aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2011-04-01 08:03:14 +0000
committerkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2011-04-01 08:03:14 +0000
commitab7c7b6a64edca60b78a89b18a1972ad5e38586e (patch)
tree3289e439ecfe1e329361a700ddbd3012bc870c5e /id/server
parent2a31c88fda199a37fb7136d86100a9c330e5de34 (diff)
downloadmoa-id-spss-ab7c7b6a64edca60b78a89b18a1972ad5e38586e.tar.gz
moa-id-spss-ab7c7b6a64edca60b78a89b18a1972ad5e38586e.tar.bz2
moa-id-spss-ab7c7b6a64edca60b78a89b18a1972ad5e38586e.zip
- Update Parameterüberprüfung
- Update MOA-Template zur Bürgerkartenauswahl - Änderung der Konfiguration für: - Angabe einer Liste von vertrauenswürdigen BKUs (aufgrund Parameterprüfung) - Fixed Bug #552 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=552&group_id=6&atid=105) - Fixed Bug #551 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=551&group_id=6&atid=105) - Fixed Bug #550 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=550&group_id=6&atid=105) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1198 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id/server')
-rw-r--r--id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdfbin190907 -> 175414 bytes
-rw-r--r--id/server/auth/src/main/webapp/css/index.css32
-rw-r--r--id/server/auth/src/main/webapp/iframeHandyBKU.html41
-rw-r--r--id/server/auth/src/main/webapp/iframeOnlineBKU.html48
-rw-r--r--id/server/auth/src/main/webapp/index.html78
-rw-r--r--id/server/auth/src/main/webapp/template_handyBKU.html4
-rw-r--r--id/server/auth/src/main/webapp/template_onlineBKU.html4
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml3
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml3
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml4
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml3
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml3
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml3
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml3
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml3
-rw-r--r--id/server/doc/MOA ID 1.x.wsdl2
-rw-r--r--id/server/doc/MOA-ID-Configuration-1.5.0.xsd (renamed from id/server/doc/MOA-ID-Configuration-1.4.7.xsd)9
-rw-r--r--id/server/doc/moa_id/id-admin_2.htm12
-rw-r--r--id/server/idserverlib/pom.xml5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java465
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java15
34 files changed, 852 insertions, 150 deletions
diff --git a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
index 021e15b94..b68d247cb 100644
--- a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
+++ b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
Binary files differ
diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css
index 3dea4d7ff..39b715a6e 100644
--- a/id/server/auth/src/main/webapp/css/index.css
+++ b/id/server/auth/src/main/webapp/css/index.css
@@ -82,7 +82,7 @@ p#skiplinks a:active {
#leftcontent {
float:left;
- width:210px;
+ width:220px;
}
h2#tabheader, h2#contentheader {
@@ -94,7 +94,7 @@ h2#tabheader, h2#contentheader {
#bkulogin {
overflow:hidden;
- width:210px;
+ width:220px;
}
#bkukarte {
@@ -113,6 +113,12 @@ h2#tabheader, h2#contentheader {
width:40%;
}
+#mandate{
+ text-align:center;
+ padding : 5px 5px 5px 5px;
+}
+
+
button {
background: #efefef;
border:1px solid #000;
@@ -161,19 +167,19 @@ button {
}
iframe {
- width:210px;
+ width:220px;
}
/* right */
#rightcontent {
float:right;
- width:210px;
+ width:220px;
}
#centercontent {
width:auto;
- margin: 0 220px;
+ margin: 0 230px;
}
/* center */
@@ -202,6 +208,22 @@ p {
}
+#mandateLogin {
+ vertical-align: middle;
+}
+
+.infobutton {
+ background-color: #005a00;
+ color: white;
+ font-family: serif;
+ text-decoration: none;
+ padding-top: 2px;
+ padding-right: 4px;
+ padding-bottom: 2px;
+ padding-left: 4px;
+ font-weight: bold;
+}
+
/* [OPTIONAL] Geben Sie hier die Farbe fuer den hellen Hintergrund an */
.hell {
background-color : #DDDDDD;
diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html
index 24a2d80f9..06639c7e5 100644
--- a/id/server/auth/src/main/webapp/iframeHandyBKU.html
+++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html
@@ -7,22 +7,47 @@
<meta http-equiv="PRAGMA" content="NO-CACHE">
<script type="text/javascript">
window.onload=function() {
+ var Template = get_url_param("Template", "startAuth");
+ var startAuth = get_url_param("startAuth", "useMandate");
+ var useMandate = get_url_param("useMandate", "");
+
+ document.moaidform.useMandate.value = useMandate;
+ document.moaidform.action = startAuth;
+ document.moaidform.Template.value = Template;
+
document.moaidform.submit();
return;
}
+
+ function get_url_param(name, follower) {
+
+ var url = window.location.href;
+ var i = url.indexOf(name);
+ url = url.substring(i + name.length+1, url.length);
+ if (follower.length != 0) {
+ i = url.indexOf(follower);
+ url = url.substring(0, i-1);
+ }
+
+
+ // alert (name + ": " + url);
+
+ return url;
+
+ }
</script>
</head>
<body>
Bitte warten...
+
+ <form method="POST" name="moaidform">
+ <input type="hidden" name="Template">
+ <input type="hidden" name="bkuURI" value="https://www.a-trust.at/mobile/https-security-layer-request/default.aspx">
+ <input type="hidden" name="useMandate">
+ </form>
- <!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
- <!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at" -->
- <FORM name="moaidform" action="[MOA_ID_STARTAUTHENTICATION]" method="post">
- <!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy BKU an -->
- <!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
- <input type="hidden" name="Template" value="[URL_TO_HANDYBKU_TEMPLATE]">
- <input type="hidden" name="bkuURI" value="https://www.a-trust.at/mobile/https-security-layer-request/default.aspx">
- </FORM>
+
+
<hr>
</body>
diff --git a/id/server/auth/src/main/webapp/iframeOnlineBKU.html b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
index e92420e7a..b0f6b8bb0 100644
--- a/id/server/auth/src/main/webapp/iframeOnlineBKU.html
+++ b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
@@ -7,23 +7,49 @@
<meta http-equiv="PRAGMA" content="NO-CACHE">
<script type="text/javascript">
window.onload=function() {
- document.moaidform.submit();
+
+ var bkuURI = get_url_param("bkuURI", "Template");
+ var Template = get_url_param("Template", "startAuth");
+ var startAuth = get_url_param("startAuth", "useMandate");
+ var useMandate = get_url_param("useMandate", "");
+
+ document.moaidform.useMandate.value = useMandate;
+ document.moaidform.action = startAuth;
+ document.moaidform.Template.value = Template;
+ document.moaidform.bkuURI.value = bkuURI;
+
+ document.moaidform.submit();
+
return;
}
+
+ function get_url_param(name, follower) {
+
+ var url = window.location.href;
+ var i = url.indexOf(name);
+ url = url.substring(i + name.length+1, url.length);
+ if (follower.length != 0) {
+ i = url.indexOf(follower);
+ url = url.substring(0, i-1);
+ }
+
+
+ // alert (name + ": " + url);
+
+ return url;
+
+ }
+
+
</script>
</head>
<body>
Bitte warten...
-
- <!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
- <!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at" -->
- <form method="POST" name="moaidform" id="moa" action="[MOA_ID_STARTAUTHENTICATION]">
- <!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an -->
- <!-- z.B.: value="https://yoururl.at/moa-id-auth/template_onlineBKU.html"-->
- <input type="hidden" name="Template" value="[URL_TO_ONLINEBKU_TEMPLATE]">
- <!-- [MUSS] Geben Sie hier die URL zur Online BKU an -->
- <!-- z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"-->
- <input type="hidden" name="bkuURI" value="[URL_TO_ONLINEBKU]">
+
+ <form method="POST" name="moaidform">
+ <input type="hidden" name="Template">
+ <input type="hidden" name="bkuURI">
+ <input type="hidden" name="useMandate">
</form>
<hr>
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index a49d8c6bc..0e12035e9 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -9,22 +9,64 @@
<meta http-equiv="Content-Style-Type" content="text/css">
<link rel="stylesheet" type="text/css" href="css/index.css">
<script type="text/javascript">
+
+ // [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
+ // z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
+ var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+
+ // [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an
+ // z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html
+ var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
+
+ // [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an
+ // z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"
+ var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
+
+ // [MUSS] Geben Sie hier die URL zur Online BKU an
+ // z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"
+ var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
+
+ // [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->
+ <!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
+ var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
+
+
window.onload=function() {
document.getElementById("localBKU").style.display="none";
+
return;
}
+
function bkuOnlineClicked() {
<!-- [OPTIONAL] Um die lokale BKU auszublenden, ersetzen Sie in der folgenden Zeile "block" durch "none" -->
document.getElementById("localBKU").style.display="block";
+
+ // set values for local BKU
+ document.getElementById("form_local_bku").action = MOA_ID_STARTAUTHENTICATION;
+ document.getElementById("input_localBKU_template").value = URL_TO_LOKALBKU_TEMPLATE;
+ if (document.getElementById("mandateCheckBox").checked) {
+ document.getElementById("useMandate").value = "true";
+ }
+ else {
+ document.getElementById("useMandate").value = "false";
+ }
+ // set values for online BKU
var el = document.getElementById("bkulogin");
var parent = el.parentNode;
+ var checkBox = document.getElementById("mandateCheckBox");
+ var iFrameURL = "iframeOnlineBKU.html" + "?";
+ iFrameURL += "bkuURI=" + URL_TO_ONLINEBKU + "&";
+ iFrameURL += "Template=" + URL_TO_ONLINEBKU_TEMPLATE + "&";
+ iFrameURL += "startAuth=" + MOA_ID_STARTAUTHENTICATION + "&";
+ iFrameURL += "useMandate=" + checkBox.checked ;
+
var iframe = document.createElement("iframe");
- iframe.setAttribute("src", "iframeOnlineBKU.html");
- iframe.setAttribute("width", "210");
- iframe.setAttribute("height", "155");
+ iframe.setAttribute("src", iFrameURL);
+ iframe.setAttribute("width", "220");
+ iframe.setAttribute("height", "165");
iframe.setAttribute("frameborder", "0");
iframe.setAttribute("scrolling", "no");
iframe.setAttribute("title", "Login");
@@ -36,13 +78,21 @@
function bkuHandyClicked() {
document.getElementById("localBKU").style.display="none";
+ // set values for Handy Signatur
var el = document.getElementById("bkulogin");
var parent = el.parentNode;
+
+ var checkBox = document.getElementById("mandateCheckBox");
+ var iFrameURL = "iframeHandyBKU.html" + "?";
+ iFrameURL += "Template=" + URL_TO_HANDYSIGNATUR_TEMPLATE + "&";
+ iFrameURL += "startAuth=" + MOA_ID_STARTAUTHENTICATION + "&";
+ iFrameURL += "useMandate=" + checkBox.checked ;
+
var iframe = document.createElement("iframe");
- iframe.setAttribute("src", "iframeHandyBKU.html");
- iframe.setAttribute("width", "210");
- iframe.setAttribute("height", "149");
+ iframe.setAttribute("src", iFrameURL);
+ iframe.setAttribute("width", "220");
+ iframe.setAttribute("height", "159");
iframe.setAttribute("frameborder", "0");
iframe.setAttribute("scrolling", "no");
iframe.setAttribute("title", "Login");
@@ -86,19 +136,25 @@
<div id="bkuhandy" class="hell">
<button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button>
</div>
+ <div id="mandate">
+ <input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"><label>in Vertretung anmelden</label>
+ </div>
</div>
+
+
+
+
<div id="localBKU" style="display:none" class="hell">
<hr>
