italia · peppelinux · Jul 15, 2021 · May 16, 2021 · May 16, 2021 · May 17, 2021
diff --git a/.gitignore b/.gitignore
@@ -29,3 +29,7 @@ hs_err_pid*
 #idea
 *.iml
 .idea
+
+spid-spring-integration/target/
+spid-spring-rest/target/
+spid-spring-integration/bin/
diff --git a/pom.xml b/pom.xml
@@ -36,7 +36,11 @@
 			<artifactId>spring-core</artifactId>
 			<version>${spring.version}</version>
 		</dependency>
-
+		<dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.20</version>
+        </dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-test</artifactId>

diff --git a/...ng-integration/src/main/java/it/italia/developers/spid/integration/config/SAMLConfig.java b/...ng-integration/src/main/java/it/italia/developers/spid/integration/config/SAMLConfig.java
@@ -1,5 +1,8 @@
 package it.italia.developers.spid.integration.config;
 
+import lombok.Data;
+
+@Data
 public class SAMLConfig {
 
 	private String idpEntityId;
@@ -11,65 +14,4 @@ public class SAMLConfig {
 	private String alias;
 	private String defaultBaseUrl;
 	private String x509Certificate;
-
-	public String getIdpEntityId() {
-		return idpEntityId;
-	}
-
-	public void setIdpEntityId(final String idpEntityId) {
-		this.idpEntityId = idpEntityId;
-	}
-
-	public String getX509Certificate() {
-		return x509Certificate;
-	}
-
-	public void setX509Certificate(final String x509Certificate) {
-		this.x509Certificate = x509Certificate;
-	}
-
-	public String getSpEntityId() {
-		return spEntityId;
-	}
-
-	public void setSpEntityId(final String spEntityId) {
-		this.spEntityId = spEntityId;
-	}
-
-	public String getDefaultBaseUrl() {
-		return defaultBaseUrl;
-	}
-
-	public void setDefaultBaseUrl(final String defaultBaseUrl) {
-		this.defaultBaseUrl = defaultBaseUrl;
-	}
-
-	public String getLoginUrl() {
-		return loginUrl;
-	}
-
-	public void setLoginUrl(final String loginUrl) {
-		this.loginUrl = loginUrl;
-	}
-
-	public String getLogoutUrl() {
-		return logoutUrl;
-	}
-
-	public void setLogoutUrl(final String logoutUrl) {
-		this.logoutUrl = logoutUrl;
-	}
-
-	public String getBaseUrl() {
-		return defaultBaseUrl;
-	}
-
-	public String getAlias() {
-		return alias;
-	}
-
-	public void setAlias(final String alias) {
-		this.alias = alias;
-	}
-
 }
diff --git a/...g-integration/src/main/java/it/italia/developers/spid/integration/config/SAMLContext.java b/...g-integration/src/main/java/it/italia/developers/spid/integration/config/SAMLContext.java
@@ -29,10 +29,14 @@
 import org.springframework.security.saml.processor.SAMLProcessor;
 import org.springframework.security.saml.processor.SAMLProcessorImpl;
 
+import lombok.Getter;
+
 public class SAMLContext {
 	private static final Logger logger = LoggerFactory.getLogger(SAMLContext.class);
+
+	@Getter
 	private static final SAMLProcessor samlProcessor;
-
+	@Getter
 	private MetadataManager metadataManager;
 	private KeyManager idpKeyManager;
 
@@ -88,18 +92,6 @@ public SAMLMessageContext createSamlMessageContext(final HttpServletRequest requ
 		return context;
 	}
 
-	public SAMLProcessor getSamlProcessor() {
-		return samlProcessor;
-	}
-
-	public MetadataManager getMetadataManager() {
-		return metadataManager;
-	}
-
-	public KeyManager getIdpKeyManager() {
-		return idpKeyManager;
-	}
-
 	private String getDefaultBaseURL(final HttpServletRequest request) {
         StringBuilder sb = new StringBuilder();
         sb.append(request.getScheme()).append("://").append(request.getServerName()).append(":").append(request.getServerPort());

diff --git a/...ation/src/main/java/it/italia/developers/spid/integration/config/SpMetadataGenerator.java b/...ation/src/main/java/it/italia/developers/spid/integration/config/SpMetadataGenerator.java
@@ -23,7 +23,7 @@ public MetadataProvider generate(final SAMLConfig configuration) throws ServletE
 
 	    // Defaults
 	    String alias = configuration.getAlias();
-	    String baseURL = configuration.getBaseUrl();
+	    String baseURL = configuration.getDefaultBaseUrl();
 
 	    generator.setEntityBaseURL(baseURL);
 	    List<String> ssoBindings = new ArrayList<String>();

diff --git a/...n/java/it/italia/developers/spid/integration/service/impl/SPIDIntegrationServiceImpl.java b/...n/java/it/italia/developers/spid/integration/service/impl/SPIDIntegrationServiceImpl.java
@@ -111,14 +111,14 @@ public ResponseDecoded processAuthenticationResponse(
 			SAMLMessageContext messageContext = context.createSamlMessageContext(request, response);
 
