some small update

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-06-06 11:22:42 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-06-06 11:22:42 +0200
commit: 2376b4247adab09ad5e6991ba2a1511a8683bda7 (patch)
tree: ef2aa12eeefd21b64d85f1d10b451069f18357a4 /id/server/modules/moa-id-module-sl20_authentication/src/main/java/at
parent: ac21c6be50070c34dd20abe07e0f95ff33751804 (diff)
download: moa-id-spss-2376b4247adab09ad5e6991ba2a1511a8683bda7.tar.gz
moa-id-spss-2376b4247adab09ad5e6991ba2a1511a8683bda7.tar.bz2
moa-id-spss-2376b4247adab09ad5e6991ba2a1511a8683bda7.zip
3 files changed, 32 insertions, 15 deletions
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
index 0c93e7886..a437e3411 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
@@ -7,7 +7,6 @@ import java.util.List;
 
 import org.jaxen.SimpleNamespaceContext;
 import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
 import org.opensaml.saml2.core.Assertion;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.io.Unmarshaller;
@@ -154,12 +153,7 @@ public class QualifiedeIDVerifier {
 			//parse authBlock into SAML2 Assertion
 			byte[] authBlockBytes = Base64Utils.decode(authblockB64, false);			
 			Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes));			
-				
-			//A-Trust workarounda
-//			Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authblockB64.getBytes()));
-//			Element authBlockDOM = DOMUtils.parseXmlNonValidating(new ByteArrayInputStream(authblockB64.getBytes()));
 			
-			DefaultBootstrap.bootstrap();
 			UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
 			Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM);			 
 			XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM);
@@ -231,8 +225,10 @@ public class QualifiedeIDVerifier {
 				+ " NotBefore:" + notBefore.toString() 
 				+ " NotOrNotAfter:" + notOrNotAfter.toString());
 		
-		if (signingDate.after(notBefore) && signingDate.before(notOrNotAfter))
+		if ((signingDate.after(notBefore) || signingDate.equals(notBefore)) 
+				&& signingDate.before(notOrNotAfter))
 			Logger.debug("Signing date validation successfull");
+			
 		
 		else {
 			Logger.info("AuthBlock signing date does NOT match to AuthBlock constrains");
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index c425ca0a7..b87d614c5 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -102,8 +102,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 						);
 								
 				//String qualeIDReqId = UUID.randomUUID().toString();
-				//TODO: work-Around for A-trust
-				String qualeIDReqId = SAML2Utils.getSecureIdentifier().substring(0, 12);
+				String qualeIDReqId = SAML2Utils.getSecureIdentifier();
 				String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools);
 				JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand);
 								
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index d35d113f9..bb66f452a 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -61,13 +61,11 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
 				
 				if (MiscUtil.isEmpty(sl20Result)) {
-					
-					//TODO: remove
 					//Workaround for SIC Handy-Signature, because it sends result in InputStream
-					String test = StreamUtils.readStream(request.getInputStream(), "UTF-8");					
-					if (MiscUtil.isNotEmpty(test)) {
+					String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8");					
+					if (MiscUtil.isNotEmpty(isReqInput)) {
 						Logger.info("Use SIC Handy-Signature work-around!");
-						sl20Result = test.substring("slcommand=".length());
+						sl20Result = isReqInput.substring("slcommand=".length());
 						
 					} else {					
 						Logger.info("NO SL2.0 commando or result FOUND.");
@@ -244,7 +242,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 		
 		//build first redirect command for app
 		JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
-				authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL), 
+				generateICPRedirectURLForDebugging(), 
 				callCommand, null, true);
 		JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams);
 						
@@ -285,6 +283,30 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 		}
 	}
 
+	/**
+	 * Generates a IPC redirect URL that is configured on IDP side
+	 * 
+	 * @return IPC ReturnURL, or null if no URL is configured
+	 */
+	private String generateICPRedirectURLForDebugging() {
+		final String PATTERN_PENDING_REQ_ID = "#PENDINGREQID#";
+		
+		String ipcRedirectURLConfig = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL);				
+		if (MiscUtil.isNotEmpty(ipcRedirectURLConfig)) {			
+			if (ipcRedirectURLConfig.contains(PATTERN_PENDING_REQ_ID)) {
+				Logger.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... ");
+				ipcRedirectURLConfig = ipcRedirectURLConfig.replaceAll(
+						"#PENDINGREQID#", 
+						MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReq.getRequestID());
+				
+			}
+			
+			return ipcRedirectURLConfig;
+		}
+		
+		return null;
+		
+	}
 	
 	
 }
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-06-06 11:22:42 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-06-06 11:22:42 +0200
commit	2376b4247adab09ad5e6991ba2a1511a8683bda7 (patch)
tree	ef2aa12eeefd21b64d85f1d10b451069f18357a4 /id/server/modules/moa-id-module-sl20_authentication/src/main/java/at
parent	ac21c6be50070c34dd20abe07e0f95ff33751804 (diff)
download	moa-id-spss-2376b4247adab09ad5e6991ba2a1511a8683bda7.tar.gz moa-id-spss-2376b4247adab09ad5e6991ba2a1511a8683bda7.tar.bz2 moa-id-spss-2376b4247adab09ad5e6991ba2a1511a8683bda7.zip