- <!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
- <!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at"-->
- <form method="post" action="[MOA_ID_STARTAUTHENTICATION]">
+ <form id="form_local_bku" method="post">
<input type="hidden" name="show" value="false">
<!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an -->
<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_localBKU.html"-->
- <input type="hidden" name="Template" value="[URL_TO_LOKALBKU_TEMPLATE]">
+ <input type="hidden" name="Template" id="input_localBKU_template" >
<input type="hidden" name="bkuURI" value="https://localhost:3496/https-security-layer-request">
- <input type="submit" size="400" value="Lokale BKU">
+ <input type="hidden" name="useMandate" id="useMandate">
+ <input type="submit" size="400" value="Lokale BKU">
</form>
<p>
<small>Alternativ k&ouml;nnen Sie eine lokal installierte BKU verwenden.</small>
diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html
index 4ae6c2231..6ccd295b2 100644
--- a/id/server/auth/src/main/webapp/template_handyBKU.html
+++ b/id/server/auth/src/main/webapp/template_handyBKU.html
@@ -18,8 +18,8 @@
<input type="hidden" name="PushInfobox" value="<PushInfobox>">
<!-- Angabe der Parameter für die Handy-BKU -->
- <input type="hidden" name="appletWidth" value="210">
- <input type="hidden" name="appletHeight" value="149">
+ <input type="hidden" name="appletWidth" value="220">
+ <input type="hidden" name="appletHeight" value="159">
<!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Handy-BKU -->
<input type="hidden" name="backgroundColor" value="#DDDDDD">
diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html
index 28207e9e2..1bb2ac236 100644
--- a/id/server/auth/src/main/webapp/template_onlineBKU.html
+++ b/id/server/auth/src/main/webapp/template_onlineBKU.html
@@ -18,8 +18,8 @@
<input type="hidden" name="PushInfobox" value="<PushInfobox>">
<!-- Angabe der Parameter fuer die Online-BKU -->
- <input type="hidden" name="appletWidth" value="210">
- <input type="hidden" name="appletHeight" value="130">
+ <input type="hidden" name="appletWidth" value="220">
+ <input type="hidden" name="appletHeight" value="140">
<!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Online-BKU -->
<input type="hidden" name="appletBackgroundColor" value="#DDDDDD">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 338137236..b1418fb0b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -151,4 +151,7 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <TrustedBKUs>
+ <BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+ </TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index b0869df9e..0f09ff7d5 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -171,4 +171,7 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <TrustedBKUs>
+ <BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+ </TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 37b6921fe..fd565b538 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -157,4 +157,8 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <!-- Vertrauenswürdige Bürgerkartenumgebungen -->
+ <TrustedBKUs>
+ <BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+ </TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index d6340e5a5..b3c655155 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -177,4 +177,7 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <TrustedBKUs>
+ <BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+ </TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 179394085..3f1d95562 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -154,4 +154,7 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <TrustedBKUs>
+ <BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+ </TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index ff38ec973..e381d9bda 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -174,4 +174,7 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <TrustedBKUs>
+ <BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+ </TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index c7802635b..f1202a542 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -160,4 +160,7 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <TrustedBKUs>
+ <BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+ </TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 98d2741f7..068ab90b1 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -180,4 +180,7 @@
<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+ <TrustedBKUs>
+ <BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+ </TrustedBKUs>
</MOA-IDConfiguration>
diff --git a/id/server/doc/MOA ID 1.x.wsdl b/id/server/doc/MOA ID 1.x.wsdl
index 06daae8f1..86c08226a 100644
--- a/id/server/doc/MOA ID 1.x.wsdl
+++ b/id/server/doc/MOA ID 1.x.wsdl
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- edited with XML Spy v4.4 U (http://www.xmlspy.com) by patrick peck (anecon) -->
<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
- <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-20020812.xsd"/>
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-SPSS-1.2.xsd"/>
<message name="GetAuthenticationDataInput">
<part name="body" element="samlp:Request"/>
</message>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.7.xsd b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
index 28e0b947d..9078bab98 100644
--- a/id/server/doc/MOA-ID-Configuration-1.4.7.xsd
+++ b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
@@ -1,5 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSpy v2010 (http://www.altova.com) by ks (ks) -->
<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
@@ -136,6 +135,7 @@
</xsd:simpleType>
</xsd:attribute>
<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
@@ -187,6 +187,13 @@
<xsd:attribute name="value" type="xsd:string" use="required"/>
</xsd:complexType>
</xsd:element>
+ <xsd:element name="TrustedBKUs" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="BKUURL" maxOccurs="unbounded" type="xsd:anyURI"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 9668dd908..4268565c0 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -87,6 +87,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
<a href="#ChainingModes">ChainingModes</a><br />
<a href="#TrustedCACertificates">TrustedCACertificates</a><br />
<a href="#GenericConfiguration">GenericConfiguration</a><br />
+<a href="#TrustedBKUs">TrustedBKUs</a><br />
<br />
<a href="#oa-config"><b>Konfiguration<br />der Online-Applikation</b></a><br />
<br />
@@ -121,10 +122,10 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
<p id="subtitel">Konfiguration von MOA ID v.1.5</p>
<p id="block"> Die Konfiguration von MOA ID wird mittels einer XML-basierten
Konfigurationsdatei, die dem Schema
- <a href="../MOA-ID-Configuration-1.4.7.xsd" target="_new">MOA-ID-Configuration-1.4.7.xsd</a> entspricht, durchgef&uuml;hrt.
