From 3ef26fe4c900e0a76160e961dc07c11ca60298c2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Sun, 19 Mar 2017 21:13:53 +0100 Subject: add info for a bugfix that can not be solved at the moment --- .../moa/id/configuration/data/oa/OATargetConfiguration.java | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'id/ConfigWebTool/src/main/java/at') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index f660b5feb..b4b3aaf13 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -178,6 +178,13 @@ public class OATargetConfiguration implements IOnlineApplicationData { num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + /*Fixme: + * Company numbers had to be padded with '0' on left site + * But this bugfix can not be activated, because this would + * change all bPKs for company numbers. + * + * Change this in case of new bPK generation algorithms + */ // num = StringUtils.leftPad(num, 7, '0'); } -- cgit v1.2.3 From 91d38d59b42ee77346b0d33315f403d8fa678576 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 17 Jul 2017 10:25:02 +0200 Subject: update MOA SAML2 metadata provider to support metadata located on file system --- .../validation/oa/OAPVP2ConfigValidation.java | 105 +++++++++++---------- 1 file changed, 54 insertions(+), 51 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 61a380188..79e7e9252 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -111,81 +111,84 @@ public class OAPVP2ConfigValidation { log.info("MetaDataURL has no valid form."); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); - } else { - + } else { if (certSerialized == null) { log.info("No certificate for metadata validation"); errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); - } else { - - X509Certificate cert = new X509Certificate(certSerialized); - BasicX509Credential credential = new BasicX509Credential(); - credential.setEntityCertificate(cert); + } else { + if (form.getMetaDataURL().startsWith("http")) { + X509Certificate cert = new X509Certificate(certSerialized); + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); - timer = new Timer(); - httpClient = new MOAHttpClient(); + timer = new Timer(); + httpClient = new MOAHttpClient(); - if (form.getMetaDataURL().startsWith("https:")) - try { - MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - "MOAMetaDataProvider", - ConfigurationProvider.getInstance().getCertStoreDirectory(), - ConfigurationProvider.getInstance().getTrustStoreDirectory(), - null, - "pkix", - true, - new String[]{"crl"}, - false); + if (form.getMetaDataURL().startsWith("https:")) + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true, + new String[]{"crl"}, + false); - httpClient.setCustomSSLTrustStore( - form.getMetaDataURL(), - protoSocketFactory); + httpClient.setCustomSSLTrustStore( + form.getMetaDataURL(), + protoSocketFactory); - } catch (MOAHttpProtocolSocketFactoryException e) { - log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); - } catch (ConfigurationException e) { - log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); + } catch (ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); - } + } - List filterList = new ArrayList(); - filterList.add(new MetaDataVerificationFilter(credential)); + List filterList = new ArrayList(); + filterList.add(new MetaDataVerificationFilter(credential)); - try { - filterList.add(new SchemaValidationFilter( - ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); + try { + filterList.add(new SchemaValidationFilter( + ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); - } catch (ConfigurationException e) { - log.warn("Configuration access FAILED!", e); + } catch (ConfigurationException e) { + log.warn("Configuration access FAILED!", e); - } + } + + MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); - MetadataFilterChain filter = new MetadataFilterChain(); - filter.setFilters(filterList); + httpProvider = + new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMetadataFilter(filter); + httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes + httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours - httpProvider = - new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); - httpProvider.setParserPool(new BasicParserPool()); - httpProvider.setRequireValidMetadata(true); - httpProvider.setMetadataFilter(filter); - httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes - httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + httpProvider.setRequireValidMetadata(true); - httpProvider.setRequireValidMetadata(true); + httpProvider.initialize(); - httpProvider.initialize(); + if (httpProvider.getMetadata() == null) { + log.info("Metadata could be received but validation FAILED."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); + } - if (httpProvider.getMetadata() == null) { - log.info("Metadata could be received but validation FAILED."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); + } else { + log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form.getMetaDataURL()); + } - } } } -- cgit v1.2.3 From 122de0a09f42fcc7e2fa0a429df5da37820fd730 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 25 Jul 2017 16:12:28 +0200 Subject: workAround to solve problem with IAIK-JCE and SSL algorithm parameter validation --- .../configuration/config/ConfigurationProvider.java | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'id/ConfigWebTool/src/main/java/at') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 05ce3344b..c5ae5065f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -63,6 +63,7 @@ import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUse import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.asn1.structures.AlgorithmID; import iaik.x509.X509Certificate; @@ -150,6 +151,8 @@ public class ConfigurationProvider { UserRequestCleaner.start(); + fixJava8_141ProblemWithSSLAlgorithms(); + log.info("MOA-ID-Configuration initialization completed"); @@ -168,6 +171,23 @@ public class ConfigurationProvider { } + private static void fixJava8_141ProblemWithSSLAlgorithms() { + log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); + //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", + new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", + new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", + new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", + new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", + new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); + + log.info("Change AlgorithmIDs finished"); + } + @Autowired(required = true) public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) { this.configModule = module; -- cgit v1.2.3 From 02ea379722e57b38a185b7886eb4e39421fb4371 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 7 Sep 2017 09:10:03 +0200 Subject: update Struts2 to current version --- .../moa/id/configuration/filter/AuthenticationFilter.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index 67fef3b1d..c69998fa2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -28,9 +28,6 @@ import java.util.Date; import java.util.StringTokenizer; import java.util.regex.Pattern; -import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; - import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; @@ -42,6 +39,9 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; + import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; @@ -205,7 +205,9 @@ public class AuthenticationFilter implements Filter{ filterchain.doFilter(req, resp); } catch (Exception e) { - + + log.error("Servlet filter catchs an unhandled exception! Msg: " + e.getMessage(), e); + //String redirectURL = "./index.action"; //HttpServletResponse httpResp = (HttpServletResponse) resp; //redirectURL = httpResp.encodeRedirectURL(redirectURL); -- cgit v1.2.3