diff options
Diffstat (limited to 'id/server/idserverlib/src')
13 files changed, 220 insertions, 82 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index e7abf0f9a..a8cf5014f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -414,17 +414,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {          OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()                  .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); -        // if OA is type is business service the manifest validation result has -        // to be ignored -        boolean ignoreManifestValidationResult = (oaParam.getBusinessService()) ? true -                : false; -          // validates the <VerifyXMLSignatureResponse>          VerifyXMLSignatureResponseValidator.getInstance().validate(                  verifyXMLSignatureResponse,                  authConf.getIdentityLinkX509SubjectNames(),                  VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, -                ignoreManifestValidationResult); +                oaParam);          session.setIdentityLink(identityLink);          // now validate the extended infoboxes @@ -1214,10 +1209,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {              }          } +        OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +                .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +                  // validates the <VerifyXMLSignatureResponse>          VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp,                  null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, -                false); +                oaParam);          // Compare AuthBlock Data with information stored in session, especially          // date and time @@ -1468,7 +1466,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {       */      public static AuthenticationSession getSession(String id)              throws AuthenticationException { -          AuthenticationSession session;          try {              session = AuthenticationSessionStoreage.getSession(id); @@ -1478,7 +1475,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {              return session;          } catch (MOADatabaseException e) { -            throw new AuthenticationException("parser.04", new Object[]{id}); +        	throw new AuthenticationException("auth.02", new Object[]{id}); +             +        } catch (Exception e) { +        	throw new AuthenticationException("parser.04", new Object[]{id});          }      } @@ -1757,8 +1757,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {          String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); -        String acsURL = new DataURLBuilder().buildDataURL(issuerValue,  -    			PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID()); +//        String acsURL = new DataURLBuilder().buildDataURL(issuerValue,  +//    			PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID()); +         +        //solve Problem with sessionIDs  +        String acsURL = issuerValue + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; +                  Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);          String providerName = oaParam.getFriendlyName(); @@ -1862,10 +1866,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {          //send          moasession.setStorkAuthnRequest(authnRequest); -        HttpSession httpSession = req.getSession(); -        httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); - +        AuthenticationSessionStoreage.changeSessionID(moasession, authnRequest.getSamlId()); +         +                  Logger.info("Preparing to send STORK AuthnRequest.");          Logger.info("prepared STORKAuthnRequest: ");          Logger.info(new String(authnRequest.getTokenSaml())); @@ -1888,8 +1892,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {          } catch (Exception e) {              Logger.error("Error sending STORK SAML AuthnRequest.", e); -            httpSession.invalidate();              throw new MOAIDException("stork.02", new Object[]{destination}); +                      }          Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index e2c0c1f18..497c79c1e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -142,6 +142,10 @@ public interface MOAIDAuthConstants {    public static final String PARAM_APPLET_HEIGTH = "heigth";    public static final String PARAM_APPLET_WIDTH = "width"; +  //TODO: set correct OID!!! +  public static final String TESTCREDENTIALROOTOID = "1.2.40.0.10.1";  +   +    	public static final Map<String, String> COUNTRYCODE_XX_TO_NAME =   			Collections.unmodifiableMap(new HashMap<String, String>() {  				private static final long serialVersionUID = 1L; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 8a5782bcf..e5b2c598c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -78,6 +78,7 @@ import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;  import at.gv.egovernment.moa.id.storage.IExceptionStore;  import at.gv.egovernment.moa.id.util.ServletUtils;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil;  import at.gv.egovernment.moa.util.URLDecoder;  /** @@ -197,7 +198,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {  		IExceptionStore store = DBExceptionStoreImpl.getStore();  		String id = store.storeException(exceptionThrown); -		if (id != null) { +		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {  			String redirectURL = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 25749c8bc..93ac84381 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -113,16 +113,50 @@ public class PEPSConnectorServlet extends AuthServlet {  			//check if https or only http
  			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
 +						
 +			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
 +			
 +			//extract STORK Response from HTTP Request
 +			//Decodes SAML Response
 +			byte[] decSamlToken;
 +			try {
 +				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
 +			} catch(NullPointerException e) {
 +				Logger.error("Unable to retrieve STORK Response", e);
 +				throw new MOAIDException("stork.04", null);
 +			}
 +
 +			//Get SAMLEngine instance
 +			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
 +
 +			STORKAuthnResponse authnResponse = null;
 +			try {
 +				//validate SAML Token
 +				Logger.debug("Starting validation of SAML response");
 +				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
 +				Logger.info("SAML response succesfully verified!");
 +			}catch(STORKSAMLEngineException e){
 +				Logger.error("Failed to verify STORK SAML Response", e);
 +				throw new MOAIDException("stork.05", null);
 +			}
 +
 +			Logger.info("STORK SAML Response message succesfully extracted");
 +			Logger.debug("STORK response: ");
 +			Logger.debug(authnResponse.toString());
  			Logger.debug("Trying to find MOA Session-ID ...");			
 -		    String moaSessionID = request.getParameter(PARAM_SESSIONID);
 -	           
 +		    //String moaSessionID = request.getParameter(PARAM_SESSIONID);
 +			//first use SAML2 relayState 
 +			String moaSessionID = request.getParameter("RelayState");
 +					
  		    // escape parameter strings
  		    moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
 +		  //check if SAML2 relaystate includes a MOA sessionID
  			if (StringUtils.isEmpty(moaSessionID)) {
 -				//check if SAML2 relaystate includes a MOA sessionID
 -				moaSessionID = request.getParameter("RelayState");
 +				//if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
 +				
 +				moaSessionID = authnResponse.getInResponseTo();
  				moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
  				if (StringUtils.isEmpty(moaSessionID)) {				
 @@ -132,13 +166,19 @@ public class PEPSConnectorServlet extends AuthServlet {  					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
  				} else 
 -					Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
 +					Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
  			} else 
 -				Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
 +				//Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
 +				Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
 -	         if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
 -	             throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
 +			/*INFO!!!!
