aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java16
-rw-r--r--id/server/idserverlib/src/test/java/test/tlenz/simpletest.java197
6 files changed, 162 insertions, 74 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 87804ea6c..9fdec9fbb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -53,7 +53,8 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
//only for SAML1 GetAuthenticationData webService functionality
String requestedServlet = request.getServletPath();
- if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) {
+ if (MiscUtil.isNotEmpty(requestedServlet) &&
+ requestedServlet.startsWith("/services")) {
Logger.debug("SAML1 GetAuthenticationServices allow access without SSL");
return true;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
index f9986dccb..76e6605c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
@@ -129,6 +129,11 @@ public class ProcessEngineImpl implements ProcessEngine {
ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId());
+ if (pi == null ) {
+ throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist.");
+
+ }
+
MDC.put(MDC_CTX_PI_NAME, pi.getId());
if (!ProcessInstanceState.NOT_STARTED.equals(pi.getState())) {
@@ -164,6 +169,11 @@ public class ProcessEngineImpl implements ProcessEngine {
ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId());
+ if (pi == null ) {
+ throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist.");
+
+ }
+
MDC.put(MDC_CTX_PI_NAME, pi.getId());
if (!ProcessInstanceState.SUSPENDED.equals(pi.getState())) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index b4eed85d0..a611c72b9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -53,7 +53,10 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
profRepName = misMandate.getTextualDescriptionOfOID();
- if (MiscUtil.isEmpty(profRepName)) {
+ //only read textual prof. rep. OID describtion from mandate annotation
+ // if also OID exists
+ if (MiscUtil.isEmpty(profRepName)
+ && MiscUtil.isNotEmpty(misMandate.getProfRep())) {
Element mandate = authData.getMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index af6c79140..52bf16247 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -125,7 +125,10 @@ public class SingleLogOutAction implements IAction {
String moasession = ssomanager.getMOASession(ssoID);
try {
session = authenticationSessionStorage.getSession(moasession);
-
+
+ if (session == null)
+ throw new MOADatabaseException();
+
} catch (MOADatabaseException e) {
Logger.info("Can not find active Session. Single LogOut not possible!");
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 8ddd2cb39..200429093 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -208,8 +208,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
int idx = 0;
- AttributeConsumingService attributeConsumingService = null;
-
+ AttributeConsumingService attributeConsumingService = null;
if (aIdx != null) {
idx = aIdx.intValue();
attributeConsumingService = spSSODescriptor
@@ -223,6 +222,19 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
}
+ /*
+ * TODO: maybe use first AttributeConsumingService if no is selected
+ * in request or on service is marked as default
+ *
+ */
+ if (attributeConsumingService == null ) {
+ List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+ if (attrConsumingServiceList != null && !attrConsumingServiceList.isEmpty())
+ attributeConsumingService = attrConsumingServiceList.get(0);
+
+ }
+
+
if (attributeConsumingService != null) {
Iterator<RequestedAttribute> it = attributeConsumingService
.getRequestAttributes().iterator();
diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
index 2c80b7ffd..05cd74ed2 100644
--- a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
+++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
@@ -1,23 +1,23 @@
package test.tlenz;
-import java.io.File;
import java.io.FileInputStream;
-import java.io.InputStream;
-import java.io.ObjectInputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.List;
-import org.w3c.dom.Element;
+import org.apache.commons.io.IOUtils;
+import org.w3c.dom.NodeList;
-import iaik.asn1.structures.Name;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.data.AuthenticationRole;
-import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
-import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
-import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.ContentBinary;
+import at.gv.egovernment.moa.spss.api.common.ContentXML;
+import at.gv.egovernment.moa.spss.api.common.InputData;
+import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
@@ -62,71 +62,130 @@ import at.gv.egovernment.moa.util.DOMUtils;
public class simpletest {
//
public static void main(String[] args) {
-
- URI fileURI = null;
- try {
- fileURI = new URI("file:c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
+ try {
+ FileInputStream sigDocFIS = null;
+ sigDocFIS = new FileInputStream("D:/idl_test/identity_link.xml");
- InputStream in = new FileInputStream(propertiesFile);
- ObjectInputStream testOIS = new ObjectInputStream(in);
+ SPSSFactory spssFac = SPSSFactory.getInstance();
+ SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance();
+ Content sigDocContent = spssFac.createContent(sigDocFIS, null);
+
+
+ // Position der zu pruefenden Signatur
+ HashMap nSMap = new HashMap();
+ nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#");
+ VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap);
+
+ // Pruefrequest zusammenstellen
+ VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent, sigLocation);
+ VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest(
+ null, // Verwende aktuelle Zeit als Pruefzeit
+ sigInfo,
+ null, // Keine Ergaenzungsobjekte
+ null, // Signaturmanifest-Pruefung soll nicht durchgefuehrt werden
+ true, // Hash-Inputdaten, d.h. tatsaechlich signierte Daten werden nicht zurueckgeliefert
+ "MOAIDBuergerkarteAuthentisierungsDaten");
+
+
+ VerifyXMLSignatureResponse verifyResponse = null;
+ verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest);
+
+ SignerInfo signerInfo = verifyResponse.getSignerInfo();
+ String signerCertificateEncoded = null;
+
+ List hashInputDatas = verifyResponse.getHashInputDatas();
+ if (hashInputDatas != null && !hashInputDatas.isEmpty()) {
+ for (Object el : hashInputDatas) {
+ InputData inputData = (InputData) el;
+ switch (inputData.getContentType()) {
+ case Content.XML_CONTENT :
+ ContentXML contentXml = (ContentXML) inputData;
+ NodeList input_XML = contentXml.getXMLContent();
+
+ break;
+ case Content.BINARY_CONTENT :
+ ContentBinary contentBinary = (ContentBinary) inputData;
+ String input_Binary = IOUtils.toString(contentBinary.getBinaryContent());
+
+ }
+ }
+ }
+
+
- Object test = testOIS.readObject();
+ } catch (Exception e) {
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file:/c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file://c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
- }
-
- try {
- fileURI = new URI("file:///c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
- File propertiesFile = new File(fileURI);
- } catch (Exception e1) {
- e1.printStackTrace();
}
- try {
- InputStream s = new FileInputStream("D:/idl_test/identity_link.xml");
- Element idlTemplate = DOMUtils.parseXmlValidating(s);
-
- //resign IDL
- IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
- Element resignedilAssertion = identitylinkresigner.resignIdentityLink(idlTemplate, "IDLSigning");
- IdentityLink identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
-
- } catch (Exception e) {
- System.out.println(e.getMessage());
-
- }
- String subjectName = "serialNumber=896929130327, givenName=OCSP, SN=Responder 03-1, CN=OCSP Responder 03-1, C=AT";
- try {
- Name test = new RFC2253NameParser(subjectName).parse();
-
- System.out.println(test.getRFC2253String());
-
- } catch (RFC2253NameParserException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
+// URI fileURI = null;
+// try {
+// fileURI = new URI("file:c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+//
+// InputStream in = new FileInputStream(propertiesFile);
+// ObjectInputStream testOIS = new ObjectInputStream(in);
+//
+// Object test = testOIS.readObject();
+//
+//
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file:/c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file://c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+// try {
+// fileURI = new URI("file:///c:/moa3/tomcat8/conf/moa-id/moa-id.properties");
+// File propertiesFile = new File(fileURI);
+// } catch (Exception e1) {
+// e1.printStackTrace();
+// }
+//
+//
+//
+// try {
+// InputStream s = new FileInputStream("D:/idl_test/identity_link.xml");
+// Element idlTemplate = DOMUtils.parseXmlValidating(s);
+//
+// //resign IDL
+// IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(idlTemplate, "IDLSigning");
+// IdentityLink identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
+//
+// } catch (Exception e) {
+// System.out.println(e.getMessage());
+//
+// }
+//
+// String subjectName = "serialNumber=896929130327, givenName=OCSP, SN=Responder 03-1, CN=OCSP Responder 03-1, C=AT";
+//
+// try {
+// Name test = new RFC2253NameParser(subjectName).parse();
+//
+// System.out.println(test.getRFC2253String());
+//
+// } catch (RFC2253NameParserException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
// AuthenticationRole test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(key=A\\,B)");