diff options
author | harald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2006-02-22 16:00:46 +0000 |
---|---|---|
committer | harald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2006-02-22 16:00:46 +0000 |
commit | 83c2f5367b684daa9a66fc44396f95cb281cae01 (patch) | |
tree | c7501d8aabe1e90c5126772b1a791615cf9dd5e2 /id.server/src/at/gv | |
parent | 5d89ce4a4fd8cdba21fb3ae99a8f35837e19005a (diff) | |
download | moa-id-spss-83c2f5367b684daa9a66fc44396f95cb281cae01.tar.gz moa-id-spss-83c2f5367b684daa9a66fc44396f95cb281cae01.tar.bz2 moa-id-spss-83c2f5367b684daa9a66fc44396f95cb281cae01.zip |
Alle Xpath-Ausdrücke entfernt; Check, ob Name und Geburtsdatum
mit den entprechenden Werten aus der Personenbindung
übereinstimmen, eingebaut
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@629 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/at/gv')
-rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java | 82 |
1 files changed, 44 insertions, 38 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 2eafaa297..7693c3170 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -1,12 +1,13 @@ package at.gv.egovernment.moa.id.auth.validator; import org.w3c.dom.Element; +import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; /** * @@ -17,24 +18,6 @@ import at.gv.egovernment.moa.util.XPathUtils; * @version $Id$ */ public class CreateXMLSignatureResponseValidator { - - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = Constants.SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** Xpath expression to the SAML:Assertion element */ - private static final String ROOT = SAML + "Assertion"; - /** Xpath expression to the SAML:NameIdentifier element */ - private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = - SAML + "AttributeStatement/" + SAML + "Subject/" + - SAML + "NameIdentifier"; - /** Xpath expression to the SAML:Attribute element */ - private static final String SAML_ATTRIBUTE_XPATH = - ROOT + "/" + SAML + "AttributeStatement/" + SAML + "Attribute"; - /** Xpath expression to the SAML:AttributeValue element */ - private static final String SAML_ATTRIBUTE_VALUE_XPATH = - SAML + "AttributeValue"; - /** Singleton instance. <code>null</code>, if none has been created. */ private static CreateXMLSignatureResponseValidator instance; @@ -69,52 +52,75 @@ public class CreateXMLSignatureResponseValidator { String oaURL = session.getPublicOAURLPrefix(); boolean businessService = session.getBusinessService(); -// XPathUtils.selectNodeList(createXMLSignatureResponse.getSamlAssertion(),SAML_SUBJECT_NAME_IDENTIFIER_XPATH); + IdentityLink identityLink = session.getIdentityLink(); + + String issuer = createXMLSignatureResponse.getSamlAssertion().getAttribute("Issuer"); + if (issuer == null) { + // should not happen, because parser would dedect this + throw new ValidateException("validator.32", null); + } + String name = identityLink.getName(); + if (!issuer.equals(name)) { + throw new ValidateException("validator.33", new Object[] {issuer, name}); + } + - SAMLAttribute[] samlattributes = createXMLSignatureResponse.getSamlAttributes(); + SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes(); boolean foundOA = false; boolean foundGB = false; boolean foundWBPK = false; - for (int i = 0; i < samlattributes.length; i++) { - if (samlattributes[i].getName().equals("Geschaeftsbereich")) { + for (int i = 0; i < samlAttributes.length; i++) { + SAMLAttribute samlAttribute = samlAttributes[i]; + if (samlAttribute.getName().equals("Geschaeftsbereich")) { if (businessService) { throw new ValidateException("validator.26", null); } - if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { foundGB = true; - if (!gbTarget.equals((String)samlattributes[i].getValue())) { + if (!gbTarget.equals((String)samlAttribute.getValue())) { throw new ValidateException("validator.13", null); } } else { throw new ValidateException("validator.12", null); } } - if (samlattributes[i].getName().equals("OA")) { - if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + if (samlAttribute.getName().equals("OA")) { + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { foundOA = true; - if (!oaURL.equals((String)samlattributes[i].getValue())) { // CHECKS für die AttributeVALUES fehlen noch - throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlattributes[i].getValue()}); + if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch + throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); } } else { throw new ValidateException("validator.15", null); } } - if (samlattributes[i].getName().equals("wbPK")) { + if (samlAttribute.getName().equals("Geburtsdatum")) { + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlDateOfBirth = (String)samlAttribute.getValue(); + String dateOfBirth = identityLink.getDateOfBirth(); + if (!samlDateOfBirth.equals(dateOfBirth)) { + throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth}); + } + } else { + throw new ValidateException("validator.35", null); + } + } + if (samlAttribute.getName().equals("wbPK")) { if (!businessService) { throw new ValidateException("validator.27", null); } - if (samlattributes[i].getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { foundWBPK = true; try { - Element attrValue = (Element)samlattributes[i].getValue(); + Element attrValue = (Element)samlAttribute.getValue(); String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue(); String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue(); - if (!value.equals(session.getIdentityLink().getIdentificationValue())) { + if (!value.equals(identityLink.getIdentificationValue())) { throw new ValidateException("validator.28", null); } - if (!type.equals(session.getIdentityLink().getIdentificationType())) { + if (!type.equals(identityLink.getIdentificationType())) { throw new ValidateException("validator.28", null); } } catch (Exception ex) { @@ -134,9 +140,9 @@ public class CreateXMLSignatureResponseValidator { } //Check if dsig:Signature exists - Element dsigSignature = (Element) XPathUtils.selectSingleNode(createXMLSignatureResponse.getSamlAssertion(),DSIG + "Signature"); - if (dsigSignature==null) throw new ValidateException("validator.05", null); - - + NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); + if (nl.getLength() != 1) { + throw new ValidateException("validator.05", null); + } } } |