryptedMessage.java index 653a844..a9bcac6 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/EncryptedMessage.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/EncryptedMessage.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,16 +21,16 @@ /** * XMLObject representing the {@code EncryptedMessage} element that is a child to {@link SignMessage}. - * + * * @author Martin Lindström (martin@idsec.se) */ public interface EncryptedMessage extends EncryptedElementType { - + /** Element local name. */ String DEFAULT_ELEMENT_LOCAL_NAME = "EncryptedMessage"; /** Default element name. */ QName DEFAULT_ELEMENT_NAME = new QName(DssExtensionsConstants.SWEID_DSS_EXT_NS, - DEFAULT_ELEMENT_LOCAL_NAME, DssExtensionsConstants.SWEID_DSS_EXT_PREFIX); + DEFAULT_ELEMENT_LOCAL_NAME, DssExtensionsConstants.SWEID_DSS_EXT_PREFIX); } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/Message.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/Message.java index 1e4e079..320cc57 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/Message.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/Message.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,32 +21,31 @@ /** * XMLObject representing the {@code Message} element that is a child to {@link SignMessage}. - * + * * @author Martin Lindström (martin@idsec.se) */ public interface Message extends XSBase64Binary { - + /** Element local name. */ String DEFAULT_ELEMENT_LOCAL_NAME = "Message"; /** Default element name. */ QName DEFAULT_ELEMENT_NAME = new QName(DssExtensionsConstants.SWEID_DSS_EXT_NS, - DEFAULT_ELEMENT_LOCAL_NAME, DssExtensionsConstants.SWEID_DSS_EXT_PREFIX); + DEFAULT_ELEMENT_LOCAL_NAME, DssExtensionsConstants.SWEID_DSS_EXT_PREFIX); /** * Returns string content of the {@code Message} element, i.e., its Base64 decoded form. - * + * * @return the message content */ String getContent(); - + /** * Assigns the {@code Message} element by assigning the text that it should hold. The method will Base64 encode the * text. - * - * @param messageContent - * content of the Message element + * + * @param messageContent content of the Message element */ - void setContent(final String messageContent); - + void setContent(final String messageContent); + } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/SignMessage.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/SignMessage.java index f7ab21e..3835055 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/SignMessage.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/SignMessage.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -50,9 +50,9 @@ *
An encrypted {@code } element. Either a {@code } or an {@code } element MUST * be present.
* - * + * * The following schema fragment defines the {@code } element and the SignMessageType complex type: - * + * * 
{@code
  * 
  *   
@@ -72,14 +72,14 @@
  *   
  *   
  * 
- * 
+ *
  * 
  * }
  *
*

* See "DSS Extension for Federated Central Signing Services". *

- * + * * @author Martin Lindström (martin@idsec.se) */ public interface SignMessage extends SAMLObject, AttributeExtensibleXMLObject { @@ -89,13 +89,14 @@ public interface SignMessage extends SAMLObject, AttributeExtensibleXMLObject { /** Default element name. */ QName DEFAULT_ELEMENT_NAME = new QName(DssExtensionsConstants.SWEID_DSS_EXT_NS, DEFAULT_ELEMENT_LOCAL_NAME, - DssExtensionsConstants.SWEID_DSS_EXT_PREFIX); + DssExtensionsConstants.SWEID_DSS_EXT_PREFIX); /** Local name of the type */ String TYPE_LOCAL_NAME = "SignMessageType"; - + /** QName of the XSI type. */ - QName TYPE_NAME = new QName(DssExtensionsConstants.SWEID_DSS_EXT_NS, TYPE_LOCAL_NAME, DssExtensionsConstants.SWEID_DSS_EXT_PREFIX); + QName TYPE_NAME = + new QName(DssExtensionsConstants.SWEID_DSS_EXT_NS, TYPE_LOCAL_NAME, DssExtensionsConstants.SWEID_DSS_EXT_PREFIX); /** Attribute label for the MustShow attribute. */ String MUST_SHOW_ATTR_NAME = "MustShow"; @@ -108,14 +109,14 @@ public interface SignMessage extends SAMLObject, AttributeExtensibleXMLObject { /** * Returns the value of the {@code MustShow} attribute. - * + * * @return the {@code MustShow} attribute */ Boolean isMustShow(); /** * Returns the {@code MustShow} attribute as a {@code XSBooleanValue}. - * + * * @return the {@code MustShow} attribute * @see #isMustShow() */ @@ -123,93 +124,86 @@ public interface SignMessage extends SAMLObject, AttributeExtensibleXMLObject { /** * Assigns the value of the {@code MustShow} attribute. - * - * @param mustShow - * the value to assign + * + * @param mustShow the value to assign */ void setMustShow(final Boolean mustShow); /** * Assigns the value of the {@code MustShow} attribute. - * - * @param mustShow - * the value to assign + * + * @param mustShow the value to assign * @see #setMustShow(Boolean) */ void setMustShow(final XSBooleanValue mustShow); /** * Returns the value of the {@code DisplayEntity} attribute. - * + * * @return the DisplayEntity attribute */ String getDisplayEntity(); /** * Assigns the value for the {@code DisplayEntity} attribute. - * - * @param displayEntity - * the entityID to assign + * + * @param displayEntity the entityID to assign */ void setDisplayEntity(final String displayEntity); /** * Returns the value of the {@code MimeType} attribute. - * + * * @return the MimeType attribute */ String getMimeType(); /** * Returns the value of the {@code MimeType} attribute as an enum. - * + * * @return the MimeType attribute */ SignMessageMimeTypeEnum getMimeTypeEnum(); /** * Assigns the {@code MimeType} attribute. - * - * @param mimeType - * the mime type to assign + * + * @param mimeType the mime type to assign */ void setMimeType(final String mimeType); /** * Assigns the {@code MimeType} attribute. - * - * @param mimeType - * the mime type as an enum to assign + * + * @param mimeType the mime type as an enum to assign */ void setMimeType(final SignMessageMimeTypeEnum mimeType); /** * Returns the {@code Message} element. - * + * * @return the Message element */ Message getMessage(); /** * Assigns the {@code Message} element. - * - * @param message - * the message to assign + * + * @param message the message to assign */ void setMessage(final Message message); /** * Returns the {@code EncryptedMessage} element. - * + * * @return the EncryptedMessage element */ EncryptedMessage getEncryptedMessage(); /** * Assigns the {@code EncryptedMessage} element. - * - * @param encryptedMessage - * the EncryptedMessage element to assign + * + * @param encryptedMessage the EncryptedMessage element to assign */ void setEncryptedMessage(final EncryptedMessage encryptedMessage); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/SignMessageMimeTypeEnum.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/SignMessageMimeTypeEnum.java index 77aa4c8..0a26fa4 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/SignMessageMimeTypeEnum.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/SignMessageMimeTypeEnum.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,7 +17,7 @@ /** * Enumeration that represents the possible values of the {@code MimeType} attribute of the {@link SignMessage} element. - * + * * @author Martin Lindström (martin@idsec.se) */ public enum SignMessageMimeTypeEnum { @@ -39,7 +39,7 @@ public enum SignMessageMimeTypeEnum { /** * Returns the string representation of the MIME type. - * + * * @return the MIME type */ public String getMimeType() { @@ -48,9 +48,8 @@ public String getMimeType() { /** * Parses the supplied MIME type into its corresponding enum value. - * - * @param mimeType - * the MIME type in string representation + * + * @param mimeType the MIME type in string representation * @return the enum value, or null if no match is found */ public static SignMessageMimeTypeEnum parse(final String mimeType) { @@ -64,9 +63,8 @@ public static SignMessageMimeTypeEnum parse(final String mimeType) { /** * Constructor. - * - * @param mimeType - * the MIME type + * + * @param mimeType the MIME type */ SignMessageMimeTypeEnum(final String mimeType) { this.mimeType = mimeType; diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/EncryptedMessageBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/EncryptedMessageBuilder.java index 358df93..5963c66 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/EncryptedMessageBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/EncryptedMessageBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,16 +21,16 @@ /** * Builder class for {@link EncryptedMessage}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class EncryptedMessageBuilder extends AbstractSAMLObjectBuilder { /** {@inheritDoc} */ @Override - public EncryptedMessage buildObject() { + public EncryptedMessage buildObject() { return buildObject(EncryptedMessage.DEFAULT_ELEMENT_NAME.getNamespaceURI(), - EncryptedMessage.DEFAULT_ELEMENT_NAME.getLocalPart(), EncryptedMessage.DEFAULT_ELEMENT_NAME.getPrefix()); + EncryptedMessage.DEFAULT_ELEMENT_NAME.getLocalPart(), EncryptedMessage.DEFAULT_ELEMENT_NAME.getPrefix()); } /** {@inheritDoc} */ diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/EncryptedMessageImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/EncryptedMessageImpl.java index 773c151..8e86b31 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/EncryptedMessageImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/EncryptedMessageImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,22 +21,20 @@ /** * Implementation of the {@link EncryptedMessage} interface. - * + * * @author Martin Lindström (martin@idsec.se) */ public class EncryptedMessageImpl extends EncryptedElementTypeImpl implements EncryptedMessage { /** * Constructor creating an EncryptedMessage object given the namespace URI, local element name and namespace prefix. - * - * @param namespaceURI - * the namespace URI. - * @param elementLocalName - * the element local name. - * @param namespacePrefix - * the name space prefix. - */ - protected EncryptedMessageImpl(final String namespaceURI, final String elementLocalName, final String namespacePrefix) { + * + * @param namespaceURI the namespace URI. + * @param elementLocalName the element local name. + * @param namespacePrefix the name space prefix. + */ + protected EncryptedMessageImpl(final String namespaceURI, final String elementLocalName, + final String namespacePrefix) { super(namespaceURI, elementLocalName, namespacePrefix); } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/MessageBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/MessageBuilder.java index 123c841..f90e7a5 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/MessageBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/MessageBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ /** * Builder class for {@link Message}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class MessageBuilder extends AbstractXMLObjectBuilder { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/MessageImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/MessageImpl.java index 30dd86d..e795cf2 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/MessageImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/MessageImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,28 +20,25 @@ import org.opensaml.core.xml.XMLRuntimeException; import org.opensaml.core.xml.schema.impl.XSBase64BinaryImpl; -import net.shibboleth.utilities.java.support.codec.Base64Support; -import net.shibboleth.utilities.java.support.codec.DecodingException; -import net.shibboleth.utilities.java.support.codec.EncodingException; +import net.shibboleth.shared.codec.Base64Support; +import net.shibboleth.shared.codec.DecodingException; +import net.shibboleth.shared.codec.EncodingException; import se.swedenconnect.opensaml.sweid.saml2.signservice.dss.Message; /** * Implementation of the {@link Message} interface. - * + * * @author Martin Lindström (martin@idsec.se) */ public class MessageImpl extends XSBase64BinaryImpl implements Message { /** * Constructor creating an Message object given the namespace URI, local element name and namespace prefix. - * - * @param namespaceURI - * the namespace URI. - * @param elementLocalName - * the element local name. - * @param namespacePrefix - * the name space prefix. - */ + * + * @param namespaceURI the namespace URI. + * @param elementLocalName the element local name. + * @param namespacePrefix the name space prefix. + */ protected MessageImpl(final String namespaceURI, final String elementLocalName, final String namespacePrefix) { super(namespaceURI, elementLocalName, namespacePrefix); } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageBuilder.java index 21124cc..6af8d10 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ /** * Builder class for {@link SignMessage}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SignMessageBuilder extends AbstractSAMLObjectBuilder { @@ -30,10 +30,10 @@ public class SignMessageBuilder extends AbstractSAMLObjectBuilder { @Override public SignMessage buildObject() { return buildObject(SignMessage.DEFAULT_ELEMENT_NAME.getNamespaceURI(), - SignMessage.DEFAULT_ELEMENT_NAME.getLocalPart(), SignMessage.DEFAULT_ELEMENT_NAME.getPrefix()); + SignMessage.DEFAULT_ELEMENT_NAME.getLocalPart(), SignMessage.DEFAULT_ELEMENT_NAME.getPrefix()); } - /** {@inheritDoc} */ + /** {@inheritDoc} */ @Override public SignMessage buildObject(final String namespaceURI, final String localName, final String namespacePrefix) { return new SignMessageImpl(namespaceURI, localName, namespacePrefix); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageImpl.java index a21dd37..d4eb5a9 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,7 +31,7 @@ /** * Implementation class for the {@link SignMessage} interface. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SignMessageImpl extends AbstractXMLObject implements SignMessage { @@ -50,19 +50,16 @@ public class SignMessageImpl extends AbstractXMLObject implements SignMessage { /** The encryptedMessage element. */ private EncryptedMessage encryptedMessage; - + /** "anyAttribute" attributes */ private final AttributeMap unknownAttributes; /** * Constructor creating an SignMessage object given the namespace URI, local element name and namespace prefix. - * - * @param namespaceURI - * the namespace URI. - * @param elementLocalName - * the element local name. - * @param namespacePrefix - * the name space prefix. + * + * @param namespaceURI the namespace URI. + * @param elementLocalName the element local name. + * @param namespacePrefix the name space prefix. */ public SignMessageImpl(final String namespaceURI, final String elementLocalName, final String namespacePrefix) { super(namespaceURI, elementLocalName, namespacePrefix); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageMarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageMarshaller.java index 553cf57..cc4484f 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageMarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageMarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,7 +24,7 @@ /** * Marshaller for the {@code SignMessage} element. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SignMessageMarshaller extends AbstractSAMLObjectMarshaller { @@ -33,10 +33,10 @@ public class SignMessageMarshaller extends AbstractSAMLObjectMarshaller { @Override protected void marshallAttributes(final XMLObject xmlObject, final Element domElement) throws MarshallingException { final SignMessage signMessage = (SignMessage) xmlObject; - + if (signMessage.isMustShowXSBoolean() != null) { - domElement.setAttributeNS(null, SignMessage.MUST_SHOW_ATTR_NAME, - signMessage.isMustShowXSBoolean().getValue().toString()); + domElement.setAttributeNS(null, SignMessage.MUST_SHOW_ATTR_NAME, + signMessage.isMustShowXSBoolean().getValue().toString()); } if (signMessage.getDisplayEntity() != null) { domElement.setAttributeNS(null, SignMessage.DISPLAY_ENTITY_ATTR_NAME, signMessage.getDisplayEntity()); @@ -45,12 +45,13 @@ protected void marshallAttributes(final XMLObject xmlObject, final Element domEl domElement.setAttributeNS(null, SignMessage.MIME_TYPE_ATTR_NAME, signMessage.getMimeType()); } - this.marshallUnknownAttributes(signMessage, domElement); + this.marshallUnknownAttributes(signMessage, domElement); } /** {@inheritDoc} */ @Override - protected void marshallElementContent(final XMLObject xmlObject, final Element domElement) throws MarshallingException { + protected void marshallElementContent(final XMLObject xmlObject, final Element domElement) + throws MarshallingException { super.marshallElementContent(xmlObject, domElement); } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageUnmarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageUnmarshaller.java index 12e92ff..841ab25 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageUnmarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/dss/impl/SignMessageUnmarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,7 +27,7 @@ /** * Unmarshaller for the {@code SignMessage} element. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SignMessageUnmarshaller extends AbstractSAMLObjectUnmarshaller { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/Parameter.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/Parameter.java index f3a8919..a588ab4 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/Parameter.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/Parameter.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,11 +22,11 @@ /** * Definition of the SAP {@code ParameterType} type. - * + * * The following schema fragment defines the {@code } element: - * + * * 
- * {@code 
+ * {@code
  * 
  *   
  *     
@@ -35,7 +35,7 @@
  *   
  * }
  *
- * + * * @author Martin Lindström (martin@idsec.se) */ public interface Parameter extends XSString, SAMLObject { @@ -57,16 +57,15 @@ public interface Parameter extends XSString, SAMLObject { /** * Returns the "Name" attribute. - * + * * @return the name attribute */ String getName(); /** * Assigns the name attribute. - * - * @param name - * the name attribute + * + * @param name the name attribute */ void setName(final String name); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/RequestParams.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/RequestParams.java index 7c81b82..5ad3fda 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/RequestParams.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/RequestParams.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ /** * Representation of the {@code RequestParam} element. - * + * * @author Martin Lindström (martin@idsec.se) */ public interface RequestParams extends SAMLObject { @@ -36,7 +36,7 @@ public interface RequestParams extends SAMLObject { /** * Returns a reference to the list of parameters. - * + * * @return a list of parameters */ List getParameters(); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SAD.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SAD.java index 8d8f152..7ee7dbf 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SAD.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SAD.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,8 +25,8 @@ import com.fasterxml.jackson.databind.ObjectMapper; /** - * Representation of the Signature Activation Data (SAD) as described in the - * "Signature Activation Protocol for Federated Signing" specification. + * Representation of the Signature Activation Data (SAD) as described in the "Signature Activation Protocol for + * Federated Signing" specification. * * @author Martin Lindström (martin@idsec.se) */ @@ -66,12 +66,10 @@ public class SAD { /** * Creates a {@code SAD} object from its JSON representation. - * - * @param json - * the JSON representation + * + * @param json the JSON representation * @return a {@code SAD} object - * @throws IOException - * for parsing errors + * @throws IOException for parsing errors */ public static SAD fromJson(final String json) throws IOException { return jsonMapper.readValue(json, SAD.class); @@ -79,10 +77,9 @@ public static SAD fromJson(final String json) throws IOException { /** * Serializes the SAD object into its JSON representation. - * + * * @return the JSON representation - * @throws IOException - * for processing errors + * @throws IOException for processing errors */ public String toJson() throws IOException { return jsonMapper.writeValueAsString(this); @@ -90,10 +87,9 @@ public String toJson() throws IOException { /** * Serializes the SAD object into its JSON byte representation. - * + * * @return the JSON bytes - * @throws IOException - * for processing errors + * @throws IOException for processing errors */ public byte[] toJsonBytes() throws IOException { return jsonMapper.writeValueAsBytes(this); @@ -101,7 +97,7 @@ public byte[] toJsonBytes() throws IOException { /** * Returns the attribute value of the signer's unique identifier attribute. - * + * * @return the user ID */ public String getSubject() { @@ -110,9 +106,8 @@ public String getSubject() { /** * Assigns the attribute value of the signer's unique identifier attribute. - * - * @param subject - * the user ID + * + * @param subject the user ID */ public void setSubject(final String subject) { this.subject = subject; @@ -120,7 +115,7 @@ public void setSubject(final String subject) { /** * Returns the entityID of the Signature Service which is the recipient of this SAD. - * + * * @return the entityID of the recipient */ public String getAudience() { @@ -129,9 +124,8 @@ public String getAudience() { /** * Assigns the entityID of the Signature Service which is the recipient of this SAD. - * - * @param audience - * the entityID of the recipient + * + * @param audience the entityID of the recipient */ public void setAudience(final String audience) { this.audience = audience; @@ -139,7 +133,7 @@ public void setAudience(final String audience) { /** * Returns the entityID of the IdP that generated this SAD. - * + * * @return the IdP entityID */ public String getIssuer() { @@ -148,9 +142,8 @@ public String getIssuer() { /** * Assigns the entityID of the IdP that generated this SAD. - * - * @param issuer - * the IdP entityID + * + * @param issuer the IdP entityID */ public void setIssuer(final String issuer) { this.issuer = issuer; @@ -158,7 +151,7 @@ public void setIssuer(final String issuer) { /** * Returns the time when this SAD is no longer valid (epoch time/seconds since 1970-01-01). - * + * * @return number of seconds since 1970-01-01 */ public Integer getExpiry() { @@ -167,7 +160,7 @@ public Integer getExpiry() { /** * Returns the time when this SAD is no longer valid as a {@link Instant} instance. - * + * * @return expiration time */ @JsonIgnore @@ -177,9 +170,8 @@ public Instant getExpiryDateTime() { /** * Assigns the time when this SAD is no longer valid (epoch time/seconds since 1970-01-01). - * - * @param expiry - * number of seconds since 1970-01-01 + * + * @param expiry number of seconds since 1970-01-01 */ public void setExpiry(final Integer expiry) { this.expiry = expiry; @@ -187,9 +179,8 @@ public void setExpiry(final Integer expiry) { /** * Assigns the time when this SAD is no longer valid. - * - * @param expiry - * expiration time + * + * @param expiry expiration time */ @JsonIgnore public void setExpiry(final Instant expiry) { @@ -198,7 +189,7 @@ public void setExpiry(final Instant expiry) { /** * Returns the time when this SAD was issued (epoch time/seconds since 1970-01-01). - * + * * @return number of seconds since 1970-01-01 */ public Integer getIssuedAt() { @@ -207,7 +198,7 @@ public Integer getIssuedAt() { /** * Returns the time when this SAD was issued as a {@link Instant} instance. - * + * * @return timestamp */ @JsonIgnore @@ -217,9 +208,8 @@ public Instant getIssuedAtDateTime() { /** * Assigns the time when this SAD was issued (epoch time/seconds since 1970-01-01). - * - * @param issuedAt - * number of seconds since 1970-01-01 + * + * @param issuedAt number of seconds since 1970-01-01 */ public void setIssuedAt(final Integer issuedAt) { this.issuedAt = issuedAt; @@ -227,9 +217,8 @@ public void setIssuedAt(final Integer issuedAt) { /** * Assigns the time when this SAD was issued. - * - * @param issuedAt - * issue time + * + * @param issuedAt issue time */ @JsonIgnore public void setIssuedAt(final Instant issuedAt) { @@ -238,7 +227,7 @@ public void setIssuedAt(final Instant issuedAt) { /** * Returns the unique identifier of this JWT. - * + * * @return JWT ID */ public String getJwtId() { @@ -247,9 +236,8 @@ public String getJwtId() { /** * Assigns the unique identifier of this JWT. - * - * @param jwtId - * JWT ID + * + * @param jwtId JWT ID */ public void setJwtId(final String jwtId) { this.jwtId = jwtId; @@ -257,7 +245,7 @@ public void setJwtId(final String jwtId) { /** * Returns the SAD extension claim. - * + * * @return SAD extension claim */ public Extension getSeElnSadext() { @@ -266,9 +254,8 @@ public Extension getSeElnSadext() { /** * Assigns the SAD extension claim. - * - * @param seElnSadext - * SAD extension claim + * + * @param seElnSadext SAD extension claim */ public void setSeElnSadext(final Extension seElnSadext) { this.seElnSadext = seElnSadext; @@ -278,7 +265,7 @@ public void setSeElnSadext(final Extension seElnSadext) { @Override public String toString() { return String.format("sub='%s', aud='%s', iss='%s', exp='%s', iss='%s', jti='%s', seElnSadext=[%s]", - this.subject, this.audience, this.issuer, this.expiry, this.issuedAt, this.jwtId, this.seElnSadext); + this.subject, this.audience, this.issuer, this.expiry, this.issuedAt, this.jwtId, this.seElnSadext); } /** {@inheritDoc} */ @@ -369,8 +356,8 @@ else if (!this.subject.equals(other.subject)) { } /** - * Represents the SAD Extension claim as described in section 3.2.1.2 of the - * "Signature Activation Protocol for Federated Signing" specification. + * Represents the SAD Extension claim as described in section 3.2.1.2 of the "Signature Activation Protocol for + * Federated Signing" specification. * * @author Martin Lindström (martin@idsec.se) */ @@ -428,8 +415,7 @@ public SADVersion getSADVersion() { /** * Assigns the version of this claim. * - * @param version - * the version + * @param version the version */ public void setVersion(final String version) { this.version = version; @@ -447,8 +433,7 @@ public String getInResponseTo() { /** * Assigns the ID of the {@code SADRequest} message that requested this SAD. * - * @param inResponseTo - * ID of corresponding {@code SADRequest} + * @param inResponseTo ID of corresponding {@code SADRequest} */ public void setInResponseTo(final String inResponseTo) { this.inResponseTo = inResponseTo; @@ -466,8 +451,7 @@ public String getAttributeName() { /** * Assigns the URI identifier (attribute name) of the attribute specifying the user's unique identifier value. * - * @param attributeName - * attribute name for the user ID attribute value + * @param attributeName attribute name for the user ID attribute value */ public void setAttributeName(final String attributeName) { this.attributeName = attributeName; @@ -485,8 +469,7 @@ public String getLoa() { /** * Assigns the URI identifier of the level of assurance (LoA) used to authenticate the signer. * - * @param loa - * LoA URI + * @param loa LoA URI */ public void setLoa(final String loa) { this.loa = loa; @@ -504,8 +487,7 @@ public String getRequestID() { /** * Assigns the ID of the Sign Request associated with this SAD. * - * @param requestID - * SignRequest ID + * @param requestID SignRequest ID */ public void setRequestID(final String requestID) { this.requestID = requestID; @@ -523,8 +505,7 @@ public Integer getNumberOfDocuments() { /** * Assigns the number of documents to be signed in the associated sign request. * - * @param numberOfDocuments - * the number of documents to be signed + * @param numberOfDocuments the number of documents to be signed */ public void setNumberOfDocuments(final Integer numberOfDocuments) { this.numberOfDocuments = numberOfDocuments; @@ -534,7 +515,7 @@ public void setNumberOfDocuments(final Integer numberOfDocuments) { @Override public String toString() { return String.format("ver='%s', irt='%s', attr='%s', loa='%s', reqid='%s', docs='%d'", - this.version, this.inResponseTo, this.attributeName, this.loa, this.requestID, this.numberOfDocuments); + this.version, this.inResponseTo, this.attributeName, this.loa, this.requestID, this.numberOfDocuments); } /** {@inheritDoc} */ diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADRequest.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADRequest.java index 359c248..bae60e9 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADRequest.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ /** * Definitions of the SADRequest type: - * + * *

