From 249ded0cad445464239553f5629a59524ae785d7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 19 Sep 2014 11:02:16 +0200
Subject: solve SLO frontchannel timeout problem

---
 .../conf/moa-id/htmlTemplates/slo_template.html       | 19 ++++++++++++++++---
 .../moa/id/auth/servlet/RedirectServlet.java          |  3 ++-
 .../resources/resources/templates/slo_template.html   |  2 +-
 3 files changed, 19 insertions(+), 5 deletions(-)

(limited to 'id/server')

diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
index 88279ee96..6cefe4054 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
@@ -380,7 +380,21 @@
 			function sloTimeOut() {
 				window.location.href="$timeoutURL";
 			
-			}	
+			}
+      function RestartAfterDelay() {
+        var eDate = null;
+        var MilliSekZeit = 0;
+        var SysDatumJetzt = new Date();
+        var SysDatumJetztMilli = SysDatumJetzt.getTime();
+
+        do {
+          eDate = new Date();
+          MilliSekZeit = eDate.getTime();
+
+        } while ((MilliSekZeit-SysDatumJetztMilli) < $timeout);
+
+        sloTimeOut();
+      }	
 	
 		</script>
 	#end
@@ -389,7 +403,7 @@
 </head>
 
 #if($timeoutURL)
-	<body onload='setTimeout(sloTimeOut(), $timeout);'>
+	<body onload='setTimeout(sloTimeOut, $timeout);'>
 #else
 	<body>
 #end
@@ -446,6 +460,5 @@
   #foreach( $el in $redirectURLs )
 	   <iframe src=$el class="reqframe"></iframe>
   #end
-  
 </body>
 </html>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 6e1811c8b..532ccb7ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -63,7 +64,7 @@ public class RedirectServlet extends AuthServlet{
 		String redirectTarget = DEFAULT_REDIRECTTARGET;
 		try {
 			oa = ConfigurationDBRead.getActiveOnlineApplication(url);			
-			if (oa == null) {		
+			if (oa == null && !url.startsWith(AuthConfigurationProvider.getInstance().getPublicURLPrefix())) {		
 				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
 				return;
 				
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
index 88279ee96..b241e85cf 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
@@ -389,7 +389,7 @@
 </head>
 
 #if($timeoutURL)
-	<body onload='setTimeout(sloTimeOut(), $timeout);'>
+	<body onload='setTimeout(sloTimeOut, $timeout);'>
 #else
 	<body>
 #end
-- 
cgit v1.2.3


From 35d6ba874ebf42ae921a9c8a82b55bafc771a69d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 19 Sep 2014 11:09:41 +0200
Subject: update libraries  - opensaml > 2.6.3  - iaik-moa > 1.51  -
 iaik_jce_full > 5.2  - iaik_cms > 5.0

---
 id/server/idserverlib/pom.xml                      | 16 +++++++++++++--
 .../moa/id/auth/MOAIDAuthInitializer.java          |  8 ++------
 .../VerifyXMLSignatureResponseValidator.java       | 24 ++++++++++++++++------
 id/server/stork2-commons/pom.xml                   | 14 ++++++++++---
 id/server/stork2-saml-engine/pom.xml               |  8 ++++++--
 5 files changed, 51 insertions(+), 19 deletions(-)

(limited to 'id/server')

diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index a8ffd10bc..00d128ca5 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -226,11 +226,23 @@
 	<dependency>
   		<groupId>org.opensaml</groupId>
   		<artifactId>opensaml</artifactId>
-  	</dependency>  		
+  		<exclusions>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+			</exclusions>
+  </dependency>  		
 	<dependency>
 		<groupId>org.opensaml</groupId>
 		<artifactId>xmltooling</artifactId>
-	</dependency>
+		<exclusions>
+			<exclusion>
+				<groupId>org.slf4j</groupId>
+				<artifactId>log4j-over-slf4j</artifactId>
+			</exclusion>
+		</exclusions>
+	</dependency>  		
 
 <!-- 	<dependency>
 			<groupId>regexp</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 80afd9f82..db36356c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -3,7 +3,6 @@
 
 package at.gv.egovernment.moa.id.auth;
 
-import iaik.cms.ecc.IaikEccProvider;
 import iaik.pki.PKIException;
 import iaik.pki.jsse.IAIKX509TrustManager;
 import iaik.security.ecc.provider.ECCProvider;
@@ -11,12 +10,9 @@ import iaik.security.provider.IAIK;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
-import java.security.Security;
-import java.util.Properties;
 
 import javax.activation.CommandMap;
 import javax.activation.MailcapCommandMap;
-import javax.mail.Session;
 import javax.net.ssl.SSLSocketFactory;
 
 import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -119,8 +115,8 @@ public class MOAIDAuthInitializer {
             Logger.warn(MOAIDMessageProvider.getInstance().getMessage(
                     "init.01", null), e);
         }
-
-        IAIK.addAsProvider();
+        
+        IAIK.addAsProvider();                
         ECCProvider.addAsProvider();
         
         // Initializes SSLSocketFactory store
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 2b687a0c8..284a77126 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -53,6 +53,7 @@ import iaik.utils.RFC2253NameParserException;
 import iaik.x509.X509Certificate;
 import iaik.x509.X509ExtensionInitException;
 
+import java.security.InvalidKeyException;
 import java.security.PublicKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.ArrayList;
@@ -266,14 +267,25 @@ public class VerifyXMLSignatureResponseValidator {
       }
       
       //compare ECDSAPublicKeys
-      if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) && 
-         (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) {
+      if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) || 
+    		  (idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey)) && 
+         ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) || 
+        		(pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey) ) ) {
 
-          ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature;
-          ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i];
+		try {
+			ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded());
+			ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded());
+			
+	        if(ecdsakey.equals(ecdsaPubKeySignature))
+	              found = true;
+			
+		} catch (InvalidKeyException e) {
+			Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e);
+			throw new ValidateException("validator.09", null);
+		}
           
-          if(ecdsakey.equals(ecdsaPubKeySignature))
-              found = true;
+          
+
       }
       
 //  		Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName()
diff --git a/id/server/stork2-commons/pom.xml b/id/server/stork2-commons/pom.xml
index d0fd5a1ad..555d6cec7 100644
--- a/id/server/stork2-commons/pom.xml
+++ b/id/server/stork2-commons/pom.xml
@@ -13,13 +13,21 @@
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<stork.version>1.4.0</stork.version>
-		<opensaml.version>2.6.2</opensaml.version>
+		<opensaml.version>2.6.3</opensaml.version>
 	</properties>
 	<version>${stork.version}</version>
   <description>
         The STORKCommons library provides beans, Java Interfaces and utility classes to integrate PEPS and SAML Engine.
   </description>
    
+  <repositories>
+		<repository>
+			<id>shibboleth.internet2.edu</id>
+			<name>Internet2</name>
+			<url>https://build.shibboleth.net/nexus/content/groups/public/</url>
+		</repository>
+	</repositories> 
+   
 	<dependencies>
 
 		<!-- Joda -->
@@ -55,8 +63,8 @@
 		</dependency>
 
 		<dependency>
-			<groupId>org.opensaml</groupId>
-			<artifactId>opensaml</artifactId>
+  		<groupId>org.opensaml</groupId>
+  		<artifactId>opensaml</artifactId>
 			<exclusions>
 				<exclusion>
 				    <groupId>org.slf4j</groupId>
diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml
index 89ddab22a..30f2bff7c 100644
--- a/id/server/stork2-saml-engine/pom.xml
+++ b/id/server/stork2-saml-engine/pom.xml
@@ -49,12 +49,12 @@
 			<groupId>eu.stork</groupId>
 			<artifactId>Commons</artifactId>
 			<version>${commons.version}</version>
-			<exclusions>
+<!-- 			<exclusions>
 				<exclusion>
 					<groupId>org.bouncycastle</groupId>
 					<artifactId>bcprov-jdk16</artifactId>				
 				</exclusion>
-			</exclusions>
+			</exclusions> -->
 		</dependency>
 
 		<dependency>
@@ -82,6 +82,10 @@
 					<groupId>org.slf4j</groupId>
 					<artifactId>jul-to-slf4j</artifactId>
 				</exclusion>
+				<exclusion>
+					<artifactId>bcprov-jdk15on</artifactId>
+					<groupId>org.bouncycastle</groupId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 
-- 
cgit v1.2.3