diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-27 12:18:38 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-27 12:18:38 +0100 |
commit | ee06b644dbedbe4869de6b926339581a5eefb430 (patch) | |
tree | 56bd1e55097d122c0ff0e9befcbe892605c05bc1 /id/server | |
parent | 5f2ad9d48b83d5979b1a147190f5177e3327744a (diff) | |
parent | cc09b52b5cb1c93543d8b4353dfc59b8192e79af (diff) | |
download | moa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.tar.gz moa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.tar.bz2 moa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.zip |
Merge branch 'eIDAS_node_implementation' of gitlab.iaik.tugraz.at:egiz/moa-idspss into eIDAS_node_implementation
Diffstat (limited to 'id/server')
19 files changed, 284 insertions, 834 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index e396433e4..dcf337213 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -254,7 +254,8 @@ public abstract class AbstractController extends MOAIDAuthConstants { //add stacktrace if debug is enabled if (Logger.isTraceEnabled()) { - config.putCustomParameter("stacktrace", getStacktraceFromException(error)); + config.putCustomParameter("stacktrace", + StringEscapeUtils.escapeHtml(getStacktraceFromException(error))); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index a146f778e..19f3fdc54 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -28,6 +28,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.saml2.metadata.SingleLogoutService; import org.springframework.beans.factory.annotation.Autowired; @@ -93,9 +94,9 @@ public class IDPSingleLogOutServlet extends AbstractController { String ssoid = ssoManager.getSSOSessionID(req); - Object restartProcessObj = req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART); + Object restartProcessObj = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART)); - Object tokkenObj = req.getParameter(MOAIDAuthConstants.PARAM_SLOSTATUS); + Object tokkenObj = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_SLOSTATUS)); String tokken = null; String status = null; if (tokkenObj != null && tokkenObj instanceof String) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index be511d888..a7f911845 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -65,7 +65,7 @@ public class RedirectServlet { Logger.debug("Receive " + RedirectServlet.class + " Request"); String url = req.getParameter(REDIRCT_PARAM_URL); - String target = req.getParameter(MOAIDAuthConstants.PARAM_TARGET); + String target = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_TARGET)); String artifact = req.getParameter(MOAIDAuthConstants.PARAM_SAMLARTIFACT); String interIDP = req.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index aff2c83ad..3770dad2f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -161,7 +161,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { Logger.info("Remove active user-session"); if(internalMOASsoSessionID == null) { - internalMOASsoSessionID = (String) request.getParameter(PARAM_SESSIONID); + internalMOASsoSessionID = StringEscapeUtils.escapeHtml((String) request.getParameter(PARAM_SESSIONID)); } if(internalMOASsoSessionID == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java index 0f9b615a4..aebcf372e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -27,6 +27,7 @@ import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -51,7 +52,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { //read pendingRequest from http request - Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); + Object idObject = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID)); IRequest pendingReq = null; String pendingRequestID = null; if (idObject != null && (idObject instanceof String)) { @@ -61,7 +62,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon } //receive an authentication error - String errorid = req.getParameter(ERROR_CODE_PARAM); + String errorid = StringEscapeUtils.escapeHtml(req.getParameter(ERROR_CODE_PARAM)); if (errorid != null) { try { //load stored exception from database diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java deleted file mode 100644 index d715b8b7b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java +++ /dev/null @@ -1,48 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.utils; - -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; - -public class Digester { - public static String byteArrayToHexString(byte[] b) { - String result = ""; - for (int i=0; i < b.length; i++) { - result += - Integer.toString( ( b[i] & 0xff ) + 0x100, 16).substring( 1 ); - } - return result; - } - - public static String toSHA1(byte[] convertme) { - MessageDigest md = null; - try { - md = MessageDigest.getInstance("SHA-1"); - } - catch(NoSuchAlgorithmException e) { - e.printStackTrace(); - } - return byteArrayToHexString(md.digest(convertme)); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java deleted file mode 100644 index c40731576..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java +++ /dev/null @@ -1,323 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.utils; - -import java.io.*; -import javax.xml.parsers.