1 files changed, 68 insertions, 8 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index b2ef2d000..5471c03f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -1,3 +1,25 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
 /*
  * Copyright 2003 Federal Chancellery Austria
  * MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -40,6 +62,7 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -142,7 +165,7 @@ public class CreateXMLSignatureResponseValidator {
     int offset = 0;
     
     // check number of SAML aatributes
-    List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+    List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
     int extendedSAMLAttributesNum = 0;
     if (extendedSAMLAttributes != null) {
       extendedSAMLAttributesNum = extendedSAMLAttributes.size();
@@ -261,7 +284,7 @@ public class CreateXMLSignatureResponseValidator {
     if (!samlAttribute.getName().equals("SpecialText")) {
       throw new ValidateException(
           "validator.37", 
-          new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)});
+          new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(4)});
     }
     if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
       String samlSpecialText = (String)samlAttribute.getValue();
@@ -284,10 +307,29 @@ public class CreateXMLSignatureResponseValidator {
       throw new ValidateException("validator.35", null);
     }
     
+    
+    //check unique AuthBlock tokken
+    samlAttribute = samlAttributes[4 + offset];
+    if (!samlAttribute.getName().equals("UniqueTokken")) {
+      throw new ValidateException(
+          "validator.37", 
+          new Object[] {samlAttribute.getName(), "UniqueTokken", String.valueOf(5)});
+    }
+    if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+      String uniquetokken = (String)samlAttribute.getValue();
+           
+      if (!uniquetokken.equals(session.getAuthBlockTokken())) {
+        throw new ValidateException("validator.70", new Object[] {uniquetokken, session.getAuthBlockTokken()});
+      }
+    } else {
+      throw new ValidateException("validator.35", null);
+    }
+    
+    
     // now check the extended SAML attributes
     int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset;
     if (extendedSAMLAttributes != null) {
-      Iterator it = extendedSAMLAttributes.iterator();
+      Iterator<ExtendedSAMLAttribute> it = extendedSAMLAttributes.iterator();
       while (it.hasNext()) {
         ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
         samlAttribute = samlAttributes[i];
@@ -405,12 +447,12 @@ public class CreateXMLSignatureResponseValidator {
     SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes();
 
     boolean foundOA = false;
-    boolean foundGB = false;
-    boolean foundWBPK = false;
+//    boolean foundGB = false;
+//    boolean foundWBPK = false;
     int offset = 0;
     
     // check number of SAML aatributes
-    List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+    List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
     int extendedSAMLAttributesNum = 0;
     if (extendedSAMLAttributes != null) {
       extendedSAMLAttributesNum = extendedSAMLAttributes.size();
@@ -470,7 +512,7 @@ public class CreateXMLSignatureResponseValidator {
     if (!samlAttribute.getName().equals("SpecialText")) {
       throw new ValidateException(
           "validator.37", 
-          new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)});
+          new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(4)});
     }
     if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
       String samlSpecialText = (String)samlAttribute.getValue();
@@ -494,10 +536,28 @@ public class CreateXMLSignatureResponseValidator {
       throw new ValidateException("validator.35", null);
     }
     
+    //check unique AuthBlock tokken
+    samlAttribute = samlAttributes[3 + offset];
+    if (!samlAttribute.getName().equals("UniqueTokken")) {
+      throw new ValidateException(
+          "validator.37", 
+          new Object[] {samlAttribute.getName(), "UniqueTokken", String.valueOf(5)});
+    }
+    if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+      String uniquetokken = (String)samlAttribute.getValue();
+           
+      if (!uniquetokken.equals(session.getAuthBlockTokken())) {
+        throw new ValidateException("validator.70", new Object[] {uniquetokken, session.getAuthBlockTokken()});
+      }
+    } else {
+      throw new ValidateException("validator.35", null);
+    }
+    
+    
     // now check the extended SAML attributes
     int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + offset;
     if (extendedSAMLAttributes != null) {
-      Iterator it = extendedSAMLAttributes.iterator();
+      Iterator<ExtendedSAMLAttribute> it = extendedSAMLAttributes.iterator();
       while (it.hasNext()) {
         ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
         samlAttribute = samlAttributes[i];