aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-11-27 12:18:38 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-11-27 12:18:38 +0100
commitee06b644dbedbe4869de6b926339581a5eefb430 (patch)
tree56bd1e55097d122c0ff0e9befcbe892605c05bc1 /id/server/modules
parent5f2ad9d48b83d5979b1a147190f5177e3327744a (diff)
parentcc09b52b5cb1c93543d8b4353dfc59b8192e79af (diff)
downloadmoa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.tar.gz
moa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.tar.bz2
moa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.zip
Merge branch 'eIDAS_node_implementation' of gitlab.iaik.tugraz.at:egiz/moa-idspss into eIDAS_node_implementation
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java36
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java18
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java47
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java2
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java6
5 files changed, 72 insertions, 37 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 09c64c267..7bb07df74 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -94,24 +94,24 @@ public class ParepUtils {
return str == null || "".equals(str);
}
- /**
- * Reads a XML document from an input stream (namespace-aware).
- *
- * @param is
- * the input stream to read from.
- * @return the read XML document.
- * @throws SZRGWClientException
- * if an error occurs reading the document from the input stream.
- */
- public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
- try {
- DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
- f.setNamespaceAware(true);
- return f.newDocumentBuilder().parse(is);
- } catch (Exception e) {
- throw new SZRGWClientException(e);
- }
- }
+// /**
+// * Reads a XML document from an input stream (namespace-aware).
+// *
+// * @param is
+// * the input stream to read from.
+// * @return the read XML document.
+// * @throws SZRGWClientException
+// * if an error occurs reading the document from the input stream.
+// */
+// public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
+// try {
+// DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
+// f.setNamespaceAware(true);
+// return f.newDocumentBuilder().parse(is);
+// } catch (Exception e) {
+// throw new SZRGWClientException(e);
+// }
+// }
// /*
// *
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index d975b6e0a..74cf665ca 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,10 +22,17 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
import org.apache.xml.security.signature.XMLSignature;
import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.signature.SignatureConstants;
+import at.gv.egovernment.moa.id.data.Trible;
+
/**
* @author tlenz
*
@@ -119,4 +126,15 @@ public class Constants {
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128 + ";" +
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
+ public static final List<URI> NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList<URI>() {
+ private static final long serialVersionUID = 1L;
+ {
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri());
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri());
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri());
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri());
+ }
+ });
+
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1ce900ebb..8fb81082f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.eidas;
import java.io.IOException;
import java.io.StringWriter;
+import java.net.URI;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -62,6 +63,7 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
import eu.eidas.auth.commons.protocol.IResponseMessage;
import eu.eidas.auth.commons.protocol.eidas.IEidasAuthenticationRequest;
@@ -302,7 +304,37 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
}
-
+ //validate service-provider type from eIDAS request
+ String spType = null;
+ if (eIDASSamlReq.getSpType() != null)
+ spType = eIDASSamlReq.getSpType();
+
+ if (MiscUtil.isEmpty(spType))
+ spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
+
+ if (MiscUtil.isNotEmpty(spType))
+ Logger.debug("eIDAS request has SPType:" + spType);
+ else {
+ Logger.warn("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06",
+ new Object[]{"eIDAS request and eIDAS metadata contains NO 'SPType' element."});
+
+ }
+
+ //validate if minimal data-set if it is not fully requested
+ //TODO: must be tested!!!!
+ ImmutableAttributeMap reqAttrList = eIDASSamlReq.getRequestedAttributes();
+ for (URI el : Constants.NATURALPERSONMINIMUMDATASETLIST) {
+ if(reqAttrList.getAttributeValuesByNameUri(el) == null) {
+ Logger.warn("Minimum data-set attribute: " + el + " is not requested.");
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06",
+ new Object[]{"eIDAS request does not contain all attributes of minimum data-set for natural person"});
+
+ }
+ }
+
+
+
//*************************************************
//***** store eIDAS request information *********
//*************************************************
@@ -335,19 +367,6 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
// - memorize OA config
pendingReq.setOnlineApplicationConfiguration(oaConfig);
-
- // - memorize service-provider type from eIDAS request
- String spType = null;
- if (eIDASSamlReq.getSpType() != null)
- spType = eIDASSamlReq.getSpType();
-
- if (MiscUtil.isEmpty(spType))
- spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
-
- if (MiscUtil.isNotEmpty(spType))
- Logger.debug("eIDAS request has SPType:" + spType);
- else
- Logger.info("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
} catch (MOAIDException e) {
Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index b2522ea33..b7c54203f 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -71,7 +71,7 @@ class OAuth20AuthAction implements IAction {
revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
- String code = Random.nextRandom();
+ String code = Random.nextHexRandom32();
try {
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 16b4ba841..dc55df05b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -187,7 +187,7 @@ public class SSOTransferServlet{
Logger.debug("Receive " + this.getClass().getName() + " request");
Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);
if (tokenObj != null && tokenObj instanceof String) {
- String token = (String)tokenObj;
+ String token = StringEscapeUtils.escapeHtml((String)tokenObj);
try {
Logger.debug("Load token:" + token + " from storage.");
SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut * 1000);
@@ -286,7 +286,7 @@ public class SSOTransferServlet{
Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);
if (tokenObj != null && tokenObj instanceof String) {
- String token = (String)tokenObj;
+ String token = StringEscapeUtils.escapeHtml((String)tokenObj);
try {
SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut);
if (container != null) {
@@ -403,8 +403,6 @@ public class SSOTransferServlet{
null);
if (ssomanager.isValidSSOSession(ssoid, null)) {
- //Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);
-
//create first step of SSO Transfer GUI
IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid);