From 6d1a627987f38abfc73885dd177a6b548907fa50 Mon Sep 17 00:00:00 2001 From: "hausegger.michael@googlemail.com" Date: Wed, 16 May 2018 20:41:28 +0200 Subject: [PATCH] Added some minor code improvements. --- .../egiz/bku/gui/PINManagementGUIFacade.java | 4 +- .../egiz/bku/online/webapp/ResultServlet.java | 10 +- .../egiz/stal/service/types/RequestType.java | 1 - .../bku/accesscontroller/RuleChecker.java | 49 ++++++---- .../egiz/bku/slcommands/SLCommandFactory.java | 2 +- .../at/gv/egiz/bku/slcommands/SLResult.java | 42 ++++---- .../impl/cms/ReferencedHashDataInput.java | 1 + .../bku/accesscontroller/RuleCheckerTest.java | 97 ++++++++++++++----- .../main/java/at/gv/egiz/smcc/PinInfo.java | 2 +- .../java/at/gv/egiz/smcc/SEIdentityCard.java | 4 +- .../at/gv/egiz/smcc/util/MSCMDecoder.java | 3 +- .../cardchannel/ResponseAPDUType.java | 2 +- .../gv/egiz/bku/utils/binding/Protocol.java | 51 +++++----- .../marshal/NamespacePrefixMapperImpl.java | 1 - .../etsi/uri/_01903/v1_4/ObjectFactory.java | 4 +- .../_04/xmldsig_more_/ObjectFactory.java | 2 +- .../cardchannel/ResponseAPDUTypeTest.java | 22 +++++ .../at/gv/egiz/slbinding/RedirectTest.java | 2 +- 18 files changed, 184 insertions(+), 115 deletions(-) create mode 100644 utils/src/test/java/at/buergerkarte/namespaces/cardchannel/ResponseAPDUTypeTest.java diff --git a/BKUGuiExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUIFacade.java b/BKUGuiExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUIFacade.java index 68815aa6..a7dbe1a8 100644 --- a/BKUGuiExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUIFacade.java +++ b/BKUGuiExt/src/main/java/at/gv/egiz/bku/gui/PINManagementGUIFacade.java @@ -99,9 +99,9 @@ public interface PINManagementGUIFacade extends BKUGUIFacade { public static final String STATUS_UNKNOWN = "status.unknown"; // public enum STATUS { ACTIV, NOT_ACTIV, BLOCKED, UNKNOWN }; - public enum DIALOG { VERIFY, ACTIVATE, CHANGE, UNBLOCK }; + public enum DIALOG { VERIFY, ACTIVATE, CHANGE, UNBLOCK } - public enum PIN_MANAGEMENT_DIALOG_TYPE {DIALOGUE_UNDEFINED, DIALOGUE_PIN_MANAGEMENT, DIALOGUE_PIN}; + public enum PIN_MANAGEMENT_DIALOG_TYPE {DIALOGUE_UNDEFINED, DIALOGUE_PIN_MANAGEMENT, DIALOGUE_PIN} /** * list pins */ diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java index 37cc213d..96963a6f 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java @@ -26,8 +26,6 @@ import java.io.IOException; import java.io.OutputStream; -//import java.net.MalformedURLException; -//import java.net.URL; import java.util.Map; import java.util.Map.Entry; @@ -70,22 +68,18 @@ public void init() throws ServletException { } String url = MoccaParameterBean.getInitParameter("expiredPageUrl", getServletConfig(), getServletContext()); if (url != null) { -// try { -// expiredPageUrl = new URL(url).toString(); -// log.info("Init expiredPageUrl to: {}.", expiredPageUrl); -// } catch (MalformedURLException e) { -// log.error("Failed to set expiredUrlPage '{}': {}.", url, e); -// } expiredPageUrl = url; log.info("Init expiredPageUrl to: {}.", expiredPageUrl); } } + @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); } + @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, java.io.IOException { diff --git a/STALService/src/main/java/at/gv/egiz/stal/service/types/RequestType.java b/STALService/src/main/java/at/gv/egiz/stal/service/types/RequestType.java index fcefbd09..24245618 100644 --- a/STALService/src/main/java/at/gv/egiz/stal/service/types/RequestType.java +++ b/STALService/src/main/java/at/gv/egiz/stal/service/types/RequestType.java @@ -29,7 +29,6 @@ import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlSeeAlso; import javax.xml.bind.annotation.XmlType; -//import at.buergerkarte.namespaces.cardchannel.service.ScriptType; /** diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java index f3ef15c9..ed5651d3 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java @@ -41,9 +41,9 @@ public class RuleChecker implements AccessChecker { private final Logger log = LoggerFactory.getLogger(RuleChecker.class); - public static enum PEER_TYPE { + public enum PEER_TYPE { HOST, IP, URL - }; + } protected String id; protected AuthenticationClass authenticationClass; @@ -163,26 +163,9 @@ protected boolean matchPeerId(String peerUrl) { try { URL url = new URL(peerUrl); if (peerType == PEER_TYPE.HOST) { - try { - String host = url.getHost(); - String hostName = InetAddress.getByName(host) - .getCanonicalHostName(); - Matcher matcher = peerIdPattern.matcher(hostName); - return matcher.matches(); - } catch (UnknownHostException e) { - log.error("Cannot resolve hostname.", e); - return false; - } + return matchByCanonicalHostName(url); } else { - try { - String hostAddr = InetAddress.getByName(url.getHost()) - .getHostAddress(); - Matcher matcher = peerIdPattern.matcher(hostAddr); - return matcher.matches(); - } catch (UnknownHostException e) { - log.error("Cannot resolve host address.", e); - return false; - } + return matchByHostAddress(url); } } catch (MalformedURLException e) { log.error("Cannot parse url.", e); @@ -191,6 +174,30 @@ protected boolean matchPeerId(String peerUrl) { } } + private boolean matchByCanonicalHostName(URL url) { + try { + String hostName = InetAddress.getByName(url.getHost()) + .getCanonicalHostName(); + Matcher matcher = peerIdPattern.matcher(hostName); + return matcher.matches(); + } catch (UnknownHostException e) { + log.error("Cannot resolve hostname.", e); + return false; + } + } + + private boolean matchByHostAddress(URL url) { + try { + String hostAddr = InetAddress.getByName(url.getHost()) + .getHostAddress(); + Matcher matcher = peerIdPattern.matcher(hostAddr); + return matcher.matches(); + } catch (UnknownHostException e) { + log.error("Cannot resolve host address.", e); + return false; + } + } + @Override public RuleResult check(AccessCheckerContext checkCtx) { log.debug("Processing rule: {}.", id); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java index 6eb27160..a15712ed 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java @@ -78,7 +78,7 @@ public void setConcreteFactories( /** * Get an instance of the SLCommandFactory. */ - public synchronized static SLCommandFactory getInstance() { + public static synchronized SLCommandFactory getInstance() { return SLCommandFactoryInstance.INSTANCE; } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java index 0475b6fe..54636a38 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLResult.java @@ -22,32 +22,32 @@ */ -package at.gv.egiz.bku.slcommands; - +package at.gv.egiz.bku.slcommands; + import javax.xml.transform.Result; import javax.xml.transform.Templates; - -public interface SLResult { - - public static enum SLResultType {BINARY, XML}; - - public SLResultType getResultType(); - - /** - * The MIME Type of the Result. - * - * @return may result null if unknown. - */ - public String getMimeType(); - - public void writeTo(Result aResult, boolean fragment); - - /** - * + +public interface SLResult { + + public enum SLResultType {BINARY, XML} + + public SLResultType getResultType(); + + /** + * The MIME Type of the Result. + * + * @return may result null if unknown. + */ + public String getMimeType(); + + public void writeTo(Result aResult, boolean fragment); + + /** + * * @param result * @param templates may be null. * @param fragment TODO - */ + */ public void writeTo(Result result, Templates templates, boolean fragment); } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/ReferencedHashDataInput.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/ReferencedHashDataInput.java index 96e0e7de..c4aea481 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/ReferencedHashDataInput.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/ReferencedHashDataInput.java @@ -54,6 +54,7 @@ public void setUrlDereferencer(URLDereferencer urlDereferencer) { this.urlDereferencer = urlDereferencer; } + @Override public InputStream getHashDataInput() throws IOException { InputStream hashDataInputStream = urlDereferencer.dereference(urlReference).getStream(); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java index 43d0413a..8851fd66 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java @@ -1,30 +1,31 @@ -/* - * Copyright 2011 by Graz University of Technology, Austria - * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint - * initiative of the Federal Chancellery Austria and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - +/* + * Copyright 2011 by Graz University of Technology, Austria + * MOCCA has been developed by the E-Government Innovation Center EGIZ, a joint + * initiative of the Federal Chancellery Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + package at.gv.egiz.bku.accesscontroller; import org.junit.Before; +import org.junit.Ignore; import org.junit.Test; import at.gv.egiz.bku.accesscontroller.RuleChecker.PEER_TYPE; @@ -108,4 +109,52 @@ public void testPeerId() { assertTrue(rr.matchFound()); } + @Test + public void testMatchPeerIdReturnsFalseIfGivenInvalidUrl(){ + RuleChecker ruleChecker = new RuleChecker("1"); + ruleChecker.setPeerId("a", PEER_TYPE.HOST); + + assertFalse(ruleChecker.matchPeerId("asdf")); + } + + @Test + public void testMatchPeerId(){ + RuleChecker ruleChecker = new RuleChecker("1"); + ruleChecker.setPeerId("a", PEER_TYPE.HOST); + + assertFalse(ruleChecker.matchPeerId("http://me:secret@127.0.0.1:80/myPath")); + + ruleChecker.setPeerId("127.0.0.1:80", PEER_TYPE.HOST); + assertFalse(ruleChecker.matchPeerId("http://me:secret@127.0.0.1:80/myPath")); + + ruleChecker.setPeerId("orf.at", PEER_TYPE.HOST); + assertTrue(ruleChecker.matchPeerId("http://me:secret@orf.at/myPath")); + + ruleChecker.setPeerId("a", PEER_TYPE.IP); + assertFalse(ruleChecker.matchPeerId("http://me:secret@127.0.0.1:80/myPath")); + + ruleChecker.setPeerId("127.0.0.1:80", PEER_TYPE.IP); + assertFalse(ruleChecker.matchPeerId("http://me:secret@127.0.0.1:80/myPath")); + + ruleChecker.setPeerId("127.0.0.1", PEER_TYPE.IP); + assertTrue(ruleChecker.matchPeerId("http://me:secret@127.0.0.1:80/myPath")); + + ruleChecker.setPeerId("orf.at", PEER_TYPE.IP); + assertFalse(ruleChecker.matchPeerId("http://me:secret@orf.at/myPath")); + } + + @Ignore("Address resolution would slow down Unit tests too much. " + + "Mocking libraries not integrated in the project yet." + + "Therefore ignored.") + @Test + public void testMatchPeerIdCatchesUnknownHostException(){ + RuleChecker ruleChecker = new RuleChecker("1"); + ruleChecker.setPeerId("a", PEER_TYPE.HOST); + + assertFalse(ruleChecker.matchPeerId("http://me:secret@127.0_01:80/myPath")); + + ruleChecker.setPeerId("orf.at", PEER_TYPE.IP); + assertFalse(ruleChecker.matchPeerId("http://me:secret@or f.at/myPath")); + } + } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PinInfo.java b/smcc/src/main/java/at/gv/egiz/smcc/PinInfo.java index 51a7a5ef..b9bb9a48 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/PinInfo.