aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-07-03 12:52:57 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-07-03 12:52:57 +0200
commitb3814742f6a15524a7204246e8ccda666d06befd (patch)
tree55f2f2f1c74d92adb453b10c17422573700891bc
parent37ffa16c121e5be8ad3c060b007ed200359007ea (diff)
downloadmoa-id-spss-b3814742f6a15524a7204246e8ccda666d06befd.tar.gz
moa-id-spss-b3814742f6a15524a7204246e8ccda666d06befd.tar.bz2
moa-id-spss-b3814742f6a15524a7204246e8ccda666d06befd.zip
solve bug with specialtext and &#39; in identitylink
BKU remove &#39; encoding and response includes '
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java32
1 files changed, 17 insertions, 15 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 762d9af2c..bc3b30334 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -288,15 +288,16 @@ public class CreateXMLSignatureResponseValidator {
}
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
String samlSpecialText = (String)samlAttribute.getValue();
+ samlSpecialText = samlSpecialText.replaceAll("'", "&#39;");
- String text = "";
- try {
+ String text = "";
+ try {
OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
- }
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
@@ -516,22 +517,23 @@ public class CreateXMLSignatureResponseValidator {
}
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
String samlSpecialText = (String)samlAttribute.getValue();
+ samlSpecialText = samlSpecialText.replaceAll("'", "&#39;");
- String text = "";
- try {
- if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText()))
+ String text = "";
+ try {
+ if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText()))
Logger.info("Use addional AuthBlock Text from SSO=" +text);
else
text = new String();
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e);
- }
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e);
+ }
- String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
- if (!samlSpecialText.equals(specialText)) {
- throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
- }
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, identityLink.getName(), identityLink.getDateOfBirth(), identityLink.getIssueInstant());
+ if (!samlSpecialText.equals(specialText)) {
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ }
} else {
throw new ValidateException("validator.35", null);
}