aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-sl20_authentication/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-sl20_authentication/src/main')
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java10
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java3
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java34
3 files changed, 32 insertions, 15 deletions
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
index 0c93e7886..a437e3411 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
@@ -7,7 +7,6 @@ import java.util.List;
import org.jaxen.SimpleNamespaceContext;
import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.Unmarshaller;
@@ -154,12 +153,7 @@ public class QualifiedeIDVerifier {
//parse authBlock into SAML2 Assertion
byte[] authBlockBytes = Base64Utils.decode(authblockB64, false);
Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes));
-
- //A-Trust workarounda
-// Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authblockB64.getBytes()));
-// Element authBlockDOM = DOMUtils.parseXmlNonValidating(new ByteArrayInputStream(authblockB64.getBytes()));
- DefaultBootstrap.bootstrap();
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM);
XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM);
@@ -231,8 +225,10 @@ public class QualifiedeIDVerifier {
+ " NotBefore:" + notBefore.toString()
+ " NotOrNotAfter:" + notOrNotAfter.toString());
- if (signingDate.after(notBefore) && signingDate.before(notOrNotAfter))
+ if ((signingDate.after(notBefore) || signingDate.equals(notBefore))
+ && signingDate.before(notOrNotAfter))
Logger.debug("Signing date validation successfull");
+
else {
Logger.info("AuthBlock signing date does NOT match to AuthBlock constrains");
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index c425ca0a7..b87d614c5 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -102,8 +102,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
);
//String qualeIDReqId = UUID.randomUUID().toString();
- //TODO: work-Around for A-trust
- String qualeIDReqId = SAML2Utils.getSecureIdentifier().substring(0, 12);
+ String qualeIDReqId = SAML2Utils.getSecureIdentifier();
String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools);
JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index d35d113f9..bb66f452a 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -61,13 +61,11 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
if (MiscUtil.isEmpty(sl20Result)) {
-
- //TODO: remove
//Workaround for SIC Handy-Signature, because it sends result in InputStream
- String test = StreamUtils.readStream(request.getInputStream(), "UTF-8");
- if (MiscUtil.isNotEmpty(test)) {
+ String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8");
+ if (MiscUtil.isNotEmpty(isReqInput)) {
Logger.info("Use SIC Handy-Signature work-around!");
- sl20Result = test.substring("slcommand=".length());
+ sl20Result = isReqInput.substring("slcommand=".length());
} else {
Logger.info("NO SL2.0 commando or result FOUND.");
@@ -244,7 +242,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
//build first redirect command for app
JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
- authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL),
+ generateICPRedirectURLForDebugging(),
callCommand, null, true);
JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams);
@@ -285,6 +283,30 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
}
}
+ /**
+ * Generates a IPC redirect URL that is configured on IDP side
+ *
+ * @return IPC ReturnURL, or null if no URL is configured
+ */
+ private String generateICPRedirectURLForDebugging() {
+ final String PATTERN_PENDING_REQ_ID = "#PENDINGREQID#";
+
+ String ipcRedirectURLConfig = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL);
+ if (MiscUtil.isNotEmpty(ipcRedirectURLConfig)) {
+ if (ipcRedirectURLConfig.contains(PATTERN_PENDING_REQ_ID)) {
+ Logger.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... ");
+ ipcRedirectURLConfig = ipcRedirectURLConfig.replaceAll(
+ "#PENDINGREQID#",
+ MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReq.getRequestID());
+
+ }
+
+ return ipcRedirectURLConfig;
+ }
+
+ return null;
+
+ }
}