 			// Process response
-			context.getSamlProcessor().retrieveMessage(messageContext);
+			SAMLContext.getSamlProcessor().retrieveMessage(messageContext);
 
 			messageContext
 					.setLocalEntityEndpoint(SAMLUtil.getEndpoint(messageContext.getLocalEntityRoleMetadata().getEndpoints(),
 							messageContext.getInboundSAMLBinding(), new HttpServletRequestAdapter(request)));
 			messageContext.getPeerEntityMetadata().setEntityID(saml2Config.getIdpEntityId());
 
-			WebSSOProfileConsumer consumer = new WebSSOProfileConsumerImpl(context.getSamlProcessor(),
+			WebSSOProfileConsumer consumer = new WebSSOProfileConsumerImpl(SAMLContext.getSamlProcessor(),
 					context.getMetadataManager());
 			credential = consumer.processAuthenticationResponse(messageContext);
 		}

diff --git a/...src/main/java/it/italia/developers/spid/integration/util/AuthenticationInfoExtractor.java b/...src/main/java/it/italia/developers/spid/integration/util/AuthenticationInfoExtractor.java
@@ -46,6 +46,7 @@ public class AuthenticationInfoExtractor {
 	private static final String SAML2_PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol";
 	private static final String SAML2_POST_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
 	private static final String SAML2_NAME_ID_POLICY = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient";
+	private static final String SAML2_ISSUER = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity";
 	private static final String SAML2_PASSWORD_PROTECTED_TRANSPORT = "https://www.spid.gov.it/SpidL2";
 	private static final String SAML2_ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion";
 	private static final String SPID_SPRING_INTEGRATION_IDP_PREFIX = "spid.spring.integration.idp.";
@@ -114,8 +115,8 @@ public AuthenticationInfoExtractor(String entityId, SPIDIntegrationUtil spidInte
 			}
 
 			// Caricamento IDP da entityID
-			AuthnRequest buildAuthenticationRequest = buildAuthenticationRequest(assertionConsumerServiceUrl, assertionConsumerServiceIndex, spEntityDescriptor.getEntityID(), id, destination);
-			String encodedAuthnRequest = spidIntegrationUtil.encodeAndPrintAuthnRequest(buildAuthenticationRequest);
+			AuthnRequest authnRequest = buildAuthenticationRequest(assertionConsumerServiceUrl, assertionConsumerServiceIndex, spEntityDescriptor.getEntityID(), id, destination);
+			String encodedAuthnRequest = spidIntegrationUtil.encodeAuthnRequest(authnRequest, false);
 
 			// TODO caricare da metadati SP
 			authRequest.setDestinationUrl(destination);
@@ -188,10 +189,8 @@ public AuthnRequest buildAuthenticationRequest(String assertionConsumerServiceUr
 		AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
 
 		AuthnRequest authRequest = authRequestBuilder.buildObject(SAML2_PROTOCOL, "AuthnRequest", "samlp");
-		authRequest.setIsPassive(Boolean.FALSE);
+		authRequest.setForceAuthn(Boolean.TRUE);
 		authRequest.setIssueInstant(issueInstant);
-		authRequest.setProtocolBinding(SAML2_POST_BINDING);
-		authRequest.setAssertionConsumerServiceURL(assertionConsumerServiceUrl);
 		authRequest.setAssertionConsumerServiceIndex(assertionConsumerServiceIndex);
 		authRequest.setIssuer(buildIssuer(issuerId));
 		authRequest.setNameIDPolicy(buildNameIDPolicy());
@@ -218,7 +217,7 @@ private RequestedAuthnContext buildRequestedAuthnContext() {
 		// Create RequestedAuthnContext
 		RequestedAuthnContextBuilder requestedAuthnContextBuilder = new RequestedAuthnContextBuilder();
 		RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
-		requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
+		requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
 		requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
 
 		return requestedAuthnContext;
@@ -233,7 +232,7 @@ private Issuer buildIssuer(String issuerId) {
 		IssuerBuilder issuerBuilder = new IssuerBuilder();
 		Issuer issuer = issuerBuilder.buildObject();
 		issuer.setNameQualifier(issuerId);
-		issuer.setFormat(SAML2_NAME_ID_POLICY);
+		issuer.setFormat(SAML2_ISSUER);
 		issuer.setValue(issuerId);
 		return issuer;
 	}

diff --git a/...gration/src/main/java/it/italia/developers/spid/integration/util/SPIDIntegrationUtil.java b/...gration/src/main/java/it/italia/developers/spid/integration/util/SPIDIntegrationUtil.java
@@ -34,6 +34,8 @@
 import org.opensaml.xml.signature.KeyInfo;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.Signer;
 import org.opensaml.xml.util.Base64;
 import org.opensaml.xml.util.XMLHelper;
 import org.slf4j.Logger;
@@ -81,9 +83,12 @@ public SPIDIntegrationUtil() {
 	 * @throws IOException
 	 * @throws ConfigurationException
 	 */
-	public String encodeAndPrintAuthnRequest(AuthnRequest authnRequest) throws IntegrationServiceException {
+	public String encodeAuthnRequest(AuthnRequest authnRequest, boolean compress) throws IntegrationServiceException {
 
