aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-03-08 10:55:47 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-03-08 10:55:47 +0100
commitd6a3569addaf5a7db27dd3e79a4ba4bcd27c2486 (patch)
tree2f54855a1fcd7cc43cd5614c950a97c718e5623b /id
parentda937437e46e06365072820aa555d4cb3f9f9110 (diff)
downloadmoa-id-spss-d6a3569addaf5a7db27dd3e79a4ba4bcd27c2486.tar.gz
moa-id-spss-d6a3569addaf5a7db27dd3e79a4ba4bcd27c2486.tar.bz2
moa-id-spss-d6a3569addaf5a7db27dd3e79a4ba4bcd27c2486.zip
update mandate ReferenceValue generator.
This was necessary to get a referencevalue, which is MIS conform and which could used as SAML2 RequestID
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java95
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java10
3 files changed, 99 insertions, 28 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 196415ddc..7873fb96d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -86,7 +86,7 @@ public class AuthenticationSession implements Serializable {
/**
* Use mandate
*/
- private boolean useMandate;
+ private boolean useMandates;
private boolean isOW = false;
@@ -371,19 +371,22 @@ public class AuthenticationSession implements Serializable {
*/
public void setUseMandate(String useMandate) {
if (useMandate.compareToIgnoreCase("true") == 0)
- this.useMandate = true;
+ this.useMandates = true;
else
- this.useMandate = false;
+ this.useMandates = false;
+
+ }
+
+ public void setUseMandates(boolean useMandates) {
+ this.useMandates = useMandates;
}
/**
- * Returns if mandate is used or not
- *
* @return
*/
- public boolean getUseMandate() {
- return this.useMandate;
+ public boolean isMandateUsed() {
+ return this.useMandates;
}
/**
@@ -502,6 +505,7 @@ public class AuthenticationSession implements Serializable {
return genericSessionDataStorate;
}
+
/**
* Returns a generic session-data object with is stored with a specific identifier
*
@@ -579,7 +583,5 @@ public class AuthenticationSession implements Serializable {
Logger.trace("Add generic session-data with key:" + key + " to session.");
genericSessionDataStorate.put(key, object);
- }
-
-
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index 22a021d99..07679999b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -47,10 +47,17 @@
package at.gv.egovernment.moa.id.util;
-import iaik.security.random.SeedGenerator;
-
import java.nio.ByteBuffer;
import java.security.SecureRandom;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import org.apache.commons.codec.binary.Hex;
+
+import com.google.common.primitives.Bytes;
+
+import iaik.security.random.SeedGenerator;
/**
@@ -60,37 +67,97 @@ import java.security.SecureRandom;
*/
public class Random {
+
+ private final static char[] allowedPreFix =
+ {'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
+ 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'};
+ private static final DateFormat dateFormater = new SimpleDateFormat("yyyyddMM");
+
/** random number generator used */
//private static SecureRandom random = new SecureRandom();
private static SecureRandom random;
- private static SeedGenerator seedgenerator;
-
+ private static SeedGenerator seedgenerator;
+
static {
random = iaik.security.random.SHA256FIPS186Random.getDefault();
seedgenerator = iaik.security.random.AutoSeedGenerator.getDefault();
-
}
+
+ /**
+ * Generate a unique process reference-value [160bit], which always starts with a letter
+ * <br>
+ * This unique ID consists of single letter, a 64bit date String[yyyyddMM],
+ * and a 88bit random value.
+ *
+ * @return 160bit ID, which is hex encoded
+ */
+ public static String nextProcessReferenceValue() {
+ //pre-process all three parts of a unique reference value
+ String now = dateFormater.format(new Date()); //8 bytes = 64bit
+ byte[] randValue = nextByteRandom(11);
+ char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)];
+
+ //generate ID
+ return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue), true)); // 20 bytes = 160 bits
+
+ }
+
+
+
+ /**
+ * Creates a new random number [256bit], and encode it as hex value.
+ *
+ * @return random hex encoded value [256bit]
+ */
+ public static String nextHexRandom() {
+ return new String(Hex.encodeHex(nextByteRandom(32), true)); // 32 bytes = 256 bits
+
+ }
+
+ /**
+ * Creates a new random number [64bit], to be used as an ID.
+ *
+ * @return random long as a String [64bit]
+ */
+ public static String nextLongRandom() {
+ return "".concat(String.valueOf(Math.abs(generateLongRandom(32)))); // 32 bytes = 256 bits
+
+ }
+
/**
* Creates a new random number, to be used as an ID.
*
- * @return random long as a String
+ * @return random long as a String [64bit]
*/
- public static String nextRandom() {
-
- byte[] b = new byte[32]; // 32 bytes = 256 bits
- random.nextBytes(b);
-
- ByteBuffer bb = ByteBuffer.wrap(b);
- long l = bb.getLong();
+ @Deprecated
+ public static String nextRandom() {
+ long l = ByteBuffer.wrap(nextByteRandom(32)).getLong(); // 32 bytes = 256 bits
return "" + Math.abs(l);
-
}
+
public static void seedRandom() {
if (seedgenerator.seedAvailable())
random.setSeed(seedgenerator.getSeed());
}
+
+ private static long generateLongRandom(int size) {
+ return ByteBuffer.wrap(nextByteRandom(size)).getLong();
+ }
+
+ /**
+ * Generate a new random number
+ *
+ * @param size Size of random number in bits
+ * @return
+ */
+ private static byte[] nextByteRandom(int size) {
+ byte[] b = new byte[size];
+ random.nextBytes(b);
+ return b;
+
+ }
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 9ae1dc6a7..f00f4386f 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -232,9 +232,10 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
extendedSAMLAttributes.add(bpkAttribute);
}
- boolean useMandate = session.getUseMandate();
+ boolean useMandate = session.isMandateUsed();
if (useMandate) {
- String mandateReferenceValue = Random.nextRandom();
+ //String mandateReferenceValue = Random.nextRandom();
+ String mandateReferenceValue = Random.nextProcessReferenceValue();
// remove leading "-"
if (mandateReferenceValue.startsWith("-"))
mandateReferenceValue = mandateReferenceValue.substring(1);
@@ -488,9 +489,10 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
if (target != null) {
- boolean useMandate = session.getUseMandate();
+ boolean useMandate = session.isMandateUsed();
if (useMandate) {
- String mandateReferenceValue = Random.nextRandom();
+ //String mandateReferenceValue = Random.nextRandom();
+ String mandateReferenceValue = Random.nextProcessReferenceValue();
// remove leading "-"
if (mandateReferenceValue.startsWith("-"))
mandateReferenceValue = mandateReferenceValue.substring(1);