From 92709b7a3e7c18583e127d2160cfd96361ac035b Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 16 Feb 2012 19:03:20 +0000 Subject: =?UTF-8?q?*=20Update=20sourceID=20Parameter=20*=20Blacklist-?= =?UTF-8?q?=C3=9Cbergabe=20an=20iaik-moa=20*=20iaik-moa.jar=20zu=20reposit?= =?UTF-8?q?ory=20hinzugef=C3=BCgt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1250 d688527b-c9ab-4aba-bd8d-4036d912da1d --- id/server/doc/moa_id/id-anwendung_1.htm | 2 +- .../moa/id/auth/AuthenticationServer.java | 8 ++-- .../builder/AuthenticationAssertionBuilder.java | 22 +--------- .../AuthenticationDataAssertionBuilder.java | 5 --- .../moa/id/auth/builder/SAMLArtifactBuilder.java | 49 ++++++++++++++++++---- .../test/abnahme/A/Test300VerifyAuthBlock.java | 2 +- .../id/auth/builder/SAMLArtifactBuilderTest.java | 8 ++-- .../moa/id/auth/parser/SAMLArtifactParserTest.java | 12 +++--- .../id/proxy/builder/SAMLRequestBuilderTest.java | 2 +- 9 files changed, 58 insertions(+), 52 deletions(-) (limited to 'id/server') diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm index ad45ff7e1..561f3f556 100644 --- a/id/server/doc/moa_id/id-anwendung_1.htm +++ b/id/server/doc/moa_id/id-anwendung_1.htm @@ -94,7 +94,7 @@ StartAuthentication?Target=<geschäftsbereich> sourceID=<sourceID> - optional; Gibt eine sourceID an, die (wenn sie gesetzt ist) in der SAML-Assertion aufscheint + optional; Gibt eine sourceID an, die (wenn sie gesetzt ist) zur Berechnung des SAML-Artifacts herangezogen wird. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5eb23cabc..093d22732 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1538,7 +1538,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), - session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1554,7 +1553,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID()); storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session @@ -1717,7 +1716,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID()); storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session @@ -1816,7 +1815,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getBkuURL(), session.getAssertionSignerCertificateBase64(), session.getAssertionBusinessService(), - session.getSourceID(), session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); @@ -1832,7 +1830,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } String samlArtifact = - new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID(), session.getSourceID()); storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 410d045f0..bcad65eed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -114,25 +114,5 @@ public class AuthenticationAssertionBuilder { return sb.toString(); } - /** - * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion - * delivered to the online application. - * The method traverses through the list of given SAML attribute objects and builds an - * XML structure (String representation) for each of the attributes. - * - * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or - * to the SAML assertion delivered to the online application. - * @return A string representation including the XML structures of - * the SAML attributes. - * - * @throws ParseException If an error occurs on serializing an SAML attribute. - */ - protected String buildSourceIDSAMLAttributes(String sourceID) throws ParseException { - StringBuffer sb = new StringBuffer(); - if (sourceID!=null) - sb.append(MessageFormat.format( SAML_ATTRIBUTE_NO_NAMESPACE, new Object[] {"SourceID", sourceID})); - - return sb.toString(); - } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 7032e09eb..b9e44544d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -72,7 +72,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB "{10}" + "{11}" + "{12}" + - "{13}" + " " + NL + ""; @@ -107,7 +106,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB "{11}" + "{12}" + "{13}" + - "{14}" + " " + NL + ""; /** @@ -158,7 +156,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, - String sourceID, List extendedSAMLAttributes) throws BuildException { @@ -210,7 +207,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB StringUtils.removeXMLDeclaration(xmlPersonData), isQualifiedCertificate, bkuURL, - buildSourceIDSAMLAttributes(sourceID), publicAuthorityAttribute, signerCertificateAttribute, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); @@ -301,7 +297,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB StringUtils.removeXMLDeclaration(xmlMandateData), isQualifiedCertificate, bkuURL, - buildSourceIDSAMLAttributes(sourceID), publicAuthorityAttribute, signerCertificateAttribute, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index 41e4cd37d..145664a2b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -67,7 +67,7 @@ public class SAMLArtifactBuilder { * of AssertionHandle * @return the 42-byte SAML artifact, encoded BASE64 */ - public String build(String authURL, String sessionID) throws BuildException { + public String build(String authURL, String sessionID, String sourceIdParam) throws BuildException { try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] sourceID; @@ -77,16 +77,45 @@ public class SAMLArtifactBuilder { //System.out.println("alternativeSourceID: " + alternativeSourceID); //System.out.println("authURL: " + authURL); - if (!ParepUtils.isEmpty(alternativeSourceID)) { - // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; - sourceID = md.digest(alternativeSourceID.getBytes()); - Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\"."); - } else { - sourceID = md.digest(authURL.getBytes()); + // if sourceID is given in GET/POST param - use this as source id + if (!ParepUtils.isEmpty(sourceIdParam)) { + // if GET/POST parameter sourceID is set, use that sourceID instead of authURL; + sourceID = md.digest(sourceIdParam.getBytes()); + Logger.info("Building SAMArtifact from sourceID \"" + sourceIdParam + "\" instead of authURL \"" + authURL + "\"."); + + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + //System.out.println("samlArtifact: " + new String(samlArtifact)); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + //System.out.println("samlArtifact Base64: " + samlArtifactBase64); + return samlArtifactBase64; } - //System.out.println("sourceID: " + new