* The SAD Request is provided in a {@code } element. The element has the following elements and * attributes: @@ -29,7 +29,7 @@ *

*
{@code RequesterID} [Required]
*
Specifies the SAML entityID of the requesting entity. The value for this element should be the same identifier as - * given in the {@code } element of the {@code } that encapsulates the {@code + * given in the {@code } element of the {@code } that encapsulates the {@code * } extension.
*
{@code SignRequestID} [Required]
*
Specifies the value of the RequestID attribute of the associated SignRequest.
@@ -44,13 +44,13 @@ *
{@code ID}
*
Attribute holding an unique identifier for the {@code SADRequest}.
*
- * + * * The following schema fragment defines the {@code } element: - * + * * 
- * {@code 
+ * {@code
  * 
- * 
+ *
  * 
  *   
  *     
@@ -68,7 +68,7 @@
  *   
  * }
  *
- * + * * @author Martin Lindström (martin@idsec.se) */ public interface SADRequest extends SAMLObject { @@ -102,91 +102,85 @@ public interface SADRequest extends SAMLObject { /** * Returns the ID attribute of this {@code SADRequest}. - * + * * @return the ID of this SAD request */ String getID(); /** * Assigns the ID of this {@code SADRequest}. - * - * @param id - * the ID of this SAD request + * + * @param id the ID of this SAD request */ public void setID(final String id); /** * Returns the requester ID (entityID of the SP requesting the SAD). - * + * * @return the entityID of the requester */ String getRequesterID(); /** * Assigns the requester ID (entityID of the SP requesting the SAD). - * - * @param requesterID - * the entityID of the requester + * + * @param requesterID the entityID of the requester */ void setRequesterID(final String requesterID); /** * Returns the value of the {@code RequestID} attribute of the associated {@code SignRequest}. - * + * * @return the signature request ID */ String getSignRequestID(); /** * Assigns the value of the {@code RequestID} attribute of the associated {@code SignRequest}. - * - * @param signRequestID - * the signature request ID + * + * @param signRequestID the signature request ID */ void setSignRequestID(final String signRequestID); /** * Returns the number of requested signatures in the associated sign request. - * + * * @return the document count */ Integer getDocCount(); /** * Assigns the number of requested signatures in the associated sign request. - * - * @param docCount - * the document count + * + * @param docCount the document count */ void setDocCount(final Integer docCount); /** * Returns the requested version of the SAD. - * + * * @return the SAD version */ SADVersion getRequestedVersion(); /** * Assigns the requested version of the SAD. - * - * @param sadVersion - * the SAD version + * + * @param sadVersion the SAD version */ void setRequestedVersion(final SADVersion sadVersion); /** * Returns the {@code RequestParams} element. - * + * * @return the RequestParams, or null */ RequestParams getRequestParams(); /** * Assigns the {@code RequestParams} element. - * - * @param requestParams - * the RequestParams + * + * @param requestParams the RequestParams */ void setRequestParams(final RequestParams requestParams); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADVersion.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADVersion.java index bc0c1de..11fb328 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADVersion.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADVersion.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,7 +17,7 @@ /** * A type safe SAD version enumeration. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SADVersion { @@ -36,11 +36,9 @@ public class SADVersion { /** * Constructor. - * - * @param major - * SAD major version number - * @param minor - * SAD minor version number + * + * @param major SAD major version number + * @param minor SAD minor version number */ private SADVersion(final int major, final int minor) { this.majorVersion = major; @@ -51,12 +49,10 @@ private SADVersion(final int major, final int minor) { /** * Gets the SADVersion given the major and minor version number. - * - * @param majorVersion - * major version number - * @param minorVersion - * minor version number - * + * + * @param majorVersion major version number + * @param minorVersion minor version number + * * @return the SADVersion */ public static SADVersion valueOf(final int majorVersion, final int minorVersion) { @@ -71,10 +67,9 @@ public static SADVersion valueOf(final int majorVersion, final int minorVersion) /** * Gets the SADVersion for a given version string, such as "1.0". - * - * @param version - * SAD version string - * + * + * @param version SAD version string + * * @return SADVersion for the given string */ public static SADVersion valueOf(final String version) { @@ -84,7 +79,7 @@ public static SADVersion valueOf(final String version) { /** * Gets the major version of the SAD version. - * + * * @return the major version of the SAD version */ public int getMajorVersion() { @@ -93,7 +88,7 @@ public int getMajorVersion() { /** * Gets the minor version of the SAD version. - * + * * @return the minor version of the SAD version */ public int getMinorVersion() { @@ -101,6 +96,7 @@ public int getMinorVersion() { } /** {@inheritDoc} */ + @Override public String toString() { return this.versionString; } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SAPConstants.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SAPConstants.java index 512ddaf..618723a 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SAPConstants.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SAPConstants.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,18 +17,18 @@ /** * Defines constants for the "Signature Activation Protocol for Federated Signing" specification. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SAPConstants { /** Namespace prefix for the SAP namespace. */ public static final String SAP_NS_PREFIX = "sap"; - + /** The namespace for the Signature Activation Protocol. */ public static final String SAP_NS = "http://id.elegnamnden.se/csig/1.1/sap/ns"; - - private SAPConstants() { + + private SAPConstants() { } - + } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterBuilder.java index ec2ed14..2c6edf5 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ /** * Builder for {@link Parameter}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class ParameterBuilder extends AbstractSAMLObjectBuilder { @@ -30,7 +30,7 @@ public class ParameterBuilder extends AbstractSAMLObjectBuilder { @Override public Parameter buildObject() { return this.buildObject(Parameter.DEFAULT_ELEMENT_NAME.getNamespaceURI(), Parameter.DEFAULT_ELEMENT_LOCAL_NAME, - Parameter.DEFAULT_ELEMENT_NAME.getPrefix()); + Parameter.DEFAULT_ELEMENT_NAME.getPrefix()); } /** {@inheritDoc} */ diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterImpl.java index f1a8715..1ab332a 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,24 +21,21 @@ /** * Implementation class for {@link Parameter}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class ParameterImpl extends XSStringImpl implements Parameter { - + /** The name attribute. */ private String name; - + /** * Constructor. - * - * @param namespaceURI - * the namespace the element is in - * @param elementLocalName - * the local name of the XML element this Object represents - * @param namespacePrefix - * the prefix for the given namespace - */ + * + * @param namespaceURI the namespace the element is in + * @param elementLocalName the local name of the XML element this Object represents + * @param namespacePrefix the prefix for the given namespace + */ protected ParameterImpl(final String namespaceURI, final String elementLocalName, final String namespacePrefix) { super(namespaceURI, elementLocalName, namespacePrefix); } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterMarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterMarshaller.java index ce31076..27e1342 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterMarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterMarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,7 +24,7 @@ /** * A marshaller for {@link Parameter}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class ParameterMarshaller extends XSStringMarshaller { @@ -35,7 +35,7 @@ public class ParameterMarshaller extends XSStringMarshaller { @Override protected void marshallAttributes(final XMLObject xmlObject, final Element domElement) throws MarshallingException { final Parameter p = (Parameter) xmlObject; - + if (p.getName() != null) { domElement.setAttributeNS(null, Parameter.NAME_ATTR_NAME, p.getName()); } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterUnmarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterUnmarshaller.java index 4d7114e..4eb3740 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterUnmarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/ParameterUnmarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,20 +24,18 @@ /** * Unmarshaller for {@link Parameter}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class ParameterUnmarshaller extends XSStringUnmarshaller { @Override - protected void processAttribute(final XMLObject xmlObject, final Attr attribute) throws UnmarshallingException { + protected void processAttribute(final XMLObject xmlObject, final Attr attribute) throws UnmarshallingException { final Parameter p = (Parameter) xmlObject; - + if (Parameter.NAME_ATTR_NAME.equalsIgnoreCase(attribute.getLocalName())) { p.setName(attribute.getValue()); } } - - } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsBuilder.java index bb7debe..30518a6 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ /** * Builder for {@link RequestParams}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class RequestParamsBuilder extends AbstractSAMLObjectBuilder { @@ -29,8 +29,9 @@ public class RequestParamsBuilder extends AbstractSAMLObjectBuilder parameters; /** * Constructor. - * - * @param namespaceURI - * name space - * @param elementLocalName - * local name - * @param namespacePrefix - * prefix - */ + * + * @param namespaceURI name space + * @param elementLocalName local name + * @param namespacePrefix prefix + */ protected RequestParamsImpl(final String namespaceURI, final String elementLocalName, final String namespacePrefix) { super(namespaceURI, elementLocalName, namespacePrefix); this.parameters = new XMLObjectChildrenList(this); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsMarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsMarshaller.java index db24fad..82e0062 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsMarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsMarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ /** * Marshaller for {@link RequestParams}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class RequestParamsMarshaller extends AbstractSAMLObjectMarshaller { diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsUnmarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsUnmarshaller.java index ac12bd0..7fb56bb 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsUnmarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/RequestParamsUnmarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,13 +24,15 @@ /** * Unmarshaller for {@link RequestParams}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class RequestParamsUnmarshaller extends AbstractSAMLObjectUnmarshaller { /** {@inheritDoc} */ - protected void processChildElement(final XMLObject parentSAMLObject, final XMLObject childSAMLObject) throws UnmarshallingException { + @Override + protected void processChildElement(final XMLObject parentSAMLObject, final XMLObject childSAMLObject) + throws UnmarshallingException { final RequestParams params = (RequestParams) parentSAMLObject; if (childSAMLObject instanceof Parameter) { @@ -40,5 +42,5 @@ protected void processChildElement(final XMLObject parentSAMLObject, final XMLOb super.processChildElement(parentSAMLObject, childSAMLObject); } } - + } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestBuilder.java index 3929c16..5e75f55 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ /** * Builder for {@link SADRequest}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SADRequestBuilder extends AbstractSAMLObjectBuilder { @@ -30,7 +30,7 @@ public class SADRequestBuilder extends AbstractSAMLObjectBuilder { @Override public SADRequest buildObject() { return this.buildObject(SADRequest.DEFAULT_ELEMENT_NAME.getNamespaceURI(), SADRequest.DEFAULT_ELEMENT_LOCAL_NAME, - SADRequest.DEFAULT_ELEMENT_NAME.getPrefix()); + SADRequest.DEFAULT_ELEMENT_NAME.getPrefix()); } /** {@inheritDoc} */ diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestImpl.java index 9916fb0..c74ce34 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,7 +31,7 @@ /** * Implementation class for the {@link SADRequest} interface. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SADRequestImpl extends AbstractXMLObject implements SADRequest { @@ -56,13 +56,10 @@ public class SADRequestImpl extends AbstractXMLObject implements SADRequest { /** * Constructor. - * - * @param namespaceURI - * the namespace the element is in - * @param elementLocalName - * the local name of the XML element this Object represents - * @param namespacePrefix - * the prefix for the given namespace + * + * @param namespaceURI the namespace the element is in + * @param elementLocalName the local name of the XML element this Object represents + * @param namespacePrefix the prefix for the given namespace */ protected SADRequestImpl(final String namespaceURI, final String elementLocalName, final String namespacePrefix) { super(namespaceURI, elementLocalName, namespacePrefix); @@ -119,7 +116,7 @@ public void setRequesterID(final String requesterID) { XSString id = null; if (requesterID != null) { id = (new XSStringBuilder()).buildObject( - this.getElementQName().getNamespaceURI(), REQUESTER_ID_LOCAL_NAME, this.getElementQName().getPrefix()); + this.getElementQName().getNamespaceURI(), REQUESTER_ID_LOCAL_NAME, this.getElementQName().getPrefix()); id.setValue(requesterID); } this.setRequesterID(id); @@ -127,9 +124,8 @@ public void setRequesterID(final String requesterID) { /** * Assigns the requester ID as a {@code XSString} string type. - * - * @param requesterID - * the requester ID + * + * @param requesterID the requester ID */ public void setRequesterID(final XSString requesterID) { this.requesterID = this.prepareForAssignment(this.requesterID, requesterID); @@ -147,7 +143,7 @@ public void setSignRequestID(final String signRequestID) { XSString id = null; if (signRequestID != null) { id = (new XSStringBuilder()).buildObject( - this.getElementQName().getNamespaceURI(), SIGN_REQUEST_ID_LOCAL_NAME, this.getElementQName().getPrefix()); + this.getElementQName().getNamespaceURI(), SIGN_REQUEST_ID_LOCAL_NAME, this.getElementQName().getPrefix()); id.setValue(signRequestID); } this.setSignRequestID(id); @@ -155,9 +151,8 @@ public void setSignRequestID(final String signRequestID) { /** * Assigns the sign request as a {@code XSString} string type. - * - * @param signRequestID - * the sign request id + * + * @param signRequestID the sign request id */ public void setSignRequestID(final XSString signRequestID) { this.signRequestID = this.prepareForAssignment(this.signRequestID, signRequestID); @@ -175,7 +170,7 @@ public void setDocCount(final Integer docCount) { XSInteger count = null; if (docCount != null) { count = (new XSIntegerBuilder()).buildObject( - this.getElementQName().getNamespaceURI(), DOC_COUNT_LOCAL_NAME, this.getElementQName().getPrefix()); + this.getElementQName().getNamespaceURI(), DOC_COUNT_LOCAL_NAME, this.getElementQName().getPrefix()); count.setValue(docCount); } this.setDocCount(count); @@ -183,9 +178,8 @@ public void setDocCount(final Integer docCount) { /** * Assigns the {@code DocCount} element. - * - * @param docCount - * the document count + * + * @param docCount the document count */ public void setDocCount(final XSInteger docCount) { this.docCount = this.prepareForAssignment(this.docCount, docCount); @@ -195,7 +189,8 @@ public void setDocCount(final XSInteger docCount) { @Override public SADVersion getRequestedVersion() { return this.requestedVersion != null && this.requestedVersion.getValue() != null - ? SADVersion.valueOf(this.requestedVersion.getValue()) : SADVersion.VERSION_10; + ? SADVersion.valueOf(this.requestedVersion.getValue()) + : SADVersion.VERSION_10; } /** {@inheritDoc} */ @@ -204,7 +199,7 @@ public void setRequestedVersion(final SADVersion sadVersion) { XSString ver = null; if (sadVersion != null) { ver = (new XSStringBuilder()).buildObject( - this.getElementQName().getNamespaceURI(), REQUESTED_VERSION_LOCAL_NAME, this.getElementQName().getPrefix()); + this.getElementQName().getNamespaceURI(), REQUESTED_VERSION_LOCAL_NAME, this.getElementQName().getPrefix()); ver.setValue(sadVersion.toString()); } this.setRequestedVersion(ver); @@ -212,9 +207,8 @@ public void setRequestedVersion(final SADVersion sadVersion) { /** * Assigns the requested version as a string. - * - * @param sadVersion - * the requested SAD version + * + * @param sadVersion the requested SAD version */ public void setRequestedVersion(final XSString sadVersion) { this.requestedVersion = this.prepareForAssignment(this.requestedVersion, sadVersion); diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestMarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestMarshaller.java index 3be6931..f0f9bbc 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestMarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestMarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,12 +24,13 @@ /** * Marshaller for {@link SADRequest}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SADRequestMarshaller extends AbstractSAMLObjectMarshaller { /** {@inheritDoc} */ + @Override protected void marshallAttributes(final XMLObject samlObject, final Element domElement) throws MarshallingException { final SADRequest sadRequest = (SADRequest) samlObject; @@ -38,5 +39,5 @@ protected void marshallAttributes(final XMLObject samlObject, final Element domE domElement.setIdAttributeNS(null, SADRequest.ID_ATTRIB_NAME, true); } } - + } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestUnmarshaller.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestUnmarshaller.java index 455cd73..ba0cde2 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestUnmarshaller.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/impl/SADRequestUnmarshaller.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -30,25 +30,25 @@ /** * Unmarshaller for {@link SADRequest}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SADRequestUnmarshaller extends AbstractSAMLObjectUnmarshaller { /** {@inheritDoc} */ @Override - protected void processChildElement(final XMLObject parentSAMLObject, final XMLObject childSAMLObject) + protected void processChildElement(final XMLObject parentSAMLObject, final XMLObject childSAMLObject) throws UnmarshallingException { final SADRequest sadRequest = (SADRequest) parentSAMLObject; final QName requesterIdQName = new QName(sadRequest.getElementQName().getNamespaceURI(), - SADRequest.REQUESTER_ID_LOCAL_NAME, sadRequest.getElementQName().getPrefix()); + SADRequest.REQUESTER_ID_LOCAL_NAME, sadRequest.getElementQName().getPrefix()); final QName signRequestIdQName = new QName(sadRequest.getElementQName().getNamespaceURI(), - SADRequest.SIGN_REQUEST_ID_LOCAL_NAME, sadRequest.getElementQName().getPrefix()); + SADRequest.SIGN_REQUEST_ID_LOCAL_NAME, sadRequest.getElementQName().getPrefix()); final QName docCountQName = new QName(sadRequest.getElementQName().getNamespaceURI(), - SADRequest.DOC_COUNT_LOCAL_NAME, sadRequest.getElementQName().getPrefix()); + SADRequest.DOC_COUNT_LOCAL_NAME, sadRequest.getElementQName().getPrefix()); final QName requestedVersionQName = new QName(sadRequest.getElementQName().getNamespaceURI(), - SADRequest.REQUESTED_VERSION_LOCAL_NAME, sadRequest.getElementQName().getPrefix()); + SADRequest.REQUESTED_VERSION_LOCAL_NAME, sadRequest.getElementQName().getPrefix()); if ((childSAMLObject instanceof XSString) && requesterIdQName.equals(childSAMLObject.getElementQName())) { if (sadRequest instanceof SADRequestImpl) { @@ -91,6 +91,7 @@ else if (childSAMLObject instanceof RequestParams) { } /** {@inheritDoc} */ + @Override protected void processAttribute(final XMLObject samlObject, final Attr attribute) throws UnmarshallingException { final SADRequest sadRequest = (SADRequest) samlObject; diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAssertionValidationParametersBuilder.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAssertionValidationParametersBuilder.java index c84b353..4514294 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAssertionValidationParametersBuilder.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAssertionValidationParametersBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2021 Sweden Connect + * Copyright 2021-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,7 +29,7 @@ /** * An extension to {@link AbstractAssertionValidationParametersBuilder} setting defaults according to the Swedish eID * Framework. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SwedishEidAssertionValidationParametersBuilder @@ -37,7 +37,7 @@ public class SwedishEidAssertionValidationParametersBuilder /** * Utility method that returns a builder instance. - * + * * @return a builder */ public static SwedishEidAssertionValidationParametersBuilder builder() { @@ -50,7 +50,8 @@ public ValidationContext build() { this.addStaticParameterIfMissing(SAML2AssertionValidationParameters.SC_RECIPIENT_REQUIRED, Boolean.TRUE); this.addStaticParameterIfMissing(SAML2AssertionValidationParameters.SC_NOT_ON_OR_AFTER_REQUIRED, Boolean.TRUE); this.addStaticParameterIfMissing(SAML2AssertionValidationParameters.SC_IN_RESPONSE_TO_REQUIRED, Boolean.TRUE); - final Boolean addressRequired = (Boolean) this.getStaticParameter(SAML2AssertionValidationParameters.SC_ADDRESS_REQUIRED); + final Boolean addressRequired = + (Boolean) this.getStaticParameter(SAML2AssertionValidationParameters.SC_ADDRESS_REQUIRED); if (addressRequired != null && addressRequired.booleanValue()) { if (this.getStaticParameter(SAML2AssertionValidationParameters.SC_VALID_ADDRESSES) == null) { // Nothing to compare with ... @@ -73,8 +74,7 @@ public ValidationContext build() { } } this.addStaticParameterIfMissing(SwedishEidAttributeStatementValidator.SCOPED_ATTRIBUTES, - Collections.singletonList(AttributeConstants.ATTRIBUTE_NAME_ORG_AFFILIATION)); - + Collections.singletonList(AttributeConstants.ATTRIBUTE_NAME_ORG_AFFILIATION)); return super.build(); } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAssertionValidator.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAssertionValidator.java index 2f17b7b..3f0580f 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAssertionValidator.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAssertionValidator.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -44,12 +44,12 @@ /** * An assertion validator that makes checks based on what is required by the Swedish eID Framework. - * + * *

