aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-11-27 12:18:38 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-11-27 12:18:38 +0100
commitee06b644dbedbe4869de6b926339581a5eefb430 (patch)
tree56bd1e55097d122c0ff0e9befcbe892605c05bc1 /id/server
parent5f2ad9d48b83d5979b1a147190f5177e3327744a (diff)
parentcc09b52b5cb1c93543d8b4353dfc59b8192e79af (diff)
downloadmoa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.tar.gz
moa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.tar.bz2
moa-id-spss-ee06b644dbedbe4869de6b926339581a5eefb430.zip
Merge branch 'eIDAS_node_implementation' of gitlab.iaik.tugraz.at:egiz/moa-idspss into eIDAS_node_implementation
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java48
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java323
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java143
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java206
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java28
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java68
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java54
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java102
-rw-r--r--id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java20
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java36
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java18
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java47
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java2
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java6
19 files changed, 284 insertions, 834 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index e396433e4..dcf337213 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -254,7 +254,8 @@ public abstract class AbstractController extends MOAIDAuthConstants {
//add stacktrace if debug is enabled
if (Logger.isTraceEnabled()) {
- config.putCustomParameter("stacktrace", getStacktraceFromException(error));
+ config.putCustomParameter("stacktrace",
+ StringEscapeUtils.escapeHtml(getStacktraceFromException(error)));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index a146f778e..19f3fdc54 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -28,6 +28,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.springframework.beans.factory.annotation.Autowired;
@@ -93,9 +94,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
String ssoid = ssoManager.getSSOSessionID(req);
- Object restartProcessObj = req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART);
+ Object restartProcessObj = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART));
- Object tokkenObj = req.getParameter(MOAIDAuthConstants.PARAM_SLOSTATUS);
+ Object tokkenObj = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_SLOSTATUS));
String tokken = null;
String status = null;
if (tokkenObj != null && tokkenObj instanceof String) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index be511d888..a7f911845 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -65,7 +65,7 @@ public class RedirectServlet {
Logger.debug("Receive " + RedirectServlet.class + " Request");
String url = req.getParameter(REDIRCT_PARAM_URL);
- String target = req.getParameter(MOAIDAuthConstants.PARAM_TARGET);
+ String target = StringEscapeUtils.escapeHtml(req.getParameter(MOAIDAuthConstants.PARAM_TARGET));
String artifact = req.getParameter(MOAIDAuthConstants.PARAM_SAMLARTIFACT);
String interIDP = req.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index aff2c83ad..3770dad2f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -161,7 +161,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
Logger.info("Remove active user-session");
if(internalMOASsoSessionID == null) {
- internalMOASsoSessionID = (String) request.getParameter(PARAM_SESSIONID);
+ internalMOASsoSessionID = StringEscapeUtils.escapeHtml((String) request.getParameter(PARAM_SESSIONID));
}
if(internalMOASsoSessionID == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 0f9b615a4..aebcf372e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -27,6 +27,7 @@ import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@@ -51,7 +52,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
//read pendingRequest from http request
- Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+ Object idObject = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID));
IRequest pendingReq = null;
String pendingRequestID = null;
if (idObject != null && (idObject instanceof String)) {
@@ -61,7 +62,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
}
//receive an authentication error
- String errorid = req.getParameter(ERROR_CODE_PARAM);
+ String errorid = StringEscapeUtils.escapeHtml(req.getParameter(ERROR_CODE_PARAM));
if (errorid != null) {
try {
//load stored exception from database
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
deleted file mode 100644
index d715b8b7b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-public class Digester {
- public static String byteArrayToHexString(byte[] b) {
- String result = "";
- for (int i=0; i < b.length; i++) {
- result +=
- Integer.toString( ( b[i] & 0xff ) + 0x100, 16).substring( 1 );
- }
- return result;
- }
-
- public static String toSHA1(byte[] convertme) {
- MessageDigest md = null;
- try {
- md = MessageDigest.getInstance("SHA-1");
- }
- catch(NoSuchAlgorithmException e) {
- e.printStackTrace();
- }
- return byteArrayToHexString(md.digest(convertme));
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
deleted file mode 100644
index c40731576..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
+++ /dev/null
@@ -1,323 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.io.*;
-import javax.xml.parsers.*;
-import javax.xml.transform.*;
-import javax.xml.transform.dom.*;
-import javax.xml.transform.stream.*;
-
-import org.w3c.dom.Document;
-
-import org.xml.sax.*;
-import org.xml.sax.helpers.*;
-
-
-/**
-This class "pretty prints" an XML stream to something more human-readable.
-It duplicates the character content with some modifications to whitespace,
-restoring line breaks and a simple pattern of indenting child elements.
-
-This version of the class acts as a SAX 2.0 <code>DefaultHandler</code>,
-so to provide the unformatted XML just pass a new instance to a SAX parser.
-Its output is via the {@link #toString toString} method.
-
-One major limitation: we gather character data for elements in a single
-buffer, so mixed-content documents will lose a lot of data! This works
-best with data-centric documents where elements either have single values
-or child elements, but not both.
-
-@author Will Provost
-*/
-/*
-Copyright 2002-2003 by Will Provost.
-All rights reserved.
-*/
-public class PrettyPrinter
- extends DefaultHandler
-{
- /**
- Convenience method to wrap pretty-printing SAX pass over existing content.
- */
- public static String prettyPrint (byte[] content)
- {
- try
- {
- PrettyPrinter pretty = new PrettyPrinter ();
- SAXParserFactory factory = SAXParserFactory.newInstance ();
- factory.setFeature
- ("http://xml.org/sax/features/namespace-prefixes", true);
- factory.newSAXParser ().parse
- (new ByteArrayInputStream (content), pretty);
- return pretty.toString ();
- }
- catch (Exception ex)
- {
- ex.printStackTrace ();
- return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
- ex.getMessage () + "\"";
- }
- }
-
- /**
- Convenience method to wrap pretty-printing SAX pass over existing content.
- */
- public static String prettyPrint (String content)
- {
- try
- {
- PrettyPrinter pretty = new PrettyPrinter ();
- SAXParserFactory factory = SAXParserFactory.newInstance ();
- factory.setFeature
- ("http://xml.org/sax/features/namespace-prefixes", true);
- factory.newSAXParser ().parse (content, pretty);
- return pretty.toString ();
- }
- catch (Exception ex)
- {
- ex.printStackTrace ();
- return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
- ex.getMessage () + "\"";
- }
- }
-
- /**
- Convenience method to wrap pretty-printing SAX pass over existing content.
- */
- public static String prettyPrint (InputStream content)
- {
- try
- {
- PrettyPrinter pretty = new PrettyPrinter ();
- SAXParserFactory factory = SAXParserFactory.newInstance ();
- factory.setFeature
- ("http://xml.org/sax/features/namespace-prefixes", true);
- factory.newSAXParser ().parse (content, pretty);
- return pretty.toString ();
- }
- catch (Exception ex)
- {
- ex.printStackTrace ();
- return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
- ex.getMessage () + "\"";
- }
- }
-
- /**
- Convenience method to wrap pretty-printing SAX pass over existing content.
- */
- public static String prettyPrint (Document doc)
- throws TransformerException
- {
- try
- {
- ByteArrayOutputStream buffer = new ByteArrayOutputStream ();
- TransformerFactory.newInstance ().newTransformer()
- .transform (new DOMSource (doc), new StreamResult (buffer));
- byte[] rawResult = buffer.toByteArray ();
- buffer.close ();
-
- return prettyPrint (rawResult);
- }
- catch (Exception ex)
- {
- ex.printStackTrace ();
- return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" +
- ex.getMessage () + "\"";
- }
- }
-
- public static class StreamAdapter
- extends OutputStream
- {
- public StreamAdapter (Writer finalDestination)
- {
- this.finalDestination = finalDestination;
- }
-
- public void write (int b)
- {
- out.write (b);
- }
-
- public void flushPretty ()
- throws IOException
- {
- PrintWriter finalPrinter = new PrintWriter (finalDestination);
- finalPrinter.println
- (PrettyPrinter.prettyPrint (out.toByteArray ()));
- finalPrinter.close ();
- out.close ();
- }
-
- private ByteArrayOutputStream out = new ByteArrayOutputStream ();
- Writer finalDestination;
- }
-
- /**
- Call this to get the formatted XML post-parsing.
- */
- public String toString ()
- {
- return output.toString ();
- }
-
- /**
- Prints the XML declaration.
- */
- public void startDocument ()
- throws SAXException
- {
- output.append ("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>")
- .append (endLine);
- }
-
- /**
- Prints a blank line at the end of the reformatted document.
- */
- public void endDocument () throws SAXException
- {
- output.append (endLine);
- }
-
- /**
- Writes the start tag for the element.
- Attributes are written out, one to a text line. Starts gathering
- character data for the element.
