This is an automated email from the ASF dual-hosted git repository.
nvazquez pushed a commit to branch 4.16
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.16 by this push:
new ee27708 SAML: replace first number with random alphabet if request ID
starts with a number (#6165)
ee27708 is described below
commit ee27708ffba3398c2cfa1c9dd5e54510604c790a
Author: Wei Zhou <[email protected]>
AuthorDate: Wed Mar 30 04:59:44 2022 +0200
SAML: replace first number with random alphabet if request ID starts with a
number (#6165)
---
.../src/main/java/org/apache/cloudstack/saml/SAMLUtils.java | 5 ++++-
.../src/test/java/org/apache/cloudstack/SAMLUtilsTest.java | 10 ++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git
a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
index 6110cc5..2a190f3 100644
---
a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
+++
b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java
@@ -100,8 +100,11 @@ import com.cloud.utils.HttpUtils;
public class SAMLUtils {
public static final Logger s_logger = Logger.getLogger(SAMLUtils.class);
+ static final String charset = "abcdefghijklmnopqrstuvwxyz";
+
public static String generateSecureRandomId() {
- return new BigInteger(160, new SecureRandom()).toString(32);
+ return new BigInteger(160, new
SecureRandom()).toString(32).replaceFirst("^[0-9]",
+ String.valueOf(charset.charAt(new
SecureRandom().nextInt(charset.length()))));
}
public static String getValueFromAttributeStatements(final
List<AttributeStatement> attributeStatements, final String attributeKey) {
diff --git
a/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/SAMLUtilsTest.java
b/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/SAMLUtilsTest.java
index 4784134..433fdf3 100644
---
a/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/SAMLUtilsTest.java
+++
b/plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/SAMLUtilsTest.java
@@ -22,6 +22,7 @@ package org.apache.cloudstack;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
+import java.util.regex.Pattern;
import org.apache.cloudstack.saml.SAMLUtils;
import org.apache.cloudstack.utils.security.CertUtils;
@@ -39,6 +40,15 @@ public class SAMLUtilsTest extends TestCase {
}
@Test
+ public void testGenerateSecureRandomId2() throws Exception {
+ for (int i = 0; i < 20; i++) {
+ String randomId = SAMLUtils.generateSecureRandomId();
+ System.out.println("randomId is " + randomId);
+ assertTrue(Pattern.compile("^[a-z]").matcher(randomId).find());
+ }
+ }
+
+ @Test
public void testBuildAuthnRequestObject() throws Exception {
String consumerUrl = "http://someurl.com";;
String idpUrl = "http://idp.domain.example";;
