diff options
Diffstat (limited to 'eaaf_modules')
7 files changed, 131 insertions, 27 deletions
| diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java index 6550b026..cfa8868e 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java @@ -150,7 +150,32 @@ public abstract class AbstractJsonSecurityUtilsTest {      final String encData = jwe.getCompactSerialization();      Assert.assertNotNull("JWE", encData); +     +    /* +    //decrypt it again +    final JsonWebEncryption jweDecrypt = new JsonWebEncryption(); +    jweDecrypt.setCompactSerialization(encData); +    jweDecrypt.setKey(JoseUtils.convertToBcKeyIfRequired(key.getFirst())); +     +     +    // set special provider if required +    if (rsaEncKeyStore.getSecond() != null) { +      final ProviderContext providerCtx = new ProviderContext(); +      providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(rsaEncKeyStore.getSecond().getName()); +      providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); +      jweDecrypt.setProviderContext(providerCtx); +    } else { +      final ProviderContext providerCtx = new ProviderContext(); +      providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); +      jweDecrypt.setProviderContext(providerCtx); +       +    } +     +    String decPayload = jweDecrypt.getPayload(); +    Assert.assertNotNull("decrypted Payload", decPayload); +    Assert.assertEquals("Decrypted message not match", payLoad, decPayload); +    */    } @@ -171,8 +196,7 @@ public abstract class AbstractJsonSecurityUtilsTest {      // set special provider if required      if (rsaEncKeyStore.getSecond() != null) {        final ProviderContext providerCtx = new ProviderContext(); -      providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( -          rsaEncKeyStore.getSecond().getName()); +      providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(rsaEncKeyStore.getSecond().getName());        providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);        jwe.setProviderContext(providerCtx); @@ -188,6 +212,30 @@ public abstract class AbstractJsonSecurityUtilsTest {      Assert.assertNotNull("JWE", encData); +    //decrypt it again +    final JsonWebEncryption jweDecrypt = new JsonWebEncryption(); +    jweDecrypt.setCompactSerialization(encData); +    jweDecrypt.setKey(JoseUtils.convertToBcKeyIfRequired(key.getFirst())); +     +     +    // set special provider if required +    if (rsaEncKeyStore.getSecond() != null) { +      final ProviderContext providerCtx = new ProviderContext(); +      providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(rsaEncKeyStore.getSecond().getName()); +      providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); +      jweDecrypt.setProviderContext(providerCtx); + +    } else { +      final ProviderContext providerCtx = new ProviderContext(); +      providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); +      jweDecrypt.setProviderContext(providerCtx); +       +    } +     +    String decPayload = jweDecrypt.getPayload(); +    Assert.assertNotNull("decrypted Payload", decPayload); +    Assert.assertEquals("Decrypted message not match", payLoad, decPayload); +    } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java index 4f8b2a23..b01330d2 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java @@ -3,21 +3,24 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils;  import java.security.KeyStore;  import java.security.Provider; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -  import org.apache.commons.lang3.StringUtils;  import org.junit.Before;  import org.junit.runner.RunWith;  import org.springframework.test.context.ContextConfiguration;  import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +  @RunWith(SpringJUnit4ClassRunner.class)  @ContextConfiguration("/spring/test_eaaf_sl20_hsm.beans.xml")  public class JsonSecurityUtilsHsmKeyTest extends AbstractJsonSecurityUtilsTest { +  /** +   * Initialize jUnit test. +   */    @Before    public void initialize() {      config.putConfigValue("modules.sl20.security.sigalg.rsa", "RS256"); diff --git a/eaaf_modules/eaaf_module_pvp2_core/checks/spotbugs-exclude.xml b/eaaf_modules/eaaf_module_pvp2_core/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..b1d216dc --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/checks/spotbugs-exclude.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> +    <Match> +      <!-- allow logging of SAML2 message on trace level --> +      <Class name="at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafHttpPostDecoder"/> +      <Method name="getBase64DecodedMessage" /> +      <Bug pattern="CRLF_INJECTION_LOGS" /> +    </Match> +    <Match> +      <!-- allow logging of SAML2 relaystate on debug level --> +      <Class name="at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafHttpRedirectDeflateDecoder"/> +      <Method name="doDecode" /> +      <Bug pattern="CRLF_INJECTION_LOGS" /> +    </Match> +</FindBugsFilter> diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index 86a66f4e..45819787 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -55,6 +55,10 @@        <artifactId>xmlsec</artifactId>      </dependency>      <dependency> +      <groupId>org.cryptacular</groupId> +      <artifactId>cryptacular</artifactId> +    </dependency> +    <dependency>        <groupId>org.bouncycastle</groupId>        <artifactId>bcprov-jdk15to18</artifactId>      </dependency> @@ -168,6 +172,16 @@          </dependencies>        </plugin> +      <plugin> +        <groupId>com.github.spotbugs</groupId> +        <artifactId>spotbugs-maven-plugin</artifactId> +        <version>${spotbugs-maven-plugin.version}</version> +        <configuration> +          <failOnError>true</failOnError> +          <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile> +        </configuration> +      </plugin> +      </plugins>    </build>  </project> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml b/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..855f39bd --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> +    <Match> +      <!-- allow SHA-1, because transient SubjectNameIDs should have the same pattern as bPKs --> +      <Class name="at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.Pvp2AssertionBuilder"/> +      <Method name="buildAssertion" /> +      <Bug pattern="WEAK_MESSAGE_DIGEST_SHA1" /> +    </Match> +    <Match> +      <!-- allow logging of SAML2 request parameters --> +      <Class name="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPvp2XProtocol"/> +      <Bug pattern="CRLF_INJECTION_LOGS" /> +    </Match> +</FindBugsFilter> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml index 3840c8d9..b92d0f56 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml @@ -91,6 +91,16 @@          </dependencies>        </plugin> +      <plugin> +        <groupId>com.github.spotbugs</groupId> +        <artifactId>spotbugs-maven-plugin</artifactId> +        <version>${spotbugs-maven-plugin.version}</version> +        <configuration> +          <failOnError>true</failOnError> +          <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile> +        </configuration> +      </plugin> +            </plugins>    </build>  </project> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java index b7b18f0f..d2ed2c11 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/Pvp2AssertionBuilder.java @@ -26,26 +26,6 @@ import java.util.List;  import javax.naming.ConfigurationException; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; -import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; -import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotSupportedException; -import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator; -import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException; -import at.gv.egiz.eaaf.modules.pvp2.idp.exception.UnprovideableAttributeException; -import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.QaaLevelVerifier; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -  import org.apache.commons.lang3.StringUtils;  import org.joda.time.DateTime;  import org.opensaml.saml.common.xml.SAMLConstants; @@ -79,6 +59,26 @@ import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.stereotype.Service;  import org.springframework.util.Base64Utils; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.exception.QaaNotSupportedException; +import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.UnprovideableAttributeException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.QaaLevelVerifier; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +  @Service("PVP2AssertionBuilder")  public class Pvp2AssertionBuilder implements PvpConstants { | 