- */
- public void startElement
- (String URI, String name, String qName, Attributes attributes)
- throws SAXException
- {
- if (justHitStartTag)
- output.append ('>');
-
- output.append (endLine)
- .append (indent)
- .append ('<')
- .append (qName);
-
- int length = attributes.getLength ();
- for (int a = 0; a < length; ++a)
- output.append (endLine)
- .append (indent)
- .append (standardIndent)
- .append (attributes.getQName (a))
- .append ("=\"")
- .append (attributes.getValue (a))
- .append ('\"');
-
- if (length > 0)
- output.append (endLine)
- .append (indent);
-
- indent += standardIndent;
- currentValue = new StringBuffer ();
- justHitStartTag = true;
- }
-
- /**
- Checks the {@link #currentValue} buffer to gather element content.
- Writes this out if it is available. Writes the element end tag.
- */
- public void endElement (String URI, String name, String qName)
- throws SAXException
- {
- indent = indent.substring
- (0, indent.length () - standardIndent.length ());
-
- if (currentValue == null)
- output.append (endLine)
- .append (indent)
- .append ("</")
- .append (qName)
- .append ('>');
- else if (currentValue.length () != 0)
- output.append ('>')
- .append (currentValue.toString ())
- .append ("</")
- .append (qName)
- .append ('>');
- else
- output.append ("/>");
-
- currentValue = null;
- justHitStartTag = false;
- }
-
- /**
- When the {@link #currentValue} buffer is enabled, appends character
- data into it, to be gathered when the element end tag is encountered.
- */
- public void characters (char[] chars, int start, int length)
- throws SAXException
- {
- if (currentValue != null)
- currentValue.append (escape (chars, start, length));
- }
-
- /**
- Filter to pass strings to output, escaping <b>&lt;</b> and <b>&amp;</b>
- characters to &amp;lt; and &amp;amp; respectively.
- */
- private static String escape (char[] chars, int start, int length)
- {
- StringBuffer result = new StringBuffer ();
- for (int c = start; c < start + length; ++c)
- if (chars[c] == '<')
- result.append ("&lt;");
- else if (chars[c] == '&')
- result.append ("&amp;");
- else
- result.append (chars[c]);
-
- return result.toString ();
- }
-
- /**
- This whitespace string is expanded and collapsed to manage the output
- indenting.
- */
- private String indent = "";
-
- /**
- A buffer for character data. It is &quot;enabled&quot; in
- {@link #startElement startElement} by being initialized to a
- new <b>StringBuffer</b>, and then read and reset to
- <code>null</code> in {@link #endElement endElement}.
- */
- private StringBuffer currentValue = null;
-
- /**
- The primary buffer for accumulating the formatted XML.
- */
- private StringBuffer output = new StringBuffer ();
-
- private boolean justHitStartTag;
-
- private static final String standardIndent = " ";
- private static final String endLine =
- System.getProperty ("line.separator");
-}
-
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java
deleted file mode 100644
index d87d510fa..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/XMLUtil.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/**
- *
- */
-package at.gv.egovernment.moa.id.util;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.Reader;
-import java.io.StringReader;
-import java.io.StringWriter;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-/**
- * Helper class for XML processing
- * @author bzwattendorfer
- *
- */
-public class XMLUtil {
-
- /**
- * Transforms a string representation to a DOM representation
- * @param xmlString XML as string
- * @return DOM representation of String
- * @throws ParserConfigurationException
- * @throws SAXException
- * @throws IOException
- */
- public static Element stringToDOM(String xmlString) throws ParserConfigurationException, SAXException, IOException {
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
-
- DocumentBuilder builder = dbf.newDocumentBuilder();
-
- Reader reader = new StringReader(xmlString);
- InputSource src = new InputSource(reader);
- Document domDoc = builder.parse(src);
- return domDoc.getDocumentElement();
- }
-
- /**
- * Creates a new and empty XML document
- * @return New XML document
- * @throws ParserConfigurationException
- */
- public static Document createNewDocument() throws ParserConfigurationException {
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
-
- DocumentBuilder builder = dbf.newDocumentBuilder();
- return builder.newDocument();
- }
-
- /**
- * Transforms an XML to a String
- * @param node XML node
- * @return String represenation of XML
- */
- public static String printXML(Node node) {
- TransformerFactory tfactory = TransformerFactory.newInstance();
- Transformer serializer;
- try {
- serializer = tfactory.newTransformer();
-
- serializer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- serializer.setOutputProperty(OutputKeys.ENCODING,"UTF-8");
-
- StringWriter output = new StringWriter();
- serializer.transform(new DOMSource(node), new StreamResult(output));
- return output.toString();
- } catch (TransformerException e) {
-
- throw new RuntimeException(e);
- }
- }
-
- /**
- * Writes an XML element to a given file
- * @param doc XML element
- * @param filename Filename of the file where to write XML
- */
- public static void writeXmlFile(Element doc, String filename) {
- try {
-
- Source source = new DOMSource(doc);
- File file = new File(filename);
- Result result = new StreamResult(file);
-
- Transformer xformer = TransformerFactory.newInstance().newTransformer();
- xformer.transform(source, result);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
-
- /**
- * Gets the first text value of a NodeList
- * @param nList NodeList
- * @return first text value of a NodeList
- */
- public static String getFirstTextValueFromNodeList(NodeList nList) {
- if (nList != null && nList.getLength() != 0) {
- return nList.item(0).getTextContent();
- }
- return null;
- }
-
- /**
- * Gets the first element of a Node
- * @param parent Node
- * @return first element of a Node
- */
- public static Element getFirstElement(Node parent) {
- Node n = parent.getFirstChild();
- while (n != null && n.getNodeType() != Node.ELEMENT_NODE) {
- n = n.getNextSibling();
- }
- if (n == null) {
- return null;
- }
- return (Element)n;
- }
-
-
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
index 4e8c7dffd..32dd97148 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
@@ -1,103 +1,103 @@
-package at.gv.egovernment.moa.id.commons.config;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-
-import javax.xml.bind.JAXBException;
-
-import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI;
-import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams;
-
-/**
- * CLI tool which is able to perform the following tasks:
- * <ul>
- * <li>transform a MoaID 2 XML configuration XML file to a MoaID 3 property file
- * </li>
- * <li>read a property file and transfer it's content to a database</li>
- * <li>write the content of a database to a property file</li>
- * </ul>
- */
-public class MigrateConfiguration {
-
- public static void main(String[] args) {
-
- MOAIDConfCLI cli = new MOAIDConfCLI();
- MigrateConfigurationParams parsedParameters = cli.parse(args);
-
- // consider settings of force switch
- boolean isOverwriteData = parsedParameters.isOverwriteData();
- ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData);
-
- if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) {
- // read input from file
- workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil);
-
- } else if (parsedParameters.getInputDBConfig() != null) {
- // read input from database
- workWithImputFromDB(parsedParameters, configUtil);
-
- } else {
- System.exit(1);
- }
- }
-
- /**
- * Handle the case where input from a file is read.
- *
- * @param inputFileUrl
- * the url of the input file.
- * @param parsedParameters
- * the command line parameters.
- * @param configUtil
- * the class for working with the configuration.
- */
- private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters,
- ConfigurationUtil configUtil) {
- File inFile = new File(inputFileUrl);
- try (FileInputStream inStream = new FileInputStream(inFile);) {
-
- if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
- // input from file and output to a file is desired
- File outFile = new File(parsedParameters.getOutputFile());
- configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile);
-
- } else if (parsedParameters.getOutputDBConfig() != null) {
- // input from file and output to a database is desired
- configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig());
- }
- } catch (JAXBException e) {
- System.out.println("MOA-ID XML configuration can not be loaded from given file.");
- System.exit(1);
- } catch (FileNotFoundException e) {
- System.out.println("Could not find the input file.");
- System.exit(1);
- } catch (IOException e) {
- System.out.println("Could not read from the input file.");
- System.exit(1);
- }
- }
-
- /**
- * Handle the case where input is read from a database.
- *
- * @param parsedParameters
- * the command line parameters.
- * @param configUtil
- * the class for working with the configuration.
- */
- private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) {
- if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
- // input from database and output to a file is desired
- File outFile = new File(parsedParameters.getOutputFile());
- String inputDBConfigFilePath = parsedParameters.getInputDBConfig();
- configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile);
-
- } else if (parsedParameters.getOutputDBConfig() != null) {
- // input from database and output to a database is desired
- // configUtil.readFromDBWriteToDB(inDBConfigFilePath,
- // outDBConfigFilePath);
- }
- }
-} \ No newline at end of file
+//package at.gv.egovernment.moa.id.commons.config;
+//
+//import java.io.File;
+//import java.io.FileInputStream;
+//import java.io.FileNotFoundException;
+//import java.io.IOException;
+//
+//import javax.xml.bind.JAXBException;
+//
+//import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI;
+//import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams;
+//
+///**
+// * CLI tool which is able to perform the following tasks:
+// * <ul>
+// * <li>transform a MoaID 2 XML configuration XML file to a MoaID 3 property file
+// * </li>
+// * <li>read a property file and transfer it's content to a database</li>
+// * <li>write the content of a database to a property file</li>
+// * </ul>
+// */
+//public class MigrateConfiguration {
+//
+// public static void main(String[] args) {
+//
+// MOAIDConfCLI cli = new MOAIDConfCLI();
+// MigrateConfigurationParams parsedParameters = cli.parse(args);
+//
+// // consider settings of force switch
+// boolean isOverwriteData = parsedParameters.isOverwriteData();
+// ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData);
+//
+// if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) {
+// // read input from file
+// workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil);
+//
+// } else if (parsedParameters.getInputDBConfig() != null) {
+// // read input from database
+// workWithImputFromDB(parsedParameters, configUtil);
+//
+// } else {
+// System.exit(1);
+// }
+// }
+//
+// /**
+// * Handle the case where input from a file is read.