String(sourceID)); + // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; + if (!ParepUtils.isEmpty(alternativeSourceID)) { + sourceID = md.digest(alternativeSourceID.getBytes()); + Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\"."); + + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + System.out.println("samlArtifact: " + new String(samlArtifact)); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + System.out.println("samlArtifact Base64: " + samlArtifactBase64); + return samlArtifactBase64; + } + // default: sourecID from authURL + sourceID = md.digest(authURL.getBytes()); byte[] assertionHandle = md.digest(sessionID.getBytes()); ByteArrayOutputStream out = new ByteArrayOutputStream(42); out.write(0); @@ -98,6 +127,10 @@ public class SAMLArtifactBuilder { String samlArtifactBase64 = Base64Utils.encode(samlArtifact); //System.out.println("samlArtifact Base64: " + samlArtifactBase64); return samlArtifactBase64; + + //System.out.println("sourceID: " + new String(sourceID)); + + } catch (Throwable ex) { throw new BuildException( diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java index d9cd13259..a71fe0181 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java @@ -619,7 +619,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase { oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : ""; String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; String samlAssertion = new AuthenticationDataAssertionBuilder().build( - authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null, null); + authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null); authData.setSamlAssertion(samlAssertion); return authData; } diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java index 979a4aa24..915dc540c 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java @@ -51,9 +51,9 @@ public class SAMLArtifactBuilderTest extends UnitTestCase { } protected void setUp() throws Exception { builder = new SAMLArtifactBuilder(); - artifact1 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false); - artifact2 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_2), false); - artifact3 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_3), false); + artifact1 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1, null), false); + artifact2 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_2, null), false); + artifact3 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_3, null), false); } public void testBuildArtifactLength() throws BuildException { @@ -62,7 +62,7 @@ public class SAMLArtifactBuilderTest extends UnitTestCase { assertEquals(42, artifact3.length); } public void testBuildSameArtifact() throws Exception { - byte[] artifact1Clone = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false); + byte[] artifact1Clone = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1, null), false); assertEquals(new String(artifact1), new String(artifact1Clone)); } public void testBuildDifferentArtifacts() throws BuildException { diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java index 1dab28dea..d34678f0c 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java @@ -44,7 +44,7 @@ public class SAMLArtifactParserTest extends UnitTestCase { public void testParseTypeCode() throws Exception { String sessionID = Random.nextRandom(); - String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID); + String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null); byte[] typeCode = new SAMLArtifactParser(samlArtifact).parseTypeCode(); assertEquals(typeCode[0], 0); assertEquals(typeCode[1], 1); @@ -52,8 +52,8 @@ public class SAMLArtifactParserTest extends UnitTestCase { public void testParseAssertionHandleSameSessionID() throws Exception { // SAML artifacts for different authURL's but same sessionID MUST give same assertion handle String sessionID = Random.nextRandom(); - String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID); - String samlArtifact2 = new SAMLArtifactBuilder().build(URL2, sessionID); + String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID, null); + String samlArtifact2 = new SAMLArtifactBuilder().build(URL2, sessionID, null); String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle(); String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle(); assertEquals(assertionHandle1, assertionHandle2); @@ -62,8 +62,8 @@ public class SAMLArtifactParserTest extends UnitTestCase { // SAML artifacts for same authURL but different sessionID's MUST give different assertion handles String sessionID1 = Random.nextRandom(); String sessionID2 = Random.nextRandom(); - String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID1); - String samlArtifact2 = new SAMLArtifactBuilder().build(URL1, sessionID2); + String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID1, null); + String samlArtifact2 = new SAMLArtifactBuilder().build(URL1, sessionID2, null); String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle(); String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle(); assertFalse(assertionHandle1.equals(assertionHandle2)); @@ -71,7 +71,7 @@ public class SAMLArtifactParserTest extends UnitTestCase { public void testParseAssertionHandleSameSAMLArtifact() throws Exception { // SAML artifact parsed twice MUST give same assertion handle each time String sessionID = Random.nextRandom(); - String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID); + String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null); String assertionHandle1 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); String assertionHandle2 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); assertEquals(assertionHandle1, assertionHandle2); diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java index 73085270f..467c6520e 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java @@ -43,7 +43,7 @@ public class SAMLRequestBuilderTest extends UnitTestCase { public void testBuild() throws Exception { String requestID = "123"; - String samlArtifact = new SAMLArtifactBuilder().build("https://moa.gv.at/auth/", "12345678901234567890"); + String samlArtifact = new SAMLArtifactBuilder().build("https://moa.gv.at/auth/", "12345678901234567890", null); String REQUEST_SHOULD = "" + "" + samlArtifact + "" + -- cgit v1.2.3