aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-09-19 13:24:22 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-09-19 13:24:22 +0200
commit83dc74e60a4d9031285ac27aa0661fe0c26485e0 (patch)
tree10121ca0a4e2d799383a921fbaf72693bb1f7f5f /id/server/idserverlib/src/main/java
parent00677e1478fa2a33ec22b06b5c5180b965e2c9f2 (diff)
parent4c6e440ba41767653a2082fd92e8eeae6c3a6c1a (diff)
downloadmoa-id-spss-83dc74e60a4d9031285ac27aa0661fe0c26485e0.tar.gz
moa-id-spss-83dc74e60a4d9031285ac27aa0661fe0c26485e0.tar.bz2
moa-id-spss-83dc74e60a4d9031285ac27aa0661fe0c26485e0.zip
Merge branch 'moa-2.1-Snapshot'MOA-SPSS-2.0.2MOA-ID-2.1.1
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java24
3 files changed, 22 insertions, 13 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 80afd9f82..db36356c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -3,7 +3,6 @@
package at.gv.egovernment.moa.id.auth;
-import iaik.cms.ecc.IaikEccProvider;
import iaik.pki.PKIException;
import iaik.pki.jsse.IAIKX509TrustManager;
import iaik.security.ecc.provider.ECCProvider;
@@ -11,12 +10,9 @@ import iaik.security.provider.IAIK;
import java.io.IOException;
import java.security.GeneralSecurityException;
-import java.security.Security;
-import java.util.Properties;
import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
-import javax.mail.Session;
import javax.net.ssl.SSLSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -119,8 +115,8 @@ public class MOAIDAuthInitializer {
Logger.warn(MOAIDMessageProvider.getInstance().getMessage(
"init.01", null), e);
}
-
- IAIK.addAsProvider();
+
+ IAIK.addAsProvider();
ECCProvider.addAsProvider();
// Initializes SSLSocketFactory store
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 6e1811c8b..532ccb7ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -63,7 +64,7 @@ public class RedirectServlet extends AuthServlet{
String redirectTarget = DEFAULT_REDIRECTTARGET;
try {
oa = ConfigurationDBRead.getActiveOnlineApplication(url);
- if (oa == null) {
+ if (oa == null && !url.startsWith(AuthConfigurationProvider.getInstance().getPublicURLPrefix())) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 2b687a0c8..284a77126 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -53,6 +53,7 @@ import iaik.utils.RFC2253NameParserException;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
+import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
@@ -266,14 +267,25 @@ public class VerifyXMLSignatureResponseValidator {
}
//compare ECDSAPublicKeys
- if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) &&
- (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) {
+ if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) ||
+ (idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey)) &&
+ ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) ||
+ (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey) ) ) {
- ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature;
- ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i];
+ try {
+ ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded());
+ ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded());
+
+ if(ecdsakey.equals(ecdsaPubKeySignature))
+ found = true;
+
+ } catch (InvalidKeyException e) {
+ Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e);
+ throw new ValidateException("validator.09", null);
+ }
- if(ecdsakey.equals(ecdsaPubKeySignature))
- found = true;
+
+
}
// Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName()