aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/pom.xml16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java24
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/slo_template.html2
5 files changed, 37 insertions, 16 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index a8ffd10bc..00d128ca5 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -226,11 +226,23 @@
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml</artifactId>
- </dependency>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>xmltooling</artifactId>
- </dependency>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<!-- <dependency>
<groupId>regexp</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 80afd9f82..db36356c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -3,7 +3,6 @@
package at.gv.egovernment.moa.id.auth;
-import iaik.cms.ecc.IaikEccProvider;
import iaik.pki.PKIException;
import iaik.pki.jsse.IAIKX509TrustManager;
import iaik.security.ecc.provider.ECCProvider;
@@ -11,12 +10,9 @@ import iaik.security.provider.IAIK;
import java.io.IOException;
import java.security.GeneralSecurityException;
-import java.security.Security;
-import java.util.Properties;
import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
-import javax.mail.Session;
import javax.net.ssl.SSLSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -119,8 +115,8 @@ public class MOAIDAuthInitializer {
Logger.warn(MOAIDMessageProvider.getInstance().getMessage(
"init.01", null), e);
}
-
- IAIK.addAsProvider();
+
+ IAIK.addAsProvider();
ECCProvider.addAsProvider();
// Initializes SSLSocketFactory store
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 6e1811c8b..532ccb7ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -63,7 +64,7 @@ public class RedirectServlet extends AuthServlet{
String redirectTarget = DEFAULT_REDIRECTTARGET;
try {
oa = ConfigurationDBRead.getActiveOnlineApplication(url);
- if (oa == null) {
+ if (oa == null && !url.startsWith(AuthConfigurationProvider.getInstance().getPublicURLPrefix())) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 2b687a0c8..284a77126 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -53,6 +53,7 @@ import iaik.utils.RFC2253NameParserException;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
+import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
@@ -266,14 +267,25 @@ public class VerifyXMLSignatureResponseValidator {
}
//compare ECDSAPublicKeys
- if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) &&
- (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) {
+ if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) ||
+ (idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey)) &&
+ ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) ||
+ (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey) ) ) {
- ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature;
- ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i];
+ try {
+ ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded());
+ ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded());
+
+ if(ecdsakey.equals(ecdsaPubKeySignature))
+ found = true;
+
+ } catch (InvalidKeyException e) {
+ Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e);
+ throw new ValidateException("validator.09", null);
+ }
- if(ecdsakey.equals(ecdsaPubKeySignature))
- found = true;
+
+
}
// Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName()
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
index 88279ee96..b241e85cf 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
@@ -389,7 +389,7 @@
</head>
#if($timeoutURL)
- <body onload='setTimeout(sloTimeOut(), $timeout);'>
+ <body onload='setTimeout(sloTimeOut, $timeout);'>
#else
<body>
#end