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/PinInfo.java @@ -34,7 +34,7 @@ */ public class PinInfo { - public enum STATE {UNKNOWN, ACTIV, NOT_ACTIV, BLOCKED}; + public enum STATE {UNKNOWN, ACTIV, NOT_ACTIV, BLOCKED} /** * the number of remaining retries is unknown or irrelevant (blocked, not active states) diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SEIdentityCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SEIdentityCard.java index a56948fc..d2b7fe8e 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SEIdentityCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SEIdentityCard.java @@ -277,9 +277,7 @@ private ResponseAPDU readFromCard(CardChannel channel, byte offsetHi, (byte) 0x00, (byte) 0xB0, offsetHi, offsetLo, numBytes }; CommandAPDU command = new CommandAPDU(apdu); - ResponseAPDU resp = channel.transmit(command); - - return resp; + return channel.transmit(command); } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/MSCMDecoder.java b/smcc/src/main/java/at/gv/egiz/smcc/util/MSCMDecoder.java index 5eddbe25..beef2f0a 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/util/MSCMDecoder.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/MSCMDecoder.java @@ -217,8 +217,7 @@ public static String decodeString(byte[] data, int offset) throws UnsupportedEnc utf8Data[i] = data[offset + 2 + i]; } - String str = new String(utf8Data, "UTF-8"); - return str; + return new String(utf8Data, "UTF-8"); } diff --git a/utils/src/main/java/at/buergerkarte/namespaces/cardchannel/ResponseAPDUType.java b/utils/src/main/java/at/buergerkarte/namespaces/cardchannel/ResponseAPDUType.java index 20a7221f..47b633fe 100644 --- a/utils/src/main/java/at/buergerkarte/namespaces/cardchannel/ResponseAPDUType.java +++ b/utils/src/main/java/at/buergerkarte/namespaces/cardchannel/ResponseAPDUType.java @@ -136,7 +136,7 @@ public void setSequence(BigInteger value) { */ public BigInteger getRc() { if (rc == null) { - return new BigInteger("0"); + return BigInteger.valueOf(0); } else { return rc; } diff --git a/utils/src/main/java/at/gv/egiz/bku/utils/binding/Protocol.java b/utils/src/main/java/at/gv/egiz/bku/utils/binding/Protocol.java index 203ab39c..1b4d45c1 100644 --- a/utils/src/main/java/at/gv/egiz/bku/utils/binding/Protocol.java +++ b/utils/src/main/java/at/gv/egiz/bku/utils/binding/Protocol.java @@ -22,31 +22,32 @@ */ -package at.gv.egiz.bku.utils.binding; - -public enum Protocol { - HTTP("http"), HTTPS("https"), SAML("saml"); - - private String name; - - Protocol(String s) { - name = s; - } - - public String toString() { - return name; - } - - public static Protocol fromString(String protocol) { - if (HTTP.toString().equalsIgnoreCase(protocol)) { - return HTTP; - } - if (HTTPS.toString().equalsIgnoreCase(protocol)) { - return HTTPS; +package at.gv.egiz.bku.utils.binding; + +public enum Protocol { + HTTP("http"), HTTPS("https"), SAML("saml"); + + private String name; + + Protocol(String s) { + name = s; + } + + @Override + public String toString() { + return name; + } + + public static Protocol fromString(String protocol) { + if (HTTP.toString().equalsIgnoreCase(protocol)) { + return HTTP; + } + if (HTTPS.toString().equalsIgnoreCase(protocol)) { + return HTTPS; } if (SAML.toString().equalsIgnoreCase(protocol)) { return SAML; - } - return null; - } -} + } + return null; + } +} diff --git a/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefixMapperImpl.java b/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefixMapperImpl.java