diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-27 12:18:38 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-27 12:18:38 +0100 |
commit | ee06b644dbedbe4869de6b926339581a5eefb430 (patch) | |
tree | 56bd1e55097d122c0ff0e9befcbe892605c05bc1 /id/server/modules | |
parent | 5f2ad9d48b83d5979b1a147190f5177e3327744a (diff) | |
parent | cc09b52b5cb1c93543d8b4353dfc59b8192e79af (diff) | |
download | moa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.tar.gz moa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.tar.bz2 moa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.zip |
Merge branch 'eIDAS_node_implementation' of gitlab.iaik.tugraz.at:egiz/moa-idspss into eIDAS_node_implementation
Diffstat (limited to 'id/server/modules')
5 files changed, 72 insertions, 37 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 09c64c267..7bb07df74 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -94,24 +94,24 @@ public class ParepUtils { return str == null || "".equals(str); } - /** - * Reads a XML document from an input stream (namespace-aware). - * - * @param is - * the input stream to read from. - * @return the read XML document. - * @throws SZRGWClientException - * if an error occurs reading the document from the input stream. - */ - public static Document readDocFromIs(InputStream is) throws SZRGWClientException { - try { - DocumentBuilderFactory f = DocumentBuilderFactory.newInstance(); - f.setNamespaceAware(true); - return f.newDocumentBuilder().parse(is); - } catch (Exception e) { - throw new SZRGWClientException(e); - } - } +// /** +// * Reads a XML document from an input stream (namespace-aware). +// * +// * @param is +// * the input stream to read from. +// * @return the read XML document. +// * @throws SZRGWClientException +// * if an error occurs reading the document from the input stream. +// */ +// public static Document readDocFromIs(InputStream is) throws SZRGWClientException { +// try { +// DocumentBuilderFactory f = DocumentBuilderFactory.newInstance(); +// f.setNamespaceAware(true); +// return f.newDocumentBuilder().parse(is); +// } catch (Exception e) { +// throw new SZRGWClientException(e); +// } +// } // /* // * diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index d975b6e0a..74cf665ca 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -22,10 +22,17 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas; +import java.net.URI; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + import org.apache.xml.security.signature.XMLSignature; import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.signature.SignatureConstants; +import at.gv.egovernment.moa.id.data.Trible; + /** * @author tlenz * @@ -119,4 +126,15 @@ public class Constants { EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128 + ";" + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256; + public static final List<URI> NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList<URI>() { + private static final long serialVersionUID = 1L; + { + add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri()); + add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri()); + add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri()); + add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri()); + } + }); + + } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 1ce900ebb..8fb81082f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.eidas; import java.io.IOException; import java.io.StringWriter; +import java.net.URI; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -62,6 +63,7 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.protocol.IAuthenticationRequest; import eu.eidas.auth.commons.protocol.IResponseMessage; import eu.eidas.auth.commons.protocol.eidas.IEidasAuthenticationRequest; @@ -302,7 +304,37 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { } - + //validate service-provider type from eIDAS request + String spType = null; + if (eIDASSamlReq.getSpType() != null) + spType = eIDASSamlReq.getSpType(); + + if (MiscUtil.isEmpty(spType)) + spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc); + + if (MiscUtil.isNotEmpty(spType)) + Logger.debug("eIDAS request has SPType:" + spType); + else { + Logger.warn("eIDAS request and eIDAS metadata contains NO 'SPType' element."); + throw new EIDASAuthnRequestProcessingException("eIDAS.06", + new Object[]{"eIDAS request and eIDAS metadata contains NO 'SPType' element."}); + + } + + //validate if minimal data-set if it is not fully requested + //TODO: must be tested!!!! + ImmutableAttributeMap reqAttrList = eIDASSamlReq.getRequestedAttributes(); + for (URI el : Constants.NATURALPERSONMINIMUMDATASETLIST) { + if(reqAttrList.getAttributeValuesByNameUri(el) == null) { + Logger.warn("Minimum data-set attribute: " + el + " is not requested."); + throw new EIDASAuthnRequestProcessingException("eIDAS.06", + new Object[]{"eIDAS request does not contain all attributes of minimum data-set for natural person"}); + + } + } + + + //************************************************* //***** store eIDAS request information ********* //************************************************* @@ -335,19 +367,6 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { // - memorize OA config pendingReq.setOnlineApplicationConfiguration(oaConfig); - - // - memorize service-provider type from eIDAS request - String spType = null; - if (eIDASSamlReq.getSpType() != null) - spType = eIDASSamlReq.getSpType(); - - if (MiscUtil.isEmpty(spType)) - spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc); - - if (MiscUtil.isNotEmpty(spType)) - Logger.debug("eIDAS request has SPType:" + spType); - else - Logger.info("eIDAS request and eIDAS metadata contains NO 'SPType' element."); } catch (MOAIDException e) { Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage()); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b2522ea33..b7c54203f 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -71,7 +71,7 @@ class OAuth20AuthAction implements IAction { revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); - String code = Random.nextRandom(); + String code = Random.nextHexRandom32(); try { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 16b4ba841..dc55df05b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -187,7 +187,7 @@ public class SSOTransferServlet{ Logger.debug("Receive " + this.getClass().getName() + " request"); Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); if (tokenObj != null && tokenObj instanceof String) { - String token = (String)tokenObj; + String token = StringEscapeUtils.escapeHtml((String)tokenObj); try { Logger.debug("Load token:" + token + " from storage."); SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut * 1000); @@ -286,7 +286,7 @@ public class SSOTransferServlet{ Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); if (tokenObj != null && tokenObj instanceof String) { - String token = (String)tokenObj; + String token = StringEscapeUtils.escapeHtml((String)tokenObj); try { SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut); if (container != null) { @@ -403,8 +403,6 @@ public class SSOTransferServlet{ null); if (ssomanager.isValidSSOSession(ssoid, null)) { - //Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); - //create first step of SSO Transfer GUI IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid); |