+ <a href="../MOA-ID-Configuration-1.5.0.xsd" target="_new">MOA-ID-Configuration-1.5.0.xsd</a> entspricht, durchgef&uuml;hrt.
<p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
der Web-Applikation in Tomcat</a> beschrieben.
- <p /> Die folgenden Abschnitte erl&auml;utern das Format der Konfigurationsdatei.
+ <p /> @TODO Die folgenden Abschnitte erl&auml;utern das Format der Konfigurationsdatei.
<a href="examples/conf/MOA-ID-Configuration.xml" target="_new">MOA-ID-Configuration.xml</a>
zeigt ein Beispiel f&uuml;r eine umfassende Konfigurationsdatei. </p>
<p>Enth&auml;lt die Konfigurationsdatei relative Pfadangaben, werden
@@ -1154,6 +1155,13 @@ Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;nd
</tr>
</table>
</div>
+ <div id="TrustedBKUs" />
+ <p id="block"> <b>TrustedBKUs</b><br />
+ Das Element <tt>TrustedBKUs</tt>
+ erm&ouml;glicht das Setzen von vertrauensw&uuml;rdigen B&uuml;rgerkartenumgebungen.
+ In den <tt>BKUURL</tt> Unterelement werden die vertrauensw&uuml;rdigen URLs eingetragen. Diese Liste an URL wird mit dem Parameter bkuURI abgeglichen. Lokale B&uuml;rgerkartenumgebungn m&uuml;ssen nicht eingetragen werden - diesen wird automatisch vertraut.
+</p>
+</div>
</div>
</div>
</div>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 6849b92a4..6553182b4 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -126,6 +126,11 @@
<artifactId>mandate-validate</artifactId>
<version>1.1</version>
</dependency>
+ <dependency>
+ <groupId>commons-lang</groupId>
+ <artifactId>commons-lang</artifactId>
+ <version>2.6</version>
+ </dependency>
</dependencies>
<build>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 8de82a8d6..64eaf30cd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -800,9 +800,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam =
authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
+ session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes
+ session.setExtendedSAMLAttributesOA(new Vector());
+
if (verifyInfoboxParameters != null) {
- session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes
- session.setExtendedSAMLAttributesOA(new Vector());
+
infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
// get the list of infobox identifiers
List identifiers = verifyInfoboxParameters.getIdentifiers();
@@ -1556,7 +1558,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* already for the given session ID
*/
private static AuthenticationSession newSession() throws AuthenticationException {
- String sessionID = Random.nextRandom();
+ String sessionID = Random.nextRandom();
AuthenticationSession newSession = new AuthenticationSession(sessionID);
synchronized (sessionStore) {
AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 0e361ee57..259b21db7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -28,6 +28,8 @@ public interface MOAIDAuthConstants {
/** servlet parameter &quot;Target&quot; */
public static final String PARAM_TARGET = "Target";
+ /** servlet parameter &quot;useMandate&quot; */
+ public static final String PARAM_USEMANDATE = "useMandate";
/** servlet parameter &quot;OA&quot; */
public static final String PARAM_OA = "OA";
/** servlet parameter &quot;bkuURI&quot; */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index bff0a3fca..109d17d11 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -53,7 +53,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
/**
- * Handles an error. <br>
+ * Handles an error. <br>>
* <ul>
* <li>Logs the error</li>
* <li>Places error message and exception thrown into the request
@@ -89,7 +89,13 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
//forward this to errorpage-auth.jsp where the HTML error page is generated
ServletContext context = getServletContext();
RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
- try {
+ try {
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
dispatcher.forward(req, resp);
} catch (ServletException e) {
Logger.error(e);
@@ -111,6 +117,11 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
ServletContext context = getServletContext();
RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
try {
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
dispatcher.forward(req, resp);
} catch (ServletException e) {
Logger.error(e);
@@ -123,7 +134,6 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
* Logs all servlet parameters for debugging purposes.
*/
protected void logParameters(HttpServletRequest req) {
- //@TODO Parameter?