index 6d289124..d2167902 100644 --- a/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefixMapperImpl.java +++ b/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefixMapperImpl.java @@ -24,7 +24,6 @@ package at.gv.egiz.marshal; -//import com.sun.xml.internal.bind.marshaller.NamespacePrefixMapper; import java.util.HashMap; import java.util.Map; diff --git a/utils/src/main/java/org/etsi/uri/_01903/v1_4/ObjectFactory.java b/utils/src/main/java/org/etsi/uri/_01903/v1_4/ObjectFactory.java index f66bac9b..f95aab9b 100644 --- a/utils/src/main/java/org/etsi/uri/_01903/v1_4/ObjectFactory.java +++ b/utils/src/main/java/org/etsi/uri/_01903/v1_4/ObjectFactory.java @@ -56,8 +56,8 @@ @XmlRegistry public class ObjectFactory { - private final static QName _ArchiveTimeStamp_QNAME = new QName("http://uri.etsi.org/01903/v1.4.1#", "ArchiveTimeStamp"); - private final static QName _TimeStampValidationData_QNAME = new QName("http://uri.etsi.org/01903/v1.4.1#", "TimeStampValidationData"); + private static final QName _ArchiveTimeStamp_QNAME = new QName("http://uri.etsi.org/01903/v1.4.1#", "ArchiveTimeStamp"); + private static final QName _TimeStampValidationData_QNAME = new QName("http://uri.etsi.org/01903/v1.4.1#", "TimeStampValidationData"); /** * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.etsi.uri._01903.v1_4 diff --git a/utils/src/main/java/org/w3/_2001/_04/xmldsig_more_/ObjectFactory.java b/utils/src/main/java/org/w3/_2001/_04/xmldsig_more_/ObjectFactory.java index 3a497ba8..1428e4ba 100644 --- a/utils/src/main/java/org/w3/_2001/_04/xmldsig_more_/ObjectFactory.java +++ b/utils/src/main/java/org/w3/_2001/_04/xmldsig_more_/ObjectFactory.java @@ -55,7 +55,7 @@ @XmlRegistry public class ObjectFactory { - private final static QName _ECDSAKeyValue_QNAME = new QName("http://www.w3.org/2001/04/xmldsig-more#", "ECDSAKeyValue"); + private static final QName _ECDSAKeyValue_QNAME = new QName("http://www.w3.org/2001/04/xmldsig-more#", "ECDSAKeyValue"); /** * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.w3._2001._04.xmldsig_more_ diff --git a/utils/src/test/java/at/buergerkarte/namespaces/cardchannel/ResponseAPDUTypeTest.java b/utils/src/test/java/at/buergerkarte/namespaces/cardchannel/ResponseAPDUTypeTest.java new file mode 100644 index 00000000..ac06d6c3 --- /dev/null +++ b/utils/src/test/java/at/buergerkarte/namespaces/cardchannel/ResponseAPDUTypeTest.java @@ -0,0 +1,22 @@ +package at.buergerkarte.namespaces.cardchannel; + +import org.junit.Test; + +import java.math.BigInteger; + +import static junit.framework.TestCase.assertEquals; + +/** + * Unit tests for class {@link ResponseAPDUType}. + * + * @see ResponseAPDUType + **/ +public class ResponseAPDUTypeTest { + + @Test + public void testGetRc() throws Exception { + ResponseAPDUType responseAPDUType = new ResponseAPDUType(); + assertEquals(BigInteger.ZERO, responseAPDUType.getRc()); + } + +} \ No newline at end of file diff --git a/utils/src/test/java/at/gv/egiz/slbinding/RedirectTest.java b/utils/src/test/java/at/gv/egiz/slbinding/RedirectTest.java index 7d101960..45cef568 100644 --- a/utils/src/test/java/at/gv/egiz/slbinding/RedirectTest.java +++ b/utils/src/test/java/at/gv/egiz/slbinding/RedirectTest.java @@ -151,7 +151,7 @@ public void testRedirect() { NamespaceContext ctx = sigLocation.getNamespaceContext(); assertNotNull(ctx); String samlNS = ctx.getNamespaceURI("saml"); - assertEquals(samlNS, "urn:oasis:names:tc:SAML:2.0:assertion"); + assertEquals("urn:oasis:names:tc:SAML:2.0:assertion", samlNS); System.out.println("found preserved namespace xmlns:saml " + samlNS); }