diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2021-12-20 15:54:56 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2021-12-20 15:54:56 +0100 |
commit | 506ab3232b2c237a1d83c9e970dccdb9445d5d81 (patch) | |
tree | 3c94a1a8b4849bdcdbe56d12d0dd7b2e964b234f | |
parent | fc0385dbeee71f1ce18783ef1c7a4d06288fdb0d (diff) | |
parent | 600369d4ffa753716a9572824de7a96a04cb05a7 (diff) | |
download | moa-id-spss-master.tar.gz moa-id-spss-master.tar.bz2 moa-id-spss-master.zip |
224 files changed, 25109 insertions, 16544 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a0d68b89a..1f8e36dcd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,21 +1,26 @@ -image: maven:latest +image: maven:3.6.3-jdk-11 variables: LC_ALL: "en_US.UTF-8" LANG: "en_US.UTF-8" LANGUAGE: "en_US" - LIB_NAME: "MOA-ID" + LIB_NAME: "moa-id" MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true --settings ${CI_PROJECT_DIR}/.cisettings.xml" MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=${CI_PROJECT_DIR}/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true" GIT_SUBMODULE_STRATEGY: recursive GIT_DEPTH: "2" SECURE_LOG_LEVEL: "debug" + JACOCO_CSV_LOCATION: '${CI_PROJECT_DIR}/assembly/target/site/jacoco-aggregate-ut/jacoco.csv' + JACOCO_XML_LOCATION: '${CI_PROJECT_DIR}/assembly/target/site/jacoco-aggregate-ut/jacoco.xml' include: - template: Dependency-Scanning.gitlab-ci.yml - template: Security/SAST.gitlab-ci.yml - template: Secret-Detection.gitlab-ci.yml - - template: Code-Quality.gitlab-ci.yml + +default: + tags: + - docker stages: - assemble @@ -31,23 +36,35 @@ assemble: stage: assemble except: - tags + tags: + - docker script: | mvn $MAVEN_CLI_OPTS compile test + coverage: '/([0-9]{1,3}.[0-9]*).%.covered/' + after_script: + - awk -F"," '{ instructions += $4 + $5; covered += $5 } END { print covered, "/", instructions, " instructions covered"; print 100*covered/instructions, "% covered" }' $JACOCO_CSV_LOCATION artifacts: when: always reports: junit: "**/target/surefire-reports/TEST-*.xml" - + paths: + - $JACOCO_CSV_LOCATION + - $JACOCO_XML_LOCATION + + publishToGitlab: stage: package + tags: + - docker except: - tags + - /^feature/.*$/i before_script: - mkdir -p ~/.ssh - ssh-keyscan apps.egiz.gv.at >> ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts script: | - export VERSION=$(mvn -B help:evaluate -Dexpression=project.version -B | grep -v "\[INFO\]" | grep -Po "\d+\.\d+\.\d+((-\w*)+)?") + export VERSION=$(mvn -B help:evaluate -Dexpression=project.version -B | grep -v "\[WARNING\]" | grep -v "\[INFO\]" | grep -Po "\d+\.\d+\.\d+((-\w*)+)?") echo "Publishing version $VERSION for $LIB_NAME to public EGIZ maven" mvn $MAVEN_CLI_OPTS deploy -s .cisettings.xml -P jenkinsDeploy -DskipTests echo "VERSION=$VERSION" >> variables.env @@ -59,20 +76,18 @@ publishToGitlab: release: stage: release image: registry.gitlab.com/gitlab-org/release-cli:latest + tags: + - docker needs: - job: publishToGitlab artifacts: true when: manual only: - master - before_script: - - mkdir -p ~/.ssh - - ssh-keyscan apps.egiz.gv.at >> ~/.ssh/known_hosts - - chmod 644 ~/.ssh/known_hosts script: | echo "Releasing version $VERSION of $LIB_NAME" echo "Publishing version $VERSION to public EGIZ maven" - mvn $MAVEN_CLI_OPTS deploy -s .cisettings.xml -P jenkinsDeploy + mvn $MAVEN_CLI_OPTS deploy -s .cisettings.xml release: name: "$VERSION" tag_name: "v$VERSION" diff --git a/README.md b/README.md new file mode 100644 index 000000000..d3da33677 --- /dev/null +++ b/README.md @@ -0,0 +1,84 @@ +# MOA-ID / MOA E-ID Proxy + +## Description + +MOA-ID is an identity-provider that supports identification, authentication, and mandate processing by using different authentication methods. The MOA-ID project consists for four Sub-Projects + +- **moa-id-auth-final** is the production build of the MOA-ID IDP that can be used for production environments. +- **moa-id-auth-edu** is the IDP for education usage that includes additional sub-modules and functionality that is not part of the production build. +- **moa-id-configuration** is the configuration interface for MOA-ID IDP +- **moa-id-oa** is a simple SAML2 service-provider application for testing only + +### Building + +The application is build into a Web-application and into a set of jars that can be directly used in another application. The Web application has to be deployed into an application service, like Apache Tomcat + +The project can be build with : + +``` +mvn clean package +``` + +The resulting `war` file's can be deployed into an application server + + + +The configuration will be set by Java System-Properties: + +- MOA-ID-AUTH + - _**-Dmoa.id.configuration**_ to set the configuration for MOA-ID itself + - _**-Dmoa.spss.server.configuration**=/path/to/configuration..._ to set the configuration for the MOA-SPSS sub-module +- MOA-ID-Configuration + - _**-Dmoa.id.webconfig**_ to set the configuration for MOA-ID-Configuration itself + - _**-Duser.properties**=/path/to/configuration..._ to set the configuration file base user-database +- MOA-ID-OA + - _**-Dmoa.id.demoOA**_ to set the configuration for MOA-ID-OA itself + +### Configuration + +A default configurations for MOA-ID and MOA-SPSS is located at _/id/server/data/deploy/conf/_ + + + +## Generate a Release Package + +The full release packages for will be automatically assembled by maven build-process. Before release build, all release related information have to added into infos folder. To add release informations follow the steps outlined below. + +Add a file with release informations to: +``` +./id/readme_{version}.txt +``` + +Add, remove, or update the application description in the handbook + +``` +modify: ./id/history.txt +``` +``` +modify: ./id/server/doc/handbook/ +``` + +Generate a release package with: + + +``` +maven package +``` + +The full release package will be located add +``` +./target/* +``` + +where + +- _moa-id-4.1.6-SNAPSHOT-dist.zip_ is the production build that has to be published on JoinUp +- _moa-id-4.1.6-SNAPSHOT-dist-edu.zip_ is the eduction build for internal usage only + + + +## Changelog + +**v4.1.6** + +- diff --git a/assembly/pom.xml b/assembly/pom.xml new file mode 100644 index 000000000..d30de1786 --- /dev/null +++ b/assembly/pom.xml @@ -0,0 +1,169 @@ +<!-- ass<?xml version="1.0" encoding="UTF-8"?> --> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <parent> + <groupId>MOA</groupId> + <artifactId>MOA</artifactId> + <version>4.2.0</version> + </parent> + + <modelVersion>4.0.0</modelVersion> + <artifactId>id-assembly</artifactId> + <packaging>pom</packaging> + <name>MOA-ID Release Assembly</name> + + + <build> + <resources> + <resource> + <directory>src/main/resources</directory> + </resource> + </resources> + + <plugins> + + <plugin> + <groupId>org.jacoco</groupId> + <artifactId>jacoco-maven-plugin</artifactId> + <executions> + <!-- aggregated unit test coverage report --> + <execution> + <id>aggregate-reports-ut</id> + <phase>test</phase> + <goals> + <goal>report-aggregate</goal> + </goals> + <configuration> + <title>Maven Multimodule Coverage Demo: Coverage of Unit Tests</title> + <outputDirectory>${project.reporting.outputDirectory}/jacoco-aggregate-ut</outputDirectory> + <dataFileExcludes> + <!-- exclude coverage data of integration tests --> + <dataFileExclude>**/target/jacoco-it.exec</dataFileExclude> + </dataFileExcludes> + </configuration> + </execution> + </executions> + </plugin> + + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-assembly-plugin</artifactId> + <configuration> + <descriptors> + <descriptor>src/main/resources/assembly_auth_final_v2.xml</descriptor> + <descriptor>src/main/resources/assembly_auth_edu_v2.xml</descriptor> + </descriptors> + <finalName>moa-id-${project.version}</finalName> + <outputDirectory>${project.parent.build.directory}</outputDirectory> + </configuration> + <executions> + <execution> + <id>make-assembly</id> + <phase>package</phase> + <goals> + <goal>single</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + + <dependencies> + <dependency> + <groupId>MOA.id</groupId> + <artifactId>moa-id-configuration</artifactId> + <version>${configtool-version}</version> + <type>war</type> + </dependency> + <dependency> + <groupId>MOA.id</groupId> + <artifactId>moa-id-oa</artifactId> + <version>${demo-oa-version}</version> + <type>war</type> + </dependency> + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-auth-final</artifactId> + <version>${moa-id-version-final}</version> + <type>war</type> + </dependency> + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-auth-edu</artifactId> + <version>${moa-id-version-edu}</version> + <type>war</type> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-monitoring</artifactId> + </dependency> + + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-saml1</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-openID</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-elga_mandate_service</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modul-citizencard_authentication</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules-federated_authentication</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-ssoTransfer</artifactId> + <version>${moa-id-version}</version> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-bkaMobilaAuthSAML2Test</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-sl20_authentication</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-AT_eIDAS_connector</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-EID_connector</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-ehvd_integration</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id</groupId> + <artifactId>moa-id-webgui</artifactId> + <version>1.0</version> + </dependency> + + </dependencies> + +</project> diff --git a/assembly/src/main/resources/assembly_auth_edu_v2.xml b/assembly/src/main/resources/assembly_auth_edu_v2.xml new file mode 100644 index 000000000..36ced7e3d --- /dev/null +++ b/assembly/src/main/resources/assembly_auth_edu_v2.xml @@ -0,0 +1,117 @@ +<?xml version="1.0" encoding="UTF-8"?> +<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd"> + <id>dist-edu</id> + <formats> + <format>zip</format> + </formats> + <includeBaseDirectory>false</includeBaseDirectory> + <baseDirectory>moa-id-auth-edu-${moa-id-version}</baseDirectory> + + <fileSets> + <!-- Applications --> + <fileSet> + <directory>${project.parent.basedir}/id/ConfigWebTool/target/</directory> + <outputDirectory>./</outputDirectory> + <includes> + <include>*.war</include> + </includes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/oa/target</directory> + <outputDirectory>./</outputDirectory> + <includes> + <include>*.war</include> + </includes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/auth-edu/target</directory> + <outputDirectory>./</outputDirectory> + <includes> + <include>*.war</include> + </includes> + </fileSet> + + <!-- Configuration, Licence, and Handbook --> + <fileSet> + <directory>${project.parent.basedir}/id/</directory> + <outputDirectory>./</outputDirectory> + <includes> + <include>readme_${project.version}.txt</include> + <include>history.txt</include> + </includes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/</directory> + <outputDirectory>./</outputDirectory> + <includes> + <include>EUPL v.1.1 - Licence.pdf</include> + <include>IAIK-LICENSE.txt</include> + <include>LICENSE-2.0.txt</include> + <include>NOTICE.txt</include> + <include>SIC_LICENSE.txt</include> + </includes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/data/deploy/conf/</directory> + <outputDirectory>./conf</outputDirectory> + <excludes> + <exclude>Catalina/**</exclude> + <exclude>moa-id-proxy/**</exclude> + </excludes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/data/deploy/conf/</directory> + <outputDirectory>./doc/conf</outputDirectory> + <excludes> + <exclude>Catalina/**</exclude> + <exclude>moa-id-proxy/**</exclude> + </excludes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/doc/handbook/</directory> + <outputDirectory>./doc/handbook</outputDirectory> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/data/deploy/tomcat/</directory> + <outputDirectory>./tomcat</outputDirectory> + </fileSet> + + <!-- Dependencies --> + <fileSet> + <directory>${project.basedir}/src/main/resources/data/pkcs11/</directory> + <outputDirectory>./pkcs11</outputDirectory> + </fileSet> + + <fileSet> + <directory>${project.basedir}/src/main/resources/data/endorsed/</directory> + <outputDirectory>./endorsed</outputDirectory> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/auth-edu/target/moa-id-auth-edu-${moa-id-version}/WEB-INF/lib/</directory> + <outputDirectory>./endorsed</outputDirectory> + <includes> + <include>serializer*.jar</include> + <include>xalan*.jar</include> + <include>xercesImpl*.jar</include> + </includes> + </fileSet> + + <fileSet> + <directory>${project.basedir}/src/main/resources/data/ext/</directory> + <outputDirectory>./ext</outputDirectory> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/auth-edu/target/moa-id-auth-edu-${moa-id-version}/WEB-INF/lib/</directory> + <outputDirectory>./ext</outputDirectory> + <includes> + <include>iaik_jce_full*.jar</include> + </includes> + </fileSet> + + </fileSets> + + + +</assembly> diff --git a/assembly/src/main/resources/assembly_auth_final_v2.xml b/assembly/src/main/resources/assembly_auth_final_v2.xml new file mode 100644 index 000000000..9e07a45ae --- /dev/null +++ b/assembly/src/main/resources/assembly_auth_final_v2.xml @@ -0,0 +1,117 @@ +<?xml version="1.0" encoding="UTF-8"?> +<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd"> + <id>dist</id> + <formats> + <format>zip</format> + </formats> + <includeBaseDirectory>false</includeBaseDirectory> + <baseDirectory>moa-id-auth-final-${moa-id-version}</baseDirectory> + + <fileSets> + <!-- Applications --> + <fileSet> + <directory>${project.parent.basedir}/id/ConfigWebTool/target/</directory> + <outputDirectory>./</outputDirectory> + <includes> + <include>*.war</include> + </includes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/oa/target</directory> + <outputDirectory>./</outputDirectory> + <includes> + <include>*.war</include> + </includes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/auth-final/target</directory> + <outputDirectory>./</outputDirectory> + <includes> + <include>*.war</include> + </includes> + </fileSet> + + <!-- Configuration, Licence, and Handbook --> + <fileSet> + <directory>${project.parent.basedir}/id/</directory> + <outputDirectory>./</outputDirectory> + <includes> + <include>readme_${project.version}.txt</include> + <include>history.txt</include> + </includes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/</directory> + <outputDirectory>./</outputDirectory> + <includes> + <include>EUPL v.1.1 - Licence.pdf</include> + <include>IAIK-LICENSE.txt</include> + <include>LICENSE-2.0.txt</include> + <include>NOTICE.txt</include> + <include>SIC_LICENSE.txt</include> + </includes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/data/deploy/conf/</directory> + <outputDirectory>./conf</outputDirectory> + <excludes> + <exclude>Catalina/**</exclude> + <exclude>moa-id-proxy/**</exclude> + </excludes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/data/deploy/conf/</directory> + <outputDirectory>./doc/conf</outputDirectory> + <excludes> + <exclude>Catalina/**</exclude> + <exclude>moa-id-proxy/**</exclude> + </excludes> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/doc/handbook/</directory> + <outputDirectory>./doc/handbook</outputDirectory> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/data/deploy/tomcat/</directory> + <outputDirectory>./tomcat</outputDirectory> + </fileSet> + + <!-- Dependencies --> + <fileSet> + <directory>${project.basedir}/src/main/resources/data/pkcs11/</directory> + <outputDirectory>./pkcs11</outputDirectory> + </fileSet> + + <fileSet> + <directory>${project.basedir}/src/main/resources/data/endorsed/</directory> + <outputDirectory>./endorsed</outputDirectory> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/auth-final/target/moa-id-auth-final-${moa-id-version}/WEB-INF/lib/</directory> + <outputDirectory>./endorsed</outputDirectory> + <includes> + <include>serializer*.jar</include> + <include>xalan*.jar</include> + <include>xercesImpl*.jar</include> + </includes> + </fileSet> + + <fileSet> + <directory>${project.basedir}/src/main/resources/data/ext/</directory> + <outputDirectory>./ext</outputDirectory> + </fileSet> + <fileSet> + <directory>${project.parent.basedir}/id/server/auth-final/target/moa-id-auth-final-${moa-id-version}/WEB-INF/lib/</directory> + <outputDirectory>./ext</outputDirectory> + <includes> + <include>iaik_jce_full*.jar</include> + </includes> + </fileSet> + + </fileSets> + + + +</assembly> diff --git a/assembly/src/main/resources/data/endorsed/xml-api-iaik-1.1.jar b/assembly/src/main/resources/data/endorsed/xml-api-iaik-1.1.jar Binary files differnew file mode 100644 index 000000000..817684fb7 --- /dev/null +++ b/assembly/src/main/resources/data/endorsed/xml-api-iaik-1.1.jar diff --git a/assembly/src/main/resources/data/ext/iaik_Pkcs11Provider.jar b/assembly/src/main/resources/data/ext/iaik_Pkcs11Provider.jar Binary files differnew file mode 100644 index 000000000..a348db04e --- /dev/null +++ b/assembly/src/main/resources/data/ext/iaik_Pkcs11Provider.jar diff --git a/assembly/src/main/resources/data/ext/iaik_Pkcs11Wrapper.jar b/assembly/src/main/resources/data/ext/iaik_Pkcs11Wrapper.jar Binary files differnew file mode 100644 index 000000000..940c1824d --- /dev/null +++ b/assembly/src/main/resources/data/ext/iaik_Pkcs11Wrapper.jar diff --git a/assembly/src/main/resources/data/pkcs11/linux/libpkcs11wrapper.so b/assembly/src/main/resources/data/pkcs11/linux/libpkcs11wrapper.so Binary files differnew file mode 100644 index 000000000..eacbb13b2 --- /dev/null +++ b/assembly/src/main/resources/data/pkcs11/linux/libpkcs11wrapper.so diff --git a/assembly/src/main/resources/data/pkcs11/solaris_sparc/libpkcs11wrapper.so b/assembly/src/main/resources/data/pkcs11/solaris_sparc/libpkcs11wrapper.so Binary files differnew file mode 100644 index 000000000..c5f7d595f --- /dev/null +++ b/assembly/src/main/resources/data/pkcs11/solaris_sparc/libpkcs11wrapper.so diff --git a/assembly/src/main/resources/data/pkcs11/solaris_sparcv9/libpkcs11wrapper.so b/assembly/src/main/resources/data/pkcs11/solaris_sparcv9/libpkcs11wrapper.so Binary files differnew file mode 100644 index 000000000..1f58fe949 --- /dev/null +++ b/assembly/src/main/resources/data/pkcs11/solaris_sparcv9/libpkcs11wrapper.so diff --git a/assembly/src/main/resources/data/pkcs11/win32/pkcs11wrapper.dll b/assembly/src/main/resources/data/pkcs11/win32/pkcs11wrapper.dll Binary files differnew file mode 100644 index 000000000..c1ee108b8 --- /dev/null +++ b/assembly/src/main/resources/data/pkcs11/win32/pkcs11wrapper.dll diff --git a/assembly/src/main/resources/data/pkcs11/win64/pkcs11wrapper.dll b/assembly/src/main/resources/data/pkcs11/win64/pkcs11wrapper.dll Binary files differnew file mode 100644 index 000000000..651a0e5cb --- /dev/null +++ b/assembly/src/main/resources/data/pkcs11/win64/pkcs11wrapper.dll diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 4a8ba973a..04a97270d 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA</groupId> <artifactId>id</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <modelVersion>4.0.0</modelVersion> @@ -64,17 +64,42 @@ <dependency> <groupId>MOA.id.server</groupId> <artifactId>moa-id-commons</artifactId> + <exclusions> + <exclusion> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-api</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_module_pvp2_core</artifactId> + <exclusions> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf-core</artifactId> </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-1.2-api</artifactId> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-to-slf4j</artifactId> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </dependency> + <dependency> <groupId>MOA.id</groupId> <artifactId>moa-id-webgui</artifactId> @@ -110,7 +135,6 @@ <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-collections4</artifactId> - <version>${org.apache.commons.collections4.version}</version> </dependency> @@ -206,6 +230,10 @@ <artifactId>javassist</artifactId> <groupId>javassist</groupId> </exclusion> + <exclusion> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-api</artifactId> + </exclusion> </exclusions> </dependency> <dependency> @@ -227,7 +255,10 @@ </dependency> </dependencies> - <build> + <packaging>war</packaging> + <build> + <finalName>moa-id-configuration</finalName> + <plugins> <!-- <plugin> @@ -253,8 +284,8 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> - <source>1.7</source> - <target>1.7</target> + <source>1.8</source> + <target>1.8</target> </configuration> </plugin> @@ -272,7 +303,5 @@ </plugin> </plugins> - </build> - - <packaging>war</packaging> + </build> </project> diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java index 84fbec0e8..c6946e509 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java @@ -36,7 +36,6 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.joda.time.DateTime; -import org.opensaml.Configuration; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.AuthnContextClassRef; @@ -67,163 +66,167 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; - /** * Servlet implementation class Authenticate */ public class Authenticate extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = LoggerFactory - .getLogger(Authenticate.class); - - private static DocumentBuilderFactory factory = null; - - static { - initialDocumentBuilderFactory(); - } - - synchronized private static void initialDocumentBuilderFactory() { - factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - - } - - public Document asDOMDocument(XMLObject object) throws IOException, - MarshallingException, TransformerException, ParserConfigurationException { - try { - DocumentBuilder builder = null; - synchronized (factory) { - builder = factory.newDocumentBuilder(); - - } - - Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller( - object); - out.marshall(object, document); - return document; - - } catch (ParserConfigurationException e) { - log.warn("PVP2 AuthenticationServlet can not be initialized.", e); - throw e; - } - - } - - protected void process(HttpServletRequest request, - HttpServletResponse response, Map<String,String> legacyParameter) throws ServletException, IOException { - try { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - config.initializePVP2Login(); - - AuthnRequest authReq = SAML2Utils - .createSAMLObject(AuthnRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - authReq.setID(gen.generateIdentifier()); - - HttpSession session = request.getSession(); - if (session != null) { - session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); - } - - authReq.setAssertionConsumerServiceIndex(0); - authReq.setAttributeConsumingServiceIndex(0); - authReq.setIssueInstant(new DateTime()); - Subject subject = SAML2Utils.createSAMLObject(Subject.class); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - - subject.setNameID(name); - authReq.setSubject(subject); - issuer.setFormat(NameIDType.ENTITY); - authReq.setIssuer(issuer); - NameIDPolicy policy = SAML2Utils - .createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(true); - policy.setFormat(NameID.PERSISTENT); - authReq.setNameIDPolicy(policy); - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - SingleSignOnService redirectEndpoint = null; - for (SingleSignOnService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - redirectEndpoint = sss; - } - } - - authReq.setDestination(redirectEndpoint.getLocation()); - - RequestedAuthnContext reqAuthContext = - SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - - AuthnContextClassRef authnClassRef = - SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); - - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); - - authReq.setRequestedAuthnContext(reqAuthContext); - - //sign Message - X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq, config); - - //encode message - PVP2Utils.postBindingEncoder(request, - response, - authReq, - authcredential, - redirectEndpoint.getLocation(), - null); - - } catch (Exception e) { - log.warn("Authentication Request can not be generated", e); - throw new ServletException("Authentication Request can not be generated.", e); - } - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response, null); - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response, null); - } + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(Authenticate.class); + + private static DocumentBuilderFactory factory = null; + + static { + initialDocumentBuilderFactory(); + } + + synchronized private static void initialDocumentBuilderFactory() { + factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + + } + + public Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException, ParserConfigurationException { + try { + DocumentBuilder builder = null; + synchronized (factory) { + builder = factory.newDocumentBuilder(); + + } + + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 AuthenticationServlet can not be initialized.", e); + throw e; + } + + } + + protected void process(HttpServletRequest request, + HttpServletResponse response, Map<String, String> legacyParameter) throws ServletException, + IOException { + try { + + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + config.initializePVP2Login(); + + final AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + final HttpSession session = request.getSession(); + if (session != null) { + session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); + } + + authReq.setAssertionConsumerServiceIndex(0); + authReq.setAttributeConsumingServiceIndex(0); + authReq.setIssueInstant(new DateTime()); + final Subject subject = SAML2Utils.createSAMLObject(Subject.class); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + + subject.setNameID(name); + authReq.setSubject(subject); + issuer.setFormat(NameIDType.ENTITY); + authReq.setIssuer(issuer); + final NameIDPolicy policy = SAML2Utils + .createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameIDType.PERSISTENT); + authReq.setNameIDPolicy(policy); + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + SingleSignOnService redirectEndpoint = null; + for (final SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleSignOnServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + redirectEndpoint = sss; + } + } + + authReq.setDestination(redirectEndpoint.getLocation()); + + final RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + + final AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + + authReq.setRequestedAuthnContext(reqAuthContext); + + // sign Message + final X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq, + config); + + // encode message + PVP2Utils.postBindingEncoder(request, + response, + authReq, + authcredential, + redirectEndpoint.getLocation(), + null); + + } catch (final Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response, null); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response, null); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java index 7256d8688..ca03054aa 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java @@ -44,9 +44,7 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; -import org.apache.log4j.Logger; import org.joda.time.DateTime; -import org.opensaml.Configuration; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.NameIDType; @@ -81,275 +79,274 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.AttributeListBuilder; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * Servlet implementation class BuildMetadata */ +@Slf4j public class BuildMetadata extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = Logger.getLogger(BuildMetadata.class); - - private static final int VALIDUNTIL_IN_HOURS = 24; - - /** - * @see HttpServlet#HttpServlet() - */ - public BuildMetadata() { - super(); - } - - protected static Signature getSignature(Credential credentials) { - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); - return signer; - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - - //config.initializePVP2Login(); - - SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); - - EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. - createSAMLObject(EntitiesDescriptor.class); - - DateTime date = new DateTime(); - spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); - - String name = config.getPVP2MetadataEntitiesName(); - if (MiscUtil.isEmpty(name)) { - log.info("NO Metadata EntitiesName configurated"); - throw new ConfigurationException("NO Metadata EntitiesName configurated"); - } - - spEntitiesDescriptor.setName(name); - spEntitiesDescriptor.setID(idGen.generateIdentifier()); - - EntityDescriptor spEntityDescriptor = SAML2Utils - .createSAMLObject(EntityDescriptor.class); - - spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); - - spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - log.debug("Set OnlineApplicationURL to " + serviceURL); - spEntityDescriptor.setEntityID(serviceURL); - - SPSSODescriptor spSSODescriptor = SAML2Utils - .createSAMLObject(SPSSODescriptor.class); - - spSSODescriptor.setAuthnRequestsSigned(true); - spSSODescriptor.setWantAssertionsSigned(true); - - X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); - keyInfoFactory.setEmitEntityCertificate(true); - KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - - KeyStore keyStore = config.getPVP2KeyStore(); - - X509Credential signingcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreMetadataKeyAlias(), - config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); - - - log.debug("Set Metadata key information"); - //Set MetaData Signing key - KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); - entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); - Signature entitiesSignature = getSignature(signingcredential); - spEntitiesDescriptor.setSignature(entitiesSignature); - - //Set AuthRequest Signing certificate - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); - spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - - //set AuthRequest encryption certificate - if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias())) { - X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - KeyDescriptor encryKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - encryKeyDescriptor.setUse(UsageType.ENCRYPTION); - encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); - spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); - - } else { - log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); - - } - - - NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); - - spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); - - NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - transientnameIDFormat.setFormat(NameIDType.TRANSIENT); - - spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); - - NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); - - spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); - - AssertionConsumerService postassertionConsumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - - postassertionConsumerService.setIndex(0); - postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); - - spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); - - - //add SLO services - SingleLogoutService postBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - postBindingService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); - spSSODescriptor.getSingleLogoutServices().add(postBindingService); - - SingleLogoutService redirectBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - redirectBindingService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - redirectBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); - spSSODescriptor.getSingleLogoutServices().add(redirectBindingService); - - SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK); - spSSODescriptor.getSingleLogoutServices().add(soapBindingService); - - spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); - - spSSODescriptor.setWantAssertionsSigned(true); - spSSODescriptor.setAuthnRequestsSigned(true); - - AttributeConsumingService attributeService = - SAML2Utils.createSAMLObject(AttributeConsumingService.class); - - attributeService.setIndex(0); - attributeService.setIsDefault(true); - ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); - serviceName.setName(new LocalizedString("Default Service", "de")); - attributeService.getNames().add(serviceName); - - attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); - - spSSODescriptor.getAttributeConsumingServices().add(attributeService); - - DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - - builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor); - out.marshall(spEntitiesDescriptor, document); - - Signer.signObject(entitiesSignature); - - Transformer transformer = TransformerFactory.newInstance().newTransformer(); - - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(document); - transformer.transform(source, sr); - sw.close(); - - byte[] metadataXML = sw.toString().getBytes("UTF-8"); - - response.setContentType("text/xml"); - response.setContentLength(metadataXML.length); - response.getOutputStream().write(metadataXML); - - - } catch (ConfigurationException e) { - log.warn("Configuration can not be loaded.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (NoSuchAlgorithmException e) { - log.warn("Requested Algorithm could not found.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (KeyStoreException e) { - log.warn("Requested KeyStoreType is not implemented.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (CertificateException e) { - log.warn("KeyStore can not be opend or userd.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (SecurityException e) { - log.warn("KeyStore can not be opend or used", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (MarshallingException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (SignatureException e) { - log.warn("PVP2 Metadata can not be signed", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerFactoryConfigurationError e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - catch (Exception e) { - log.warn("Unspecific PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - } + private static final long serialVersionUID = 1L; + + private static final int VALIDUNTIL_IN_HOURS = 24; + + /** + * @see HttpServlet#HttpServlet() + */ + public BuildMetadata() { + super(); + } + + protected static Signature getSignature(Credential credentials) { + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + + // config.initializePVP2Login(); + + final SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); + + final EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + + final DateTime date = new DateTime(); + spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); + + final String name = config.getPVP2MetadataEntitiesName(); + if (MiscUtil.isEmpty(name)) { + log.info("NO Metadata EntitiesName configurated"); + throw new ConfigurationException("NO Metadata EntitiesName configurated"); + } + + spEntitiesDescriptor.setName(name); + spEntitiesDescriptor.setID(idGen.generateIdentifier()); + + final EntityDescriptor spEntityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); + + spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + log.debug("Set OnlineApplicationURL to " + serviceURL); + spEntityDescriptor.setEntityID(serviceURL); + + final SPSSODescriptor spSSODescriptor = SAML2Utils + .createSAMLObject(SPSSODescriptor.class); + + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(true); + + final X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitEntityCertificate(true); + final KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + final KeyStore keyStore = config.getPVP2KeyStore(); + + final X509Credential signingcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreMetadataKeyAlias(), + config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); + + log.debug("Set Metadata key information"); + // Set MetaData Signing key + final KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); + entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); + final Signature entitiesSignature = getSignature(signingcredential); + spEntitiesDescriptor.setSignature(entitiesSignature); + + // Set AuthRequest Signing certificate + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + final KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + // set AuthRequest encryption certificate + if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias())) { + final X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + final KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + final NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); + + spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); + + final NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientnameIDFormat.setFormat(NameIDType.TRANSIENT); + + spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); + + final NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); + + final AssertionConsumerService postassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); + + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + // add SLO services + final SingleLogoutService postBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + postBindingService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); + spSSODescriptor.getSingleLogoutServices().add(postBindingService); + + final SingleLogoutService redirectBindingService = SAML2Utils.createSAMLObject( + SingleLogoutService.class); + redirectBindingService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + redirectBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); + spSSODescriptor.getSingleLogoutServices().add(redirectBindingService); + + final SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK); + spSSODescriptor.getSingleLogoutServices().add(soapBindingService); + + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); + + spSSODescriptor.setWantAssertionsSigned(true); + spSSODescriptor.setAuthnRequestsSigned(true); + + final AttributeConsumingService attributeService = + SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + final ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "de")); + attributeService.getNames().add(serviceName); + + attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); + + spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + DocumentBuilder builder; + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + + builder = factory.newDocumentBuilder(); + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + spEntitiesDescriptor); + out.marshall(spEntitiesDescriptor, document); + + Signer.signObject(entitiesSignature); + + final Transformer transformer = TransformerFactory.newInstance().newTransformer(); + + final StringWriter sw = new StringWriter(); + final StreamResult sr = new StreamResult(sw); + final DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + final byte[] metadataXML = sw.toString().getBytes("UTF-8"); + + response.setContentType("text/xml"); + response.setContentLength(metadataXML.length); + response.getOutputStream().write(metadataXML); + + } catch (final ConfigurationException e) { + log.warn("Configuration can not be loaded.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final NoSuchAlgorithmException e) { + log.warn("Requested Algorithm could not found.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final KeyStoreException e) { + log.warn("Requested KeyStoreType is not implemented.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final CertificateException e) { + log.warn("KeyStore can not be opend or userd.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final SecurityException e) { + log.warn("KeyStore can not be opend or used", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final MarshallingException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final SignatureException e) { + log.warn("PVP2 Metadata can not be signed", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerFactoryConfigurationError e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + catch (final Exception e) { + log.warn("Unspecific PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java index f2c95f391..01bf39696 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java @@ -64,111 +64,116 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils; */ public class SLOBackChannelServlet extends SLOBasicServlet { - private static final long serialVersionUID = 1481623547633064922L; - private static final Logger log = LoggerFactory - .getLogger(SLOBackChannelServlet.class); - - /** - * @throws ConfigurationException - */ - public SLOBackChannelServlet() throws ConfigurationException { - super(); - } - - - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - try { - HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); - - BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext(); - -// BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = + private static final long serialVersionUID = 1481623547633064922L; + private static final Logger log = LoggerFactory + .getLogger(SLOBackChannelServlet.class); + + /** + * @throws ConfigurationException + */ + public SLOBackChannelServlet() throws ConfigurationException { + super(); + } + + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + try { + final HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); + + final BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext(); + +// BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = // new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - //messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); - - //set trustPolicy + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + + // messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); + + // set trustPolicy // BasicSecurityPolicy policy = new BasicSecurityPolicy(); // policy.getPolicyRules().add( // new PVPSOAPRequestSecurityPolicy( // PVP2Utils.getTrustEngine(getConfig()), -// IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); +// IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); // SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( -// policy); +// policy); // messageContext.setSecurityPolicyResolver(resolver); - - soapDecoder.decode(messageContext); - - Envelope inboundMessage = (Envelope) messageContext - .getInboundMessage(); - - LogoutResponse sloResp = null; - - if (inboundMessage.getBody() != null) { - List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); - - if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) { - LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0); - - //validate request signature - PVP2Utils.validateSignature(sloReq, getConfig()); - - sloResp = processLogOutRequest(sloReq, request); - - KeyStore keyStore = getConfig().getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - getConfig().getPVP2KeystoreAuthRequestKeyAlias(), - getConfig().getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setOutboundSAMLMessage(sloResp); - context.setOutboundMessageTransport(responseAdapter); - - encoder.encode(context); - - } else { - log.warn("Received request ist not of type LogOutRequest"); - response.setStatus(HttpServletResponse.SC_BAD_REQUEST); - return; - - } - } - - } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } catch (CertificateException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } catch (KeyStoreException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } catch (MessageEncodingException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage())); - - } - - - - } - - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - response.setStatus(HttpServletResponse.SC_NOT_FOUND); - - } - + + soapDecoder.decode(messageContext); + + final Envelope inboundMessage = (Envelope) messageContext + .getInboundMessage(); + + LogoutResponse sloResp = null; + + if (inboundMessage.getBody() != null) { + final List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); + + if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) { + final LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0); + + // validate request signature + PVP2Utils.validateSignature(sloReq, getConfig()); + + sloResp = processLogOutRequest(sloReq, request); + + final KeyStore keyStore = getConfig().getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + getConfig().getPVP2KeystoreAuthRequestKeyAlias(), + getConfig().getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = + new BasicSAMLMessageContext<>(); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setOutboundSAMLMessage(sloResp); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + + } else { + log.warn("Received request ist not of type LogOutRequest"); + response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + return; + + } + } + + } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException + | ValidationException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } catch (final CertificateException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } catch (final KeyStoreException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } catch (final MessageEncodingException e) { + log.error("SLO message processing FAILED.", e); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e + .getMessage())); + + } + + } + + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + response.setStatus(HttpServletResponse.SC_NOT_FOUND); + + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java index c70d34d7e..a880e800b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java @@ -62,217 +62,226 @@ import at.gv.egovernment.moa.util.MiscUtil; * */ public class SLOBasicServlet extends HttpServlet { - private static final long serialVersionUID = -4547240664871845098L; - private static final Logger log = LoggerFactory - .getLogger(SLOBasicServlet.class); - - private ConfigurationProvider config; - - public SLOBasicServlet() throws ConfigurationException { - config = ConfigurationProvider.getInstance(); - config.initializePVP2Login(); - } - - protected LogoutRequest createLogOutRequest(String nameID, String nameIDFormat, HttpServletRequest request) throws SLOException { - try { - LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloReq.setID(gen.generateIdentifier()); - sloReq.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloReq.setIssuer(issuer); - - NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); - sloReq.setNameID(userNameID); - userNameID.setFormat(nameIDFormat); - userNameID.setValue(nameID); - - return sloReq; - - } catch (NoSuchAlgorithmException e) { - log.warn("Single LogOut request createn FAILED. ", e); - throw new SLOException(); - - } - - } - - protected LogoutResponse processLogOutRequest(LogoutRequest sloReq, HttpServletRequest request) throws NoSuchAlgorithmException { - //check response destination - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String responseDestination = sloReq.getDestination(); - if (MiscUtil.isEmpty(responseDestination) || - !responseDestination.startsWith(serviceURL)) { - log.warn("PVPResponse destination does not match requested destination"); - return createSLOResponse(sloReq, StatusCode.REQUESTER_URI, request); - } - - AuthenticationManager authManager = AuthenticationManager.getInstance(); - if (authManager.isActiveUser(sloReq.getNameID().getValue())) { - AuthenticatedUser authUser = authManager.getActiveUser(sloReq.getNameID().getValue()); - log.info("User " + authUser.getGivenName() + " " + authUser.getFamilyName() + " with nameID:" - + authUser.getNameID() + " get logged out by Single LogOut request."); - authManager.removeActiveUser(authUser); - HttpSession session = request.getSession(false); - if (session != null) - session.invalidate(); - return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); - - } else { - log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + " is not found."); - return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); - - } - - } - - protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException { - LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloResp.setID(gen.generateIdentifier()); - sloResp.setInResponseTo(sloReq.getID()); - sloResp.