for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) {
String parname = (String)params.nextElement();
Logger.debug("Parameter " + parname + req.getParameter(parname));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
index be8b5e272..a9082dd8e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -48,6 +49,12 @@ public class ConfigurationServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
+
+ response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 23d4eab20..c83650587 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -12,11 +12,13 @@ import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -61,7 +63,12 @@ public class GetForeignIDServlet extends AuthServlet {
throws ServletException, IOException {
Logger.debug("GET GetForeignIDServlet");
-
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
}
@@ -87,6 +94,11 @@ public class GetForeignIDServlet extends AuthServlet {
Logger.debug("POST GetForeignIDServlet");
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
Map parameters;
try
{
@@ -97,16 +109,24 @@ public class GetForeignIDServlet extends AuthServlet {
throw new IOException(e.getMessage());
}
String sessionID = req.getParameter(PARAM_SESSIONID);
+
+ // escape parameter strings
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
String redirectURL = null;
AuthenticationSession session = null;
try {
+ String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
+ if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse))
+ throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
session = AuthenticationServer.getSession(sessionID);
- String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
Logger.debug(xmlCreateXMLSignatureResponse);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 317af3e06..54d08c59e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -24,10 +24,13 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -36,6 +39,7 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
@@ -66,7 +70,12 @@ public class ProcessValidatorInputServlet extends AuthServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("GET ProcessInput");
+ Logger.debug("GET ProcessInput");
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
Map parameters;
try {
parameters = getParameters(req);
@@ -78,8 +87,15 @@ public class ProcessValidatorInputServlet extends AuthServlet {
if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
+
+ // escape parameter strings
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
- try {
+ try {
+
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
+
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
InfoboxValidator infoboxvalidator = session.getFirstPendingValidator();
String outputStream;
@@ -103,7 +119,10 @@ public class ProcessValidatorInputServlet extends AuthServlet {
out.flush();
out.close();
Logger.debug("Finished GET ProcessInput");
- }
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
@@ -117,7 +136,13 @@ public class ProcessValidatorInputServlet extends AuthServlet {
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("POST ProcessInput");
+ Logger.debug("POST ProcessInput");
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
Map parameters;
try {
parameters = getParameters(req);
@@ -125,13 +150,20 @@ public class ProcessValidatorInputServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- //@TODO Parameter
+
String sessionID = req.getParameter(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
+
+ // escape parameter strings
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
- try {
+ try {
+
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
+
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
AuthenticationServer.processInput(session, parameters);
String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
@@ -143,16 +175,22 @@ public class ProcessValidatorInputServlet extends AuthServlet {
String htmlForm = null;
boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
- //@TODO Parameter
+
String inputProcessorSignForm = req.getParameter("Sign_Form");
if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
+ if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
+ // escape parameter strings
+ inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
if (doInputProcessorSign) {
// Test if we have a user input form sign template
- //@TODO Parameter
- String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+
+ String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+
+ if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL))
+ throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12");
+
String inputProcessorSignTemplate = null;
OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
@@ -199,7 +237,10 @@ public class ProcessValidatorInputServlet extends AuthServlet {
resp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
}
- }
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index 09b3ae15f..6e285a2c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -24,7 +24,10 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
+
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -70,6 +73,12 @@ public class SelectBKUServlet extends AuthServlet {
throws ServletException, IOException {
Logger.debug("GET SelectBKU");
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
String authURL = req.getScheme() + "://" + req.getServerName();
if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
authURL = authURL.concat(":" + req.getServerPort());
@@ -80,6 +89,14 @@ public class SelectBKUServlet extends AuthServlet {
String oaURL = req.getParameter(PARAM_OA);
String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
String templateURL = req.getParameter(PARAM_TEMPLATE);
+
+ // escape parameter strings
+ target = StringEscapeUtils.escapeHtml(target);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ templateURL = StringEscapeUtils.escapeHtml(templateURL);
+ bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL);
+
+
resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
@@ -89,11 +106,13 @@ public class SelectBKUServlet extends AuthServlet {
// check parameter
if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(templateURL))
- throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12");
+ if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+ throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL))
+ throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
String returnValue = AuthenticationServer.getInstance().selectBKU(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 2430095b2..10b4041df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -17,12 +17,16 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
+import java.io.Reader;
+import java.io.StringReader;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
+
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
@@ -64,16 +68,27 @@ public class StartAuthenticationServlet extends AuthServlet {
authURL = authURL.concat(req.getContextPath() + "/");
String target = req.getParameter(PARAM_TARGET);
- String oaURL = req.getParameter(PARAM_OA);
+ String oaURL = req.getParameter(PARAM_OA);
String bkuURL = req.getParameter(PARAM_BKU);
String templateURL = req.getParameter(PARAM_TEMPLATE);
String sessionID = req.getParameter(PARAM_SESSIONID);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+
+ // escape parameter strings
+ target = StringEscapeUtils.escapeHtml(target);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
+ templateURL = StringEscapeUtils.escapeHtml(templateURL);
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+ useMandate = StringEscapeUtils.escapeHtml(useMandate);
+
resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
+ //System.out.println("useMandate: " + useMandate);
try {
// check parameter
@@ -83,10 +98,14 @@ public class StartAuthenticationServlet extends AuthServlet {
throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(templateURL))
+ if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+
+
String getIdentityLinkForm =
@@ -97,6 +116,7 @@ public class StartAuthenticationServlet extends AuthServlet {
out.print(getIdentityLinkForm);
out.flush();
Logger.debug("Finished GET StartAuthentication");
+
}
catch (WrongParametersException ex) {
handleWrongParameters(ex, req, resp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 8ae951dda..ad01de6c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -23,9 +23,11 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -60,6 +62,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
throws ServletException, IOException {
Logger.debug("GET VerifyAuthenticationBlock");
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
}
/**
@@ -87,6 +95,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
throws ServletException, IOException {
Logger.debug("POST VerifyAuthenticationBlock");
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
Map parameters;
try
{
@@ -98,11 +112,17 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
+ // escape parameter strings
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
String redirectURL = null;
try {
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+ if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 1b96ce8a4..76c5476ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -17,12 +17,14 @@ import javax.xml.parsers.ParserConfigurationException;
import org.apache.axis.encoding.Base64;
import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -64,7 +66,10 @@ public class VerifyCertificateServlet extends AuthServlet {
Logger.debug("GET VerifyCertificateServlet");
-
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
}
/**
@@ -84,6 +89,11 @@ public class VerifyCertificateServlet extends AuthServlet {
Logger.debug("POST VerifyCertificateServlet");
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
Map parameters;
try
{
@@ -94,6 +104,10 @@ public class VerifyCertificateServlet extends AuthServlet {
throw new IOException(e.getMessage());
}
String sessionID = req.getParameter(PARAM_SESSIONID);
+
+ // escape parameter strings
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
AuthenticationSession session = null;
try {
// check parameter
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index ba3e2141b..dff366829 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -23,10 +23,12 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
@@ -61,6 +63,11 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
throws ServletException, IOException {
Logger.debug("GET VerifyIdentityLink");
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
}
/**
@@ -85,6 +92,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
throws ServletException, IOException {
Logger.debug("POST VerifyIdentityLink");
+
Map parameters;
try
{
@@ -95,10 +103,16 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
throw new IOException(e.getMessage());
}
String sessionID = req.getParameter(PARAM_SESSIONID);
-
-
+ // escape parameter strings
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+
try {
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID))
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 7cc33ca52..dbfbda535 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -162,6 +162,10 @@ public class ConfigurationBuilder {
ROOT + CONF + "GenericConfiguration";
/** an XPATH-Expression */
+ protected static final String TRUSTED_BKUS =
+ ROOT + CONF + "TrustedBKUs/" + CONF + "BKUURL";
+
+ /** an XPATH-Expression */
protected static final String CHAINING_MODES_XPATH =
ROOT + CONF + "ChainingModes";
/** an XPATH-Expression */
@@ -372,6 +376,22 @@ public class ConfigurationBuilder {
return result;
}
+ public List getTrustedBKUs() {
+
+ List trustedBKUs = new ArrayList();
+
+ NodeIterator bkuIter = XPathUtils.selectNodeIterator(configElem_, TRUSTED_BKUS);
+
+ Element vtElem;
+
+ while ((vtElem = (Element) bkuIter.nextNode()) != null) {
+ String bkuURL = DOMUtils.getText(vtElem);
+ trustedBKUs.add(bkuURL);
+ }
+
+ return trustedBKUs;
+
+ }
/**
* Returns a list containing all X509 Subject Names
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index a25bc1af5..6e296b4f4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -164,6 +164,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
*/
private ConnectionParameter foreignIDConnectionParameter;
+ /**
+ * Parameter for trusted BKUs
+ */
+ private List trustedBKUs;
+
/**
* Return the single instance of configuration data.
*
@@ -271,7 +276,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
defaultChainingMode = builder.getDefaultChainingMode();
chainingModes = builder.buildChainingModes();
trustedCACertificates = builder.getTrustedCACertificates();
- trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
+ trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
+ trustedBKUs = builder.getTrustedBKUs();
} catch (Throwable t) {
throw new ConfigurationException("config.02", null, t);
@@ -411,6 +417,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
public List getIdentityLinkX509SubjectNames() {
return identityLinkX509SubjectNames;
}
+
+ /**
+ * Returns the trustBKUs.
+ * @return List
+ */
+ public List getTrustedBKUs() {
+ return this.trustedBKUs;
+ }
+
/**
* Returns the bKUConnectionParameter.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 684291c59..79db9907b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -1,14 +1,25 @@
package at.gv.egovernment.moa.id.util;
-import java.io.BufferedReader;
import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
+import java.io.StringReader;
import java.net.MalformedURLException;
import java.net.URL;
+import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import javax.servlet.http.HttpServletRequest;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
public class ParamValidatorUtils {
@@ -19,52 +30,266 @@ public class ParamValidatorUtils {
*/
public static boolean isValidTarget(String target) {
+ Logger.debug("Überprüfe Parameter Target");
+
// if non parameter is given return true
- if (target == null)
- return true;
+ if (target == null) {
+ Logger.debug("Parameter Target ist null");
+ return true;
+ }
+
Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}");
Matcher matcher = pattern.matcher(target);
- return matcher.matches();
+ boolean b = matcher.matches();
+ if (b) {
+ Logger.debug("Parameter Target erfolgreich überprüft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Überprüfung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
+ return false;
+ }
+
}
/**
- * Checks if the given bkuURI is valid
+ * Checks if the given useMandate is valid
* @param target HTTP parameter from request
* @return
*/
- public static boolean isValidBKUURI(String bkuURI) {
+ public static boolean isValidUseMandate(String usemandate) {
+ Logger.debug("Überprüfe Parameter useMandate");
+
// if non parameter is given return true
- if (bkuURI == null)
- return true;
+ if (usemandate== null) {
+ Logger.debug("Parameter useMandate ist null");
+ return true;
+ }
+
- // check if bkuURI is a valid URL
- try {
- new URL(bkuURI);
- return true;
- } catch (MalformedURLException e) {
- return false;
+ if (usemandate.compareToIgnoreCase("true") == 0 || usemandate.compareToIgnoreCase("false") == 0) {
+ Logger.debug("Parameter useMandate erfolgreich überprüft");
+ return true;
}
+ else {
+ Logger.error("Fehler Überprüfung Parameter useMandate. useMandate ist weder 'true' noch 'false')");
+ return false;
+ }
+
+
+
+
+
}
/**
- * Checks if the given template is valid
+ * Checks if the given bkuURI is valid
* @param target HTTP parameter from request
* @return
*/
- public static boolean isValidTemplate(String template) {
+ public static boolean isValidBKUURI(String bkuURI) {
+ Logger.debug("Überprüfe Parameter bkuURI");
+ // if non parameter is given return true
+ if (bkuURI == null) {
+ Logger.debug("Parameter bkuURI ist null");
+ return true;
+ }
+
+ // check if template is a valid URL
+ try {
+ // check if bku url starts with http or https
+ if (bkuURI.startsWith("http") || bkuURI.startsWith("https")) {
+ URL url =new URL(bkuURI);
+
+ // check if bkuURI is a local BKU
+ if (bkuURI.compareToIgnoreCase("https://localhost:3496/https-security-layer-request") == 0 ||
+ bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0) {
+ Logger.debug("Parameter bkuURI erfolgreich überprüft");
+ return true;
+ }
+ else {
+ Logger.debug("Parameter bkuURI ist keine lokale BKU. Überprüfe Liste der vertrauenswürdigen BKUs.");
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ List trustedBKUs = authConf.getTrustedBKUs();
+ boolean b = trustedBKUs.contains(bkuURI);
+ if (b) {
+ Logger.debug("Parameter bkuURI erfolgreich überprüft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist nicht auf Liste der vertrauenswürdigen BKUs (Konfigurationselement: MOA-IDConfiguration/TrustedBKUs)");
+ return false;
+ }
+ }
+
+
+ }
+ else {
+ Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
+ return false;
+ }
+
+
+ } catch (MalformedURLException e) {
+ Logger.error("Fehler Überprüfung Parameter bkuURI", e);
+ return false;
+ } catch (ConfigurationException e) {
+ Logger.error("Fehler Überprüfung Parameter bkuURI", e);
+ return false;
+ }
+ }
+
+// private static boolean testBKUConnection(URL url) {
+//
+// // make NullOperationRequest
+// //String request = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sl:NullOperationRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\"/>";
+// String request = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sl:GetPropertiesRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\"/>";
+//
+// HttpURLConnection connection;
+// if (url != null) {
+// try {
+// if (url.toExternalForm().startsWith("https")) {
+// connection = (HttpsURLConnection)url.openConnection();
+// }
+// else {
+// connection = (HttpURLConnection)url.openConnection();
+// }
+//
+// connection.setRequestMethod("POST");
+// connection.setDoOutput(true);
+//
+// connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
+//
+// String toSend = URLEncoder.encode(request, "UTF-8");
+// toSend = "XMLRequest=" + toSend;
+// connection.setRequestProperty("Content-Length", String.valueOf(toSend.getBytes().length));
+//
+// Logger.debug("Send NullOperationRequest to BKU.");
+//
+// OutputStream out = connection.getOutputStream();
+// out.write(toSend.getBytes());
+//
+// // get response
+// connection.connect();
+// int responseCode = connection.getResponseCode();
+//
+// if (responseCode != 200) {
+// InputStream is = connection.getErrorStream();
+// int ch;
+// String ret = "";
+// while ((ch = is.read()) != -1)
+// ret += (char)ch;
+//
+// is.close();
+//
+// System.out.println("ret: " + ret);
+//
+// Logger.error("Fehler Überprüfung Parameter bkuURI. Antwortcode von BKU ist nicht 200.");
+// return false;
+// }
+//
+// DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+// factory.setNamespaceAware(true);
+// DocumentBuilder builder = factory.newDocumentBuilder();
+//
+// //Document doc = builder.parse(connection.getInputStream());
+//
+// System.out.println(convertStreamToString(connection.getInputStream()));
+//
+//// NodeList l = doc.getElementsByTagNameNS(Constants.SL12_NS_URI, "ErrorResponse");
+//// if (l.getLength() != 0) {
+//// Logger.error("Fehler Überprüfung Parameter bkuURI. ErrorResponse von BKU empfangen.");
+//// return false;
+//// }
+//
+// Logger.debug("Parameter Template bkuURI erfolgreich überprüft");
+// return true;
+//
+//// } catch (SAXException e) {
+//// Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+//// return false;
+// } catch (IOException e) {
+// Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+// return false;
+// } catch (ParserConfigurationException e) {
+// Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+// return false;
+// }
+// }
+// else {
+// Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist null.");
+// return false;
+// }
+//
+//
+// }
+
+// public static String convertStreamToString(InputStream is) {
+// if (is != null) {
+// Writer writer = new StringWriter();
+//
+// char[] buffer = new char[1024];
+// try {
+// Reader reader = new BufferedReader(new InputStreamReader(is, "UTF-8"));
+// int n;
+// while ((n = reader.read(buffer)) != -1) {
+// writer.write(buffer, 0, n);
+// }
+// } catch (IOException e) {
+// e.printStackTrace();
+// }
+//
+// return writer.toString();
+// }
+// else {
+// return "";
+// }
+// }
+
+ /**
+ * Checks if the given template is valid
+ * @param req
+ * @param template
+ * @return
+ */
+ public static boolean isValidTemplate(HttpServletRequest req, String template) {
+ Logger.debug("Überprüfe Parameter Template bzw. bkuSelectionTemplateURL");
+
// if non parameter is given return true
- if (template == null)
- return true;
+ if (template == null) {
+ Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL ist null");
+ return true;
+ }
// check if template is a valid URL
try {
- new URL(template);
- return true;
+
+ // check if template url starts with http or https
+ if (template.startsWith("http") || template.startsWith("https")) {
+
+ // check if template url is from same server
+ if (template.contains(req.getServerName())) {
+ new URL(template);
+ Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich überprüft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ")");
+ return false;
+ }
+
+ }
+ else {
+ Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https.");
+ return false;
+ }
+
+
} catch (MalformedURLException e) {
- e.printStackTrace();
+ Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL.", e);
return false;
}
}
@@ -75,16 +300,31 @@ public class ParamValidatorUtils {
* @return
*/
public static boolean isValidSessionID(String sessionID) {
-
+ Logger.debug("Überprüfe Parameter MOASessionId");
+
// if non parameter is given return true
- if (sessionID == null)
- return true;
+ if (sessionID == null) {
+ Logger.debug("Parameter MOASessionId ist null");
+ return true;
+ }
+
Pattern pattern = Pattern.compile("[0-9-]*");
Matcher matcher = pattern.matcher(sessionID);
- return matcher.matches();
-
+ boolean b = matcher.matches();
+ if (b) {
+ Logger.debug("Parameter MOASessionId erfolgreich überprüft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Überprüfung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
+ return false;
+ }
+
+
+
+
}
/**
@@ -93,18 +333,68 @@ public class ParamValidatorUtils {
* @return
*/
public static boolean isValidOA(String oa) {
+ Logger.debug("Überprüfe Parameter oa");
+ // if non parameter is given return true
+ if (oa == null) {
+ Logger.debug("Parameter oa ist null");
+ return true;
+ }
+
+ // check if template is a valid URL
+ try {
+
+ // check if template url starts with http or https
+ if (oa.startsWith("http") || oa.startsWith("https")) {
+ new URL(oa);
+ Logger.debug("Parameter oa erfolgreich überprüft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Überprüfung Parameter oa. oa beginnt nicht mit http or https");
+ return false;
+ }