+// *
+// * @param inputFileUrl
+// * the url of the input file.
+// * @param parsedParameters
+// * the command line parameters.
+// * @param configUtil
+// * the class for working with the configuration.
+// */
+// private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters,
+// ConfigurationUtil configUtil) {
+// File inFile = new File(inputFileUrl);
+// try (FileInputStream inStream = new FileInputStream(inFile);) {
+//
+// if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
+// // input from file and output to a file is desired
+// File outFile = new File(parsedParameters.getOutputFile());
+// configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile);
+//
+// } else if (parsedParameters.getOutputDBConfig() != null) {
+// // input from file and output to a database is desired
+// configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig());
+// }
+// } catch (JAXBException e) {
+// System.out.println("MOA-ID XML configuration can not be loaded from given file.");
+// System.exit(1);
+// } catch (FileNotFoundException e) {
+// System.out.println("Could not find the input file.");
+// System.exit(1);
+// } catch (IOException e) {
+// System.out.println("Could not read from the input file.");
+// System.exit(1);
+// }
+// }
+//
+// /**
+// * Handle the case where input is read from a database.
+// *
+// * @param parsedParameters
+// * the command line parameters.
+// * @param configUtil
+// * the class for working with the configuration.
+// */
+// private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) {
+// if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
+// // input from database and output to a file is desired
+// File outFile = new File(parsedParameters.getOutputFile());
+// String inputDBConfigFilePath = parsedParameters.getInputDBConfig();
+// configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile);
+//
+// } else if (parsedParameters.getOutputDBConfig() != null) {
+// // input from database and output to a database is desired
+// // configUtil.readFromDBWriteToDB(inDBConfigFilePath,
+// // outDBConfigFilePath);
+// }
+// }
+//} \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 0479b1bc1..bdadf681d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -34,6 +34,7 @@ import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@@ -50,6 +51,7 @@ import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moaspss.logging.Logger;
import iaik.pki.PKIException;
+import sun.security.ssl.ProtocolVersion;
/**
* @author tlenz
@@ -188,6 +190,19 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket)socket;
+/*TODO
+* Set allowed ProtocolVersions into SSLSocket to support TLSv1.1 and TLSv1.2 in JAVA 7
+* Therefore, we had do manually set the TLS1.2 protocol support into SSLParameters
+* from SSL socket. Maybe, there is an additional validation required if TLSv1.2 is
+* supported in principle by currently used JAVA version.
+*/
+// SSLParameters test = ((SSLSocket) socket).getSSLParameters();
+// List<String> enabledProtocols = Arrays.asList(test.getProtocols());
+// if (enabledProtocols.contains(ProtocolVersion.TLS11.name)) {
+//
+// }
+// sslSocket.setSSLParameters(test);
+
//verify Hostname
verifyHostName(sslSocket);
@@ -208,7 +223,14 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
*/
private void verifyHostName(SSLSocket sslSocket) throws SSLException{
if (verifyHostName) {
+
SSLSession session = sslSocket.getSession();
+ if ("SSL_NULL_WITH_NULL_NULL".equals(session.getCipherSuite())) {
+ Logger.warn("SSL connection can NOT established.");
+ throw new SSLException("SSL connection can NOT established.");
+
+ }
+
String hostName = session.getPeerHost();
Certificate[] certs = null;
@@ -254,6 +276,12 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
* @return {@link SSLSocket} with Ciphersuites
*/
private SSLSocket setEnabledSslCiphers(SSLSocket sslSocket) {
+ /*TODO:
+ * This implementation currently not work fine, because not all ciphers from
+ * 'https.cipherSuites' SystemProperty had to be supported by current JAVA version
+ * Add an validation step to check the allowed cipherSuites against the currently
+ * supported cipher suites and only add the matching set of ciphers
+ */
String systemProp = System.getProperty("https.cipherSuites");
if (MiscUtil.isNotEmpty(systemProp)) {
try {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
index a70d62e1e..3291f8a15 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
@@ -53,40 +53,40 @@ public class FileUtils {
in.close();
return content;
}
- /**
- * Reads a file, given by URL, into a String.