* Apart from the validation parameters documented for {@link AssertionValidator}, the following static parameters are * handled: *

- * + * *
    *
  • {@link SAML2AssertionValidationParameters#SC_VALID_ADDRESSES}: Optional. If the set of {@link InetAddress} * objects are given, the Address-attribute found in the Subject confirmation will be compared against these.
    • @@ -57,7 +57,7 @@ *
  • {@link SAML2AssertionValidationParameters#COND_VALID_AUDIENCES}: Required. A set of valid audiences of the * assertion.
    • *
- * + * * @author Martin Lindström (martin@idsec.se) */ public class SwedishEidAssertionValidator extends AssertionValidator { @@ -74,32 +74,26 @@ public class SwedishEidAssertionValidator extends AssertionValidator { *
  • statementValidators: {@link SwedishEidAuthnStatementValidator}, * {@link SwedishEidAttributeStatementValidator}.
    • * - * - * @param trustEngine - * the trust used to validate the object's signature - * @param signaturePrevalidator - * the signature pre-validator used to pre-validate the object's signature + * + * @param trustEngine the trust used to validate the object's signature + * @param signaturePrevalidator the signature pre-validator used to pre-validate the object's signature */ - public SwedishEidAssertionValidator(final SignatureTrustEngine trustEngine, final SignaturePrevalidator signaturePrevalidator) { + public SwedishEidAssertionValidator(final SignatureTrustEngine trustEngine, + final SignaturePrevalidator signaturePrevalidator) { this(trustEngine, signaturePrevalidator, - Arrays.asList(new BearerSubjectConfirmationValidator(), new HolderOfKeySubjectConfirmationValidator()), - Arrays.asList(new AudienceRestrictionConditionValidator()), - Arrays.asList(new SwedishEidAuthnStatementValidator(), new SwedishEidAttributeStatementValidator())); + Arrays.asList(new BearerSubjectConfirmationValidator(), new HolderOfKeySubjectConfirmationValidator()), + Arrays.asList(new AudienceRestrictionConditionValidator()), + Arrays.asList(new SwedishEidAuthnStatementValidator(), new SwedishEidAttributeStatementValidator())); } /** * Constructor. - * - * @param trustEngine - * the trust used to validate the object's signature - * @param signaturePrevalidator - * the signature pre-validator used to pre-validate the object's signature - * @param confirmationValidators - * validators used to validate SubjectConfirmation methods within the assertion - * @param conditionValidators - * validators used to validate the Condition elements within the assertion - * @param statementValidators - * validators used to validate Statements within the assertion + * + * @param trustEngine the trust used to validate the object's signature + * @param signaturePrevalidator the signature pre-validator used to pre-validate the object's signature + * @param confirmationValidators validators used to validate SubjectConfirmation methods within the assertion + * @param conditionValidators validators used to validate the Condition elements within the assertion + * @param statementValidators validators used to validate Statements within the assertion */ public SwedishEidAssertionValidator( final SignatureTrustEngine trustEngine, @@ -120,20 +114,20 @@ public SwedishEidAssertionValidator( protected ValidationResult validateSubject(final Assertion assertion, final ValidationContext context) { if (assertion.getSubject() == null) { - context.setValidationFailureMessage("Missing Subject element in Assertion"); + context.getValidationFailureMessages().add("Missing Subject element in Assertion"); return ValidationResult.INVALID; } // Assert that there is a NameID ... // if (assertion.getSubject().getNameID() == null) { - context.setValidationFailureMessage("Missing NameID in Subject element of Assertion"); + context.getValidationFailureMessages().add("Missing NameID in Subject element of Assertion"); return ValidationResult.INVALID; } // And that it holds a value ... // if (assertion.getSubject().getNameID().getValue() == null) { - context.setValidationFailureMessage("Missing NameID value in Subject element of Assertion"); + context.getValidationFailureMessages().add("Missing NameID value in Subject element of Assertion"); return ValidationResult.INVALID; } // Also check that it is persistent or transient ... @@ -141,46 +135,49 @@ protected ValidationResult validateSubject(final Assertion assertion, final Vali if (assertion.getSubject().getNameID().getFormat() == null) { final String msg = "NameID element of Assertion/@Subject is missing Format attribute"; if (isStrictValidation(context)) { - context.setValidationFailureMessage(msg); + context.getValidationFailureMessages().add(msg); return ValidationResult.INVALID; } else { - log.warn(msg); + log.info(msg); } } else { final String format = assertion.getSubject().getNameID().getFormat(); if (!(format.equals(NameID.PERSISTENT) || format.equals(NameID.TRANSIENT))) { - final String msg = String.format("NameID format in Subject of Assertion is not valid (%s) - '%s' or '%s' is required", - format, NameID.PERSISTENT, NameID.TRANSIENT); + final String msg = + String.format("NameID format in Subject of Assertion is not valid (%s) - '%s' or '%s' is required", + format, NameID.PERSISTENT, NameID.TRANSIENT); if (isStrictValidation(context)) { - context.setValidationFailureMessage(msg); + context.getValidationFailureMessages().add(msg); return ValidationResult.INVALID; } else { - log.warn(msg); + log.info(msg); } } } final List confirmations = assertion.getSubject().getSubjectConfirmations(); if (confirmations == null || confirmations.isEmpty()) { - context.setValidationFailureMessage("Assertion/@Subject element contains no SubjectConfirmation elements - invalid"); + context.getValidationFailureMessages().add( + "Assertion/@Subject element contains no SubjectConfirmation elements - invalid"); return ValidationResult.INVALID; } // We require the bearer method ... // final boolean hokProfileActive = Optional.ofNullable(context.getDynamicParameters().get(HOK_PROFILE_ACTIVE)) - .map(Boolean.class::cast).orElse(Boolean.FALSE); - + .map(Boolean.class::cast).orElse(Boolean.FALSE); + if (!hokProfileActive) { boolean bearerFound = confirmations.stream() - .filter(s -> SubjectConfirmation.METHOD_BEARER.equals(s.getMethod())).findFirst().isPresent(); + .filter(s -> SubjectConfirmation.METHOD_BEARER.equals(s.getMethod())).findFirst().isPresent(); if (!bearerFound) { - final String msg = String.format("No SubjectConfirmation with method '%s' is available under Assertion's Subject element", - SubjectConfirmation.METHOD_BEARER); - context.setValidationFailureMessage(msg); + final String msg = + String.format("No SubjectConfirmation with method '%s' is available under Assertion's Subject element", + SubjectConfirmation.METHOD_BEARER); + context.getValidationFailureMessages().add(msg); return ValidationResult.INVALID; } } @@ -195,28 +192,29 @@ protected ValidationResult validateSubject(final Assertion assertion, final Vali protected ValidationResult validateConditions(final Assertion assertion, final ValidationContext context) { if (assertion.getConditions() == null) { - context.setValidationFailureMessage("Missing Conditions element in Assertion"); + context.getValidationFailureMessages().add("Missing Conditions element in Assertion"); return ValidationResult.INVALID; } // Assert that the NotBefore is there ... // if (assertion.getConditions().getNotBefore() == null) { - context.setValidationFailureMessage("Missing NotBefore attribute of Conditions element in Assertion"); + context.getValidationFailureMessages().add("Missing NotBefore attribute of Conditions element in Assertion"); return ValidationResult.INVALID; } // ... and NotOnOrAfter ... // if (assertion.getConditions().getNotOnOrAfter() == null) { - context.setValidationFailureMessage("Missing NotOnOrAfter attribute of Conditions element in Assertion"); + context.getValidationFailureMessages().add("Missing NotOnOrAfter attribute of Conditions element in Assertion"); return ValidationResult.INVALID; } // The Swedish eID Framework requires the AudienceRestriction to be there ... // if (assertion.getConditions().getAudienceRestrictions().isEmpty()) { - context.setValidationFailureMessage("Missing AudienceRestriction element of Conditions element in Assertion"); + context.getValidationFailureMessages().add( + "Missing AudienceRestriction element of Conditions element in Assertion"); return ValidationResult.INVALID; } @@ -231,11 +229,11 @@ protected ValidationResult validateConditions(final Assertion assertion, final V protected ValidationResult validateStatements(final Assertion assertion, final ValidationContext context) { if (assertion.getAuthnStatements() == null || assertion.getAuthnStatements().isEmpty()) { - context.setValidationFailureMessage("No AuthnStatement in Assertion"); + context.getValidationFailureMessages().add("No AuthnStatement in Assertion"); return ValidationResult.INVALID; } if (assertion.getAttributeStatements() == null || assertion.getAttributeStatements().isEmpty()) { - context.setValidationFailureMessage("No AttributeStatement in Assertion"); + context.getValidationFailureMessages().add("No AttributeStatement in Assertion"); return ValidationResult.INVALID; } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAttributeStatementValidator.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAttributeStatementValidator.java index 17c78fe..6a77842 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAttributeStatementValidator.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAttributeStatementValidator.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,7 +42,7 @@ /** * Validator for {@link AttributeStatement}s. - * + * *

