diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-03-07 13:58:05 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-03-07 13:58:05 +0100 |
commit | ef72bd803121c3383ca9c8f0dd1c308c04963330 (patch) | |
tree | 87ac848d485cbe9700401f08600c71ff840474e1 /id/ConfigWebTool/src/main/java/at/gv | |
parent | 8d0c3d8aa27084b4c1e195cf06601d0d920d176f (diff) | |
download | moa-id-spss-ef72bd803121c3383ca9c8f0dd1c308c04963330.tar.gz moa-id-spss-ef72bd803121c3383ca9c8f0dd1c308c04963330.tar.bz2 moa-id-spss-ef72bd803121c3383ca9c8f0dd1c308c04963330.zip |
check if InResponseTo match requestID
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index a51709e04..8004ab520 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -278,6 +278,18 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, Response samlResponse = (Response) messageContext.getInboundMessage(); + //ckeck InResponseTo matchs requestID + if (MiscUtil.isEmpty(authID)) { + log.info("NO AuthRequestID"); + return Constants.STRUTS_ERROR; + } + + if (!authID.equals(samlResponse.getInResponseTo())) { + log.warn("PVPRequestID does not match PVP2 Assertion ID!"); + return Constants.STRUTS_ERROR; + + } + Signature sign = samlResponse.getSignature(); if (sign == null) { log.info("Only http POST Requests can be used"); @@ -352,29 +364,9 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, saml2assertions = samlResponse.getAssertions(); } - - - if (MiscUtil.isEmpty(authID)) { - log.info("NO AuthRequestID"); - return Constants.STRUTS_ERROR; - } - + for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { - - Subject subject = saml2assertion.getSubject(); - List<SubjectConfirmation> subjectconformlist = subject.getSubjectConfirmations(); - for (SubjectConfirmation el : subjectconformlist) { - if (el.getMethod().equals(SubjectConfirmation.METHOD_BEARER)) { - SubjectConfirmationData date = el.getSubjectConfirmationData(); - - if (!authID.equals(date.getInResponseTo())) { - log.warn("PVPRequestID does not match PVP2 Assertion ID!"); - return Constants.STRUTS_ERROR; - - } - } - } - + Conditions conditions = saml2assertion.getConditions(); DateTime notbefore = conditions.getNotBefore(); DateTime notafter = conditions.getNotOnOrAfter(); @@ -383,6 +375,13 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, return Constants.STRUTS_ERROR; } + + Subject subject = saml2assertion.getSubject(); + if (subject == null) { + log.warn("Assertion has no Subject element"); + return Constants.STRUTS_ERROR; + + } NameID nameID = subject.getNameID(); if (nameID == null) { |