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloResp.setIssuer(issuer); - - Status status = SAML2Utils.createSAMLObject(Status.class); - sloResp.setStatus(status); - StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); - statusCode.setValue(statusCodeURI); - status.setStatusCode(statusCode ); - - return sloResp; - } - - protected void validateLogOutResponse(LogoutResponse sloResp, String reqID, HttpServletRequest request, HttpServletResponse response) throws PVP2Exception { - //ckeck InResponseTo matchs requestID - if (MiscUtil.isEmpty(reqID)) { - log.info("NO Sigle LogOut request ID"); - throw new PVP2Exception("NO Sigle LogOut request ID"); - } - - if (!reqID.equals(sloResp.getInResponseTo())) { - log.warn("SLORequestID does not match SLO Response ID!"); - throw new PVP2Exception("SLORequestID does not match SLO Response ID!"); - - } - - //check response destination - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String responseDestination = sloResp.getDestination(); - if (MiscUtil.isEmpty(responseDestination) || - !responseDestination.startsWith(serviceURL)) { - log.warn("PVPResponse destination does not match requested destination"); - throw new PVP2Exception("SLO response destination does not match requested destination"); - } - - request.getSession().invalidate(); - - if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.PARTIAL_LOGOUT_URI)) { - log.warn("Single LogOut process is not completed."); - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - - } else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - if (sloResp.getStatus().getStatusCode().getStatusCode() != null && - !sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) { - log.info("Single LogOut process complete."); - request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS, - LanguageHelper.getErrorString("webpages.slo.success", request)); - - } else { - log.warn("Single LogOut process is not completed."); - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - } - - } else { - log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode().getValue()); - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - } - String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; - redirectURL = response.encodeRedirectURL(redirectURL); - response.setContentType("text/html"); - response.setStatus(302); - response.addHeader("Location", redirectURL); - - } - - protected SingleLogoutService findIDPFrontChannelSLOService() throws - ConfigurationException, SLOException { - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - try { - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - - } - - //select authentication-service url from metadata - SingleLogoutService redirectEndpoint = null; - for (SingleLogoutService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) - redirectEndpoint = sss; - - else if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && - redirectEndpoint == null) - redirectEndpoint = sss; - } - - if (redirectEndpoint == null) { - log.warn("Single LogOut FAILED: IDP implements no frontchannel SLO service."); - throw new SLOException("Single LogOut FAILED: IDP implements no frontchannel SLO service."); - } - - return redirectEndpoint; - } catch (MetadataProviderException e) { - log.info("IDP EntityName is not found in IDP Metadata", e); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - - } - } - - protected ConfigurationProvider getConfig() { - return config; - } + private static final long serialVersionUID = -4547240664871845098L; + private static final Logger log = LoggerFactory + .getLogger(SLOBasicServlet.class); + + private final ConfigurationProvider config; + + public SLOBasicServlet() throws ConfigurationException { + config = ConfigurationProvider.getInstance(); + config.initializePVP2Login(); + } + + protected LogoutRequest createLogOutRequest(String nameID, String nameIDFormat, HttpServletRequest request) + throws SLOException { + try { + final LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloReq.setID(gen.generateIdentifier()); + sloReq.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloReq.setIssuer(issuer); + + final NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); + sloReq.setNameID(userNameID); + userNameID.setFormat(nameIDFormat); + userNameID.setValue(nameID); + + return sloReq; + + } catch (final NoSuchAlgorithmException e) { + log.warn("Single LogOut request createn FAILED. ", e); + throw new SLOException(); + + } + + } + + protected LogoutResponse processLogOutRequest(LogoutRequest sloReq, HttpServletRequest request) + throws NoSuchAlgorithmException { + // check response destination + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + final String responseDestination = sloReq.getDestination(); + if (MiscUtil.isEmpty(responseDestination) || + !responseDestination.startsWith(serviceURL)) { + log.warn("PVPResponse destination does not match requested destination"); + return createSLOResponse(sloReq, StatusCode.REQUESTER_URI, request); + } + + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + if (authManager.isActiveUser(sloReq.getNameID().getValue())) { + final AuthenticatedUser authUser = authManager.getActiveUser(sloReq.getNameID().getValue()); + log.info("User " + authUser.getGivenName() + " " + authUser.getFamilyName() + " with nameID:" + + authUser.getNameID() + " get logged out by Single LogOut request."); + authManager.removeActiveUser(authUser); + final HttpSession session = request.getSession(false); + if (session != null) { + session.invalidate(); + } + return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); + + } else { + log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + + " is not found."); + return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); + + } + + } + + protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, + HttpServletRequest request) throws NoSuchAlgorithmException { + final LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloResp.setID(gen.generateIdentifier()); + sloResp.setInResponseTo(sloReq.getID()); + sloResp.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloResp.setIssuer(issuer); + + final Status status = SAML2Utils.createSAMLObject(Status.class); + sloResp.setStatus(status); + final StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + statusCode.setValue(statusCodeURI); + status.setStatusCode(statusCode); + + return sloResp; + } + + protected void validateLogOutResponse(LogoutResponse sloResp, String reqID, HttpServletRequest request, + HttpServletResponse response) throws PVP2Exception { + // ckeck InResponseTo matchs requestID + if (MiscUtil.isEmpty(reqID)) { + log.info("NO Sigle LogOut request ID"); + throw new PVP2Exception("NO Sigle LogOut request ID"); + } + + if (!reqID.equals(sloResp.getInResponseTo())) { + log.warn("SLORequestID does not match SLO Response ID!"); + throw new PVP2Exception("SLORequestID does not match SLO Response ID!"); + + } + + // check response destination + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + final String responseDestination = sloResp.getDestination(); + if (MiscUtil.isEmpty(responseDestination) || + !responseDestination.startsWith(serviceURL)) { + log.warn("PVPResponse destination does not match requested destination"); + throw new PVP2Exception("SLO response destination does not match requested destination"); + } + + request.getSession().invalidate(); + + if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.PARTIAL_LOGOUT_URI)) { + log.warn("Single LogOut process is not completed."); + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + } else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + if (sloResp.getStatus().getStatusCode().getStatusCode() != null && + !sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) { + log.info("Single LogOut process complete."); + request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS, + LanguageHelper.getErrorString("webpages.slo.success", request)); + + } else { + log.warn("Single LogOut process is not completed."); + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + } + + } else { + log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode() + .getValue()); + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + } + String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; + redirectURL = response.encodeRedirectURL(redirectURL); + response.setContentType("text/html"); + response.setStatus(302); + response.addHeader("Location", redirectURL); + + } + + protected SingleLogoutService findIDPFrontChannelSLOService() throws ConfigurationException, SLOException { + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + try { + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + + } + + // select authentication-service url from metadata + SingleLogoutService redirectEndpoint = null; + for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleLogoutServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + redirectEndpoint = sss; + } else if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && + redirectEndpoint == null) { + redirectEndpoint = sss; + } + } + + if (redirectEndpoint == null) { + log.warn("Single LogOut FAILED: IDP implements no frontchannel SLO service."); + throw new SLOException("Single LogOut FAILED: IDP implements no frontchannel SLO service."); + } + + return redirectEndpoint; + } catch (final MetadataProviderException e) { + log.info("IDP EntityName is not found in IDP Metadata", e); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + + } + } + + protected ConfigurationProvider getConfig() { + return config; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java index 274aa21bf..ac9d65cbf 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java @@ -77,221 +77,230 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class SLOFrontChannelServlet extends SLOBasicServlet { - private static final long serialVersionUID = -6280199681356977759L; - private static final Logger log = LoggerFactory - .getLogger(SLOFrontChannelServlet.class); - - /** - * @throws ConfigurationException - */ - public SLOFrontChannelServlet() throws ConfigurationException { - super(); - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) { - //process user initiated single logout process - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - - if (authUserObj == null) { - log.warn("No user information found. Single Log-Out not possible"); - buildErrorMessage(request, response); - - } - - AuthenticatedUser authUser = (AuthenticatedUser) authUserObj; - - String nameIDFormat = authUser.getNameIDFormat(); - String nameID = authUser.getNameID(); - - //remove user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.removeActiveUser(authUser); - - if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { - log.warn("No user information found. Single Log-Out not possible"); - buildErrorMessage(request, response); - - } else - log.info("Fount user information for user nameID: " + nameID - + " , nameIDFormat: " + nameIDFormat - + ". Build Single Log-Out request ..."); - - //build SLO request to IDP - LogoutRequest sloReq = createLogOutRequest(nameID, nameIDFormat, request); - - request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID()); - - //send message - sendMessage(request, response, sloReq, null); - - } else { - //process PVP 2.1 single logout process - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( - new BasicParserPool()); - BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - PVP2Utils.getTrustEngine(getConfig())); - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); - SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setSecurityPolicyResolver(resolver); - messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - - decode.decode(messageContext); - - signatureRule.evaluate(messageContext); - - - processMessage(request, response, - messageContext.getInboundMessage(), messageContext.getRelayState()); - - } - - } catch (SLOException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (ConfigurationException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (PVP2Exception e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (SecurityPolicyException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (MessageDecodingException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (SecurityException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (NoSuchAlgorithmException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - decode.decode(messageContext); - - PVP2Utils.validateSignature((SignableXMLObject) messageContext.getInboundMessage(), getConfig()); - - processMessage(request, response, - messageContext.getInboundMessage(), messageContext.getRelayState()); - - - } catch (MessageDecodingException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (SecurityException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (ValidationException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (ConfigurationException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (PVP2Exception e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } catch (NoSuchAlgorithmException e) { - log.error("Single LogOut processing error.", e); - buildErrorMessage(request, response); - - } - } - - private void buildErrorMessage(HttpServletRequest request, HttpServletResponse response) { - - request.getSession().setAttribute(Constants.SESSION_SLOERROR, - LanguageHelper.getErrorString("webpages.slo.error", request)); - - //check response destination - String serviceURL = getConfig().getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; - redirectURL = response.encodeRedirectURL(redirectURL); - response.setContentType("text/html"); - response.setStatus(302); - response.addHeader("Location", redirectURL); - } - - private void processMessage(HttpServletRequest request, HttpServletResponse response, - XMLObject xmlObject, String relayState) throws ConfigurationException, PVP2Exception, NoSuchAlgorithmException { - if (xmlObject instanceof LogoutRequest) { - LogoutResponse sloResp = - processLogOutRequest((LogoutRequest) xmlObject, request); - sendMessage(request, response, sloResp, relayState); - - } else if (xmlObject instanceof LogoutResponse) { - LogoutResponse sloResp = (LogoutResponse) xmlObject; - - String reqID = (String) request.getSession().getAttribute(Constants.SESSION_PVP2REQUESTID); - request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, null); - validateLogOutResponse(sloResp, reqID, request, response); - - } - } - - private void sendMessage(HttpServletRequest request, HttpServletResponse response, - RequestAbstractType sloReq, String relayState) throws ConfigurationException, PVP2Exception { - SingleLogoutService sloService = findIDPFrontChannelSLOService(); - sloReq.setDestination(sloService.getLocation()); - sendMessage(request, response, sloReq, sloService, relayState); - } - - private void sendMessage(HttpServletRequest request, HttpServletResponse response, - StatusResponseType sloReq, String relayState) throws ConfigurationException, PVP2Exception { - SingleLogoutService sloService = findIDPFrontChannelSLOService(); - sloReq.setDestination(sloService.getLocation()); - sendMessage(request, response, sloReq, sloService, relayState); - } - - private void sendMessage(HttpServletRequest request, HttpServletResponse response, - SignableSAMLObject sloReq, SingleLogoutService sloService, String relayState) throws ConfigurationException, PVP2Exception { - X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) sloReq, getConfig()); - if (sloService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) - PVP2Utils.postBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), relayState); - - else if (sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) - PVP2Utils.redirectBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), relayState); - } - + private static final long serialVersionUID = -6280199681356977759L; + private static final Logger log = LoggerFactory + .getLogger(SLOFrontChannelServlet.class); + + /** + * @throws ConfigurationException + */ + public SLOFrontChannelServlet() throws ConfigurationException { + super(); + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) { + // process user initiated single logout process + final Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + if (authUserObj == null) { + log.warn("No user information found. Single Log-Out not possible"); + buildErrorMessage(request, response); + + } + + final AuthenticatedUser authUser = (AuthenticatedUser) authUserObj; + + final String nameIDFormat = authUser.getNameIDFormat(); + final String nameID = authUser.getNameID(); + + // remove user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.removeActiveUser(authUser); + + if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { + log.warn("No user information found. Single Log-Out not possible"); + buildErrorMessage(request, response); + + } else { + log.info("Fount user information for user nameID: " + nameID + + " , nameIDFormat: " + nameIDFormat + + ". Build Single Log-Out request ..."); + } + + // build SLO request to IDP + final LogoutRequest sloReq = createLogOutRequest(nameID, nameIDFormat, request); + + request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID()); + + // send message + sendMessage(request, response, sloReq, null); + + } else { + // process PVP 2.1 single logout process + final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + final BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = + new BasicSAMLMessageContext<>(); + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); + + final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + PVP2Utils.getTrustEngine(getConfig())); + final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); + final BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); + final SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setSecurityPolicyResolver(resolver); + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + decode.decode(messageContext); + + signatureRule.evaluate(messageContext); + + processMessage(request, response, + messageContext.getInboundMessage(), messageContext.getRelayState()); + + } + + } catch (final SLOException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final ConfigurationException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final PVP2Exception e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final SecurityPolicyException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final MessageDecodingException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final SecurityException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final NoSuchAlgorithmException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + final BasicSAMLMessageContext<Response, ?, ?> messageContext = + new BasicSAMLMessageContext<>(); + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + decode.decode(messageContext); + + PVP2Utils.validateSignature((SignableXMLObject) messageContext.getInboundMessage(), getConfig()); + + processMessage(request, response, + messageContext.getInboundMessage(), messageContext.getRelayState()); + + } catch (final MessageDecodingException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final SecurityException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final ValidationException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final ConfigurationException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final PVP2Exception e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } catch (final NoSuchAlgorithmException e) { + log.error("Single LogOut processing error.", e); + buildErrorMessage(request, response); + + } + } + + private void buildErrorMessage(HttpServletRequest request, HttpServletResponse response) { + + request.getSession().setAttribute(Constants.SESSION_SLOERROR, + LanguageHelper.getErrorString("webpages.slo.error", request)); + + // check response destination + String serviceURL = getConfig().getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + String redirectURL = serviceURL + Constants.SERVLET_LOGOUT; + redirectURL = response.encodeRedirectURL(redirectURL); + response.setContentType("text/html"); + response.setStatus(302); + response.addHeader("Location", redirectURL); + } + + private void processMessage(HttpServletRequest request, HttpServletResponse response, + XMLObject xmlObject, String relayState) throws ConfigurationException, PVP2Exception, + NoSuchAlgorithmException { + if (xmlObject instanceof LogoutRequest) { + final LogoutResponse sloResp = + processLogOutRequest((LogoutRequest) xmlObject, request); + sendMessage(request, response, sloResp, relayState); + + } else if (xmlObject instanceof LogoutResponse) { + final LogoutResponse sloResp = (LogoutResponse) xmlObject; + + final String reqID = (String) request.getSession().getAttribute(Constants.SESSION_PVP2REQUESTID); + request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, null); + validateLogOutResponse(sloResp, reqID, request, response); + + } + } + + private void sendMessage(HttpServletRequest request, HttpServletResponse response, + RequestAbstractType sloReq, String relayState) throws ConfigurationException, PVP2Exception { + final SingleLogoutService sloService = findIDPFrontChannelSLOService(); + sloReq.setDestination(sloService.getLocation()); + sendMessage(request, response, sloReq, sloService, relayState); + } + + private void sendMessage(HttpServletRequest request, HttpServletResponse response, + StatusResponseType sloReq, String relayState) throws ConfigurationException, PVP2Exception { + final SingleLogoutService sloService = findIDPFrontChannelSLOService(); + sloReq.setDestination(sloService.getLocation()); + sendMessage(request, response, sloReq, sloService, relayState); + } + + private void sendMessage(HttpServletRequest request, HttpServletResponse response, + SignableSAMLObject sloReq, SingleLogoutService sloService, String relayState) + throws ConfigurationException, PVP2Exception { + final X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) sloReq, + getConfig()); + if (sloService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + PVP2Utils.postBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), + relayState); + } else if (sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + PVP2Utils.redirectBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), + relayState); + } + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index ef6c951c2..2cce2ebab 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -33,9 +33,12 @@ import java.net.URL; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.Security; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; +import java.util.Optional; import java.util.Properties; import java.util.Timer; import java.util.jar.Attributes; @@ -44,7 +47,6 @@ import java.util.jar.Manifest; import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.MOAHttpClient; -import org.apache.log4j.Logger; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.xml.parse.BasicParserPool; @@ -55,6 +57,9 @@ import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; import org.springframework.context.support.GenericApplicationContext; +import com.google.common.collect.Streams; + +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; @@ -65,652 +70,691 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration; import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import iaik.asn1.structures.AlgorithmID; +import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class ConfigurationProvider { - public static final String HTMLTEMPLATE_DIR = "/htmlTemplates"; - public static final String HTMLTEMPLATE_FILE = "/loginFormFull.html"; - - private static final Logger log = Logger.getLogger(ConfigurationProvider.class); - - private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; - - private static ConfigurationProvider instance; - private Properties props; - private String configFileName; - private String configRootDir; - - private HTTPMetadataProvider idpMetadataProvider = null; - private KeyStore keyStore = null; - - private String publicURLPreFix = null; - - private boolean pvp2logininitialzied = false; - - private ClassPathXmlApplicationContext context = null; - private MOAIDConfigurationModul configModule = null; - private NewConfigurationDBRead deprecatedDBRead = null; - private FileBasedUserConfiguration userManagement = null; - - private ArrayList<String> activeProfiles = new ArrayList<String>(); - - public static ConfigurationProvider getInstance() throws ConfigurationException { - - if (instance == null) { - instance = new ConfigurationProvider(); - instance.inizialize(); - - } - - return instance; - } - - private void inizialize() throws ConfigurationException { - - log.info("Set SystemProperty for UTF-8 file.encoding as default"); - System.setProperty("file.encoding", "UTF-8"); - - configFileName = System.getProperty(SYSTEM_PROP_CONFIG); - - if (configFileName == null) { - throw new ConfigurationException("config.05"); - } - try { - URI fileURI = new URI(configFileName); - File propertiesFile = new File(fileURI); - - // determine the directory of the root config file - String rootConfigFileDir = propertiesFile.getParent(); - configRootDir = new File(rootConfigFileDir).toURI().toURL().toString();; - - log.info("Loading MOA-ID-AUTH configuration " + configFileName); - - //Initial Hibernate Framework - log.trace("Initializing Hibernate framework."); - - //Load MOAID-2.0 properties file - - - FileInputStream fis; - props = new Properties(); - - fis = new FileInputStream(propertiesFile); - props.load(fis); - fis.close(); + public static final String HTMLTEMPLATE_DIR = "/htmlTemplates"; + public static final String HTMLTEMPLATE_FILE = "/loginFormFull.html"; + + private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; + + private static ConfigurationProvider instance; + private Properties props; + private String configFileName; + private String configRootDir; + + private HTTPMetadataProvider idpMetadataProvider = null; + private KeyStore keyStore = null; + + private String publicURLPreFix = null; + + private boolean pvp2logininitialzied = false; + + private ClassPathXmlApplicationContext context = null; + private MOAIDConfigurationModul configModule = null; + private NewConfigurationDBRead deprecatedDBRead = null; + private FileBasedUserConfiguration userManagement = null; + + private final ArrayList<String> activeProfiles = new ArrayList<>(); + + public static ConfigurationProvider getInstance() throws ConfigurationException { + + if (instance == null) { + instance = new ConfigurationProvider(); + instance.inizialize(); + + } + + return instance; + } + + private void inizialize() throws ConfigurationException { + + log.info("Set SystemProperty for UTF-8 file.encoding as default"); + System.setProperty("file.encoding", "UTF-8"); + + configFileName = System.getProperty(SYSTEM_PROP_CONFIG); + + if (configFileName == null) { + throw new ConfigurationException("config.05"); + } + try { + final URI fileURI = new URI(configFileName); + final File propertiesFile = new File(fileURI); + + // determine the directory of the root config file + final String rootConfigFileDir = propertiesFile.getParent(); + configRootDir = new File(rootConfigFileDir).toURI().toURL().toString(); + + log.info("Loading MOA-ID-AUTH configuration " + configFileName); + + // Initial Hibernate Framework + log.trace("Initializing Hibernate framework."); + + // Load MOAID-2.0 properties file + + FileInputStream fis; + props = new Properties(); + + fis = new FileInputStream(propertiesFile); + props.load(fis); + fis.close(); // //Workaround -> can be removed in next version // if (MiscUtil.isEmpty(System.getProperty("spring.profiles.active"))) { // log.info("Set System-Property to activate 'byteBased' config values"); // System.setProperty("spring.profiles.active", "byteBasedConfig"); -// +// // } - - //initialize generic SpringContext to set profiles - GenericApplicationContext rootContext = new GenericApplicationContext(); + + // initialize generic SpringContext to set profiles + final GenericApplicationContext rootContext = new GenericApplicationContext(); // if (Boolean.valueOf(props.getProperty("configuration.database.byteBasedValues", "false"))) -// activeProfiles.add(SpringProfileConstants.BYTEBASEDCONFIG); +// activeProfiles.add(SpringProfileConstants.BYTEBASEDCONFIG); // for (String el: activeProfiles) // rootContext.getEnvironment().addActiveProfile(el); - //refresh generic context - rootContext.refresh(); - - //initialize SpringContext - context = new ClassPathXmlApplicationContext( - new String[] { "configuration.beans.xml", - "moaid.webgui.beans.xml", - "moaid.migration.beans.xml", - "moaid.configurationtool.beans.xml" - }, rootContext); - - - log.info("Spring-context was initialized with active profiles: " - + Arrays.asList(context.getEnvironment().getActiveProfiles())); - - //Autowire beans in these context - AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); - acbFactory.autowireBean(this); - - - log.info("Hibernate initialization finished."); - - DefaultBootstrap.bootstrap(); - log.info("OPENSAML initialized"); - - UserRequestCleaner.start(); - - fixJava8_141ProblemWithSSLAlgorithms(); - - log.info("MOA-ID-Configuration initialization completed"); - - - } catch (FileNotFoundException e) { - throw new ConfigurationException("config.01", new Object[]{configFileName}, e); - - } catch (IOException e) { - throw new ConfigurationException("config.02", new Object[]{configFileName}, e); - - } catch (org.opensaml.xml.ConfigurationException e) { - throw new ConfigurationException("config.04", e); - - } catch (URISyntaxException e) { - throw new ConfigurationException("config.01", new Object[]{configFileName}, e); - } - - } - - private static void fixJava8_141ProblemWithSSLAlgorithms() { - log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); - //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", - new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", - new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", - new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", - new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", - new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); + // refresh generic context + rootContext.refresh(); + + // initialize SpringContext + context = new ClassPathXmlApplicationContext( + new String[] { "configuration.beans.xml", + "moaid.webgui.beans.xml", + "moaid.migration.beans.xml", + "moaid.configurationtool.beans.xml" + }, rootContext); + + log.info("Spring-context was initialized with active profiles: " + + Arrays.asList(context.getEnvironment().getActiveProfiles())); + + // Autowire beans in these context + final AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory(); + acbFactory.autowireBean(this); + + log.info("Hibernate initialization finished."); + + //check if IAIK provider is already loaded in first place + Optional<Pair<Long, Provider>> isIaikProviderLoaded = Streams.mapWithIndex( + Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str)) + .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName())) + .findAny(); + + DefaultBootstrap.bootstrap(); + log.info("OPENSAML initialized"); + + UserRequestCleaner.start(); + + fixJava8_141ProblemWithSSLAlgorithms(); + + //load a first place + checkSecuityProviderPosition(isIaikProviderLoaded); + + if (Logger.isDebugEnabled()) { + log.debug("Loaded Security Provider:"); + Provider[] providerList = Security.getProviders(); + for (int i=0; i<providerList.length; i++) + log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion()); + + } + + log.info("MOA-ID-Configuration initialization completed"); + + } catch (final FileNotFoundException e) { + throw new ConfigurationException("config.01", new Object[] { configFileName }, e); + + } catch (final IOException e) { + throw new ConfigurationException("config.02", new Object[] { configFileName }, e); + + } catch (final org.opensaml.xml.ConfigurationException e) { + throw new ConfigurationException("config.04", e); + + } catch (final URISyntaxException e) { + throw new ConfigurationException("config.01", new Object[] { configFileName }, e); + } + + } + + private void checkSecuityProviderPosition(Optional<Pair<Long, Provider>> iaikProviderLoadedBefore) { + if (iaikProviderLoadedBefore.isPresent() && iaikProviderLoadedBefore.get().getFirst() == 0) { + Optional<Pair<Long, Provider>> iaikProviderLoadedNow = Streams.mapWithIndex( + Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str)) + .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName())) + .findAny(); + + if (iaikProviderLoadedNow.isPresent() && iaikProviderLoadedNow.get().getFirst() != + iaikProviderLoadedBefore.get().getFirst()) { + log.debug("IAIK Provider was loaded before on place: {}, but it's now on place: {}. Starting re-ordering ... ", + iaikProviderLoadedBefore.get().getFirst(), iaikProviderLoadedNow.get().getFirst()); + Security.removeProvider(IAIK.getInstance().getName()); + Security.insertProviderAt(IAIK.getInstance(), 0); + log.info("Re-ordering of Security Provider done."); + + } else { + log.debug("IAIK Provider was loaded before on place: {} and it's already there. Nothing todo", + iaikProviderLoadedBefore.get().getFirst()); + + } + } else { + if (iaikProviderLoadedBefore.isPresent()) { + log.debug("IAIK Provider was loaded before on place: {}. Nothing todo", + iaikProviderLoadedBefore.get().getFirst()); - log.info("Change AlgorithmIDs finished"); + } else { + log.debug("IAIK Provider was not loaded before. Nothing todo"); + + } + + } + + } + + private static void fixJava8_141ProblemWithSSLAlgorithms() { + log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); + // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] + // { "MD5withRSA", "MD5/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", + new String[] { "SHA1withRSA", "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", + new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", + new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", + new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", + new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); + + log.info("Change AlgorithmIDs finished"); + } + + @Autowired(required = true) + public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) { + this.configModule = module; + } + + /** + * @param dbRead the dbRead to set + */ + @Autowired(required = true) + public void setDbRead(NewConfigurationDBRead dbRead) { + this.deprecatedDBRead = dbRead; + } + + /** + * @return the props + */ + public Properties getConfigurationProperties() { + return props; + } + + /** + * @return the deprecatedDBWrite + */ + public FileBasedUserConfiguration getUserManagement() { + return userManagement; + } + + /** + * @param deprecatedDBWrite the deprecatedDBWrite to set + */ + @Autowired(required = true) + public void setUserManagement(FileBasedUserConfiguration userManagement) { + this.userManagement = userManagement; + } + + public String getPublicUrlPreFix(HttpServletRequest request) { + publicURLPreFix = props.getProperty("general.publicURLContext"); + + if (MiscUtil.isEmpty(publicURLPreFix) && request != null) { + final String url = request.getRequestURL().toString(); + final String contextpath = request.getContextPath(); + final int index = url.indexOf(contextpath); + publicURLPreFix = url.substring(0, index + contextpath.length() + 1); } - - @Autowired(required = true) - public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) { - this.configModule = module; - } - - - - /** - * @param dbRead the dbRead to set - */ - @Autowired(required = true) - public void setDbRead(NewConfigurationDBRead dbRead) { - this.deprecatedDBRead = dbRead; - } - - - - /** - * @return the props - */ - public Properties getConfigurationProperties() { - return props; - } - - /** - * @return the deprecatedDBWrite - */ - public FileBasedUserConfiguration getUserManagement() { - return userManagement; - } - - /** - * @param deprecatedDBWrite the deprecatedDBWrite to set - */ - @Autowired(required = true) - public void setUserManagement(FileBasedUserConfiguration userManagement) { - this.userManagement = userManagement; - } - - - public String getPublicUrlPreFix(HttpServletRequest request) { - publicURLPreFix = props.getProperty("general.publicURLContext"); - - if (MiscUtil.isEmpty(publicURLPreFix) && request != null) { - String url = request.getRequestURL().toString(); - String contextpath = request.getContextPath(); - int index = url.indexOf(contextpath); - publicURLPreFix = url.substring(0, index + contextpath.length() + 1); - } - - return publicURLPreFix; - } - - public int getUserRequestCleanUpDelay() { - String delay = props.getProperty("general.userrequests.cleanup.delay"); - return Integer.getInteger(delay, 12); - } - + + return publicURLPreFix; + } + + public int getUserRequestCleanUpDelay() { + final String delay = props.getProperty("general.userrequests.cleanup.delay"); + return Integer.getInteger(delay, 12); + } + // public String getContactMailAddress() { // return props.getProperty("general.contact.mail"); // } - - public String getSSOLogOutURL() { - return props.getProperty("general.login.pvp2.idp.sso.logout.url"); - } - - public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException { - if (keyStore == null) { - String keystoretype = getPVP2MetadataKeystoreType(); - if (MiscUtil.isEmpty(keystoretype)) { - log.debug("No KeyStoreType defined. Using default KeyStoreType."); - keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - - } else { - log.debug("Using " + keystoretype + " KeyStoreType."); - keyStore = KeyStore.getInstance(keystoretype); - - } - - - String fileURL = getPVP2MetadataKeystoreURL(); - log.debug("Load KeyStore from URL " + fileURL); - if (MiscUtil.isEmpty(fileURL)) { - log.info("Metadata KeyStoreURL is empty"); - throw new ConfigurationException("Metadata KeyStoreURL is empty"); - } - - URL keystoreURL = new URL((FileUtils.makeAbsoluteURL(fileURL, getConfigRootDir()))); - InputStream inputStream = keystoreURL.openStream(); - keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray()); - inputStream.close(); - } - - return keyStore; - - } - - public String getConfigFile() { - return configFileName; - } - - public String getConfigRootDir() { - return configRootDir; - } - - public boolean isMOAIDMode() { - String result = props.getProperty("general.moaidmode.active", "true"); - return Boolean.parseBoolean(result); - } - - public String getMOAIDInstanceURL() { - return props.getProperty("general.moaid.instance.url"); - } - - public boolean isLoginDeaktivated() { - String result = props.getProperty("general.login.deaktivate", "false"); - return Boolean.parseBoolean(result); - } - - public boolean isOATargetVerificationDeaktivated() { - String result = props.getProperty("general.OATargetVerification.deaktivate", "false"); - return Boolean.parseBoolean(result); - } - - //PVP2 Login configuration - - public void initializePVP2Login() throws ConfigurationException { - if (!pvp2logininitialzied) - initalPVP2Login(); - } - - public boolean isPVP2LoginActive() { - - return Boolean.parseBoolean(props.getProperty("general.login.pvp2.isactive", "false")); - } - - public boolean isPVP2LoginBusinessService() { - String result = props.getProperty("general.login.pvp2.isbusinessservice", "false"); - return Boolean.parseBoolean(result); - } - - public String getPVP2LoginTarget() { - return props.getProperty("general.login.pvp2.target"); - } - - public String getPVP2LoginIdenificationValue() { - return props.getProperty("general.login.pvp2.identificationvalue"); - } - - public String getPVP2MetadataEntitiesName() { - return props.getProperty("general.login.pvp2.metadata.entities.name"); - } - - public String getPVP2MetadataKeystoreURL() { - return props.getProperty("general.login.pvp2.keystore.url"); - } - - public String getPVP2MetadataKeystorePassword() { - return props.getProperty("general.login.pvp2.keystore.password"); - } - - public String getPVP2MetadataKeystoreType() { - return props.getProperty("general.login.pvp2.keystore.type"); - } - - public String getPVP2KeystoreMetadataKeyAlias() { - return props.getProperty("general.login.pvp2.keystore.metadata.key.alias"); - } - - public String getPVP2KeystoreMetadataKeyPassword() { - return props.getProperty("general.login.pvp2.keystore.metadata.key.password"); - } - - public String getPVP2KeystoreAuthRequestKeyAlias() { - return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias"); - } - - public String getPVP2KeystoreAuthRequestKeyPassword() { - return props.getProperty("general.login.pvp2.keystore.authrequest.key.password"); - } - - public String getPVP2KeystoreAuthRequestEncryptionKeyAlias() { - return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.alias"); - } - - public String getPVP2KeystoreAuthRequestEncryptionKeyPassword() { - return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.password"); - } - - public String getPVP2IDPMetadataURL() { - return props.getProperty("general.login.pvp2.idp.metadata.url"); - } - - public String getPVP2IDPMetadataCertificate() { - return props.getProperty("general.login.pvp2.idp.metadata.certificate"); - } - - public String getPVP2IDPMetadataEntityName() { - return props.getProperty("general.login.pvp2.idp.metadata.entityID"); - } - - public HTTPMetadataProvider getMetaDataProvier() { - return idpMetadataProvider; - } - - - //SMTP Server - public String getSMTPMailHost() { - return props.getProperty("general.mail.host"); - } - - public String getSMTPMailPort() { - return props.getProperty("general.mail.host.port"); - } - - public String getSMTPMailUsername() { - return props.getProperty("general.mail.host.username"); - } - - public String getSMTPMailPassword() { - return props.getProperty("general.mail.host.password"); - } - - //Mail Configuration - public String getMailFromName() { - return props.getProperty("general.mail.from.name"); - } - - public String getMailFromAddress() { - return props.getProperty("general.mail.from.address"); - } - - public String getMailUserAcountVerificationSubject() { - return props.getProperty("general.mail.useraccountrequest.verification.subject"); - } - - public String getMailUserAcountVerificationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.useraccountrequest.verification.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountVerificationTemplate is empty"); - throw new ConfigurationException("MailUserAcountVerificationTemplate is empty"); - - } - } - - public String getMailUserAcountActivationSubject() { - return props.getProperty("general.mail.useraccountrequest.isactive.subject"); - } - - public String getMailUserAcountActivationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.useraccountrequest.isactive.template"); - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountActivationTemplate is empty"); - throw new ConfigurationException("MailUserAcountActivationTemplate is empty"); - - } - - } - - public String getMailOAActivationSubject() { - return props.getProperty("general.mail.createOArequest.isactive.subject"); - } - - public String getDefaultLanguage() { + + public String getSSOLogOutURL() { + return props.getProperty("general.login.pvp2.idp.sso.logout.url"); + } + + public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, + CertificateException, KeyStoreException { + if (keyStore == null) { + final String keystoretype = getPVP2MetadataKeystoreType(); + if (MiscUtil.isEmpty(keystoretype)) { + log.debug("No KeyStoreType defined. Using default KeyStoreType."); + keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + + } else { + log.debug("Using " + keystoretype + " KeyStoreType."); + keyStore = KeyStore.getInstance(keystoretype); + + } + + final String fileURL = getPVP2MetadataKeystoreURL(); + log.debug("Load KeyStore from URL " + fileURL); + if (MiscUtil.isEmpty(fileURL)) { + log.info("Metadata KeyStoreURL is empty"); + throw new ConfigurationException("Metadata KeyStoreURL is empty"); + } + + final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(fileURL, getConfigRootDir())); + final InputStream inputStream = keystoreURL.openStream(); + keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray()); + inputStream.close(); + } + + return keyStore; + + } + + public String getConfigFile() { + return configFileName; + } + + public String getConfigRootDir() { + return configRootDir; + } + + public boolean isMOAIDMode() { + final String result = props.getProperty("general.moaidmode.active", "true"); + return Boolean.parseBoolean(result); + } + + public String getMOAIDInstanceURL() { + return props.getProperty("general.moaid.instance.url"); + } + + public boolean isLoginDeaktivated() { + final String result = props.getProperty("general.login.deaktivate", "false"); + return Boolean.parseBoolean(result); + } + + public boolean isOATargetVerificationDeaktivated() { + final String result = props.getProperty("general.OATargetVerification.deaktivate", "false"); + return Boolean.parseBoolean(result); + } + + // PVP2 Login configuration + + public void initializePVP2Login() throws ConfigurationException { + if (!pvp2logininitialzied) { + initalPVP2Login(); + } + } + + public boolean isPVP2LoginActive() { + + return Boolean.parseBoolean(props.getProperty("general.login.pvp2.isactive", "false")); + } + + public boolean isPVP2LoginBusinessService() { + final String result = props.getProperty("general.login.pvp2.isbusinessservice", "false"); + return Boolean.parseBoolean(result); + } + + public String getPVP2LoginTarget() { + return props.getProperty("general.login.pvp2.target"); + } + + public String getPVP2LoginIdenificationValue() { + return props.getProperty("general.login.pvp2.identificationvalue"); + } + + public String getPVP2MetadataEntitiesName() { + return props.getProperty("general.login.pvp2.metadata.entities.name"); + } + + public String getPVP2MetadataKeystoreURL() { + return props.getProperty("general.login.pvp2.keystore.url"); + } + + public String getPVP2MetadataKeystorePassword() { + return props.getProperty("general.login.pvp2.keystore.password"); + } + + public String getPVP2MetadataKeystoreType() { + return props.getProperty("general.login.pvp2.keystore.type"); + } + + public String getPVP2KeystoreMetadataKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.metadata.key.alias"); + } + + public String getPVP2KeystoreMetadataKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.metadata.key.password"); + } + + public String getPVP2KeystoreAuthRequestKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias"); + } + + public String getPVP2KeystoreAuthRequestKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.authrequest.key.password"); + } + + public String getPVP2KeystoreAuthRequestEncryptionKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.alias"); + } + + public String getPVP2KeystoreAuthRequestEncryptionKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.password"); + } + + public String getPVP2IDPMetadataURL() { + return props.getProperty("general.login.pvp2.idp.metadata.url"); + } + + public String getPVP2IDPMetadataCertificate() { + return props.getProperty("general.login.pvp2.idp.metadata.certificate"); + } + + public String getPVP2IDPMetadataEntityName() { + return props.getProperty("general.login.pvp2.idp.metadata.entityID"); + } + + public HTTPMetadataProvider getMetaDataProvier() { + return idpMetadataProvider; + } + + // SMTP Server + public String getSMTPMailHost() { + return props.getProperty("general.mail.host"); + } + + public String getSMTPMailPort() { + return props.getProperty("general.mail.host.port"); + } + + public String getSMTPMailUsername() { + return props.getProperty("general.mail.host.username"); + } + + public String getSMTPMailPassword() { + return props.getProperty("general.mail.host.password"); + } + + // Mail Configuration + public String getMailFromName() { + return props.getProperty("general.mail.from.name"); + } + + public String getMailFromAddress() { + return props.getProperty("general.mail.from.address"); + } + + public String getMailUserAcountVerificationSubject() { + return props.getProperty("general.mail.useraccountrequest.verification.subject"); + } + + public String getMailUserAcountVerificationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.useraccountrequest.verification.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountVerificationTemplate is empty"); + + } + } + + public String getMailUserAcountActivationSubject() { + return props.getProperty("general.mail.useraccountrequest.isactive.subject"); + } + + public String getMailUserAcountActivationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.useraccountrequest.isactive.template"); + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountActivationTemplate is empty"); + throw new ConfigurationException("MailUserAcountActivationTemplate is empty"); + + } + + } + + public String getMailOAActivationSubject() { + return props.getProperty("general.mail.createOArequest.isactive.subject"); + } + + public String getDefaultLanguage() { + try { + return props.getProperty("general.defaultlanguage", "de").toLowerCase(); + } catch (final Exception ex) { + return "de"; + } + } + + public String getMailOAActivationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.createOArequest.isactive.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailOAActivationTemplate is empty"); + throw new ConfigurationException("MailOAActivationTemplate is empty"); + + } + + } + + public String getMailUserAcountRevocationTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.useraccountrequest.rejected.