 +			 * SAML message IDs has an different format then MOASessionIDs
 +			 * This is only a workaround because many PEPS does not support SAML2 relayState or
 +			 * MOASessionID as AttributConsumerServiceURL GET parameter
 +			*/
 +//	         if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
 +//	             throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
  			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
 @@ -150,35 +190,7 @@ public class PEPSConnectorServlet extends AuthServlet {  			Logger.info("Found MOA sessionID: " + moaSessionID);
 -			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
 -			//extract STORK Response from HTTP Request
 -			//Decodes SAML Response
 -			byte[] decSamlToken;
 -			try {
 -				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
 -			} catch(NullPointerException e) {
 -				Logger.error("Unable to retrieve STORK Response", e);
 -				throw new MOAIDException("stork.04", null);
 -			}
 -
 -			//Get SAMLEngine instance
 -			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
 -
 -			STORKAuthnResponse authnResponse = null;
 -			try {
 -				//validate SAML Token
 -				Logger.debug("Starting validation of SAML response");
 -				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
 -				Logger.info("SAML response succesfully verified!");
 -			}catch(STORKSAMLEngineException e){
 -				Logger.error("Failed to verify STORK SAML Response", e);
 -				throw new MOAIDException("stork.05", null);
 -			}
 -
 -			Logger.info("STORK SAML Response message succesfully extracted");
 -			Logger.debug("STORK response: ");
 -			Logger.debug(authnResponse.toString());
  			String statusCodeValue = authnResponse.getStatusCode();
 @@ -272,17 +284,17 @@ public class PEPSConnectorServlet extends AuthServlet {  			Logger.debug("fetching OAParameters from database");
 -			//read configuration paramters of OA
 -    	    AuthenticationSession moasession;
 -			try {
 -				moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
 -			} catch (MOADatabaseException e2) {
 -				Logger.error("could not retrieve moa session");
 -				throw new AuthenticationException("auth.01", null);
 -			}
 -    		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
 +//			//read configuration paramters of OA
 +//    	    AuthenticationSession moasession;
 +//			try {
 +//				moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
 +//			} catch (MOADatabaseException e2) {
 +//				Logger.error("could not retrieve moa session");
 +//				throw new AuthenticationException("auth.01", null);
 +//			}
 +    		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
      		if (oaParam == null)
 -    				throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() });
 +    				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
      		// retrieve target
  	        //TODO: check in case of SSO!!!
 @@ -293,7 +305,7 @@ public class PEPSConnectorServlet extends AuthServlet {  	        	if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
  	        		targetValue = id.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
  	        	else
 -	        		targetValue = moasession.getDomainIdentifier();
 +	        		targetValue = moaSession.getDomainIdentifier();
  	        	targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_;
  	        } else {
  	        	targetType = AuthenticationSession.TARGET_PREFIX_;
 @@ -365,13 +377,13 @@ public class PEPSConnectorServlet extends AuthServlet {  			//TODO: found better solution, but QAA Level in response could be not supported yet
  			try {
 -				moasession.setQAALevel(authnResponse.getAssertions().get(0).