- * @param urlString file URL
- * @param encoding character encoding
- * @return file content
- * @throws IOException on any exception thrown
- */
- public static String readURL(String urlString, String encoding) throws IOException {
- byte[] content = readURL(urlString);
- return new String(content, encoding);
- }
- /**
- * Reads a file, given by filename, into a byte array.
- * @param filename filename
- * @return file content
- * @throws IOException on any exception thrown
- */
- public static byte[] readFile(String filename) throws IOException {
- BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename));
- byte[] content = StreamUtils.readStream(in);
- in.close();
- return content;
- }
- /**
- * Reads a file, given by filename, into a String.
- * @param filename filename
- * @param encoding character encoding
- * @return file content
- * @throws IOException on any exception thrown
- */
- public static String readFile(String filename, String encoding) throws IOException {
- byte[] content = readFile(filename);
- return new String(content, encoding);
- }
+// /**
+// * Reads a file, given by URL, into a String.
+// * @param urlString file URL
+// * @param encoding character encoding
+// * @return file content
+// * @throws IOException on any exception thrown
+// */
+// public static String readURL(String urlString, String encoding) throws IOException {
+// byte[] content = readURL(urlString);
+// return new String(content, encoding);
+// }
+// /**
+// * Reads a file, given by filename, into a byte array.
+// * @param filename filename
+// * @return file content
+// * @throws IOException on any exception thrown
+// */
+// public static byte[] readFile(String filename) throws IOException {
+// BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename));
+// byte[] content = StreamUtils.readStream(in);
+// in.close();
+// return content;
+// }
+// /**
+// * Reads a file, given by filename, into a String.
+// * @param filename filename
+// * @param encoding character encoding
+// * @return file content
+// * @throws IOException on any exception thrown
+// */
+// public static String readFile(String filename, String encoding) throws IOException {
+// byte[] content = readFile(filename);
+// return new String(content, encoding);
+// }
/**
* Reads a file from a resource.
* @param name resource name
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
index 3d28f4f2b..38dcafcc0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
@@ -126,33 +126,33 @@ public class KeyStoreUtils {
}
return ks;
}
- /**
- * Creates a key store from a directory containg X509 certificate files,
- * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>.
- * All the files in the directory are considered to be certificates.
- *
- * @param keyStoreType key store type
- * @param certDirURLString file URL of directory containing certificate filenames
- * @return key store created
- * @throws IOException thrown while reading the certificates from file
- * @throws GeneralSecurityException thrown while creating the key store
- */
- public static KeyStore createKeyStoreFromCertificateDirectory(
- String keyStoreType,
- String certDirURLString)
- throws IOException, GeneralSecurityException {
-
- URL certDirURL = new URL(certDirURLString);
- String certDirname = certDirURL.getFile();
- File certDir = new File(certDirname);
- String[] certFilenames = certDir.list();
- String separator =
- (certDirname.endsWith(File.separator) ? "" : File.separator);
- for (int i = 0; i < certFilenames.length; i++) {
- certFilenames[i] = certDirname + separator + certFilenames[i];
- }
- return createKeyStore(keyStoreType, certFilenames);
- }
+// /**
+// * Creates a key store from a directory containg X509 certificate files,
+// * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>.
+// * All the files in the directory are considered to be certificates.
+// *
+// * @param keyStoreType key store type
+// * @param certDirURLString file URL of directory containing certificate filenames
+// * @return key store created
+// * @throws IOException thrown while reading the certificates from file
+// * @throws GeneralSecurityException thrown while creating the key store
+// */
+// public static KeyStore createKeyStoreFromCertificateDirectory(
+// String keyStoreType,
+// String certDirURLString)
+// throws IOException, GeneralSecurityException {
+//
+// URL certDirURL = new URL(certDirURLString);
+// String certDirname = certDirURL.getFile();
+// File certDir = new File(certDirname);
+// String[] certFilenames = certDir.list();
+// String separator =
+// (certDirname.endsWith(File.separator) ? "" : File.separator);
+// for (int i = 0; i < certFilenames.length; i++) {
+// certFilenames[i] = certDirname + separator + certFilenames[i];
+// }
+// return createKeyStore(keyStoreType, certFilenames);
+// }
/**
* Loads an X509 certificate from file.
