From d0ea99676485e559445df05e937bf899a50308bc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Mar 2019 09:06:52 +0100 Subject: fix attribute escaping problem in IdentityLinkAssertionParser and move the escaping into SL1.0 AuthBlock builder and validator this fix can be deactivated by property: 'configuration.bugfix.enable.idl.escaping' to get backward compatibility --- .../java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 5 ++++- .../at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java | 1 + .../moa/id/auth/validator/CreateXMLSignatureResponseValidator.java | 4 ++-- .../moa/id/protocols/saml1/SAML1AuthenticationServer.java | 3 ++- 4 files changed, 9 insertions(+), 4 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a77ba45a5..a500a7c93 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -536,7 +536,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException, EAAFBuilderException { IIdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getName(); + String issuer = identityLink.getName(); + // replace ' in name with ' + issuer = issuer.replaceAll("'", "'"); + String gebDat = identityLink.getDateOfBirth(); String identificationValue = null; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java index fb65bac04..d2429e63b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -93,6 +93,7 @@ public class PersonDataBuilder { prIdentification.getFirstChild().setNodeValue(""); } String xmlString = DOMUtils.serializeNode(prPerson); + return xmlString; } catch (Exception ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index ab9be7163..78d999971 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -161,7 +161,7 @@ public class CreateXMLSignatureResponseValidator { } // replace ' in name with ' issuer = issuer.replaceAll("'", "'"); - if (!issuer.equals(identityLink.getName())) + if (!issuer.equals(identityLink.getName().replaceAll("'", "'"))) throw new ValidateException("validator.33", new Object[] {issuer, identityLink.getName()}); @@ -467,7 +467,7 @@ public class CreateXMLSignatureResponseValidator { throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); } - String name = identityLink.getName(); + String name = identityLink.getName().replaceAll("'", "'"); if (!issuer.equals(name)) { throw new ValidateException("validator.33", new Object[] {issuer, name}); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 64a4bae63..7a9557baf 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -294,10 +294,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer { familyName.setPrimary("undefined"); name.getGivenName().add(authData.getGivenName()); person.setDateOfBirth(authData.getFormatedDateOfBirth()); - + JAXBContext jc = JAXBContext.newInstance("at.gv.util.xsd.persondata"); Marshaller m = jc.createMarshaller(); m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); + m.setProperty(Marshaller.JAXB_ENCODING, "UTF-8"); // m.setProperty("com.sun.xml.bind.namespacePrefixMapper", new NamespacePrefixMapper() { // public String getPreferredPrefix(String arg0, String arg1, boolean arg2) { -- cgit v1.2.3