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountRevocationTemplate is empty"); + + } + } + + public String getMailAdminSubject() { + return props.getProperty("general.mail.admin.subject"); + } + + public String getMailAdminTemplate() throws ConfigurationException { + final String url = props.getProperty("general.mail.admin.adresses.template"); + + if (MiscUtil.isNotEmpty(url)) { + return url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailAdminTemplate is empty"); + + } + } + + public String getMailAdminAddress() { + return props.getProperty("general.mail.admin.adress"); + } + + public String getConfigToolVersion() { + return parseVersionFromManifest(); + } + + public String getCertStoreDirectory() throws ConfigurationException { + final String dir = props.getProperty("general.ssl.certstore"); + if (MiscUtil.isNotEmpty(dir)) { + return FileUtils.makeAbsoluteURL(dir, configRootDir); + } else { + throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore."); + } + + } + + public String getTrustStoreDirectory() throws ConfigurationException { + final String dir = props.getProperty("general.ssl.truststore"); + if (MiscUtil.isNotEmpty(dir)) { + return FileUtils.makeAbsoluteURL(dir, configRootDir); + } else { + throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore."); + } + + } + + public String getConfigurationEncryptionKey() { + return props.getProperty("general.moaconfig.key"); + + } + + public boolean isPVPMetadataSchemaValidationActive() { + return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true")); + + } + + /** + * @return + */ + private boolean isHostNameValidationEnabled() { + return Boolean.parseBoolean(props.getProperty("general.ssl.hostnamevalidation", "true")); + + } + + /** + * @return the context + */ + public ApplicationContext getContext() { + return context; + } + + /** + * @return the configModule + */ + public MOAIDConfigurationModul getConfigModule() { + return configModule; + } + + /** + * @return the dbRead + */ + public NewConfigurationDBRead getDbRead() { + return deprecatedDBRead; + } + + private void initalPVP2Login() throws ConfigurationException { + try { + + final String metadataCert = getPVP2IDPMetadataCertificate(); + if (MiscUtil.isEmpty(metadataCert)) { + log.info("NO IDP Certificate to verify IDP Metadata"); + throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); + } + + final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(metadataCert, getConfigRootDir())); + final InputStream certstream = keystoreURL.openStream(); + final X509Certificate cert = new X509Certificate(certstream); + final BasicX509Credential idpCredential = new BasicX509Credential(); + idpCredential.setEntityCertificate(cert); + + log.debug("IDP Certificate loading finished"); + + final String metadataurl = getPVP2IDPMetadataURL(); + if (MiscUtil.isEmpty(metadataurl)) { + log.info("NO IDP Metadata URL."); + throw new ConfigurationException("NO IDP Metadata URL."); + } + + final MOAHttpClient httpClient = new MOAHttpClient(); + + if (metadataurl.startsWith("https:")) { try { - return props.getProperty("general.defaultlanguage", "de").toLowerCase(); - } catch (Exception ex) { - return "de"; + final MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + true, + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true, + new String[] { "crl" }, + ConfigurationProvider.getInstance().isHostNameValidationEnabled()); + + httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); + + } catch (final MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + } + } + + idpMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, metadataurl); + idpMetadataProvider.setRequireValidMetadata(true); + idpMetadataProvider.setParserPool(new BasicParserPool()); + idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); + idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12); // refresh Metadata every 12h + idpMetadataProvider.initialize(); + + pvp2logininitialzied = true; + + } catch (final Exception e) { + log.warn("PVP2 authentification can not be initialized."); + throw new ConfigurationException("error.initialization.pvplogin", e); + } + } + + private String parseVersionFromManifest() { + + try { + final Class clazz = ConfigurationProvider.class; + final String className = clazz.getSimpleName() + ".class"; + final String classPath = clazz.getResource(className).toString(); + + if (classPath.startsWith("jar")) { + log.info("MOA-ID-Configuration Version can NOT parsed from Manifest. Set blank Version"); + return Constants.DEFAULT_VERSION; + + } + + final String manifestPath = classPath.substring(0, classPath.lastIndexOf("WEB-INF/classes/") + + "WEB-INF/classes/".length()) + + "../../META-INF/MANIFEST.MF"; + + final Manifest manifest = new Manifest(new URL(manifestPath).openStream()); + + final Attributes attributes = manifest.getMainAttributes(); + final String version = attributes.getValue("version"); + + if (MiscUtil.isNotEmpty(version)) { + return version; + } else { + log.info("MOA-ID-Configuration Version not found in Manifest. Set blank Version"); + return Constants.DEFAULT_VERSION; + + } + + } catch (final Throwable e) { + log.info("MOA-ID Version can NOT parsed from Manifest. Set blank Version"); + + return Constants.DEFAULT_VERSION; } - - public String getMailOAActivationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.createOArequest.isactive.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailOAActivationTemplate is empty"); - throw new ConfigurationException("MailOAActivationTemplate is empty"); - - } - - } - - public String getMailUserAcountRevocationTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.useraccountrequest.rejected.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountVerificationTemplate is empty"); - throw new ConfigurationException("MailUserAcountRevocationTemplate is empty"); - - } - } - - public String getMailAdminSubject() { - return props.getProperty("general.mail.admin.subject"); - } - - public String getMailAdminTemplate() throws ConfigurationException { - String url = props.getProperty("general.mail.admin.adresses.template"); - - if (MiscUtil.isNotEmpty(url)) { - return url; - - } else { - log.warn("MailUserAcountVerificationTemplate is empty"); - throw new ConfigurationException("MailAdminTemplate is empty"); - - } - } - - public String getMailAdminAddress() { - return props.getProperty("general.mail.admin.adress"); - } - - public String getConfigToolVersion() { - return parseVersionFromManifest(); - } - - public String getCertStoreDirectory() throws ConfigurationException { - String dir = props.getProperty("general.ssl.certstore"); - if (MiscUtil.isNotEmpty(dir)) - return FileUtils.makeAbsoluteURL(dir, configRootDir); - - else - throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore."); - - } - - public String getTrustStoreDirectory() throws ConfigurationException { - String dir = props.getProperty("general.ssl.truststore"); - if (MiscUtil.isNotEmpty(dir)) - return FileUtils.makeAbsoluteURL(dir, configRootDir); - - else - throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore."); - - } - - public String getConfigurationEncryptionKey() { - return props.getProperty("general.moaconfig.key"); - - } - - public boolean isPVPMetadataSchemaValidationActive() { - return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true")); - - } - - /** - * @return - */ - private boolean isHostNameValidationEnabled() { - return Boolean.parseBoolean(props.getProperty("general.ssl.hostnamevalidation", "true")); - - } - - /** - * @return the context - */ - public ApplicationContext getContext() { - return context; - } - - /** - * @return the configModule - */ - public MOAIDConfigurationModul getConfigModule() { - return configModule; - } - - - - /** - * @return the dbRead - */ - public NewConfigurationDBRead getDbRead() { - return deprecatedDBRead; - } - - private void initalPVP2Login() throws ConfigurationException { - try { - - String metadataCert = getPVP2IDPMetadataCertificate(); - if (MiscUtil.isEmpty(metadataCert)) { - log.info("NO IDP Certificate to verify IDP Metadata"); - throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); - } - - URL keystoreURL = new URL((FileUtils.makeAbsoluteURL(metadataCert, getConfigRootDir()))); - InputStream certstream = keystoreURL.openStream(); - X509Certificate cert = new X509Certificate(certstream); - BasicX509Credential idpCredential = new BasicX509Credential(); - idpCredential.setEntityCertificate(cert); - - log.debug("IDP Certificate loading finished"); - - String metadataurl = getPVP2IDPMetadataURL(); - if (MiscUtil.isEmpty(metadataurl)) { - log.info("NO IDP Metadata URL."); - throw new ConfigurationException("NO IDP Metadata URL."); - } - - MOAHttpClient httpClient = new MOAHttpClient(); - - if (metadataurl.startsWith("https:")) { - try { - MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - "MOAMetaDataProvider", - true, - ConfigurationProvider.getInstance().getCertStoreDirectory(), - ConfigurationProvider.getInstance().getTrustStoreDirectory(), - null, - "pkix", - true, - new String[]{"crl"}, - ConfigurationProvider.getInstance().isHostNameValidationEnabled()); - - httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); - - } catch (MOAHttpProtocolSocketFactoryException e) { - log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); - - } - } - - idpMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, metadataurl); - idpMetadataProvider.setRequireValidMetadata(true); - idpMetadataProvider.setParserPool(new BasicParserPool()); - idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); - idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12 ); //refresh Metadata every 12h - idpMetadataProvider.initialize(); - - pvp2logininitialzied = true; - - } catch (Exception e) { - log.warn("PVP2 authentification can not be initialized."); - throw new ConfigurationException("error.initialization.pvplogin", e); - } - } - - private String parseVersionFromManifest() { - - - - try { - Class clazz = ConfigurationProvider.class; - String className = clazz.getSimpleName() + ".class"; - String classPath = clazz.getResource(className).toString(); - - if (classPath.startsWith("jar")) { - log.info("MOA-ID-Configuration Version can NOT parsed from Manifest. Set blank Version"); - return Constants.DEFAULT_VERSION; - - } - - String manifestPath = classPath.substring(0, classPath.lastIndexOf("WEB-INF/classes/") + "WEB-INF/classes/".length()) + - "../../META-INF/MANIFEST.MF"; - - Manifest manifest = new Manifest(new URL(manifestPath).openStream());; - - Attributes attributes = manifest.getMainAttributes(); - String version = attributes.getValue("version"); - - if (MiscUtil.isNotEmpty(version)) - return version; - - else { - log.info("MOA-ID-Configuration Version not found in Manifest. Set blank Version"); - return Constants.DEFAULT_VERSION; - - } - - } catch (Throwable e) { - log.info("MOA-ID Version can NOT parsed from Manifest. Set blank Version"); - - return Constants.DEFAULT_VERSION; - } - - - } + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java index ca0bb8ac4..a45bec654 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java @@ -34,8 +34,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; @@ -52,821 +50,815 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class FormularCustomization implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(FormularCustomization.class); - - private boolean showMandateLoginButton = true; - private boolean onlyMandateAllowed = false; - - private String fontType = null; - - private String frontColor = null; - private String backGroundColor = null; - private String header_FrontColor = null; - private String header_BackGroundColor = null; - private String header_text = null; - private String button_BackGroundColor = null; - private String button_BackGroundColorFocus = null; - private String button_FrontColor = null; - private String applet_height = null; - private String applet_width = null; - - private Map<String, String> map = null; - - private String appletRedirectTarget = null; - public static List<String> appletRedirectTargetList = null; - - public static List<String> fontTypeList = null; - public String fontTypeListValue = null; - - private Map<String, byte[]> sendAssertionForm = new HashMap<String, byte[]>(); - private Map<String, byte[]> bkuSelectionForm = new HashMap<String, byte[]>(); - - private List<File> bkuSelectionFileUpload = null; - private List<String> bkuSelectionFileUploadContentType = null; - private List<String> bkuSelectionFileUploadFileName = new ArrayList<String>(); - private boolean deleteBKUTemplate = false; - - private List<File> sendAssertionFileUpload = null; - private List<String> sendAssertionFileUploadContentType = null; - private List<String> sendAssertionFileUploadFileName = new ArrayList<String>();; - private boolean deleteSendAssertionTemplate = false; - - private String aditionalAuthBlockText = null; - private boolean isHideBPKAuthBlock = false; - - private String saml2PostBindingTemplate = null; - private String mandateServiceSelectionTemplate = null; - - public FormularCustomization() { - new FormularCustomization(null); - } - - public FormularCustomization(Map<String, String> map) { - appletRedirectTargetList = Arrays.asList("","_blank","_self","_parent","_top"); - fontTypeList = Arrays.asList("","Verdana","Geneva","Arial","Helvetica","sans-serif","Times New Roman"); - Collections.sort(fontTypeList); - - if (map == null) - this.map = FormBuildUtils.getDefaultMap(); - else - this.map = map; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAFormularCustomization"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA auth = dbOA.getAuthComponentOA(); - - mandateServiceSelectionTemplate = dbOA.getMandateServiceSelectionTemplateURL(); - saml2PostBindingTemplate = dbOA.getSaml2PostBindingTemplateURL(); - - if (dbOA.getAuthComponentOA() != null) - isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock(); - - if (auth != null) { - TemplatesType templates = auth.getTemplates(); - - if (templates != null) { - aditionalAuthBlockText = templates.getAditionalAuthBlockText(); - - TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); - if (bkuSelectTemplate != null - && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename()) - && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) - && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { - bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename()); - } - - TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); - if (sendAssertionTemplate != null - && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename()) - && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) - && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { - sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename()); - } - - BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization(); - if (formcustom != null) { - - if (formcustom.isMandateLoginButton() != null) { - showMandateLoginButton = formcustom.isMandateLoginButton(); - } - - if (formcustom.isOnlyMandateLoginAllowed() != null) { - onlyMandateAllowed = formcustom.isOnlyMandateLoginAllowed(); - } - - if (formcustom.getAppletHeight() != null) { - applet_height = formcustom.getAppletHeight(); - } - - if (formcustom.getAppletHeight() != null) { - applet_width = formcustom.getAppletWidth(); - } - - if (MiscUtil.isNotEmpty(formcustom.getAppletRedirectTarget())) - appletRedirectTarget = formcustom.getAppletRedirectTarget(); - - if (MiscUtil.isNotEmpty(formcustom.getBackGroundColor())) { - backGroundColor = formcustom.getBackGroundColor(); - map.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColor())) { - button_BackGroundColor = formcustom.getButtonBackGroundColor(); - map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColorFocus())) { - button_BackGroundColorFocus = formcustom.getButtonBackGroundColorFocus(); - map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom.getButtonBackGroundColorFocus()); - } - - if (MiscUtil.isNotEmpty(formcustom.getButtonFontColor())) { - button_FrontColor = formcustom.getButtonFontColor(); - map.put(FormBuildUtils.PARAM_BUTTON_COLOR, formcustom.getButtonFontColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getFontType())) { - fontType = formcustom.getFontType(); - map.put(FormBuildUtils.PARAM_FONTFAMILY, formcustom.getFontType()); - } - - if (MiscUtil.isNotEmpty(formcustom.getFrontColor())) { - frontColor = formcustom.getFrontColor(); - map.put(FormBuildUtils.PARAM_MAIN_COLOR, formcustom.getFrontColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getHeaderBackGroundColor())) { - header_BackGroundColor = formcustom.getHeaderBackGroundColor(); - map.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getHeaderFrontColor())) { - header_FrontColor = formcustom.getHeaderFrontColor(); - map.put(FormBuildUtils.PARAM_HEADER_COLOR, formcustom.getHeaderFrontColor()); - } - - if (MiscUtil.isNotEmpty(formcustom.getHeaderText())) { - header_text = formcustom.getHeaderText(); - map.put(FormBuildUtils.PARAM_HEADER_TEXT, formcustom.getHeaderText()); - } - } - } - } - - request.getSession().setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); - } - - dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock()); - - dbOA.setMandateServiceSelectionTemplateURL(mandateServiceSelectionTemplate); - dbOA.setSaml2PostBindingTemplateURL(saml2PostBindingTemplate); - - TemplatesType templates = authoa.getTemplates(); - if (templates == null) { - templates = new TemplatesType(); - authoa.setTemplates(templates); - } - - templates.setAditionalAuthBlockText(getAditionalAuthBlockText()); - - //store BKU-selection and send-assertion templates - if (authUser.isAdmin()) { - - if (isDeleteBKUTemplate() && templates.getBKUSelectionTemplate() != null) { - //templates.setBKUSelectionTemplate(null); - templates.getBKUSelectionTemplate().setDelete(true); - } - - if (isDeleteSendAssertionTemplate() && templates.getSendAssertionTemplate() != null) { - //templates.setSendAssertionTemplate(null); - templates.getSendAssertionTemplate().setDelete(true); - } - - - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator<String> interator = bkuSelectionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(bkuSelectionForm.get( - template.getFilename())); - - templates.setBKUSelectionTemplate(template); - } - - if (sendAssertionForm != null && sendAssertionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator<String> interator = sendAssertionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(sendAssertionForm.get( - template.getFilename())); - - templates.setSendAssertionTemplate(template); - } + private boolean showMandateLoginButton = true; + private boolean onlyMandateAllowed = false; + + private String fontType = null; + + private String frontColor = null; + private String backGroundColor = null; + private String header_FrontColor = null; + private String header_BackGroundColor = null; + private String header_text = null; + private String button_BackGroundColor = null; + private String button_BackGroundColorFocus = null; + private String button_FrontColor = null; + private String applet_height = null; + private String applet_width = null; + + private Map<String, String> map = null; + + private String appletRedirectTarget = null; + public static List<String> appletRedirectTargetList = null; + + public static List<String> fontTypeList = null; + public String fontTypeListValue = null; + + private Map<String, byte[]> sendAssertionForm = new HashMap<>(); + private Map<String, byte[]> bkuSelectionForm = new HashMap<>(); + + private List<File> bkuSelectionFileUpload = null; + private List<String> bkuSelectionFileUploadContentType = null; + private List<String> bkuSelectionFileUploadFileName = new ArrayList<>(); + private boolean deleteBKUTemplate = false; + + private List<File> sendAssertionFileUpload = null; + private List<String> sendAssertionFileUploadContentType = null; + private List<String> sendAssertionFileUploadFileName = new ArrayList<>(); + private boolean deleteSendAssertionTemplate = false; + + private String aditionalAuthBlockText = null; + private boolean isHideBPKAuthBlock = false; + + private String saml2PostBindingTemplate = null; + private String mandateServiceSelectionTemplate = null; + + public FormularCustomization() { + new FormularCustomization(null); + } + + public FormularCustomization(Map<String, String> map) { + appletRedirectTargetList = Arrays.asList("", "_blank", "_self", "_parent", "_top"); + fontTypeList = Arrays.asList("", "Verdana", "Geneva", "Arial", "Helvetica", "sans-serif", + "Times New Roman"); + Collections.sort(fontTypeList); + + if (map == null) { + this.map = FormBuildUtils.getDefaultMap(); + } else { + this.map = map; + } + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAFormularCustomization"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + final AuthComponentOA auth = dbOA.getAuthComponentOA(); + + mandateServiceSelectionTemplate = dbOA.getMandateServiceSelectionTemplateURL(); + saml2PostBindingTemplate = dbOA.getSaml2PostBindingTemplateURL(); + + if (dbOA.getAuthComponentOA() != null) { + isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock(); + } + + if (auth != null) { + final TemplatesType templates = auth.getTemplates(); + + if (templates != null) { + aditionalAuthBlockText = templates.getAditionalAuthBlockText(); + + final TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); + if (bkuSelectTemplate != null + && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename()) + && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) + && !bkuSelectTemplate.getFilename().equals( + MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { + bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename()); } - - BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); - if (bkuselectioncustom == null) { - bkuselectioncustom = new BKUSelectionCustomizationType(); - templates.setBKUSelectionCustomization(bkuselectioncustom); + + final TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); + if (sendAssertionTemplate != null + && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename()) + && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) + && !sendAssertionTemplate.getFilename().equals( + MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) { + sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename()); } - - if (authoa.getMandates() != null && - ((authoa.getMandates().getProfileName() != null - && authoa.getMandates().getProfileName().size() > 0) - || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles()))) - - bkuselectioncustom.setMandateLoginButton(true); - else - bkuselectioncustom.setMandateLoginButton(false); - - bkuselectioncustom.setOnlyMandateLoginAllowed(isOnlyMandateAllowed()); - - bkuselectioncustom.setBackGroundColor(parseColor(getBackGroundColor())); - bkuselectioncustom.setFrontColor(parseColor(getFrontColor())); - - bkuselectioncustom.setHeaderBackGroundColor(parseColor(getHeader_BackGroundColor())); - bkuselectioncustom.setHeaderFrontColor(parseColor(getHeader_FrontColor())); - bkuselectioncustom.setHeaderText(getHeader_text()); - - bkuselectioncustom.setButtonBackGroundColor(parseColor(getButton_BackGroundColor())); - bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(getButton_BackGroundColorFocus())); - bkuselectioncustom.setButtonFontColor(parseColor(getButton_FrontColor())); - - if (MiscUtil.isNotEmpty(getAppletRedirectTarget())) - bkuselectioncustom.setAppletRedirectTarget(getAppletRedirectTarget()); - - bkuselectioncustom.setFontType(getFontType()); - - bkuselectioncustom.setAppletHeight(getApplet_height()); - bkuselectioncustom.setAppletWidth(getApplet_width()); - - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - HttpSession session = request.getSession(); - List<String> errors = new ArrayList<String>(); - - String check = null; - if (authUser.isAdmin()) { - //validate aditionalAuthBlockText - check = getAditionalAuthBlockText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - } - - OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - //validate BKU-selection template - List<String> templateError = valiator_fileUpload.validate(getBkuSelectionFileUploadFileName() - , getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request); - if (templateError != null && templateError.size() == 0) { - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) - session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); - - else - bkuSelectionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - - } else { - errors.addAll(templateError); + final BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization(); + if (formcustom != null) { + + if (formcustom.isMandateLoginButton() != null) { + showMandateLoginButton = formcustom.isMandateLoginButton(); + } + + if (formcustom.isOnlyMandateLoginAllowed() != null) { + onlyMandateAllowed = formcustom.isOnlyMandateLoginAllowed(); + } + + if (formcustom.getAppletHeight() != null) { + applet_height = formcustom.getAppletHeight(); + } + + if (formcustom.getAppletHeight() != null) { + applet_width = formcustom.getAppletWidth(); + } + + if (MiscUtil.isNotEmpty(formcustom.getAppletRedirectTarget())) { + appletRedirectTarget = formcustom.getAppletRedirectTarget(); + } + + if (MiscUtil.isNotEmpty(formcustom.getBackGroundColor())) { + backGroundColor = formcustom.getBackGroundColor(); + map.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColor())) { + button_BackGroundColor = formcustom.getButtonBackGroundColor(); + map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColorFocus())) { + button_BackGroundColorFocus = formcustom.getButtonBackGroundColorFocus(); + map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom + .getButtonBackGroundColorFocus()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonFontColor())) { + button_FrontColor = formcustom.getButtonFontColor(); + map.put(FormBuildUtils.PARAM_BUTTON_COLOR, formcustom.getButtonFontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getFontType())) { + fontType = formcustom.getFontType(); + map.put(FormBuildUtils.PARAM_FONTFAMILY, formcustom.getFontType()); + } + + if (MiscUtil.isNotEmpty(formcustom.getFrontColor())) { + frontColor = formcustom.getFrontColor(); + map.put(FormBuildUtils.PARAM_MAIN_COLOR, formcustom.getFrontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderBackGroundColor())) { + header_BackGroundColor = formcustom.getHeaderBackGroundColor(); + map.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderFrontColor())) { + header_FrontColor = formcustom.getHeaderFrontColor(); + map.put(FormBuildUtils.PARAM_HEADER_COLOR, formcustom.getHeaderFrontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderText())) { + header_text = formcustom.getHeaderText(); + map.put(FormBuildUtils.PARAM_HEADER_TEXT, formcustom.getHeaderText()); + } } + } + } + + request.getSession().setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } - //validate send-assertion template - templateError = valiator_fileUpload.validate(getSendAssertionFileUploadFileName() - , getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request); - if (templateError != null && templateError.size() == 0) { - if (sendAssertionForm != null && sendAssertionForm.size() > 0) - session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); + dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock()); - else - sendAssertionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + dbOA.setMandateServiceSelectionTemplateURL(mandateServiceSelectionTemplate); + dbOA.setSaml2PostBindingTemplateURL(saml2PostBindingTemplate); - } else { - errors.addAll(templateError); + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } - } - - check = getSaml2PostBindingTemplate(); - if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("URL to SAML2 POST-Binding template is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.templates.saml2.postbinding.valid", request)); - - } - - check = getMandateServiceSelectionTemplate(); - if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("URL to mandate-service selection-template is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.templates.mandateserviceselection.valid", request)); - - } - - - //validate BKUFormCustomization - errors.addAll(new FormularCustomizationValitator().validate(this, request)); - - return errors; - } - - private String parseColor(String color) { - String value = ""; - - if (MiscUtil.isNotEmpty(color)) { - if (!color.startsWith("#")) - value = "#" + color; - else - value = color; - } - return value; + templates.setAditionalAuthBlockText(getAditionalAuthBlockText()); + + // store BKU-selection and send-assertion templates + if (authUser.isAdmin()) { + + if (isDeleteBKUTemplate() && templates.getBKUSelectionTemplate() != null) { + // templates.setBKUSelectionTemplate(null); + templates.getBKUSelectionTemplate().setDelete(true); + } + + if (isDeleteSendAssertionTemplate() && templates.getSendAssertionTemplate() != null) { + // templates.setSendAssertionTemplate(null); + templates.getSendAssertionTemplate().setDelete(true); + } + + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { + final TransformsInfoType template = new TransformsInfoType(); + + final Iterator<String> interator = bkuSelectionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(bkuSelectionForm.get( + template.getFilename())); + + templates.setBKUSelectionTemplate(template); + } + + if (sendAssertionForm != null && sendAssertionForm.size() > 0) { + final TransformsInfoType template = new TransformsInfoType(); + + final Iterator<String> interator = sendAssertionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(sendAssertionForm.get( + template.getFilename())); + + templates.setSendAssertionTemplate(template); + } } - /** - * @return the showMandateLoginButton - */ - public boolean isShowMandateLoginButton() { - return showMandateLoginButton; - } + BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); + if (bkuselectioncustom == null) { + bkuselectioncustom = new BKUSelectionCustomizationType(); + templates.setBKUSelectionCustomization(bkuselectioncustom); + } + + if (authoa.getMandates() != null && + (authoa.getMandates().getProfileName() != null + && authoa.getMandates().getProfileName().size() > 0 + || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles()))) { + bkuselectioncustom.setMandateLoginButton(true); + } else { + bkuselectioncustom.setMandateLoginButton(false); + } + bkuselectioncustom.setOnlyMandateLoginAllowed(isOnlyMandateAllowed()); - /** - * @param showMandateLoginButton the showMandateLoginButton to set - */ - public void setShowMandateLoginButton(boolean showMandateLoginButton) { - this.showMandateLoginButton = showMandateLoginButton; - } + bkuselectioncustom.setBackGroundColor(parseColor(getBackGroundColor())); + bkuselectioncustom.setFrontColor(parseColor(getFrontColor())); + bkuselectioncustom.setHeaderBackGroundColor(parseColor(getHeader_BackGroundColor())); + bkuselectioncustom.setHeaderFrontColor(parseColor(getHeader_FrontColor())); + bkuselectioncustom.setHeaderText(getHeader_text()); - /** - * @return the onlyMandateAllowed - */ - public boolean isOnlyMandateAllowed() { - return onlyMandateAllowed; - } + bkuselectioncustom.setButtonBackGroundColor(parseColor(getButton_BackGroundColor())); + bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(getButton_BackGroundColorFocus())); + bkuselectioncustom.setButtonFontColor(parseColor(getButton_FrontColor())); + if (MiscUtil.isNotEmpty(getAppletRedirectTarget())) { + bkuselectioncustom.setAppletRedirectTarget(getAppletRedirectTarget()); + } + + bkuselectioncustom.setFontType(getFontType()); + + bkuselectioncustom.setAppletHeight(getApplet_height()); + bkuselectioncustom.setAppletWidth(getApplet_width()); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final HttpSession session = request.getSession(); + final List<String> errors = new ArrayList<>(); + + String check = null; + if (authUser.isAdmin()) { + // validate aditionalAuthBlockText + check = getAditionalAuthBlockText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + } - /** - * @param onlyMandateAllowed the onlyMandateAllowed to set - */ - public void setOnlyMandateAllowed(boolean onlyMandateAllowed) { - this.onlyMandateAllowed = onlyMandateAllowed; - } + final OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + // validate BKU-selection template + List<String> templateError = valiator_fileUpload.validate(getBkuSelectionFileUploadFileName(), + getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request); + if (templateError != null && templateError.size() == 0) { + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { + session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); + } else { + bkuSelectionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + } + } else { + errors.addAll(templateError); - /** - * @return the fontType - */ - public String getFontType() { - return fontType; - } + } + // validate send-assertion template + templateError = valiator_fileUpload.validate(getSendAssertionFileUploadFileName(), + getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request); + if (templateError != null && templateError.size() == 0) { + if (sendAssertionForm != null && sendAssertionForm.size() > 0) { + session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); + } else { + sendAssertionForm = (Map<String, byte[]>) session.getAttribute( + Constants.SESSION_SENDASSERTIONTEMPLATE); + } - /** - * @param fontType the fontType to set - */ - public void setFontType(String fontType) { - this.fontType = fontType; - } + } else { + errors.addAll(templateError); + } - /** - * @return the frontColor - */ - public String getFrontColor() { - return frontColor; - } + check = getSaml2PostBindingTemplate(); + if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("URL to SAML2 POST-Binding template is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.templates.saml2.postbinding.valid", + request)); + } - /** - * @param frontColor the frontColor to set - */ - public void setFrontColor(String frontColor) { - this.frontColor = frontColor; - } + check = getMandateServiceSelectionTemplate(); + if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("URL to mandate-service selection-template is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.templates.mandateserviceselection.valid", + request)); + } - /** - * @return the backGroundColor - */ - public String getBackGroundColor() { - return backGroundColor; - } + // validate BKUFormCustomization + errors.addAll(new FormularCustomizationValitator().validate(this, request)); + return errors; + } - /** - * @param backGroundColor the backGroundColor to set - */ - public void setBackGroundColor(String backGroundColor) { - this.backGroundColor = backGroundColor; - } + private String parseColor(String color) { + String value = ""; + if (MiscUtil.isNotEmpty(color)) { + if (!color.startsWith("#")) { + value = "#" + color; + } else { + value = color; + } + } + return value; + } + + /** + * @return the showMandateLoginButton + */ + public boolean isShowMandateLoginButton() { + return showMandateLoginButton; + } + + /** + * @param showMandateLoginButton the showMandateLoginButton to set + */ + public void setShowMandateLoginButton(boolean showMandateLoginButton) { + this.showMandateLoginButton = showMandateLoginButton; + } + + /** + * @return the onlyMandateAllowed + */ + public boolean isOnlyMandateAllowed() { + return onlyMandateAllowed; + } + + /** + * @param onlyMandateAllowed the onlyMandateAllowed to set + */ + public void setOnlyMandateAllowed(boolean onlyMandateAllowed) { + this.onlyMandateAllowed = onlyMandateAllowed; + } + + /** + * @return the fontType + */ + public String getFontType() { + return fontType; + } + + /** + * @param fontType the fontType to set + */ + public void setFontType(String fontType) { + this.fontType = fontType; + } + + /** + * @return the frontColor + */ + public String getFrontColor() { + return frontColor; + } + + /** + * @param frontColor the frontColor to set + */ + public void setFrontColor(String frontColor) { + this.frontColor = frontColor; + } + + /** + * @return the backGroundColor + */ + public String getBackGroundColor() { + return backGroundColor; + } + + /** + * @param backGroundColor the backGroundColor to set + */ + public void setBackGroundColor(String backGroundColor) { + this.backGroundColor = backGroundColor; + } + + /** + * @return the header_FrontColor + */ + public String getHeader_FrontColor() { + return header_FrontColor; + } + + /** + * @param header_FrontColor the header_FrontColor to set + */ + public void setHeader_FrontColor(String header_FrontColor) { + this.header_FrontColor = header_FrontColor; + } + + /** + * @return the header_BackGroundColor + */ + public String getHeader_BackGroundColor() { + return header_BackGroundColor; + } + + /** + * @param header_BackGroundColor the header_BackGroundColor to set + */ + public void setHeader_BackGroundColor(String header_BackGroundColor) { + this.header_BackGroundColor = header_BackGroundColor; + } + + /** + * @return the header_text + */ + public String getHeader_text() { + return header_text; + } + + /** + * @param header_text the header_text to set + */ + public void setHeader_text(String header_text) { + this.header_text = header_text; + } + + /** + * @return the button_BackGroundColor + */ + public String getButton_BackGroundColor() { + return button_BackGroundColor; + } + + /** + * @param button_BackGroundColor the button_BackGroundColor to set + */ + public void setButton_BackGroundColor(String button_BackGroundColor) { + this.button_BackGroundColor = button_BackGroundColor; + } + + /** + * @return the button_BackGroundColorFocus + */ + public String getButton_BackGroundColorFocus() { + return button_BackGroundColorFocus; + } + + /** + * @param button_BackGroundColorFocus the button_BackGroundColorFocus to set + */ + public void setButton_BackGroundColorFocus(String button_BackGroundColorFocus) { + this.button_BackGroundColorFocus = button_BackGroundColorFocus; + } + + /** + * @return the button_FrontColor + */ + public String getButton_FrontColor() { + return button_FrontColor; + } + + /** + * @param button_FrontColor the button_FrontColor to set + */ + public void setButton_FrontColor(String button_FrontColor) { + this.button_FrontColor = button_FrontColor; + } + + /** + * @return the appletRedirectTarget + */ + public String getAppletRedirectTarget() { + return appletRedirectTarget; + } + + /** + * @param appletRedirectTarget the appletRedirectTarget to set + */ + public void setAppletRedirectTarget(String appletRedirectTarget) { + this.appletRedirectTarget = appletRedirectTarget; + } + + /** + * @return the appletredirecttargetlist + */ + public List<String> getAppletRedirectTargetList() { + return appletRedirectTargetList; + } + + /** + * @return the fontTypeList + */ + public List<String> getFontTypeList() { + return fontTypeList; + } + + /** + * @return the fontTypeListValue + */ + public String getFontTypeListValue() { + return fontTypeListValue; + } + + /** + * @param fontTypeListValue the fontTypeListValue to set + */ + public void setFontTypeListValue(String fontTypeListValue) { + this.fontTypeListValue = fontTypeListValue; + } + + /** + * @return the applet_height + */ + public String getApplet_height() { + return applet_height; + } + + /** + * @param applet_height the applet_height to set + */ + public void setApplet_height(String applet_height) { + this.applet_height = applet_height; + } + + /** + * @return the applet_width + */ + public String getApplet_width() { + return applet_width; + } + + /** + * @param applet_width the applet_width to set + */ + public void setApplet_width(String applet_width) { + this.applet_width = applet_width; + } + + /** + * @return the bkuSelectionFileUpload + */ + public List<File> getBkuSelectionFileUpload() { + return bkuSelectionFileUpload; + } + + /** + * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set + */ + public void setBkuSelectionFileUpload(List<File> bkuSelectionFileUpload) { + this.bkuSelectionFileUpload = bkuSelectionFileUpload; + } + + /** + * @return the bkuSelectionFileUploadContentType + */ + public List<String> getBkuSelectionFileUploadContentType() { + return bkuSelectionFileUploadContentType; + } + + /** + * @param bkuSelectionFileUploadContentType the + * bkuSelectionFileUploadContentType to + * set + */ + public void setBkuSelectionFileUploadContentType( + List<String> bkuSelectionFileUploadContentType) { + this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType; + } + + /** + * @return the bkuSelectionFileUploadFileName + */ + public List<String> getBkuSelectionFileUploadFileName() { + return bkuSelectionFileUploadFileName; + } + + /** + * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to + * set + */ + public void setBkuSelectionFileUploadFileName( + List<String> bkuSelectionFileUploadFileName) { + this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName; + } + + /** + * @return the sendAssertionFileUpload + */ + public List<File> getSendAssertionFileUpload() { + return sendAssertionFileUpload; + } + + /** + * @param sendAssertionFileUpload the sendAssertionFileUpload to set + */ + public void setSendAssertionFileUpload(List<File> sendAssertionFileUpload) { + this.sendAssertionFileUpload = sendAssertionFileUpload; + } + + /** + * @return the sendAssertionFileUploadContentType + */ + public List<String> getSendAssertionFileUploadContentType() { + return sendAssertionFileUploadContentType; + } + + /** + * @param sendAssertionFileUploadContentType the + * sendAssertionFileUploadContentType + * to set + */ + public void setSendAssertionFileUploadContentType( + List<String> sendAssertionFileUploadContentType) { + this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType; + } + + /** + * @return the sendAssertionFileUploadFileName + */ + public List<String> getSendAssertionFileUploadFileName() { + return sendAssertionFileUploadFileName; + } + + /** + * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to + * set + */ + public void setSendAssertionFileUploadFileName( + List<String> sendAssertionFileUploadFileName) { + this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName; + } + + /** + * @return the deleteBKUTemplate + */ + public boolean isDeleteBKUTemplate() { + return deleteBKUTemplate; + } + + /** + * @param deleteBKUTemplate the deleteBKUTemplate to set + */ + public void setDeleteBKUTemplate(boolean deleteBKUTemplate) { + this.deleteBKUTemplate = deleteBKUTemplate; + } + + /** + * @return the deleteSendAssertionTemplate + */ + public boolean isDeleteSendAssertionTemplate() { + return deleteSendAssertionTemplate; + } + + /** + * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set + */ + public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) { + this.deleteSendAssertionTemplate = deleteSendAssertionTemplate; + } + + /** + * @return the aditionalAuthBlockText + */ + public String getAditionalAuthBlockText() { + return aditionalAuthBlockText; + } + + /** + * @param aditionalAuthBlockText the aditionalAuthBlockText to set + */ + public void setAditionalAuthBlockText(String aditionalAuthBlockText) { + this.aditionalAuthBlockText = aditionalAuthBlockText; + } + + /** + * @return the isHideBPKAuthBlock + */ + public boolean isHideBPKAuthBlock() { + return isHideBPKAuthBlock; + } + + /** + * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set + */ + public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { + this.isHideBPKAuthBlock = isHideBPKAuthBlock; + } + + /** + * @return the map + */ + public Map<String, String> getFormMap() { + return map; + } + + /** + * @return the saml2PostBindingTemplate + */ + public String getSaml2PostBindingTemplate() { + return saml2PostBindingTemplate; + } + + /** + * @param saml2PostBindingTemplate the saml2PostBindingTemplate to set + */ + public void setSaml2PostBindingTemplate(String saml2PostBindingTemplate) { + this.saml2PostBindingTemplate = saml2PostBindingTemplate; + } + + /** + * @return the mandateServiceSelectionTemplate + */ + public String getMandateServiceSelectionTemplate() { + return mandateServiceSelectionTemplate; + } + + /** + * @param mandateServiceSelectionTemplate the mandateServiceSelectionTemplate to + * set + */ + public void setMandateServiceSelectionTemplate(String mandateServiceSelectionTemplate) { + this.mandateServiceSelectionTemplate = mandateServiceSelectionTemplate; + } - /** - * @return the header_FrontColor - */ - public String getHeader_FrontColor() { - return header_FrontColor; - } - - - /** - * @param header_FrontColor the header_FrontColor to set - */ - public void setHeader_FrontColor(String header_FrontColor) { - this.header_FrontColor = header_FrontColor; - } - - - /** - * @return the header_BackGroundColor - */ - public String getHeader_BackGroundColor() { - return header_BackGroundColor; - } - - - /** - * @param header_BackGroundColor the header_BackGroundColor to set - */ - public void setHeader_BackGroundColor(String header_BackGroundColor) { - this.header_BackGroundColor = header_BackGroundColor; - } - - - /** - * @return the header_text - */ - public String getHeader_text() { - return header_text; - } - - - /** - * @param header_text the header_text to set - */ - public void setHeader_text(String header_text) { - this.header_text = header_text; - } - - - /** - * @return the button_BackGroundColor - */ - public String getButton_BackGroundColor() { - return button_BackGroundColor; - } - - - /** - * @param button_BackGroundColor the button_BackGroundColor to set - */ - public void setButton_BackGroundColor(String button_BackGroundColor) { - this.button_BackGroundColor = button_BackGroundColor; - } - - - /** - * @return the button_BackGroundColorFocus - */ - public String getButton_BackGroundColorFocus() { - return button_BackGroundColorFocus; - } - - - /** - * @param button_BackGroundColorFocus the button_BackGroundColorFocus to set - */ - public void setButton_BackGroundColorFocus(String button_BackGroundColorFocus) { - this.button_BackGroundColorFocus = button_BackGroundColorFocus; - } - - - /** - * @return the button_FrontColor - */ - public String getButton_FrontColor() { - return button_FrontColor; - } - - - /** - * @param button_FrontColor the button_FrontColor to set - */ - public void setButton_FrontColor(String button_FrontColor) { - this.button_FrontColor = button_FrontColor; - } - - - /** - * @return the appletRedirectTarget - */ - public String getAppletRedirectTarget() { - return appletRedirectTarget; - } - - /** - * @param appletRedirectTarget the appletRedirectTarget to set - */ - public void setAppletRedirectTarget(String appletRedirectTarget) { - this.appletRedirectTarget = appletRedirectTarget; - } - - - /** - * @return the appletredirecttargetlist - */ - public List<String> getAppletRedirectTargetList() { - return appletRedirectTargetList; - } - - /** - * @return the fontTypeList - */ - public List<String> getFontTypeList() { - return fontTypeList; - } - - /** - * @return the fontTypeListValue - */ - public String getFontTypeListValue() { - return fontTypeListValue; - } - - /** - * @param fontTypeListValue the fontTypeListValue to set - */ - public void setFontTypeListValue(String fontTypeListValue) { - this.fontTypeListValue = fontTypeListValue; - } - - /** - * @return the applet_height - */ - public String getApplet_height() { - return applet_height; - } - - /** - * @param applet_height the applet_height to set - */ - public void setApplet_height(String applet_height) { - this.applet_height = applet_height; - } - - /** - * @return the applet_width - */ - public String getApplet_width() { - return applet_width; - } - - /** - * @param applet_width the applet_width to set - */ - public void setApplet_width(String applet_width) { - this.applet_width = applet_width; - } - - - - /** - * @return the bkuSelectionFileUpload - */ - public List<File> getBkuSelectionFileUpload() { - return bkuSelectionFileUpload; - } - - - /** - * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set - */ - public void setBkuSelectionFileUpload(List<File> bkuSelectionFileUpload) { - this.bkuSelectionFileUpload = bkuSelectionFileUpload; - } - - - /** - * @return the bkuSelectionFileUploadContentType - */ - public List<String> getBkuSelectionFileUploadContentType() { - return bkuSelectionFileUploadContentType; - } - - - /** - * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set - */ - public void setBkuSelectionFileUploadContentType( - List<String> bkuSelectionFileUploadContentType) { - this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType; - } - - - /** - * @return the bkuSelectionFileUploadFileName - */ - public List<String> getBkuSelectionFileUploadFileName() { - return bkuSelectionFileUploadFileName; - } - - - /** - * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set - */ - public void setBkuSelectionFileUploadFileName( - List<String> bkuSelectionFileUploadFileName) { - this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName; - } - - - /** - * @return the sendAssertionFileUpload - */ - public List<File> getSendAssertionFileUpload() { - return sendAssertionFileUpload; - } - - - /** - * @param sendAssertionFileUpload the sendAssertionFileUpload to set - */ - public void setSendAssertionFileUpload(List<File> sendAssertionFileUpload) { - this.sendAssertionFileUpload = sendAssertionFileUpload; - } - - - /** - * @return the sendAssertionFileUploadContentType - */ - public List<String> getSendAssertionFileUploadContentType() { - return sendAssertionFileUploadContentType; - } - - - /** - * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set - */ - public void setSendAssertionFileUploadContentType( - List<String> sendAssertionFileUploadContentType) { - this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType; - } - - - /** - * @return the sendAssertionFileUploadFileName - */ - public List<String> getSendAssertionFileUploadFileName() { - return sendAssertionFileUploadFileName; - } - - - /** - * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set - */ - public void setSendAssertionFileUploadFileName( - List<String> sendAssertionFileUploadFileName) { - this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName; - } - - - /** - * @return the deleteBKUTemplate - */ - public boolean isDeleteBKUTemplate() { - return deleteBKUTemplate; - } - - - /** - * @param deleteBKUTemplate the deleteBKUTemplate to set - */ - public void setDeleteBKUTemplate(boolean deleteBKUTemplate) { - this.deleteBKUTemplate = deleteBKUTemplate; - } - - - /** - * @return the deleteSendAssertionTemplate - */ - public boolean isDeleteSendAssertionTemplate() { - return deleteSendAssertionTemplate; - } - - - /** - * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set - */ - public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) { - this.deleteSendAssertionTemplate = deleteSendAssertionTemplate; - } - - /** - * @return the aditionalAuthBlockText - */ - public String getAditionalAuthBlockText() { - return aditionalAuthBlockText; - } - - /** - * @param aditionalAuthBlockText the aditionalAuthBlockText to set - */ - public void setAditionalAuthBlockText(String aditionalAuthBlockText) { - this.aditionalAuthBlockText = aditionalAuthBlockText; - } - - /** - * @return the isHideBPKAuthBlock - */ - public boolean isHideBPKAuthBlock() { - return isHideBPKAuthBlock; - } - - /** - * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set - */ - public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { - this.isHideBPKAuthBlock = isHideBPKAuthBlock; - } - - /** - * @return the map - */ - public Map<String, String> getFormMap() { - return map; - } - - /** - * @return the saml2PostBindingTemplate - */ - public String getSaml2PostBindingTemplate() { - return saml2PostBindingTemplate; - } - - /** - * @param saml2PostBindingTemplate the saml2PostBindingTemplate to set - */ - public void setSaml2PostBindingTemplate(String saml2PostBindingTemplate) { - this.saml2PostBindingTemplate = saml2PostBindingTemplate; - } - - /** - * @return the mandateServiceSelectionTemplate - */ - public String getMandateServiceSelectionTemplate() { - return mandateServiceSelectionTemplate; - } - - /** - * @param mandateServiceSelectionTemplate the mandateServiceSelectionTemplate to set - */ - public void setMandateServiceSelectionTemplate(String mandateServiceSelectionTemplate) { - this.mandateServiceSelectionTemplate = mandateServiceSelectionTemplate; - } - - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 3929238f6..e7b4bfa3b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -63,434 +63,444 @@ import at.gv.egovernment.moa.util.MiscUtil; public class GeneralMOAIDConfig { - public static final long DEFAULTTIMEOUTASSERTION = 120; //sec - public static final long DEFAULTTIMEOUTMOASESSIONCREATED = 1200; //sec - public static final long DEFAULTTIMEOUTMOASESSIONUPDATED = 2700; //sec - - public static final String LINE_DELIMITER = ";"; - - private String alternativeSourceID = null; + public static final long DEFAULTTIMEOUTASSERTION = 120; // sec + public static final long DEFAULTTIMEOUTMOASESSIONCREATED = 1200; // sec + public static final long DEFAULTTIMEOUTMOASESSIONUPDATED = 2700; // sec + + public static final String LINE_DELIMITER = ";"; + + private String alternativeSourceID = null; // private String certStoreDirectory = null; - private boolean trustmanagerrevocationcheck = true; - - private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION); - private String timeoutMOASessionCreated = String.valueOf(DEFAULTTIMEOUTMOASESSIONCREATED); - private String timeoutMOASessionUpdated = String.valueOf(DEFAULTTIMEOUTMOASESSIONUPDATED); - - private String moaspssURL = null; - private String moaspssAuthTrustProfile = null; - private String moaspssAuthTransformations = ""; - private List<String> authTransformList = null; - private String moaspssIdlTrustProfile = null; - - private String moaspssIdlTrustProfileTest = null; - private String moaspssAuthTrustProfileTest = null; - - private String mandateURL = null; - private String szrgwURL = null; - private String elgaMandateServiceURL = null; - private String eidSystemServiceURL = null; - - private boolean protocolActiveSAML1 = false; - private boolean protocolActivePVP21 = true; - private boolean protocolActiveOAuth = true; - - private boolean legacy_saml1 = false; - private boolean legacy_pvp2 = false; - - private String saml1SourceID = null; - - private String pvp2IssuerName = null; - private String pvp2OrgName = null; - private String pvp2OrgDisplayName = null; - private String pvp2OrgURL = null; - private ContactForm pvp2Contact = null; - - private List<File> fileUpload = null; - private List<String> fileUploadContentType; - private List<String> fileUploadFileName = new ArrayList<String>(); - private Map<String, byte[]> secLayerTransformation = null; - - private String ssoTarget = null; - private String ssoFriendlyName = null; - private String ssoSpecialText = null; - private String ssoIdentificationNumber = null; - - private String defaultchainigmode = null; - private static Map<String, String> chainigmodelist; - - private String trustedCACerts = null; - - - private String defaultBKUOnline = ""; - private String defaultBKULocal = "https://127.0.0.1:3496/https-security-layer-request"; - private String defaultBKUHandy = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; - - private String SLRequestTemplateOnline = "SLTemplates/template_onlineBKU.html"; - private String SLRequestTemplateLocal = "SLTemplates/template_handyBKU.html"; - private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html"; - - private String publicURLPrefix = null; - private boolean virtualPublicURLPrefixEnabled = false; - - private boolean moaidMode = false; - - public GeneralMOAIDConfig() { - try { - this.moaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); - } catch (ConfigurationException e) { - e.printStackTrace(); - - } - - chainigmodelist = new HashMap<String, String>(); - ChainingModeType[] values = ChainingModeType.values(); - for (int i=0; i<values.length; i++) { - chainigmodelist.put(values[i].value(), values[i].value()); - } - - try { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - if (config != null) { - MOAIDConfiguration dbconfig = config.getDbRead().getMOAIDConfiguration(); - List<TransformsInfoType> authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer().getTransformsInfo(); - - if (authBlockTrans != null && !authBlockTrans.isEmpty()) { - if (secLayerTransformation == null) - secLayerTransformation = new HashMap<String, byte[]>(); - for (TransformsInfoType el : authBlockTrans) - secLayerTransformation.put(el.getFilename(), el.getTransformation()); - - } - } - - } catch (Exception e) { - - } - - } - - public void parse(MOAIDConfiguration config) { - - if (config != null) { - AuthComponentGeneral auth = config.getAuthComponentGeneral(); - - //get ELGA mandate service URLs from configuration - if (MiscUtil.isNotEmpty(config.getEidSystemServiceURLs())) { - if (KeyValueUtils.isCSVValueString(config.getEidSystemServiceURLs())) - eidSystemServiceURL = KeyValueUtils.normalizeCSVValueString(config.getEidSystemServiceURLs()); - - else { - if (config.getEidSystemServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - eidSystemServiceURL = config.getEidSystemServiceURLs().substring(0, - config.getEidSystemServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - eidSystemServiceURL = config.getEidSystemServiceURLs(); - - } - } - - - //get ELGA mandate service URLs from configuration - if (MiscUtil.isNotEmpty(config.getElgaMandateServiceURLs())) { - if (KeyValueUtils.isCSVValueString(config.getElgaMandateServiceURLs())) - elgaMandateServiceURL = KeyValueUtils.normalizeCSVValueString(config.getElgaMandateServiceURLs()); - - else { - if (config.getElgaMandateServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - elgaMandateServiceURL = config.getElgaMandateServiceURLs().substring(0, - config.getElgaMandateServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - elgaMandateServiceURL = config.getElgaMandateServiceURLs(); - - } - } - - - - if (auth != null) { - - GeneralConfiguration authgen = auth.getGeneralConfiguration(); - if (authgen != null) { - alternativeSourceID = authgen.getAlternativeSourceID(); - //certStoreDirectory = authgen.getCertStoreDirectory(); - if (authgen.isTrustManagerRevocationChecking() != null) - trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); - - virtualPublicURLPrefixEnabled = - KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix()); - - if (virtualPublicURLPrefixEnabled) { - //format CSV values with newlines - publicURLPrefix = KeyValueUtils.normalizeCSVValueString( - authgen.getPublicURLPreFix()); - - } else { - String tmp = authgen.getPublicURLPreFix(); - if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - publicURLPrefix = tmp.substring(0, - tmp.indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - publicURLPrefix = tmp; - } - - TimeOuts timeouts = authgen.getTimeOuts(); - if (timeouts != null) { - - if(timeouts.getAssertion() != null) - timeoutAssertion = String.valueOf(timeouts.getAssertion().longValue()); - if(timeouts.getMOASessionCreated() != null) - timeoutMOASessionCreated = String.valueOf(timeouts.getMOASessionCreated().longValue()); - if(timeouts.getMOASessionUpdated() != null) - timeoutMOASessionUpdated = String.valueOf(timeouts.getMOASessionUpdated().longValue()); - - } - - - //deactive STORK - if (isMoaidMode()) { - ForeignIdentities foreign = auth.getForeignIdentities(); - if (foreign != null) { - ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); - if (connect_foreign != null) { - if (MiscUtil.isNotEmpty(connect_foreign.getURL())) { - if (KeyValueUtils.isCSVValueString(connect_foreign.getURL())) - szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL()); - - else { - if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - szrgwURL = connect_foreign.getURL().substring(0, - connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - szrgwURL = connect_foreign.getURL(); - - } - - } - } - - STORK stork = foreign.getSTORK(); - if (stork != null) { - //TODO: add Stork config - - } - } - } - - } - - if (isMoaidMode()) { - MOASP moaspss = auth.getMOASP(); - if (moaspss != null) { - ConnectionParameterClientAuthType con = moaspss.getConnectionParameter(); - if (con != null) - moaspssURL = con.getURL(); - - VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock(); - if (authblock != null) { - moaspssAuthTrustProfile = authblock.getTrustProfileID(); - moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID(); - - List<String> list = authblock.getVerifyTransformsInfoProfileID(); - if (list.size() == 1) - moaspssAuthTransformations += list.get(0); - else { - for (String el : list) - moaspssAuthTransformations += el + LINE_DELIMITER + "\n"; - } - } - - VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); - if (idl != null) { - moaspssIdlTrustProfile = idl.getTrustProfileID(); - moaspssIdlTrustProfileTest = idl.getTestTrustProfileID(); - } - } - - OnlineMandates mandates = auth.getOnlineMandates(); - if (mandates != null) { - ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); - if (con != null) { - if (MiscUtil.isNotEmpty(con.getURL())) { - if (KeyValueUtils.isCSVValueString(con.getURL())) - mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL()); - - else { - if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - mandateURL = con.getURL().substring(0, - con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - mandateURL = con.getURL(); - - } - - } - - } - } - } - - Protocols protocols = auth.getProtocols(); - if (protocols != null) { - LegacyAllowed legacy = protocols.getLegacyAllowed(); - - if (legacy != null) { - List<String> list = legacy.getProtocolName(); - if (list.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) - legacy_saml1 = true; - - if (list.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) - legacy_pvp2 = true; - } - - SAML1 saml1 = protocols.getSAML1(); - if (saml1 != null) { - protocolActiveSAML1 = saml1.isIsActive(); - saml1SourceID = saml1.getSourceID(); - - //TODO: could removed in a later version - if (MiscUtil.isEmpty(saml1SourceID) && MiscUtil.isNotEmpty(alternativeSourceID)) - saml1SourceID = alternativeSourceID; - - } - - if (isMoaidMode()) { - OAuth oauth = protocols.getOAuth(); - if (oauth != null) { - protocolActiveOAuth = oauth.isIsActive(); - - } - - } - - PVP2 pvp2 = protocols.getPVP2(); - if (pvp2 != null) { - - protocolActivePVP21 = pvp2.isIsActive(); - - //INFO: only for backup - if (MiscUtil.isEmpty(publicURLPrefix)) - publicURLPrefix = pvp2.getPublicURLPrefix(); - - pvp2IssuerName = pvp2.getIssuerName(); - - List<Contact> con = pvp2.getContact(); - - //TODO: change to support more contacts - if (con != null && con.size() > 0) { - pvp2Contact = new ContactForm(con.get(0)); - - } - - Organization org = pvp2.getOrganization(); - if (org != null) { - pvp2OrgDisplayName = org.getDisplayName(); - pvp2OrgName = org.getName(); - pvp2OrgURL = org.getURL(); - } - } - - } - - if (isMoaidMode()) { - SecurityLayer seclayer = auth.getSecurityLayer(); - if (seclayer != null) { - List<TransformsInfoType> list = seclayer.getTransformsInfo(); - - for (TransformsInfoType el : list) { - fileUploadFileName.add(el.getFilename()); - } - } - - SSO sso = auth.getSSO(); - if (sso != null) { - ssoFriendlyName = sso.getFriendlyName(); - - // IdentificationNumber idl = sso.getIdentificationNumber(); - // if (idl != null) - // ssoIdentificationNumber = idl.getValue(); - - //INFO: only for backup - if (MiscUtil.isEmpty(publicURLPrefix)) - publicURLPrefix = sso.getPublicURL(); - - ssoSpecialText = sso.getSpecialText(); - - if (MiscUtil.isNotEmpty(sso.getTarget()) && - sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { - ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()). - replace("+", ""); - - } else - ssoTarget = sso.getTarget(); - - } - } - - ChainingModes modes = config.getChainingModes(); - if (modes != null) { - ChainingModeType defaultmode = modes.getSystemDefaultMode(); - if (defaultmode != null) { - - defaultchainigmode = defaultmode.value(); - - } - - List<TrustAnchor> trustanchor = modes.getTrustAnchor(); - if (trustanchor != null) { - //TODO: set addional trust anchors!!!! - } - } - - DefaultBKUs defaultbkus = config.getDefaultBKUs(); - if (defaultbkus != null) { - defaultBKUHandy = defaultbkus.getHandyBKU(); - defaultBKULocal = defaultbkus.getLocalBKU(); - defaultBKUOnline = defaultbkus.getOnlineBKU(); - } - - SLRequestTemplates slreq = config.getSLRequestTemplates(); - if (slreq != null) { - SLRequestTemplateHandy = slreq.getHandyBKU(); - SLRequestTemplateLocal = slreq.getLocalBKU(); - SLRequestTemplateOnline = slreq.getOnlineBKU(); - } - - } - - trustedCACerts = config.getTrustedCACertificates(); - - - - } - } - - /** - * @return the szrgwURL - */ - public String getSzrgwURL() { - return szrgwURL; - } - - /** - * @param szrgwURL the szrgwURL to set - */ - public void setSzrgwURL(String szrgwURL) { - if (MiscUtil.isNotEmpty(szrgwURL)) - this.szrgwURL = KeyValueUtils.removeAllNewlineFromString(szrgwURL); - else - this.szrgwURL = szrgwURL; - } + private boolean trustmanagerrevocationcheck = true; + + private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION); + private String timeoutMOASessionCreated = String.valueOf(DEFAULTTIMEOUTMOASESSIONCREATED); + private String timeoutMOASessionUpdated = String.valueOf(DEFAULTTIMEOUTMOASESSIONUPDATED); + + private String moaspssURL = null; + private String moaspssAuthTrustProfile = null; + private String moaspssAuthTransformations = ""; + private List<String> authTransformList = null; + private String moaspssIdlTrustProfile = null; + + private String moaspssIdlTrustProfileTest = null; + private String moaspssAuthTrustProfileTest = null; + + private String mandateURL = null; + private String szrgwURL = null; + private String elgaMandateServiceURL = null; + private String eidSystemServiceURL = null; + + private boolean protocolActiveSAML1 = false; + private boolean protocolActivePVP21 = true; + private boolean protocolActiveOAuth = true; + + private boolean legacy_saml1 = false; + private boolean legacy_pvp2 = false; + + private String saml1SourceID = null; + + private String pvp2IssuerName = null; + private String pvp2OrgName = null; + private String pvp2OrgDisplayName = null; + private String pvp2OrgURL = null; + private ContactForm pvp2Contact = null; + + private List<File> fileUpload = null; + private List<String> fileUploadContentType; + private List<String> fileUploadFileName = new ArrayList<>(); + private Map<String, byte[]> secLayerTransformation = null; + + private String ssoTarget = null; + private String ssoFriendlyName = null; + private String ssoSpecialText = null; + private String ssoIdentificationNumber = null; + + private String defaultchainigmode = null; + private static Map<String, String> chainigmodelist; + + private String trustedCACerts = null; + + private String defaultBKUOnline = ""; + private String defaultBKULocal = "https://127.0.0.1:3496/https-security-layer-request"; + private String defaultBKUHandy = + "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; + + private String SLRequestTemplateOnline = "SLTemplates/template_onlineBKU.html"; + private String SLRequestTemplateLocal = "SLTemplates/template_handyBKU.html"; + private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html"; + + private String publicURLPrefix = null; + private boolean virtualPublicURLPrefixEnabled = false; + + private boolean moaidMode = false; + + public GeneralMOAIDConfig() { + try { + this.moaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (final ConfigurationException e) { + e.printStackTrace(); + + } + + chainigmodelist = new HashMap<>(); + final ChainingModeType[] values = ChainingModeType.values(); + for (final ChainingModeType value : values) { + chainigmodelist.put(value.value(), value.value()); + } + + try { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + if (config != null) { + final MOAIDConfiguration dbconfig = config.getDbRead().getMOAIDConfiguration(); + final List<TransformsInfoType> authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer() + .getTransformsInfo(); + + if (authBlockTrans != null && !authBlockTrans.isEmpty()) { + if (secLayerTransformation == null) { + secLayerTransformation = new HashMap<>(); + } + for (final TransformsInfoType el : authBlockTrans) { + secLayerTransformation.put(el.getFilename(), el.getTransformation()); + } + + } + } + + } catch (final Exception e) { + + } + + } + + public void parse(MOAIDConfiguration config) { + + if (config != null) { + final AuthComponentGeneral auth = config.getAuthComponentGeneral(); + + // get ELGA mandate service URLs from configuration + if (MiscUtil.isNotEmpty(config.getEidSystemServiceURLs())) { + if (KeyValueUtils.isCSVValueString(config.getEidSystemServiceURLs())) { + eidSystemServiceURL = KeyValueUtils.normalizeCSVValueString(config.getEidSystemServiceURLs()); + } else { + if (config.getEidSystemServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + eidSystemServiceURL = config.getEidSystemServiceURLs().substring(0, + config.getEidSystemServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + eidSystemServiceURL = config.getEidSystemServiceURLs(); + } + + } + } + + // get ELGA mandate service URLs from configuration + if (MiscUtil.isNotEmpty(config.getElgaMandateServiceURLs())) { + if (KeyValueUtils.isCSVValueString(config.getElgaMandateServiceURLs())) { + elgaMandateServiceURL = KeyValueUtils.normalizeCSVValueString(config.getElgaMandateServiceURLs()); + } else { + if (config.getElgaMandateServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + elgaMandateServiceURL = config.getElgaMandateServiceURLs().substring(0, + config.getElgaMandateServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + elgaMandateServiceURL = config.getElgaMandateServiceURLs(); + } + + } + } + + if (auth != null) { + + final GeneralConfiguration authgen = auth.getGeneralConfiguration(); + if (authgen != null) { + alternativeSourceID = authgen.getAlternativeSourceID(); + // certStoreDirectory = authgen.getCertStoreDirectory(); + if (authgen.isTrustManagerRevocationChecking() != null) { + trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); + } + + virtualPublicURLPrefixEnabled = + KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix()); + + if (virtualPublicURLPrefixEnabled) { + // format CSV values with newlines + publicURLPrefix = KeyValueUtils.normalizeCSVValueString( + authgen.getPublicURLPreFix()); + + } else { + final String tmp = authgen.getPublicURLPreFix(); + if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + publicURLPrefix = tmp.substring(0, + tmp.indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + publicURLPrefix = tmp; + } + } + + final TimeOuts timeouts = authgen.getTimeOuts(); + if (timeouts != null) { + + if (timeouts.getAssertion() != null) { + timeoutAssertion = String.valueOf(timeouts.getAssertion().longValue()); + } + if (timeouts.getMOASessionCreated() != null) { + timeoutMOASessionCreated = String.valueOf(timeouts.getMOASessionCreated().longValue()); + } + if (timeouts.getMOASessionUpdated() != null) { + timeoutMOASessionUpdated = String.valueOf(timeouts.getMOASessionUpdated().longValue()); + } + + } + + // deactive STORK + if (isMoaidMode()) { + final ForeignIdentities foreign = auth.getForeignIdentities(); + if (foreign != null) { + final ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); + if (connect_foreign != null) { + if (MiscUtil.isNotEmpty(connect_foreign.getURL())) { + if (KeyValueUtils.isCSVValueString(connect_foreign.getURL())) { + szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL()); + } else { + if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + szrgwURL = connect_foreign.getURL().substring(0, + connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + szrgwURL = connect_foreign.getURL(); + } + + } + + } + } + + final STORK stork = foreign.getSTORK(); + if (stork != null) { + // TODO: add Stork config + + } + } + } + + } + + if (isMoaidMode()) { + final MOASP moaspss = auth.getMOASP(); + if (moaspss != null) { + final ConnectionParameterClientAuthType con = moaspss.getConnectionParameter(); + if (con != null) { + moaspssURL = con.getURL(); + } + + final VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock(); + if (authblock != null) { + moaspssAuthTrustProfile = authblock.getTrustProfileID(); + moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID(); + + final List<String> list = authblock.getVerifyTransformsInfoProfileID(); + if (list.size() == 1) { + moaspssAuthTransformations += list.get(0); + } else { + for (final String el : list) { + moaspssAuthTransformations += el + LINE_DELIMITER + "\n"; + } + } + } + + final VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); + if (idl != null) { + moaspssIdlTrustProfile = idl.getTrustProfileID(); + moaspssIdlTrustProfileTest = idl.getTestTrustProfileID(); + } + } + + final OnlineMandates mandates = auth.getOnlineMandates(); + if (mandates != null) { + final ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); + if (con != null) { + if (MiscUtil.isNotEmpty(con.getURL())) { + if (KeyValueUtils.isCSVValueString(con.getURL())) { + mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL()); + } else { + if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + mandateURL = con.getURL().substring(0, + con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + mandateURL = con.getURL(); + } + + } + + } + + } + } + } + + final Protocols protocols = auth.getProtocols(); + if (protocols != null) { + final LegacyAllowed legacy = protocols.getLegacyAllowed(); + + if (legacy != null) { + final List<String> list = legacy.getProtocolName(); + if (list.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) { + legacy_saml1 = true; + } + + if (list.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) { + legacy_pvp2 = true; + } + } + + final SAML1 saml1 = protocols.getSAML1(); + if (saml1 != null) { + protocolActiveSAML1 = saml1.isIsActive(); + saml1SourceID = saml1.getSourceID(); + + // TODO: could removed in a later version + if (MiscUtil.isEmpty(saml1SourceID) && MiscUtil.isNotEmpty(alternativeSourceID)) { + saml1SourceID = alternativeSourceID; + } + + } + + if (isMoaidMode()) { + final OAuth oauth = protocols.getOAuth(); + if (oauth != null) { + protocolActiveOAuth = oauth.isIsActive(); + + } + + } + + final PVP2 pvp2 = protocols.getPVP2(); + if (pvp2 != null) { + + protocolActivePVP21 = pvp2.isIsActive(); + + // INFO: only for backup + if (MiscUtil.isEmpty(publicURLPrefix)) { + publicURLPrefix = pvp2.getPublicURLPrefix(); + } + + pvp2IssuerName = pvp2.getIssuerName(); + + final List<Contact> con = pvp2.getContact(); + + // TODO: change to support more contacts + if (con != null && con.size() > 0) { + pvp2Contact = new ContactForm(con.get(0)); + + } + + final Organization org = pvp2.getOrganization(); + if (org != null) { + pvp2OrgDisplayName = org.getDisplayName(); + pvp2OrgName = org.getName(); + pvp2OrgURL = org.getURL(); + } + } + + } + + if (isMoaidMode()) { + final SecurityLayer seclayer = auth.getSecurityLayer(); + if (seclayer != null) { + final List<TransformsInfoType> list = seclayer.getTransformsInfo(); + + for (final TransformsInfoType el : list) { + fileUploadFileName.add(el.getFilename()); + } + } + + final SSO sso = auth.getSSO(); + if (sso != null) { + ssoFriendlyName = sso.getFriendlyName(); + + // IdentificationNumber idl = sso.getIdentificationNumber(); + // if (idl != null) + // ssoIdentificationNumber = idl.getValue(); + + // INFO: only for backup + if (MiscUtil.isEmpty(publicURLPrefix)) { + publicURLPrefix = sso.getPublicURL(); + } + + ssoSpecialText = sso.getSpecialText(); + + if (MiscUtil.isNotEmpty(sso.getTarget()) && + sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { + ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()).replace("+", ""); + + } else { + ssoTarget = sso.getTarget(); + } + + } + } + + final ChainingModes modes = config.getChainingModes(); + if (modes != null) { + final ChainingModeType defaultmode = modes.getSystemDefaultMode(); + if (defaultmode != null) { + + defaultchainigmode = defaultmode.value(); + + } + + final List<TrustAnchor> trustanchor = modes.getTrustAnchor(); + if (trustanchor != null) { + // TODO: set addional trust anchors!!!! + } + } + + final DefaultBKUs defaultbkus = config.getDefaultBKUs(); + if (defaultbkus != null) { + defaultBKUHandy = defaultbkus.getHandyBKU(); + defaultBKULocal = defaultbkus.getLocalBKU(); + defaultBKUOnline = defaultbkus.getOnlineBKU(); + } + + final SLRequestTemplates slreq = config.getSLRequestTemplates(); + if (slreq != null) { + SLRequestTemplateHandy = slreq.getHandyBKU(); + SLRequestTemplateLocal = slreq.getLocalBKU(); + SLRequestTemplateOnline = slreq.getOnlineBKU(); + } + + } + + trustedCACerts = config.getTrustedCACertificates(); + + } + } + + /** + * @return the szrgwURL + */ + public String getSzrgwURL() { + return szrgwURL; + } + + /** + * @param szrgwURL the szrgwURL to set + */ + public void setSzrgwURL(String szrgwURL) { + if (MiscUtil.isNotEmpty(szrgwURL)) { + this.szrgwURL = KeyValueUtils.removeAllNewlineFromString(szrgwURL); + } else { + this.szrgwURL = szrgwURL; + } + } // /** // * @return the certStoreDirectory @@ -506,662 +516,665 @@ public class GeneralMOAIDConfig { // this.certStoreDirectory = certStoreDirectory; // } - /** - * @return the timeoutAssertion - */ - public String getTimeoutAssertion() { - return timeoutAssertion; - } - - /** - * @param timeoutAssertion the timeoutAssertion to set - */ - public void setTimeoutAssertion(String timeoutAssertion) { - this.timeoutAssertion = timeoutAssertion; - } - - /** - * @return the timeoutMOASessionCreated - */ - public String getTimeoutMOASessionCreated() { - return timeoutMOASessionCreated; - } - - /** - * @param timeoutMOASessionCreated the timeoutMOASessionCreated to set - */ - public void setTimeoutMOASessionCreated(String timeoutMOASessionCreated) { - this.timeoutMOASessionCreated = timeoutMOASessionCreated; - } - - /** - * @return the timeoutMOASessionUpdated - */ - public String getTimeoutMOASessionUpdated() { - return timeoutMOASessionUpdated; - } - - /** - * @param timeoutMOASessionUpdated the timeoutMOASessionUpdated to set - */ - public void setTimeoutMOASessionUpdated(String timeoutMOASessionUpdated) { - this.timeoutMOASessionUpdated = timeoutMOASessionUpdated; - } - - /** - * @return the moaspssURL - */ - public String getMoaspssURL() { - return moaspssURL; - } - - /** - * @param moaspssURL the moaspssURL to set - */ - public void setMoaspssURL(String moaspssURL) { - this.moaspssURL = moaspssURL; - } - - /** - * @return the moaspssAuthTrustProfile - */ - public String getMoaspssAuthTrustProfile() { - return moaspssAuthTrustProfile; - } - - /** - * @param moaspssAuthTrustProfile the moaspssAuthTrustProfile to set - */ - public void setMoaspssAuthTrustProfile(String moaspssAuthTrustProfile) { - this.moaspssAuthTrustProfile = moaspssAuthTrustProfile; - } - - /** - * @return the moaspssAuthTransformations - */ - public String getMoaspssAuthTransformations() { - return moaspssAuthTransformations; - } - - /** - * @param moaspssAuthTransformations the moaspssAuthTransformations to set - */ - public void setMoaspssAuthTransformations(String moaspssAuthTransformations) { - this.moaspssAuthTransformations = moaspssAuthTransformations; - } - - /** - * @return the moaspssIdlTrustProfile - */ - public String getMoaspssIdlTrustProfile() { - return moaspssIdlTrustProfile; - } - - /** - * @param moaspssIdlTrustProfile the moaspssIdlTrustProfile to set - */ - public void setMoaspssIdlTrustProfile(String moaspssIdlTrustProfile) { - this.moaspssIdlTrustProfile = moaspssIdlTrustProfile; - } - - /** - * @return the mandateURL - */ - public String getMandateURL() { - return mandateURL; - } - - /** - * @param mandateURL the mandateURL to set - */ - public void setMandateURL(String mandateURL) { - if (MiscUtil.isNotEmpty(mandateURL)) - this.mandateURL = KeyValueUtils.removeAllNewlineFromString(mandateURL); - else - this.mandateURL = mandateURL; - } - - /** - * @return the legacy_saml1 - */ - public boolean isLegacy_saml1() { - return legacy_saml1; - } - - /** - * @param legacy_saml1 the legacy_saml1 to set - */ - public void setLegacy_saml1(boolean legacy_saml1) { - this.legacy_saml1 = legacy_saml1; - } - - /** - * @return the legacy_pvp2 - */ - public boolean isLegacy_pvp2() { - return legacy_pvp2; - } - - /** - * @param legacy_pvp2 the legacy_pvp2 to set - */ - public void setLegacy_pvp2(boolean legacy_pvp2) { - this.legacy_pvp2 = legacy_pvp2; - } - - /** - * @return the pvp2IssuerName - */ - public String getPvp2IssuerName() { - return pvp2IssuerName; - } - - /** - * @param pvp2IssuerName the pvp2IssuerName to set - */ - public void setPvp2IssuerName(String pvp2IssuerName) { - this.pvp2IssuerName = pvp2IssuerName; - } - - /** - * @return the pvp2OrgName - */ - public String getPvp2OrgName() { - return pvp2OrgName; - } - - /** - * @param pvp2OrgName the pvp2OrgName to set - */ - public void setPvp2OrgName(String pvp2OrgName) { - this.pvp2OrgName = pvp2OrgName; - } - - /** - * @return the pvp2OrgDisplayName - */ - public String getPvp2OrgDisplayName() { - return pvp2OrgDisplayName; - } - - /** - * @param pvp2OrgDisplayName the pvp2OrgDisplayName to set - */ - public void setPvp2OrgDisplayName(String pvp2OrgDisplayName) { - this.pvp2OrgDisplayName = pvp2OrgDisplayName; - } - - /** - * @return the pvp2OrgURL - */ - public String getPvp2OrgURL() { - return pvp2OrgURL; - } - - /** - * @param pvp2OrgURL the pvp2OrgURL to set - */ - public void setPvp2OrgURL(String pvp2OrgURL) { - this.pvp2OrgURL = pvp2OrgURL; - } - - /** - * @return the pvp2Contact - */ - public ContactForm getPvp2Contact() { - return pvp2Contact; - } - - /** - * @param pvp2Contact the pvp2Contact to set - */ - public void setPvp2Contact(ContactForm pvp2Contact) { - this.pvp2Contact = pvp2Contact; - } - - /** - * @return the fileUpload - */ - public List<File> getFileUpload() { - return fileUpload; - } - - /** - * @param fileUpload the fileUpload to set - */ - public void setFileUpload(List<File> fileUpload) { - this.fileUpload = fileUpload; - } - - /** - * @return the fileUploadContentType - */ - public List<String> getFileUploadContentType() { - return fileUploadContentType; - } - - /** - * @param fileUploadContentType the fileUploadContentType to set - */ - public void setFileUploadContentType(List<String> fileUploadContentType) { - this.fileUploadContentType = fileUploadContentType; - } - - /** - * @return the fileUploadFileName - */ - public List<String> getFileUploadFileName() { - return fileUploadFileName; - } - - /** - * @param fileUploadFileName the fileUploadFileName to set - */ - public void setFileUploadFileName(List<String> fileUploadFileName) { - this.fileUploadFileName = fileUploadFileName; - } - - /** - * @return the ssoTarget - */ - public String getSsoTarget() { - return ssoTarget; - } - - /** - * @param ssoTarget the ssoTarget to set - */ - public void setSsoTarget(String ssoTarget) { - this.ssoTarget = ssoTarget; - } - - /** - * @return the ssoFriendlyName - */ - public String getSsoFriendlyName() { - return ssoFriendlyName; - } - - /** - * @param ssoFriendlyName the ssoFriendlyName to set - */ - public void setSsoFriendlyName(String ssoFriendlyName) { - this.ssoFriendlyName = ssoFriendlyName; - } - - /** - * @return the ssoSpecialText - */ - public String getSsoSpecialText() { - return ssoSpecialText; - } - - /** - * @param ssoSpecialText the ssoSpecialText to set - */ - public void setSsoSpecialText(String ssoSpecialText) { - this.ssoSpecialText = ssoSpecialText; - } - - /** - * @return the ssoIdentificationNumber - */ - public String getSsoIdentificationNumber() { - return ssoIdentificationNumber; - } - - /** - * @param ssoIdentificationNumber the ssoIdentificationNumber to set - */ - public void setSsoIdentificationNumber(String ssoIdentificationNumber) { - this.ssoIdentificationNumber = ssoIdentificationNumber; - } - - /** - * @return the defaultchainigmode - */ - public String getDefaultchainigmode() { - return defaultchainigmode; - } - - /** - * @param defaultchainigmode the defaultchainigmode to set - */ - public void setDefaultchainigmode(String defaultchainigmode) { - this.defaultchainigmode = defaultchainigmode; - } - - /** - * @return the defaultBKUOnline - */ - public String getDefaultBKUOnline() { - return defaultBKUOnline; - } - - /** - * @param defaultBKUOnline the defaultBKUOnline to set - */ - public void setDefaultBKUOnline(String defaultBKUOnline) { - this.defaultBKUOnline = defaultBKUOnline; - } - - /** - * @return the defaultBKULocal - */ - public String getDefaultBKULocal() { - return defaultBKULocal; - } - - /** - * @param defaultBKULocal the defaultBKULocal to set - */ - public void setDefaultBKULocal(String defaultBKULocal) { - this.defaultBKULocal = defaultBKULocal; - } - - /** - * @return the defaultBKUHandy - */ - public String getDefaultBKUHandy() { - return defaultBKUHandy; - } - - /** - * @param defaultBKUHandy the defaultBKUHandy to set - */ - public void setDefaultBKUHandy(String defaultBKUHandy) { - this.defaultBKUHandy = defaultBKUHandy; - } - - /** - * @return the sLRequestTemplateOnline - */ - public String getSLRequestTemplateOnline() { - return SLRequestTemplateOnline; - } - - /** - * @param sLRequestTemplateOnline the sLRequestTemplateOnline to set - */ - public void setSLRequestTemplateOnline(String sLRequestTemplateOnline) { - SLRequestTemplateOnline = sLRequestTemplateOnline; - } - - /** - * @return the sLRequestTemplateLocal - */ - public String getSLRequestTemplateLocal() { - return SLRequestTemplateLocal; - } - - /** - * @param sLRequestTemplateLocal the sLRequestTemplateLocal to set - */ - public void setSLRequestTemplateLocal(String sLRequestTemplateLocal) { - SLRequestTemplateLocal = sLRequestTemplateLocal; - } - - /** - * @return the sLRequestTemplateHandy - */ - public String getSLRequestTemplateHandy() { - return SLRequestTemplateHandy; - } - - /** - * @param sLRequestTemplateHandy the sLRequestTemplateHandy to set - */ - public void setSLRequestTemplateHandy(String sLRequestTemplateHandy) { - SLRequestTemplateHandy = sLRequestTemplateHandy; - } - - /** - * @return the trustmanagerrevocationcheck - */ - public boolean isTrustmanagerrevocationcheck() { - return trustmanagerrevocationcheck; - } - - /** - * @param trustmanagerrevocationcheck the trustmanagerrevocationcheck to set - */ - public void setTrustmanagerrevocationcheck(boolean trustmanagerrevocationcheck) { - this.trustmanagerrevocationcheck = trustmanagerrevocationcheck; - } - - /** - * @return the trustedCACerts - */ - public String getTrustedCACerts() { - return trustedCACerts; - } - - /** - * @param trustedCACerts the trustedCACerts to set - */ - public void setTrustedCACerts(String trustedCACerts) { - this.trustedCACerts = trustedCACerts; - } - - /** - * @return the chainigmodelist - */ - public Map<String, String> getChainigmodelist() { - return chainigmodelist; - } - - /** - * @param chainigmodelist the chainigmodelist to set - */ - public void setChainigmodelist(Map<String, String> chainigmodelist) { - GeneralMOAIDConfig.chainigmodelist = chainigmodelist; - } - - /** - * @return the secLayerTransformation - */ - public Map<String, byte[]> getSecLayerTransformation() { - - return secLayerTransformation; - } - - /** - * @param secLayerTransformation the secLayerTransformation to set - */ - public void setSecLayerTransformation(Map<String, byte[]> secLayerTransformation) { - this.secLayerTransformation = secLayerTransformation; - } - - /** - * @return the authTransformList - */ - public List<String> getAuthTransformList() { - return authTransformList; - } - - /** - * @param authTransformList the authTransformList to set - */ - public void setAuthTransformList(List<String> authTransformList) { - this.authTransformList = authTransformList; - } - - - - - public void setFileUpload(File fileUpload) { - if (this.fileUpload == null) - this.fileUpload = new ArrayList<File>(); - this.fileUpload.add(fileUpload); - } - - public void setFileUploadContentType(String fileUploadContentType) { - if (this.fileUploadContentType == null) - this.fileUploadContentType = new ArrayList<String>(); - this.fileUploadContentType.add(fileUploadContentType); - } - - public void setFileUploadFileName(String fileUploadFileName) { - if (this.fileUploadFileName == null) - this.fileUploadFileName = new ArrayList<String>(); - this.fileUploadFileName.add(fileUploadFileName); - } - - /** - * @return the protocolActiveSAML1 - */ - public boolean isProtocolActiveSAML1() { - return protocolActiveSAML1; - } - - /** - * @param protocolActiveSAML1 the protocolActiveSAML1 to set - */ - public void setProtocolActiveSAML1(boolean protocolActiveSAML1) { - this.protocolActiveSAML1 = protocolActiveSAML1; - } - - /** - * @return the protocolActivePVP21 - */ - public boolean isProtocolActivePVP21() { - return protocolActivePVP21; - } - - /** - * @param protocolActivePVP21 the protocolActivePVP21 to set - */ - public void setProtocolActivePVP21(boolean protocolActivePVP21) { - this.protocolActivePVP21 = protocolActivePVP21; - } - - /** - * @return the protocolActiveOAuth - */ - public boolean isProtocolActiveOAuth() { - return protocolActiveOAuth; - } - - /** - * @param protocolActiveOAuth the protocolActiveOAuth to set - */ - public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { - this.protocolActiveOAuth = protocolActiveOAuth; - } - - /** - * @return the saml1SourceID - */ - public String getSaml1SourceID() { - return saml1SourceID; - } - - /** - * @param saml1SourceID the saml1SourceID to set - */ - public void setSaml1SourceID(String saml1SourceID) { - this.saml1SourceID = saml1SourceID; - } - - /** - * @return the publicURLPrefix - */ - public String getPublicURLPrefix() { - return publicURLPrefix; - } - - /** - * @param publicURLPrefix the publicURLPrefix to set - */ - public void setPublicURLPrefix(String publicURLPrefix) { - if (MiscUtil.isNotEmpty(publicURLPrefix)) - this.publicURLPrefix = - KeyValueUtils.removeAllNewlineFromString(publicURLPrefix); - else - this.publicURLPrefix = publicURLPrefix; - - } - - /** - * @return the moaspssIdlTrustProfileTest - */ - public String getMoaspssIdlTrustProfileTest() { - return moaspssIdlTrustProfileTest; - } - - /** - * @param moaspssIdlTrustProfileTest the moaspssIdlTrustProfileTest to set - */ - public void setMoaspssIdlTrustProfileTest(String moaspssIdlTrustProfileTest) { - this.moaspssIdlTrustProfileTest = moaspssIdlTrustProfileTest; - } - - /** - * @return the moaspssAuthTrustProfileTest - */ - public String getMoaspssAuthTrustProfileTest() { - return moaspssAuthTrustProfileTest; - } - - /** - * @param moaspssAuthTrustProfileTest the moaspssAuthTrustProfileTest to set - */ - public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) { - this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest; - } - - /** - * @return the virtualPublicURLPrefixEnabled - */ - public boolean isVirtualPublicURLPrefixEnabled() { - return virtualPublicURLPrefixEnabled; - } - - /** - * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set - */ - public void setVirtualPublicURLPrefixEnabled( - boolean virtualPublicURLPrefixEnabled) { - this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; - } - - /** - * @return the elgaMandateServiceURL - */ - public String getElgaMandateServiceURL() { - return elgaMandateServiceURL; - } - - /** - * @param elgaMandateServiceURL the elgaMandateServiceURL to set - */ - public void setElgaMandateServiceURL(String elgaMandateServiceURL) { - if (MiscUtil.isNotEmpty(elgaMandateServiceURL)) - this.elgaMandateServiceURL = KeyValueUtils.removeAllNewlineFromString(elgaMandateServiceURL); - else - this.elgaMandateServiceURL = elgaMandateServiceURL; - } - - /** - * @return the eidSystemServiceURL - */ - public String getEidSystemServiceURL() { - return eidSystemServiceURL; - } - - public boolean isMoaidMode() { - return moaidMode; - } - - /** - * @param eidSystemServiceURL the E-ID Service URL to set - */ - public void setEidSystemServiceURL(String eidSystemServiceURL) { - if (MiscUtil.isNotEmpty(eidSystemServiceURL)) - this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL); - else - this.eidSystemServiceURL = eidSystemServiceURL; - } - - + /** + * @return the timeoutAssertion + */ + public String getTimeoutAssertion() { + return timeoutAssertion; + } + + /** + * @param timeoutAssertion the timeoutAssertion to set + */ + public void setTimeoutAssertion(String timeoutAssertion) { + this.timeoutAssertion = timeoutAssertion; + } + + /** + * @return the timeoutMOASessionCreated + */ + public String getTimeoutMOASessionCreated() { + return timeoutMOASessionCreated; + } + + /** + * @param timeoutMOASessionCreated the timeoutMOASessionCreated to set + */ + public void setTimeoutMOASessionCreated(String timeoutMOASessionCreated) { + this.timeoutMOASessionCreated = timeoutMOASessionCreated; + } + + /** + * @return the timeoutMOASessionUpdated + */ + public String getTimeoutMOASessionUpdated() { + return timeoutMOASessionUpdated; + } + + /** + * @param timeoutMOASessionUpdated the timeoutMOASessionUpdated to set + */ + public void setTimeoutMOASessionUpdated(String timeoutMOASessionUpdated) { + this.timeoutMOASessionUpdated = timeoutMOASessionUpdated; + } + + /** + * @return the moaspssURL + */ + public String getMoaspssURL() { + return moaspssURL; + } + + /** + * @param moaspssURL the moaspssURL to set + */ + public void setMoaspssURL(String moaspssURL) { + this.moaspssURL = moaspssURL; + } + + /** + * @return the moaspssAuthTrustProfile + */ + public String getMoaspssAuthTrustProfile() { + return moaspssAuthTrustProfile; + } + + /** + * @param moaspssAuthTrustProfile the moaspssAuthTrustProfile to set + */ + public void setMoaspssAuthTrustProfile(String moaspssAuthTrustProfile) { + this.moaspssAuthTrustProfile = moaspssAuthTrustProfile; + } + + /** + * @return the moaspssAuthTransformations + */ + public String getMoaspssAuthTransformations() { + return moaspssAuthTransformations; + } + + /** + * @param moaspssAuthTransformations the moaspssAuthTransformations to set + */ + public void setMoaspssAuthTransformations(String moaspssAuthTransformations) { + this.moaspssAuthTransformations = moaspssAuthTransformations; + } + + /** + * @return the moaspssIdlTrustProfile + */ + public String getMoaspssIdlTrustProfile() { + return moaspssIdlTrustProfile; + } + + /** + * @param moaspssIdlTrustProfile the moaspssIdlTrustProfile to set + */ + public void setMoaspssIdlTrustProfile(String moaspssIdlTrustProfile) { + this.moaspssIdlTrustProfile = moaspssIdlTrustProfile; + } + + /** + * @return the mandateURL + */ + public String getMandateURL() { + return mandateURL; + } + + /** + * @param mandateURL the mandateURL to set + */ + public void setMandateURL(String mandateURL) { + if (MiscUtil.isNotEmpty(mandateURL)) { + this.mandateURL = KeyValueUtils.removeAllNewlineFromString(mandateURL); + } else { + this.mandateURL = mandateURL; + } + } + + /** + * @return the legacy_saml1 + */ + public boolean isLegacy_saml1() { + return legacy_saml1; + } + + /** + * @param legacy_saml1 the legacy_saml1 to set + */ + public void setLegacy_saml1(boolean legacy_saml1) { + this.legacy_saml1 = legacy_saml1; + } + + /** + * @return the legacy_pvp2 + */ + public boolean isLegacy_pvp2() { + return legacy_pvp2; + } + + /** + * @param legacy_pvp2 the legacy_pvp2 to set + */ + public void setLegacy_pvp2(boolean legacy_pvp2) { + this.legacy_pvp2 = legacy_pvp2; + } + + /** + * @return the pvp2IssuerName + */ + public String getPvp2IssuerName() { + return pvp2IssuerName; + } + + /** + * @param pvp2IssuerName the pvp2IssuerName to set + */ + public void setPvp2IssuerName(String pvp2IssuerName) { + this.pvp2IssuerName = pvp2IssuerName; + } + + /** + * @return the pvp2OrgName + */ + public String getPvp2OrgName() { + return pvp2OrgName; + } + + /** + * @param pvp2OrgName the pvp2OrgName to set + */ + public void setPvp2OrgName(String pvp2OrgName) { + this.pvp2OrgName = pvp2OrgName; + } + + /** + * @return the pvp2OrgDisplayName + */ + public String getPvp2OrgDisplayName() { + return pvp2OrgDisplayName; + } + + /** + * @param pvp2OrgDisplayName the pvp2OrgDisplayName to set + */ + public void setPvp2OrgDisplayName(String pvp2OrgDisplayName) { + this.pvp2OrgDisplayName = pvp2OrgDisplayName; + } + + /** + * @return the pvp2OrgURL + */ + public String getPvp2OrgURL() { + return pvp2OrgURL; + } + + /** + * @param pvp2OrgURL the pvp2OrgURL to set + */ + public void setPvp2OrgURL(String pvp2OrgURL) { + this.pvp2OrgURL = pvp2OrgURL; + } + + /** + * @return the pvp2Contact + */ + public ContactForm getPvp2Contact() { + return pvp2Contact; + } + + /** + * @param pvp2Contact the pvp2Contact to set + */ + public void setPvp2Contact(ContactForm pvp2Contact) { + this.pvp2Contact = pvp2Contact; + } + + /** + * @return the fileUpload + */ + public List<File> getFileUpload() { + return fileUpload; + } + + /** + * @param fileUpload the fileUpload to set + */ + public void setFileUpload(List<File> fileUpload) { + this.fileUpload = fileUpload; + } + + /** + * @return the fileUploadContentType + */ + public List<String> getFileUploadContentType() { + return fileUploadContentType; + } + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(List<String> fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + /** + * @return the fileUploadFileName + */ + public List<String> getFileUploadFileName() { + return fileUploadFileName; + } + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(List<String> fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + /** + * @return the ssoTarget + */ + public String getSsoTarget() { + return ssoTarget; + } + + /** + * @param ssoTarget the ssoTarget to set + */ + public void setSsoTarget(String ssoTarget) { + this.ssoTarget = ssoTarget; + } + + /** + * @return the ssoFriendlyName + */ + public String getSsoFriendlyName() { + return ssoFriendlyName; + } + + /** + * @param ssoFriendlyName the ssoFriendlyName to set + */ + public void setSsoFriendlyName(String ssoFriendlyName) { + this.ssoFriendlyName = ssoFriendlyName; + } + + /** + * @return the ssoSpecialText + */ + public String getSsoSpecialText() { + return ssoSpecialText; + } + + /** + * @param ssoSpecialText the ssoSpecialText to set + */ + public void setSsoSpecialText(String ssoSpecialText) { + this.ssoSpecialText = ssoSpecialText; + } + + /** + * @return the ssoIdentificationNumber + */ + public String getSsoIdentificationNumber() { + return ssoIdentificationNumber; + } + + /** + * @param ssoIdentificationNumber the ssoIdentificationNumber to set + */ + public void setSsoIdentificationNumber(String ssoIdentificationNumber) { + this.ssoIdentificationNumber = ssoIdentificationNumber; + } + + /** + * @return the defaultchainigmode + */ + public String getDefaultchainigmode() { + return defaultchainigmode; + } + + /** + * @param defaultchainigmode the defaultchainigmode to set + */ + public void setDefaultchainigmode(String defaultchainigmode) { + this.defaultchainigmode = defaultchainigmode; + } + + /** + * @return the defaultBKUOnline + */ + public String getDefaultBKUOnline() { + return defaultBKUOnline; + } + + /** + * @param defaultBKUOnline the defaultBKUOnline to set + */ + public void setDefaultBKUOnline(String defaultBKUOnline) { + this.defaultBKUOnline = defaultBKUOnline; + } + + /** + * @return the defaultBKULocal + */ + public String getDefaultBKULocal() { + return defaultBKULocal; + } + + /** + * @param defaultBKULocal the defaultBKULocal to set + */ + public void setDefaultBKULocal(String defaultBKULocal) { + this.defaultBKULocal = defaultBKULocal; + } + + /** + * @return the defaultBKUHandy + */ + public String getDefaultBKUHandy() { + return defaultBKUHandy; + } + + /** + * @param defaultBKUHandy the defaultBKUHandy to set + */ + public void setDefaultBKUHandy(String defaultBKUHandy) { + this.defaultBKUHandy = defaultBKUHandy; + } + + /** + * @return the sLRequestTemplateOnline + */ + public String getSLRequestTemplateOnline() { + return SLRequestTemplateOnline; + } + + /** + * @param sLRequestTemplateOnline the sLRequestTemplateOnline to set + */ + public void setSLRequestTemplateOnline(String sLRequestTemplateOnline) { + SLRequestTemplateOnline = sLRequestTemplateOnline; + } + + /** + * @return the sLRequestTemplateLocal + */ + public String getSLRequestTemplateLocal() { + return SLRequestTemplateLocal; + } + + /** + * @param sLRequestTemplateLocal the sLRequestTemplateLocal to set + */ + public void setSLRequestTemplateLocal(String sLRequestTemplateLocal) { + SLRequestTemplateLocal = sLRequestTemplateLocal; + } + + /** + * @return the sLRequestTemplateHandy + */ + public String getSLRequestTemplateHandy() { + return SLRequestTemplateHandy; + } + + /** + * @param sLRequestTemplateHandy the sLRequestTemplateHandy to set + */ + public void setSLRequestTemplateHandy(String sLRequestTemplateHandy) { + SLRequestTemplateHandy = sLRequestTemplateHandy; + } + + /** + * @return the trustmanagerrevocationcheck + */ + public boolean isTrustmanagerrevocationcheck() { + return trustmanagerrevocationcheck; + } + + /** + * @param trustmanagerrevocationcheck the trustmanagerrevocationcheck to set + */ + public void setTrustmanagerrevocationcheck(boolean trustmanagerrevocationcheck) { + this.trustmanagerrevocationcheck = trustmanagerrevocationcheck; + } + + /** + * @return the trustedCACerts + */ + public String getTrustedCACerts() { + return trustedCACerts; + } + + /** + * @param trustedCACerts the trustedCACerts to set + */ + public void setTrustedCACerts(String trustedCACerts) { + this.trustedCACerts = trustedCACerts; + } + + /** + * @return the chainigmodelist + */ + public Map<String, String> getChainigmodelist() { + return chainigmodelist; + } + + /** + * @param chainigmodelist the chainigmodelist to set + */ + public void setChainigmodelist(Map<String, String> chainigmodelist) { + GeneralMOAIDConfig.chainigmodelist = chainigmodelist; + } + + /** + * @return the secLayerTransformation + */ + public Map<String, byte[]> getSecLayerTransformation() { + + return secLayerTransformation; + } + + /** + * @param secLayerTransformation the secLayerTransformation to set + */ + public void setSecLayerTransformation(Map<String, byte[]> secLayerTransformation) { + this.secLayerTransformation = secLayerTransformation; + } + + /** + * @return the authTransformList + */ + public List<String> getAuthTransformList() { + return authTransformList; + } + + /** + * @param authTransformList the authTransformList to set + */ + public void setAuthTransformList(List<String> authTransformList) { + this.authTransformList = authTransformList; + } + + public void setFileUpload(File fileUpload) { + if (this.fileUpload == null) { + this.fileUpload = new ArrayList<>(); + } + this.fileUpload.add(fileUpload); + } + + public void setFileUploadContentType(String fileUploadContentType) { + if (this.fileUploadContentType == null) { + this.fileUploadContentType = new ArrayList<>(); + } + this.fileUploadContentType.add(fileUploadContentType); + } + + public void setFileUploadFileName(String fileUploadFileName) { + if (this.fileUploadFileName == null) { + this.fileUploadFileName = new ArrayList<>(); + } + this.fileUploadFileName.add(fileUploadFileName); + } + + /** + * @return the protocolActiveSAML1 + */ + public boolean isProtocolActiveSAML1() { + return protocolActiveSAML1; + } + + /** + * @param protocolActiveSAML1 the protocolActiveSAML1 to set + */ + public void setProtocolActiveSAML1(boolean protocolActiveSAML1) { + this.protocolActiveSAML1 = protocolActiveSAML1; + } + + /** + * @return the protocolActivePVP21 + */ + public boolean isProtocolActivePVP21() { + return protocolActivePVP21; + } + + /** + * @param protocolActivePVP21 the protocolActivePVP21 to set + */ + public void setProtocolActivePVP21(boolean protocolActivePVP21) { + this.protocolActivePVP21 = protocolActivePVP21; + } + + /** + * @return the protocolActiveOAuth + */ + public boolean isProtocolActiveOAuth() { + return protocolActiveOAuth; + } + + /** + * @param protocolActiveOAuth the protocolActiveOAuth to set + */ + public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { + this.protocolActiveOAuth = protocolActiveOAuth; + } + + /** + * @return the saml1SourceID + */ + public String getSaml1SourceID() { + return saml1SourceID; + } + + /** + * @param saml1SourceID the saml1SourceID to set + */ + public void setSaml1SourceID(String saml1SourceID) { + this.saml1SourceID = saml1SourceID; + } + + /** + * @return the publicURLPrefix + */ + public String getPublicURLPrefix() { + return publicURLPrefix; + } + + /** + * @param publicURLPrefix the publicURLPrefix to set + */ + public void setPublicURLPrefix(String publicURLPrefix) { + if (MiscUtil.isNotEmpty(publicURLPrefix)) { + this.publicURLPrefix = + KeyValueUtils.removeAllNewlineFromString(publicURLPrefix); + } else { + this.publicURLPrefix = publicURLPrefix; + } + + } + + /** + * @return the moaspssIdlTrustProfileTest + */ + public String getMoaspssIdlTrustProfileTest() { + return moaspssIdlTrustProfileTest; + } + + /** + * @param moaspssIdlTrustProfileTest the moaspssIdlTrustProfileTest to set + */ + public void setMoaspssIdlTrustProfileTest(String moaspssIdlTrustProfileTest) { + this.moaspssIdlTrustProfileTest = moaspssIdlTrustProfileTest; + } + + /** + * @return the moaspssAuthTrustProfileTest + */ + public String getMoaspssAuthTrustProfileTest() { + return moaspssAuthTrustProfileTest; + } + + /** + * @param moaspssAuthTrustProfileTest the moaspssAuthTrustProfileTest to set + */ + public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) { + this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest; + } + + /** + * @return the virtualPublicURLPrefixEnabled + */ + public boolean isVirtualPublicURLPrefixEnabled() { + return virtualPublicURLPrefixEnabled; + } + + /** + * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set + */ + public void setVirtualPublicURLPrefixEnabled( + boolean virtualPublicURLPrefixEnabled) { + this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; + } + + /** + * @return the elgaMandateServiceURL + */ + public String getElgaMandateServiceURL() { + return elgaMandateServiceURL; + } + + /** + * @param elgaMandateServiceURL the elgaMandateServiceURL to set + */ + public void setElgaMandateServiceURL(String elgaMandateServiceURL) { + if (MiscUtil.isNotEmpty(elgaMandateServiceURL)) { + this.elgaMandateServiceURL = KeyValueUtils.removeAllNewlineFromString(elgaMandateServiceURL); + } else { + this.elgaMandateServiceURL = elgaMandateServiceURL; + } + } + + /** + * @return the eidSystemServiceURL + */ + public String getEidSystemServiceURL() { + return eidSystemServiceURL; + } + + public boolean isMoaidMode() { + return moaidMode; + } + + /** + * @param eidSystemServiceURL the E-ID Service URL to set + */ + public void setEidSystemServiceURL(String eidSystemServiceURL) { + if (MiscUtil.isNotEmpty(eidSystemServiceURL)) { + this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL); + } else { + this.eidSystemServiceURL = eidSystemServiceURL; + } + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index b5c996c72..c833372c9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.data; import java.util.ArrayList; import java.util.List; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; @@ -36,141 +34,147 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class GeneralStorkConfig { - private List<CPEPS> cpepslist; - private List<StorkAttribute> attributes; - private String qaa; - private static final Logger log = Logger.getLogger(GeneralStorkConfig.class); - - private MOAIDConfiguration dbconfig = null; - - /** - * - */ - public GeneralStorkConfig() { - try { - dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - - } - - } - - public void parse(MOAIDConfiguration config) { - log.info("Initializing general Stork config"); - - cpepslist = new ArrayList<CPEPS>(); - attributes = new ArrayList<StorkAttribute>(); - - if (config != null) { - AuthComponentGeneral auth = config.getAuthComponentGeneral(); - - if (auth != null) { - ForeignIdentities foreign = auth.getForeignIdentities(); - - if (foreign != null) { - STORK stork = foreign.getSTORK(); - - if (stork != null) { - // deep clone all the things - // to foreclose lazyloading session timeouts - if (stork.getCPEPS() != null) { - for(CPEPS current : stork.getCPEPS()) { - cpepslist.add(current); - } - } - - List<StorkAttribute> tmp = stork.getAttributes(); - if(null != tmp) { - - for(StorkAttribute current : tmp) - attributes.add(current); - } - - try { - qaa = stork.getGeneral_eIDAS_LOA(); - - } catch(NullPointerException e) { - qaa = MOAIDConstants.eIDAS_LOA_HIGH; - } - } - - } - } - } - - if (cpepslist.isEmpty()) { - CPEPS defaultCPEPS = new CPEPS(); - defaultCPEPS.setCountryCode("CC"); - defaultCPEPS.setURL("http://"); - defaultCPEPS.setSupportsXMLSignature(true); - cpepslist.add(defaultCPEPS ); - - } - if(attributes.isEmpty()) - attributes.add(new StorkAttribute()); - } - - public List<String> getAllowedLoALevels() { - return MOAIDConstants.ALLOWED_eIDAS_LOA; - } - - public List<CPEPS> getRawCPEPSList() { - return cpepslist; + private List<CPEPS> cpepslist; + private List<StorkAttribute> attributes; + private String qaa; + + private MOAIDConfiguration dbconfig = null; + + /** + * + */ + public GeneralStorkConfig() { + try { + dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + + } + + public void parse(MOAIDConfiguration config) { + log.info("Initializing general Stork config"); + + cpepslist = new ArrayList<>(); + attributes = new ArrayList<>(); + + if (config != null) { + final AuthComponentGeneral auth = config.getAuthComponentGeneral(); + + if (auth != null) { + final ForeignIdentities foreign = auth.getForeignIdentities(); + + if (foreign != null) { + final STORK stork = foreign.getSTORK(); + + if (stork != null) { + // deep clone all the things + // to foreclose lazyloading session timeouts + if (stork.getCPEPS() != null) { + for (final CPEPS current : stork.getCPEPS()) { + cpepslist.add(current); + } + } + + final List<StorkAttribute> tmp = stork.getAttributes(); + if (null != tmp) { + + for (final StorkAttribute current : tmp) { + attributes.add(current); + } + } + + try { + qaa = stork.getGeneral_eIDAS_LOA(); + + } catch (final NullPointerException e) { + qaa = MOAIDConstants.eIDAS_LOA_HIGH; + } + } + + } + } } - - public List<CPEPS> getCpepslist() { - if (null == cpepslist) - return null; - - //MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); - - try { - List<CPEPS> cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS(); - - if (cpepss != null) { - // make CountryCode "readonly" - for (CPEPS newone : cpepslist) { - for (CPEPS current : cpepss) { - if (null != newone) - if (current.getHjid().equals(newone.getHjid())) { - newone.setCountryCode(current.getCountryCode()); - break; - } - } - } - } - - return cpepslist; - - } catch (NullPointerException e) { - return null; - - } - - } - - public void setCpepslist(List<CPEPS> list) { - cpepslist = list; - } - - public List<StorkAttribute> getAttributes() { - return attributes; - } - - public void setAttributes(List<StorkAttribute> attributes) { - this.attributes = attributes; - } - - public String getDefaultQaa() { - return qaa; - } - - public void setDefaultQaa(String qaa) { - this.qaa = qaa; - } + + if (cpepslist.isEmpty()) { + final CPEPS defaultCPEPS = new CPEPS(); + defaultCPEPS.setCountryCode("CC"); + defaultCPEPS.setURL("http://"); + defaultCPEPS.setSupportsXMLSignature(true); + cpepslist.add(defaultCPEPS); + + } + if (attributes.isEmpty()) { + attributes.add(new StorkAttribute()); + } + } + + public List<String> getAllowedLoALevels() { + return MOAIDConstants.ALLOWED_eIDAS_LOA; + } + + public List<CPEPS> getRawCPEPSList() { + return cpepslist; + } + + public List<CPEPS> getCpepslist() { + if (null == cpepslist) { + return null; + } + + // MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + try { + final List<CPEPS> cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getCPEPS(); + + if (cpepss != null) { + // make CountryCode "readonly" + for (final CPEPS newone : cpepslist) { + for (final CPEPS current : cpepss) { + if (null != newone) { + if (current.getHjid().equals(newone.getHjid())) { + newone.setCountryCode(current.getCountryCode()); + break; + } + } + } + } + } + + return cpepslist; + + } catch (final NullPointerException e) { + return null; + + } + + } + + public void setCpepslist(List<CPEPS> list) { + cpepslist = list; + } + + public List<StorkAttribute> getAttributes() { + return attributes; + } + + public void setAttributes(List<StorkAttribute> attributes) { + this.attributes = attributes; + } + + public String getDefaultQaa() { + return qaa; + } + + public void setDefaultQaa(String qaa) { + this.qaa = qaa; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java index 28eba9f34..c7de7e369 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java @@ -23,92 +23,103 @@ package at.gv.egovernment.moa.id.configuration.data; public class OAListElement { - - public enum ServiceType {OA, VIDP, IDP, GWAY} - - private long dataBaseID; - private String oaIdentifier; - private String oaFriendlyName; - private String oaType; - private boolean isActive; - private ServiceType serviceType; - - /** - * - */ - public OAListElement(ServiceType type) { - this.serviceType = type; - } - - - /** - * @return the dataBaseID - */ - public long getDataBaseID() { - return dataBaseID; - } - /** - * @param dataBaseID the dataBaseID to set - */ - public void setDataBaseID(long dataBaseID) { - this.dataBaseID = dataBaseID; - } - /** - * @return the oaIdentifier - */ - public String getOaIdentifier() { - return oaIdentifier; - } - /** - * @param oaIdentifier the oaIdentifier to set - */ - public void setOaIdentifier(String oaIdentifier) { - this.oaIdentifier = oaIdentifier; - } - /** - * @return the oaFriendlyName - */ - public String getOaFriendlyName() { - return oaFriendlyName; - } - /** - * @param oaFriendlyName the oaFriendlyName to set - */ - public void setOaFriendlyName(String oaFriendlyName) { - this.oaFriendlyName = oaFriendlyName; - } - /** - * @return the oaType - */ - public String getOaType() { - return oaType; - } - /** - * @param oaType the oaType to set - */ - public void setOaType(String oaType) { - this.oaType = oaType; - } - /** - * @return the isActive - */ - public boolean isActive() { - return isActive; - } - /** - * @param isActive the isActive to set - */ - public void setActive(boolean isActive) { - this.isActive = isActive; - } - - public String getIsActive(){ - return String.valueOf(isActive); - } - /** - * @return the serviceType - */ - public String getServiceType() { - return serviceType.name(); - } + + public enum ServiceType { + OA, VIDP, IDP, GWAY + } + + private long dataBaseID; + private String oaIdentifier; + private String oaFriendlyName; + private String oaType; + private boolean isActive; + private final ServiceType serviceType; + + /** + * + */ + public OAListElement(ServiceType type) { + this.serviceType = type; + } + + /** + * @return the dataBaseID + */ + public long getDataBaseID() { + return dataBaseID; + } + + /** + * @param dataBaseID the dataBaseID to set + */ + public void setDataBaseID(long dataBaseID) { + this.dataBaseID = dataBaseID; + } + + /** + * @return the oaIdentifier + */ + public String getOaIdentifier() { + return oaIdentifier; + } + + /** + * @param oaIdentifier the oaIdentifier to set + */ + public void setOaIdentifier(String oaIdentifier) { + this.oaIdentifier = oaIdentifier; + } + + /** + * @return the oaFriendlyName + */ + public String getOaFriendlyName() { + return oaFriendlyName; + } + + /** + * @param oaFriendlyName the oaFriendlyName to set + */ + public void setOaFriendlyName(String oaFriendlyName) { + this.oaFriendlyName = oaFriendlyName; + } + + /** + * @return the oaType + */ + public String getOaType() { + return oaType; + } + + /** + * @param oaType the oaType to set + */ + public void setOaType(String oaType) { + this.oaType = oaType; + } + + /** + * @return the isActive + */ + public boolean isActive() { + return isActive; + } + + /** + * @param isActive the isActive to set + */ + public void setActive(boolean isActive) { + this.isActive = isActive; + } + + public String getIsActive() { + return String.valueOf(isActive); + } + + /** + * @return the serviceType + */ + public String getServiceType() { + return serviceType.name(); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java index a1bcf4aa4..af4548779 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java @@ -24,27 +24,25 @@ package at.gv.egovernment.moa.id.configuration.data; public class StorkAttributes { + public AttributValues eIdentifier; - public AttributValues eIdentifier; - - - public void parse() { - eIdentifier = AttributValues.MANDATORY; - } - - - public enum AttributValues { - MANDATORY, OPTIONAL, NOT; - - public String getValue() { - if (this == MANDATORY) - return MANDATORY.name(); - if (this == OPTIONAL) - return OPTIONAL.name(); - else - return NOT.name(); - } - } - -} + public void parse() { + eIdentifier = AttributValues.MANDATORY; + } + + public enum AttributValues { + MANDATORY, OPTIONAL, NOT; + public String getValue() { + if (this == MANDATORY) { + return MANDATORY.name(); + } + if (this == OPTIONAL) { + return OPTIONAL.name(); + } else { + return NOT.name(); + } + } + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java index 8f4746d69..8f94fa642 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java @@ -26,328 +26,310 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.util.MiscUtil; public class UserDatabaseFrom { - - private String bpk; - private String familyName; - private String givenName; - private String institut; - private String mail; - private String phone; - private String username; - private String password; - private String password_second; - private boolean active = false; - private boolean admin = false; - private boolean passwordActive; - private boolean isusernamepasswordallowed = false; - private boolean isadminrequest = true; - private boolean ismandateuser = false; - private boolean isPVPGenerated; - private String userID = null; - - public UserDatabaseFrom() { - - } - - public UserDatabaseFrom(UserDatabase db) { - bpk = db.getBpk(); - familyName = db.getFamilyname(); - givenName = db.getGivenname(); - institut = db.getInstitut(); - mail = db.getMail(); - phone = db.getPhone(); - username = db.getUsername(); - - if (MiscUtil.isNotEmpty(db.getPassword())) - passwordActive = true; - else - passwordActive = false; - - active = db.isIsActive(); - admin = db.isIsAdmin(); - - if (db.isIsUsernamePasswordAllowed() != null) - isusernamepasswordallowed = db.isIsUsernamePasswordAllowed(); - else - isusernamepasswordallowed = true; - - if (db.isIsAdminRequest() != null) - isadminrequest = db.isIsAdminRequest(); - else - isadminrequest = false; - - if (db.isIsMandateUser() != null) - ismandateuser = db.isIsMandateUser(); - else - ismandateuser = false; - - if (db.isIsPVP2Generated() != null) - isPVPGenerated = db.isIsPVP2Generated(); - else - isPVPGenerated = false; - - userID = String.valueOf(db.getHjid()); - } - - - /** - * @return the bpk - */ - public String getBpk() { - return bpk; - } - - - /** - * @param bpk the bpk to set - */ - public void setBpk(String bpk) { - this.bpk = bpk; - } - - - /** - * @return the familyName - */ - public String getFamilyName() { - return familyName; - } - - - /** - * @param familyName the familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - - /** - * @return the givenName - */ - public String getGivenName() { - return givenName; - } - - - /** - * @param givenName the givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - - /** - * @return the institut - */ - public String getInstitut() { - return institut; - } - - - /** - * @param institut the institut to set - */ - public void setInstitut(String institut) { - this.institut = institut; - } - - - /** - * @return the mail - */ - public String getMail() { - return mail; - } - - - /** - * @param mail the mail to set - */ - public void setMail(String mail) { - this.mail = mail; - } - - - /** - * @return the phone - */ - public String getPhone() { - return phone; - } - - - /** - * @param phone the phone to set - */ - public void setPhone(String phone) { - this.phone = phone; - } - - - /** - * @return the username - */ - public String getUsername() { - return username; - } - - - /** - * @param username the username to set - */ - public void setUsername(String username) { - this.username = username; - } - - - /** - * @return the password - */ - public String getPassword() { - return password; - } - - - /** - * @param password the password to set - */ - public void setPassword(String password) { - this.password = password; - } - - - /** - * @return the active - */ - public boolean isActive() { - return active; - } - - - /** - * @param active the active to set - */ - public void setActive(boolean active) { - this.active = active; - } - - - /** - * @return the admin - */ - public boolean isAdmin() { - return admin; - } - - - /** - * @param admin the admin to set - */ - public void setAdmin(boolean admin) { - this.admin = admin; - } - - - /** - * @return the passwordActive - */ - public boolean isPasswordActive() { - return passwordActive; - } - - - /** - * @param passwordActive the passwordActive to set - */ - public void setPasswordActive(boolean passwordActive) { - this.passwordActive = passwordActive; - } - - /** - * @return the userID - */ - public String getUserID() { - return userID; - } - - /** - * @param userID the userID to set - */ - public void setUserID(String userID) { - this.userID = userID; - } - - /** - * @return the password_second - */ - public String getPassword_second() { - return password_second; - } - - /** - * @param password_second the password_second to set - */ - public void setPassword_second(String password_second) { - this.password_second = password_second; - } - - /** - * @return the isusernamepasswordallowed - */ - public boolean isIsusernamepasswordallowed() { - return isusernamepasswordallowed; - } - - /** - * @param isusernamepasswordallowed the isusernamepasswordallowed to set - */ - public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) { - this.isusernamepasswordallowed = isusernamepasswordallowed; - } - - /** - * @return the ismandateuser - */ - public boolean isIsmandateuser() { - return ismandateuser; - } - - - /** - * @param ismandateuser the ismandateuser to set - */ - public void setIsmandateuser(boolean ismandateuser) { - this.ismandateuser = ismandateuser; - } - - /** - * @return the isadminrequest - */ - public boolean isIsadminrequest() { - return isadminrequest; - } - - /** - * @param isadminrequest the isadminrequest to set - */ - public void setIsadminrequest(boolean isadminrequest) { - this.isadminrequest = isadminrequest; - } - - /** - * @return the isPVPGenerated - */ - public boolean isPVPGenerated() { - return isPVPGenerated; - } - - /** - * @param isPVPGenerated the isPVPGenerated to set - */ - public void setPVPGenerated(boolean isPVPGenerated) { - this.isPVPGenerated = isPVPGenerated; - } - + + private String bpk; + private String familyName; + private String givenName; + private String institut; + private String mail; + private String phone; + private String username; + private String password; + private String password_second; + private boolean active = false; + private boolean admin = false; + private boolean passwordActive; + private boolean isusernamepasswordallowed = false; + private boolean isadminrequest = true; + private boolean ismandateuser = false; + private boolean isPVPGenerated; + private String userID = null; + + public UserDatabaseFrom() { + + } + + public UserDatabaseFrom(UserDatabase db) { + bpk = db.getBpk(); + familyName = db.getFamilyname(); + givenName = db.getGivenname(); + institut = db.getInstitut(); + mail = db.getMail(); + phone = db.getPhone(); + username = db.getUsername(); + + if (MiscUtil.isNotEmpty(db.getPassword())) { + passwordActive = true; + } else { + passwordActive = false; + } + + active = db.isIsActive(); + admin = db.isIsAdmin(); + + if (db.isIsUsernamePasswordAllowed() != null) { + isusernamepasswordallowed = db.isIsUsernamePasswordAllowed(); + } else { + isusernamepasswordallowed = true; + } + + if (db.isIsAdminRequest() != null) { + isadminrequest = db.isIsAdminRequest(); + } else { + isadminrequest = false; + } + + if (db.isIsMandateUser() != null) { + ismandateuser = db.isIsMandateUser(); + } else { + ismandateuser = false; + } + + if (db.isIsPVP2Generated() != null) { + isPVPGenerated = db.isIsPVP2Generated(); + } else { + isPVPGenerated = false; + } + + userID = String.valueOf(db.getHjid()); + } + + /** + * @return the bpk + */ + public String getBpk() { + return bpk; + } + + /** + * @param bpk the bpk to set + */ + public void setBpk(String bpk) { + this.bpk = bpk; + } + + /** + * @return the familyName + */ + public String getFamilyName() { + return familyName; + } + + /** + * @param familyName the familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * @return the givenName + */ + public String getGivenName() { + return givenName; + } + + /** + * @param givenName the givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * @return the institut + */ + public String getInstitut() { + return institut; + } + + /** + * @param institut the institut to set + */ + public void setInstitut(String institut) { + this.institut = institut; + } + + /** + * @return the mail + */ + public String getMail() { + return mail; + } + + /** + * @param mail the mail to set + */ + public void setMail(String mail) { + this.mail = mail; + } + + /** + * @return the phone + */ + public String getPhone() { + return phone; + } + + /** + * @param phone the phone to set + */ + public void setPhone(String phone) { + this.phone = phone; + } + + /** + * @return the username + */ + public String getUsername() { + return username; + } + + /** + * @param username the username to set + */ + public void setUsername(String username) { + this.username = username; + } + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * @param password the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * @return the active + */ + public boolean isActive() { + return active; + } + + /** + * @param active the active to set + */ + public void setActive(boolean active) { + this.active = active; + } + + /** + * @return the admin + */ + public boolean isAdmin() { + return admin; + } + + /** + * @param admin the admin to set + */ + public void setAdmin(boolean admin) { + this.admin = admin; + } + + /** + * @return the passwordActive + */ + public boolean isPasswordActive() { + return passwordActive; + } + + /** + * @param passwordActive the passwordActive to set + */ + public void setPasswordActive(boolean passwordActive) { + this.passwordActive = passwordActive; + } + + /** + * @return the userID + */ + public String getUserID() { + return userID; + } + + /** + * @param userID the userID to set + */ + public void setUserID(String userID) { + this.userID = userID; + } + + /** + * @return the password_second + */ + public String getPassword_second() { + return password_second; + } + + /** + * @param password_second the password_second to set + */ + public void setPassword_second(String password_second) { + this.password_second = password_second; + } + + /** + * @return the isusernamepasswordallowed + */ + public boolean isIsusernamepasswordallowed() { + return isusernamepasswordallowed; + } + + /** + * @param isusernamepasswordallowed the isusernamepasswordallowed to set + */ + public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) { + this.isusernamepasswordallowed = isusernamepasswordallowed; + } + + /** + * @return the ismandateuser + */ + public boolean isIsmandateuser() { + return ismandateuser; + } + + /** + * @param ismandateuser the ismandateuser to set + */ + public void setIsmandateuser(boolean ismandateuser) { + this.ismandateuser = ismandateuser; + } + + /** + * @return the isadminrequest + */ + public boolean isIsadminrequest() { + return isadminrequest; + } + + /** + * @param isadminrequest the isadminrequest to set + */ + public void setIsadminrequest(boolean isadminrequest) { + this.isadminrequest = isadminrequest; + } + + /** + * @return the isPVPGenerated + */ + public boolean isPVPGenerated() { + return isPVPGenerated; + } + + /** + * @param isPVPGenerated the isPVPGenerated to set + */ + public void setPVPGenerated(boolean isPVPGenerated) { + this.isPVPGenerated = isPVPGenerated; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java index 63c82037f..c2344e059 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java @@ -4,61 +4,61 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAStorkAttribut import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; public class AttributeHelper { - private boolean isUsed = false; - private String name; - private boolean mandatory; - private boolean readonly; + private boolean isUsed = false; + private String name; + private boolean mandatory; + private boolean readonly; - public AttributeHelper() { - // TODO Auto-generated constructor stub - } + public AttributeHelper() { + // TODO Auto-generated constructor stub + } - public AttributeHelper(OAStorkAttribute attribute) { - isUsed = true; - name = attribute.getName(); - mandatory = attribute.isMandatory(); - } + public AttributeHelper(OAStorkAttribute attribute) { + isUsed = true; + name = attribute.getName(); + mandatory = attribute.isMandatory(); + } - public AttributeHelper(StorkAttribute attribute) { - name = attribute.getName(); - mandatory = false; - if (attribute.isMandatory()==null) { // TODO check details - attribute.setMandatory(false); - } else { - readonly = attribute.isMandatory(); - } - isUsed = readonly; - } + public AttributeHelper(StorkAttribute attribute) { + name = attribute.getName(); + mandatory = false; + if (attribute.isMandatory() == null) { // TODO check details + attribute.setMandatory(false); + } else { + readonly = attribute.isMandatory(); + } + isUsed = readonly; + } - public boolean isUsed() { - return isUsed; - } + public boolean isUsed() { + return isUsed; + } - public void setUsed(boolean used) { - isUsed = used; - } + public void setUsed(boolean used) { + isUsed = used; + } - public String getName() { - return name; - } + public String getName() { + return name; + } - public void setName(String newname) { - name = newname; - } + public void setName(String newname) { + name = newname; + } - public boolean isMandatory() { - return mandatory; - } + public boolean isMandatory() { + return mandatory; + } - public void setMandatory(boolean value) { - mandatory = value; - } + public void setMandatory(boolean value) { + mandatory = value; + } - public boolean isReadOnly() { - return readonly; - } + public boolean isReadOnly() { + return readonly; + } - public void setReadOnly(boolean value) { - // we do not allow setting the readonly field - } + public void setReadOnly(boolean value) { + // we do not allow setting the readonly field + } }
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java index 8195c993d..0ba3ed36c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java @@ -34,31 +34,34 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; * */ public interface IOnlineApplicationData { - - public String getName(); - - /** - * Parse OnlineApplication database object to formData - * @param dbOAConfig - * @return List of Errors - */ - public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); - - /** - * Store formData to OnlineApplication database object - * @param dboa: Database data object - * @param authUser - * @param request: - * @return Error description - */ - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); - - /** - * Validate formData - * @param general - * @param request - * @return - */ - public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request); + + String getName(); + + /** + * Parse OnlineApplication database object to formData + * + * @param dbOAConfig + * @return List of Errors + */ + List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); + + /** + * Store formData to OnlineApplication database object + * + * @param dboa: Database data object + * @param authUser + * @param request: + * @return Error description + */ + String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); + + /** + * Validate formData + * + * @param general + * @param request + * @return + */ + List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index b3db074a2..b3f0620f0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -29,8 +29,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS; @@ -47,105 +45,105 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OAAuthenticationData implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(OAAuthenticationData.class); - - private String bkuOnlineURL = null; - private String bkuHandyURL = null; - private String bkuLocalURL = null; - - private String mandateProfiles = null; - private boolean useMandates = false; - - private List<String> misServicesList = new ArrayList<String>(); - private List<String> elgaServicesList = new ArrayList<String>(); - private List<String> szrgwServicesList = new ArrayList<String>(); - private List<String> eidServicesList = new ArrayList<String>(); - private String misServiceSelected = null; - private String elgaServiceSelected = null; - private String szrgwServiceSelected = null; - private String eidServiceSelected = null; - - private boolean calculateHPI = false; - - private String keyBoxIdentifier = null; - private static Map<String, String> keyBoxIdentifierList; - - private boolean legacy = false; - List<String> SLTemplates = null; - - private Map<String, byte[]> transformations; - - private boolean enableTestCredentials = false; - private List<String> testCredentialOIDs = null; - private boolean useTestIDLValidationTrustStore = false; - private boolean useTestAuthblockValidationTrustStore = false; - - - //SL2.0 - private boolean sl20Active = false; - private String sl20EndPoints = null; - - private boolean isMoaidMode = false; - - /** - * @param isMoaidMode - * - */ - public OAAuthenticationData() { - try { - this.isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); - } catch (ConfigurationException e) { - e.printStackTrace(); - - } - - keyBoxIdentifierList = new HashMap<String, String>(); - MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); - for (int i=0; i<values.length; i++) { - keyBoxIdentifierList.put(values[i].value(), values[i].value()); - } - - keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value(); - - - try { - MOAIDConfiguration dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - - if (this.isMoaidMode) { - try { - elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs()); - misServicesList = KeyValueUtils.getListOfCSVValues( - dbconfig.getAuthComponentGeneral().getOnlineMandates().getConnectionParameter().getURL()); - } catch (NullPointerException e) {} - - try { - szrgwServicesList = KeyValueUtils.getListOfCSVValues( - dbconfig.getAuthComponentGeneral().getForeignIdentities().getConnectionParameter().getURL()); - } catch (NullPointerException e) {} - - } - - - try { - eidServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getEidSystemServiceURLs()); - } catch (NullPointerException e) {} - - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - - } - + private String bkuOnlineURL = null; + private String bkuHandyURL = null; + private String bkuLocalURL = null; + + private String mandateProfiles = null; + private boolean useMandates = false; + + private List<String> misServicesList = new ArrayList<>(); + private List<String> elgaServicesList = new ArrayList<>(); + private List<String> szrgwServicesList = new ArrayList<>(); + private List<String> eidServicesList = new ArrayList<>(); + private String misServiceSelected = null; + private String elgaServiceSelected = null; + private String szrgwServiceSelected = null; + private String eidServiceSelected = null; + + private boolean calculateHPI = false; + + private String keyBoxIdentifier = null; + private static Map<String, String> keyBoxIdentifierList; + + private boolean legacy = false; + List<String> SLTemplates = null; + + private Map<String, byte[]> transformations; + + private boolean enableTestCredentials = false; + private List<String> testCredentialOIDs = null; + private boolean useTestIDLValidationTrustStore = false; + private boolean useTestAuthblockValidationTrustStore = false; + + // SL2.0 + private boolean sl20Active = false; + private String sl20EndPoints = null; + + private boolean isMoaidMode = false; + + /** + * @param isMoaidMode + * + */ + public OAAuthenticationData() { + try { + this.isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (final ConfigurationException e) { + e.printStackTrace(); + + } + + keyBoxIdentifierList = new HashMap<>(); + final MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); + for (final MOAKeyBoxSelector value : values) { + keyBoxIdentifierList.put(value.value(), value.value()); + } + + keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value(); + + try { + final MOAIDConfiguration dbconfig = ConfigurationProvider.getInstance().getDbRead() + .getMOAIDConfiguration(); + + if (this.isMoaidMode) { + try { + elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs()); + misServicesList = KeyValueUtils.getListOfCSVValues( + dbconfig.getAuthComponentGeneral().getOnlineMandates().getConnectionParameter().getURL()); + } catch (final NullPointerException e) { + } + + try { + szrgwServicesList = KeyValueUtils.getListOfCSVValues( + dbconfig.getAuthComponentGeneral().getForeignIdentities().getConnectionParameter().getURL()); + } catch (final NullPointerException e) { + } + + } + + try { + eidServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getEidSystemServiceURLs()); + } catch (final NullPointerException e) { + } + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + // bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL; // bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; -// +// // MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); // if (moaidconfig != null) { // DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); @@ -155,34 +153,43 @@ public class OAAuthenticationData implements IOnlineApplicationData { // setBkuOnlineURL(defaultbkus.getOnlineBKU()); // } // } - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAAuthenticationData"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value(); - - szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL(); - eidServiceSelected = dbOA.getSelectedEIDServiceURL(); - - AuthComponentOA oaauth = dbOA.getAuthComponentOA(); - if (oaauth != null) { - BKUURLS bkuurls = oaauth.getBKUURLS(); - - String defaulthandy = ""; - String defaultlocal = ""; - String defaultonline = ""; - + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAAuthenticationData"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value(); + + szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL(); + eidServiceSelected = dbOA.getSelectedEIDServiceURL(); + + final AuthComponentOA oaauth = dbOA.getAuthComponentOA(); + if (oaauth != null) { + final BKUURLS bkuurls = oaauth.getBKUURLS(); + + final String defaulthandy = ""; + final String defaultlocal = ""; + final String defaultonline = ""; + // MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); // if (dbconfig != null) { // DefaultBKUs defaultbkus = dbconfig.getDefaultBKUs(); @@ -192,674 +199,685 @@ public class OAAuthenticationData implements IOnlineApplicationData { // defaultonline = defaultbkus.getOnlineBKU(); // } // } - - if (bkuurls != null) { - - if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) - bkuHandyURL = defaulthandy; - else - bkuHandyURL = bkuurls.getHandyBKU(); - - if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) - bkuLocalURL = defaultlocal; - else - bkuLocalURL = bkuurls.getLocalBKU(); - - if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) - bkuOnlineURL = defaultonline; - else - bkuOnlineURL = bkuurls.getOnlineBKU(); - } - - Mandates mandates = oaauth.getMandates(); - if (mandates != null) { - - mandateProfiles = null; - - List<String> profileList = mandates.getProfileName(); - for (String el : profileList) { - if (mandateProfiles == null) - mandateProfiles = el; - - else - mandateProfiles += "," + el; - } - - //TODO: only for RC1 - if (MiscUtil.isNotEmpty(mandates.getProfiles())) { - if (mandateProfiles == null) - mandateProfiles = mandates.getProfiles(); - - else - mandateProfiles += "," + mandates.getProfiles(); - - } - - if (mandateProfiles != null) - useMandates = true; - - else - useMandates = false; - - misServiceSelected = mandates.getSelectedMISServiceURL(); - elgaServiceSelected = mandates.getSelecteELGAServiceURL(); - - } - - TemplatesType templates = oaauth.getTemplates(); - if (templates != null) { - List<TemplateType> templatetype = templates.getTemplate(); - - if (templatetype != null) { - if (SLTemplates == null) { - SLTemplates = new ArrayList<String>(); - } - - for (TemplateType el : templatetype) { - SLTemplates.add(el.getURL()); - } - } - } - - if (SLTemplates != null && SLTemplates.size() > 0) - legacy = true; - - List<TransformsInfoType> transforminfos = oaauth.getTransformsInfo(); - transformations = new HashMap<String, byte[]>(); - for (TransformsInfoType el : transforminfos) { - transformations.put(el.getFilename(), el.getTransformation()); - } - } - - if (oaauth.getTestCredentials() != null) { - enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials(); - testCredentialOIDs = new ArrayList<String>(); - testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID()); - - useTestAuthblockValidationTrustStore = oaauth.getTestCredentials().isUseTestAuthBlockTrustStore(); - useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore(); - } - - //parse SL2.0 information - if (oaauth.isSl20Active()) { - //parse SL2.0 endpoint information - if (oaauth.getSl20EndPoints() != null) { - if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints())) - sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints()); - - else { - if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - sl20EndPoints = oaauth.getSl20EndPoints().substring(0, - oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - sl20EndPoints = oaauth.getSl20EndPoints(); - - } - } - sl20Active = oaauth.isSl20Active(); - - } - - - return null; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); + + if (bkuurls != null) { + + if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) { + bkuHandyURL = defaulthandy; + } else { + bkuHandyURL = bkuurls.getHandyBKU(); + } + + if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) { + bkuLocalURL = defaultlocal; + } else { + bkuLocalURL = bkuurls.getLocalBKU(); + } + + if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) { + bkuOnlineURL = defaultonline; + } else { + bkuOnlineURL = bkuurls.getOnlineBKU(); + } + } + + final Mandates mandates = oaauth.getMandates(); + if (mandates != null) { + + mandateProfiles = null; + + final List<String> profileList = mandates.getProfileName(); + for (final String el : profileList) { + if (mandateProfiles == null) { + mandateProfiles = el; + } else { + mandateProfiles += "," + el; + } + } + + // TODO: only for RC1 + if (MiscUtil.isNotEmpty(mandates.getProfiles())) { + if (mandateProfiles == null) { + mandateProfiles = mandates.getProfiles(); + } else { + mandateProfiles += "," + mandates.getProfiles(); + } + + } + + if (mandateProfiles != null) { + useMandates = true; + } else { + useMandates = false; + } + + misServiceSelected = mandates.getSelectedMISServiceURL(); + elgaServiceSelected = mandates.getSelecteELGAServiceURL(); + + } + + final TemplatesType templates = oaauth.getTemplates(); + if (templates != null) { + final List<TemplateType> templatetype = templates.getTemplate(); + + if (templatetype != null) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + + for (final TemplateType el : templatetype) { + SLTemplates.add(el.getURL()); + } } - - dbOA.setCalculateHPI(isCalculateHPI()); - - if (MiscUtil.isNotEmpty(getSzrgwServiceSelected())) - dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected()); - - - if (MiscUtil.isNotEmpty(getEidServiceSelected())) - dbOA.setSelectedEIDServiceURL(getEidServiceSelected()); - - if (authUser.isAdmin()) { - - //store BKU-URLs - BKUURLS bkuruls = new BKUURLS(); - authoa.setBKUURLS(bkuruls); - bkuruls.setHandyBKU(getBkuHandyURL()); - bkuruls.setLocalBKU(getBkuLocalURL()); - bkuruls.setOnlineBKU(getBkuOnlineURL()); - - //store SecurtiyLayerTemplates - TemplatesType templates = authoa.getTemplates(); - if (templates == null) { - templates = new TemplatesType(); - authoa.setTemplates(templates); - } - List<TemplateType> template = templates.getTemplate(); - if (isLegacy()) { - - if (template == null) - template = new ArrayList<TemplateType>(); - else - template.clear(); - - if (MiscUtil.isNotEmpty(getSLTemplateURL1())) { - TemplateType el = new TemplateType(); - el.setURL(getSLTemplateURL1()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(getSLTemplateURL2())) { - TemplateType el = new TemplateType(); - el.setURL(getSLTemplateURL2()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(getSLTemplateURL3())) { - TemplateType el = new TemplateType(); - el.setURL(getSLTemplateURL3()); - template.add(el); - } else - template.add(new TemplateType()); - - } else { - if (template != null && template.size() > 0) template.clear(); - } - - - //store keyBox Identifier - dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(getKeyBoxIdentifier())); + } + + if (SLTemplates != null && SLTemplates.size() > 0) { + legacy = true; + } + + final List<TransformsInfoType> transforminfos = oaauth.getTransformsInfo(); + transformations = new HashMap<>(); + for (final TransformsInfoType el : transforminfos) { + transformations.put(el.getFilename(), el.getTransformation()); + } + } + + if (oaauth.getTestCredentials() != null) { + enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials(); + testCredentialOIDs = new ArrayList<>(); + testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID()); + + useTestAuthblockValidationTrustStore = oaauth.getTestCredentials().isUseTestAuthBlockTrustStore(); + useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore(); + } + + // parse SL2.0 information + if (oaauth.isSl20Active()) { + // parse SL2.0 endpoint information + if (oaauth.getSl20EndPoints() != null) { + if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints())) { + sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints()); } else { - if (dbOA.isIsNew()) dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + sl20EndPoints = oaauth.getSl20EndPoints().substring(0, + oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else { + sl20EndPoints = oaauth.getSl20EndPoints(); + } + } - - Mandates mandates = new Mandates(); - if (isUseMandates()) { - - String[] profileList = getMandateProfiles().split(","); - - List<String> dbProfiles = mandates.getProfileName(); - if (dbProfiles == null) { - dbProfiles = new ArrayList<String>(); - mandates.setProfileName(dbProfiles); - - } - - for (String el: profileList) - dbProfiles.add(el.trim()); - - mandates.setProfiles(null); - - if (MiscUtil.isNotEmpty(getMisServiceSelected())) - mandates.setSelectedMISServiceURL(getMisServiceSelected()); - - if (MiscUtil.isNotEmpty(getElgaServiceSelected())) - mandates.setSelecteELGAServiceURL(getElgaServiceSelected()); - + } + sl20Active = oaauth.isSl20Active(); + + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + dbOA.setCalculateHPI(isCalculateHPI()); + + if (MiscUtil.isNotEmpty(getSzrgwServiceSelected())) { + dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected()); + } + + if (MiscUtil.isNotEmpty(getEidServiceSelected())) { + dbOA.setSelectedEIDServiceURL(getEidServiceSelected()); + } + + if (authUser.isAdmin()) { + + // store BKU-URLs + final BKUURLS bkuruls = new BKUURLS(); + authoa.setBKUURLS(bkuruls); + bkuruls.setHandyBKU(getBkuHandyURL()); + bkuruls.setLocalBKU(getBkuLocalURL()); + bkuruls.setOnlineBKU(getBkuOnlineURL()); + + // store SecurtiyLayerTemplates + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } + List<TemplateType> template = templates.getTemplate(); + if (isLegacy()) { + + if (template == null) { + template = new ArrayList<>(); } else { - mandates.setProfiles(null); - mandates.getProfileName().clear(); - + template.clear(); } - authoa.setMandates(mandates); - // set default transformation if it is empty - List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo(); - if (transformsInfo == null) { - // TODO: set OA specific transformation if it is required + if (MiscUtil.isNotEmpty(getSLTemplateURL1())) { + final TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL1()); + template.add(el); + } else { + template.add(new TemplateType()); + } + if (MiscUtil.isNotEmpty(getSLTemplateURL2())) { + final TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL2()); + template.add(el); + } else { + template.add(new TemplateType()); + } + if (MiscUtil.isNotEmpty(getSLTemplateURL3())) { + final TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL3()); + template.add(el); + } else { + template.add(new TemplateType()); + } + } else { + if (template != null && template.size() > 0) { + template.clear(); } - - if (enableTestCredentials) { - TestCredentials testing = authoa.getTestCredentials(); + } + + // store keyBox Identifier + dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(getKeyBoxIdentifier())); + } else { + if (dbOA.isIsNew()) { + dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + } + } + + final Mandates mandates = new Mandates(); + if (isUseMandates()) { + + final String[] profileList = getMandateProfiles().split(","); + + List<String> dbProfiles = mandates.getProfileName(); + if (dbProfiles == null) { + dbProfiles = new ArrayList<>(); + mandates.setProfileName(dbProfiles); + + } + + for (final String el : profileList) { + dbProfiles.add(el.trim()); + } + + mandates.setProfiles(null); + + if (MiscUtil.isNotEmpty(getMisServiceSelected())) { + mandates.setSelectedMISServiceURL(getMisServiceSelected()); + } + + if (MiscUtil.isNotEmpty(getElgaServiceSelected())) { + mandates.setSelecteELGAServiceURL(getElgaServiceSelected()); + } + + } else { + mandates.setProfiles(null); + mandates.getProfileName().clear(); + + } + authoa.setMandates(mandates); + + // set default transformation if it is empty + final List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo(); + if (transformsInfo == null) { + // TODO: set OA specific transformation if it is required + + } + + if (enableTestCredentials) { + TestCredentials testing = authoa.getTestCredentials(); // if (testing != null) // ConfigurationDBUtils.delete(testing); - testing = new TestCredentials(); - authoa.setTestCredentials(testing); - testing.setEnableTestCredentials(enableTestCredentials); - testing.setCredentialOID(testCredentialOIDs); - + testing = new TestCredentials(); + authoa.setTestCredentials(testing); + testing.setEnableTestCredentials(enableTestCredentials); + testing.setCredentialOID(testCredentialOIDs); + + } else { + final TestCredentials testing = authoa.getTestCredentials(); + if (testing != null) { + testing.setEnableTestCredentials(false); + } + + } + + TestCredentials testing = authoa.getTestCredentials(); + if (testing == null) { + testing = new TestCredentials(); + authoa.setTestCredentials(testing); + + } + testing.setUseTestAuthBlockTrustStore(useTestAuthblockValidationTrustStore); + testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore); + + // store SL2.0 information + authoa.setSl20Active(isSl20Active()); + authoa.setSl20EndPoints(getSl20EndPoints()); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAAuthenticationDataValidation().validate(this, authUser.isAdmin(), request); + } + + /** + * @return the bkuOnlineURL + */ + public String getBkuOnlineURL() { + return bkuOnlineURL; + } + + /** + * @param bkuOnlineURL the bkuOnlineURL to set + */ + public void setBkuOnlineURL(String bkuOnlineURL) { + this.bkuOnlineURL = bkuOnlineURL; + } + + /** + * @return the bkuHandyURL + */ + public String getBkuHandyURL() { + return bkuHandyURL; + } + + /** + * @param bkuHandyURL the bkuHandyURL to set + */ + public void setBkuHandyURL(String bkuHandyURL) { + this.bkuHandyURL = bkuHandyURL; + } + + /** + * @return the bkuLocalURL + */ + public String getBkuLocalURL() { + return bkuLocalURL; + } + + /** + * @param bkuLocalURL the bkuLocalURL to set + */ + public void setBkuLocalURL(String bkuLocalURL) { + this.bkuLocalURL = bkuLocalURL; + } + + /** + * @return the mandateProfiles + */ + public String getMandateProfiles() { + return mandateProfiles; + } + + /** + * @param mandateProfiles the mandateProfiles to set + */ + public void setMandateProfiles(String mandateProfiles) { + this.mandateProfiles = mandateProfiles; + } + + /** + * @return the useMandates + */ + public boolean isUseMandates() { + return useMandates; + } + + /** + * @param useMandates the useMandates to set + */ + public void setUseMandates(boolean useMandates) { + this.useMandates = useMandates; + } + + /** + * @return the calculateHPI + */ + public boolean isCalculateHPI() { + return calculateHPI; + } + + /** + * @param calculateHPI the calculateHPI to set + */ + public void setCalculateHPI(boolean calculateHPI) { + this.calculateHPI = calculateHPI; + } + + /** + * @return the keyBoxIdentifier + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + /** + * @param keyBoxIdentifier the keyBoxIdentifier to set + */ + public void setKeyBoxIdentifier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + /** + * @return the keyBoxIdentifierList + */ + public Map<String, String> getKeyBoxIdentifierList() { + return keyBoxIdentifierList; + } + + /** + * @return the legacy + */ + public boolean isLegacy() { + return legacy; + } + + /** + * @param legacy the legacy to set + */ + public void setLegacy(boolean legacy) { + this.legacy = legacy; + } + + /** + * @return the transformations + */ + public Map<String, byte[]> getTransformations() { + return transformations; + } + + /** + * @param transformations the transformations to set + */ + public void setTransformations(Map<String, byte[]> transformations) { + this.transformations = transformations; + } + + /** + * @return the sLTemplates + */ + public List<String> getSLTemplates() { + return SLTemplates; + } + + /** + * @return the sLTemplateURL1 + */ + public String getSLTemplateURL1() { + if (SLTemplates != null && SLTemplates.size() > 0) { + return SLTemplates.get(0); + } else { + return null; + } + } + + /** + * @param sLTemplateURL1 the sLTemplateURL1 to set + */ + public void setSLTemplateURL1(String sLTemplateURL1) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + SLTemplates.add(sLTemplateURL1); + } + + /** + * @return the sLTemplateURL2 + */ + public String getSLTemplateURL2() { + if (SLTemplates != null && SLTemplates.size() > 1) { + return SLTemplates.get(1); + } else { + return null; + } + } + + /** + * @param sLTemplateURL2 the sLTemplateURL2 to set + */ + public void setSLTemplateURL2(String sLTemplateURL2) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + SLTemplates.add(sLTemplateURL2); + } + + /** + * @return the sLTemplateURL3 + */ + public String getSLTemplateURL3() { + if (SLTemplates != null && SLTemplates.size() > 2) { + return SLTemplates.get(2); + } else { + return null; + } + } + + /** + * @param sLTemplateURL3 the sLTemplateURL3 to set + */ + public void setSLTemplateURL3(String sLTemplateURL3) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<>(); + } + SLTemplates.add(sLTemplateURL3); + } + + /** + * @return the enableTestCredentials + */ + public boolean isEnableTestCredentials() { + return enableTestCredentials; + } + + /** + * @param enableTestCredentials the enableTestCredentials to set + */ + public void setEnableTestCredentials(boolean enableTestCredentials) { + this.enableTestCredentials = enableTestCredentials; + } + + /** + * @return the testCredentialOIDs + */ + public String getTestCredentialOIDs() { + String value = null; + if (testCredentialOIDs != null) { + for (final String el : testCredentialOIDs) { + if (value == null) { + value = el; } else { - TestCredentials testing = authoa.getTestCredentials(); - if (testing != null) { - testing.setEnableTestCredentials(false); - } - + value += "," + el; } - - TestCredentials testing = authoa.getTestCredentials(); - if (testing == null) { - testing = new TestCredentials(); - authoa.setTestCredentials(testing); - - } - testing.setUseTestAuthBlockTrustStore(useTestAuthblockValidationTrustStore); - testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore); - - - //store SL2.0 information - authoa.setSl20Active(isSl20Active()); - authoa.setSl20EndPoints(getSl20EndPoints()); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OAAuthenticationDataValidation().validate(this, authUser.isAdmin(), request); - } - - - /** - * @return the bkuOnlineURL - */ - public String getBkuOnlineURL() { - return bkuOnlineURL; - } - - - /** - * @param bkuOnlineURL the bkuOnlineURL to set - */ - public void setBkuOnlineURL(String bkuOnlineURL) { - this.bkuOnlineURL = bkuOnlineURL; - } - - - /** - * @return the bkuHandyURL - */ - public String getBkuHandyURL() { - return bkuHandyURL; - } - - - /** - * @param bkuHandyURL the bkuHandyURL to set - */ - public void setBkuHandyURL(String bkuHandyURL) { - this.bkuHandyURL = bkuHandyURL; - } - - - /** - * @return the bkuLocalURL - */ - public String getBkuLocalURL() { - return bkuLocalURL; - } - - - /** - * @param bkuLocalURL the bkuLocalURL to set - */ - public void setBkuLocalURL(String bkuLocalURL) { - this.bkuLocalURL = bkuLocalURL; - } - - - /** - * @return the mandateProfiles - */ - public String getMandateProfiles() { - return mandateProfiles; - } - - - /** - * @param mandateProfiles the mandateProfiles to set - */ - public void setMandateProfiles(String mandateProfiles) { - this.mandateProfiles = mandateProfiles; - } - - - /** - * @return the useMandates - */ - public boolean isUseMandates() { - return useMandates; - } - - - /** - * @param useMandates the useMandates to set - */ - public void setUseMandates(boolean useMandates) { - this.useMandates = useMandates; - } - - - /** - * @return the calculateHPI - */ - public boolean isCalculateHPI() { - return calculateHPI; - } - - - /** - * @param calculateHPI the calculateHPI to set - */ - public void setCalculateHPI(boolean calculateHPI) { - this.calculateHPI = calculateHPI; - } - - - /** - * @return the keyBoxIdentifier - */ - public String getKeyBoxIdentifier() { - return keyBoxIdentifier; - } - - - /** - * @param keyBoxIdentifier the keyBoxIdentifier to set - */ - public void setKeyBoxIdentifier(String keyBoxIdentifier) { - this.keyBoxIdentifier = keyBoxIdentifier; - } - - - /** - * @return the keyBoxIdentifierList - */ - public Map<String, String> getKeyBoxIdentifierList() { - return keyBoxIdentifierList; - } - - - /** - * @return the legacy - */ - public boolean isLegacy() { - return legacy; - } - - - /** - * @param legacy the legacy to set - */ - public void setLegacy(boolean legacy) { - this.legacy = legacy; - } - - - /** - * @return the transformations - */ - public Map<String, byte[]> getTransformations() { - return transformations; - } - - - /** - * @param transformations the transformations to set - */ - public void setTransformations(Map<String, byte[]> transformations) { - this.transformations = transformations; - } - - - /** - * @return the sLTemplates - */ - public List<String> getSLTemplates() { - return SLTemplates; - } - - /** - * @return the sLTemplateURL1 - */ - public String getSLTemplateURL1() { - if (SLTemplates != null && SLTemplates.size() > 0) - return SLTemplates.get(0); - else - return null; - } - - - /** - * @param sLTemplateURL1 the sLTemplateURL1 to set - */ - public void setSLTemplateURL1(String sLTemplateURL1) { - if (SLTemplates == null) - SLTemplates = new ArrayList<String>(); - SLTemplates.add(sLTemplateURL1); - } - - - /** - * @return the sLTemplateURL2 - */ - public String getSLTemplateURL2() { - if (SLTemplates != null && SLTemplates.size() > 1) - return SLTemplates.get(1); - else - return null; - } - - - /** - * @param sLTemplateURL2 the sLTemplateURL2 to set - */ - public void setSLTemplateURL2(String sLTemplateURL2) { - if (SLTemplates == null) - SLTemplates = new ArrayList<String>(); - SLTemplates.add(sLTemplateURL2); - } - - - /** - * @return the sLTemplateURL3 - */ - public String getSLTemplateURL3() { - if (SLTemplates != null && SLTemplates.size() > 2) - return SLTemplates.get(2); - else - return null; - } - - - /** - * @param sLTemplateURL3 the sLTemplateURL3 to set - */ - public void setSLTemplateURL3(String sLTemplateURL3) { - if (SLTemplates == null) - SLTemplates = new ArrayList<String>(); - SLTemplates.add(sLTemplateURL3); - } - - /** - * @return the enableTestCredentials - */ - public boolean isEnableTestCredentials() { - return enableTestCredentials; - } - - /** - * @param enableTestCredentials the enableTestCredentials to set - */ - public void setEnableTestCredentials(boolean enableTestCredentials) { - this.enableTestCredentials = enableTestCredentials; - } - - /** - * @return the testCredentialOIDs - */ - public String getTestCredentialOIDs() { - String value = null; - if (testCredentialOIDs != null) { - for (String el : testCredentialOIDs) { - if (value == null) - value = el; - else - value += "," + el; - - } - } - - return value; - } - - public List<String> getTestCredialOIDList() { - return this.testCredentialOIDs; - } - - /** - * @param testCredentialOIDs the testCredentialOIDs to set - */ - public void setTestCredentialOIDs(String testCredentialOIDs) { - if (MiscUtil.isNotEmpty(testCredentialOIDs)) { - String[] oidList = testCredentialOIDs.split(","); - - this.testCredentialOIDs = new ArrayList<String>(); - for (int i=0; i<oidList.length; i++) - this.testCredentialOIDs.add(oidList[i].trim()); - } - } - - /** - * @return the useTestIDLValidationTrustStore - */ - public boolean isUseTestIDLValidationTrustStore() { - return useTestIDLValidationTrustStore; - } - - /** - * @param useTestIDLValidationTrustStore the useTestIDLValidationTrustStore to set - */ - public void setUseTestIDLValidationTrustStore( - boolean useTestIDLValidationTrustStore) { - this.useTestIDLValidationTrustStore = useTestIDLValidationTrustStore; - } - - /** - * @return the useTestAuthblockValidationTrustStore - */ - public boolean isUseTestAuthblockValidationTrustStore() { - return useTestAuthblockValidationTrustStore; - } - - /** - * @param useTestAuthblockValidationTrustStore the useTestAuthblockValidationTrustStore to set - */ - public void setUseTestAuthblockValidationTrustStore( - boolean useTestAuthblockValidationTrustStore) { - this.useTestAuthblockValidationTrustStore = useTestAuthblockValidationTrustStore; - } - - /** - * @return the misServiceSelected - */ - public String getMisServiceSelected() { - return misServiceSelected; - } - - /** - * @param misServiceSelected the misServiceSelected to set - */ - public void setMisServiceSelected(String misServiceSelected) { - this.misServiceSelected = misServiceSelected; - } - - /** - * @return the elgaServiceSelected - */ - public String getElgaServiceSelected() { - return elgaServiceSelected; - } - - /** - * @param elgaServiceSelected the elgaServiceSelected to set - */ - public void setElgaServiceSelected(String elgaServiceSelected) { - this.elgaServiceSelected = elgaServiceSelected; - } - - /** - * @return the szrgwServiceSelected - */ - public String getSzrgwServiceSelected() { - return szrgwServiceSelected; - } - - /** - * @param szrgwServiceSelected the szrgwServiceSelected to set - */ - public void setSzrgwServiceSelected(String szrgwServiceSelected) { - this.szrgwServiceSelected = szrgwServiceSelected; - } - - /** - * @return the misServicesList - */ - public List<String> getMisServicesList() { - return misServicesList; - } - - /** - * @return the elgaServicesList - */ - public List<String> getElgaServicesList() { - return elgaServicesList; - } - - /** - * @return the szrgwServicesList - */ - public List<String> getSzrgwServicesList() { - return szrgwServicesList; - } - - public List<String> getEidServicesList() { - return eidServicesList; - } - - public String getEidServiceSelected() { - return eidServiceSelected; - } - - public void setEidServiceSelected(String eidServiceSelected) { - this.eidServiceSelected = eidServiceSelected; - } - - public boolean isSl20Active() { - return sl20Active; - } - - public void setSl20Active(boolean sl20Active) { - this.sl20Active = sl20Active; - } - - public String getSl20EndPoints() { - return sl20EndPoints; - } - - public void setSl20EndPoints(String sl20EndPoints) { - if (MiscUtil.isNotEmpty(sl20EndPoints)) - this.sl20EndPoints = - KeyValueUtils.removeAllNewlineFromString(sl20EndPoints); - else - this.sl20EndPoints = sl20EndPoints; - } - - public boolean isMoaidMode() { - return isMoaidMode; - } - + + } + } + + return value; + } + + public List<String> getTestCredialOIDList() { + return this.testCredentialOIDs; + } + + /** + * @param testCredentialOIDs the testCredentialOIDs to set + */ + public void setTestCredentialOIDs(String testCredentialOIDs) { + if (MiscUtil.isNotEmpty(testCredentialOIDs)) { + final String[] oidList = testCredentialOIDs.split(","); + + this.testCredentialOIDs = new ArrayList<>(); + for (final String element : oidList) { + this.testCredentialOIDs.add(element.trim()); + } + } + } + + /** + * @return the useTestIDLValidationTrustStore + */ + public boolean isUseTestIDLValidationTrustStore() { + return useTestIDLValidationTrustStore; + } + + /** + * @param useTestIDLValidationTrustStore the useTestIDLValidationTrustStore to + * set + */ + public void setUseTestIDLValidationTrustStore( + boolean useTestIDLValidationTrustStore) { + this.useTestIDLValidationTrustStore = useTestIDLValidationTrustStore; + } + + /** + * @return the useTestAuthblockValidationTrustStore + */ + public boolean isUseTestAuthblockValidationTrustStore() { + return useTestAuthblockValidationTrustStore; + } + + /** + * @param useTestAuthblockValidationTrustStore the + * useTestAuthblockValidationTrustStore + * to set + */ + public void setUseTestAuthblockValidationTrustStore( + boolean useTestAuthblockValidationTrustStore) { + this.useTestAuthblockValidationTrustStore = useTestAuthblockValidationTrustStore; + } + + /** + * @return the misServiceSelected + */ + public String getMisServiceSelected() { + return misServiceSelected; + } + + /** + * @param misServiceSelected the misServiceSelected to set + */ + public void setMisServiceSelected(String misServiceSelected) { + this.misServiceSelected = misServiceSelected; + } + + /** + * @return the elgaServiceSelected + */ + public String getElgaServiceSelected() { + return elgaServiceSelected; + } + + /** + * @param elgaServiceSelected the elgaServiceSelected to set + */ + public void setElgaServiceSelected(String elgaServiceSelected) { + this.elgaServiceSelected = elgaServiceSelected; + } + + /** + * @return the szrgwServiceSelected + */ + public String getSzrgwServiceSelected() { + return szrgwServiceSelected; + } + + /** + * @param szrgwServiceSelected the szrgwServiceSelected to set + */ + public void setSzrgwServiceSelected(String szrgwServiceSelected) { + this.szrgwServiceSelected = szrgwServiceSelected; + } + + /** + * @return the misServicesList + */ + public List<String> getMisServicesList() { + return misServicesList; + } + + /** + * @return the elgaServicesList + */ + public List<String> getElgaServicesList() { + return elgaServicesList; + } + + /** + * @return the szrgwServicesList + */ + public List<String> getSzrgwServicesList() { + return szrgwServicesList; + } + + public List<String> getEidServicesList() { + return eidServicesList; + } + + public String getEidServiceSelected() { + return eidServiceSelected; + } + + public void setEidServiceSelected(String eidServiceSelected) { + this.eidServiceSelected = eidServiceSelected; + } + + public boolean isSl20Active() { + return sl20Active; + } + + public void setSl20Active(boolean sl20Active) { + this.sl20Active = sl20Active; + } + + public String getSl20EndPoints() { + return sl20EndPoints; + } + + public void setSl20EndPoints(String sl20EndPoints) { + if (MiscUtil.isNotEmpty(sl20EndPoints)) { + this.sl20EndPoints = + KeyValueUtils.removeAllNewlineFromString(sl20EndPoints); + } else { + this.sl20EndPoints = sl20EndPoints; + } + } + + public boolean isMoaidMode() { + return isMoaidMode; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java index bac69cf34..1f4d842ca 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java @@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.SerializationUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters; @@ -49,322 +48,342 @@ import at.gv.egovernment.moa.id.configuration.utils.ConfigurationEncryptionUtils import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OABPKEncryption implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(OABPKEncryption.class); - - private static final String MODULENAME = "bPKEncryptionDecryption"; - - private String keyStorePassword = null; - private String keyAlias = null; - private String keyPassword = null; - - private Map<String, byte[]> keyStoreForm = new HashMap<String, byte[]>(); - - private List<File> keyStoreFileUpload = null; - private List<String> keyStoreFileUploadContentType = null; - private List<String> keyStoreFileUploadFileName = new ArrayList<String>();; - private boolean deletekeyStore = false; - private boolean validationError = false; - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - // TODO Auto-generated method stub - return MODULENAME; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); - if (oaAuth != null) { - EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); - if (bPKEncDec != null) { - BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); - if (bPKDec != null) { - keyAlias = bPKDec.getKeyAlias(); - if (bPKDec.getKeyStoreFileName() != null) - keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); - - } - } - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); - if (oaAuth == null) { - oaAuth = new AuthComponentOA(); - dbOA.setAuthComponentOA(oaAuth); - - } - EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); - if (bPKEncDec == null) { - bPKEncDec = new EncBPKInformation(); - oaAuth.setEncBPKInformation(bPKEncDec); - - } - - BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); - if (bPKDec == null) { - bPKDec = new BPKDecryption(); - bPKEncDec.setBPKDecryption(bPKDec); - } - - if (isDeletekeyStore()) { - bPKDec.setIv(null); - bPKDec.setKeyAlias(null); - bPKDec.setKeyInformation(null); - bPKDec.setKeyStoreFileName(null); - - } - - BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); - if (keyStoreForm != null && keyStoreForm.size() > 0) { - keyInfo.setKeyAlias(keyAlias); - keyInfo.setKeyPassword(keyPassword); - keyInfo.setKeyStorePassword(keyStorePassword); - - Iterator<String> interator = keyStoreForm.keySet().iterator(); - bPKDec.setKeyStoreFileName(interator.next()); - bPKDec.setKeyAlias(keyAlias); - keyInfo.setKeyStore(keyStoreForm.get( - bPKDec.getKeyStoreFileName())); - - //encrypt key information - byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); - try { - EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); - bPKDec.setIv(encryptkeyInfo.getIv()); - bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); - - } catch (BuildException e) { - log.error("Configuration encryption FAILED.", e); - return LanguageHelper.getErrorString("error.general.text", request); - - } - } - - request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - HttpSession session = request.getSession(); - List<String> errors = new ArrayList<String>(); - - String check = null; - - OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - //validate BKU-selection template - List<String> templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName() - , getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); - if (templateError != null && templateError.size() == 0) { - if (keyStoreForm != null && keyStoreForm.size() > 0) { - session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); - - } else - keyStoreForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); - - } else { - errors.addAll(templateError); + private static final String MODULENAME = "bPKEncryptionDecryption"; + + private String keyStorePassword = null; + private String keyAlias = null; + private String keyPassword = null; + + private Map<String, byte[]> keyStoreForm = new HashMap<>(); + + private List<File> keyStoreFileUpload = null; + private List<String> keyStoreFileUploadContentType = null; + private List<String> keyStoreFileUploadFileName = new ArrayList<>(); + private boolean deletekeyStore = false; + private boolean validationError = false; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + // TODO Auto-generated method stub + return MODULENAME; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + final AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth != null) { + final EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec != null) { + final BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec != null) { + keyAlias = bPKDec.getKeyAlias(); + if (bPKDec.getKeyStoreFileName() != null) { + keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); + } } - - if (keyStoreForm != null && keyStoreForm.size() > 0) { - check = getKeyStorePassword(); - if (MiscUtil.isEmpty(check)) { - log.info("bPK decryption keystore password is empty"); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); - - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - check = getKeyAlias(); - if (MiscUtil.isEmpty(check)) { - log.info("bPK decryption key alias is empty"); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); - - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption key alias contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - check = getKeyPassword(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("bPK decryption key password contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } - } - - BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); - keyInfo.setKeyAlias(keyAlias); - keyInfo.setKeyPassword(keyPassword); - keyInfo.setKeyStorePassword(keyStorePassword); - Iterator<String> interator = keyStoreForm.keySet().iterator(); - String fileName = interator.next(); - keyInfo.setKeyStore(keyStoreForm.get(fileName)); - if (keyInfo.getPrivateKey() == null) { - log.info("Open keyStore FAILED."); - errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); - - } + } + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth == null) { + oaAuth = new AuthComponentOA(); + dbOA.setAuthComponentOA(oaAuth); + + } + EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec == null) { + bPKEncDec = new EncBPKInformation(); + oaAuth.setEncBPKInformation(bPKEncDec); + + } + + BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec == null) { + bPKDec = new BPKDecryption(); + bPKEncDec.setBPKDecryption(bPKDec); + } + + if (isDeletekeyStore()) { + bPKDec.setIv(null); + bPKDec.setKeyAlias(null); + bPKDec.setKeyInformation(null); + bPKDec.setKeyStoreFileName(null); + + } + + final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + if (keyStoreForm != null && keyStoreForm.size() > 0) { + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + + final Iterator<String> interator = keyStoreForm.keySet().iterator(); + bPKDec.setKeyStoreFileName(interator.next()); + bPKDec.setKeyAlias(keyAlias); + keyInfo.setKeyStore(keyStoreForm.get( + bPKDec.getKeyStoreFileName())); + + // encrypt key information + final byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); + try { + final EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); + bPKDec.setIv(encryptkeyInfo.getIv()); + bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); + + } catch (final BuildException e) { + log.error("Configuration encryption FAILED.", e); + return LanguageHelper.getErrorString("error.general.text", request); + + } + } + + request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + final HttpSession session = request.getSession(); + final List<String> errors = new ArrayList<>(); + + String check = null; + + final OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + // validate BKU-selection template + final List<String> templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName(), + getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); + if (templateError != null && templateError.size() == 0) { + if (keyStoreForm != null && keyStoreForm.size() > 0) { + session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); + + } else { + keyStoreForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); + } + + } else { + errors.addAll(templateError); + + } + + if (keyStoreForm != null && keyStoreForm.size() > 0) { + check = getKeyStorePassword(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption keystore password is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); + + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } - - if (errors.size() > 0) { - validationError = true; - + } + + check = getKeyAlias(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption key alias is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); + + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption key alias contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } - - return errors; - - } - - /** - * @return the keyStorePassword - */ - public String getKeyStorePassword() { - return keyStorePassword; - } - - /** - * @param keyStorePassword the keyStorePassword to set - */ - public void setKeyStorePassword(String keyStorePassword) { - this.keyStorePassword = keyStorePassword; - } - - /** - * @return the keyAlias - */ - public String getKeyAlias() { - return keyAlias; - } - - /** - * @param keyAlias the keyAlias to set - */ - public void setKeyAlias(String keyAlias) { - this.keyAlias = keyAlias; - } - - /** - * @return the keyPassword - */ - public String getKeyPassword() { - return keyPassword; - } - - /** - * @param keyPassword the keyPassword to set - */ - public void setKeyPassword(String keyPassword) { - this.keyPassword = keyPassword; - } - - /** - * @return the keyStoreFileUpload - */ - public List<File> getKeyStoreFileUpload() { - return keyStoreFileUpload; - } - - /** - * @param keyStoreFileUpload the keyStoreFileUpload to set - */ - public void setKeyStoreFileUpload(List<File> keyStoreFileUpload) { - this.keyStoreFileUpload = keyStoreFileUpload; - } - - /** - * @return the keyStoreFileUploadContentType - */ - public List<String> getKeyStoreFileUploadContentType() { - return keyStoreFileUploadContentType; - } - - /** - * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set - */ - public void setKeyStoreFileUploadContentType( - List<String> keyStoreFileUploadContentType) { - this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; - } - - /** - * @return the keyStoreFileUploadFileName - */ - public List<String> getKeyStoreFileUploadFileName() { - return keyStoreFileUploadFileName; - } - - /** - * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set - */ - public void setKeyStoreFileUploadFileName( - List<String> keyStoreFileUploadFileName) { - this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; - } - - /** - * @return the deletekeyStore - */ - public boolean isDeletekeyStore() { - return deletekeyStore; - } - - /** - * @param deletekeyStore the deletekeyStore to set - */ - public void setDeletekeyStore(boolean deletekeyStore) { - this.deletekeyStore = deletekeyStore; - } - - /** - * @return the validationError - */ - public boolean isValidationError() { - return validationError; - } - - + } + + check = getKeyPassword(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("bPK decryption key password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + + } + } + + final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + final Iterator<String> interator = keyStoreForm.keySet().iterator(); + final String fileName = interator.next(); + keyInfo.setKeyStore(keyStoreForm.get(fileName)); + if (keyInfo.getPrivateKey() == null) { + log.info("Open keyStore FAILED."); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); + + } + } + + if (errors.size() > 0) { + validationError = true; + + } + + return errors; + + } + + /** + * @return the keyStorePassword + */ + public String getKeyStorePassword() { + return keyStorePassword; + } + + /** + * @param keyStorePassword the keyStorePassword to set + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * @return the keyAlias + */ + public String getKeyAlias() { + return keyAlias; + } + + /** + * @param keyAlias the keyAlias to set + */ + public void setKeyAlias(String keyAlias) { + this.keyAlias = keyAlias; + } + + /** + * @return the keyPassword + */ + public String getKeyPassword() { + return keyPassword; + } + + /** + * @param keyPassword the keyPassword to set + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + /** + * @return the keyStoreFileUpload + */ + public List<File> getKeyStoreFileUpload() { + return keyStoreFileUpload; + } + + /** + * @param keyStoreFileUpload the keyStoreFileUpload to set + */ + public void setKeyStoreFileUpload(List<File> keyStoreFileUpload) { + this.keyStoreFileUpload = keyStoreFileUpload; + } + + /** + * @return the keyStoreFileUploadContentType + */ + public List<String> getKeyStoreFileUploadContentType() { + return keyStoreFileUploadContentType; + } + + /** + * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set + */ + public void setKeyStoreFileUploadContentType( + List<String> keyStoreFileUploadContentType) { + this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; + } + + /** + * @return the keyStoreFileUploadFileName + */ + public List<String> getKeyStoreFileUploadFileName() { + return keyStoreFileUploadFileName; + } + + /** + * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set + */ + public void setKeyStoreFileUploadFileName( + List<String> keyStoreFileUploadFileName) { + this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; + } + + /** + * @return the deletekeyStore + */ + public boolean isDeletekeyStore() { + return deletekeyStore; + } + + /** + * @param deletekeyStore the deletekeyStore to set + */ + public void setDeletekeyStore(boolean deletekeyStore) { + this.deletekeyStore = deletekeyStore; + } + + /** + * @return the validationError + */ + public boolean isValidationError() { + return validationError; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index c51513193..45a3dba1b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -27,8 +27,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; @@ -36,130 +34,151 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; - - -public class OAGeneralConfig implements IOnlineApplicationData{ - private static final Logger log = Logger.getLogger(OAGeneralConfig.class); - - private boolean isActive = false; - - private String identifier = null; - private String friendlyName = null; - private boolean businessService = false; - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAGeneralInformation"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - isActive = dbOAConfig.isIsActive(); - - friendlyName = dbOAConfig.getFriendlyName(); - identifier = dbOAConfig.getPublicURLPrefix(); - - if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) - businessService = true; - else - businessService = false; - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); - } - - if (authUser.isAdmin()) dbOA.setIsActive(isActive()); - - dbOA.setPublicURLPrefix(getIdentifier()); - dbOA.setFriendlyName(getFriendlyName()); - - if (isBusinessService() || authUser.isOnlyBusinessService()) { - dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - - } else { - dbOA.setType(null); - } - - return null; - - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - List<String> errors = new ArrayList<String>(); - String check; - - //check OA FriendlyName - check = getFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("OAFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.info("OA friendlyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); - } - - return errors; - - } - - public boolean isBusinessService() { - return businessService; - } - - public void setBusinessService(boolean businessService) { - this.businessService = businessService; - } - - public String getIdentifier() { - return identifier; - } - - public void setIdentifier(String identifier) { - this.identifier = identifier; - } - - public String getFriendlyName() { - return friendlyName; - } - - public void setFriendlyName(String friendlyName) { - this.friendlyName = friendlyName; - } - - public boolean isActive() { - return isActive; - } - - public void setActive(boolean isActive) { - this.isActive = isActive; - } +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class OAGeneralConfig implements IOnlineApplicationData { + + private boolean isActive = false; + + private String identifier = null; + private String friendlyName = null; + private boolean businessService = false; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAGeneralInformation"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + isActive = dbOAConfig.isIsActive(); + + friendlyName = dbOAConfig.getFriendlyName(); + identifier = dbOAConfig.getPublicURLPrefix(); + + if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) { + businessService = true; + } else { + businessService = false; + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + if (authUser.isAdmin()) { + dbOA.setIsActive(isActive()); + } + + dbOA.setPublicURLPrefix(getIdentifier()); + dbOA.setFriendlyName(getFriendlyName()); + + if (isBusinessService() || authUser.isOnlyBusinessService()) { + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + + } else { + dbOA.setType(null); + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final List<String> errors = new ArrayList<>(); + String check; + + // check OA FriendlyName + check = getFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("OAFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.info("OA friendlyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); + } + + return errors; + + } + + public boolean isBusinessService() { + return businessService; + } + + public void setBusinessService(boolean businessService) { + this.businessService = businessService; + } + + public String getIdentifier() { + return identifier; + } + + public void setIdentifier(String identifier) { + this.identifier = identifier; + } + + public String getFriendlyName() { + return friendlyName; + } + + public void setFriendlyName(String friendlyName) { + this.friendlyName = friendlyName; + } + + public boolean isActive() { + return isActive; + } + + public void setActive(boolean isActive) { + this.isActive = isActive; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java index a4d71f0ed..ef5658ca4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java @@ -27,194 +27,212 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationIDPType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(OAMOAIDPInterfederationConfig.class); - - private String queryURL; - private Boolean inboundSSO = true; - private Boolean outboundSSO = true; - private Boolean storeSSOSession = true; - private Boolean passiveRequest = true; - private Boolean localAuthOnError = true; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "MOAIDPInterfederation"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - - InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); - if (moaIDP != null) { - this.queryURL = moaIDP.getAttributeQueryURL(); - this.inboundSSO = moaIDP.isInboundSSO(); - this.outboundSSO = moaIDP.isOutboundSSO(); - this.storeSSOSession = moaIDP.isStoreSSOSession(); - this.localAuthOnError = moaIDP.isPerformLocalAuthenticationOnError(); - this.passiveRequest = moaIDP.isPerformPassivRequest(); - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - if (authUser.isAdmin()) { - dbOA.setIsInterfederationIDP(true); - - InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); - if (moaIDP == null) { - moaIDP = new InterfederationIDPType(); - dbOA.setInterfederationIDP(moaIDP); - } - - moaIDP.setAttributeQueryURL(queryURL); - moaIDP.setInboundSSO(inboundSSO); - moaIDP.setOutboundSSO(outboundSSO); - moaIDP.setStoreSSOSession(storeSSOSession); - moaIDP.setPerformLocalAuthenticationOnError(localAuthOnError); - moaIDP.setPerformPassivRequest(passiveRequest); - - } - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - List<String> errors = new ArrayList<String>(); - - if (MiscUtil.isNotEmpty(queryURL)) { - if (!ValidationHelper.validateURL(queryURL)) { - log.info("AttributeQuery URL is not valid"); - errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", request)); - - } - } - + private String queryURL; + private Boolean inboundSSO = true; + private Boolean outboundSSO = true; + private Boolean storeSSOSession = true; + private Boolean passiveRequest = true; + private Boolean localAuthOnError = true; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "MOAIDPInterfederation"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + + final InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); + if (moaIDP != null) { + this.queryURL = moaIDP.getAttributeQueryURL(); + this.inboundSSO = moaIDP.isInboundSSO(); + this.outboundSSO = moaIDP.isOutboundSSO(); + this.storeSSOSession = moaIDP.isStoreSSOSession(); + this.localAuthOnError = moaIDP.isPerformLocalAuthenticationOnError(); + this.passiveRequest = moaIDP.isPerformPassivRequest(); + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + if (authUser.isAdmin()) { + dbOA.setIsInterfederationIDP(true); + + InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); + if (moaIDP == null) { + moaIDP = new InterfederationIDPType(); + dbOA.setInterfederationIDP(moaIDP); + } + + moaIDP.setAttributeQueryURL(queryURL); + moaIDP.setInboundSSO(inboundSSO); + moaIDP.setOutboundSSO(outboundSSO); + moaIDP.setStoreSSOSession(storeSSOSession); + moaIDP.setPerformLocalAuthenticationOnError(localAuthOnError); + moaIDP.setPerformPassivRequest(passiveRequest); + + } + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final List<String> errors = new ArrayList<>(); + + if (MiscUtil.isNotEmpty(queryURL)) { + if (!ValidationHelper.validateURL(queryURL)) { + log.info("AttributeQuery URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", + request)); + + } + } + // if (inboundSSO && MiscUtil.isEmpty(queryURL)) { // log.info("Inbound Single Sign-On requires AttributQueryURL configuration."); // errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request)); // } - - return errors; - } - - /** - * @return the queryURL - */ - public String getQueryURL() { - return queryURL; - } - - /** - * @param queryURL the queryURL to set - */ - public void setQueryURL(String queryURL) { - this.queryURL = queryURL; - } - - /** - * @return the inboundSSO - */ - public boolean isInboundSSO() { - return inboundSSO.booleanValue(); - } - - /** - * @param inboundSSO the inboundSSO to set - */ - public void setInboundSSO(boolean inboundSSO) { - this.inboundSSO = inboundSSO; - } - - /** - * @return the outboundSSO - */ - public boolean isOutboundSSO() { - return outboundSSO.booleanValue(); - } - - /** - * @param outboundSSO the outboundSSO to set - */ - public void setOutboundSSO(boolean outboundSSO) { - this.outboundSSO = outboundSSO; - } - - /** - * @return the storeSSOSession - */ - public boolean isStoreSSOSession() { - return storeSSOSession.booleanValue(); - } - - /** - * @param storeSSOSession the storeSSOSession to set - */ - public void setStoreSSOSession(boolean storeSSOSession) { - this.storeSSOSession = storeSSOSession; - } - - /** - * @return the passiveRequest - */ - public boolean isPassiveRequest() { - return passiveRequest.booleanValue(); - } - - /** - * @param passiveRequest the passiveRequest to set - */ - public void setPassiveRequest(boolean passiveRequest) { - this.passiveRequest = passiveRequest; - } - - /** - * @return the localAuthOnError - */ - public boolean isLocalAuthOnError() { - return localAuthOnError.booleanValue(); - } - - /** - * @param localAuthOnError the localAuthOnError to set - */ - public void setLocalAuthOnError(boolean localAuthOnError) { - this.localAuthOnError = localAuthOnError; - } - - + + return errors; + } + + /** + * @return the queryURL + */ + public String getQueryURL() { + return queryURL; + } + + /** + * @param queryURL the queryURL to set + */ + public void setQueryURL(String queryURL) { + this.queryURL = queryURL; + } + + /** + * @return the inboundSSO + */ + public boolean isInboundSSO() { + return inboundSSO.booleanValue(); + } + + /** + * @param inboundSSO the inboundSSO to set + */ + public void setInboundSSO(boolean inboundSSO) { + this.inboundSSO = inboundSSO; + } + + /** + * @return the outboundSSO + */ + public boolean isOutboundSSO() { + return outboundSSO.booleanValue(); + } + + /** + * @param outboundSSO the outboundSSO to set + */ + public void setOutboundSSO(boolean outboundSSO) { + this.outboundSSO = outboundSSO; + } + + /** + * @return the storeSSOSession + */ + public boolean isStoreSSOSession() { + return storeSSOSession.booleanValue(); + } + + /** + * @param storeSSOSession the storeSSOSession to set + */ + public void setStoreSSOSession(boolean storeSSOSession) { + this.storeSSOSession = storeSSOSession; + } + + /** + * @return the passiveRequest + */ + public boolean isPassiveRequest() { + return passiveRequest.booleanValue(); + } + + /** + * @param passiveRequest the passiveRequest to set + */ + public void setPassiveRequest(boolean passiveRequest) { + this.passiveRequest = passiveRequest; + } + + /** + * @return the localAuthOnError + */ + public boolean isLocalAuthOnError() { + return localAuthOnError.booleanValue(); + } + + /** + * @param localAuthOnError the localAuthOnError to set + */ + public void setLocalAuthOnError(boolean localAuthOnError) { + this.localAuthOnError = localAuthOnError; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java index ce50c847a..bae37b531 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java @@ -30,7 +30,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAOAUTH20; @@ -40,132 +39,150 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; +import lombok.extern.slf4j.Slf4j; -public class OAOAuth20Config implements IOnlineApplicationData{ - - private final Logger log = Logger.getLogger(OAOAuth20Config.class); - - private String clientId = null; - private String clientSecret = null; - private String redirectUri = null; - - public OAOAuth20Config() { - this.generateClientSecret(); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAOpenIDConnect"; - } - - public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - List<String> errors = new ArrayList<String>(); - - HttpSession session = request.getSession(); - - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - // set client id to public url prefix - this.clientId = dbOAConfig.getPublicURLPrefix(); - - OAOAUTH20 config = authdata.getOAOAUTH20(); - - if (config != null) { - // validate secret - if (StringUtils.isNotEmpty(config.getOAuthClientSecret())) { - this.clientSecret = config.getOAuthClientSecret(); - } else { - this.generateClientSecret(); - } - - // validate redirectUri - if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config.getOAuthRedirectUri())) { - this.redirectUri = config.getOAuthRedirectUri(); - } else { - errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); - } - } else { - this.generateClientSecret(); - } - } - - session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret()); - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OAOAUTH20ConfigValidation().validate(this, request); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); +@Slf4j +public class OAOAuth20Config implements IOnlineApplicationData { + + private String clientId = null; + private String clientSecret = null; + private String redirectUri = null; + + public OAOAuth20Config() { + this.generateClientSecret(); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAOpenIDConnect"; + } + + @Override + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final List<String> errors = new ArrayList<>(); + + final HttpSession session = request.getSession(); + + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + // set client id to public url prefix + this.clientId = dbOAConfig.getPublicURLPrefix(); + + final OAOAUTH20 config = authdata.getOAOAUTH20(); + + if (config != null) { + // validate secret + if (StringUtils.isNotEmpty(config.getOAuthClientSecret())) { + this.clientSecret = config.getOAuthClientSecret(); + } else { + this.generateClientSecret(); } - - log.debug("Saving OAuth 2.0 configuration:"); - OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); - if (oaOAuth20 == null) { - oaOAuth20 = new OAOAUTH20(); - authoa.setOAOAUTH20(oaOAuth20); + + // validate redirectUri + if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config + .getOAuthRedirectUri())) { + this.redirectUri = config.getOAuthRedirectUri(); + } else { + errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); } + } else { + this.generateClientSecret(); + } + } + + session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret()); + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAOAUTH20ConfigValidation().validate(this, request); + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + log.debug("Saving OAuth 2.0 configuration:"); + OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); + if (oaOAuth20 == null) { + oaOAuth20 = new OAOAUTH20(); + authoa.setOAOAUTH20(oaOAuth20); + } + + oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix()); + // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); + oaOAuth20.setOAuthRedirectUri(getRedirectUri()); + log.debug("client id: " + getClientId()); + log.debug("client secret: " + getClientSecret()); + log.debug("redirect uri:" + getRedirectUri()); + + oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute( + Constants.SESSION_OAUTH20SECRET)); + request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); + + return null; + } + + public String getClientId() { + return clientId; + } + + public void setClientId(String clientId) { + this.clientId = clientId; + } + + public String getClientSecret() { + return clientSecret; + } + + public void setClientSecret(String clientSecret) { + this.clientSecret = clientSecret; + } + + public String getRedirectUri() { + return redirectUri; + } + + public void setRedirectUri(String redirectUri) { + this.redirectUri = redirectUri; + } - oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix()); - // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); - oaOAuth20.setOAuthRedirectUri(getRedirectUri()); - log.debug("client id: " + getClientId()); - log.debug("client secret: " + getClientSecret()); - log.debug("redirect uri:" + getRedirectUri()); - - oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); - request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); - - return null; - } - - public String getClientId() { - return clientId; - } - - public void setClientId(String clientId) { - this.clientId = clientId; - } - - public String getClientSecret() { - return clientSecret; - } - - public void setClientSecret(String clientSecret) { - this.clientSecret = clientSecret; - } - - public String getRedirectUri() { - return redirectUri; - } - - public void setRedirectUri(String redirectUri) { - this.redirectUri = redirectUri; - } - - public void generateClientSecret() { - this.clientSecret = UUID.randomUUID().toString(); - } + public void generateClientSecret() { + this.clientSecret = UUID.randomUUID().toString(); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java index 4be1a81de..008617e76 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java @@ -32,228 +32,247 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - -import iaik.x509.X509Certificate; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; -import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; -public class OAPVP2Config implements IOnlineApplicationData{ - - private final Logger log = Logger.getLogger(OAPVP2Config.class); - - private boolean reLoad = false; - - private String metaDataURL = null; - private String certificateDN = null; - - private File fileUpload = null; - private String fileUploadContentType; - private String fileUploadFileName; - - private byte[] storedCert = null; - - public OAPVP2Config() { - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OAPVP2"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser) - */ - @Override - public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authoa = dboa.