    * Supports the following {@link ValidationContext} static parameters: *

    @@ -54,12 +54,12 @@ *
  • {@link #SCOPED_ATTRIBUTES}: Optional. Carries a {@link Collection} of strings holding attribute names of * requested attributes.
    • * - * + * *

    * Note that the two above parameters may be combined. If no parameter for requested attributes is passed, no validation * will be performed. *

    - * + * * @author Martin Lindström (martin@idsec.se) */ public class SwedishEidAttributeStatementValidator extends AbstractAttributeStatementValidator { @@ -82,14 +82,15 @@ public class SwedishEidAttributeStatementValidator extends AbstractAttributeStat public static final String SCOPED_ATTRIBUTES = CoreValidatorParameters.STD_PREFIX + ".ScopedAttributes"; /** Class logger. */ - private final Logger log = LoggerFactory.getLogger(SwedishEidAttributeStatementValidator.class); + private static final Logger log = LoggerFactory.getLogger(SwedishEidAttributeStatementValidator.class); /** {@inheritDoc} */ @Override - public ValidationResult validate(final Statement statement, final Assertion assertion, final ValidationContext context) + public ValidationResult validate(final Statement statement, final Assertion assertion, + final ValidationContext context) throws AssertionValidationException { - ValidationResult result = super.validate(statement, assertion, context); + final ValidationResult result = super.validate(statement, assertion, context); if (result != ValidationResult.VALID) { return result; } @@ -97,7 +98,7 @@ public ValidationResult validate(final Statement statement, final Assertion asse final AttributeStatement attributeStatement = (AttributeStatement) statement; final List attributes = Optional.ofNullable(AttributeStatement.class.cast(statement).getAttributes()) - .orElse(Collections.emptyList()); + .orElse(Collections.emptyList()); return this.validateScopedAttributes(attributes, attributeStatement, assertion, context); } @@ -108,28 +109,29 @@ public ValidationResult validate(final Statement statement, final Assertion asse * parameter {@link SwedishEidAttributeStatementValidator#REQUIRED_ATTRIBUTES}. */ @Override - protected ValidationResult validateRequiredAttributes(final List attributes, final AttributeStatement statement, - final Assertion assertion, ValidationContext context) { + protected ValidationResult validateRequiredAttributes(final List attributes, + final AttributeStatement statement, + final Assertion assertion, final ValidationContext context) { final AttributeSet attributeSet = (AttributeSet) context.getStaticParameters().get(REQUIRED_ATTRIBUTE_SET); if (attributeSet != null) { try { attributeSet.validateAttributes(assertion, null); } - catch (AttributesValidationException e) { + catch (final AttributesValidationException e) { log.info("Required attributes check failed: {}", e.getMessage()); - context.setValidationFailureMessage(e.getMessage()); + context.getValidationFailureMessages().add(e.getMessage()); return ValidationResult.INVALID; } } final Collection requiredAttributes = this.getRequiredAttributes(context); if (requiredAttributes != null) { - for (String attr : requiredAttributes) { + for (final String attr : requiredAttributes) { if (!attributes.stream().filter(a -> attr.equals(a.getName())).findAny().isPresent()) { final String msg = String.format("Required attribute '%s' was not part of the attribute statement", attr); log.info("Required attributes check failed: {}", msg); - context.setValidationFailureMessage(msg); + context.getValidationFailureMessages().add(msg); return ValidationResult.INVALID; } } @@ -144,9 +146,8 @@ protected ValidationResult validateRequiredAttributes(final List attr /** * Returns the required attributes. - * - * @param context - * the validation context + * + * @param context the validation context * @return a collection of attribute names (never {@code null}) */ protected Collection getRequiredAttributes(final ValidationContext context) { @@ -157,27 +158,25 @@ protected Collection getRequiredAttributes(final ValidationContext conte /** * Validates that the issuing IdP has been authorized to issue scoped attributes. - * - * @param attributes - * a list of the attributes - * @param statement - * the statement - * @param assertion - * the assertion - * @param context - * the validation context + * + * @param attributes a list of the attributes + * @param statement the statement + * @param assertion the assertion + * @param context the validation context * @return a validation result */ - protected ValidationResult validateScopedAttributes(final List attributes, final AttributeStatement statement, - final Assertion assertion, ValidationContext context) { - + protected ValidationResult validateScopedAttributes(final List attributes, + final AttributeStatement statement, + final Assertion assertion, final ValidationContext context) { + @SuppressWarnings("unchecked") - final Collection scopedAttributes = (Collection) context.getStaticParameters().get(SCOPED_ATTRIBUTES); + final Collection scopedAttributes = + (Collection) context.getStaticParameters().get(SCOPED_ATTRIBUTES); if (scopedAttributes == null || scopedAttributes.isEmpty()) { // Nothing to check return ValidationResult.VALID; } - + final List attributesToCheck = attributes.stream() .filter(a -> a.getName() != null && scopedAttributes.contains(a.getName())) .collect(Collectors.toList()); @@ -185,31 +184,31 @@ protected ValidationResult validateScopedAttributes(final List attrib // No attributes to check ... return ValidationResult.VALID; } - + // For the check we need the IdP metadata ... // final EntityDescriptor idpMetadata = (EntityDescriptor) context.getStaticParameters().get(CoreValidatorParameters.IDP_METADATA); if (idpMetadata == null) { final String msg = String.format("Could not check scoped attributes. '%s' parameter is missing", - CoreValidatorParameters.IDP_METADATA); + CoreValidatorParameters.IDP_METADATA); log.debug(msg); - context.setValidationFailureMessage(msg); + context.getValidationFailureMessages().add(msg); return ValidationResult.INDETERMINATE; } - + final List authorizedScopes = ScopeUtils.getScopeExtensions(idpMetadata); for (final Attribute scopedAttribute : attributesToCheck) { if (!ScopeUtils.isAuthorized(scopedAttribute, authorizedScopes)) { final String msg = String.format("IdP '%s' is not authorized to issue scoped attribute '%s' for domain '%s'", - idpMetadata.getEntityID(), scopedAttribute.getName(), - ScopeUtils.getScopedDomain(AttributeUtils.getAttributeStringValue(scopedAttribute))); + idpMetadata.getEntityID(), scopedAttribute.getName(), + ScopeUtils.getScopedDomain(AttributeUtils.getAttributeStringValue(scopedAttribute))); log.debug(msg); - context.setValidationFailureMessage(msg); + context.getValidationFailureMessages().add(msg); return ValidationResult.INVALID; } } - + return ValidationResult.VALID; } } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAuthnStatementValidator.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAuthnStatementValidator.java index 97c82c6..7d4c1ba 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAuthnStatementValidator.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidAuthnStatementValidator.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -38,7 +38,7 @@ /** * An {@link AuthnStatementValidator} that performs checks to assert that the assertion is compliant with the Swedish * eID Framework. - * + * *

    * Supports the following {@link ValidationContext} static parameters: *

    @@ -50,7 +50,7 @@ *
  • {@link #HOLDER_OF_KEY_AUTHN_CONTEXT_URIS}: Holds a collection of the authentication context URI:s that require * the Holder-of-key profile.
    • * - * + * * @author Martin Lindström (martin@idsec.se) */ public class SwedishEidAuthnStatementValidator extends AuthnStatementValidator { @@ -66,10 +66,11 @@ public class SwedishEidAuthnStatementValidator extends AuthnStatementValidator { * Key for a validation context parameter. Carries a {@link Collection} holding the authentication context URI:s that * require the Holder-of-key profile. */ - public static final String HOLDER_OF_KEY_AUTHN_CONTEXT_URIS = CoreValidatorParameters.STD_PREFIX + ".HoKAuthnContextURIs"; + public static final String HOLDER_OF_KEY_AUTHN_CONTEXT_URIS = + CoreValidatorParameters.STD_PREFIX + ".HoKAuthnContextURIs"; /** Class logger. */ - private final Logger log = LoggerFactory.getLogger(SwedishEidAuthnStatementValidator.class); + private static final Logger log = LoggerFactory.getLogger(SwedishEidAuthnStatementValidator.class); /** * Overrides default implementation with checks that assert that a {@code AuthnContextClassRef} URI was received, and @@ -84,7 +85,8 @@ protected ValidationResult validateAuthnContext(final AuthnStatement statement, } if (statement.getAuthnContext().getAuthnContextClassRef() == null || statement.getAuthnContext().getAuthnContextClassRef().getURI() == null) { - context.setValidationFailureMessage("Missing AuthnContextClassRef URI from Assertion/@AuthnStatement/@AuthnContext"); + context.getValidationFailureMessages().add( + "Missing AuthnContextClassRef URI from Assertion/@AuthnStatement/@AuthnContext"); return ValidationResult.INVALID; } @@ -96,9 +98,9 @@ protected ValidationResult validateAuthnContext(final AuthnStatement statement, } else { if (!requestedUris.contains(authnContextClassRef)) { - final String msg = String.format("Assertion contained AuthnContextClassRef '%s', but that one was not requested (%s)", - authnContextClassRef, requestedUris); - context.setValidationFailureMessage(msg); + final String msg = "Assertion contained AuthnContextClassRef '%s', but that one was not requested (%s)" + .formatted(authnContextClassRef, requestedUris); + context.getValidationFailureMessages().add(msg); return ValidationResult.INVALID; } } @@ -107,13 +109,13 @@ protected ValidationResult validateAuthnContext(final AuthnStatement statement, // if (this.getHolderOfKeyAuthnContextUris(context).contains(authnContextClassRef)) { final boolean hokActive = Optional - .ofNullable(context.getDynamicParameters().get(AssertionValidator.HOK_PROFILE_ACTIVE)) - .map(Boolean.class::cast) - .orElse(false); + .ofNullable(context.getDynamicParameters().get(AssertionValidator.HOK_PROFILE_ACTIVE)) + .map(Boolean.class::cast) + .orElse(false); if (!hokActive) { - final String msg = String.format( - "Assertion contained AuthnContextClassRef '%s', but Holder-of-key was not used", authnContextClassRef); - context.setValidationFailureMessage(msg); + final String msg = "Assertion contained AuthnContextClassRef '%s', but Holder-of-key was not used" + .formatted(authnContextClassRef); + context.getValidationFailureMessages().add(msg); return ValidationResult.INVALID; } } @@ -125,25 +127,26 @@ protected ValidationResult validateAuthnContext(final AuthnStatement statement, * Returns a collection of URIs that are the RequestedAuthnContext URIs given in the {@code AuthnRequest}. The method * will first check if the parameter {@link #AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS} is set, and if not, use the * {@link CoreValidatorParameters#AUTHN_REQUEST}. - * - * @param context - * the validation context + * + * @param context the validation context * @return a collection of URIs. */ @SuppressWarnings("unchecked") protected static Collection getRequestedAuthnContextUris(final ValidationContext context) { - Collection uris = (Collection) context.getStaticParameters().get(AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS); + Collection uris = + (Collection) context.getStaticParameters().get(AUTHN_REQUEST_REQUESTED_AUTHNCONTEXTURIS); if (uris == null || uris.isEmpty()) { - final AuthnRequest authnRequest = (AuthnRequest) context.getStaticParameters().get(CoreValidatorParameters.AUTHN_REQUEST); + final AuthnRequest authnRequest = + (AuthnRequest) context.getStaticParameters().get(CoreValidatorParameters.AUTHN_REQUEST); if (authnRequest != null && authnRequest.getRequestedAuthnContext() != null && authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs() != null) { if (!authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().isEmpty()) { uris = new ArrayList(); uris.addAll(authnRequest.getRequestedAuthnContext() - .getAuthnContextClassRefs() - .stream() - .map(a -> a.getURI()) - .collect(Collectors.toList())); + .getAuthnContextClassRefs() + .stream() + .map(a -> a.getURI()) + .collect(Collectors.toList())); } } } @@ -153,18 +156,17 @@ protected static Collection getRequestedAuthnContextUris(final Validatio /** * Gets the authentication context URI:s that require that the Holder-of-key profile is used (according to the Swedish * eID Framework). - * - * @param context - * the validation context + * + * @param context the validation context * @return a list of URI:s */ @SuppressWarnings("unchecked") protected Collection getHolderOfKeyAuthnContextUris(final ValidationContext context) { return Optional.ofNullable(context.getStaticParameters().get(HOLDER_OF_KEY_AUTHN_CONTEXT_URIS)) - .map(Collection.class::cast) - .orElse(Arrays.asList( - LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4, - LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4_NONRESIDENT)); + .map(Collection.class::cast) + .orElse(Arrays.asList( + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4, + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA4_NONRESIDENT)); } } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidResponseProcessorImpl.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidResponseProcessorImpl.java index 1bffcee..352cf87 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidResponseProcessorImpl.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidResponseProcessorImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ /** * A {@link ResponseProcessor} implementation that uses validators for the Swedish eID Framework. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SwedishEidResponseProcessorImpl extends ResponseProcessorImpl { @@ -48,8 +48,7 @@ protected AssertionValidator createAssertionValidator(final SignatureTrustEngine /** {@inheritDoc} */ @Override protected AbstractAssertionValidationParametersBuilder getAssertionValidationParametersBuilder() { - return SwedishEidAssertionValidationParametersBuilder.builder(); + return SwedishEidAssertionValidationParametersBuilder.builder(); } - - + } diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidResponseValidator.java b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidResponseValidator.java index 524f250..36d1d51 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidResponseValidator.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/saml2/validation/SwedishEidResponseValidator.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,26 +32,23 @@ *

    * Supports the following {@link ValidationContext} static parameters as described in {@link ResponseValidator}. *

    - * + * * @author Martin Lindström (martin@idsec.se) */ public class SwedishEidResponseValidator extends ResponseValidator { /** Class logger. */ - private final Logger log = LoggerFactory.getLogger(SwedishEidResponseValidator.class); + private static final Logger log = LoggerFactory.getLogger(SwedishEidResponseValidator.class); /** * Constructor. - * - * @param trustEngine - * the trust used to validate the object's signature - * @param signaturePrevalidator - * the signature pre-validator used to pre-validate the object's signature - * @throws IllegalArgumentException - * if {@code null} values are supplied + * + * @param trustEngine the trust used to validate the object's signature + * @param signaturePrevalidator the signature pre-validator used to pre-validate the object's signature + * @throws IllegalArgumentException if {@code null} values are supplied */ - public SwedishEidResponseValidator(final SignatureTrustEngine trustEngine, final SignaturePrevalidator signaturePrevalidator) - throws IllegalArgumentException { + public SwedishEidResponseValidator(final SignatureTrustEngine trustEngine, + final SignaturePrevalidator signaturePrevalidator) throws IllegalArgumentException { super(trustEngine, signaturePrevalidator); if (trustEngine == null) { throw new IllegalArgumentException("trustEngine must not be null"); @@ -68,7 +65,8 @@ public SwedishEidResponseValidator(final SignatureTrustEngine trustEngine, final @Override protected ValidationResult validateSignature(final Response token, final ValidationContext context) { - final Boolean signatureRequired = (Boolean) context.getStaticParameters().get(SAML2AssertionValidationParameters.SIGNATURE_REQUIRED); + final Boolean signatureRequired = + (Boolean) context.getStaticParameters().get(SAML2AssertionValidationParameters.SIGNATURE_REQUIRED); if (signatureRequired != null && !signatureRequired.booleanValue()) { log.warn("The flag SAML2AssertionValidationParameters.SIGNATURE_REQUIRED is false - signature " + "validation MUST be performed according to the Swedish eID Framework - Setting flag to true"); @@ -76,7 +74,8 @@ protected ValidationResult validateSignature(final Response token, final Validat // Validate params and requirements. if (!token.isSigned()) { - context.setValidationFailureMessage(String.format("%s was required to be signed, but was not", this.getObjectName())); + context.getValidationFailureMessages().add( + String.format("%s was required to be signed, but was not", this.getObjectName())); return ValidationResult.INVALID; } return this.performSignatureValidation(token, context); @@ -94,24 +93,24 @@ public ValidationResult validateAssertions(final Response response, final Valida } if (StatusCode.SUCCESS.equals(response.getStatus().getStatusCode().getValue())) { if (response.getEncryptedAssertions().isEmpty()) { - context.setValidationFailureMessage("Response does not contain EncryptedAssertion"); + context.getValidationFailureMessages().add("Response does not contain EncryptedAssertion"); return ValidationResult.INVALID; } if (response.getEncryptedAssertions().size() > 1) { String msg = "Response contains more than one EncryptedAssertion"; if (isStrictValidation(context)) { - context.setValidationFailureMessage(msg); + context.getValidationFailureMessages().add(msg); return ValidationResult.INVALID; } - log.warn(msg); + log.info(msg); } if (!response.getAssertions().isEmpty()) { String msg = "Response contains non encrypted Assertion(s)"; if (isStrictValidation(context)) { - context.setValidationFailureMessage(msg); + context.getValidationFailureMessages().add(msg); return ValidationResult.INVALID; } - log.warn(msg); + log.info(msg); } } return ValidationResult.VALID; diff --git a/src/main/java/se/swedenconnect/opensaml/sweid/xmlsec/config/SwedishEidSecurityConfiguration.java b/src/main/java/se/swedenconnect/opensaml/sweid/xmlsec/config/SwedishEidSecurityConfiguration.java index 109d51d..5fafaf8 100644 --- a/src/main/java/se/swedenconnect/opensaml/sweid/xmlsec/config/SwedishEidSecurityConfiguration.java +++ b/src/main/java/se/swedenconnect/opensaml/sweid/xmlsec/config/SwedishEidSecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,10 +28,10 @@ * A {@link SecurityConfiguration} instance with algorithm defaults according to the Swedish eID Framework (see * https://docs.swedenconnect.se). *

    - * Currently the implementation equals {@link SAML2IntSecurityConfiguration} with the exception that it - * defaults to AES-CBC before AES-GCM for compatibility reasons. + * Currently the implementation equals {@link SAML2IntSecurityConfiguration} with the exception that it defaults to + * AES-CBC before AES-GCM for compatibility reasons. *