*; -import javax.xml.transform.*; -import javax.xml.transform.dom.*; -import javax.xml.transform.stream.*; - -import org.w3c.dom.Document; - -import org.xml.sax.*; -import org.xml.sax.helpers.*; - - -/** -This class "pretty prints" an XML stream to something more human-readable. -It duplicates the character content with some modifications to whitespace, -restoring line breaks and a simple pattern of indenting child elements. - -This version of the class acts as a SAX 2.0 <code>DefaultHandler</code>, -so to provide the unformatted XML just pass a new instance to a SAX parser. -Its output is via the {@link #toString toString} method. - -One major limitation: we gather character data for elements in a single -buffer, so mixed-content documents will lose a lot of data! This works -best with data-centric documents where elements either have single values -or child elements, but not both. - -@author Will Provost -*/ -/* -Copyright 2002-2003 by Will Provost. -All rights reserved. -*/ -public class PrettyPrinter - extends DefaultHandler -{ - /** - Convenience method to wrap pretty-printing SAX pass over existing content. - */ - public static String prettyPrint (byte[] content) - { - try - { - PrettyPrinter pretty = new PrettyPrinter (); - SAXParserFactory factory = SAXParserFactory.newInstance (); - factory.setFeature - ("http://xml.org/sax/features/namespace-prefixes", true); - factory.newSAXParser ().parse - (new ByteArrayInputStream (content), pretty); - return pretty.toString (); - } - catch (Exception ex) - { - ex.printStackTrace (); - return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + - ex.getMessage () + "\""; - } - } - - /** - Convenience method to wrap pretty-printing SAX pass over existing content. - */ - public static String prettyPrint (String content) - { - try - { - PrettyPrinter pretty = new PrettyPrinter (); - SAXParserFactory factory = SAXParserFactory.newInstance (); - factory.setFeature - ("http://xml.org/sax/features/namespace-prefixes", true); - factory.newSAXParser ().parse (content, pretty); - return pretty.toString (); - } - catch (Exception ex) - { - ex.printStackTrace (); - return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + - ex.getMessage () + "\""; - } - } - - /** - Convenience method to wrap pretty-printing SAX pass over existing content. - */ - public static String prettyPrint (InputStream content) - { - try - { - PrettyPrinter pretty = new PrettyPrinter (); - SAXParserFactory factory = SAXParserFactory.newInstance (); - factory.setFeature - ("http://xml.org/sax/features/namespace-prefixes", true); - factory.newSAXParser ().parse (content, pretty); - return pretty.toString (); - } - catch (Exception ex) - { - ex.printStackTrace (); - return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + - ex.getMessage () + "\""; - } - } - - /** - Convenience method to wrap pretty-printing SAX pass over existing content. - */ - public static String prettyPrint (Document doc) - throws TransformerException - { - try - { - ByteArrayOutputStream buffer = new ByteArrayOutputStream (); - TransformerFactory.newInstance ().newTransformer() - .transform (new DOMSource (doc), new StreamResult (buffer)); - byte[] rawResult = buffer.toByteArray (); - buffer.close (); - - return prettyPrint (rawResult); - } - catch (Exception ex) - { - ex.printStackTrace (); - return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + - ex.getMessage () + "\""; - } - } - - public static class StreamAdapter - extends OutputStream - { - public StreamAdapter (Writer finalDestination) - { - this.finalDestination = finalDestination; - } - - public void write (int b) - { - out.write (b); - } - - public void flushPretty () - throws IOException - { - PrintWriter finalPrinter = new PrintWriter (finalDestination); - finalPrinter.println - (PrettyPrinter.prettyPrint (out.toByteArray ())); - finalPrinter.close (); - out.close (); - } - - private ByteArrayOutputStream out = new ByteArrayOutputStream (); - Writer finalDestination; - } - - /** - Call this to get the formatted XML post-parsing. - */ - public String toString () - { - return output.toString (); - } - - /** - Prints the XML declaration. - */ - public void startDocument () - throws SAXException - { - output.append ("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>") - .append (endLine); - } - - /** - Prints a blank line at the end of the reformatted document. - */ - public void endDocument () throws SAXException - { - output.append (endLine); - } - - /** - Writes the start tag for the element. - Attributes are written out, one to a text line. Starts gathering - character data for the element. - */ - public void startElement - (String URI, String name, String qName, Attributes attributes) - throws SAXException - { - if (justHitStartTag) - output.append ('>'); - - output.append (endLine) - .append (indent) - .append ('<') - .append (qName); - - int length = attributes.getLength (); - for (int a = 0; a < length; ++a) - output.append (endLine) - .append (indent) - .append (standardIndent) - .append (attributes.getQName (a)) - .append ("=\"") - .append (attributes.getValue (a)) - .append ('\"'); - - if (length > 0) - output.append (endLine) - .append (indent); - - indent += standardIndent; - currentValue = new StringBuffer (); - justHitStartTag = true; - } - - /** - Checks the {@link #currentValue} buffer to gather element content. - Writes this out if it is available. Writes the element end tag. - */ - public void endElement (String URI, String name, String qName) - throws SAXException - { - indent = indent.substring - (0, indent.length () - standardIndent.length ()); - - if (currentValue == null) - output.append (endLine) - .append (indent) - .append ("</") - .append (qName) - .append ('>'); - else if (currentValue.length () != 0) - output.append ('>') - .append (currentValue.toString ()) - .append ("</") - .append (qName) - .append ('>'); - else - output.append ("/>"); - - currentValue = null; - justHitStartTag = false; - } - - /** - When the {@link #currentValue} buffer is enabled, appends character - data into it, to be gathered when the element end tag is encountered. - */ - public void characters (char[] chars, int start, int length) - throws SAXException - { - if (currentValue != null) - currentValue.append (escape (chars, start, length)); - } - - /** - Filter to pass strings to output, escaping <b><</b> and <b>&</b> - characters to &lt; and &amp; respectively. - */ - private static String escape (char[] chars, int start, int length) - { - StringBuffer result = new StringBuffer (); - for (int c = start; c < start + length; ++c) - if (chars[c] == '<') - result.append ("<"); - else if (chars[c] == '&') - result.append ("&"); - else - result.append (chars[c]); - - return result.toString (); - } - - /** - This whitespace string is expanded and collapsed to manage the output - indenting. - */ - private String indent = ""; - - /** - A buffer for character data. It is "enabled" in - {@link #startElement startElement} by being initialized to a - new <b>StringBuffer</b>, and then read and reset to - <code>null</code> in {@link #endElement endElement}. - */ - private StringBuffer currentValue = null; - - /** - The primary buffer for accumulating the formatted XML. - */ - private StringBuffer output = new StringBuffer (); - - private boolean justHitStartTag; - - private static final String standardIndent = " "; - private static final String endLine = - System.getProperty ("line.separator"); -} - diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java deleted file mode 100644 index d87d510fa..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java +++ /dev/null @@ -1,143 +0,0 @@ -/**
- *
- */
-package at.gv.egovernment.moa.id.util;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.Reader;
-import java.io.StringReader;
-import java.io.StringWriter;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-/**
- * Helper class for XML processing
- * @author bzwattendorfer
- *
- */
-public class XMLUtil {
-
- /**
- * Transforms a string representation to a DOM representation
- * @param xmlString XML as string
- * @return DOM representation of String
- * @throws ParserConfigurationException
- * @throws SAXException
- * @throws IOException
- */
- public static Element stringToDOM(String xmlString) throws ParserConfigurationException, SAXException, IOException {
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
-
- DocumentBuilder builder = dbf.newDocumentBuilder();
-
- Reader reader = new StringReader(xmlString);
- InputSource src = new InputSource(reader);
- Document domDoc = builder.parse(src);
- return domDoc.getDocumentElement();
- }
-
- /**
- * Creates a new and empty XML document
- * @return New XML document
- * @throws ParserConfigurationException
- */
- public static Document createNewDocument() throws ParserConfigurationException {
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
-
- DocumentBuilder builder = dbf.newDocumentBuilder();
- return builder.newDocument();
- }
-
- /**
- * Transforms an XML to a String
- * @param node XML node
- * @return String represenation of XML
- */
- public static String printXML(Node node) {
- TransformerFactory tfactory = TransformerFactory.newInstance();
- Transformer serializer;
- try {
- serializer = tfactory.newTransformer();
-
- serializer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- serializer.setOutputProperty(OutputKeys.ENCODING,"UTF-8");
-
- StringWriter output = new StringWriter();
- serializer.transform(new DOMSource(node), new StreamResult(output));
- return output.toString();
- } catch (TransformerException e) {
-
- throw new RuntimeException(e);
- }
- }
-
- /**
- * Writes an XML element to a given file
- * @param doc XML element
- * @param filename Filename of the file where to write XML
- */
- public static void writeXmlFile(Element doc, String filename) {
- try {
-
- Source source = new DOMSource(doc);
- File file = new File(filename);
- Result result = new StreamResult(file);
-
- Transformer xformer = TransformerFactory.newInstance().newTransformer();
- xformer.transform(source, result);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- /**
- * Gets the first text value of a NodeList
- * @param nList NodeList
- * @return first text value of a NodeList
- */
- public static String getFirstTextValueFromNodeList(NodeList nList) {
- if (nList != null && nList.getLength() != 0) {
- return nList.item(0).getTextContent();
- }
- return null;
- }
-
- /**
- * Gets the first element of a Node
- * @param parent Node
- * @return first element of a Node
- */
- public static Element getFirstElement(Node parent) {
- Node n = parent.getFirstChild();
- while (n != null && n.getNodeType() != Node.ELEMENT_NODE) {
- n = n.getNextSibling();
- }
- if (n == null) {
- return null;
- }
- return (Element)n;
- }
-
-
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java index 4e8c7dffd..32dd97148 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java @@ -1,103 +1,103 @@ -package at.gv.egovernment.moa.id.commons.config; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; - -import javax.xml.bind.JAXBException; - -import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI; -import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams; - -/** - * CLI tool which is able to perform the following tasks: - * <ul> - * <li>transform a MoaID 2 XML configuration XML file to a MoaID 3 property file - * </li> - * <li>read a property file and transfer it's content to a database</li> - * <li>write the content of a database to a property file</li> - * </ul> - */ -public class MigrateConfiguration { - - public static void main(String[] args) { - - MOAIDConfCLI cli = new MOAIDConfCLI(); - MigrateConfigurationParams parsedParameters = cli.parse(args); - - // consider settings of force switch - boolean isOverwriteData = parsedParameters.isOverwriteData(); - ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData); - - if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) { - // read input from file - workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil); - - } else if (parsedParameters.getInputDBConfig() != null) { - // read input from database - workWithImputFromDB(parsedParameters, configUtil); - - } else { - System.exit(1); - } - } - - /** - * Handle the case where input from a file is read. - * - * @param inputFileUrl - * the url of the input file. - * @param parsedParameters - * the command line parameters. - * @param configUtil - * the class for working with the configuration. - */ - private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters, - ConfigurationUtil configUtil) { - File inFile = new File(inputFileUrl); - try (FileInputStream inStream = new FileInputStream(inFile);) { - - if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) { - // input from file and output to a file is desired - File outFile = new File(parsedParameters.getOutputFile()); - configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile); - - } else if (parsedParameters.getOutputDBConfig() != null) { - // input from file and output to a database is desired - configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig()); - } - } catch (JAXBException e) { - System.out.println("MOA-ID XML configuration can not be loaded from given file."); - System.exit(1); - } catch (FileNotFoundException e) { - System.out.println("Could not find the input file."); - System.exit(1); - } catch (IOException e) { - System.out.println("Could not read from the input file."); - System.exit(1); - } - } - - /** - * Handle the case where input is read from a database. - * - * @param parsedParameters - * the command line parameters. - * @param configUtil - * the class for working with the configuration. - */ - private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) { - if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) { - // input from database and output to a file is desired - File outFile = new File(parsedParameters.getOutputFile()); - String inputDBConfigFilePath = parsedParameters.getInputDBConfig(); - configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile); - - } else if (parsedParameters.getOutputDBConfig() != null) { - // input from database and output to a database is desired - // configUtil.readFromDBWriteToDB(inDBConfigFilePath, - // outDBConfigFilePath); - } - } -}
\ No newline at end of file +//package at.gv.egovernment.moa.id.commons.config; +// +//import java.io.File; +//import java.io.FileInputStream; +//import java.io.FileNotFoundException; +//import java.io.IOException; +// +//import javax.xml.bind.JAXBException; +// +//import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI; +//import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams; +// +///** +// * CLI tool which is able to perform the following tasks: +// * <ul> +// * <li>transform a MoaID 2 XML configuration XML file to a MoaID 3 property file +// * </li> +// * <li>read a property file and transfer it's content to a database</li> +// * <li>write the content of a database to a property file</li> +// * </ul> +// */ +//public class MigrateConfiguration { +// +// public static void main(String[] args) { +// +// MOAIDConfCLI cli = new MOAIDConfCLI(); +// MigrateConfigurationParams parsedParameters = cli.parse(args); +// +// // consider settings of force switch +// boolean isOverwriteData = parsedParameters.isOverwriteData(); +// ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData); +// +// if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) { +// // read input from file +// workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil); +// +// } else if (parsedParameters.getInputDBConfig() != null) { +// // read input from database +// workWithImputFromDB(parsedParameters, configUtil); +// +// } else { +// System.exit(1); +// } +// } +// +// /** +// * Handle the case where input from a file is read. +// * +// * @param inputFileUrl +// * the url of the input file. +// * @param parsedParameters +// * the command line parameters. +// * @param configUtil +// * the class for working with the configuration. +// */ +// private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters, +// ConfigurationUtil configUtil) { +// File inFile = new File(inputFileUrl); +// try (FileInputStream inStream = new FileInputStream(inFile);) { +// +// if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) { +// // input from file and output to a file is desired +// File outFile = new File(parsedParameters.getOutputFile()); +// configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile); +// +// } else if (parsedParameters.getOutputDBConfig() != null) { +// // input from file and output to a database is desired +// configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig()); +// } +// } catch (JAXBException e) { +// System.out.println("MOA-ID XML configuration can not be loaded from given file."); +// System.exit(1); +// } catch (FileNotFoundException e) { +// System.out.println("Could not find the input file."); +// System.exit(1); +// } catch (IOException e) { +// System.out.println("Could not read from the input file."); +// System.exit(1); +// } +// } +// +// /** +// * Handle the case where input is read from a database. +// * +// * @param parsedParameters +// * the command line parameters. +// * @param configUtil +// * the class for working with the configuration. +// */ +// private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) { +// if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) { +// // input from database and output to a file is desired +// File outFile = new File(parsedParameters.getOutputFile()); +// String inputDBConfigFilePath = parsedParameters.getInputDBConfig(); +// configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile); +// +// } else if (parsedParameters.getOutputDBConfig() != null) { +// // input from database and output to a database is desired +// // configUtil.readFromDBWriteToDB(inDBConfigFilePath, +// // outDBConfigFilePath); +// } +// } +//}
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java index 0479b1bc1..bdadf681d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -34,6 +34,7 @@ import java.util.Arrays; import java.util.List; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; @@ -50,6 +51,7 @@ import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; import iaik.pki.PKIException; +import sun.security.ssl.ProtocolVersion; /** * @author tlenz @@ -188,6 +190,19 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory if (socket instanceof SSLSocket) { SSLSocket sslSocket = (SSLSocket)socket; +/*TODO +* Set allowed ProtocolVersions into SSLSocket to support TLSv1.1 and TLSv1.2 in JAVA 7 +* Therefore, we had do manually set the TLS1.2 protocol support into SSLParameters +* from SSL socket. Maybe, there is an additional validation required if TLSv1.2 is +* supported in principle by currently used JAVA version. +*/ +// SSLParameters test = ((SSLSocket) socket).getSSLParameters(); +// List<String> enabledProtocols = Arrays.asList(test.getProtocols()); +// if (enabledProtocols.contains(ProtocolVersion.TLS11.name)) { +// +// } +// sslSocket.setSSLParameters(test); + //verify Hostname verifyHostName(sslSocket); @@ -208,7 +223,14 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory */ private void verifyHostName(SSLSocket sslSocket) throws SSLException{ if (verifyHostName) { + SSLSession session = sslSocket.getSession(); + if ("SSL_NULL_WITH_NULL_NULL".equals(session.getCipherSuite())) { + Logger.warn("SSL connection can NOT established."); + throw new SSLException("SSL connection can NOT established."); + + } + String hostName = session.getPeerHost(); Certificate[] certs = null; @@ -254,6 +276,12 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory * @return {@link SSLSocket} with Ciphersuites */ private SSLSocket setEnabledSslCiphers(SSLSocket sslSocket) { + /*TODO: + * This implementation currently not work fine, because not all ciphers from + * 'https.cipherSuites' SystemProperty had to be supported by current JAVA version + * Add an validation step to check the allowed cipherSuites against the currently + * supported cipher suites and only add the matching set of ciphers + */ String systemProp = System.getProperty("https.cipherSuites"); if (MiscUtil.isNotEmpty(systemProp)) { try { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java index a70d62e1e..3291f8a15 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java @@ -53,40 +53,40 @@ public class FileUtils { in.close(); return content; } - /** - * Reads a file, given by URL, into a String. - * @param urlString file URL - * @param encoding character encoding - * @return file content - * @throws IOException on any exception thrown - */ - public static String readURL(String urlString, String encoding) throws IOException { - byte[] content = readURL(urlString); - return new String(content, encoding); - } - /** - * Reads a file, given by filename, into a byte array. - * @param filename filename - * @return file content - * @throws IOException on any exception thrown - */ - public static byte[] readFile(String filename) throws IOException { - BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename)); - byte[] content = StreamUtils.readStream(in); - in.close(); - return content; - } - /** - * Reads a file, given by filename, into a String. - * @param filename filename - * @param encoding character encoding - * @return file content - * @throws IOException on any exception thrown - */ - public static String readFile(String filename, String encoding) throws IOException { - byte[] content = readFile(filename); - return new String(content, encoding); - } +// /** +// * Reads a file, given by URL, into a String. +// * @param urlString file URL +// * @param encoding character encoding +// * @return file content +// * @throws IOException on any exception thrown +// */ +// public static String readURL(String urlString, String encoding) throws IOException { +// byte[] content = readURL(urlString); +// return new String(content, encoding); +// } +// /** +// * Reads a file, given by filename, into a byte array. +// * @param filename filename +// * @return file content +// * @throws IOException on any exception thrown +// */ +// public static byte[] readFile(String filename) throws IOException { +// BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename)); +// byte[] content = StreamUtils.readStream(in); +// in.close(); +// return content; +// } +// /** +// * Reads a file, given by filename, into a String. +// * @param filename filename +// * @param encoding character encoding +// * @return file content +// * @throws IOException on any exception thrown +// */ +// public static String readFile(String filename, String encoding) throws IOException { +// byte[] content = readFile(filename); +// return new String(content, encoding); +// } /** * Reads a file from a resource. * @param name resource name diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java index 3d28f4f2b..38dcafcc0 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java @@ -126,33 +126,33 @@ public class KeyStoreUtils { } return ks; } - /** - * Creates a key store from a directory containg X509 certificate files, - * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>. - * All the files in the directory are considered to be certificates. - * - * @param keyStoreType key store type - * @param certDirURLString file URL of directory containing certificate filenames - * @return key store created - * @throws IOException thrown while reading the certificates from file - * @throws GeneralSecurityException thrown while creating the key store - */ - public static KeyStore createKeyStoreFromCertificateDirectory( - String keyStoreType, - String certDirURLString) - throws IOException, GeneralSecurityException { - - URL certDirURL = new URL(certDirURLString); - String certDirname = certDirURL.getFile(); - File certDir = new File(certDirname); - String[] certFilenames = certDir.list(); - String separator = - (certDirname.endsWith(File.separator) ? "" : File.separator); - for (int i = 0; i < certFilenames.length; i++) { - certFilenames[i] = certDirname + separator + certFilenames[i]; - } - return createKeyStore(keyStoreType, certFilenames); - } +// /** +// * Creates a key store from a directory containg X509 certificate files, +// * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>. +// * All the files in the directory are considered to be certificates. +// * +// * @param keyStoreType key store type +// * @param certDirURLString file URL of directory containing certificate filenames +// * @return key store created +// * @throws IOException thrown while reading the certificates from file +// * @throws GeneralSecurityException thrown while creating the key store +// */ +// public static KeyStore createKeyStoreFromCertificateDirectory( +// String keyStoreType, +// String certDirURLString) +// throws IOException, GeneralSecurityException { +// +// URL certDirURL = new URL(certDirURLString); +// String certDirname = certDirURL.getFile(); +// File certDir = new File(certDirname); +// String[] certFilenames = certDir.list(); +// String separator = +// (certDirname.endsWith(File.separator) ? "" : File.separator); +// for (int i = 0; i < certFilenames.length; i++) { +// certFilenames[i] = certDirname + separator + certFilenames[i]; +// } +// return createKeyStore(keyStoreType, certFilenames); +// } /** * Loads an X509 certificate from file. diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java deleted file mode 100644 index e3f8f75a1..