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dboa.setAuthComponentOA(authoa); - } - OAPVP2 pvp2 = authoa.getOAPVP2(); - if (pvp2 == null) { - pvp2 = new OAPVP2(); - authoa.setOAPVP2(pvp2); - } +@Slf4j +public class OAPVP2Config implements IOnlineApplicationData { + + private boolean reLoad = false; + + private String metaDataURL = null; + private String certificateDN = null; + + private File fileUpload = null; + private String fileUploadContentType; + private String fileUploadFileName; + + private byte[] storedCert = null; + + public OAPVP2Config() { + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OAPVP2"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser) + */ + @Override + public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + OAPVP2 pvp2 = authoa.getOAPVP2(); + if (pvp2 == null) { + pvp2 = new OAPVP2(); + authoa.setOAPVP2(pvp2); + } + + try { + + if (getFileUpload() != null) { + pvp2.setCertificate(getCertificate()); + setReLoad(true); + + } else if (storedCert != null) { + pvp2.setCertificate(storedCert); + } + + } catch (final CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request); + } catch (final IOException e) { + log.info("Uploaded Certificate can not be parsed", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request); + } + + if (getMetaDataURL() != null && + !getMetaDataURL().equals(pvp2.getMetadataURL())) { + setReLoad(true); + } + pvp2.setMetadataURL(getMetaDataURL()); + + if (isReLoad()) { + pvp2.setUpdateRequiredItem(new Date()); + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAPVP2ConfigValidation().validate(this, general.getIdentifier(), request); + } - try { - - if (getFileUpload() != null) { - pvp2.setCertificate(getCertificate()); - setReLoad(true); - - } else if (storedCert != null) - pvp2.setCertificate(storedCert); - - } catch (CertificateException e) { - log.info("Uploaded Certificate can not be found", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request); - } catch (IOException e) { - log.info("Uploaded Certificate can not be parsed", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request); + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication) + */ + @Override + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final List<String> errors = new ArrayList<>(); + + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + final OAPVP2 pvp2 = authdata.getOAPVP2(); + if (pvp2 != null) { + metaDataURL = pvp2.getMetadataURL(); + + if (pvp2.getCertificate() != null && + !new String(pvp2.getCertificate()).equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + try { + // byte[] cert = pvp2.getCertificate(); + final byte[] cert = Base64Utils.decode(new String(pvp2.getCertificate()), false); + if (MiscUtil.isNotEmpty(cert)) { + final X509Certificate x509 = new X509Certificate(cert); + certificateDN = x509.getSubjectDN().getName(); + } + } catch (final CertificateException e) { + try { + final byte[] cert = pvp2.getCertificate(); + if (MiscUtil.isNotEmpty(cert)) { + final X509Certificate x509 = new X509Certificate(cert); + certificateDN = x509.getSubjectDN().getName(); + } + + } catch (final CertificateException e1) { + log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig + .getPublicURLPrefix(), e1); + errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); + + } + + } catch (final IOException e) { + log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig + .getPublicURLPrefix()); + errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); + } } + } + } + return errors; + } - if (getMetaDataURL() != null && - !getMetaDataURL().equals(pvp2.getMetadataURL())) - setReLoad(true); - pvp2.setMetadataURL(getMetaDataURL()); - - if (isReLoad()) - pvp2.setUpdateRequiredItem(new Date()); - - return null; - - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OAPVP2ConfigValidation().validate(this, general.getIdentifier(), request); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication) - */ - @Override - public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - List<String> errors = new ArrayList<String>(); - - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - OAPVP2 pvp2 = authdata.getOAPVP2(); - if (pvp2 != null) { - metaDataURL = pvp2.getMetadataURL(); - - if (pvp2.getCertificate() != null && - !(new String(pvp2.getCertificate())).equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { - try { - //byte[] cert = pvp2.getCertificate(); - byte[] cert = Base64Utils.decode(new String(pvp2.getCertificate()), false); - if (MiscUtil.isNotEmpty(cert)) { - X509Certificate x509 = new X509Certificate(cert); - certificateDN = x509.getSubjectDN().getName(); - } - } catch (CertificateException e) { - try { - byte[] cert = pvp2.getCertificate(); - if (MiscUtil.isNotEmpty(cert)) { - X509Certificate x509 = new X509Certificate(cert); - certificateDN = x509.getSubjectDN().getName(); - } - - } catch (CertificateException e1) { - log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig.getPublicURLPrefix(), e1); - errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); - - } - - } catch (IOException e) { - log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig.getPublicURLPrefix()); - errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); - } - } - } - } - return errors; - } - - public byte[] getCertificate() throws CertificateException, IOException { - - FileInputStream filestream = new FileInputStream(fileUpload); - X509Certificate x509 = new X509Certificate(filestream); - return x509.getEncoded(); - } - - public void setStoredCert(byte[] storedCert) { - this.storedCert = storedCert; - } - - public String getMetaDataURL() { - return metaDataURL; - } - public void setMetaDataURL(String metaDataURL) { - this.metaDataURL = metaDataURL; - } - - /** - * @return the certificateDN - */ - public String getCertificateDN() { - return certificateDN; - } - - /** - * @return the fileUpLoad - */ - public File getFileUpload() { - return fileUpload; - } - - /** - * @param fileUpLoad the fileUpLoad to set - */ - public void setFileUpload(File fileUpload) { - this.fileUpload = fileUpload; - } - - /** - * @return the fileUploadContentType - */ - public String getFileUploadContentType() { - return fileUploadContentType; - } - - /** - * @param fileUploadContentType the fileUploadContentType to set - */ - public void setFileUploadContentType(String fileUploadContentType) { - this.fileUploadContentType = fileUploadContentType; - } - - /** - * @return the fileUploadFileName - */ - public String getFileUploadFileName() { - return fileUploadFileName; - } - - /** - * @param fileUploadFileName the fileUploadFileName to set - */ - public void setFileUploadFileName(String fileUploadFileName) { - this.fileUploadFileName = fileUploadFileName; - } - - /** - * @return the reLoad - */ - public boolean isReLoad() { - return reLoad; - } - - /** - * @param reLoad the reLoad to set - */ - public void setReLoad(boolean reLoad) { - this.reLoad = reLoad; - } - -} + public byte[] getCertificate() throws CertificateException, IOException { + + final FileInputStream filestream = new FileInputStream(fileUpload); + final X509Certificate x509 = new X509Certificate(filestream); + return x509.getEncoded(); + } + + public void setStoredCert(byte[] storedCert) { + this.storedCert = storedCert; + } + + public String getMetaDataURL() { + return metaDataURL; + } + + public void setMetaDataURL(String metaDataURL) { + this.metaDataURL = metaDataURL; + } + /** + * @return the certificateDN + */ + public String getCertificateDN() { + return certificateDN; + } + /** + * @return the fileUpLoad + */ + public File getFileUpload() { + return fileUpload; + } + + /** + * @param fileUpLoad the fileUpLoad to set + */ + public void setFileUpload(File fileUpload) { + this.fileUpload = fileUpload; + } + + /** + * @return the fileUploadContentType + */ + public String getFileUploadContentType() { + return fileUploadContentType; + } + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(String fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + /** + * @return the fileUploadFileName + */ + public String getFileUploadFileName() { + return fileUploadFileName; + } + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(String fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + /** + * @return the reLoad + */ + public boolean isReLoad() { + return reLoad; + } + + /** + * @param reLoad the reLoad to set + */ + public void setReLoad(boolean reLoad) { + this.reLoad = reLoad; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java index 18bebf9d8..76fd31ccd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java @@ -39,113 +39,134 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class OARevisionsLogData implements IOnlineApplicationData { - private boolean active = false; - private String eventCodes = null; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OARevisionsLogging"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - - if (dbOA.getIsRevisionsLogActive() != null) - active = dbOA.getIsRevisionsLogActive(); - - if (MiscUtil.isNotEmpty(dbOA.getEventCodes())) - eventCodes = dbOA.getEventCodes(); - - return null; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - dbOA.setIsRevisionsLogActive(active); - - if (MiscUtil.isNotEmpty(eventCodes)) { - dbOA.setEventCodes(KeyValueUtils.normalizeCSVValueString(eventCodes)); - - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - List<String> errors = new ArrayList<String>(); - - if (active && MiscUtil.isEmpty(eventCodes)) { - errors.add(LanguageHelper.getErrorString( - "error.oa.reversion.log.enabled")); - - } - - if (MiscUtil.isNotEmpty(eventCodes)) { - String[] codes = eventCodes.split(","); - for (String el: codes) { - try { - Integer.parseInt(el.trim()); - - } catch (NumberFormatException e) { - errors.add(LanguageHelper.getErrorString( - "error.oa.reversion.log.eventcodes")); - break; - - } - - } - - } - - return errors; - } - - /** - * @return the active - */ - public boolean isActive() { - return active; - } - - /** - * @param active the active to set - */ - public void setActive(boolean active) { - this.active = active; - } - - /** - * @return the eventCodes - */ - public String getEventCodes() { - return eventCodes; - } - - /** - * @param eventCodes the eventCodes to set - */ - public void setEventCodes(String eventCodes) { - this.eventCodes = eventCodes; - } - - + private boolean active = false; + private String eventCodes = null; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OARevisionsLogging"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + + if (dbOA.getIsRevisionsLogActive() != null) { + active = dbOA.getIsRevisionsLogActive(); + } + + if (MiscUtil.isNotEmpty(dbOA.getEventCodes())) { + eventCodes = dbOA.getEventCodes(); + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + dbOA.setIsRevisionsLogActive(active); + + if (MiscUtil.isNotEmpty(eventCodes)) { + dbOA.setEventCodes(KeyValueUtils.normalizeCSVValueString(eventCodes)); + + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + final List<String> errors = new ArrayList<>(); + + if (active && MiscUtil.isEmpty(eventCodes)) { + errors.add(LanguageHelper.getErrorString( + "error.oa.reversion.log.enabled")); + + } + + if (MiscUtil.isNotEmpty(eventCodes)) { + final String[] codes = eventCodes.split(","); + for (final String el : codes) { + try { + Integer.parseInt(el.trim()); + + } catch (final NumberFormatException e) { + errors.add(LanguageHelper.getErrorString( + "error.oa.reversion.log.eventcodes")); + break; + + } + + } + + } + + return errors; + } + + /** + * @return the active + */ + public boolean isActive() { + return active; + } + + /** + * @param active the active to set + */ + public void setActive(boolean active) { + this.active = active; + } + + /** + * @return the eventCodes + */ + public String getEventCodes() { + return eventCodes; + } + + /** + * @param eventCodes the eventCodes to set + */ + public void setEventCodes(String eventCodes) { + this.eventCodes = eventCodes; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java index 2922231b3..f1ee853ae 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java @@ -33,178 +33,213 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplicati import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation; -public class OASAML1Config implements IOnlineApplicationData{ - - private Boolean isActive = false; - private Boolean provideStammZahl = false; - private Boolean provideAuthBlock = false; - private Boolean provideIdentityLink = false; - private Boolean provideCertificate = false; - private Boolean provideFullMandateData = false; - private Boolean useCondition = false; - private Boolean provideAllErrors = true; - private int conditionLength = -1; - - - public OASAML1Config() { - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OASAML1"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authdata = dbOA.getAuthComponentOA(); - if (authdata != null) { - OASAML1 saml1 = authdata.getOASAML1(); - if (saml1 != null) { - provideAuthBlock = saml1.isProvideAUTHBlock(); - provideCertificate = saml1.isProvideCertificate(); - provideFullMandateData = saml1.isProvideFullMandatorData(); - provideIdentityLink = saml1.isProvideIdentityLink(); - provideStammZahl = saml1.isProvideStammzahl(); - - if (saml1.isProvideAllErrors() != null) - provideAllErrors = saml1.isProvideAllErrors(); - - if (saml1.isUseCondition() != null) - useCondition = saml1.isUseCondition(); - - if (saml1.getConditionLength() != null) - conditionLength = saml1.getConditionLength().intValue(); - - if (saml1.isIsActive() != null) - isActive = saml1.isIsActive(); - } - } - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OASAML1ConfigValidation().validate(this, general, request); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); - } - - OASAML1 saml1 = authoa.getOASAML1(); - if (saml1 == null) { - saml1 = new OASAML1(); - authoa.setOASAML1(saml1); - saml1.setIsActive(false); - } - - if (authUser.isAdmin()) { - saml1.setIsActive(isActive()); - } - - if (saml1.isIsActive() != null && saml1.isIsActive()) { - saml1.setProvideAUTHBlock(isProvideAuthBlock()); - saml1.setProvideCertificate(isProvideCertificate()); - saml1.setProvideFullMandatorData(isProvideFullMandateData()); - saml1.setProvideIdentityLink(isProvideIdentityLink()); - saml1.setProvideStammzahl(isProvideStammZahl()); - saml1.setUseCondition(isUseCondition()); - saml1.setProvideAllErrors(provideAllErrors); - saml1.setConditionLength(BigInteger.valueOf(getConditionLength())); - // TODO: set sourceID - // saml1.setSourceID(""); - } - - return null; - } - - public boolean isProvideStammZahl() { - return provideStammZahl; - } - public void setProvideStammZahl(boolean provideStammZahl) { - this.provideStammZahl = provideStammZahl; - } - public boolean isProvideAuthBlock() { - return provideAuthBlock; - } - public void setProvideAuthBlock(boolean provideAuthBlock) { - this.provideAuthBlock = provideAuthBlock; - } - public boolean isProvideIdentityLink() { - return provideIdentityLink; - } - public void setProvideIdentityLink(boolean provideIdentityLink) { - this.provideIdentityLink = provideIdentityLink; - } - public boolean isProvideCertificate() { - return provideCertificate; - } - public void setProvideCertificate(boolean provideCertificate) { - this.provideCertificate = provideCertificate; - } - public boolean isProvideFullMandateData() { - return provideFullMandateData; - } - public void setProvideFullMandateData(boolean provideFullMandateData) { - this.provideFullMandateData = provideFullMandateData; - } - public boolean isUseCondition() { - return useCondition; - } - public void setUseCondition(boolean useCondition) { - this.useCondition = useCondition; - } - public int getConditionLength() { - return conditionLength; - } - public void setConditionLength(int conditionLength) { - this.conditionLength = conditionLength; - } - - /** - * @return the isActive - */ - public boolean isActive() { - return isActive; - } - - /** - * @param isActive the isActive to set - */ - public void setActive(boolean isActive) { - this.isActive = isActive; - } - - /** - * @return the provideAllErrors - */ - public Boolean getProvideAllErrors() { - return provideAllErrors; - } - - /** - * @param provideAllErrors the provideAllErrors to set - */ - public void setProvideAllErrors(Boolean provideAllErrors) { - this.provideAllErrors = provideAllErrors; - } - - +public class OASAML1Config implements IOnlineApplicationData { + + private Boolean isActive = false; + private Boolean provideStammZahl = false; + private Boolean provideAuthBlock = false; + private Boolean provideIdentityLink = false; + private Boolean provideCertificate = false; + private Boolean provideFullMandateData = false; + private Boolean useCondition = false; + private Boolean provideAllErrors = true; + private int conditionLength = -1; + + public OASAML1Config() { + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OASAML1"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + final AuthComponentOA authdata = dbOA.getAuthComponentOA(); + if (authdata != null) { + final OASAML1 saml1 = authdata.getOASAML1(); + if (saml1 != null) { + provideAuthBlock = saml1.isProvideAUTHBlock(); + provideCertificate = saml1.isProvideCertificate(); + provideFullMandateData = saml1.isProvideFullMandatorData(); + provideIdentityLink = saml1.isProvideIdentityLink(); + provideStammZahl = saml1.isProvideStammzahl(); + + if (saml1.isProvideAllErrors() != null) { + provideAllErrors = saml1.isProvideAllErrors(); + } + + if (saml1.isUseCondition() != null) { + useCondition = saml1.isUseCondition(); + } + + if (saml1.getConditionLength() != null) { + conditionLength = saml1.getConditionLength().intValue(); + } + + if (saml1.isIsActive() != null) { + isActive = saml1.isIsActive(); + } + } + } + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OASAML1ConfigValidation().validate(this, general, request); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + OASAML1 saml1 = authoa.getOASAML1(); + if (saml1 == null) { + saml1 = new OASAML1(); + authoa.setOASAML1(saml1); + saml1.setIsActive(false); + } + + if (authUser.isAdmin()) { + saml1.setIsActive(isActive()); + } + + if (saml1.isIsActive() != null && saml1.isIsActive()) { + saml1.setProvideAUTHBlock(isProvideAuthBlock()); + saml1.setProvideCertificate(isProvideCertificate()); + saml1.setProvideFullMandatorData(isProvideFullMandateData()); + saml1.setProvideIdentityLink(isProvideIdentityLink()); + saml1.setProvideStammzahl(isProvideStammZahl()); + saml1.setUseCondition(isUseCondition()); + saml1.setProvideAllErrors(provideAllErrors); + saml1.setConditionLength(BigInteger.valueOf(getConditionLength())); + // TODO: set sourceID + // saml1.setSourceID(""); + } + + return null; + } + + public boolean isProvideStammZahl() { + return provideStammZahl; + } + + public void setProvideStammZahl(boolean provideStammZahl) { + this.provideStammZahl = provideStammZahl; + } + + public boolean isProvideAuthBlock() { + return provideAuthBlock; + } + + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + + public boolean isProvideIdentityLink() { + return provideIdentityLink; + } + + public void setProvideIdentityLink(boolean provideIdentityLink) { + this.provideIdentityLink = provideIdentityLink; + } + + public boolean isProvideCertificate() { + return provideCertificate; + } + + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + + public boolean isProvideFullMandateData() { + return provideFullMandateData; + } + + public void setProvideFullMandateData(boolean provideFullMandateData) { + this.provideFullMandateData = provideFullMandateData; + } + + public boolean isUseCondition() { + return useCondition; + } + + public void setUseCondition(boolean useCondition) { + this.useCondition = useCondition; + } + + public int getConditionLength() { + return conditionLength; + } + + public void setConditionLength(int conditionLength) { + this.conditionLength = conditionLength; + } + + /** + * @return the isActive + */ + public boolean isActive() { + return isActive; + } + + /** + * @param isActive the isActive to set + */ + public void setActive(boolean isActive) { + this.isActive = isActive; + } + + /** + * @return the provideAllErrors + */ + public Boolean getProvideAllErrors() { + return provideAllErrors; + } + + /** + * @param provideAllErrors the provideAllErrors to set + */ + public void setProvideAllErrors(Boolean provideAllErrors) { + this.provideAllErrors = provideAllErrors; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java index 1baefe4b8..ed0f1c278 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java @@ -32,88 +32,104 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplicati import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation; -public class OASSOConfig implements IOnlineApplicationData{ - - private boolean useSSO = false; - private boolean showAuthDataFrame = true; - private String singleLogOutURL = null; - - public OASSOConfig() { - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OASingleSignOn"; - } - - public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - OASSO ssoconfig = authdata.getOASSO(); - if(ssoconfig != null) { - useSSO = ssoconfig.isUseSSO(); - showAuthDataFrame = ssoconfig.isAuthDataFrame(); - singleLogOutURL = ssoconfig.getSingleLogOutURL(); - } - } - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, - HttpServletRequest request) { - return new OASSOConfigValidation().validate(this, authUser.isAdmin(), request); - } - - public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { - - AuthComponentOA authoa = dboa.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dboa.setAuthComponentOA(authoa); - } - - OASSO sso = authoa.getOASSO(); - if (sso == null) { - sso = new OASSO(); - authoa.setOASSO(sso); - sso.setAuthDataFrame(true); - } - sso.setUseSSO(this.useSSO); - - if (authUser.isAdmin()) - sso.setAuthDataFrame(this.showAuthDataFrame); - - sso.setSingleLogOutURL(this.singleLogOutURL); - - return null; - } - - public boolean isUseSSO() { - return useSSO; - } - public void setUseSSO(boolean useSSO) { - this.useSSO = useSSO; - } - public boolean isShowAuthDataFrame() { - return showAuthDataFrame; - } - public void setShowAuthDataFrame(boolean showAuthDataFrame) { - this.showAuthDataFrame = showAuthDataFrame; - } - public String getSingleLogOutURL() { - return singleLogOutURL; - } - public void setSingleLogOutURL(String singleLogOutURL) { - this.singleLogOutURL = singleLogOutURL; - } +public class OASSOConfig implements IOnlineApplicationData { + + private boolean useSSO = false; + private boolean showAuthDataFrame = true; + private String singleLogOutURL = null; + + public OASSOConfig() { + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OASingleSignOn"; + } + + @Override + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + final OASSO ssoconfig = authdata.getOASSO(); + if (ssoconfig != null) { + useSSO = ssoconfig.isUseSSO(); + showAuthDataFrame = ssoconfig.isAuthDataFrame(); + singleLogOutURL = ssoconfig.getSingleLogOutURL(); + } + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, + HttpServletRequest request) { + return new OASSOConfigValidation().validate(this, authUser.isAdmin(), request); + } + + @Override + public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { + + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + + OASSO sso = authoa.getOASSO(); + if (sso == null) { + sso = new OASSO(); + authoa.setOASSO(sso); + sso.setAuthDataFrame(true); + } + sso.setUseSSO(this.useSSO); + + if (authUser.isAdmin()) { + sso.setAuthDataFrame(this.showAuthDataFrame); + } + + sso.setSingleLogOutURL(this.singleLogOutURL); + + return null; + } + + public boolean isUseSSO() { + return useSSO; + } + + public void setUseSSO(boolean useSSO) { + this.useSSO = useSSO; + } + + public boolean isShowAuthDataFrame() { + return showAuthDataFrame; + } + + public void setShowAuthDataFrame(boolean showAuthDataFrame) { + this.showAuthDataFrame = showAuthDataFrame; + } + + public String getSingleLogOutURL() { + return singleLogOutURL; + } + + public void setSingleLogOutURL(String singleLogOutURL) { + this.singleLogOutURL = singleLogOutURL; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index fb096a2a0..82ef9d1d1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -27,8 +27,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; @@ -44,306 +42,331 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; import at.gv.egovernment.moa.util.MiscUtil; //import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class OASTORKConfig implements IOnlineApplicationData { + + private boolean isStorkLogonEnabled = false; + private String qaa; + + private List<AttributeHelper> attributes = null; + + /* + * VIDP settings below + */ + private boolean vidpEnabled = false; + private List<AttributeProviderPlugin> attributeProviderPlugins = new ArrayList<>(); + private boolean requireConsent = false; + private final List<String> citizenCountries; + private List<String> enabledCitizenCountries; + + private MOAIDConfiguration dbconfig = null; + + public OASTORKConfig() { + // fetch available citizen countries + citizenCountries = new ArrayList<>(); + try { + dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); + + for (final CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getCPEPS()) { + citizenCountries.add(current.getCountryCode()); + } + + } catch (final NullPointerException e) { + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OASTORK2"; + } + + /** + * Parses the OA config for stork entities. + * + * @param dbOAConfig the db oa config + */ + @Override + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, + HttpServletRequest request) { + final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + final OASTORK config = authdata.getOASTORK(); + if (config != null) { + setStorkLogonEnabled(config.isStorkLogonEnabled()); + + try { + setQaa(config.geteIDAS_LOA()); + } catch (final NullPointerException e) { + // if there is no configuration available for the OA, get the default qaa level + try { + setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getGeneral_eIDAS_LOA()); + + } catch (final NullPointerException e1) { + setQaa(MOAIDConstants.eIDAS_LOA_HIGH); + + } + } + + enabledCitizenCountries = new ArrayList<>(); + if (config.getCPEPS() != null) { + for (final CPEPS current : config.getCPEPS()) { + enabledCitizenCountries.add(current.getCountryCode()); + } + } -public class OASTORKConfig implements IOnlineApplicationData{ - - private static final Logger log = Logger.getLogger(OASTORKConfig.class); - - private boolean isStorkLogonEnabled = false; - private String qaa; - - private List<AttributeHelper> attributes = null; - - /* - * VIDP settings below - */ - private boolean vidpEnabled = false; - private List<AttributeProviderPlugin> attributeProviderPlugins = new ArrayList<AttributeProviderPlugin>(); - private boolean requireConsent = false; - private List<String> citizenCountries; - private List<String> enabledCitizenCountries; - - private MOAIDConfiguration dbconfig = null; - - public OASTORKConfig() { - // fetch available citizen countries - citizenCountries = new ArrayList<String>(); - try { - dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - - - for(CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { - citizenCountries.add(current.getCountryCode()); - } - - }catch (NullPointerException e) { - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - - } - - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OASTORK2"; - } - - /** - * Parses the OA config for stork entities. - * - * @param dbOAConfig - * the db oa config - */ - public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); - if (authdata != null) { - OASTORK config = authdata.getOASTORK(); - if(config != null) { - setStorkLogonEnabled(config.isStorkLogonEnabled()); - - try { - setQaa(config.geteIDAS_LOA()); - } catch(NullPointerException e) { - // if there is no configuration available for the OA, get the default qaa level - try { - setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getGeneral_eIDAS_LOA()); - - } catch (NullPointerException e1) { - setQaa(MOAIDConstants.eIDAS_LOA_HIGH); - - } - } - - - enabledCitizenCountries = new ArrayList<String>(); - if (config.getCPEPS() != null) { - for(CPEPS current : config.getCPEPS()) - enabledCitizenCountries.add(current.getCountryCode()); - } - - // prepare attribute helper list - attributes = new ArrayList<AttributeHelper>(); - try { - try { - for(StorkAttribute current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes()) { - AttributeHelper tmp = null; - - if (config.getOAAttributes() != null) { - for(OAStorkAttribute sepp : config.getOAAttributes()) - if(sepp.getName() != null && sepp.getName().equals(current.getName())) - tmp = new AttributeHelper(sepp); - } - - if(null == tmp) - tmp = new AttributeHelper(current); - - attributes.add(tmp); - } - - } catch (NullPointerException ex) { - - } - - // fetch vidp config - if (config.isVidpEnabled() != null) - setVidpEnabled(config.isVidpEnabled()); - else - setVidpEnabled(false); - - if (config.isRequireConsent() != null) - setRequireConsent(config.isRequireConsent()); - else - setRequireConsent(false); - - attributeProviderPlugins = config.getAttributeProviders(); - // - if no attribute providers are configured, add a dummy - // TODO this is a dirty hack since we have to have one entry to - // clone from in the web form. Happens when time is short. - // Sorry. - if (attributeProviderPlugins == null || attributeProviderPlugins.isEmpty()) - attributeProviderPlugins.add(new AttributeProviderPlugin()); - } catch (NullPointerException ex) { - log.error("Nullpointerexception encountered in Configurationinterface", ex); + // prepare attribute helper list + attributes = new ArrayList<>(); + try { + try { + for (final StorkAttribute current : dbconfig.getAuthComponentGeneral().getForeignIdentities() + .getSTORK().getAttributes()) { + AttributeHelper tmp = null; + + if (config.getOAAttributes() != null) { + for (final OAStorkAttribute sepp : config.getOAAttributes()) { + if (sepp.getName() != null && sepp.getName().equals(current.getName())) { + tmp = new AttributeHelper(sepp); + } } - } - } - - return null; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, - HttpServletRequest request) { - return new OASTORKConfigValidation().validate(this, request); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); + } + + if (null == tmp) { + tmp = new AttributeHelper(current); + } + + attributes.add(tmp); + } + + } catch (final NullPointerException ex) { + + } + + // fetch vidp config + if (config.isVidpEnabled() != null) { + setVidpEnabled(config.isVidpEnabled()); + } else { + setVidpEnabled(false); + } + + if (config.isRequireConsent() != null) { + setRequireConsent(config.isRequireConsent()); + } else { + setRequireConsent(false); + } + + attributeProviderPlugins = config.getAttributeProviders(); + // - if no attribute providers are configured, add a dummy + // TODO this is a dirty hack since we have to have one entry to + // clone from in the web form. Happens when time is short. + // Sorry. + if (attributeProviderPlugins == null || attributeProviderPlugins.isEmpty()) { + attributeProviderPlugins.add(new AttributeProviderPlugin()); + } + } catch (final NullPointerException ex) { + log.error("Nullpointerexception encountered in Configurationinterface", ex); } - - // fetch stork configuration from database model - OASTORK stork = authoa.getOASTORK(); - if (stork == null) { - // if there is none, create a new one with default values. - stork = new OASTORK(); - authoa.setOASTORK(stork); - stork.setStorkLogonEnabled(false); + } + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, + HttpServletRequest request) { + return new OASTORKConfigValidation().validate(this, request); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + // fetch stork configuration from database model + OASTORK stork = authoa.getOASTORK(); + if (stork == null) { + // if there is none, create a new one with default values. + stork = new OASTORK(); + authoa.setOASTORK(stork); + stork.setStorkLogonEnabled(false); + } + // transfer the incoming data to the database model + stork.setStorkLogonEnabled(isStorkLogonEnabled()); + stork.seteIDAS_LOA(getQaa()); + stork.setOAAttributes(getAttributes()); + stork.setVidpEnabled(isVidpEnabled()); + stork.setRequireConsent(isRequireConsent()); + stork.setAttributeProviders(getAttributeProviderPlugins()); + stork.setCPEPS(getEnabledCPEPS()); + + return null; + + } + + public boolean isStorkLogonEnabled() { + return isStorkLogonEnabled; + } + + public void setStorkLogonEnabled(boolean enabled) { + this.isStorkLogonEnabled = enabled; + } + + public String getQaa() { + return qaa; + } + + public void setQaa(String qaa) { + this.qaa = qaa; + } + + public List<OAStorkAttribute> getAttributes() { + final List<OAStorkAttribute> result = new ArrayList<>(); + + if (null == getHelperAttributes()) { + return result; + } + + for (final AttributeHelper current : getHelperAttributes()) { + List<StorkAttribute> generalConfStorkAttr = null; + try { + generalConfStorkAttr = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getAttributes(); + + } catch (final NullPointerException e) { + log.trace("No STORK attributes in 'General Configuration'"); + + } + + if (generalConfStorkAttr != null) { + for (final StorkAttribute currentAttribute : generalConfStorkAttr) { + if (MiscUtil.isNotEmpty(currentAttribute.getName()) && + currentAttribute.getName().equals(current.getName())) { + if (current.isUsed() || currentAttribute.isMandatory()) { + final OAStorkAttribute tmp = new OAStorkAttribute(); + tmp.setName(current.getName()); + tmp.setMandatory(current.isMandatory()); + result.add(tmp); + + } + break; + } } - // transfer the incoming data to the database model - stork.setStorkLogonEnabled(isStorkLogonEnabled()); - stork.seteIDAS_LOA(getQaa()); - stork.setOAAttributes(getAttributes()); - stork.setVidpEnabled(isVidpEnabled()); - stork.setRequireConsent(isRequireConsent()); - stork.setAttributeProviders(getAttributeProviderPlugins()); - stork.setCPEPS(getEnabledCPEPS()); - - return null; - - } - - public boolean isStorkLogonEnabled() { - return isStorkLogonEnabled; - } - - public void setStorkLogonEnabled(boolean enabled) { - this.isStorkLogonEnabled = enabled; - } - - public String getQaa() { - return qaa; - } - - public void setQaa(String qaa) { - this.qaa = qaa; - } - - public List<OAStorkAttribute> getAttributes() { - List<OAStorkAttribute> result = new ArrayList<OAStorkAttribute>(); - - if(null == getHelperAttributes()) - return result; - - for(AttributeHelper current : getHelperAttributes()) { - List<StorkAttribute> generalConfStorkAttr = null; - try { - generalConfStorkAttr = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes(); - - } catch (NullPointerException e) { - log.trace("No STORK attributes in 'General Configuration'"); - - } - - if (generalConfStorkAttr != null) { - for(StorkAttribute currentAttribute : generalConfStorkAttr) - if(MiscUtil.isNotEmpty(currentAttribute.getName()) && - currentAttribute.getName().equals(current.getName())) { - if(current.isUsed() || currentAttribute.isMandatory()) { - OAStorkAttribute tmp = new OAStorkAttribute(); - tmp.setName(current.getName()); - tmp.setMandatory(current.isMandatory()); - result.add(tmp); - - } - break; - } - } - } - - return result; - } - - public List<AttributeHelper> getHelperAttributes() { - return attributes; - } - - public void setHelperAttributes(List<AttributeHelper> attributes) { - this.attributes = attributes; - } - - public List<String> getAvailableCitizenCountries() { - return citizenCountries; - } - - - public List<String> getAllowedLoALevels() { - return MOAIDConstants.ALLOWED_eIDAS_LOA; - } - - public List<String> getEnabledCitizenCountries() { - return enabledCitizenCountries; - } - - public void setEnabledCitizenCountries(List<String> update) { - enabledCitizenCountries = update; - } - - public List<CPEPS> getEnabledCPEPS() { - if (enabledCitizenCountries != null) { - List<CPEPS> result = new ArrayList<CPEPS>(); - - try { - for(CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { - if(enabledCitizenCountries.contains(current.getCountryCode())) - result.add(current); - } - - } catch (NullPointerException e){ - - } - return result; - } - - return null; - - } - - public List<String> getAvailableAttributeProviderPlugins() { - //TODO: remove in final version - - return new ArrayList<String>(); - //return AttributeProviderFactory.getAvailablePlugins(); - } - - public List<AttributeProviderPlugin> getAttributeProviderPlugins() { - return attributeProviderPlugins; - } - - public void setAttributeProviderPlugins(List<AttributeProviderPlugin> update) { - attributeProviderPlugins = update; - } - - public boolean isVidpEnabled() { - return vidpEnabled; - } - - public void setVidpEnabled(boolean update) { - vidpEnabled = update; - } - - public boolean isRequireConsent() { - return requireConsent; - } - - public void setRequireConsent(boolean update) { - requireConsent = update; - } + } + } + + return result; + } + + public List<AttributeHelper> getHelperAttributes() { + return attributes; + } + + public void setHelperAttributes(List<AttributeHelper> attributes) { + this.attributes = attributes; + } + + public List<String> getAvailableCitizenCountries() { + return citizenCountries; + } + + public List<String> getAllowedLoALevels() { + return MOAIDConstants.ALLOWED_eIDAS_LOA; + } + + public List<String> getEnabledCitizenCountries() { + return enabledCitizenCountries; + } + + public void setEnabledCitizenCountries(List<String> update) { + enabledCitizenCountries = update; + } + + public List<CPEPS> getEnabledCPEPS() { + if (enabledCitizenCountries != null) { + final List<CPEPS> result = new ArrayList<>(); + + try { + for (final CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK() + .getCPEPS()) { + if (enabledCitizenCountries.contains(current.getCountryCode())) { + result.add(current); + } + } + + } catch (final NullPointerException e) { + + } + return result; + } + + return null; + + } + + public List<String> getAvailableAttributeProviderPlugins() { + // TODO: remove in final version + + return new ArrayList<>(); + // return AttributeProviderFactory.getAvailablePlugins(); + } + + public List<AttributeProviderPlugin> getAttributeProviderPlugins() { + return attributeProviderPlugins; + } + + public void setAttributeProviderPlugins(List<AttributeProviderPlugin> update) { + attributeProviderPlugins = update; + } + + public boolean isVidpEnabled() { + return vidpEnabled; + } + + public void setVidpEnabled(boolean update) { + vidpEnabled = update; + } + + public boolean isRequireConsent() { + return requireConsent; + } + + public void setRequireConsent(boolean update) { + requireConsent = update; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index 84516c73f..be1b937f0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -43,464 +43,473 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class OATargetConfiguration implements IOnlineApplicationData { - private boolean deaktivededBusinessService = false; - - private boolean subTargetSet = false; - - private String target = null; - private String target_subsector = null; - private String target_admin = null; - private static List<String> targetList = null; - private String targetFriendlyName = null; - private boolean isAdminTarget = false; - - private String identificationNumber = null; - private String identificationType = null; - private static List<String> identificationTypeList = null; - - private String foreignbPKTargets = null; - private String additionalbPKTargets = null; - private boolean eidDemoActive = false; + private boolean deaktivededBusinessService = false; + + private boolean subTargetSet = false; + + private String target = null; + private String target_subsector = null; + private String target_admin = null; + private static List<String> targetList = null; + private String targetFriendlyName = null; + private boolean isAdminTarget = false; + + private String identificationNumber = null; + private String identificationType = null; + private static List<String> identificationTypeList = null; + + private String foreignbPKTargets = null; + private String additionalbPKTargets = null; + private boolean eidDemoActive = false; private boolean eidProxyActive = false; - - public OATargetConfiguration() { - targetList = TargetValidator.getListOfTargets(); - target = ""; - - identificationTypeList = Arrays.asList( - Constants.IDENIFICATIONTYPE_FN, - Constants.IDENIFICATIONTYPE_ZVR, - Constants.IDENIFICATIONTYPE_ERSB, - Constants.IDENIFICATIONTYPE_STORK, - Constants.IDENIFICATIONTYPE_EIDAS); - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "OATargetConfig"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - String target_full = dbOA.getTarget(); - if (MiscUtil.isNotEmpty(target_full)) { - if (TargetValidator.isValidTarget(target_full)) { - target = target_full; - - } else { - String[] target_split = target_full.split("-"); - - if (TargetValidator.isValidTarget(target_split[0])) { - target = target_split[0]; - if (target_split.length > 1) { - target_subsector = target_split[1]; - subTargetSet = true; - } - - } else { - target = ""; - target_subsector = null; - target_admin = target_full; - isAdminTarget = true; - } - } - targetFriendlyName = dbOA.getTargetFriendlyName(); - } - - AuthComponentOA oaauth = dbOA.getAuthComponentOA(); - if (oaauth != null) { - - IdentificationNumber idnumber = oaauth.getIdentificationNumber(); - if (idnumber != null) { - String number = idnumber.getValue(); - if (MiscUtil.isNotEmpty(number)) { - String[] split = number.split("\\+"); - - if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { - identificationType = split[1]; - identificationNumber = split[2]; - - } else if (Constants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) { - //identificationType = split[1]; // setting at as iden category ? - identificationType = Constants.IDENIFICATIONTYPE_EIDAS; - identificationNumber = split[1] + "+" + split[2]; // setting sp country as ident type -> sp ident - - } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { - //identificationType = split[1]; // setting at as iden category ? - identificationType = Constants.IDENIFICATIONTYPE_STORK; - identificationNumber = split[2]; // setting sp country as ident type -> sp ident - } - } - - if (authUser.isOnlyBusinessService()) { - deaktivededBusinessService = authUser.isOnlyBusinessService(); - - identificationType = authUser.getBusinessServiceType(); - identificationNumber = authUser.getBusinessServiceNumber(); - - } - - } - } - - - //parse foreign bPK sector list - if (dbOA.getForeignbPKTargetList() != null) { - if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList())) - foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList()); - - else { - if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0, - dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - foreignbPKTargets = dbOA.getForeignbPKTargetList(); - - } - } - - //parse additional bPK sector list - if (dbOA.getAdditionalbPKTargetList() != null) { - if (KeyValueUtils.isCSVValueString(dbOA.getAdditionalbPKTargetList())) - additionalbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getAdditionalbPKTargetList()); - - else { - if (dbOA.getAdditionalbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - additionalbPKTargets = dbOA.getAdditionalbPKTargetList().substring(0, - dbOA.getAdditionalbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - additionalbPKTargets = dbOA.getAdditionalbPKTargetList(); - - } - } - - //parse 'Austrian eID mode' flag - eidDemoActive = dbOA.getIseIDDemoModeActive(); - eidProxyActive = dbOA.getIseIDProxyModeActive(); - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - AuthComponentOA authoa = dbOA.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dbOA.setAuthComponentOA(authoa); + + public OATargetConfiguration() { + targetList = TargetValidator.getListOfTargets(); + target = ""; + + identificationTypeList = Arrays.asList( + Constants.IDENIFICATIONTYPE_FN, + Constants.IDENIFICATIONTYPE_ZVR, + Constants.IDENIFICATIONTYPE_ERSB, + Constants.IDENIFICATIONTYPE_STORK, + Constants.IDENIFICATIONTYPE_EIDAS); + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "OATargetConfig"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + final String target_full = dbOA.getTarget(); + if (MiscUtil.isNotEmpty(target_full)) { + if (TargetValidator.isValidTarget(target_full)) { + target = target_full; + + } else { + final String[] target_split = target_full.split("-"); + + if (TargetValidator.isValidTarget(target_split[0])) { + target = target_split[0]; + if (target_split.length > 1) { + target_subsector = target_split[1]; + subTargetSet = true; + } + + } else { + target = ""; + target_subsector = null; + target_admin = target_full; + isAdminTarget = true; + } + } + targetFriendlyName = dbOA.getTargetFriendlyName(); + } + + final AuthComponentOA oaauth = dbOA.getAuthComponentOA(); + if (oaauth != null) { + + final IdentificationNumber idnumber = oaauth.getIdentificationNumber(); + if (idnumber != null) { + final String number = idnumber.getValue(); + if (MiscUtil.isNotEmpty(number)) { + final String[] split = number.split("\\+"); + + if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { + identificationType = split[1]; + identificationNumber = split[2]; + + } else if (Constants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) { + // identificationType = split[1]; // setting at as iden category ? + identificationType = Constants.IDENIFICATIONTYPE_EIDAS; + identificationNumber = split[1] + "+" + split[2]; // setting sp country as ident type -> sp ident + + } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { + // identificationType = split[1]; // setting at as iden category ? + identificationType = Constants.IDENIFICATIONTYPE_STORK; + identificationNumber = split[2]; // setting sp country as ident type -> sp ident + } } - - if (isBusinessService(dbOA) || authUser.isOnlyBusinessService()) { - - dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - - String num = null; - if (authUser.isOnlyBusinessService()) { - deaktivededBusinessService = authUser.isOnlyBusinessService(); - num = authUser.getBusinessServiceType() + authUser.getBusinessServiceNumber(); - - } else { - - num = getIdentificationNumber().replaceAll(" ", ""); - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - - /*Fixme: - * Company numbers had to be padded with '0' on left site - * But this bugfix can not be activated, because this would - * change all bPKs for company numbers. - * - * Change this in case of new bPK generation algorithms - */ - // num = StringUtils.leftPad(num, 7, '0'); - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) - num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) - num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - } - - IdentificationNumber idnumber = authoa.getIdentificationNumber(); - if (idnumber == null) - idnumber = new IdentificationNumber(); - - if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { - idnumber.setValue(Constants.PREFIX_EIDAS + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); - - } else if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { - idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); - } else { - idnumber.setValue(Constants.PREFIX_WPBK + getIdentificationType() + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); - } - - authoa.setIdentificationNumber(idnumber); + + if (authUser.isOnlyBusinessService()) { + deaktivededBusinessService = authUser.isOnlyBusinessService(); + + identificationType = authUser.getBusinessServiceType(); + identificationNumber = authUser.getBusinessServiceNumber(); + + } + + } + } + + // parse foreign bPK sector list + if (dbOA.getForeignbPKTargetList() != null) { + if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList())) { + foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList()); + } else { + if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0, + dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); } else { - dbOA.setType(null); + foreignbPKTargets = dbOA.getForeignbPKTargetList(); + } + + } + } - if (authUser.isAdmin()) { - if (MiscUtil.isNotEmpty(getTarget_admin()) && isAdminTarget()) { - dbOA.setTarget(getTarget_admin()); - dbOA.setTargetFriendlyName(getTargetFriendlyName()); + // parse additional bPK sector list + if (dbOA.getAdditionalbPKTargetList() != null) { + if (KeyValueUtils.isCSVValueString(dbOA.getAdditionalbPKTargetList())) { + additionalbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getAdditionalbPKTargetList()); + } else { + if (dbOA.getAdditionalbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { + // remove trailing comma if exist + additionalbPKTargets = dbOA.getAdditionalbPKTargetList().substring(0, + dbOA.getAdditionalbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); - } else { + } else { + additionalbPKTargets = dbOA.getAdditionalbPKTargetList(); + } - String target = getTarget(); + } + } - if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) - dbOA.setTarget(target + "-" + getTarget_subsector()); - else - dbOA.setTarget(target); + // parse 'Austrian eID mode' flag + eidDemoActive = dbOA.getIseIDDemoModeActive(); + eidProxyActive = dbOA.getIseIDProxyModeActive(); + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname); + if (isBusinessService(dbOA) || authUser.isOnlyBusinessService()) { - } + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - } else { + String num = null; + if (authUser.isOnlyBusinessService()) { + deaktivededBusinessService = authUser.isOnlyBusinessService(); + num = authUser.getBusinessServiceType() + authUser.getBusinessServiceNumber(); - if (MiscUtil.isNotEmpty(getTarget())) { + } else { - String target = getTarget(); + num = getIdentificationNumber().replaceAll(" ", ""); + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) - dbOA.setTarget(target + "-" + getTarget_subsector()); + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - else - dbOA.setTarget(target); + /* + * Fixme: Company numbers had to be padded with '0' on left site But this bugfix + * can not be activated, because this would change all bPKs for company numbers. + * + * Change this in case of new bPK generation algorithms + */ + // num = StringUtils.leftPad(num, 7, '0'); + } - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname); + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + } - } - } + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); } - - dbOA.setForeignbPKTargetList(getForeignbPKTargets()); - dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets()); - dbOA.setIseIDDemoModeActive(isEidDemoActive()); - dbOA.setIseIDProxyModeActive(isEidProxyActive()); - - return null; - } - - /** - * @return - */ - private boolean isBusinessService(OnlineApplication dbOA) { - if (dbOA.