diff options
Diffstat (limited to 'id/server')
5 files changed, 51 insertions, 19 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index a8ffd10bc..00d128ca5 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -226,11 +226,23 @@ <dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml</artifactId>
- </dependency>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>xmltooling</artifactId>
- </dependency>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<!-- <dependency>
<groupId>regexp</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 80afd9f82..db36356c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -3,7 +3,6 @@ package at.gv.egovernment.moa.id.auth; -import iaik.cms.ecc.IaikEccProvider; import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; import iaik.security.ecc.provider.ECCProvider; @@ -11,12 +10,9 @@ import iaik.security.provider.IAIK; import java.io.IOException; import java.security.GeneralSecurityException; -import java.security.Security; -import java.util.Properties; import javax.activation.CommandMap; import javax.activation.MailcapCommandMap; -import javax.mail.Session; import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -119,8 +115,8 @@ public class MOAIDAuthInitializer { Logger.warn(MOAIDMessageProvider.getInstance().getMessage( "init.01", null), e); } - - IAIK.addAsProvider(); + + IAIK.addAsProvider(); ECCProvider.addAsProvider(); // Initializes SSLSocketFactory store diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 2b687a0c8..284a77126 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -53,6 +53,7 @@ import iaik.utils.RFC2253NameParserException; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; +import java.security.InvalidKeyException; import java.security.PublicKey; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; @@ -266,14 +267,25 @@ public class VerifyXMLSignatureResponseValidator { } //compare ECDSAPublicKeys - if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) && - (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) { + if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) || + (idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey)) && + ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) || + (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey) ) ) { - ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature; - ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i]; + try { + ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded()); + ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded()); + + if(ecdsakey.equals(ecdsaPubKeySignature)) + found = true; + + } catch (InvalidKeyException e) { + Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e); + throw new ValidateException("validator.09", null); + } - if(ecdsakey.equals(ecdsaPubKeySignature)) - found = true; + + } // Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName() diff --git a/id/server/stork2-commons/pom.xml b/id/server/stork2-commons/pom.xml index d0fd5a1ad..555d6cec7 100644 --- a/id/server/stork2-commons/pom.xml +++ b/id/server/stork2-commons/pom.xml @@ -13,13 +13,21 @@ <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <stork.version>1.4.0</stork.version> - <opensaml.version>2.6.2</opensaml.version> + <opensaml.version>2.6.3</opensaml.version> </properties> <version>${stork.version}</version> <description> The STORKCommons library provides beans, Java Interfaces and utility classes to integrate PEPS and SAML Engine. </description> + <repositories> + <repository> + <id>shibboleth.internet2.edu</id> + <name>Internet2</name> + <url>https://build.shibboleth.net/nexus/content/groups/public/</url> + </repository> + </repositories> + <dependencies> <!-- Joda --> @@ -55,8 +63,8 @@ </dependency> <dependency> - <groupId>org.opensaml</groupId> - <artifactId>opensaml</artifactId> + <groupId>org.opensaml</groupId> + <artifactId>opensaml</artifactId> <exclusions> <exclusion> <groupId>org.slf4j</groupId> diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml index 89ddab22a..30f2bff7c 100644 --- a/id/server/stork2-saml-engine/pom.xml +++ b/id/server/stork2-saml-engine/pom.xml @@ -49,12 +49,12 @@ <groupId>eu.stork</groupId>
<artifactId>Commons</artifactId>
<version>${commons.version}</version>
- <exclusions>
+<!-- <exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
</exclusion>
- </exclusions>
+ </exclusions> -->
</dependency>
<dependency>
@@ -82,6 +82,10 @@ <groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
</exclusions>
</dependency>
|