 		String requestMessage = printAuthnRequest(authnRequest);
+		if(!compress) {
+			return Base64.encodeBytes(requestMessage.getBytes(), Base64.DONT_BREAK_LINES);
+		}
 		Deflater deflater = new Deflater(Deflater.DEFLATED, true);
 		ByteArrayOutputStream byteArrayOutputStream = null;
 		DeflaterOutputStream deflaterOutputStream = null;
@@ -130,6 +135,13 @@ public String printAuthnRequest(AuthnRequest authnRequest) throws IntegrationSer
 			log.error("printAuthnRequest :: " + e.getMessage(), e);
 			throw new IntegrationServiceException(e);
 		}
+
+		try {
+			Signer.signObject(authnRequest.getSignature());
+		} catch (SignatureException e) {
+			throw new IntegrationServiceException(e);
+		}
+
 		// converting to a DOM
 		StringWriter requestWriter = new StringWriter();
 		requestWriter = new StringWriter();
@@ -172,8 +184,6 @@ public Credential getCredential() {
 		credential.setEntityCertificate(certificate);
 		credential.setPrivateKey(pk);
 
-		log.info("Private Key" + pk.toString());
-
 		return credential;
 	}
 
@@ -223,7 +233,6 @@ public Signature getSignature() {
 		KeyStore ks = getKeyStore();
 		try {
 			X509Certificate certificate = (X509Certificate) ks.getCertificate(certificateAliasName);
-			KeyInfoHelper.addPublicKey(keyInfo, certificate.getPublicKey());
 			KeyInfoHelper.addCertificate(keyInfo, certificate);
 		}
 		catch (CertificateEncodingException e) {

diff --git a/...est/src/main/java/it/italia/developers/spid/spidspringrest/SpidSpringRestApplication.java b/...est/src/main/java/it/italia/developers/spid/spidspringrest/SpidSpringRestApplication.java
@@ -38,11 +38,6 @@ public static void main(final String[] args) {
 	@Bean
 	public Docket api() {
 		return new Docket(DocumentationType.SWAGGER_2).select().apis(RequestHandlerSelectors.any()).paths(PathSelectors.any()).build().apiInfo(apiInfo());
-		// .useDefaultResponseMessages(false)
-		// .globalResponseMessage(RequestMethod.GET, errorList())
-		// .globalResponseMessage(RequestMethod.POST, errorList())
-		// .globalResponseMessage(RequestMethod.PUT, errorList())
-		// .globalResponseMessage(RequestMethod.DELETE, errorList());
 	}
 
 	private List<ResponseMessage> errorList() {

diff --git a/spid-spring-rest/src/main/java/it/italia/developers/spid/spidspringrest/model/ExtraInfo.java b/spid-spring-rest/src/main/java/it/italia/developers/spid/spidspringrest/model/ExtraInfo.java
@@ -1,28 +1,12 @@
 package it.italia.developers.spid.spidspringrest.model;
 
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+@Data
+@AllArgsConstructor
 public class ExtraInfo {
 
 	private String title;
 	private String url;
-
-	public ExtraInfo() {
-	}
-
-	public ExtraInfo(final String title, final String url) {
-		this.title = title;
-		this.url = url;
-	}
-
-	public String getTitle() {
-		return title;
-	}
-	public void setTitle(final String title) {
-		this.title = title;
-	}
-	public String getUrl() {
-		return url;
-	}
-	public void setUrl(final String url) {
-		this.url = url;
-	}
 }
diff --git a/...ring-rest/src/main/java/it/italia/developers/spid/spidspringrest/model/SpidProviders.java b/...ring-rest/src/main/java/it/italia/developers/spid/spidspringrest/model/SpidProviders.java
@@ -3,22 +3,11 @@
 import java.util.List;
 
 import it.italia.developers.spid.integration.model.IdpEntry;
+import lombok.Data;
 
+@Data
 public class SpidProviders {
 
 	private List<IdpEntry> identityProviders;
 	private List<ExtraInfo> extraInfo;
-
-	public List<IdpEntry> getIdentityProviders() {
-		return identityProviders;
-	}
-	public void setIdentityProviders(final List<IdpEntry> identityProviders) {
-		this.identityProviders = identityProviders;
-	}
-	public List<ExtraInfo> getExtraInfo() {
-		return extraInfo;
-	}
-	public void setExtraInfo(final List<ExtraInfo> extraInfo) {
-		this.extraInfo = extraInfo;
-	}
 }