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java
deleted file mode 100644
index e3f8f75a1..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/*
- * Created on 26.04.2004
- *
- * @author rschamberger
- * $ID$
- */
-package at.gv.egovernment.moa.util;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * utility functions to write XML data to files
- * @author rschamberger
- * @version $Id$
- */
-public class OutputXML2File {
-
- /**
- * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8)
- *
- * @param filename file name
- * @param rootElem root element in DOM tree
- * @param hierarchy of the Logger
- */
- public static void debugOutputXML2File(String filename, Element rootElem, String hierarchy) {
- if (Logger.isDebugEnabled(hierarchy)) {
- outputXML2File(filename, rootElem);
- }
- }
-
- /**
- * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8)
- *
- * @param filename file name
- * @param xmlString XML string
- * @param hierarchy of the Logger
- */
- public static void debugOutputXML2File(String filename, String xmlString, String hierarchy) {
- if (Logger.isDebugEnabled(hierarchy)) {
- outputXML2File(filename, xmlString);
- }
- }
-
- /**
- * writes an XML structure to file (Encoding: UTF-8)
- *
- * @param filename file name
- * @param rootElem root element in DOM tree
- */
- public static void outputXML2File(String filename, Element rootElem) {
- try {
- String xmlString = new String(DOMUtils.serializeNode(rootElem));
- outputXML2File(filename, xmlString);
- } catch (Exception ex) {
- ex.printStackTrace();
- }
- }
-
- /**
- * writes an XML structure to file (Encoding: UTF-8)
- *
- * @param filename file name
- * @param xmlString XML string
- */
- public static void outputXML2File(String filename, String xmlString) {
- try {
- java.io.OutputStream fout = new java.io.FileOutputStream(filename);
- byte[] xmlData = xmlString.getBytes("UTF-8");
- fout.write(xmlData);
- fout.close();
- } catch (Exception ex) {
- ex.printStackTrace();
- }
- }
-
-}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
index 2433eca89..be5581139 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
@@ -75,16 +75,16 @@ public class KeyStoreUtilsTest extends TestCase {
X509Certificate cert = (X509Certificate)ks.getCertificate("0");
assertEquals(3424, cert.getSerialNumber().intValue());
}
- public void testCreateKeyStoreFromCertificateDirectory() throws Exception {
- // copy certificate files to a temporary directory,
- // omitting the "CVS" directory in the source directory
- copyCertificates("data/test/security/server-certs", tmpDir);
- KeyStore ks = KeyStoreUtils.createKeyStoreFromCertificateDirectory("jks", tmpDirURL);
- assertEquals(2, ks.size());
- X509Certificate cert0 = (X509Certificate)ks.getCertificate("0");
- X509Certificate cert1 = (X509Certificate)ks.getCertificate("1");
- assertTrue(3424 == cert0.getSerialNumber().intValue() || 3424 == cert1.getSerialNumber().intValue());
- }
+// public void testCreateKeyStoreFromCertificateDirectory() throws Exception {
+// // copy certificate files to a temporary directory,
+// // omitting the "CVS" directory in the source directory
+// copyCertificates("data/test/security/server-certs", tmpDir);
+// KeyStore ks = KeyStoreUtils.createKeyStoreFromCertificateDirectory("jks", tmpDirURL);
+// assertEquals(2, ks.size());
+// X509Certificate cert0 = (X509Certificate)ks.getCertificate("0");
+// X509Certificate cert1 = (X509Certificate)ks.getCertificate("1");
+// assertTrue(3424 == cert0.getSerialNumber().intValue() || 3424 == cert1.getSerialNumber().intValue());
+// }
private void copyCertificates(String from, String to) throws IOException {
String[] fromList = new File(from).list();
for (int i = 0; i < fromList.length; i++) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 09c64c267..7bb07df74 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -94,24 +94,24 @@ public class ParepUtils {
return str == null || "".equals(str);
}
- /**
- * Reads a XML document from an input stream (namespace-aware).
- *
- * @param is
- * the input stream to read from.
- * @return the read XML document.
- * @throws SZRGWClientException
- * if an error occurs reading the document from the input stream.
- */
- public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
- try {
- DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
- f.setNamespaceAware(true);
- return f.newDocumentBuilder().parse(is);
- } catch (Exception e) {
- throw new SZRGWClientException(e);
- }
- }
+// /**
+// * Reads a XML document from an input stream (namespace-aware).
