diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-09-19 13:24:22 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-09-19 13:24:22 +0200 |
commit | 83dc74e60a4d9031285ac27aa0661fe0c26485e0 (patch) | |
tree | 10121ca0a4e2d799383a921fbaf72693bb1f7f5f /id/server/idserverlib/src/main/java/at | |
parent | 00677e1478fa2a33ec22b06b5c5180b965e2c9f2 (diff) | |
parent | 4c6e440ba41767653a2082fd92e8eeae6c3a6c1a (diff) | |
download | moa-id-spss-83dc74e60a4d9031285ac27aa0661fe0c26485e0.tar.gz moa-id-spss-83dc74e60a4d9031285ac27aa0661fe0c26485e0.tar.bz2 moa-id-spss-83dc74e60a4d9031285ac27aa0661fe0c26485e0.zip |
Merge branch 'moa-2.1-Snapshot'MOA-SPSS-2.0.2MOA-ID-2.1.1
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
3 files changed, 22 insertions, 13 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 80afd9f82..db36356c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -3,7 +3,6 @@ package at.gv.egovernment.moa.id.auth; -import iaik.cms.ecc.IaikEccProvider; import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; import iaik.security.ecc.provider.ECCProvider; @@ -11,12 +10,9 @@ import iaik.security.provider.IAIK; import java.io.IOException; import java.security.GeneralSecurityException; -import java.security.Security; -import java.util.Properties; import javax.activation.CommandMap; import javax.activation.MailcapCommandMap; -import javax.mail.Session; import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -119,8 +115,8 @@ public class MOAIDAuthInitializer { Logger.warn(MOAIDMessageProvider.getInstance().getMessage( "init.01", null), e); } - - IAIK.addAsProvider(); + + IAIK.addAsProvider(); ECCProvider.addAsProvider(); // Initializes SSLSocketFactory store diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 6e1811c8b..532ccb7ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -63,7 +64,7 @@ public class RedirectServlet extends AuthServlet{ String redirectTarget = DEFAULT_REDIRECTTARGET; try { oa = ConfigurationDBRead.getActiveOnlineApplication(url); - if (oa == null) { + if (oa == null && !url.startsWith(AuthConfigurationProvider.getInstance().getPublicURLPrefix())) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 2b687a0c8..284a77126 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -53,6 +53,7 @@ import iaik.utils.RFC2253NameParserException; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; +import java.security.InvalidKeyException; import java.security.PublicKey; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; @@ -266,14 +267,25 @@ public class VerifyXMLSignatureResponseValidator { } //compare ECDSAPublicKeys - if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) && - (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) { + if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) || + (idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey)) && + ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) || + (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey) ) ) { - ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature; - ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i]; + try { + ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded()); + ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded()); + + if(ecdsakey.equals(ecdsaPubKeySignature)) + found = true; + + } catch (InvalidKeyException e) { + Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e); + throw new ValidateException("validator.09", null); + } - if(ecdsakey.equals(ecdsaPubKeySignature)) - found = true; + + } // Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName() |