    - * + * * @author Martin Lindström (martin@idsec.se) */ public class SwedishEidSecurityConfiguration extends SAML2IntSecurityConfiguration { @@ -45,18 +45,19 @@ public String getProfileName() { /** {@inheritDoc} */ @Override protected EncryptionConfiguration createDefaultEncryptionConfiguration() { - final BasicEncryptionConfiguration config = (BasicEncryptionConfiguration) super.createDefaultEncryptionConfiguration(); - + final BasicEncryptionConfiguration config = + (BasicEncryptionConfiguration) super.createDefaultEncryptionConfiguration(); + config.setDataEncryptionAlgorithms(Arrays.asList( - EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, - EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192, - EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128, - EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM, - EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM, - EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM, - EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES)); - + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192, + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128, + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM, + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM, + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM, + EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES)); + return config; } - + } diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/LibraryVersionTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/LibraryVersionTest.java new file mode 100644 index 0000000..8a21967 --- /dev/null +++ b/src/test/java/se/swedenconnect/opensaml/sweid/LibraryVersionTest.java @@ -0,0 +1,53 @@ +/* + * Copyright 2023 Sweden Connect + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package se.swedenconnect.opensaml.sweid; + +import java.util.Properties; + +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; + +/** + * Test cases for LibraryVersion. + * + * @author Martin Lindström + */ +public class LibraryVersionTest { + + private String version; + + public LibraryVersionTest() throws Exception { + final Properties properties = new Properties(); + properties.load(this.getClass().getClassLoader().getResourceAsStream("version.properties")); + + this.version = properties.getProperty("library.version"); + if (this.version.endsWith("-SNAPSHOT")) { + this.version = this.version.substring(0, version.length() - 9); + } + } + + @Test + public void testUid() { + Assertions.assertEquals(this.version.hashCode(), LibraryVersion.SERIAL_VERSION_UID); + } + + @Test + public void testVersion() throws Exception { + Assertions.assertEquals(this.version, LibraryVersion.getVersion(), + "Expected LibraryVersion.getVersion() to return " + version); + } + +} diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/OpenSAMLTestBase.java b/src/test/java/se/swedenconnect/opensaml/sweid/OpenSAMLTestBase.java index d8ab693..8c41584 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/OpenSAMLTestBase.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/OpenSAMLTestBase.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,7 +25,7 @@ import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import org.junit.BeforeClass; +import org.junit.jupiter.api.BeforeAll; import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.io.UnmarshallingException; @@ -35,7 +35,7 @@ import org.springframework.core.io.Resource; import org.w3c.dom.Element; -import net.shibboleth.utilities.java.support.xml.XMLParserException; +import net.shibboleth.shared.xml.XMLParserException; import se.swedenconnect.opensaml.OpenSAMLInitializer; import se.swedenconnect.opensaml.OpenSAMLSecurityDefaultsConfig; import se.swedenconnect.opensaml.OpenSAMLSecurityExtensionConfig; @@ -43,7 +43,7 @@ /** * Abstract base class that initializes OpenSAML for test classes. - * + * * @author Martin Lindström (martin@idsec.se) */ public abstract class OpenSAMLTestBase { @@ -62,61 +62,56 @@ public abstract class OpenSAMLTestBase { /** * Initializes the OpenSAML library. - * - * @throws Exception - * for init errors + * + * @throws Exception for init errors */ - @BeforeClass + @BeforeAll public static void initializeOpenSAML() throws Exception { OpenSAMLInitializer bootstrapper = OpenSAMLInitializer.getInstance(); if (!bootstrapper.isInitialized()) { bootstrapper.initialize( - new OpenSAMLSecurityDefaultsConfig(new SwedishEidSecurityConfiguration()), - new OpenSAMLSecurityExtensionConfig()); + new OpenSAMLSecurityDefaultsConfig(new SwedishEidSecurityConfiguration()), + new OpenSAMLSecurityExtensionConfig()); } } /** * Reads the contents from a resource and unmarshalls it to an {@code XMLObject}. - * - * @param resource - * the resource to read + * + * @param resource the resource to read * @return an XMLObject - * @throws XMLParserException - * for parsing errors - * @throws UnmarshallingException - * for unmarshalling errors - * @throws IOException - * if the file can not be read + * @throws XMLParserException for parsing errors + * @throws UnmarshallingException for unmarshalling errors + * @throws IOException if the file can not be read */ - public static XMLObject xmlObjectFromResource(final Resource resource) throws XMLParserException, UnmarshallingException, IOException { - return XMLObjectSupport.unmarshallFromInputStream(XMLObjectProviderRegistrySupport.getParserPool(), resource.getInputStream()); + public static XMLObject xmlObjectFromResource(final Resource resource) + throws XMLParserException, UnmarshallingException, IOException { + return XMLObjectSupport.unmarshallFromInputStream(XMLObjectProviderRegistrySupport.getParserPool(), + resource.getInputStream()); } /** * Loads a {@link KeyStore} based on the given arguments. - * - * @param keyStorePath - * the path to the key store - * @param keyStorePassword - * the key store password - * @param keyStoreType - * the type of the keystore (if {@code null} the default keystore type will be assumed) + * + * @param keyStorePath the path to the key store + * @param keyStorePassword the key store password + * @param keyStoreType the type of the keystore (if {@code null} the default keystore type will be assumed) * @return a {@code KeyStore} instance - * @throws KeyStoreException - * for errors loading the keystore - * @throws IOException - * for IO errors + * @throws KeyStoreException for errors loading the keystore + * @throws IOException for IO errors */ - public static KeyStore loadKeyStore(String keyStorePath, String keyStorePassword, String keyStoreType) throws KeyStoreException, + public static KeyStore loadKeyStore(String keyStorePath, String keyStorePassword, String keyStoreType) + throws KeyStoreException, IOException { return loadKeyStore(new FileInputStream(keyStorePath), keyStorePassword, keyStoreType); } - public static KeyStore loadKeyStore(InputStream keyStoreStream, String keyStorePassword, String keyStoreType) throws KeyStoreException, + public static KeyStore loadKeyStore(InputStream keyStoreStream, String keyStorePassword, String keyStoreType) + throws KeyStoreException, IOException { try { - KeyStore keyStore = keyStoreType != null ? KeyStore.getInstance(keyStoreType) : KeyStore.getInstance(KeyStore.getDefaultType()); + KeyStore keyStore = + keyStoreType != null ? KeyStore.getInstance(keyStoreType) : KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(keyStoreStream, keyStorePassword.toCharArray()); return keyStore; } @@ -125,7 +120,8 @@ public static KeyStore loadKeyStore(InputStream keyStoreStream, String keyStoreP } } - public static X509Credential loadKeyStoreCredential(InputStream keyStoreStream, String keyStorePassword, String alias, String keyPassword) + public static X509Credential loadKeyStoreCredential(InputStream keyStoreStream, String keyStorePassword, String alias, + String keyPassword) throws KeyStoreException, IOException { KeyStore keyStore = loadKeyStore(keyStoreStream, keyStorePassword, "jks"); return new KeyStoreX509CredentialAdapter(keyStore, alias, keyPassword.toCharArray()); @@ -133,20 +129,16 @@ public static X509Credential loadKeyStoreCredential(InputStream keyStoreStream, /** * Unmarshalls the supplied input stream into the given type. - * - * @param inputStream - * the input stream of the XML resource - * @param targetClass - * the required class - * @param - * the type + * + * @param inputStream the input stream of the XML resource + * @param targetClass the required class + * @param the type * @return an {@code XMLObject} of the given type - * @throws XMLParserException - * for XML parsing errors - * @throws UnmarshallingException - * for unmarshalling errors + * @throws XMLParserException for XML parsing errors + * @throws UnmarshallingException for unmarshalling errors */ - public static T unmarshall(final InputStream inputStream, final Class targetClass) throws XMLParserException, + public static T unmarshall(final InputStream inputStream, final Class targetClass) + throws XMLParserException, UnmarshallingException { final Element elm = XMLObjectProviderRegistrySupport.getParserPool().parse(inputStream).getDocumentElement(); return targetClass.cast(XMLObjectSupport.getUnmarshaller(elm).unmarshall(elm)); @@ -154,12 +146,10 @@ public static T unmarshall(final InputStream inputStream, /** * Decodes a {@link X509Certificate} from an input stream. - * - * @param stream - * the stream to read + * + * @param stream the stream to read * @return a {@link X509Certificate} object - * @throws CertificateException - * for decoding errors + * @throws CertificateException for decoding errors */ public static X509Certificate decodeCertificate(InputStream stream) throws CertificateException { return (X509Certificate) certFactory.generateCertificate(stream); diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PrincipalSelectionTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PrincipalSelectionTest.java index dfda00f..f588a73 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PrincipalSelectionTest.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/authn/psc/PrincipalSelectionTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,8 +15,8 @@ */ package se.swedenconnect.opensaml.sweid.saml2.authn.psc; -import org.junit.Assert; -import org.junit.Test; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import org.opensaml.core.xml.util.XMLObjectSupport; import org.opensaml.saml.saml2.core.Attribute; import org.w3c.dom.Element; @@ -29,21 +29,21 @@ /** * Test cases for {@link PrincipalSelection}, {@link RequestedPrincipalSelection} and {@link MatchValue}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class PrincipalSelectionTest extends OpenSAMLTestBase { /** * Test to marshall and unmarshall the object. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testMarshallUnmarshall() throws Exception { - PrincipalSelection ps = (PrincipalSelection) XMLObjectSupport.buildXMLObject(PrincipalSelection.DEFAULT_ELEMENT_NAME); + PrincipalSelection ps = + (PrincipalSelection) XMLObjectSupport.buildXMLObject(PrincipalSelection.DEFAULT_ELEMENT_NAME); MatchValue mv1 = (MatchValue) XMLObjectSupport.buildXMLObject(MatchValue.DEFAULT_ELEMENT_NAME); mv1.setValue("198906059483"); @@ -60,14 +60,16 @@ public void testMarshallUnmarshall() throws Exception { // System.out.println(SerializeSupport.prettyPrintXML(element)); - PrincipalSelection ps2 = PrincipalSelection.class.cast(XMLObjectSupport.getUnmarshaller(element).unmarshall(element)); - Assert.assertTrue("Expected two MatchValue elements", ps2.getMatchValues().size() == 2); - Assert.assertEquals("198906059483", ps2.getMatchValues().get(0).getValue()); - Assert.assertEquals(Attribute.URI_REFERENCE, ps2.getMatchValues().get(0).getNameFormat()); - Assert.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, ps2.getMatchValues().get(0).getName()); - Assert.assertEquals("NO:05068907693", ps2.getMatchValues().get(1).getValue()); - Assert.assertNull(ps2.getMatchValues().get(1).getNameFormat()); - Assert.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PRID, ps2.getMatchValues().get(1).getName()); + PrincipalSelection ps2 = + PrincipalSelection.class.cast(XMLObjectSupport.getUnmarshaller(element).unmarshall(element)); + Assertions.assertTrue(ps2.getMatchValues().size() == 2, "Expected two MatchValue elements"); + Assertions.assertEquals("198906059483", ps2.getMatchValues().get(0).getValue()); + Assertions.assertEquals(Attribute.URI_REFERENCE, ps2.getMatchValues().get(0).getNameFormat()); + Assertions.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, + ps2.getMatchValues().get(0).getName()); + Assertions.assertEquals("NO:05068907693", ps2.getMatchValues().get(1).getValue()); + Assertions.assertNull(ps2.getMatchValues().get(1).getNameFormat()); + Assertions.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PRID, ps2.getMatchValues().get(1).getName()); RequestedPrincipalSelection rps = (RequestedPrincipalSelection) XMLObjectSupport.buildXMLObject(RequestedPrincipalSelection.DEFAULT_ELEMENT_NAME); @@ -85,59 +87,61 @@ public void testMarshallUnmarshall() throws Exception { // System.out.println(SerializeSupport.prettyPrintXML(relement)); RequestedPrincipalSelection rps2 = RequestedPrincipalSelection.class.cast( - XMLObjectSupport.getUnmarshaller(relement).unmarshall(relement)); - Assert.assertTrue("Expected two MatchValue elements", rps2.getMatchValues().size() == 2); - Assert.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, rps2.getMatchValues().get(0).getName()); - Assert.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PRID, rps2.getMatchValues().get(1).getName()); + XMLObjectSupport.getUnmarshaller(relement).unmarshall(relement)); + Assertions.assertTrue(rps2.getMatchValues().size() == 2, "Expected two MatchValue elements"); + Assertions.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, + rps2.getMatchValues().get(0).getName()); + Assertions.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PRID, rps2.getMatchValues().get(1).getName()); } /** * Tests using builders to create the objects. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testBuilders() throws Exception { PrincipalSelection ps = PrincipalSelectionBuilder.builder() - .matchValues( - MatchValueBuilder.builder() - .value("198906059483") - .nameFormat(Attribute.URI_REFERENCE) - .name(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER) - .build(), - MatchValueBuilder.builder().value("NO:05068907693").name(AttributeConstants.ATTRIBUTE_NAME_PRID).build()) - .build(); + .matchValues( + MatchValueBuilder.builder() + .value("198906059483") + .nameFormat(Attribute.URI_REFERENCE) + .name(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER) + .build(), + MatchValueBuilder.builder().value("NO:05068907693").name(AttributeConstants.ATTRIBUTE_NAME_PRID).build()) + .build(); Element element = XMLObjectSupport.marshall(ps); // System.out.println(SerializeSupport.prettyPrintXML(element)); PrincipalSelection ps2 = PrincipalSelection.class.cast( - XMLObjectSupport.getUnmarshaller(element).unmarshall(element)); - Assert.assertTrue("Expected two MatchValue elements", ps2.getMatchValues().size() == 2); - Assert.assertEquals("198906059483", ps2.getMatchValues().get(0).getValue()); - Assert.assertEquals(Attribute.URI_REFERENCE, ps2.getMatchValues().get(0).getNameFormat()); - Assert.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, ps2.getMatchValues().get(0).getName()); - Assert.assertEquals("NO:05068907693", ps2.getMatchValues().get(1).getValue()); - Assert.assertNull(ps2.getMatchValues().get(1).getNameFormat()); - Assert.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PRID, ps2.getMatchValues().get(1).getName()); + XMLObjectSupport.getUnmarshaller(element).unmarshall(element)); + Assertions.assertTrue(ps2.getMatchValues().size() == 2, "Expected two MatchValue elements"); + Assertions.assertEquals("198906059483", ps2.getMatchValues().get(0).getValue()); + Assertions.assertEquals(Attribute.URI_REFERENCE, ps2.getMatchValues().get(0).getNameFormat()); + Assertions.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, + ps2.getMatchValues().get(0).getName()); + Assertions.assertEquals("NO:05068907693", ps2.getMatchValues().get(1).getValue()); + Assertions.assertNull(ps2.getMatchValues().get(1).getNameFormat()); + Assertions.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PRID, ps2.getMatchValues().get(1).getName()); RequestedPrincipalSelection rps = RequestedPrincipalSelectionBuilder.builder() - .matchValues( - MatchValueBuilder.builder().name(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER).build(), - MatchValueBuilder.builder().name(AttributeConstants.ATTRIBUTE_NAME_PRID).build()) - .build(); + .matchValues( + MatchValueBuilder.builder().name(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER).build(), + MatchValueBuilder.builder().name(AttributeConstants.ATTRIBUTE_NAME_PRID).build()) + .build(); Element relement = XMLObjectSupport.marshall(rps); // System.out.println(SerializeSupport.prettyPrintXML(relement)); PrincipalSelection rps2 = RequestedPrincipalSelection.class.cast( - XMLObjectSupport.getUnmarshaller(relement).unmarshall(relement)); - Assert.assertTrue("Expected two MatchValue elements", rps2.getMatchValues().size() == 2); - Assert.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, rps2.getMatchValues().get(0).getName()); - Assert.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PRID, rps2.getMatchValues().get(1).getName()); + XMLObjectSupport.getUnmarshaller(relement).unmarshall(relement)); + Assertions.assertTrue(rps2.getMatchValues().size() == 2, "Expected two MatchValue elements"); + Assertions.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, + rps2.getMatchValues().get(0).getName()); + Assertions.assertEquals(AttributeConstants.ATTRIBUTE_NAME_PRID, rps2.getMatchValues().get(1).getName()); } } diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/discovery/SwedishEidDiscoveryMatchingRulesTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/discovery/SwedishEidDiscoveryMatchingRulesTest.java index c2979a0..f0cec85 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/discovery/SwedishEidDiscoveryMatchingRulesTest.