Merge pull request #61 from miszobi/issue/60-allow-retrieving-request-ids

#60: allow retrieving the generated request ids

Author: pitbulk

core/src/main/java/com/onelogin/saml2/Auth.java

@@ -37,6 +37,8 @@
  * Defines the methods that you can invoke in your application in
  * order to add SAML support (initiates sso, initiates slo, processes a
  * SAML Response, a Logout Request or a Logout Response).
+ *
+ * This is stateful and not thread-safe, you should create a new instance for each request/response.
  */
 public class Auth {
 	/**
@@ -94,6 +96,11 @@ public class Auth {
      */
 	private String errorReason;
 
+	/**
+	 * The id of the last request (Authn or Logout) generated
+	 */
+	private String lastRequestId;
+
 	/**
 	 * Initializes the SP SAML instance.
 	 *
@@ -191,14 +198,15 @@ public void setStrict(Boolean value)
 	/**
 	 * Initiates the SSO process.
 	 *
-	 * @param returnTo 
-     *				The target URL the user should be returned to after login.
-	 * @param forceAuthn 
-     *				When true the AuthNReuqest will set the ForceAuthn='true'
-	 * @param isPassive 
-     *				When true the AuthNReuqest will set the IsPassive='true'
+	 * @param returnTo
+	 *				The target URL the user should be returned to after login.
+	 * @param forceAuthn
+	 *				When true the AuthNRequest will set the ForceAuthn='true'
+	 * @param isPassive
+	 *				When true the AuthNRequest will set the IsPassive='true'
 	 * @param setNameIdPolicy
-	 *            When true the AuthNReuqest will set a nameIdPolicy
+	 *            When true the AuthNRequest will set a nameIdPolicy
+	 * @return the representation of the AuthNRequest generated
 	 * @throws IOException
 	 */
 	public void login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy) throws IOException {
@@ -229,6 +237,7 @@ public void login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolea
 
 		LOGGER.debug("AuthNRequest sent to " + ssoUrl + " --> " + samlRequest);
 		Util.sendRedirect(response, ssoUrl, parameters);
+		lastRequestId = authnRequest.getId();
 	}
 
 	/**
@@ -292,6 +301,7 @@ public void logout(String returnTo, String nameId, String sessionIndex) throws I
 		String sloUrl = getSLOurl();
 		LOGGER.debug("Logout request sent to " + sloUrl + " --> " + samlLogoutRequest);
 		Util.sendRedirect(response, sloUrl, parameters);
+		lastRequestId = logoutRequest.getId();
 	}
 
 	/**
@@ -538,7 +548,15 @@ public String getLastErrorReason()
     {
     	return errorReason;
     }
-     
+
+	/**
+	 * @return the id of the last request generated (AuthnRequest or LogoutRequest), null if none
+	 */
+	public String getLastRequestId()
+	{
+		return lastRequestId;
+	}
+
     /**
      * @return the Saml2Settings object. The Settings data.
      */

core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java

@@ -186,4 +186,12 @@ private static StringBuilder getAuthnRequestTemplate() {
 		template.append("${nameIDPolicyStr}${requestedAuthnContextStr}</samlp:AuthnRequest>");
 		return template;
 	}
+
+	/**
+	 * @return the generated id of the AuthnRequest message
+	 */
+	public String getId()
+	{
+		return id;
+	}
 }

core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java

@@ -599,4 +599,12 @@ public static List<String> getSessionIndexes(String samlLogoutRequestString) thr
 	public String getError() {
 		return error;
 	}
+
+	/**
+	 * @return the generated id of the LogoutRequest message
+	 */
+	public String getId()
+	{
+		return id;
+	}
 }

core/src/main/java/com/onelogin/saml2/util/Util.java

@@ -103,6 +103,7 @@ public final class Util {
 
     private static final DateTimeFormatter DATE_TIME_FORMAT = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss'Z'").withZone(DateTimeZone.UTC);
 	private static final DateTimeFormatter DATE_TIME_FORMAT_MILLS = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").withZone(DateTimeZone.UTC);
+	public static final String UNIQUE_ID_PREFIX = "ONELOGIN_";
 
 	/**
 	 * This function load an XML string in a save way. Prevent XEE/XXE Attacks
@@ -1344,50 +1345,9 @@ private static SecretKey generateSymmetricKey() throws Exception {
 	 * @return A unique string
 	 */
 	public static String generateUniqueID() {
-		String uniqueIdSha1 = StringUtils.EMPTY;
-		String uniqueId = StringUtils.EMPTY;
-
-		try {
-			Random r = new Random();
-			Integer n = r.nextInt();
-
-			String id = uniqid(n.toString(), true);
-
-			MessageDigest crypt = MessageDigest.getInstance("SHA-1");
-			crypt.reset();
-			crypt.update(id.getBytes());
-			uniqueIdSha1 = new BigInteger(1, crypt.digest()).toString(16);
-
-			uniqueId = "ONELOGIN_" + uniqueIdSha1;
-		} catch (Exception e) {
-			LOGGER.error("Error executing generateUniqueID: " + e.getMessage(), e);
-		}
-		return uniqueId;
-	}	
-
-	/**
-	 * Generates random UUID
-	 * 
-	 * @param prefix
-	 *
-	 * @param more_entropy
-	 * 
-	 * @return the random UUID
-	 */
-	public static String uniqid(String prefix, Boolean more_entropy) {
-		if (prefix != null && StringUtils.isEmpty(prefix)) {
-			prefix = StringUtils.EMPTY;
-		}
-
-		if (!more_entropy) {
-			return (String) (prefix + UUID.randomUUID().toString()).substring(
-					0, 13);
-		} else {
-			return (String) (prefix + UUID.randomUUID().toString() + UUID
-					.randomUUID().toString()).substring(0, 23);
-		}
+		return UNIQUE_ID_PREFIX + UUID.randomUUID();
 	}
-	
+
 	/**
 	 * Interprets a ISO8601 duration value relative to a current time timestamp.
 	 *

core/src/test/java/com/onelogin/saml2/test/AuthTest.java

@@ -1,9 +1,11 @@
 package com.onelogin.saml2.test;
 
