aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java11
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/slo_template.html2
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java2
18 files changed, 152 insertions, 95 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index d06298efa..a33c4fdf4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2,8 +2,6 @@
package at.gv.egovernment.moa.id.auth;
import iaik.asn1.ObjectID;
-import iaik.pki.PKIRuntimeException;
-import iaik.util.logging.Log;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
@@ -20,14 +18,12 @@ import java.util.ArrayList;
//import java.security.cert.CertificateFactory;
import java.util.Calendar;
import java.util.Date;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
@@ -44,13 +40,11 @@ import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
@@ -61,7 +55,6 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BKUException;
@@ -73,19 +66,14 @@ import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
-import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.client.SZRGWClient;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
@@ -98,14 +86,11 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -117,7 +102,6 @@ import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
import at.gv.util.xsd.mis.MandateIdentifiers;
import at.gv.util.xsd.mis.Target;
import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
@@ -141,11 +125,6 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
-//import java.security.cert.CertificateFactory;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
-
/**
* API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
* stored in a session store and retrieved by giving the session ID.
@@ -255,13 +234,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim();
if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) {
//do not use SSO if no Target is set
- Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
+ Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
session.setSsoRequested(false);
}
if (session.isSsoRequested()) {
- Log.info("SSO Login requested");
+ Logger.info("SSO Login requested");
//load identityLink with SSO Target
boolean isbuisness = false;
@@ -279,7 +258,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
isbuisness, domainIdentifier);
} else {
- Log.info("Non-SSO Login requested");
+ Logger.info("Non-SSO Login requested");
//build ReadInfobox request
infoboxReadRequest = new InfoboxReadRequestBuilder().build(
oaParam.getBusinessService(), oaParam
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 848bf94af..db36356c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -3,7 +3,6 @@
package at.gv.egovernment.moa.id.auth;
-import iaik.cms.ecc.IaikEccProvider;
import iaik.pki.PKIException;
import iaik.pki.jsse.IAIKX509TrustManager;
import iaik.security.ecc.provider.ECCProvider;
@@ -11,12 +10,9 @@ import iaik.security.provider.IAIK;
import java.io.IOException;
import java.security.GeneralSecurityException;
-import java.security.Security;
-import java.util.Properties;
import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
-import javax.mail.Session;
import javax.net.ssl.SSLSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -72,10 +68,9 @@ public class MOAIDAuthInitializer {
CommandMap.setDefaultCommandMap(mc);
// create some properties and get the default Session
- Properties props = new Properties();
- props.put("mail.smtp.host", "localhost");
-
- Session session = Session.getDefaultInstance(props, null);
+// Properties props = new Properties();
+// props.put("mail.smtp.host", "localhost");
+// Session session = Session.getDefaultInstance(props, null);
// Restricts TLS cipher suites
// System.setProperty(
@@ -120,8 +115,8 @@ public class MOAIDAuthInitializer {
Logger.warn(MOAIDMessageProvider.getInstance().getMessage(
"init.01", null), e);
}
-
- IAIK.addAsProvider();
+
+ IAIK.addAsProvider();
ECCProvider.addAsProvider();
// Initializes SSLSocketFactory store
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index ba4440bf8..fc04fa9a7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -278,7 +278,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
assertion = MessageFormat.format(AUTH_DATA, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
- authData.getIssueInstant(),
+ authData.getIssueInstantString(),
pkType,
pkValue,
StringUtils.removeXMLDeclaration(xmlAuthBlock),
@@ -303,7 +303,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
- authData.getIssueInstant(),
+ authData.getIssueInstantString(),
notBefore,
notOnOrAfter,
pkType,
@@ -401,7 +401,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
- authData.getIssueInstant(),
+ authData.getIssueInstantString(),
pkType,
pkValue,
StringUtils.removeXMLDeclaration(xmlAuthBlock),
@@ -427,7 +427,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
- authData.getIssueInstant(),
+ authData.getIssueInstantString(),
notBefore,
notOnOrAfter,
pkType,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index ed2cd3ecb..a8a7d0c51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -256,21 +256,18 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
- //collect attributes by using BackChannel communication
- String endpoint = idp.getIDPAttributQueryServiceURL();
- if (MiscUtil.isEmpty(endpoint)) {
- Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
- throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
- }
-
-
- //TODO: check if response include attributes and map this attributes to requested attributes
- //TODO: insert code to parse Attributes from AuthnRespones for USP --> Zustelldienst
Response intfResp = (Response) req.getInterfederationResponse().getResponse();
AssertionAttributeExtractor extractor =
new AssertionAttributeExtractor(intfResp);
- if (!extractor.containsAllRequiredAttributes()) {
+ if (!extractor.containsAllRequiredAttributes()) {
+ //collect attributes by using BackChannel communication
+ String endpoint = idp.getIDPAttributQueryServiceURL();
+ if (MiscUtil.isEmpty(endpoint)) {
+ Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
+ throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
+ }
+
//build attributQuery request
AttributeQuery query =
AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
@@ -308,6 +305,9 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
//create assertion attribute extractor from AttributeQuery response
extractor = new AssertionAttributeExtractor(intfResp);
+ } else {
+ Logger.info("Interfedation response include all attributes with are required. Skip AttributQuery request step. ");
+
}
//parse response information to authData
buildAuthDataFormInterfederationResponse(authdata, session, extractor, oaParam);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index e3f32d59d..1bc3702e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -22,8 +22,6 @@
******************************************************************************/
package at.gv.egovernment.moa.id.auth.parser;
-import iaik.util.logging.Log;
-
import java.io.UnsupportedEncodingException;
import java.util.List;
@@ -134,8 +132,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
if (StringUtils.isEmpty(targetConfig)
- || (module.equals(SAML1Protocol.PATH) &&
- !StringUtils.isEmpty(target))) {
+// || (module.equals(SAML1Protocol.PATH) &&
+// !StringUtils.isEmpty(target))
+ ) {
// no target attribut is given in OA config
// target is used from request
// check parameter
@@ -230,14 +229,22 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
if (MiscUtil.isEmpty(templateURL)) {
List<TemplateType> templateURLList = oaParam.getTemplateURL();
-
+ List<String> defaulTemplateURLList =
+ AuthConfigurationProvider.getInstance().getSLRequestTemplates();
+
if ( templateURLList != null && templateURLList.size() > 0
&& MiscUtil.isNotEmpty(templateURLList.get(0).getURL()) ) {
templateURL = FileUtils.makeAbsoluteURL(
oaParam.getTemplateURL().get(0).getURL(),
AuthConfigurationProvider.getInstance().getRootConfigFileDir());
- Log.info("No SL-Template in request, load SL-Template from OA config (URL: " + templateURL + ")");
-
+ Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")");
+
+ } else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) {
+ templateURL = FileUtils.makeAbsoluteURL(
+ defaulTemplateURLList.get(0),
+ AuthConfigurationProvider.getInstance().getRootConfigFileDir());
+ Logger.info("No SL-Template in request, load SL-Template from general configuration (URL: " + templateURL + ")");
+
} else {
Logger.error("NO SL-Tempalte found in OA config");
throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index a7ec4dcb6..c08d77f12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -97,32 +97,31 @@ public class IDPSingleLogOutServlet extends AuthServlet {
return;
- } else if (MiscUtil.isNotEmpty(ssoid)) {
- if (ssomanager.isValidSSOSession(ssoid, null)) {
+ } else if (MiscUtil.isNotEmpty(ssoid)) {
+ try {
+ if (ssomanager.isValidSSOSession(ssoid, null)) {
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
- String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
- if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSession authSession;
- try {
- authSession = AuthenticationSessionStoreage
+ if (MiscUtil.isNotEmpty(moaSessionID)) {
+ AuthenticationSession authSession = AuthenticationSessionStoreage
.getSession(moaSessionID);
if(authSession != null) {
authmanager.performSingleLogOut(req, resp, authSession, null);
return;
}
-
- } catch (MOADatabaseException e) {
- //TODO: insert error Handling
-
- } catch (MOAIDException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
}
- }
- }
+ }
+ } catch (MOADatabaseException e) {
+ //TODO: insert error Handling
+ e.printStackTrace();
+
+ } catch (MOAIDException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
} else if (restartProcessObj != null && restartProcessObj instanceof String) {
String restartProcess = (String) restartProcessObj;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 6e1811c8b..532ccb7ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -63,7 +64,7 @@ public class RedirectServlet extends AuthServlet{
String redirectTarget = DEFAULT_REDIRECTTARGET;
try {
oa = ConfigurationDBRead.getActiveOnlineApplication(url);
- if (oa == null) {
+ if (oa == null && !url.startsWith(AuthConfigurationProvider.getInstance().getPublicURLPrefix())) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 2b687a0c8..284a77126 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -53,6 +53,7 @@ import iaik.utils.RFC2253NameParserException;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
+import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
@@ -266,14 +267,25 @@ public class VerifyXMLSignatureResponseValidator {
}
//compare ECDSAPublicKeys
- if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) &&
- (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) {
+ if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) ||
+ (idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey)) &&
+ ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) ||
+ (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey) ) ) {
- ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature;
- ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i];
+ try {
+ ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded());
+ ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded());
+
+ if(ecdsakey.equals(ecdsaPubKeySignature))
+ found = true;
+
+ } catch (InvalidKeyException e) {
+ Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e);
+ throw new ValidateException("validator.09", null);
+ }
- if(ecdsakey.equals(ecdsaPubKeySignature))
- found = true;
+
+
}
// Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName()
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index ca3117a79..ff294dc3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -31,6 +31,7 @@ import java.io.InputStreamReader;
import java.io.Reader;
import java.io.StringWriter;
import java.net.URI;
+import java.util.Date;
import java.util.List;
import javax.servlet.http.Cookie;
@@ -132,7 +133,7 @@ public class SSOManager {
}
- public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) {
+ public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException {
// search SSO Session
if (ssoSessionID == null) {
@@ -144,8 +145,19 @@ public class SSOManager {
if (storedSession == null)
return false;
-
+
else {
+
+ //check if session is out of lifetime
+ Date now = new Date();
+ long maxSSOSessionTime = AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionCreated().longValue() * 1000;
+ Date ssoSessionValidTo = new Date(storedSession.getCreated().getTime() + maxSSOSessionTime);
+ if (now.after(ssoSessionValidTo)) {
+ Logger.info("Found outdated SSO session information. Start reauthentication process ... ");
+ return false;
+ }
+
+ //check if request starts an interfederated SSO session
if (protocolRequest != null &&
protocolRequest instanceof RequestImpl &&
storedSession.isInterfederatedSSOSession() &&
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 3b0d07ce1..583120a86 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -115,6 +115,7 @@ public final class OAuth20AttributeBuilder {
buildersOpenId.add(new OpenIdExpirationTimeAttribute());
buildersOpenId.add(new OpenIdIssueInstantAttribute());
buildersOpenId.add(new OpenIdAuthenticationTimeAttribute());
+ buildersOpenId.add(new OpenIdAudiencesAttribute());
// profile
buildersProfile.add(new ProfileGivenNameAttribute());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
new file mode 100644
index 000000000..404eb1b44
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
@@ -0,0 +1,47 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class OpenIdAudiencesAttribute implements IAttributeBuilder {
+
+ public String getName() {
+ return "aud";
+ }
+
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", oaParam.getPublicURLPrefix());
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
index 4f3aff469..61840ea21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
@@ -22,14 +22,13 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import iaik.util.logging.Log;
-
import java.io.IOException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -51,7 +50,7 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
}
catch (IOException e) {
- Log.info("Encode AuthBlock BASE64 failed.");
+ Logger.info("Encode AuthBlock BASE64 failed.");
}
throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
index df1bc1860..8a603f53a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
@@ -22,7 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import iaik.util.logging.Log;
import java.io.IOException;
@@ -30,6 +29,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
public class EIDSignerCertificate implements IPVPAttributeBuilder {
@@ -49,7 +49,7 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder {
}
}catch (IOException e) {
- Log.info("Signer certificate BASE64 encoding error");
+ Logger.info("Signer certificate BASE64 encoding error");
}
throw new UnavailableAttributeException(EID_SIGNER_CERTIFICATE_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index a57fb5717..cba64e080 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -261,6 +261,10 @@ public class MOAMetadataProvider implements MetadataProvider {
List<OnlineApplication> oaList = ConfigurationDBRead
.getAllActiveOnlineApplications();
+
+ if (oaList.size() == 0)
+ Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!");
+
Iterator<OnlineApplication> oaIt = oaList.iterator();
while (oaIt.hasNext()) {
HTTPMetadataProvider httpProvider = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 9c8c52e87..8f7f17e2e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -33,6 +33,7 @@ import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -102,7 +103,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isSAML1Active()) {
Logger.info("SAML1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new Object[] { NAME });
+ throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
}
@@ -145,14 +146,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
.getOnlineApplicationParameter(oaURL);
if (oaParam == null)
- throw new AuthenticationException("auth.00",
- new Object[] { oaURL });
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
OASAML1 saml1 = oaParam.getSAML1Parameter();
if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
- throw new AuthenticationException("auth.00",
- new Object[] { oaURL });
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
}
config.setSourceID(sourceID);
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 0536cfae1..9bfa14a7c 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -252,7 +252,7 @@ pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden.
pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler\={0}).
oauth20.01=Fehlerhafte redirect url
-oauth20.02=Fehlender Parameter "{0}"
+oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
oauth20.03=Angeforderter response_type ist nicht erlaubt
oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt
oauth20.05=Der angegebene Benutzer ist nicht berechtigt
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
index 88279ee96..b241e85cf 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
@@ -389,7 +389,7 @@
</head>
#if($timeoutURL)
- <body onload='setTimeout(sloTimeOut(), $timeout);'>
+ <body onload='setTimeout(sloTimeOut, $timeout);'>
#else
<body>
#end
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
index 3acf20a41..3b4beb7b7 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
@@ -215,7 +215,7 @@ public class SAMLResponseParserTest extends UnitTestCase {
assertEquals(0, authData.getMinorVersion());
assertEquals("-4633313027464114584", authData.getAssertionID());
assertEquals("http://localhost:8080/moa-id-auth/", authData.getIssuer());
- assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstant());
+ assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstantString());
assertEquals("123456789012", authData.getIdentificationValue());
assertEquals("MTk2OC0xMC0yMmdi", authData.getBPK());
assertEquals("Hermann", authData.getGivenName());