diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-07-16 18:34:17 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-07-16 18:34:17 +0200 |
commit | 43b57a3c903669fc9de36c46e99773bac97a2102 (patch) | |
tree | 1e5cd74c040f79709d0265acb134bb50085848e3 /id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java | |
parent | 05d5c29bb3be38d40484f9c5bb5fdbdc131cba9f (diff) | |
parent | 4ae32fabc822b3c8ed51d380969f7db682d1bfae (diff) | |
download | moa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.tar.gz moa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.tar.bz2 moa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.zip |
Merge branch 'huge_refactoring' into development_preview
# Conflicts:
# id/server/doc/handbook/config/config.html
# id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
# id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
# id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
# id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
Diffstat (limited to 'id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java')
-rw-r--r-- | id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java | 42 |
1 files changed, 17 insertions, 25 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 1d2887e6a..ab9be7163 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -54,31 +54,31 @@ import java.util.List; import javax.xml.bind.DatatypeConverter; import org.jaxen.SimpleNamespaceContext; -import org.springframework.util.Base64Utils; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * @@ -136,18 +136,18 @@ public class CreateXMLSignatureResponseValidator { * @throws BuildException * @throws ConfigurationException */ - public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq, boolean validateTargetFriendlyName) - throws ValidateException, BuildException, ConfigurationException { + public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq) + throws ValidateException, BuildException, ConfigurationException, EAAFBuilderException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); String oaURL = oaParam.getPublicURLPrefix(); IIdentityLink identityLink = session.getIdentityLink(); @Deprecated - String saml1RequestedTarget = pendingReq.getGenericData( + String saml1RequestedTarget = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); @Deprecated - String saml1RequestedFriendlyName = pendingReq.getGenericData( + String saml1RequestedFriendlyName = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); try { @@ -273,16 +273,8 @@ public class CreateXMLSignatureResponseValidator { } String refValueSector = userSectorId.getSecond().substring(MOAIDAuthConstants.PREFIX_CDID.length()) + " (" + sectorName + ")"; - if (!refValueSector.equals((String)samlAttribute.getValue())) { - if (validateTargetFriendlyName) - throw new ValidateException("validator.13", new Object[] {(String)samlAttribute.getValue(), refValueSector}); - - else { - Logger.warn("AuthBlock 'TargetFriendlyName' " + samlAttribute.getValue() + " does not match to " + refValueSector); - - } - - } + if (!refValueSector.equals((String)samlAttribute.getValue())) + throw new ValidateException("validator.13", new Object[] {(String)samlAttribute.getValue(), refValueSector}); } else throw new ValidateException("validator.12", null); @@ -438,7 +430,7 @@ public class CreateXMLSignatureResponseValidator { } catch (Exception e) { SpecificTraceLogger.trace("Validate AuthBlock without SSO"); - SpecificTraceLogger.trace("Signed AuthBlock: " + Base64Utils.encodeToString(session.getAuthBlock().getBytes())); + SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock()); SpecificTraceLogger.trace("OA config: " + oaParam.toString()); SpecificTraceLogger.trace("saml1RequestedTarget: " + saml1RequestedTarget); SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + saml1RequestedFriendlyName); @@ -671,12 +663,12 @@ public class CreateXMLSignatureResponseValidator { } catch (Exception e) { SpecificTraceLogger.trace("Validate AuthBlock with SSO"); - SpecificTraceLogger.trace("Signed AuthBlock: " + Base64Utils.encodeToString(session.getAuthBlock().getBytes())); - SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString()); + SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock()); + SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration().toString()); throw e; } - + } public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException { |