From 2376b4247adab09ad5e6991ba2a1511a8683bda7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Jun 2018 11:22:42 +0200 Subject: some small update --- .../sl20/verifier/QualifiedeIDVerifier.java | 10 ++----- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 3 +- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 34 ++++++++++++++++++---- 3 files changed, 32 insertions(+), 15 deletions(-) (limited to 'id/server/modules/moa-id-module-sl20_authentication/src/main') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java index 0c93e7886..a437e3411 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -7,7 +7,6 @@ import java.util.List; import org.jaxen.SimpleNamespaceContext; import org.opensaml.Configuration; -import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.core.Assertion; import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.Unmarshaller; @@ -154,12 +153,7 @@ public class QualifiedeIDVerifier { //parse authBlock into SAML2 Assertion byte[] authBlockBytes = Base64Utils.decode(authblockB64, false); Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes)); - - //A-Trust workarounda -// Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authblockB64.getBytes())); -// Element authBlockDOM = DOMUtils.parseXmlNonValidating(new ByteArrayInputStream(authblockB64.getBytes())); - DefaultBootstrap.bootstrap(); UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM); XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM); @@ -231,8 +225,10 @@ public class QualifiedeIDVerifier { + " NotBefore:" + notBefore.toString() + " NotOrNotAfter:" + notOrNotAfter.toString()); - if (signingDate.after(notBefore) && signingDate.before(notOrNotAfter)) + if ((signingDate.after(notBefore) || signingDate.equals(notBefore)) + && signingDate.before(notOrNotAfter)) Logger.debug("Signing date validation successfull"); + else { Logger.info("AuthBlock signing date does NOT match to AuthBlock constrains"); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index c425ca0a7..b87d614c5 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -102,8 +102,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { ); //String qualeIDReqId = UUID.randomUUID().toString(); - //TODO: work-Around for A-trust - String qualeIDReqId = SAML2Utils.getSecureIdentifier().substring(0, 12); + String qualeIDReqId = SAML2Utils.getSecureIdentifier(); String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools); JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index d35d113f9..bb66f452a 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -61,13 +61,11 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); if (MiscUtil.isEmpty(sl20Result)) { - - //TODO: remove //Workaround for SIC Handy-Signature, because it sends result in InputStream - String test = StreamUtils.readStream(request.getInputStream(), "UTF-8"); - if (MiscUtil.isNotEmpty(test)) { + String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8"); + if (MiscUtil.isNotEmpty(isReqInput)) { Logger.info("Use SIC Handy-Signature work-around!"); - sl20Result = test.substring("slcommand=".length()); + sl20Result = isReqInput.substring("slcommand=".length()); } else { Logger.info("NO SL2.0 commando or result FOUND."); @@ -244,7 +242,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //build first redirect command for app JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( - authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL), + generateICPRedirectURLForDebugging(), callCommand, null, true); JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); @@ -285,6 +283,30 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { } } + /** + * Generates a IPC redirect URL that is configured on IDP side + * + * @return IPC ReturnURL, or null if no URL is configured + */ + private String generateICPRedirectURLForDebugging() { + final String PATTERN_PENDING_REQ_ID = "#PENDINGREQID#"; + + String ipcRedirectURLConfig = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL); + if (MiscUtil.isNotEmpty(ipcRedirectURLConfig)) { + if (ipcRedirectURLConfig.contains(PATTERN_PENDING_REQ_ID)) { + Logger.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... "); + ipcRedirectURLConfig = ipcRedirectURLConfig.replaceAll( + "#PENDINGREQID#", + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReq.getRequestID()); + + } + + return ipcRedirectURLConfig; + } + + return null; + + } } -- cgit v1.2.3