diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-03-14 08:35:56 +0100 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-03-14 08:38:41 +0100 |
| commit | 6af904f899b5e20c92fe7ada53fa8253b3d29cb3 (patch) | |
| tree | d113598a1ce12c5d76f934cff7341e772035b2ef | |
| parent | 3979e8addd354e59d5601d1ad89b4fad228da2d5 (diff) | |
| download | moa-id-spss-6af904f899b5e20c92fe7ada53fa8253b3d29cb3.tar.gz moa-id-spss-6af904f899b5e20c92fe7ada53fa8253b3d29cb3.tar.bz2 moa-id-spss-6af904f899b5e20c92fe7ada53fa8253b3d29cb3.zip | |
workaround to fix possible problem with OpenSAML SecureRandomIdentifierGenerator in combination with JDK 8.121 and IAIK_JCE that cause in a java.lang.ArrayIndexOutOfBoundsException
2 files changed, 26 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java index 9d57c2bae..28a85b4af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -46,6 +46,8 @@ import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.io.MarshallingException; import org.w3c.dom.Document; +import at.gv.egovernment.moa.id.util.Random; + public class SAML2Utils { public static <T> T createSAMLObject(final Class<T> clazz) { @@ -66,7 +68,19 @@ public class SAML2Utils { } public static String getSecureIdentifier() { - return idGenerator.generateIdentifier(); + return "_".concat(Random.nextHexRandom16()); + + /*Bug-Fix: There are open problems with RandomNumberGenerator via Java SPI and Java JDK 8.121 + * Generation of a 16bit Random identifier FAILES with an Caused by: java.lang.ArrayIndexOutOfBoundsException + * Caused by: java.lang.ArrayIndexOutOfBoundsException + at iaik.security.random.o.engineNextBytes(Unknown Source) + at iaik.security.random.SecRandomSpi.engineNextBytes(Unknown Source) + at java.security.SecureRandom.nextBytes(SecureRandom.java:468) + at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:62) + at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56) + at at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils.getSecureIdentifier(SAML2Utils.java:69) + */ + //return idGenerator.generateIdentifier(); } private static SecureRandomIdentifierGenerator idGenerator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index ba45a3679..1f9050a31 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -114,11 +114,21 @@ public class Random { * * @return random hex encoded value [256bit] */ - public static String nextHexRandom() { + public static String nextHexRandom32() { return new String(Hex.encodeHex(nextByteRandom(32))); // 32 bytes = 256 bits } + /** + * Creates a new random number [128bit], and encode it as hex value. + * + * @return random hex encoded value [128bit] + */ + public static String nextHexRandom16() { + return new String(Hex.encodeHex(nextByteRandom(16))); // 16 bytes = 128 bits + + } + /** * Creates a new random number [64bit], to be used as an ID. * |