 +				moaSession.setQAALevel(authnResponse.getAssertions().get(0).
  						getAuthnStatements().get(0).getAuthnContext().
  						getAuthnContextClassRef().getAuthnContextClassRef());
  			} catch (Throwable e) {
  				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
 -				moasession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
 +				moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
  			}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 4fd7fa965..2b687a0c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -46,6 +46,7 @@  package at.gv.egovernment.moa.id.auth.validator; +import iaik.asn1.ObjectID;  import iaik.asn1.structures.Name;  import iaik.security.ecc.ecdsa.ECPublicKey;  import iaik.utils.RFC2253NameParserException; @@ -54,7 +55,10 @@ import iaik.x509.X509ExtensionInitException;  import java.security.PublicKey;  import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; +import java.util.Iterator;  import java.util.List; +import java.util.Set;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.data.IdentityLink; @@ -62,6 +66,7 @@ import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;  import at.gv.egovernment.moa.id.auth.exception.ValidateException;  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;  import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;  import at.gv.egovernment.moa.logging.Logger; @@ -99,7 +104,7 @@ public class VerifyXMLSignatureResponseValidator {     * @param verifyXMLSignatureResponse the <code><VerifyXMLSignatureResponse></code>     * @param identityLinkSignersSubjectDNNames subject names configured     * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated -   * @param ignoreManifestValidationResult specifies whether the validation result of the  +   * @param oaParam specifies whether the validation result of the      *                                       manifest has to be ignored (identityLink validation if     *                                       the OA is a business service) or not     * @throws ValidateException on any validation error @@ -108,7 +113,7 @@ public class VerifyXMLSignatureResponseValidator {    public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse,                         List<String> identityLinkSignersSubjectDNNames,                          String whatToCheck, -                       boolean ignoreManifestValidationResult) +                       IOAAuthParameters oaParam)      throws ValidateException, ConfigurationException {      if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) @@ -137,8 +142,49 @@ public class VerifyXMLSignatureResponseValidator {      //check QC       if (AuthConfigurationProvider.getInstance().isCertifiacteQCActive() &&      		!whatToCheck.equals(CHECK_IDENTITY_LINK) && -    		!verifyXMLSignatureResponse.isQualifiedCertificate()) -        throw new ValidateException("validator.71", null); +    		!verifyXMLSignatureResponse.isQualifiedCertificate()) { +    	    	 +    	//check if testcards are active and certificate has an extension for test credentials +    	if (oaParam.isTestCredentialEnabled()) { +        	boolean foundTestCredentialOID = false; +        	try { +        		X509Certificate signerCert = verifyXMLSignatureResponse.getX509certificate(); +    		 +        		List<String> validOIDs = new ArrayList<String>(); +        		if (oaParam.getTestCredentialOIDs() != null) +        			validOIDs.addAll(oaParam.getTestCredentialOIDs()); +        		else +        			validOIDs.add(MOAIDAuthConstants.TESTCREDENTIALROOTOID); +    		 +        		Set<String> extentsions = signerCert.getCriticalExtensionOIDs(); +        		extentsions.addAll(signerCert.getNonCriticalExtensionOIDs()); +        		Iterator<String> extit = extentsions.iterator(); +        		while(extit.hasNext()) { +        			String certOID = extit.next(); +        			for (String el : validOIDs) { +        				if (certOID.startsWith(el)) +        					foundTestCredentialOID = true; +        			}    			 +        		} +        		 +        	} catch (Exception e) { +        		Logger.warn("Test credential OID extraction FAILED.", e); +        		 +        	} +        	//throw Exception if not TestCredentialOID is found +        	if (!foundTestCredentialOID) +        		throw new ValidateException("validator.72", null); +    		 +    	} else    	 +    		throw new ValidateException("validator.71", null);         +    } +     +    // if OA is type is business service the manifest validation result has +    // to be ignored +    boolean ignoreManifestValidationResult = false; +    if (whatToCheck.equals(CHECK_IDENTITY_LINK))    	 +    	ignoreManifestValidationResult = (oaParam.getBusinessService()) ? true +            : false;      if (ignoreManifestValidationResult) {        Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index dca0958f3..6fc1d28c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -279,7 +279,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {  		//Load MOAID-2.0 properties file  		File propertiesFile = new File(fileName); -		FileInputStream fis; +		FileInputStream fis = null;  		props = new Properties();  		// determine the directory of the root config file @@ -364,6 +364,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {  		} catch (ExceptionInInitializerError e) {  			throw new  ConfigurationException("config.17", null, e); +			 +		} finally { +			if (fis != null) +				fis.close(); +			  		} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index a59cc10e0..6398de34f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -144,5 +144,9 @@ public interface IOAAuthParameters {  	 * @return  	 */  	boolean isOutboundSSOInterfederationAllowed(); +	 +	boolean isTestCredentialEnabled(); +	List<String> getTestCredentialOIDs(); +	  }