+
+ } catch (MalformedURLException e) {
+ Logger.error("Fehler Überprüfung Parameter oa", e);
+ return false;
+ }
+
+ }
- // if non parameter is given return true
- if (oa == null)
- return true;
-
- // check if oa is a valid URL
- try {
- new URL(oa);
- return true;
- } catch (MalformedURLException e) {
- return false;
- }
+ /**
+ * Checks if the given signurl is valid
+ * @param target HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidSignUrl(String signurl) {
+
+ Logger.debug("Überprüfe Parameter signurl");
+
+ // if non parameter is given return true
+ if (signurl == null) {
+ Logger.debug("Parameter signurl ist null");
+ return true;
+ }
+
+ // check if template is a valid URL
+ try {
+
+ // check if signurl starts with http or https
+ if (signurl.startsWith("http") || signurl.startsWith("https")) {
+ new URL(signurl);
+ Logger.debug("Parameter signurl erfolgreich überprüft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Überprüfung Parameter signurl. signurl beginnt nicht mit http or https");
+ return false;
+ }
+
+ } catch (MalformedURLException e) {
+ Logger.error("Fehler Überprüfung Parameter signurl", e);
+ return false;
+ }
+
}
/**
@@ -115,44 +405,69 @@ public class ParamValidatorUtils {
* @param data
* @return
*/
- private static boolean checkPlaceHolders(String data) {
-
- boolean bku = data.contains("<BKU>");
- boolean xmlrequest = data.contains("<XMLRequest>");
- boolean dataurl = data.contains("<DataURL>");
- boolean certinfoxmlrequest = data.contains("<CertInfoXMLRequest>");
- boolean certinfodataurl = data.contains("<CertInfoDataURL>");
-
- System.out.println("Check Data: ");
- System.out.println("bku: " + bku);
- System.out.println("xmlrequest: " + xmlrequest);
- System.out.println("dataurl: " + dataurl);
- System.out.println("certinfoxmlrequest: " + certinfoxmlrequest);
- System.out.println("certinfodataurl: " + certinfodataurl);
-
-
- //return bku && xmlrequest && dataurl && certinfoxmlrequest && certinfodataurl;
- return true;
-
- }
+// private static boolean checkPlaceHolders(String data) {
+//
+// boolean bku = data.contains("<BKU>");
+// boolean xmlrequest = data.contains("<XMLRequest>");
+// boolean dataurl = data.contains("<DataURL>");
+// boolean certinfoxmlrequest = data.contains("<CertInfoXMLRequest>");
+// boolean certinfodataurl = data.contains("<CertInfoDataURL>");
+//
+// System.out.println("Check Data: ");
+// System.out.println("bku: " + bku);
+// System.out.println("xmlrequest: " + xmlrequest);
+// System.out.println("dataurl: " + dataurl);
+// System.out.println("certinfoxmlrequest: " + certinfoxmlrequest);
+// System.out.println("certinfodataurl: " + certinfodataurl);
+//
+//
+// //return bku && xmlrequest && dataurl && certinfoxmlrequest && certinfodataurl;
+// return true;
+//
+// }
- /**
- * Converts an input stream to a string
- * @param is
- * @return
- * @throws Exception
- */
- private static String convertStreamToString(InputStream is) throws Exception {
- BufferedReader reader = new BufferedReader(new InputStreamReader(is));
- StringBuilder sb = new StringBuilder();
- String line = null;
- while ((line = reader.readLine()) != null) {
- sb.append(line);
- }
- is.close();
- return sb.toString();
- }
+// /**
+// * Converts an input stream to a string
+// * @param is
+// * @return
+// * @throws Exception
+// */
+// private static String convertStreamToString(InputStream is) throws Exception {
+// BufferedReader reader = new BufferedReader(new InputStreamReader(is));
+// StringBuilder sb = new StringBuilder();
+// String line = null;
+// while ((line = reader.readLine()) != null) {
+// sb.append(line);
+// }
+// is.close();
+// return sb.toString();
+// }
+
+ public static boolean isValidXMLDocument(String document) {
+
+ Logger.debug("Überprüfe Parameter XMLDocument");
+ try {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ InputSource is = new InputSource(new StringReader(document));
+ builder.parse(is);
+
+ Logger.debug("Parameter XMLDocument erfolgreich überprüft");
+ return true;
+
+ } catch (ParserConfigurationException e) {
+ Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+ return false;
+ } catch (SAXException e) {
+ Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+ return false;
+ } catch (IOException e) {
+ Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+ return false;
+ }
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index 225a5e246..450c002f9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -15,7 +15,8 @@
*/
package at.gv.egovernment.moa.id.util;
-import java.util.Date;
+import java.nio.ByteBuffer;
+import java.security.SecureRandom;
/**
* Random number generator used to generate ID's
@@ -25,13 +26,21 @@ import java.util.Date;
public class Random {
/** random number generator used */
- private static java.util.Random random = new java.util.Random(new Date().getTime());
+ private static SecureRandom random = new SecureRandom();
/**
* Creates a new random number, to be used as an ID.
*
* @return random long as a String
*/
public static String nextRandom() {
- return "" + random.nextLong();
+
+ byte[] b = new byte[16]; // 16 bytes = 128 bits
+ random.nextBytes(b);
+
+
+ ByteBuffer bb = ByteBuffer.wrap(b);
+ long l = bb.getLong();
+
+ return "" + l;
}
}