 
+import static com.onelogin.saml2.util.Util.UNIQUE_ID_PREFIX;
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.CoreMatchers.startsWith;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
@@ -91,6 +93,7 @@ public void testConstructor() throws IOException, SettingsException {
 		Saml2Settings settings = new SettingsBuilder().fromFile("onelogin.saml.properties").build();
 		assertEquals(settings.getIdpEntityId(), auth.getSettings().getIdpEntityId());
 		assertEquals(settings.getSpEntityId(), auth.getSettings().getSpEntityId());
+		assertNull(auth.getLastRequestId());
 	}
 
 	/**
@@ -896,6 +899,7 @@ public void testLogin() throws IOException, SettingsException, URISyntaxExceptio
 		Auth auth = new Auth(settings, request, response);
 		auth.login();
 		verify(response).sendRedirect(matches("https:\\/\\/pitbulk.no-ip.org\\/simplesaml\\/saml2\\/idp\\/SSOService.php\\?SAMLRequest=(.)*&RelayState=http%3A%2F%2Flocalhost%3A8080%2Finitial.jsp"));
+		assertThat(auth.getLastRequestId(), startsWith(Util.UNIQUE_ID_PREFIX));
 	}
 
 	/**
@@ -1011,6 +1015,7 @@ public void testLogout() throws IOException, SettingsException, XMLEntityExcepti
 		auth.logout();
 
 		verify(response).sendRedirect(matches("https:\\/\\/pitbulk.no-ip.org\\/simplesaml\\/saml2\\/idp\\/SingleLogoutService.php\\?SAMLRequest=(.)*&RelayState=http%3A%2F%2Flocalhost%3A8080%2Finitial.jsp"));
+		assertThat(auth.getLastRequestId(), startsWith(Util.UNIQUE_ID_PREFIX));
 	}
 
 	/**

core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java

@@ -241,6 +241,18 @@ public void testAuthNContext() throws Exception {
 		assertThat(authnRequestStr, containsString("<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>"));
 	}
 
+	@Test
+	public void testAuthNId() throws Exception
+	{
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build();
+
+		AuthnRequest authnRequest = new AuthnRequest(settings);
+		final String authnRequestStr = Util.base64decodedInflated(authnRequest.getEncodedAuthnRequest());
+
+		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
+		assertThat(authnRequestStr, containsString("ID=\"" + authnRequest.getId() + "\""));
+	}
+
 	/**
 	 * Tests the AuthnRequest Constructor
 	 * The creation of a deflated SAML Request with and without Destination

core/src/test/java/com/onelogin/saml2/test/logout/LogoutRequestTest.java

@@ -81,6 +81,7 @@ public void testConstructor() throws Exception {
 		String logoutRequestStr = Util.base64decodedInflated(logoutRequestStringBase64);
 
 		assertThat(logoutRequestStr, containsString("<samlp:LogoutRequest"));
+		assertThat(logoutRequestStr, containsString("ID=\"" + logoutRequest.getId() + "\""));
 		assertThat(logoutRequestStr, not(containsString("<samlp:SessionIndex>")));
 	}
 

core/src/test/java/com/onelogin/saml2/test/util/UtilsTest.java

@@ -4,6 +4,7 @@
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.not;
 import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.startsWith;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
@@ -1893,7 +1894,7 @@ public void testGenerateNameId() throws URISyntaxException, IOException, Certifi
 	public void testGenerateUniqueID() {
 		String s1 = Util.generateUniqueID();
 
-		assertThat(s1, containsString("ONELOGIN_"));
+		assertThat(s1, startsWith(Util.UNIQUE_ID_PREFIX));
 		assertTrue(s1.length() > 40);
 
 		String s2 = Util.generateUniqueID();
@@ -1903,36 +1904,6 @@ public void testGenerateUniqueID() {
 		assertNotEquals(s2, s3);
 	}
 
-	/**
-	 * Tests the uniqid method
-	 * 
-	 * @see com.onelogin.saml2.util.Util#uniqid
-	 */
-	@Test
-	public void testUniqid() {
-		String id_1 = Util.uniqid(null, false);
-		String id_2 = Util.uniqid(null, false);
-		assertNotEquals(id_1, id_2);
-
-		String id_3 = Util.uniqid(null, true);
-		String id_4 = Util.uniqid(null, true);
-		assertNotEquals(id_3, id_4);
-
-		assertNotEquals(id_1, id_3);
-		assertNotEquals(id_1, id_4);
-		assertNotEquals(id_2, id_3);
-		assertNotEquals(id_2, id_4);
-
-		String id_5 = Util.uniqid("ONELOGIN_", false);
-		String id_6 = Util.uniqid("ONELOGIN_", true);
-		assertThat(id_5, containsString("ONELOGIN_"));
-		assertThat(id_6, containsString("ONELOGIN_"));
-		assertNotEquals(id_5, id_6);
-
-		String id_7 = Util.uniqid("", false);
-		assertNotEquals(id_6, id_7);
-	}
-
 	/**
 	 * Tests the parseDuration method
 	 *