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/discovery/SwedishEidDiscoveryMatchingRulesTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,75 +16,82 @@ package se.swedenconnect.opensaml.sweid.saml2.discovery; import java.util.Arrays; -import java.util.Collection; import java.util.Collections; import java.util.List; +import java.util.stream.Stream; -import org.junit.Assert; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; -import org.junit.runners.Parameterized.Parameter; -import org.junit.runners.Parameterized.Parameters; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; import se.swedenconnect.opensaml.sweid.saml2.metadata.entitycategory.EntityCategoryConstants; /** * Test cases for {@code SwedishEidDiscoveryMatchingRules}. - * + * * @author Martin Lindström (martin@idsec.se) */ -@RunWith(Parameterized.class) public class SwedishEidDiscoveryMatchingRulesTest { - @Parameters(name = "{index}: test({0}, {1})= {2}") - public static Collection data() { - return Arrays.asList(new Object[][] { - /* 00 */ { Collections.emptyList(), Collections.emptyList(), Boolean.TRUE }, - /* 01 */ { Arrays.asList(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), Arrays.asList( - EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), Boolean.TRUE }, - /* 02 */ { Collections.emptyList(), Arrays.asList(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), - Boolean.TRUE }, - /* 03 */ { Arrays.asList(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), Collections.emptyList(), - Boolean.FALSE }, - /* 04 */ { Arrays.asList(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), Arrays.asList( - EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA2_PNR.getUri()), Boolean.FALSE }, - /* 05 */ { Arrays.asList(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), Arrays.asList( - EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA2_PNR.getUri(), EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR - .getUri()), Boolean.TRUE }, - /* 06 */ { Collections.emptyList(), Arrays.asList(EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri()), - Boolean.FALSE }, - /* 07 */ { Arrays.asList(EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri()), Arrays.asList( - EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri()), Boolean.TRUE }, - /* 08 */ { Arrays.asList(EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri()), Arrays.asList( - EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri(), - EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_SWEDEN_CONNECT.getUri()), Boolean.TRUE }, - /* 09 */ { Arrays.asList(EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_SWEDEN_CONNECT.getUri()), Arrays.asList( - EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri()), Boolean.FALSE }, - /* 10 */ { Arrays.asList(EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_MOBILE_AUTH.getUri()), Collections.emptyList(), - Boolean.FALSE }, - /* 11 */ { Arrays.asList(EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_MOBILE_AUTH.getUri()), Arrays.asList( - EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_SCAL2.getUri()), Boolean.FALSE }, - /* 12 */ { Arrays.asList(EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_MOBILE_AUTH.getUri()), Arrays.asList( - EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_SCAL2.getUri(), EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_MOBILE_AUTH - .getUri()), Boolean.TRUE } - }); + private static Stream data() { + return Stream.of( + Arguments.of(Collections.emptyList(), Collections.emptyList(), Boolean.TRUE), + Arguments.of(Arrays.asList(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), Arrays.asList( + EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), Boolean.TRUE), + Arguments.of(Collections.emptyList(), + Arrays.asList(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), + Boolean.TRUE), + Arguments.of(Arrays.asList(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), + Collections.emptyList(), + Boolean.FALSE), + Arguments.of(Arrays.asList(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), Arrays.asList( + EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA2_PNR.getUri()), Boolean.FALSE), + Arguments.of(Arrays.asList(EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR.getUri()), Arrays.asList( + EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA2_PNR.getUri(), + EntityCategoryConstants.SERVICE_ENTITY_CATEGORY_LOA3_PNR + .getUri()), + Boolean.TRUE), + Arguments.of(Collections.emptyList(), + Arrays.asList(EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri()), + Boolean.FALSE), + Arguments.of(Arrays.asList(EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri()), + Arrays.asList( + EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri()), + Boolean.TRUE), + Arguments.of(Arrays.asList(EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri()), + Arrays.asList( + EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri(), + EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_SWEDEN_CONNECT.getUri()), + Boolean.TRUE), + Arguments.of(Arrays.asList(EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_SWEDEN_CONNECT.getUri()), + Arrays.asList( + EntityCategoryConstants.SERVICE_CONTRACT_CATEGORY_EID_CHOICE_2017.getUri()), + Boolean.FALSE), + Arguments.of(Arrays.asList(EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_MOBILE_AUTH.getUri()), + Collections.emptyList(), + Boolean.FALSE), + Arguments.of(Arrays.asList(EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_MOBILE_AUTH.getUri()), + Arrays.asList( + EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_SCAL2.getUri()), + Boolean.FALSE), + Arguments.of(Arrays.asList(EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_MOBILE_AUTH.getUri()), + Arrays.asList( + EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_SCAL2.getUri(), + EntityCategoryConstants.SERVICE_PROPERTY_CATEGORY_MOBILE_AUTH + .getUri()), + Boolean.TRUE)); } - @Parameter(0) - public List consumingService; - - @Parameter(1) - public List providingService; - - @Parameter(2) - public Boolean expectedResult; - - @Test - public void testDiscoveryMatching() { - Assert.assertEquals(String.format("Expected %s when matching consuming service %s against %s", expectedResult ? "match" : "no match", - consumingService, providingService), - expectedResult.booleanValue(), SwedishEidDiscoveryMatchingRules.isMatch(consumingService, providingService)); + @ParameterizedTest + @MethodSource("data") + public void testDiscoveryMatching(final List consumingService, final List providingService, + final Boolean expectedResult) { + Assertions.assertEquals(expectedResult.booleanValue(), + SwedishEidDiscoveryMatchingRules.isMatch(consumingService, providingService), + String.format("Expected %s when matching consuming service %s against %s", + expectedResult ? "match" : "no match", + consumingService, providingService)); } } diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADFactoryTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADFactoryTest.java index 9a99689..3bd5a37 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADFactoryTest.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADFactoryTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,8 +20,8 @@ import java.security.PublicKey; import java.util.Base64; -import org.junit.Assert; -import org.junit.Test; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import org.opensaml.security.x509.impl.KeyStoreX509CredentialAdapter; import org.springframework.core.io.ClassPathResource; @@ -36,7 +36,7 @@ /** * Testcases for building a SAD. - * + * * @author Martin Lindström (martin.lindstrom@litsec.se) */ public class SADFactoryTest { @@ -46,40 +46,40 @@ public void createSignedJwt() throws Exception { KeyStore keyStore = OpenSAMLTestBase.loadKeyStore(new ClassPathResource("Litsec_SAML_Signing.jks").getInputStream(), "secret", "JKS"); KeyStoreX509CredentialAdapter credential = new KeyStoreX509CredentialAdapter(keyStore, "litsec_saml_signing", "secret".toCharArray()); PublicKey publicKey = credential.getEntityCertificate().getPublicKey(); - + SADFactory factory = new SADFactory("https://idp.svelegtest.se/idp", credential); - + // Create the SAD ... // SAD sad = factory.getBuilder() .subject("196302052383") - .audience("http://www.example.com/sigservice") + .audience("http://www.example.com/sigservice") .inResponseTo("_a74a068d0548a919e503e5f9ef901851") .loa(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3) .requestID("f6e7d061a23293b0053dc7b038a04dad") .numberOfDocuments(1) .buildSAD(); - + // Create the signed JWT // String jwt = factory.createJwt(sad); - + // Decode // SignedJWT signedJwt = SignedJWT.parse(jwt); - + String payload = signedJwt.getPayload().toBase64URL().toString(); SAD sad2 = SAD.fromJson(new String(Base64.getUrlDecoder().decode(payload), Charset.forName("UTF-8"))); - + // Make sure the decode SAD is the same. - Assert.assertEquals(sad, sad2); - + Assertions.assertEquals(sad, sad2); + // Verify signature ... // JWSVerifierFactory verifierFactory = new DefaultJWSVerifierFactory(); JWSVerifier verifier = verifierFactory.createJWSVerifier(signedJwt.getHeader(), publicKey); - - Assert.assertTrue(verifier.verify(signedJwt.getHeader(), signedJwt.getSigningInput(), signedJwt.getSignature())); + + Assertions.assertTrue(verifier.verify(signedJwt.getHeader(), signedJwt.getSigningInput(), signedJwt.getSignature())); } } diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADParserTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADParserTest.java index 9b04c76..749d53d 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADParserTest.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADParserTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,8 +20,8 @@ import java.time.LocalDateTime; import java.time.ZoneOffset; -import org.junit.Assert; -import org.junit.Test; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import org.opensaml.core.xml.util.XMLObjectSupport; import org.opensaml.saml.saml2.core.Assertion; import org.opensaml.saml.saml2.core.AttributeStatement; @@ -48,7 +48,7 @@ /** * Test cases for SAD parsing and validation. - * + * * @author Martin Lindström (martin.lindstrom@litsec.se) */ public class SADParserTest extends OpenSAMLTestBase { @@ -70,25 +70,26 @@ public class SADParserTest extends OpenSAMLTestBase { /** * Constructor setting up the tests - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ public SADParserTest() throws Exception { - KeyStore keyStore = loadKeyStore(new ClassPathResource("Litsec_SAML_Signing.jks").getInputStream(), "secret", "JKS"); - KeyStoreX509CredentialAdapter credential = new KeyStoreX509CredentialAdapter(keyStore, "litsec_saml_signing", "secret".toCharArray()); + KeyStore keyStore = + loadKeyStore(new ClassPathResource("Litsec_SAML_Signing.jks").getInputStream(), "secret", "JKS"); + KeyStoreX509CredentialAdapter credential = + new KeyStoreX509CredentialAdapter(keyStore, "litsec_saml_signing", "secret".toCharArray()); this.sadFactory = new SADFactory(IDP_ENTITYID, credential); this.validationCertificate = credential.getEntityCertificate(); - this.wrongValidationCertificate = decodeCertificate(new ClassPathResource("Litsec_SAML_Encryption.crt").getInputStream()); + this.wrongValidationCertificate = + decodeCertificate(new ClassPathResource("Litsec_SAML_Encryption.crt").getInputStream()); } /** * Tests the SAD parsing. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testParse() throws Exception { @@ -98,14 +99,13 @@ public void testParse() throws Exception { SAD sad2 = SADParser.parse(jwt); - Assert.assertEquals(sad, sad2); + Assertions.assertEquals(sad, sad2); } /** * Tests validation of SAD by supplying expected parameters. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testValidatePars() throws Exception { @@ -116,14 +116,13 @@ public void testValidatePars() throws Exception { SADValidator validator = SADParser.getValidator(this.validationCertificate); validator.validate(jwt, IDP_ENTITYID, SIGNSERVICE_ENTITYID, USER_ID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, - SAD_REQUEST_ID, 1, SIGN_REQUEST_ID); + SAD_REQUEST_ID, 1, SIGN_REQUEST_ID); } /** * Tests validation of SAD by supplying an {@code AuthnRequest}. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testValidateAuthnRequest() throws Exception { @@ -132,15 +131,15 @@ public void testValidateAuthnRequest() throws Exception { String jwt = this.sadFactory.createJwt(sad); SADRequest sadRequest = SADRequestBuilder.builder() - .id(SAD_REQUEST_ID) - .requesterID(SIGNSERVICE_ENTITYID) - .signRequestID(SIGN_REQUEST_ID) - .docCount(1) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id(SAD_REQUEST_ID) + .requesterID(SIGNSERVICE_ENTITYID) + .signRequestID(SIGN_REQUEST_ID) + .docCount(1) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); - Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); + Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, USER_ID); addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_SAD, jwt); @@ -150,72 +149,72 @@ public void testValidateAuthnRequest() throws Exception { /** * A SADRequest needs to be present in an AuthnRequest. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ - @Test(expected = IllegalArgumentException.class) + @Test public void testMissingSADRequest() throws Exception { SAD sad = this.getTestSAD(); String jwt = this.sadFactory.createJwt(sad); AuthnRequest authnRequest = buildAuthnRequest(null); - Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); + Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, USER_ID); addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_SAD, jwt); SADValidator validator = SADParser.getValidator(this.validationCertificate); - validator.validate(authnRequest, assertion); + + Assertions.assertThrows(IllegalArgumentException.class, () -> { + validator.validate(authnRequest, assertion); + }); } /** * The sad attribute need to be present in the assertion. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testMissingSADAttribute() throws Exception { SADRequest sadRequest = SADRequestBuilder.builder() - .id(SAD_REQUEST_ID) - .requesterID(SIGNSERVICE_ENTITYID) - .signRequestID(SIGN_REQUEST_ID) - .docCount(1) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id(SAD_REQUEST_ID) + .requesterID(SIGNSERVICE_ENTITYID) + .signRequestID(SIGN_REQUEST_ID) + .docCount(1) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); - Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); + Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_PERSONAL_IDENTITY_NUMBER, USER_ID); SADValidator validator = SADParser.getValidator(this.validationCertificate); try { validator.validate(authnRequest, assertion); - Assert.fail("Expected SADValidationException - NO_SAD_ATTRIBUTE"); + Assertions.fail("Expected SADValidationException - NO_SAD_ATTRIBUTE"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code NO_SAD_ATTRIBUTE", ErrorCode.NO_SAD_ATTRIBUTE, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.NO_SAD_ATTRIBUTE, e.getErrorCode(), "Expected error code NO_SAD_ATTRIBUTE"); } } /** * Test parse errors of the SAD JWT. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testBadJwt() throws Exception { SADRequest sadRequest = SADRequestBuilder.builder() - .id(SAD_REQUEST_ID) - .requesterID(SIGNSERVICE_ENTITYID) - .signRequestID(SIGN_REQUEST_ID) - .docCount(1) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id(SAD_REQUEST_ID) + .requesterID(SIGNSERVICE_ENTITYID) + .signRequestID(SIGN_REQUEST_ID) + .docCount(1) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); @@ -226,27 +225,27 @@ public void testBadJwt() throws Exception { SADValidator validator = SADParser.getValidator(this.validationCertificate); try { validator.validate(authnRequest, assertion); - Assert.fail("Expected SADValidationException - JWT_PARSE_ERROR"); + Assertions.fail("Expected SADValidationException - JWT_PARSE_ERROR"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code JWT_PARSE_ERROR", ErrorCode.JWT_PARSE_ERROR, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.JWT_PARSE_ERROR, e.getErrorCode(), "Expected error code JWT_PARSE_ERROR"); } try { validator.validate("JWT_THAT_IS_NOT_A_JWT", IDP_ENTITYID, SIGNSERVICE_ENTITYID, USER_ID, - LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, - SAD_REQUEST_ID, 1, SIGN_REQUEST_ID); - Assert.fail("Expected SADValidationException - JWT_PARSE_ERROR"); + LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, + SAD_REQUEST_ID, 1, SIGN_REQUEST_ID); + Assertions.fail("Expected SADValidationException - JWT_PARSE_ERROR"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code JWT_PARSE_ERROR", ErrorCode.JWT_PARSE_ERROR, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.JWT_PARSE_ERROR, e.getErrorCode(), "Expected error code JWT_PARSE_ERROR"); } } /** * Tests mismatch between what the IdP thinks is the user ID and what the SP thinks. - * + * * @throws Exception */ @Test @@ -257,12 +256,12 @@ public void testMissingAttribute() throws Exception { String jwt = this.sadFactory.createJwt(sad); SADRequest sadRequest = SADRequestBuilder.builder() - .id(SAD_REQUEST_ID) - .requesterID(SIGNSERVICE_ENTITYID) - .signRequestID(SIGN_REQUEST_ID) - .docCount(1) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id(SAD_REQUEST_ID) + .requesterID(SIGNSERVICE_ENTITYID) + .signRequestID(SIGN_REQUEST_ID) + .docCount(1) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); @@ -272,31 +271,31 @@ public void testMissingAttribute() throws Exception { SADValidator validator = SADParser.getValidator(this.validationCertificate); try { validator.validate(authnRequest, assertion); - Assert.fail("Expected SADValidationException - MISSING_SUBJECT_ATTRIBUTE"); + Assertions.fail("Expected SADValidationException - MISSING_SUBJECT_ATTRIBUTE"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code MISSING_SUBJECT_ATTRIBUTE", ErrorCode.MISSING_SUBJECT_ATTRIBUTE, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.MISSING_SUBJECT_ATTRIBUTE, e.getErrorCode(), + "Expected error code MISSING_SUBJECT_ATTRIBUTE"); } } /** * Test that we require LoA in the assertion. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ - @Test(expected = IllegalArgumentException.class) + @Test public void testMissingLoa() throws Exception { SAD sad = this.getTestSAD(); String jwt = this.sadFactory.createJwt(sad); SADRequest sadRequest = SADRequestBuilder.builder() - .id(SAD_REQUEST_ID) - .requesterID(SIGNSERVICE_ENTITYID) - .signRequestID(SIGN_REQUEST_ID) - .docCount(1) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id(SAD_REQUEST_ID) + .requesterID(SIGNSERVICE_ENTITYID) + .signRequestID(SIGN_REQUEST_ID) + .docCount(1) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); @@ -306,14 +305,15 @@ public void testMissingLoa() throws Exception { assertion.getAuthnStatements().clear(); SADValidator validator = SADParser.getValidator(this.validationCertificate); - validator.validate(authnRequest, assertion); + Assertions.assertThrows(IllegalArgumentException.class, () -> { + validator.validate(authnRequest, assertion); + }); } /** * Supply wrong certificate as validation cert - should result in a bad signature error. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testValidateBadSignature() throws Exception { @@ -324,27 +324,28 @@ public void testValidateBadSignature() throws Exception { SADValidator validator = SADParser.getValidator(this.wrongValidationCertificate); try { validator.verifyJwtSignature(jwt, IDP_ENTITYID); - Assert.fail("Expected SADValidationException - SIGNATURE_VALIDATION_ERROR"); + Assertions.fail("Expected SADValidationException - SIGNATURE_VALIDATION_ERROR"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code SIGNATURE_VALIDATION_ERROR", ErrorCode.SIGNATURE_VALIDATION_ERROR, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.SIGNATURE_VALIDATION_ERROR, e.getErrorCode(), + "Expected error code SIGNATURE_VALIDATION_ERROR"); } try { validator.validate(jwt, IDP_ENTITYID, SIGNSERVICE_ENTITYID, USER_ID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, - SAD_REQUEST_ID, 1, SIGN_REQUEST_ID); - Assert.fail("Expected SADValidationException - SIGNATURE_VALIDATION_ERROR"); + SAD_REQUEST_ID, 1, SIGN_REQUEST_ID); + Assertions.fail("Expected SADValidationException - SIGNATURE_VALIDATION_ERROR"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code SIGNATURE_VALIDATION_ERROR", ErrorCode.SIGNATURE_VALIDATION_ERROR, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.SIGNATURE_VALIDATION_ERROR, e.getErrorCode(), + "Expected error code SIGNATURE_VALIDATION_ERROR"); } } /** * Test exprired SAD. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testExpiredSAD() throws Exception { @@ -357,19 +358,18 @@ public void testExpiredSAD() throws Exception { SADValidator validator = SADParser.getValidator(this.validationCertificate); try { validator.validate(jwt, IDP_ENTITYID, SIGNSERVICE_ENTITYID, USER_ID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, - SAD_REQUEST_ID, 1, SIGN_REQUEST_ID); - Assert.fail("Expected SADValidationException - SAD_EXPIRED"); + SAD_REQUEST_ID, 1, SIGN_REQUEST_ID); + Assertions.fail("Expected SADValidationException - SAD_EXPIRED"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code SAD_EXPIRED", ErrorCode.SAD_EXPIRED, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.SAD_EXPIRED, e.getErrorCode(), "Expected error code SAD_EXPIRED"); } } /** * Verifies that we require the JWT ID. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testMissingJwtId() throws Exception { @@ -382,19 +382,18 @@ public void testMissingJwtId() throws Exception { try { validator.validate(jwt, IDP_ENTITYID, SIGNSERVICE_ENTITYID, USER_ID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3, - SAD_REQUEST_ID, 1, SIGN_REQUEST_ID); - Assert.fail("Expected SADValidationException - BAD_SAD_FORMAT"); + SAD_REQUEST_ID, 1, SIGN_REQUEST_ID); + Assertions.fail("Expected SADValidationException - BAD_SAD_FORMAT"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code BAD_SAD_FORMAT", ErrorCode.BAD_SAD_FORMAT, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.BAD_SAD_FORMAT, e.getErrorCode(), "Expected error code BAD_SAD_FORMAT"); } } - + /** * Verifies that the issuer is correct. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testMismatchingIssuer() throws Exception { @@ -403,12 +402,12 @@ public void testMismatchingIssuer() throws Exception { String jwt = this.sadFactory.createJwt(sad); SADRequest sadRequest = SADRequestBuilder.builder() - .id(SAD_REQUEST_ID) - .requesterID(SIGNSERVICE_ENTITYID) - .signRequestID(SIGN_REQUEST_ID) - .docCount(1) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id(SAD_REQUEST_ID) + .requesterID(SIGNSERVICE_ENTITYID) + .signRequestID(SIGN_REQUEST_ID) + .docCount(1) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); Assertion assertion = buildAssertion("http://www.anotheridp.se", LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); @@ -416,21 +415,21 @@ public void testMismatchingIssuer() throws Exception { addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_SAD, jwt); SADValidator validator = SADParser.getValidator(this.validationCertificate); - + try { validator.validate(authnRequest, assertion); - Assert.fail("Expected SADValidationException - VALIDATION_BAD_ISSUER"); + Assertions.fail("Expected SADValidationException - VALIDATION_BAD_ISSUER"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code VALIDATION_BAD_ISSUER", ErrorCode.VALIDATION_BAD_ISSUER, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.VALIDATION_BAD_ISSUER, e.getErrorCode(), + "Expected error code VALIDATION_BAD_ISSUER"); } } - + /** * Verifies that the audience is correct. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testMismatchingAudience() throws Exception { @@ -439,12 +438,12 @@ public void testMismatchingAudience() throws Exception { String jwt = this.sadFactory.createJwt(sad); SADRequest sadRequest = SADRequestBuilder.builder() - .id(SAD_REQUEST_ID) - .requesterID("http://another-sp.com") - .signRequestID(SIGN_REQUEST_ID) - .docCount(1) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id(SAD_REQUEST_ID) + .requesterID("http://another-sp.com") + .signRequestID(SIGN_REQUEST_ID) + .docCount(1) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); @@ -452,21 +451,21 @@ public void testMismatchingAudience() throws Exception { addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_SAD, jwt); SADValidator validator = SADParser.getValidator(this.validationCertificate); - + try { validator.validate(authnRequest, assertion); - Assert.fail("Expected SADValidationException - VALIDATION_BAD_AUDIENCE"); + Assertions.fail("Expected SADValidationException - VALIDATION_BAD_AUDIENCE"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code VALIDATION_BAD_AUDIENCE", ErrorCode.VALIDATION_BAD_AUDIENCE, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.VALIDATION_BAD_AUDIENCE, e.getErrorCode(), + "Expected error code VALIDATION_BAD_AUDIENCE"); } } - + /** * Verifies that the subject is correct. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testMismatchingSubject() throws Exception { @@ -475,12 +474,12 @@ public void testMismatchingSubject() throws Exception { String jwt = this.sadFactory.createJwt(sad); SADRequest sadRequest = SADRequestBuilder.builder() - .id(SAD_REQUEST_ID) - .requesterID(SIGNSERVICE_ENTITYID) - .signRequestID(SIGN_REQUEST_ID) - .docCount(1) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id(SAD_REQUEST_ID) + .requesterID(SIGNSERVICE_ENTITYID) + .signRequestID(SIGN_REQUEST_ID) + .docCount(1) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); @@ -488,21 +487,21 @@ public void testMismatchingSubject() throws Exception { addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_SAD, jwt); SADValidator validator = SADParser.getValidator(this.validationCertificate); - + try { validator.validate(authnRequest, assertion); - Assert.fail("Expected SADValidationException - VALIDATION_BAD_SUBJECT"); + Assertions.fail("Expected SADValidationException - VALIDATION_BAD_SUBJECT"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code VALIDATION_BAD_SUBJECT", ErrorCode.VALIDATION_BAD_SUBJECT, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.VALIDATION_BAD_SUBJECT, e.getErrorCode(), + "Expected error code VALIDATION_BAD_SUBJECT"); } } - + /** * Verifies that the "in-response-to" is correct. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testMismatchingInResponseTo() throws Exception { @@ -511,12 +510,12 @@ public void testMismatchingInResponseTo() throws Exception { String jwt = this.sadFactory.createJwt(sad); SADRequest sadRequest = SADRequestBuilder.builder() - .id("another-id") - .requesterID(SIGNSERVICE_ENTITYID) - .signRequestID(SIGN_REQUEST_ID) - .docCount(1) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id("another-id") + .requesterID(SIGNSERVICE_ENTITYID) + .signRequestID(SIGN_REQUEST_ID) + .docCount(1) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); @@ -524,21 +523,20 @@ public void testMismatchingInResponseTo() throws Exception { addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_SAD, jwt); SADValidator validator = SADParser.getValidator(this.validationCertificate); - + try { validator.validate(authnRequest, assertion); - Assert.fail("Expected SADValidationException - VALIDATION_BAD_IRT"); + Assertions.fail("Expected SADValidationException - VALIDATION_BAD_IRT"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code VALIDATION_BAD_IRT", ErrorCode.VALIDATION_BAD_IRT, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.VALIDATION_BAD_IRT, e.getErrorCode(), "Expected error code VALIDATION_BAD_IRT"); } } - + /** * Verifies that the LoA from the SAD matches the assertion LoA is correct. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testMismatchingLoa() throws Exception { @@ -548,12 +546,12 @@ public void testMismatchingLoa() throws Exception { String jwt = this.sadFactory.createJwt(sad); SADRequest sadRequest = SADRequestBuilder.builder() - .id(SAD_REQUEST_ID) - .requesterID(SIGNSERVICE_ENTITYID) - .signRequestID(SIGN_REQUEST_ID) - .docCount(1) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id(SAD_REQUEST_ID) + .requesterID(SIGNSERVICE_ENTITYID) + .signRequestID(SIGN_REQUEST_ID) + .docCount(1) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); @@ -561,21 +559,20 @@ public void testMismatchingLoa() throws Exception { addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_SAD, jwt); SADValidator validator = SADParser.getValidator(this.validationCertificate); - + try { validator.validate(authnRequest, assertion); - Assert.fail("Expected SADValidationException - VALIDATION_BAD_LOA"); + Assertions.fail("Expected SADValidationException - VALIDATION_BAD_LOA"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code VALIDATION_BAD_LOA", ErrorCode.VALIDATION_BAD_LOA, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.VALIDATION_BAD_LOA, e.getErrorCode(), "Expected error code VALIDATION_BAD_LOA"); } } - + /** * Verifies that the doc count matches. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testMismatchingDocCount() throws Exception { @@ -584,12 +581,12 @@ public void testMismatchingDocCount() throws Exception { String jwt = this.sadFactory.createJwt(sad); SADRequest sadRequest = SADRequestBuilder.builder() - .id(SAD_REQUEST_ID) - .requesterID(SIGNSERVICE_ENTITYID) - .signRequestID(SIGN_REQUEST_ID) - .docCount(5) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id(SAD_REQUEST_ID) + .requesterID(SIGNSERVICE_ENTITYID) + .signRequestID(SIGN_REQUEST_ID) + .docCount(5) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); @@ -597,21 +594,21 @@ public void testMismatchingDocCount() throws Exception { addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_SAD, jwt); SADValidator validator = SADParser.getValidator(this.validationCertificate); - + try { validator.validate(authnRequest, assertion); - Assert.fail("Expected SADValidationException - VALIDATION_BAD_DOCS"); + Assertions.fail("Expected SADValidationException - VALIDATION_BAD_DOCS"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code VALIDATION_BAD_DOCS", ErrorCode.VALIDATION_BAD_DOCS, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.VALIDATION_BAD_DOCS, e.getErrorCode(), + "Expected error code VALIDATION_BAD_DOCS"); } } - + /** * Verifies that the sign request ID from the SADRequest matches the reqid from the SAD. - * - * @throws Exception - * for errors + * + * @throws Exception for errors */ @Test public void testMismatchingSignRequestId() throws Exception { @@ -620,12 +617,12 @@ public void testMismatchingSignRequestId() throws Exception { String jwt = this.sadFactory.createJwt(sad); SADRequest sadRequest = SADRequestBuilder.builder() - .id(SAD_REQUEST_ID) - .requesterID(SIGNSERVICE_ENTITYID) - .signRequestID("ANOTHER_SIGN_REQUEST_ID") - .docCount(1) - .requestedVersion(SADVersion.VERSION_10) - .build(); + .id(SAD_REQUEST_ID) + .requesterID(SIGNSERVICE_ENTITYID) + .signRequestID("ANOTHER_SIGN_REQUEST_ID") + .docCount(1) + .requestedVersion(SADVersion.VERSION_10) + .build(); AuthnRequest authnRequest = buildAuthnRequest(sadRequest); Assertion assertion = buildAssertion(IDP_ENTITYID, LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3); @@ -633,34 +630,35 @@ public void testMismatchingSignRequestId() throws Exception { addAttribute(assertion, AttributeConstants.ATTRIBUTE_NAME_SAD, jwt); SADValidator validator = SADParser.getValidator(this.validationCertificate); - + try { validator.validate(authnRequest, assertion); - Assert.fail("Expected SADValidationException - VALIDATION_BAD_SIGNREQUESTID"); + Assertions.fail("Expected SADValidationException - VALIDATION_BAD_SIGNREQUESTID"); } catch (SADValidationException e) { - Assert.assertEquals("Expected error code VALIDATION_BAD_SIGNREQUESTID", ErrorCode.VALIDATION_BAD_SIGNREQUESTID, e.getErrorCode()); + Assertions.assertEquals(ErrorCode.VALIDATION_BAD_SIGNREQUESTID, e.getErrorCode(), + "Expected error code VALIDATION_BAD_SIGNREQUESTID"); } - } + } private SAD getTestSAD() { return this.sadFactory.getBuilder() - .subject(USER_ID) - .audience(SIGNSERVICE_ENTITYID) - .inResponseTo(SAD_REQUEST_ID) - .loa(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3) - .requestID(SIGN_REQUEST_ID) - .numberOfDocuments(1) - .buildSAD(); + .subject(USER_ID) + .audience(SIGNSERVICE_ENTITYID) + .inResponseTo(SAD_REQUEST_ID) + .loa(LevelOfAssuranceUris.AUTHN_CONTEXT_URI_LOA3) + .requestID(SIGN_REQUEST_ID) + .numberOfDocuments(1) + .buildSAD(); } private static AuthnRequest buildAuthnRequest(SADRequest sadRequest) { AuthnRequestBuilder builder = AuthnRequestBuilder.builder() - .id("123") - .issuer(SIGNSERVICE_ENTITYID); + .id("123") + .issuer(SIGNSERVICE_ENTITYID); if (sadRequest != null) { - Extensions exts = (Extensions) XMLObjectSupport.buildXMLObject(Extensions.DEFAULT_ELEMENT_NAME); + Extensions exts = (Extensions) XMLObjectSupport.buildXMLObject(Extensions.DEFAULT_ELEMENT_NAME); exts.getUnknownXMLObjects().add(sadRequest); builder = builder.extensions(exts); } @@ -669,19 +667,21 @@ private static AuthnRequest buildAuthnRequest(SADRequest sadRequest) { } private static Assertion buildAssertion(String issuer, String loa) { - Assertion assertion = (Assertion) XMLObjectSupport.buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME); + Assertion assertion = (Assertion) XMLObjectSupport.buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME); assertion.setID("123456"); - Issuer _issuer = (Issuer) XMLObjectSupport.buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME); + Issuer _issuer = (Issuer) XMLObjectSupport.buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME); _issuer.setValue(issuer); assertion.setIssuer(_issuer); - AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) XMLObjectSupport.buildXMLObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME); + AuthnContextClassRef authnContextClassRef = + (AuthnContextClassRef) XMLObjectSupport.buildXMLObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME); authnContextClassRef.setURI(loa); - AuthnContext authnContext = (AuthnContext) XMLObjectSupport.buildXMLObject(AuthnContext.DEFAULT_ELEMENT_NAME); + AuthnContext authnContext = (AuthnContext) XMLObjectSupport.buildXMLObject(AuthnContext.DEFAULT_ELEMENT_NAME); authnContext.setAuthnContextClassRef(authnContextClassRef); - AuthnStatement authnStatement = (AuthnStatement) XMLObjectSupport.buildXMLObject(AuthnStatement.DEFAULT_ELEMENT_NAME); + AuthnStatement authnStatement = + (AuthnStatement) XMLObjectSupport.buildXMLObject(AuthnStatement.DEFAULT_ELEMENT_NAME); authnStatement.setAuthnContext(authnContext); assertion.getAuthnStatements().add(authnStatement); @@ -691,10 +691,11 @@ private static Assertion buildAssertion(String issuer, String loa) { private static void addAttribute(Assertion assertion, String name, String value) { if (assertion.getAttributeStatements().isEmpty()) { - AttributeStatement stmnt = (AttributeStatement) XMLObjectSupport.buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME); + AttributeStatement stmnt = + (AttributeStatement) XMLObjectSupport.buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME); assertion.getAttributeStatements().add(stmnt); } assertion.getAttributeStatements().get(0).getAttributes().add( - AttributeBuilder.builder(name).value(value).build()); + AttributeBuilder.builder(name).value(value).build()); } } diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADRequestBuilderTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADRequestBuilderTest.java index ba7e435..ecb5181 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADRequestBuilderTest.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SADRequestBuilderTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,8 +15,8 @@ */ package se.swedenconnect.opensaml.sweid.saml2.signservice; -import org.junit.Assert; -import org.junit.Test; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import se.swedenconnect.opensaml.sweid.OpenSAMLTestBase; import se.swedenconnect.opensaml.sweid.saml2.signservice.build.SADRequestBuilder; @@ -26,14 +26,14 @@ /** * Test cases for {@code SADRequestBuilder}. - * + * * @author Martin Lindström (martin.lindstrom@litsec.se) */ public class SADRequestBuilderTest extends OpenSAMLTestBase { @Test public void testBuildSADRequest() throws Exception { - + SADRequest request = SADRequestBuilder.builder() .id("_a74a068d0548a919e503e5f9ef901851") .requesterID("http://www.example.com/sigservice") @@ -41,21 +41,22 @@ public void testBuildSADRequest() throws Exception { .docCount(5) .requestedVersion(SADVersion.VERSION_10) .requestParams( - RequestParamsBuilder.builder() - .parameters(RequestParamsBuilder.parameter("param1", "value1"), RequestParamsBuilder.parameter("param2", "value2")) - .build()) + RequestParamsBuilder.builder() + .parameters(RequestParamsBuilder.parameter("param1", "value1"), + RequestParamsBuilder.parameter("param2", "value2")) + .build()) .build(); - - Assert.assertEquals("_a74a068d0548a919e503e5f9ef901851", request.getID()); - Assert.assertEquals("http://www.example.com/sigservice", request.getRequesterID()); - Assert.assertEquals("123456", request.getSignRequestID()); - Assert.assertEquals(Integer.valueOf(5), request.getDocCount()); - Assert.assertEquals(SADVersion.VERSION_10, request.getRequestedVersion()); - Assert.assertTrue(request.getRequestParams().getParameters().size() == 2); - Assert.assertEquals("value1", request.getRequestParams().getParameters().get(0).getValue()); - Assert.assertEquals("param1", request.getRequestParams().getParameters().get(0).getName()); - Assert.assertEquals("value2", request.getRequestParams().getParameters().get(1).getValue()); - Assert.assertEquals("param2", request.getRequestParams().getParameters().get(1).getName()); + + Assertions.assertEquals("_a74a068d0548a919e503e5f9ef901851", request.getID()); + Assertions.assertEquals("http://www.example.com/sigservice", request.getRequesterID()); + Assertions.assertEquals("123456", request.getSignRequestID()); + Assertions.assertEquals(Integer.valueOf(5), request.getDocCount()); + Assertions.assertEquals(SADVersion.VERSION_10, request.getRequestedVersion()); + Assertions.assertTrue(request.getRequestParams().getParameters().size() == 2); + Assertions.assertEquals("value1", request.getRequestParams().getParameters().get(0).getValue()); + Assertions.assertEquals("param1", request.getRequestParams().getParameters().get(0).getName()); + Assertions.assertEquals("value2", request.getRequestParams().getParameters().get(1).getValue()); + Assertions.assertEquals("param2", request.getRequestParams().getParameters().get(1).getName()); } - + } diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageBuilderTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageBuilderTest.java index 99cf53f..2a9e608 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageBuilderTest.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageBuilderTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,8 +15,8 @@ */ package se.swedenconnect.opensaml.sweid.saml2.signservice; -import org.junit.Assert; -import org.junit.Test; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import se.swedenconnect.opensaml.sweid.OpenSAMLTestBase; import se.swedenconnect.opensaml.sweid.saml2.signservice.build.SignMessageBuilder; @@ -25,24 +25,24 @@ /** * Test cases for {@code SignMessageBuilder}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SignMessageBuilderTest extends OpenSAMLTestBase { @Test public void testBuild() throws Exception { - + SignMessage msg = SignMessageBuilder.builder() .mustShow(true) .displayEntity("http://www.example.com/idp") .mimeType(SignMessageMimeTypeEnum.TEXT) .message("This is the sign message") .build(); - - Assert.assertNotNull(msg); - Assert.assertNull(msg.getEncryptedMessage()); - + + Assertions.assertNotNull(msg); + Assertions.assertNull(msg.getEncryptedMessage()); + } - + } diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDecrypterTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDecrypterTest.java index d031d35..ea1e165 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDecrypterTest.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDecrypterTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,8 +17,8 @@ import java.security.KeyStore; -import org.junit.Assert; -import org.junit.Test; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import org.opensaml.core.xml.XMLObject; import org.opensaml.saml.saml2.core.AuthnRequest; import org.opensaml.security.credential.Credential; @@ -32,13 +32,13 @@ /** * Test cases for SignMessageDecrypter. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SignMessageDecrypterTest extends OpenSAMLTestBase { - + private Credential credential; - + public SignMessageDecrypterTest() throws Exception { KeyStore keyStore = loadKeyStore(new ClassPathResource("idp-credentials.jks").getInputStream(), "secret", "JKS"); this.credential = new KeyStoreX509CredentialAdapter(keyStore, "encryption", "secret".toCharArray()); @@ -47,36 +47,37 @@ public SignMessageDecrypterTest() throws Exception { // Bad type // @Test // public void testDecrypt1() throws Exception { -// SignMessageDecrypter decrypter = new SignMessageDecrypter(this.credential); -// +// SignMessageDecrypter decrypter = new SignMessageDecrypter(this.credential); +// // Resource xml = new ClassPathResource("signmessage_bad_type.xml"); // AuthnRequest authnRequest = ObjectUtils.unmarshall(xml.getInputStream(), AuthnRequest.class); -// +// // XMLObject sm = authnRequest.getExtensions().getUnknownXMLObjects(SignMessage.DEFAULT_ELEMENT_NAME).get(0); // SignMessage signMessage = (SignMessage) sm; -// +// // // Message message = decrypter.decrypt(signMessage); -// +// // // Gives: // // // // dGVzdGluZw== -// +// // } @Test public void testDecrypt2() throws Exception { - SignMessageDecrypter decrypter = new SignMessageDecrypter(this.credential); - + SignMessageDecrypter decrypter = new SignMessageDecrypter(this.credential); + Resource xml = new ClassPathResource("signmessage_rsa_1_5.xml"); AuthnRequest authnRequest = unmarshall(xml.getInputStream(), AuthnRequest.class); - + XMLObject sm = authnRequest.getExtensions().getUnknownXMLObjects(SignMessage.DEFAULT_ELEMENT_NAME).get(0); SignMessage signMessage = (SignMessage) sm; - + Message message = decrypter.decrypt(signMessage); - Assert.assertNotNull(message); - Assert.assertNotNull(message.getContent()); - // WW91IGFyZSByZXF1ZXN0ZWQgdG8gc2lnbiB0aGUgZm9sbG93aW5nIGRvY3VtZW50OgoKRG9jdW1lbnQgbmFtZTogZjgzOGE3MDRjNjc3NDYyYjkxYWM4NjQ3ZTdkNmRmZjYueG1sClNpZ25lciBuYW1lOiBPc2thciBKb2hhbnNzb24KU2lnbmVyIElEOiBwZXJzb25hbElkZW50aXR5TnVtYmVyOiAxOTkwMDgyNTIzOTgK + Assertions.assertNotNull(message); + Assertions.assertNotNull(message.getContent()); + // WW91IGFyZSByZXF1ZXN0ZWQgdG8gc2lnbiB0aGUgZm9sbG93aW5nIGRvY3VtZW50OgoKRG9jdW1lbnQgbmFtZTogZjgzOGE3MDRjNjc3NDYyYjkxYWM4NjQ3ZTdkNmRmZjYueG1sClNpZ25lciBuYW1lOiBPc2thciBKb2hhbnNzb24KU2lnbmVyIElEOiBwZXJzb25hbElkZW50aXR5TnVtYmVyOiAxOTkwMDgyNTIzOTgK } } diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDigestIssuerTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDigestIssuerTest.java index e63747e..72ad5da 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDigestIssuerTest.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageDigestIssuerTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 Sweden Connect + * Copyright 2019-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,8 +19,8 @@ import java.security.MessageDigest; import java.util.Base64; -import org.junit.Assert; -import org.junit.Test; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import org.opensaml.saml.saml2.core.Attribute; import org.opensaml.xmlsec.algorithm.AlgorithmDescriptor; import org.opensaml.xmlsec.algorithm.AlgorithmRegistry; @@ -49,14 +49,14 @@ public void testBadInputSet() throws Exception { try { issuer.setDefaultDigestMethod("http://not.a.real.algo"); - Assert.fail("Expected SecurityException"); + Assertions.fail("Expected SecurityException"); } catch (final SecurityException e) { } try { issuer.setDefaultDigestMethod(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - Assert.fail("Expected SecurityException"); + Assertions.fail("Expected SecurityException"); } catch (final SecurityException e) { } @@ -68,16 +68,16 @@ public void testCreate() throws Exception { final SignMessageDigestIssuer issuer = new SignMessageDigestIssuer(); final SignMessage signMessage = SignMessageBuilder.builder() - .message(SignMessageDigestIssuerTest.CONTENTS) - .mimeType(SignMessageMimeTypeEnum.TEXT) - .build(); - + .message(SignMessageDigestIssuerTest.CONTENTS) + .mimeType(SignMessageMimeTypeEnum.TEXT) + .build(); + final Attribute attr = issuer.create(signMessage.getMessage()); - Assert.assertEquals( - String.format("%s;%s", - SignMessageDigestIssuer.DEFAULT_DIGEST_METHOD, this.hash(CONTENTS, - SignMessageDigestIssuer.DEFAULT_DIGEST_METHOD)), - AttributeUtils.getAttributeStringValue(attr)); + Assertions.assertEquals( + String.format("%s;%s", + SignMessageDigestIssuer.DEFAULT_DIGEST_METHOD, this.hash(CONTENTS, + SignMessageDigestIssuer.DEFAULT_DIGEST_METHOD)), + AttributeUtils.getAttributeStringValue(attr)); } private String hash(final String text, final String digestAlgorithm) throws Exception { diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageEncrypterTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageEncrypterTest.java index c512914..8e88439 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageEncrypterTest.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/SignMessageEncrypterTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 Sweden Connect + * Copyright 2019-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,8 +19,8 @@ import java.util.Arrays; import java.util.stream.Collectors; -import org.junit.Assert; -import org.junit.Test; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import org.opensaml.core.xml.io.MarshallingException; import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.opensaml.saml.saml2.metadata.KeyDescriptor; @@ -32,7 +32,7 @@ import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.Resource; -import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import net.shibboleth.shared.component.ComponentInitializationException; import se.swedenconnect.opensaml.saml2.metadata.build.EntityDescriptorBuilder; import se.swedenconnect.opensaml.saml2.metadata.build.IDPSSODescriptorBuilder; import se.swedenconnect.opensaml.saml2.metadata.build.KeyDescriptorBuilder; @@ -48,7 +48,7 @@ /** * Test cases for {@code SignMessageEncrypter}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SignMessageEncrypterTest extends OpenSAMLTestBase { @@ -75,13 +75,13 @@ public void testDefault() throws Exception { .use(UsageType.SIGNING) .certificate(new ClassPathResource("Litsec_SAML_Signing.crt").getInputStream()) .build()); - SAMLObjectEncrypter objectEncrypter = new SAMLObjectEncrypter(this.createMetadataProvider(ed).getMetadataResolver()); + SAMLObjectEncrypter objectEncrypter = new SAMLObjectEncrypter(this.createMetadataProvider(ed).getMetadataResolver()); SignMessageEncrypter encrypter = new SignMessageEncrypter(objectEncrypter); encrypter.encrypt(signMessage, ENTITY_ID); - Assert.assertNotNull(signMessage.getEncryptedMessage()); + Assertions.assertNotNull(signMessage.getEncryptedMessage()); // Element e = ObjectUtils.marshall(signMessage); // System.out.println(SerializeSupport.prettyPrintXML(e)); @@ -89,7 +89,7 @@ public void testDefault() throws Exception { String decryptedMsg = this.decrypt(signMessage, new ClassPathResource("Litsec_SAML_Encryption.jks"), "secret", "litsec_saml_encryption"); - Assert.assertEquals(CONTENTS, decryptedMsg); + Assertions.assertEquals(CONTENTS, decryptedMsg); } @Test @@ -112,13 +112,13 @@ public void testNoEncryptionCredentials() throws Exception { try { encrypter.encrypt(signMessage, ENTITY_ID); - Assert.fail("Expected error - no encryption credentials found"); + Assertions.fail("Expected error - no encryption credentials found"); } catch (EncryptionException e) { System.out.println(e.getMessage()); } } - + @Test public void testUnspecified() throws Exception { @@ -144,7 +144,7 @@ public void testUnspecified() throws Exception { encrypter.encrypt(signMessage, ENTITY_ID); - Assert.assertNotNull(signMessage.getEncryptedMessage()); + Assertions.assertNotNull(signMessage.getEncryptedMessage()); // Element e = ObjectUtils.marshall(signMessage); // System.out.println(SerializeSupport.prettyPrintXML(e)); @@ -152,9 +152,9 @@ public void testUnspecified() throws Exception { String decryptedMsg = this.decrypt(signMessage, new ClassPathResource("Litsec_SAML_Encryption.jks"), "secret", "litsec_saml_encryption"); - Assert.assertEquals(CONTENTS, decryptedMsg); + Assertions.assertEquals(CONTENTS, decryptedMsg); } - + @Test public void testCapabilitiesSimple() throws Exception { @@ -171,7 +171,7 @@ public void testCapabilitiesSimple() throws Exception { .use(UsageType.ENCRYPTION) .certificate(new ClassPathResource("Litsec_SAML_Encryption.crt").getInputStream()) .encryptionMethods(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM, EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15) - .build(), + .build(), KeyDescriptorBuilder.builder() .use(UsageType.SIGNING) .certificate(new ClassPathResource("Litsec_SAML_Signing.crt").getInputStream()) @@ -181,7 +181,7 @@ public void testCapabilitiesSimple() throws Exception { encrypter.encrypt(signMessage, ENTITY_ID); - Assert.assertNotNull(signMessage.getEncryptedMessage()); + Assertions.assertNotNull(signMessage.getEncryptedMessage()); // Element e = ObjectUtils.marshall(signMessage); // System.out.println(SerializeSupport.prettyPrintXML(e)); @@ -189,8 +189,8 @@ public void testCapabilitiesSimple() throws Exception { String decryptedMsg = this.decrypt(signMessage, new ClassPathResource("Litsec_SAML_Encryption.jks"), "secret", "litsec_saml_encryption"); - Assert.assertEquals(CONTENTS, decryptedMsg); - } + Assertions.assertEquals(CONTENTS, decryptedMsg); + } private String decrypt(SignMessage signMessage, Resource jks, String password, String alias) throws Exception { KeyStore keyStore = loadKeyStore(jks.getInputStream(), password, "JKS"); diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADRequestTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADRequestTest.java index ad324ff..6b8a454 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADRequestTest.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADRequestTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,8 +18,8 @@ import java.io.ByteArrayInputStream; import java.nio.charset.Charset; -import org.junit.Assert; -import org.junit.Test; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import org.opensaml.core.xml.util.XMLObjectSupport; import org.w3c.dom.Element; @@ -27,59 +27,59 @@ /** * Test cases for {@code SADRequest}. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SADRequestTest extends OpenSAMLTestBase { /** * Test to marshall and unmarshall the object. - * + * * @throws Exception * for errors */ @Test public void testMarshallUnmarshall() throws Exception { - SADRequest request = (SADRequest) XMLObjectSupport.buildXMLObject(SADRequest.DEFAULT_ELEMENT_NAME); + SADRequest request = (SADRequest) XMLObjectSupport.buildXMLObject(SADRequest.DEFAULT_ELEMENT_NAME); request.setID("_a74a068d0548a919e503e5f9ef901851"); request.setRequesterID("http://www.example.com/sigservice"); request.setSignRequestID("123456"); request.setDocCount(5); request.setRequestedVersion(SADVersion.VERSION_10); - - Parameter p1 = (Parameter) XMLObjectSupport.buildXMLObject(Parameter.DEFAULT_ELEMENT_NAME); + + Parameter p1 = (Parameter) XMLObjectSupport.buildXMLObject(Parameter.DEFAULT_ELEMENT_NAME); p1.setName("param1"); p1.setValue("value1"); - + Parameter p2 = (Parameter) XMLObjectSupport.buildXMLObject(Parameter.DEFAULT_ELEMENT_NAME); p2.setName("param2"); p2.setValue("value2"); - + RequestParams rp = (RequestParams) XMLObjectSupport.buildXMLObject(RequestParams.DEFAULT_ELEMENT_NAME); rp.getParameters().add(p1); rp.getParameters().add(p2); request.setRequestParams(rp); Element element = XMLObjectSupport.marshall(request); - - SADRequest request2 = (SADRequest) XMLObjectSupport.getUnmarshaller(element).unmarshall(element); - - Assert.assertEquals(request.getID(), request2.getID()); - Assert.assertEquals(request.getRequesterID(), request2.getRequesterID()); - Assert.assertEquals(request.getSignRequestID(), request2.getSignRequestID()); - Assert.assertEquals(request.getDocCount(), request2.getDocCount()); - Assert.assertEquals(request.getRequestedVersion(), request2.getRequestedVersion()); - Assert.assertTrue(request2.getRequestParams().getParameters().size() == 2); - Assert.assertEquals(p1.getValue(), request2.getRequestParams().getParameters().get(0).getValue()); - Assert.assertEquals(p1.getName(), request2.getRequestParams().getParameters().get(0).getName()); - Assert.assertEquals(p2.getValue(), request2.getRequestParams().getParameters().get(1).getValue()); - Assert.assertEquals(p2.getName(), request2.getRequestParams().getParameters().get(1).getName()); + + SADRequest request2 = (SADRequest) XMLObjectSupport.getUnmarshaller(element).unmarshall(element); + + Assertions.assertEquals(request.getID(), request2.getID()); + Assertions.assertEquals(request.getRequesterID(), request2.getRequesterID()); + Assertions.assertEquals(request.getSignRequestID(), request2.getSignRequestID()); + Assertions.assertEquals(request.getDocCount(), request2.getDocCount()); + Assertions.assertEquals(request.getRequestedVersion(), request2.getRequestedVersion()); + Assertions.assertTrue(request2.getRequestParams().getParameters().size() == 2); + Assertions.assertEquals(p1.getValue(), request2.getRequestParams().getParameters().get(0).getValue()); + Assertions.assertEquals(p1.getName(), request2.getRequestParams().getParameters().get(0).getName()); + Assertions.assertEquals(p2.getValue(), request2.getRequestParams().getParameters().get(1).getValue()); + Assertions.assertEquals(p2.getName(), request2.getRequestParams().getParameters().get(1).getName()); } @Test public void testUnmarshallOtherNs() throws Exception { - String xml = + String xml = "\n" + " http://www.example.com/sigservice" + " 123456\n" + @@ -92,17 +92,17 @@ public void testUnmarshallOtherNs() throws Exception { ""; SADRequest request = unmarshall(new ByteArrayInputStream(xml.getBytes(Charset.forName("UTF-8"))), SADRequest.class); - - Assert.assertEquals("_a74a068d0548a919e503e5f9ef901851", request.getID()); - Assert.assertEquals("http://www.example.com/sigservice", request.getRequesterID()); - Assert.assertEquals("123456", request.getSignRequestID()); - Assert.assertEquals(Integer.valueOf(5), request.getDocCount()); - Assert.assertEquals(SADVersion.valueOf("2.0"), request.getRequestedVersion()); - Assert.assertTrue(request.getRequestParams().getParameters().size() == 2); - Assert.assertEquals("value1", request.getRequestParams().getParameters().get(0).getValue()); - Assert.assertEquals("param1", request.getRequestParams().getParameters().get(0).getName()); - Assert.assertEquals("value2", request.getRequestParams().getParameters().get(1).getValue()); - Assert.assertEquals("param2", request.getRequestParams().getParameters().get(1).getName()); + + Assertions.assertEquals("_a74a068d0548a919e503e5f9ef901851", request.getID()); + Assertions.assertEquals("http://www.example.com/sigservice", request.getRequesterID()); + Assertions.assertEquals("123456", request.getSignRequestID()); + Assertions.assertEquals(Integer.valueOf(5), request.getDocCount()); + Assertions.assertEquals(SADVersion.valueOf("2.0"), request.getRequestedVersion()); + Assertions.assertTrue(request.getRequestParams().getParameters().size() == 2); + Assertions.assertEquals("value1", request.getRequestParams().getParameters().get(0).getValue()); + Assertions.assertEquals("param1", request.getRequestParams().getParameters().get(0).getName()); + Assertions.assertEquals("value2", request.getRequestParams().getParameters().get(1).getValue()); + Assertions.assertEquals("param2", request.getRequestParams().getParameters().get(1).getName()); } } diff --git a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADTest.java b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADTest.java index a1f1328..661d374 100644 --- a/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADTest.java +++ b/src/test/java/se/swedenconnect/opensaml/sweid/saml2/signservice/sap/SADTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 Sweden Connect + * Copyright 2016-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,31 +19,31 @@ import java.time.LocalDateTime; import java.time.ZoneOffset; -import org.junit.Assert; -import org.junit.Test; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import se.swedenconnect.opensaml.sweid.saml2.attribute.AttributeConstants; import se.swedenconnect.opensaml.sweid.saml2.authn.LevelOfAssuranceUris; /** * Test cases for the {@link SAD} implementation. - * + * * @author Martin Lindström (martin@idsec.se) */ public class SADTest { /** * Tests creating a SAD and serializing and deserializing. - * + * * @throws Exception * for errors */ @Test public void testEncodeDecode() throws Exception { - + Instant issuance = LocalDateTime.of(2018, 1, 17, 14, 22, 37, 0).toInstant(ZoneOffset.UTC); Instant expiry = issuance.plusSeconds(5 * 60); - + SAD sad = new SAD(); sad.setSubject("196302052383"); sad.setAudience("http://www.example.com/sigservice"); @@ -59,19 +59,19 @@ public void testEncodeDecode() throws Exception { ext.setRequestID("f6e7d061a23293b0053dc7b038a04dad"); ext.setNumberOfDocuments(1); sad.setSeElnSadext(ext); - + Instant exp = sad.getExpiryDateTime(); - Assert.assertEquals(sad.getExpiry().intValue(), (int) (exp.toEpochMilli() / 1000)); - + Assertions.assertEquals(sad.getExpiry().intValue(), (int) (exp.toEpochMilli() / 1000)); + String json = sad.toJson(); SAD sad2 = SAD.fromJson(json); - Assert.assertEquals(sad, sad2); + Assertions.assertEquals(sad, sad2); SAD sad3 = SAD.fromJson(json); - Assert.assertEquals(sad, sad3); + Assertions.assertEquals(sad, sad3); } } diff --git a/src/test/resources/version.properties b/src/test/resources/version.properties new file mode 100644 index 0000000..1c14616 --- /dev/null +++ b/src/test/resources/version.properties @@ -0,0 +1 @@ +library.version=${project.version} \ No newline at end of file