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -/* - * Created on 26.04.2004 - * - * @author rschamberger - * $ID$ - */ -package at.gv.egovernment.moa.util; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * utility functions to write XML data to files - * @author rschamberger - * @version $Id$ - */ -public class OutputXML2File { - - /** - * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8) - * - * @param filename file name - * @param rootElem root element in DOM tree - * @param hierarchy of the Logger - */ - public static void debugOutputXML2File(String filename, Element rootElem, String hierarchy) { - if (Logger.isDebugEnabled(hierarchy)) { - outputXML2File(filename, rootElem); - } - } - - /** - * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8) - * - * @param filename file name - * @param xmlString XML string - * @param hierarchy of the Logger - */ - public static void debugOutputXML2File(String filename, String xmlString, String hierarchy) { - if (Logger.isDebugEnabled(hierarchy)) { - outputXML2File(filename, xmlString); - } - } - - /** - * writes an XML structure to file (Encoding: UTF-8) - * - * @param filename file name - * @param rootElem root element in DOM tree - */ - public static void outputXML2File(String filename, Element rootElem) { - try { - String xmlString = new String(DOMUtils.serializeNode(rootElem)); - outputXML2File(filename, xmlString); - } catch (Exception ex) { - ex.printStackTrace(); - } - } - - /** - * writes an XML structure to file (Encoding: UTF-8) - * - * @param filename file name - * @param xmlString XML string - */ - public static void outputXML2File(String filename, String xmlString) { - try { - java.io.OutputStream fout = new java.io.FileOutputStream(filename); - byte[] xmlData = xmlString.getBytes("UTF-8"); - fout.write(xmlData); - fout.close(); - } catch (Exception ex) { - ex.printStackTrace(); - } - } - -} diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java index 2433eca89..be5581139 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java @@ -75,16 +75,16 @@ public class KeyStoreUtilsTest extends TestCase { X509Certificate cert = (X509Certificate)ks.getCertificate("0"); assertEquals(3424, cert.getSerialNumber().intValue()); } - public void testCreateKeyStoreFromCertificateDirectory() throws Exception { - // copy certificate files to a temporary directory, - // omitting the "CVS" directory in the source directory - copyCertificates("data/test/security/server-certs", tmpDir); - KeyStore ks = KeyStoreUtils.createKeyStoreFromCertificateDirectory("jks", tmpDirURL); - assertEquals(2, ks.size()); - X509Certificate cert0 = (X509Certificate)ks.getCertificate("0"); - X509Certificate cert1 = (X509Certificate)ks.getCertificate("1"); - assertTrue(3424 == cert0.getSerialNumber().intValue() || 3424 == cert1.getSerialNumber().intValue()); - } +// public void testCreateKeyStoreFromCertificateDirectory() throws Exception { +// // copy certificate files to a temporary directory, +// // omitting the "CVS" directory in the source directory +// copyCertificates("data/test/security/server-certs", tmpDir); +// KeyStore ks = KeyStoreUtils.createKeyStoreFromCertificateDirectory("jks", tmpDirURL); +// assertEquals(2, ks.size()); +// X509Certificate cert0 = (X509Certificate)ks.getCertificate("0"); +// X509Certificate cert1 = (X509Certificate)ks.getCertificate("1"); +// assertTrue(3424 == cert0.getSerialNumber().intValue() || 3424 == cert1.getSerialNumber().intValue()); +// } private void copyCertificates(String from, String to) throws IOException { String[] fromList = new File(from).list(); for (int i = 0; i < fromList.length; i++) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 09c64c267..7bb07df74 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -94,24 +94,24 @@ public class ParepUtils { return str == null || "".equals(str); } - /** - * Reads a XML document from an input stream (namespace-aware). - * - * @param is - * the input stream to read from. - * @return the read XML document. - * @throws SZRGWClientException - * if an error occurs reading the document from the input stream. - */ - public static Document readDocFromIs(InputStream is) throws SZRGWClientException { - try { - DocumentBuilderFactory f = DocumentBuilderFactory.newInstance(); - f.setNamespaceAware(true); - return f.newDocumentBuilder().parse(is); - } catch (Exception e) { - throw new SZRGWClientException(e); - } - } +// /** +// * Reads a XML document from an input stream (namespace-aware). +// * +// * @param is +// * the input stream to read from. +// * @return the read XML document. +// * @throws SZRGWClientException +// * if an error occurs reading the document from the input stream. +// */ +// public static Document readDocFromIs(InputStream is) throws SZRGWClientException { +// try { +// DocumentBuilderFactory f = DocumentBuilderFactory.newInstance(); +// f.setNamespaceAware(true); +// return f.newDocumentBuilder().parse(is); +// } catch (Exception e) { +// throw new SZRGWClientException(e); +// } +// } // /* // * diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index