+// *
+// * @param is
+// * the input stream to read from.
+// * @return the read XML document.
+// * @throws SZRGWClientException
+// * if an error occurs reading the document from the input stream.
+// */
+// public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
+// try {
+// DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
+// f.setNamespaceAware(true);
+// return f.newDocumentBuilder().parse(is);
+// } catch (Exception e) {
+// throw new SZRGWClientException(e);
+// }
+// }
// /*
// *
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index d975b6e0a..74cf665ca 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -22,10 +22,17 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
import org.apache.xml.security.signature.XMLSignature;
import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.signature.SignatureConstants;
+import at.gv.egovernment.moa.id.data.Trible;
+
/**
* @author tlenz
*
@@ -119,4 +126,15 @@ public class Constants {
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128 + ";" +
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
+ public static final List<URI> NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList<URI>() {
+ private static final long serialVersionUID = 1L;
+ {
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri());
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri());
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri());
+ add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri());
+ }
+ });
+
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1ce900ebb..8fb81082f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.eidas;
import java.io.IOException;
import java.io.StringWriter;
+import java.net.URI;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -62,6 +63,7 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EidasStringUtil;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
import eu.eidas.auth.commons.protocol.IResponseMessage;
import eu.eidas.auth.commons.protocol.eidas.IEidasAuthenticationRequest;
@@ -302,7 +304,37 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
}
-
+ //validate service-provider type from eIDAS request
+ String spType = null;
+ if (eIDASSamlReq.getSpType() != null)
+ spType = eIDASSamlReq.getSpType();
+
+ if (MiscUtil.isEmpty(spType))
+ spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
+
+ if (MiscUtil.isNotEmpty(spType))
+ Logger.debug("eIDAS request has SPType:" + spType);
+ else {
+ Logger.warn("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06",
+ new Object[]{"eIDAS request and eIDAS metadata contains NO 'SPType' element."});
+
+ }
+
+ //validate if minimal data-set if it is not fully requested
+ //TODO: must be tested!!!!
+ ImmutableAttributeMap reqAttrList = eIDASSamlReq.getRequestedAttributes();
+ for (URI el : Constants.NATURALPERSONMINIMUMDATASETLIST) {
+ if(reqAttrList.getAttributeValuesByNameUri(el) == null) {
+ Logger.warn("Minimum data-set attribute: " + el + " is not requested.");
+ throw new EIDASAuthnRequestProcessingException("eIDAS.06",
+ new Object[]{"eIDAS request does not contain all attributes of minimum data-set for natural person"});
+
+ }
+ }
+
+
+
//*************************************************
//***** store eIDAS request information *********
//*************************************************
@@ -335,19 +367,6 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
// - memorize OA config
pendingReq.setOnlineApplicationConfiguration(oaConfig);
-
- // - memorize service-provider type from eIDAS request
- String spType = null;
- if (eIDASSamlReq.getSpType() != null)
- spType = eIDASSamlReq.getSpType();
-
- if (MiscUtil.isEmpty(spType))
- spType = MetadataUtil.getSPTypeFromMetadata(eIDASNodeEntityDesc);
-
- if (MiscUtil.isNotEmpty(spType))
- Logger.debug("eIDAS request has SPType:" + spType);
- else
- Logger.info("eIDAS request and eIDAS metadata contains NO 'SPType' element.");
} catch (MOAIDException e) {
Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index b2522ea33..b7c54203f 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -71,7 +71,7 @@ class OAuth20AuthAction implements IAction {
revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
- String code = Random.nextRandom();
+ String code = Random.nextHexRandom32();
try {
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 16b4ba841..dc55df05b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -187,7 +187,7 @@ public class SSOTransferServlet{
Logger.debug("Receive " + this.getClass().getName() + " request");
Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);
if (tokenObj != null && tokenObj instanceof String) {
- String token = (String)tokenObj;
+ String token = StringEscapeUtils.escapeHtml((String)tokenObj);
try {
Logger.debug("Load token:" + token + " from storage.");
SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut * 1000);
@@ -286,7 +286,7 @@ public class SSOTransferServlet{
Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);
if (tokenObj != null && tokenObj instanceof String) {
- String token = (String)tokenObj;
+ String token = StringEscapeUtils.escapeHtml((String)tokenObj);
try {
SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut);
if (container != null) {
@@ -403,8 +403,6 @@ public class SSOTransferServlet{
null);
if (ssomanager.isValidSSOSession(ssoid, null)) {
- //Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);
-
//create first step of SSO Transfer GUI
IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid);