aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
authorKlaus Stranacher <kstranacher@iaik.tugraz.at>2013-09-10 10:43:14 +0200
committerKlaus Stranacher <kstranacher@iaik.tugraz.at>2013-09-10 10:43:14 +0200
commita1bf5db9320090e976bfee9620fb2de3d877a0d1 (patch)
tree8595611fa3f2f222b55bf4ea296572aa3bc592e2 /id/server/idserverlib/src/main/java
parentea55b89c40e633f1bcea3ba8046a814b75370ed6 (diff)
downloadmoa-id-spss-a1bf5db9320090e976bfee9620fb2de3d877a0d1.tar.gz
moa-id-spss-a1bf5db9320090e976bfee9620fb2de3d877a0d1.tar.bz2
moa-id-spss-a1bf5db9320090e976bfee9620fb2de3d877a0d1.zip
Update MOA-ID Specification (appendix)
Bug fix: OA URL escape Verify Country-Code in Foreign Identities Mode (AT login not possible)
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java2
4 files changed, 19 insertions, 9 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 58194361c..84e55435d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -44,7 +44,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
// escape parameter strings
target = StringEscapeUtils.escapeHtml(target);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ //oaURL = StringEscapeUtils.escapeHtml(oaURL);
bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
templateURL = StringEscapeUtils.escapeHtml(templateURL);
useMandate = StringEscapeUtils.escapeHtml(useMandate);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 477d99220..ec05af5a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
/**
* Servlet requested for getting the foreign eID
@@ -158,8 +159,17 @@ public class VerifyCertificateServlet extends AuthServlet {
ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
}
else {
+
+
+ String countrycode = CertificateUtils.getIssuerCountry(cert);
+ if (countrycode != null) {
+ if (countrycode.compareToIgnoreCase("AT") == 0) {
+ Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode.");
+ throw new AuthenticationException("auth.22", null);
+ }
+ }
+
// Foreign Identities Modus
-
String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index ee0b4e7e2..ede5f05d2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -197,12 +197,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
String ilAssertion = "";
if (saml1parameter.isProvideIdentityLink()) {
if (session.getBusinessService()) {
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+ //IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
- Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
- .getSamlAssertion());
-
- ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
+// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
+// .getSamlAssertion());
+//
+// ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
} else {
ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index a310b16ff..309b644d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -72,7 +72,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
HttpServletResponse response, String action) throws MOAIDException {
RequestImpl config = new RequestImpl();
String oaURL = (String) request.getParameter(PARAM_OA);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ //oaURL = StringEscapeUtils.escapeHtml(oaURL);
String target = (String) request.getParameter(PARAM_TARGET);
target = StringEscapeUtils.escapeHtml(target);