From 6af904f899b5e20c92fe7ada53fa8253b3d29cb3 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 14 Mar 2017 08:35:56 +0100
Subject: workaround to fix possible problem with OpenSAML
 SecureRandomIdentifierGenerator in combination with JDK 8.121 and IAIK_JCE
 that cause in a java.lang.ArrayIndexOutOfBoundsException

---
 .../moa/id/protocols/pvp2x/utils/SAML2Utils.java         | 16 +++++++++++++++-
 .../main/java/at/gv/egovernment/moa/id/util/Random.java  | 12 +++++++++++-
 2 files changed, 26 insertions(+), 2 deletions(-)

(limited to 'id/server/idserverlib/src/main')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
index 9d57c2bae..28a85b4af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -46,6 +46,8 @@ import org.opensaml.xml.io.Marshaller;
 import org.opensaml.xml.io.MarshallingException;
 import org.w3c.dom.Document;
 
+import at.gv.egovernment.moa.id.util.Random;
+
 public class SAML2Utils {
 
 	public static <T> T createSAMLObject(final Class<T> clazz) {
@@ -66,7 +68,19 @@ public class SAML2Utils {
 	}
 
 	public static String getSecureIdentifier() {
-		return idGenerator.generateIdentifier();
+		return "_".concat(Random.nextHexRandom16());
+		
+		/*Bug-Fix: There are open problems with RandomNumberGenerator via Java SPI and Java JDK 8.121 
+		*          Generation of a 16bit Random identifier FAILES with an  Caused by: java.lang.ArrayIndexOutOfBoundsException
+		*          Caused by: java.lang.ArrayIndexOutOfBoundsException
+							  at iaik.security.random.o.engineNextBytes(Unknown Source)
+							  at iaik.security.random.SecRandomSpi.engineNextBytes(Unknown Source)
+						      at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
+						      at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:62)
+						      at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56)
+						      at at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils.getSecureIdentifier(SAML2Utils.java:69)        
+		*/		
+		//return idGenerator.generateIdentifier();
 	}
 	
 	private static SecureRandomIdentifierGenerator idGenerator;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index ba45a3679..1f9050a31 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -114,9 +114,19 @@ public class Random {
 	 * 
 	 * @return random hex encoded value [256bit]
 	 */
-	public static String nextHexRandom() {
+	public static String nextHexRandom32() {
 		return new String(Hex.encodeHex(nextByteRandom(32))); // 32 bytes = 256 bits
 		
+	}
+	
+	/**
+	 * Creates a new random number [128bit], and encode it as hex value.
+	 * 
+	 * @return random hex encoded value [128bit]
+	 */
+	public static String nextHexRandom16() {
+		return new String(Hex.encodeHex(nextByteRandom(16))); // 16 bytes = 128 bits
+		
 	}
 	
 	  /**
-- 
cgit v1.2.3