From ef0818703e9ec6dd0619634cbb99d181c12f9c91 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 1 Feb 2018 10:52:24 +0100 Subject: change Base64 encoder implementation to prohibit newLines in Base64 strings --- .../moa/id/protocols/builder/attributes/EIDAuthBlock.java | 6 +++--- .../id/protocols/builder/attributes/EIDIdentityLinkBuilder.java | 6 +++--- .../moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java | 5 +++-- .../moa/id/protocols/builder/attributes/EIDSignerCertificate.java | 7 ++----- .../builder/attributes/MandateFullMandateAttributeBuilder.java | 5 +++-- 5 files changed, 14 insertions(+), 15 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java index dab3810e3..6f7c0dc97 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java @@ -24,13 +24,13 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import java.io.IOException; +import org.springframework.util.Base64Utils; + import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; public class EIDAuthBlock implements IPVPAttributeBuilder { @@ -46,7 +46,7 @@ public class EIDAuthBlock implements IPVPAttributeBuilder { String authblock = authData.getAuthBlock(); if (MiscUtil.isNotEmpty(authblock)) { return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, - Base64Utils.encode(authblock.getBytes("UTF-8"))); + Base64Utils.encodeToString(authblock.getBytes("UTF-8"))); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java index 9e5d4198c..a01605986 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java @@ -24,13 +24,13 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import java.io.IOException; +import org.springframework.util.Base64Utils; + import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { @@ -49,7 +49,7 @@ public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, - EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes("UTF-8"))); + EID_IDENTITY_LINK_NAME, Base64Utils.encodeToString(ilAssertion.getBytes("UTF-8"))); } catch (IOException e) { Logger.warn("IdentityLink serialization error.", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java index 0978cfe90..71fc7966c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java @@ -24,13 +24,14 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import java.io.IOException; +import org.springframework.util.Base64Utils; + import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @Deprecated @@ -57,7 +58,7 @@ public class EIDSTORKTOKEN implements IPVPAttributeBuilder { } else { try { return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME, - Base64Utils.encode(storkResponse.getBytes("UTF-8"))); + Base64Utils.encodeToString(storkResponse.getBytes("UTF-8"))); } catch (IOException e) { Logger.warn("Encode AuthBlock BASE64 failed.", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java index 0bc110355..4b4296536 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java @@ -23,15 +23,13 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; -import java.io.IOException; +import org.springframework.util.Base64Utils; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; public class EIDSignerCertificate implements IPVPAttributeBuilder { @@ -46,8 +44,7 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder { byte[] signerCertificate = authData.getSignerCertificate(); if (signerCertificate != null) { return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, - //Base64Utils.encode(signerCertificate)); - org.springframework.util.Base64Utils.encodeToString(signerCertificate)); + Base64Utils.encodeToString(signerCertificate)); } }catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java index 53cfbecc1..ffb69c2dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -26,12 +26,13 @@ import java.io.IOException; import javax.xml.transform.TransformerException; +import org.springframework.util.Base64Utils; + import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder { @@ -51,7 +52,7 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder fullMandate = DOMUtils.serializeNode(authData .getMandate()); return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, - MANDATE_FULL_MANDATE_NAME, Base64Utils.encode(fullMandate.getBytes())); + MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes())); } catch (TransformerException e) { Logger.error("Failed to generate Full Mandate", e); } catch (IOException e) { -- cgit v1.2.3