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 7fc5746ee..f6360f4cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;  import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;  import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;  import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentials;  import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;  import at.gv.egovernment.moa.id.config.ConfigurationUtils;  import at.gv.egovernment.moa.id.config.OAParameter; @@ -520,4 +521,30 @@ public boolean isIDPPublicService() {  } + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled() + */ +@Override +public boolean isTestCredentialEnabled() { +	TestCredentials testing = oa_auth.getTestCredentials(); +	if (testing != null && testing.isEnableTestCredentials())	 +		return true; +	else +		return false; +} + + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTestCredentialOIDs() + */ +@Override +public List<String> getTestCredentialOIDs() { +	TestCredentials testing = oa_auth.getTestCredentials(); +	if (testing != null && testing.getCredentialOID().size() > 0)  +		return testing.getCredentialOID(); +	else +		return null;	 +} +  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 02ac09d70..eddf605a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -381,6 +381,24 @@ public class DynamicOAAuthParameters implements IOAAuthParameters {  		return false;  	} +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled() +	 */ +	@Override +	public boolean isTestCredentialEnabled() { +		// TODO Auto-generated method stub +		return false; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTestCredentialOIDs() +	 */ +	@Override +	public List<String> getTestCredentialOIDs() { +		// TODO Auto-generated method stub +		return null; +	} +  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index 6c2f3e75a..b5220914c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -38,6 +38,8 @@ import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;  import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;  import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; @@ -75,12 +77,14 @@ public class IdentityLinkTestModule implements TestModuleInterface {  			VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(  					domVerifyXMLSignatureResponse).parseData(); -		 +			DynamicOAAuthParameters oaParam = new DynamicOAAuthParameters(); +			oaParam.setBusinessService(true); +			  			VerifyXMLSignatureResponseValidator.getInstance().validate(  					verifyXMLSignatureResponse,  					config.getIdentityLinkX509SubjectNames(),  					VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, -					true); +					oaParam);  		} catch (ValidateException e) {  			//check if default Monitoring IDL is used then error is ignored diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 27f53feed..350c4e9da 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -174,21 +174,19 @@ public class AuthenticationSessionStoreage {  	} -	public static String changeSessionID(AuthenticationSession session) -			throws AuthenticationException, BuildException { -		 -		try { +	public static String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, AuthenticationException { +		try {			  			AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); -			String id = Random.nextRandom(); +			  			Logger.debug("Change SessionID from " + session.getSessionID()  -					+ "to " + id); +					+ "to " + newSessionID); -			session.setSessionID(id); +			session.setSessionID(newSessionID);  			encryptSession(session, dbsession); -			dbsession.setSessionid(id); +			dbsession.setSessionid(newSessionID);  			dbsession.setAuthenticated(session.isAuthenticated());  			//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 @@ -198,11 +196,21 @@ public class AuthenticationSessionStoreage {  			Logger.trace("Change SessionID complete."); -			return id; +			return newSessionID;  		} catch (MOADatabaseException e) {  			throw new AuthenticationException("TODO!", null);  		} +		 +		 +		 +	} +	 +	public static String changeSessionID(AuthenticationSession session) +			throws AuthenticationException, BuildException {				 +		String id = Random.nextRandom(); +		return changeSessionID(session, id); +			  	}  	public static void setAuthenticated(String moaSessionID, boolean value) { diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 232411fd8..0f9792e79 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -201,6 +201,7 @@ validator.68=SigningTime im AUTH-Block konnte nicht eruiert werden.  validator.69=SigningTime im AUTH-Block und Serverzeit weichen zu stark ab ({0}).
  validator.70=Das einmale Tokken im signierten AuthBlock ({0}) stimmt nicht mit dem von generierten Tokken ({1}) \u00FCberein.
  validator.71=Das Signaturzertifikat ist nicht qualifiziert.
 +validator.72=Das Signaturzertifikat ist nicht qualifiziert und es wurde keine OID f\u00FCr Test Identit\u00E4ten gefunden.
  ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
 diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java index 14bb1e4cc..0876cfac6 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java @@ -61,6 +61,7 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;  import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;  import at.gv.egovernment.moa.id.config.ConfigurationProvider;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;  import at.gv.egovernment.moa.util.DOMUtils; @@ -130,7 +131,10 @@ System.setProperty(      VerifyXMLSignatureResponseParser vParser = new VerifyXMLSignatureResponseParser(response);      VerifyXMLSignatureResponse vData = vParser.parseData();      VerifyXMLSignatureResponseValidator vValidate = VerifyXMLSignatureResponseValidator.getInstance(); -    vValidate.validate(vData, authConf.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, true); +     +	DynamicOAAuthParameters oaParam = new DynamicOAAuthParameters(); +	oaParam.setBusinessService(true); +    vValidate.validate(vData, authConf.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, oaParam);      vValidate.validateCertificate(vData,idl);      // check the result | 
