aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java1
3 files changed, 15 insertions, 11 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 832aa58c6..407454c2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -57,12 +57,12 @@ import java.util.Set;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
import iaik.asn1.structures.Name;
import iaik.security.ec.common.ECPublicKey;
@@ -113,7 +113,8 @@ public class VerifyXMLSignatureResponseValidator {
public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
List<String> identityLinkSignersSubjectDNNames,
String whatToCheck,
- IOAAuthParameters oaParam)
+ IOAAuthParameters oaParam,
+ AuthConfiguration authConfig)
throws ValidateException, ConfigurationException {
if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
@@ -140,7 +141,7 @@ public class VerifyXMLSignatureResponseValidator {
}
//check QC
- if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() &&
+ if (authConfig.isCertifiacteQCActive() &&
!whatToCheck.equals(CHECK_IDENTITY_LINK) &&
!verifyXMLSignatureResponse.isQualifiedCertificate()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index a24683545..e093ce1e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -317,9 +317,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
* @param httpReqParam http parameter name, but never null
*/
public void addParameterNameToWhiteList(String httpReqParam) {
- if (MiscUtil.isNotEmpty(httpReqParam))
- reqParameterWhiteListeForModules.add(httpReqParam);
-
+ if (MiscUtil.isNotEmpty(httpReqParam)) {
+ if (!reqParameterWhiteListeForModules.contains(httpReqParam))
+ reqParameterWhiteListeForModules.add(httpReqParam);
+ }
}
/**
@@ -328,8 +329,11 @@ public class AuthenticationManager extends MOAIDAuthConstants {
* @param httpReqParam http header name, but never null
*/
public void addHeaderNameToWhiteList(String httpReqParam) {
- if (MiscUtil.isNotEmpty(httpReqParam))
- reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
+ if (MiscUtil.isNotEmpty(httpReqParam)) {
+ if (!reqHeaderWhiteListeForModules.contains(httpReqParam.toLowerCase()))
+ reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
+
+ }
}
@@ -439,8 +443,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
while(reqHeaderNames.hasMoreElements()) {
String paramName = reqHeaderNames.nextElement();
if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) {
- executionContext.put(paramName,
- StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName)));
+ executionContext.put(paramName.toLowerCase(),
+ StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName.toLowerCase())));
}
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 5b1d952ff..4a0cec6e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -309,7 +309,6 @@ public class AssertionAttributeExtractor {
}
private void internalInitialize() {
- internalInitialize();
if (assertion.getAttributeStatements() != null &&
assertion.getAttributeStatements().size() > 0) {
AttributeStatement attrStat = assertion.getAttributeStatements().get(0);