From f51f447ed199dc1c3f5dc750d169462d42b2b6ad Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 17 Jan 2014 11:50:42 +0100 Subject: load IAIK JCE as security provider BugFix: @MandateReferenceValue has to to been added @SessionStorage hibernate RoleBack in case of no MOASession is found --- .../egovernment/moa/id/auth/MOAIDAuthInitializer.java | 13 ++++++++++++- .../egovernment/moa/id/auth/servlet/AuthServlet.java | 11 +++++++++++ .../moa/id/entrypoints/DispatcherServlet.java | 6 +++++- .../MandateReferenceValueAttributeBuilder.java | 19 ++++++++++--------- .../moa/id/storage/AuthenticationSessionStoreage.java | 1 + 5 files changed, 39 insertions(+), 11 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 556d26c67..dbfbdad51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -24,11 +24,15 @@ package at.gv.egovernment.moa.id.auth; +import iaik.cms.ecc.IaikEccProvider; import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; import java.io.IOException; import java.security.GeneralSecurityException; +import java.security.Security; import java.util.Properties; import javax.activation.CommandMap; @@ -74,6 +78,14 @@ public class MOAIDAuthInitializer { Logger.info("Default java file.encoding: " + System.getProperty("file.encoding")); + + Logger.info("Loading security providers."); + IAIK.addAsProvider(); + + +// Security.insertProviderAt(new IAIK(), 1); +// Security.insertProviderAt(new ECCProvider(), 1); + //JDK bug workaround according to: // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier // register content data handlers for S/MIME types @@ -180,5 +192,4 @@ public class MOAIDAuthInitializer { AuthConfigLoader.start(); } - } \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 27ac16157..1b7b317c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -23,9 +23,13 @@ package at.gv.egovernment.moa.id.auth.servlet; +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; + import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; +import java.security.Security; import java.util.Enumeration; import java.util.HashMap; import java.util.List; @@ -34,6 +38,7 @@ import java.util.Map; import javax.servlet.RequestDispatcher; import javax.servlet.ServletConfig; import javax.servlet.ServletContext; +import javax.servlet.ServletContextEvent; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -351,6 +356,12 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { super.init(servletConfig); } + +// public void contextDestroyed(ServletContextEvent arg0) { +// Security.removeProvider((new IAIK()).getName()); +// Security.removeProvider((new ECCProvider()).getName()); +// } + /** * Set response headers to avoid caching * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 225ecb2a2..777081da0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -2,7 +2,11 @@ package at.gv.egovernment.moa.id.entrypoints; +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; + import java.io.IOException; +import java.security.Security; import java.util.Iterator; import java.util.Map; import java.util.Set; @@ -478,7 +482,7 @@ public class DispatcherServlet extends AuthServlet{ } } - + @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java index 5a50473d3..46c6ffb78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -20,17 +20,18 @@ public class MandateReferenceValueAttributeBuilder extends BaseAttributeBuilder public Attribute build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { if(authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); - if(mandate == null) { - throw new NoMandateDataAvailableException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAvailableException(); - } + +// Element mandate = authSession.getMandate(); +// if(mandate == null) { +// throw new NoMandateDataAvailableException(); +// } +// Mandate mandateObject = MandateBuilder.buildMandate(mandate); +// if(mandateObject == null) { +// throw new NoMandateDataAvailableException(); +// } return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, - MANDATE_REFERENCE_VALUE_NAME, mandateObject.getMandateID()); + MANDATE_REFERENCE_VALUE_NAME, authSession.getMandateReferenceValue()); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index e40d11128..840c3f2be 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -209,6 +209,7 @@ public class AuthenticationSessionStoreage { //Assertion requires an unique artifact if (result.size() != 1) { Logger.trace("No entries found."); + tx.rollback(); throw new MOADatabaseException("No session found with this sessionID"); } -- cgit v1.2.3