From a1bf5db9320090e976bfee9620fb2de3d877a0d1 Mon Sep 17 00:00:00 2001 From: Klaus Stranacher Date: Tue, 10 Sep 2013 10:43:14 +0200 Subject: Update MOA-ID Specification (appendix) Bug fix: OA URL escape Verify Country-Code in Foreign Identities Mode (AT login not possible) --- .../id/auth/parser/StartAuthentificationParameterParser.java | 2 +- .../moa/id/auth/servlet/VerifyCertificateServlet.java | 12 +++++++++++- .../moa/id/protocols/saml1/SAML1AuthenticationServer.java | 12 ++++++------ .../gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java | 2 +- 4 files changed, 19 insertions(+), 9 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 58194361c..84e55435d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -44,7 +44,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // escape parameter strings target = StringEscapeUtils.escapeHtml(target); - oaURL = StringEscapeUtils.escapeHtml(oaURL); + //oaURL = StringEscapeUtils.escapeHtml(oaURL); bkuURL = StringEscapeUtils.escapeHtml(bkuURL); templateURL = StringEscapeUtils.escapeHtml(templateURL); useMandate = StringEscapeUtils.escapeHtml(useMandate); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 477d99220..ec05af5a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.util.CertificateUtils; /** * Servlet requested for getting the foreign eID @@ -158,8 +159,17 @@ public class VerifyCertificateServlet extends AuthServlet { ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); } else { + + + String countrycode = CertificateUtils.getIssuerCountry(cert); + if (countrycode != null) { + if (countrycode.compareToIgnoreCase("AT") == 0) { + Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode."); + throw new AuthenticationException("auth.22", null); + } + } + // Foreign Identities Modus - String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert); // build dataurl (to the GetForeignIDSerlvet) String dataurl = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index ee0b4e7e2..ede5f05d2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -197,12 +197,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer { String ilAssertion = ""; if (saml1parameter.isProvideIdentityLink()) { if (session.getBusinessService()) { - IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); + //IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink() - .getSamlAssertion()); - - ilAssertion = DOMUtils.serializeNode(resignedilAssertion); +// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink() +// .getSamlAssertion()); +// +// ilAssertion = DOMUtils.serializeNode(resignedilAssertion); } else { ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index a310b16ff..309b644d5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -72,7 +72,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { HttpServletResponse response, String action) throws MOAIDException { RequestImpl config = new RequestImpl(); String oaURL = (String) request.getParameter(PARAM_OA); - oaURL = StringEscapeUtils.escapeHtml(oaURL); + //oaURL = StringEscapeUtils.escapeHtml(oaURL); String target = (String) request.getParameter(PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); -- cgit v1.2.3