d975b6e0a..74cf665ca 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -22,10 +22,17 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas; +import java.net.URI; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + import org.apache.xml.security.signature.XMLSignature; import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.signature.SignatureConstants; +import at.gv.egovernment.moa.id.data.Trible; + /** * @author tlenz * @@ -119,4 +126,15 @@ public class Constants { EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128 + ";" + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256; + public static final List<URI> NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList<URI>() { + private static final long serialVersionUID = 1L; + { + add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri()); + add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri()); + add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri()); + add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri()); + } + }); + + } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 1ce900ebb..8fb81082f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.eidas; import java.io.IOException; import java.io.StringWriter; +import java.net.URI; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -62,6 +63,7 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.protocol.IAuthenticationRequest; import eu.eidas.auth.commons.protocol.IResponseMessage; import eu.eidas.auth.commons.protocol.eidas.IEidasAuthenticationRequest; @@ -302,7 +304,37 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { } - + //validate service-provider type from eIDAS request + String spType = null; + if (eIDASSamlReq.getSpType() != null) + spType = eIDASSamlReq.getSpType(); + + if (MiscUtil.isEmpty(spType)) + spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc); + + if (MiscUtil.isNotEmpty(spType)) + Logger.debug("eIDAS request has SPType:" + spType); + else { + Logger.warn("eIDAS request and eIDAS metadata contains NO 'SPType' element."); + throw new EIDASAuthnRequestProcessingException("eIDAS.06", + new Object[]{"eIDAS request and eIDAS metadata contains NO 'SPType' element."}); + + } + + //validate if minimal data-set if it is not fully requested + //TODO: must be tested!!!! + ImmutableAttributeMap reqAttrList = eIDASSamlReq.getRequestedAttributes(); + for (URI el : Constants.NATURALPERSONMINIMUMDATASETLIST) { + if(reqAttrList.getAttributeValuesByNameUri(el) == null) { + Logger.warn("Minimum data-set attribute: " + el + " is not requested."); + throw new EIDASAuthnRequestProcessingException("eIDAS.06", + new Object[]{"eIDAS request does not contain all attributes of minimum data-set for natural person"}); + + } + } + + + //************************************************* //***** store eIDAS request information ********* //************************************************* @@ -335,19 +367,6 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { // - memorize OA config pendingReq.setOnlineApplicationConfiguration(oaConfig); - - // - memorize service-provider type from eIDAS request - String spType = null; - if (eIDASSamlReq.getSpType() != null) - spType = eIDASSamlReq.getSpType(); - - if (MiscUtil.isEmpty(spType)) - spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc); - - if (MiscUtil.isNotEmpty(spType)) - Logger.debug("eIDAS request has SPType:" + spType); - else - Logger.info("eIDAS request and eIDAS metadata contains NO 'SPType' element."); } catch (MOAIDException e) { Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage()); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b2522ea33..b7c54203f 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -71,7 +71,7 @@ class OAuth20AuthAction implements IAction { revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); - String code = Random.nextRandom(); + String code = Random.nextHexRandom32(); try { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 16b4ba841..dc55df05b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -187,7 +187,7 @@ public class SSOTransferServlet{ Logger.debug("Receive " + this.getClass().getName() + " request"); Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); if (tokenObj != null && tokenObj instanceof String) { - String token = (String)tokenObj; + String token = StringEscapeUtils.escapeHtml((String)tokenObj); try { Logger.debug("Load token:" + token + " from storage."); SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut * 1000); @@ -286,7 +286,7 @@ public class SSOTransferServlet{ Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); if (tokenObj != null && tokenObj instanceof String) { - String token = (String)tokenObj; + String token = StringEscapeUtils.escapeHtml((String)tokenObj); try { SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut); if (container != null) { @@ -403,8 +403,6 @@ public class SSOTransferServlet{ null); if (ssomanager.isValidSSOSession(ssoid, null)) { - //Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); - //create first step of SSO Transfer GUI IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid); |