#60: allow retrieving the generated request ids

- Auth now has getLastLoginRequestId/getLastLogoutRequestId methods
  that allow retrieving the id of the generated AuthnRequest/LogoutRequest
  message to be used in response validation

Author: miszobi

core/src/main/java/com/onelogin/saml2/Auth.java

@@ -37,6 +37,8 @@
  * Defines the methods that you can invoke in your application in
  * order to add SAML support (initiates sso, initiates slo, processes a
  * SAML Response, a Logout Request or a Logout Response).
+ *
+ * This is stateful and not thread-safe, you should create a new instance for each request/response.
  */
 public class Auth {
 	/**
@@ -94,6 +96,16 @@ public class Auth {
      */
 	private String errorReason;
 
+	/**
+	 * The id of the last AuthnRequest generated
+	 */
+	private String lastLoginRequestId;
+
+	/**
+	 * The id of the last LogoutRequest generated
+	 */
+	private String lastLogoutRequestId;
+
 	/**
 	 * Initializes the SP SAML instance.
 	 *
@@ -191,14 +203,15 @@ public void setStrict(Boolean value)
 	/**
 	 * Initiates the SSO process.
 	 *
-	 * @param returnTo 
-     *				The target URL the user should be returned to after login.
-	 * @param forceAuthn 
-     *				When true the AuthNReuqest will set the ForceAuthn='true'
-	 * @param isPassive 
-     *				When true the AuthNReuqest will set the IsPassive='true'
+	 * @param returnTo
+	 *				The target URL the user should be returned to after login.
+	 * @param forceAuthn
+	 *				When true the AuthNRequest will set the ForceAuthn='true'
+	 * @param isPassive
+	 *				When true the AuthNRequest will set the IsPassive='true'
 	 * @param setNameIdPolicy
-	 *            When true the AuthNReuqest will set a nameIdPolicy
+	 *            When true the AuthNRequest will set a nameIdPolicy
+	 * @return the representation of the AuthNRequest generated
 	 * @throws IOException
 	 */
 	public void login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy) throws IOException {
@@ -229,6 +242,7 @@ public void login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolea
 
 		LOGGER.debug("AuthNRequest sent to " + ssoUrl + " --> " + samlRequest);
 		Util.sendRedirect(response, ssoUrl, parameters);
+		lastLoginRequestId = authnRequest.getId();
 	}
 
 	/**
@@ -292,6 +306,7 @@ public void logout(String returnTo, String nameId, String sessionIndex) throws I
 		String sloUrl = getSLOurl();
 		LOGGER.debug("Logout request sent to " + sloUrl + " --> " + samlLogoutRequest);
 		Util.sendRedirect(response, sloUrl, parameters);
+		lastLogoutRequestId = logoutRequest.getId();
 	}
 
 	/**
@@ -538,7 +553,23 @@ public String getLastErrorReason()
     {
     	return errorReason;
     }
-     
+
+	/**
+	 * @return the id of the last AuthnRequest generated, null if none
+	 */
+	public String getLastLoginRequestId()
+	{
+		return lastLoginRequestId;
+	}
+
+	/**
+	 * @return the id of the last LogoutRequest generated, null if none
+	 */
+	public String getLastLogoutRequestId()
+	{
+		return lastLogoutRequestId;
+	}
+
     /**
      * @return the Saml2Settings object. The Settings data.
      */

core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java

@@ -186,4 +186,12 @@ private static StringBuilder getAuthnRequestTemplate() {
 		template.append("${nameIDPolicyStr}${requestedAuthnContextStr}</samlp:AuthnRequest>");
 		return template;
 	}
+
+	/**
+	 * @return the generated id of the AuthnRequest message
+	 */
+	public String getId()
+	{
+		return id;
+	}
 }

core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java

@@ -599,4 +599,12 @@ public static List<String> getSessionIndexes(String samlLogoutRequestString) thr
 	public String getError() {
 		return error;
 	}
+
+	/**
+	 * @return the generated id of the LogoutRequest message
+	 */
+	public String getId()
+	{
+		return id;
+	}
 }

core/src/main/java/com/onelogin/saml2/util/Util.java

@@ -103,6 +103,7 @@ public final class Util {
 
     private static final DateTimeFormatter DATE_TIME_FORMAT = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss'Z'").withZone(DateTimeZone.UTC);
 	private static final DateTimeFormatter DATE_TIME_FORMAT_MILLS = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").withZone(DateTimeZone.UTC);
+	public static final String UNIQUE_ID_PREFIX = "ONELOGIN_";
 
 	/**
 	 * This function load an XML string in a save way. Prevent XEE/XXE Attacks
@@ -1344,9 +1345,6 @@ private static SecretKey generateSymmetricKey() throws Exception {
 	 * @return A unique string
 	 */
 	public static String generateUniqueID() {
-		String uniqueIdSha1 = StringUtils.EMPTY;
-		String uniqueId = StringUtils.EMPTY;
-
 		try {
 			Random r = new Random();
 			Integer n = r.nextInt();
@@ -1356,14 +1354,13 @@ public static String generateUniqueID() {
 			MessageDigest crypt = MessageDigest.getInstance("SHA-1");
 			crypt.reset();
 			crypt.update(id.getBytes());
-			uniqueIdSha1 = new BigInteger(1, crypt.digest()).toString(16);
+			final String uniqueIdSha1 = new BigInteger(1, crypt.digest()).toString(16);
 
-			uniqueId = "ONELOGIN_" + uniqueIdSha1;
+			return UNIQUE_ID_PREFIX + uniqueIdSha1;
 		} catch (Exception e) {
-			LOGGER.error("Error executing generateUniqueID: " + e.getMessage(), e);
+			throw new RuntimeException("Error executing generateUniqueID: " + e.getMessage(), e);
 		}
-		return uniqueId;
-	}	
+	}
 
 	/**
 	 * Generates random UUID

core/src/test/java/com/onelogin/saml2/test/AuthTest.java

@@ -1,9 +1,11 @@
 package com.onelogin.saml2.test;
 
 
+import static com.onelogin.saml2.util.Util.UNIQUE_ID_PREFIX;
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.CoreMatchers.startsWith;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
@@ -91,6 +93,8 @@ public void testConstructor() throws IOException, SettingsException {
 		Saml2Settings settings = new SettingsBuilder().fromFile("onelogin.saml.properties").build();
 		assertEquals(settings.getIdpEntityId(), auth.getSettings().getIdpEntityId());
 		assertEquals(settings.getSpEntityId(), auth.getSettings().getSpEntityId());
+		assertNull(auth.getLastLoginRequestId());
+		assertNull(auth.getLastLogoutRequestId());
 	}
 
 	/**
@@ -896,6 +900,7 @@ public void testLogin() throws IOException, SettingsException, URISyntaxExceptio
 		Auth auth = new Auth(settings, request, response);
 		auth.login();
 		verify(response).sendRedirect(matches("https:\\/\\/pitbulk.no-ip.org\\/simplesaml\\/saml2\\/idp\\/SSOService.php\\?SAMLRequest=(.)*&RelayState=http%3A%2F%2Flocalhost%3A8080%2Finitial.jsp"));
+		assertThat(auth.getLastLoginRequestId(), startsWith(Util.UNIQUE_ID_PREFIX));
 	}
 
 	/**
@@ -1011,6 +1016,7 @@ public void testLogout() throws IOException, SettingsException, XMLEntityExcepti
 		auth.logout();
 
 		verify(response).sendRedirect(matches("https:\\/\\/pitbulk.no-ip.org\\/simplesaml\\/saml2\\/idp\\/SingleLogoutService.php\\?SAMLRequest=(.)*&RelayState=http%3A%2F%2Flocalhost%3A8080%2Finitial.jsp"));
+		assertThat(auth.getLastLogoutRequestId(), startsWith(Util.UNIQUE_ID_PREFIX));
 	}
 
 	/**

core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java

@@ -241,6 +241,18 @@ public void testAuthNContext() throws Exception {
 		assertThat(authnRequestStr, containsString("<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>"));
 	}
 
+	@Test
+	public void testAuthNId() throws Exception
+	{
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build();
+
+		AuthnRequest authnRequest = new AuthnRequest(settings);
+		final String authnRequestStr = Util.base64decodedInflated(authnRequest.getEncodedAuthnRequest());
+
+		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
+		assertThat(authnRequestStr, containsString("ID=\"" + authnRequest.getId() + "\""));
+	}
+
 	/**
 	 * Tests the AuthnRequest Constructor
 	 * The creation of a deflated SAML Request with and without Destination

core/src/test/java/com/onelogin/saml2/test/logout/LogoutRequestTest.java

@@ -81,6 +81,7 @@ public void testConstructor() throws Exception {
 		String logoutRequestStr = Util.base64decodedInflated(logoutRequestStringBase64);
 
 		assertThat(logoutRequestStr, containsString("<samlp:LogoutRequest"));
+		assertThat(logoutRequestStr, containsString("ID=\"" + logoutRequest.getId() + "\""));
 		assertThat(logoutRequestStr, not(containsString("<samlp:SessionIndex>")));
 	}
 

core/src/test/java/com/onelogin/saml2/test/util/UtilsTest.java

@@ -1893,7 +1893,7 @@ public void testGenerateNameId() throws URISyntaxException, IOException, Certifi
 	public void testGenerateUniqueID() {
 		String s1 = Util.generateUniqueID();
 
-		assertThat(s1, containsString("ONELOGIN_"));
+		assertThat(s1, containsString(Util.UNIQUE_ID_PREFIX));
 		assertTrue(s1.length() > 40);
 
 		String s2 = Util.generateUniqueID();
@@ -1923,10 +1923,10 @@ public void testUniqid() {
 		assertNotEquals(id_2, id_3);
 		assertNotEquals(id_2, id_4);
 
-		String id_5 = Util.uniqid("ONELOGIN_", false);
-		String id_6 = Util.uniqid("ONELOGIN_", true);
-		assertThat(id_5, containsString("ONELOGIN_"));
-		assertThat(id_6, containsString("ONELOGIN_"));
+		String id_5 = Util.uniqid(Util.UNIQUE_ID_PREFIX, false);
+		String id_6 = Util.uniqid(Util.UNIQUE_ID_PREFIX, true);
+		assertThat(id_5, containsString(Util.UNIQUE_ID_PREFIX));
+		assertThat(id_6, containsString(Util.UNIQUE_ID_PREFIX));
 		assertNotEquals(id_5, id_6);
 
 		String id_7 = Util.uniqid("", false);