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) - return true; - else - return false; - } - - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - return new OATargetConfigValidation().validate(this, authUser.isAdmin(), general, request); - } - - public String getTarget() { - return target; - } - - public void setTarget(String target) { - this.target = target; - } - - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - - public String getIdentificationNumber() { - return identificationNumber; - } - - public void setIdentificationNumber(String identificationNumber) { - this.identificationNumber = identificationNumber; - } - - public String getIdentificationType() { - return identificationType; - } - - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - /** - * @return the target_subsector - */ - public String getTarget_subsector() { - return target_subsector; - } - - - /** - * @param target_subsector the target_subsector to set - */ - public void setTarget_subsector(String target_subsector) { - this.target_subsector = target_subsector; - } - - - /** - * @return the target_admin - */ - public String getTarget_admin() { - return target_admin; - } - - - /** - * @param target_admin the target_admin to set - */ - public void setTarget_admin(String target_admin) { - this.target_admin = target_admin; - } - - - /** - * @return the targetList - */ - public List<String> getTargetList() { - return targetList; - } - - - /** - * @return the identificationTypeList - */ - public List<String> getIdentificationTypeList() { - return identificationTypeList; - } - - - /** - * @return the isAdminTarget - */ - public boolean isAdminTarget() { - return isAdminTarget; - } - - - /** - * @param isAdminTarget the isAdminTarget to set - */ - public void setAdminTarget(boolean isAdminTarget) { - this.isAdminTarget = isAdminTarget; - } - - /** - * @return the deaktivededBusinessService - */ - public boolean isDeaktivededBusinessService() { - return deaktivededBusinessService; - } + } + IdentificationNumber idnumber = authoa.getIdentificationNumber(); + if (idnumber == null) { + idnumber = new IdentificationNumber(); + } - /** - * @param deaktivededBusinessService the deaktivededBusinessService to set - */ - public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { - this.deaktivededBusinessService = deaktivededBusinessService; - } + if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { + idnumber.setValue(Constants.PREFIX_EIDAS + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } else if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { + idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } else { + idnumber.setValue(Constants.PREFIX_WPBK + getIdentificationType() + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } - /** - * @return the subTargetSet - */ - public boolean isSubTargetSet() { - return subTargetSet; - } + authoa.setIdentificationNumber(idnumber); + } else { + dbOA.setType(null); - /** - * @param subTargetSet the subTargetSet to set - */ - public void setSubTargetSet(boolean subTargetSet) { - this.subTargetSet = subTargetSet; - } + if (authUser.isAdmin()) { + if (MiscUtil.isNotEmpty(getTarget_admin()) && isAdminTarget()) { + dbOA.setTarget(getTarget_admin()); + dbOA.setTargetFriendlyName(getTargetFriendlyName()); + } else { - public String getForeignbPKTargets() { - return foreignbPKTargets; - } + final String target = getTarget(); + if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) { + dbOA.setTarget(target + "-" + getTarget_subsector()); + } else { + dbOA.setTarget(target); + } - public void setForeignbPKTargets(String foreignbPKTargets) { - if (MiscUtil.isNotEmpty(foreignbPKTargets)) - this.foreignbPKTargets = - KeyValueUtils.removeAllNewlineFromString(foreignbPKTargets); - else - this.foreignbPKTargets = foreignbPKTargets; - } + final String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) { + dbOA.setTargetFriendlyName(targetname); + } + } + + } else { + + if (MiscUtil.isNotEmpty(getTarget())) { - public String getAdditionalbPKTargets() { - return additionalbPKTargets; - } + final String target = getTarget(); + if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) { + dbOA.setTarget(target + "-" + getTarget_subsector()); + } else { + dbOA.setTarget(target); + } - public void setAdditionalbPKTargets(String additionalbPKTargets) { - if (MiscUtil.isNotEmpty(additionalbPKTargets)) - this.additionalbPKTargets = - KeyValueUtils.removeAllNewlineFromString(additionalbPKTargets); - else - this.additionalbPKTargets = additionalbPKTargets; + final String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) { + dbOA.setTargetFriendlyName(targetname); + } - } + } + } + } + + dbOA.setForeignbPKTargetList(getForeignbPKTargets()); + dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets()); + dbOA.setIseIDDemoModeActive(isEidDemoActive()); + dbOA.setIseIDProxyModeActive(isEidProxyActive()); + + return null; + } + + /** + * @return + */ + private boolean isBusinessService(OnlineApplication dbOA) { + if (dbOA.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) { + return true; + } else { + return false; + } + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OATargetConfigValidation().validate(this, authUser.isAdmin(), general, request); + } + + public String getTarget() { + return target; + } + + public void setTarget(String target) { + this.target = target; + } + + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + public String getIdentificationNumber() { + return identificationNumber; + } + + public void setIdentificationNumber(String identificationNumber) { + this.identificationNumber = identificationNumber; + } + + public String getIdentificationType() { + return identificationType; + } + + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * @return the target_subsector + */ + public String getTarget_subsector() { + return target_subsector; + } + + /** + * @param target_subsector the target_subsector to set + */ + public void setTarget_subsector(String target_subsector) { + this.target_subsector = target_subsector; + } + + /** + * @return the target_admin + */ + public String getTarget_admin() { + return target_admin; + } + + /** + * @param target_admin the target_admin to set + */ + public void setTarget_admin(String target_admin) { + this.target_admin = target_admin; + } + + /** + * @return the targetList + */ + public List<String> getTargetList() { + return targetList; + } + + /** + * @return the identificationTypeList + */ + public List<String> getIdentificationTypeList() { + return identificationTypeList; + } + + /** + * @return the isAdminTarget + */ + public boolean isAdminTarget() { + return isAdminTarget; + } + + /** + * @param isAdminTarget the isAdminTarget to set + */ + public void setAdminTarget(boolean isAdminTarget) { + this.isAdminTarget = isAdminTarget; + } + + /** + * @return the deaktivededBusinessService + */ + public boolean isDeaktivededBusinessService() { + return deaktivededBusinessService; + } + + /** + * @param deaktivededBusinessService the deaktivededBusinessService to set + */ + public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { + this.deaktivededBusinessService = deaktivededBusinessService; + } + + /** + * @return the subTargetSet + */ + public boolean isSubTargetSet() { + return subTargetSet; + } + + /** + * @param subTargetSet the subTargetSet to set + */ + public void setSubTargetSet(boolean subTargetSet) { + this.subTargetSet = subTargetSet; + } + + public String getForeignbPKTargets() { + return foreignbPKTargets; + } + + public void setForeignbPKTargets(String foreignbPKTargets) { + if (MiscUtil.isNotEmpty(foreignbPKTargets)) { + this.foreignbPKTargets = + KeyValueUtils.removeAllNewlineFromString(foreignbPKTargets); + } else { + this.foreignbPKTargets = foreignbPKTargets; + } + } + + public String getAdditionalbPKTargets() { + return additionalbPKTargets; + } + + public void setAdditionalbPKTargets(String additionalbPKTargets) { + if (MiscUtil.isNotEmpty(additionalbPKTargets)) { + this.additionalbPKTargets = + KeyValueUtils.removeAllNewlineFromString(additionalbPKTargets); + } else { + this.additionalbPKTargets = additionalbPKTargets; + } + } - public boolean isEidDemoActive() { - return eidDemoActive; - } + public boolean isEidDemoActive() { + return eidDemoActive; + } + public void setEidDemoActive(boolean eidDemoActive) { + this.eidDemoActive = eidDemoActive; + } - public void setEidDemoActive(boolean eidDemoActive) { - this.eidDemoActive = eidDemoActive; - } - - public boolean isEidProxyActive() { - return eidProxyActive; - } + public boolean isEidProxyActive() { + return eidProxyActive; + } + public void setEidProxyActive(boolean eidProxyActive) { + this.eidProxyActive = eidProxyActive; + } - public void setEidProxyActive(boolean eidProxyActive) { - this.eidProxyActive = eidProxyActive; - } - - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java index e27c55c90..29598a679 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java @@ -27,110 +27,128 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationGatewayType; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationIDPType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class PVPGatewayInterfederationConfig implements IOnlineApplicationData { - private static final Logger log = Logger.getLogger(PVPGatewayInterfederationConfig.class); - - private String entityID = null; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() - */ - @Override - public String getName() { - return "PVPGatewayInterfederation"; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - - InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); - if (gateway != null) { - this.entityID = gateway.getForwardIDPIdentifier(); - - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public String store(OnlineApplication dbOA, AuthenticatedUser authUser, - HttpServletRequest request) { - - if (authUser.isAdmin()) { - dbOA.setIsInterfederationGateway(true); - - InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); - if (gateway == null) { - gateway = new InterfederationGatewayType(); - dbOA.setInterfederationGateway(gateway); - } - - gateway.setForwardIDPIdentifier(entityID); - } - - dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) - */ - @Override - public List<String> validate(OAGeneralConfig general, - AuthenticatedUser authUser, HttpServletRequest request) { - - List<String> errors = new ArrayList<String>(); - - if (MiscUtil.isNotEmpty(entityID)) { - if (!ValidationHelper.validateURL(entityID)) { - log.info("PVP gateway EntityID is not valid"); - errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid", request)); - - } - - } else - errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty", request)); - - return errors; - } - - /** - * @return the entityID - */ - public String getEntityID() { - return entityID; - } - - /** - * @param entityID the entityID to set - */ - public void setEntityID(String entityID) { - this.entityID = entityID; - } - - - + private String entityID = null; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName + * () + */ + @Override + public String getName() { + return "PVPGatewayInterfederation"; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + + final InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); + if (gateway != null) { + this.entityID = gateway.getForwardIDPIdentifier(); + + } + + return null; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store( + * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + if (authUser.isAdmin()) { + dbOA.setIsInterfederationGateway(true); + + InterfederationGatewayType gateway = dbOA.getInterfederationGateway(); + if (gateway == null) { + gateway = new InterfederationGatewayType(); + dbOA.setInterfederationGateway(gateway); + } + + gateway.setForwardIDPIdentifier(entityID); + } + + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData# + * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, + * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, + * javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + final List<String> errors = new ArrayList<>(); + + if (MiscUtil.isNotEmpty(entityID)) { + if (!ValidationHelper.validateURL(entityID)) { + log.info("PVP gateway EntityID is not valid"); + errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid", + request)); + + } + + } else { + errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty", request)); + } + + return errors; + } + + /** + * @return the entityID + */ + public String getEntityID() { + return entityID; + } + + /** + * @param entityID the entityID to set + */ + public void setEntityID(String entityID) { + this.entityID = entityID; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index c69998fa2..8b50437cb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -40,8 +40,6 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; @@ -50,10 +48,10 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.util.ToStringUtil; import at.gv.util.WebAppUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class AuthenticationFilter implements Filter{ - - private final Logger log = Logger.getLogger(AuthenticationFilter.class); private static ConfigurationProvider config; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java index 71f9536ae..6c4ecf3ae 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java @@ -11,11 +11,13 @@ import javax.servlet.ServletResponse; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.builder.ToStringBuilder; -import org.apache.log4j.Logger; + +import lombok.extern.slf4j.Slf4j; /** * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a> */ +@Slf4j public class EncodingFilter implements javax.servlet.Filter { private static final String SERVLET_INIT_PARAM_ENCODING = "encoding"; @@ -30,8 +32,6 @@ public class EncodingFilter implements javax.servlet.Filter { private static final boolean DEFAULT_FORCE_REQUEST_ENCODING_VALUE = true; private static final boolean DEFAULT_SET_RESPONSE_ENCODING_VALUE = false; private static final boolean DEFAULT_FORCE_RESPONSE_ENCODING_VALUE = false; - - private Logger log = Logger.getLogger(getClass().getName()); private String encoding = null; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java index 4d47d8d96..25cf87aa9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java @@ -29,29 +29,27 @@ import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.util.Base64Utils; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class AuthenticationHelper { - - private static final Logger log = Logger.getLogger(AuthenticationHelper.class); - - public static String generateKeyFormPassword(String password) { - SecretKeyFactory factory; - - try { - factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); - KeySpec spec = new PBEKeySpec(password.toCharArray(), "TestSALT".getBytes(), 1024, 128); - SecretKey tmp = factory.generateSecret(spec); - SecretKeySpec secret = new SecretKeySpec(tmp.getEncoded(), "AES"); - return Base64Utils.encode(secret.getEncoded()); - - } catch (Exception e) { - log.info("Key generation form password failed."); - return null; - } - - } + + public static String generateKeyFormPassword(String password) { + SecretKeyFactory factory; + + try { + factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); + final KeySpec spec = new PBEKeySpec(password.toCharArray(), "TestSALT".getBytes(), 1024, 128); + final SecretKey tmp = factory.generateSecret(spec); + final SecretKeySpec secret = new SecretKeySpec(tmp.getEncoded(), "AES"); + return Base64Utils.encode(secret.getEncoded()); + + } catch (final Exception e) { + log.info("Key generation form password failed."); + return null; + } + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java index eed4aa32f..a6c8b93b1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java @@ -26,34 +26,32 @@ import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class DateTimeHelper { - private static final Logger log = Logger.getLogger(DateTimeHelper.class); - - private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm"; - - public static String getDateTime(Date date) { - SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); - return f.format(date); - } - - public static Date parseDateTime(String date) { - SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); - - if (MiscUtil.isNotEmpty(date)) { - - try { - return f.parse(date); - - } catch (ParseException e) { - log.warn("Parse DATETIME String " + date + " failed", e); - - } - } - return null; - } + private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm"; + + public static String getDateTime(Date date) { + final SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); + return f.format(date); + } + + public static Date parseDateTime(String date) { + final SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); + + if (MiscUtil.isNotEmpty(date)) { + + try { + return f.parse(date); + + } catch (final ParseException e) { + log.warn("Parse DATETIME String " + date + " failed", e); + + } + } + return null; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java index b4afcb5f2..406acf001 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -26,77 +26,76 @@ import java.util.ArrayList; import java.util.Date; import java.util.List; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.data.OAListElement.ServiceType; public class FormDataHelper { - public static ArrayList<OAListElement> populateFormWithInderfederationIDPs(List<OnlineApplication> dbOAs) { - - ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>(); - - for (OnlineApplication dboa : dbOAs) { - - if (dboa.isIsInterfederationIDP()!= null && dboa.isIsInterfederationIDP()) - formOAs.add(addOAFormListElement(dboa, ServiceType.IDP)); - - else if (dboa.isIsInterfederationGateway()!= null && dboa.isIsInterfederationGateway()) - formOAs.add(addOAFormListElement(dboa, ServiceType.GWAY)); - - else if (dboa.getAuthComponentOA().getOASTORK() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) - formOAs.add(addOAFormListElement(dboa, ServiceType.VIDP)); - } - return formOAs; - } - - public static ArrayList<OAListElement> populateFormWithOAs(List<OnlineApplication> dbOAs) { - - ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>(); - - for (OnlineApplication dboa : dbOAs) { - - if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) || - (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) || - (dboa.getAuthComponentOA().getOASTORK() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) || - (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() ))) { - formOAs.add(addOAFormListElement(dboa, ServiceType.OA)); - } - } - return formOAs; - } - - private static OAListElement addOAFormListElement(OnlineApplication dboa, ServiceType type) { - OAListElement listoa = new OAListElement(type); - listoa.setActive(dboa.isIsActive()); - listoa.setDataBaseID(dboa.getHjid()); - listoa.setOaFriendlyName(dboa.getFriendlyName()); - listoa.setOaIdentifier(dboa.getPublicURLPrefix()); - listoa.setOaType(dboa.getType()); - return listoa; - } - - public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) { - ArrayList<AuthenticatedUser> userlist = new ArrayList<AuthenticatedUser>(); - - for (UserDatabase dbuser : dbuserlist) { - - boolean ismandate = false; - if (dbuser.isIsMandateUser() != null) - ismandate = dbuser.isIsMandateUser(); - - userlist.add(new AuthenticatedUser(dbuser, - dbuser.isIsActive(), - ismandate, - false, null, null, new Date()) - ); - } - return userlist; - } + public static ArrayList<OAListElement> populateFormWithInderfederationIDPs(List<OnlineApplication> dbOAs) { + + final ArrayList<OAListElement> formOAs = new ArrayList<>(); + + for (final OnlineApplication dboa : dbOAs) { + + if (dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) { + formOAs.add(addOAFormListElement(dboa, ServiceType.IDP)); + } else if (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) { + formOAs.add(addOAFormListElement(dboa, ServiceType.GWAY)); + } else if (dboa.getAuthComponentOA().getOASTORK() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) { + formOAs.add(addOAFormListElement(dboa, ServiceType.VIDP)); + } + } + return formOAs; + } + + public static ArrayList<OAListElement> populateFormWithOAs(List<OnlineApplication> dbOAs) { + + final ArrayList<OAListElement> formOAs = new ArrayList<>(); + + for (final OnlineApplication dboa : dbOAs) { + + if (!(dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP() || + dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() || + dboa.getAuthComponentOA().getOASTORK() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() || + dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway())) { + formOAs.add(addOAFormListElement(dboa, ServiceType.OA)); + } + } + return formOAs; + } + + private static OAListElement addOAFormListElement(OnlineApplication dboa, ServiceType type) { + final OAListElement listoa = new OAListElement(type); + listoa.setActive(dboa.isIsActive()); + listoa.setDataBaseID(dboa.getHjid()); + listoa.setOaFriendlyName(dboa.getFriendlyName()); + listoa.setOaIdentifier(dboa.getPublicURLPrefix()); + listoa.setOaType(dboa.getType()); + return listoa; + } + + public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) { + final ArrayList<AuthenticatedUser> userlist = new ArrayList<>(); + + for (final UserDatabase dbuser : dbuserlist) { + + boolean ismandate = false; + if (dbuser.isIsMandateUser() != null) { + ismandate = dbuser.isIsMandateUser(); + } + + userlist.add(new AuthenticatedUser(dbuser, + dbuser.isIsActive(), + ismandate, + false, null, null, new Date())); + } + return userlist; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java index 29ab75b3e..d4f4d2129 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java @@ -22,81 +22,73 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.helper; +import java.text.MessageFormat; +import java.util.Locale; +import java.util.ResourceBundle; + +import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; -import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; -import javax.servlet.http.HttpServletRequest; -import java.text.MessageFormat; -import java.util.Locale; -import java.util.ResourceBundle; +@Slf4j +public class LanguageHelper { + private static String errorLanguage(String code, Locale locale) { + return ResourceBundle.getBundle("applicationResources", locale).getString(code); -import org.apache.log4j.Logger; + } + private static String guiLanguage(String code, Locale locale) { + return ResourceBundle.getBundle("applicationResources", locale).getString(code); -public class LanguageHelper { + } - private static Logger log = Logger.getLogger(LanguageHelper.class); - - private static String errorLanguage(String code, Locale locale) { - return ResourceBundle.getBundle("applicationResources", locale).getString(code); - - } + public static String getGUIString(String code, HttpServletRequest request) { + return guiLanguage(code, getLangFromRequest(request)); + } - private static String guiLanguage(String code, Locale locale) { - return ResourceBundle.getBundle("applicationResources", locale).getString(code); - - } + public static String getErrorString(String code, HttpServletRequest request) { + return errorLanguage(code, getLangFromRequest(request)); + } - public static String getGUIString(String code, HttpServletRequest request) { - return guiLanguage(code, getLangFromRequest(request)); - } + public static String getGUIString(String code, String parameter, HttpServletRequest request) { + return MessageFormat.format(getGUIString(code, request), parameter); + } + public static String getErrorString(String code, Object[] parameter, HttpServletRequest request) { - public static String getErrorString(String code, HttpServletRequest request) { - return errorLanguage(code, getLangFromRequest(request)); - } + return MessageFormat.format(getGUIString(code, request), parameter); + } - public static String getGUIString(String code, String parameter, HttpServletRequest request) { - return MessageFormat.format(getGUIString(code, request), parameter); - } + private static Locale getLangFromRequest(HttpServletRequest request) { + + Locale defaultLanguage = Locale.forLanguageTag("de"); - public static String getErrorString(String code, Object[] parameter, HttpServletRequest request) { + try { + final ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); + defaultLanguage = Locale.forLanguageTag(configurationProvider.getDefaultLanguage()); - return MessageFormat.format(getGUIString(code, request), parameter); + } catch (final ConfigurationException e) { + log.error("Configuration exception while getting ConfigurationProvider instance", e); } - - private static Locale getLangFromRequest(HttpServletRequest request) { - - Locale defaultLanguage = Locale.forLanguageTag("de"); - - try { - ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); - defaultLanguage = Locale.forLanguageTag(configurationProvider.getDefaultLanguage()); - - } catch (ConfigurationException e) { - log.error("Configuration exception while getting ConfigurationProvider instance", e); - } - - - if (request == null) { - return defaultLanguage; - - } else { - Object obj = request.getSession().getAttribute(Constants.SESSION_I18n); - - if (obj != null && obj instanceof Locale) { - return (Locale) obj; - - } else - return defaultLanguage; - - } - + if (request == null) { + return defaultLanguage; + + } else { + final Object obj = request.getSession().getAttribute(Constants.SESSION_I18n); + + if (obj != null && obj instanceof Locale) { + return (Locale) obj; + + } else { + return defaultLanguage; + } + } -} + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java index 8f3b8f479..5d1f663a9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java @@ -41,7 +41,6 @@ import javax.mail.internet.MimeMessage; import javax.mail.internet.MimeMultipart; import org.apache.commons.io.IOUtils; -import org.apache.log4j.Logger; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; @@ -49,207 +48,213 @@ import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class MailHelper { - private static final Logger log = Logger.getLogger(MailHelper.class); - - private static final String PATTERN_GIVENNAME = "#GIVENNAME#"; - private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#"; - private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#"; - private static final String PATTERN_DATE = "#TODAY_DATE#"; - private static final String PATTERN_OPENOAS = "#NUMBER_OAS#"; - private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#"; - private static final String PATTERN_OANAME = "#OANAME#"; - - public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailUserAcountVerificationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - - if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { - template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); - template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); - } - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - String verificationURL = config.getPublicUrlPreFix(null); - - if (!verificationURL.endsWith("/")) - verificationURL = verificationURL + "/"; - - verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION + - "?" + Constants.REQUEST_USERREQUESTTOKKEN + - "=" + userdb.getUserRequestTokken(); - template = template.replace(PATTERN_URL, verificationURL); - - sendMail(config, config.getMailUserAcountVerificationSubject(), - userdb.getMail(), template); - - } - - public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailAdminTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs)); - template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers)); - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template); - - } - - public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, String mailurl) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailUserAcountActivationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - if (MiscUtil.isNotEmpty(institut)) { - template = template.replace(PATTERN_GIVENNAME, institut); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, givenname); - template = template.replace(PATTERN_FAMILYNAME, familyname); - } - - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - String verificationURL = config.getPublicUrlPreFix(null); - if (!verificationURL.endsWith("/")) - verificationURL = verificationURL + "/"; - - template = template.replace(PATTERN_URL, verificationURL); - - sendMail(config, config.getMailUserAcountActivationSubject(), - mailurl, template); - } - - public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, String institut, String oaname, String mailurl) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailOAActivationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - if (MiscUtil.isNotEmpty(institut)) { - template = template.replace(PATTERN_GIVENNAME, institut); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, givenname); - template = template.replace(PATTERN_FAMILYNAME, familyname); - } - - template = template.replace(PATTERN_OANAME, oaname); - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - String verificationURL = config.getPublicUrlPreFix(null); - if (!verificationURL.endsWith("/")) - verificationURL = verificationURL + "/"; - - template = template.replace(PATTERN_URL, verificationURL); - - sendMail(config, config.getMailOAActivationSubject(), - mailurl, template); - } - - public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateurl = config.getMailUserAcountRevocationTemplate(); - - String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); - - if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { - template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); - template = template.replace(PATTERN_FAMILYNAME, ""); - - } else { - template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); - template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); - } - - SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); - template = template.replace(PATTERN_DATE, dateformat.format(new Date())); - - sendMail(config, config.getMailUserAcountActivationSubject(), - userdb.getMail(), template); - } - - private static String readTemplateFromURL(String templateurl, String rootDir) throws ConfigurationException { - InputStream input; - try { - - URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(templateurl, rootDir)); - input = keystoreURL.openStream(); - StringWriter writer = new StringWriter(); - IOUtils.copy(input, writer); - input.close(); - return writer.toString(); - - } catch (Exception e) { - log.warn("Mailtemplate can not be read from source" + templateurl); - throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl); - - } - } - - private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) throws ConfigurationException { - try { - log.debug("Sending mail."); - MiscUtil.assertNotNull(subject, "subject"); - MiscUtil.assertNotNull(recipient, "recipient"); - MiscUtil.assertNotNull(content, "content"); - - Properties props = new Properties(); - props.setProperty("mail.transport.protocol", "smtp"); - props.setProperty("mail.host", config.getSMTPMailHost()); - log.trace("Mail host: " + config.getSMTPMailHost()); - if (config.getSMTPMailPort() != null) { - log.trace("Mail port: " + config.getSMTPMailPort()); - props.setProperty("mail.port", config.getSMTPMailPort()); - } - if (config.getSMTPMailUsername() != null) { - log.trace("Mail user: " + config.getSMTPMailUsername()); - props.setProperty("mail.user", config.getSMTPMailUsername()); - } - if (config.getSMTPMailPassword() != null) { - log.trace("Mail password: " + config.getSMTPMailPassword()); - props.setProperty("mail.password", config.getSMTPMailPassword()); - } - - Session mailSession = Session.getDefaultInstance(props, null); - Transport transport = mailSession.getTransport(); - - MimeMessage message = new MimeMessage(mailSession); - message.setSubject(subject); - log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress()); - message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName())); - log.trace("Recipient: " + recipient); - message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient)); - - log.trace("Creating multipart content of mail."); - MimeMultipart multipart = new MimeMultipart("related"); - - log.trace("Adding first part (html)"); - BodyPart messageBodyPart = new MimeBodyPart(); - messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15"); - multipart.addBodyPart(messageBodyPart); - + private static final String PATTERN_GIVENNAME = "#GIVENNAME#"; + private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#"; + private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#"; + private static final String PATTERN_DATE = "#TODAY_DATE#"; + private static final String PATTERN_OPENOAS = "#NUMBER_OAS#"; + private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#"; + private static final String PATTERN_OANAME = "#OANAME#"; + + public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException { + + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailUserAcountVerificationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { + template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); + template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); + } + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + + if (!verificationURL.endsWith("/")) { + verificationURL = verificationURL + "/"; + } + + verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION + + "?" + Constants.REQUEST_USERREQUESTTOKKEN + + "=" + userdb.getUserRequestTokken(); + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailUserAcountVerificationSubject(), + userdb.getMail(), template); + + } + + public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailAdminTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs)); + template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers)); + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template); + + } + + public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, + String mailurl) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailUserAcountActivationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + if (MiscUtil.isNotEmpty(institut)) { + template = template.replace(PATTERN_GIVENNAME, institut); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, givenname); + template = template.replace(PATTERN_FAMILYNAME, familyname); + } + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + if (!verificationURL.endsWith("/")) { + verificationURL = verificationURL + "/"; + } + + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailUserAcountActivationSubject(), + mailurl, template); + } + + public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, + String institut, String oaname, String mailurl) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailOAActivationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + if (MiscUtil.isNotEmpty(institut)) { + template = template.replace(PATTERN_GIVENNAME, institut); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, givenname); + template = template.replace(PATTERN_FAMILYNAME, familyname); + } + + template = template.replace(PATTERN_OANAME, oaname); + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + if (!verificationURL.endsWith("/")) { + verificationURL = verificationURL + "/"; + } + + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailOAActivationSubject(), + mailurl, template); + } + + public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateurl = config.getMailUserAcountRevocationTemplate(); + + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); + + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { + template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); + template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); + } + + final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + sendMail(config, config.getMailUserAcountActivationSubject(), + userdb.getMail(), template); + } + + private static String readTemplateFromURL(String templateurl, String rootDir) + throws ConfigurationException { + InputStream input; + try { + + final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(templateurl, rootDir)); + input = keystoreURL.openStream(); + final StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + input.close(); + return writer.toString(); + + } catch (final Exception e) { + log.warn("Mailtemplate can not be read from source" + templateurl); + throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl); + + } + } + + private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) + throws ConfigurationException { + try { + log.debug("Sending mail."); + MiscUtil.assertNotNull(subject, "subject"); + MiscUtil.assertNotNull(recipient, "recipient"); + MiscUtil.assertNotNull(content, "content"); + + final Properties props = new Properties(); + props.setProperty("mail.transport.protocol", "smtp"); + props.setProperty("mail.host", config.getSMTPMailHost()); + log.trace("Mail host: " + config.getSMTPMailHost()); + if (config.getSMTPMailPort() != null) { + log.trace("Mail port: " + config.getSMTPMailPort()); + props.setProperty("mail.port", config.getSMTPMailPort()); + } + if (config.getSMTPMailUsername() != null) { + log.trace("Mail user: " + config.getSMTPMailUsername()); + props.setProperty("mail.user", config.getSMTPMailUsername()); + } + if (config.getSMTPMailPassword() != null) { + log.trace("Mail password: " + config.getSMTPMailPassword()); + props.setProperty("mail.password", config.getSMTPMailPassword()); + } + + final Session mailSession = Session.getDefaultInstance(props, null); + final Transport transport = mailSession.getTransport(); + + final MimeMessage message = new MimeMessage(mailSession); + message.setSubject(subject); + log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress()); + message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName())); + log.trace("Recipient: " + recipient); + message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient)); + + log.trace("Creating multipart content of mail."); + final MimeMultipart multipart = new MimeMultipart("related"); + + log.trace("Adding first part (html)"); + final BodyPart messageBodyPart = new MimeBodyPart(); + messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15"); + multipart.addBodyPart(messageBodyPart); + // log.trace("Adding mail images"); // messageBodyPart = new MimeBodyPart(); // for (Image image : images) { @@ -257,20 +262,20 @@ public class MailHelper { // messageBodyPart.setHeader("Content-ID", "<" + image.getContentId() + ">"); // multipart.addBodyPart(messageBodyPart); // } - - message.setContent(multipart); - transport.connect(); - log.trace("Sending mail message."); - transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO)); - log.trace("Successfully sent."); - transport.close(); - - } catch(MessagingException e) { - throw new ConfigurationException(e); - - } catch (UnsupportedEncodingException e) { - throw new ConfigurationException(e); - - } - } + + message.setContent(multipart); + transport.connect(); + log.trace("Sending mail message."); + transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO)); + log.trace("Successfully sent."); + transport.close(); + + } catch (final MessagingException e) { + throw new ConfigurationException(e); + + } catch (final UnsupportedEncodingException e) { + throw new ConfigurationException(e); + + } + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java index 53afa59a0..be4cab9d7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java @@ -26,37 +26,35 @@ import java.io.UnsupportedEncodingException; public class StringHelper { - public static String formatText(String strGivenText) - { - StringBuffer sbFormattedText = new StringBuffer(strGivenText); - - for(int i=0; i<sbFormattedText.length(); i++) - { - if(sbFormattedText.charAt(i) == '\n') { - sbFormattedText.deleteCharAt(i); - i--; - } - - if(sbFormattedText.charAt(i) == '\r') { - sbFormattedText.deleteCharAt(i); - i--; - } - - if(sbFormattedText.charAt(i) == '\t') { - sbFormattedText.deleteCharAt(i); - i--; - } - } - return sbFormattedText.toString(); + public static String formatText(String strGivenText) { + final StringBuffer sbFormattedText = new StringBuffer(strGivenText); + + for (int i = 0; i < sbFormattedText.length(); i++) { + if (sbFormattedText.charAt(i) == '\n') { + sbFormattedText.deleteCharAt(i); + i--; + } + + if (sbFormattedText.charAt(i) == '\r') { + sbFormattedText.deleteCharAt(i); + i--; + } + + if (sbFormattedText.charAt(i) == '\t') { + sbFormattedText.deleteCharAt(i); + i--; + } + } + return sbFormattedText.toString(); + } + + public static String getUTF8String(String input) { + try { + return new String(input.getBytes(), "UTF-8"); + + } catch (final UnsupportedEncodingException e) { + e.printStackTrace(); + return input; } - - public static String getUTF8String(String input) { - try { - return new String(input.getBytes(), "UTF-8"); - - } catch (UnsupportedEncodingException e) { - e.printStackTrace(); - return input; - } - } + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java index 9bbbe3df0..a34a516df 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java @@ -26,7 +26,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; @@ -38,100 +37,106 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class BasicAction extends ActionSupport implements ServletRequestAware, - ServletResponseAware { - - private static final long serialVersionUID = 7478261301859056771L; - private static Logger log = Logger.getLogger(BasicAction.class); - - protected HttpServletRequest request; - protected HttpServletResponse response; - protected ConfigurationProvider configuration = null; - protected AuthenticatedUser authUser = null; - protected HttpSession session = null; - protected String formID; - - protected static boolean isMoaidMode = false; - - public BasicAction() { - try { - isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); - } catch (ConfigurationException e) { - log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); - } - } - - - protected void populateBasicInformations() throws BasicActionException { - try { - configuration = ConfigurationProvider.getInstance(); - - session = request.getSession(); - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - if (authUserObj instanceof AuthenticatedUser) - authUser = (AuthenticatedUser) authUserObj; - - } catch (ConfigurationException e) { - log.warn("An internal error occurs.", e); - addActionError(LanguageHelper.getErrorString("error.login.internal", request)); - throw new BasicActionException(LanguageHelper.getErrorString("error.login.internal", request), e); - - } - } - - public String getConfigToolVersion() { - return configuration.getConfigToolVersion(); - } - - /** - * @return the authUser - */ - public AuthenticatedUser getAuthUser() { - return authUser; - } - - /* (non-Javadoc) - * @see org.apache.struts2.interceptor.ServletResponseAware#setServletResponse(javax.servlet.http.HttpServletResponse) - */ - @Override - public void setServletResponse(HttpServletResponse arg0) { - this.response = arg0; - - } - - /* (non-Javadoc) - * @see org.apache.struts2.interceptor.ServletRequestAware#setServletRequest(javax.servlet.http.HttpServletRequest) - */ - @Override - public void setServletRequest(HttpServletRequest arg0) { - this.request = arg0; - - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; + ServletResponseAware { + + private static final long serialVersionUID = 7478261301859056771L; + + protected HttpServletRequest request; + protected HttpServletResponse response; + protected ConfigurationProvider configuration = null; + protected AuthenticatedUser authUser = null; + protected HttpSession session = null; + protected String formID; + + protected static boolean isMoaidMode = false; + + public BasicAction() { + try { + isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (final ConfigurationException e) { + log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); } + } + + protected void populateBasicInformations() throws BasicActionException { + try { + configuration = ConfigurationProvider.getInstance(); + + session = request.getSession(); + final Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + if (authUserObj instanceof AuthenticatedUser) { + authUser = (AuthenticatedUser) authUserObj; + } + + } catch (final ConfigurationException e) { + log.warn("An internal error occurs.", e); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); + throw new BasicActionException(LanguageHelper.getErrorString("error.login.internal", request), e); - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; } + } + + public String getConfigToolVersion() { + return configuration.getConfigToolVersion(); + } + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + /* + * (non-Javadoc) + * + * @see + * org.apache.struts2.interceptor.ServletResponseAware#setServletResponse(javax. + * servlet.http.HttpServletResponse) + */ + @Override + public void setServletResponse(HttpServletResponse arg0) { + this.response = arg0; + + } + + /* + * (non-Javadoc) + * + * @see + * org.apache.struts2.interceptor.ServletRequestAware#setServletRequest(javax. + * servlet.http.HttpServletRequest) + */ + @Override + public void setServletRequest(HttpServletRequest arg0) { + this.request = arg0; + + } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } - public static boolean isMoaidMode() { - return isMoaidMode; - } - - + public static boolean isMoaidMode() { + return isMoaidMode; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index 20db561d6..ce975bd91 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -39,15 +39,14 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; -import org.apache.log4j.Logger; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; +import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration; import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; @@ -69,152 +68,156 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.util.MiscUtil; import iaik.utils.URLDecoder; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class BasicOAAction extends BasicAction { - private static final long serialVersionUID = 5676123696807646246L; - private final Logger log = Logger.getLogger(BasicOAAction.class); - - protected LinkedHashMap<String, IOnlineApplicationData> formList; - protected long oaid = -1; - - private String oaidobj; - private boolean newOA; - private boolean isMetaDataRefreshRequired = false; - - private InputStream stream = null; - - - - /** - * - */ - public BasicOAAction() { - super(); - - formList = new LinkedHashMap<String, IOnlineApplicationData>(); - - OAGeneralConfig generalOA = new OAGeneralConfig(); - formList.put(generalOA.getName(), generalOA); - - } - - protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException{ - if (!ValidationHelper.validateOAID(oaidobj)) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); - + private static final long serialVersionUID = 5676123696807646246L; + + protected LinkedHashMap<String, IOnlineApplicationData> formList; + protected long oaid = -1; + + private String oaidobj; + private boolean newOA; + private boolean isMetaDataRefreshRequired = false; + + private InputStream stream = null; + + /** + * + */ + public BasicOAAction() { + super(); + + formList = new LinkedHashMap<>(); + + final OAGeneralConfig generalOA = new OAGeneralConfig(); + formList.put(generalOA.getName(), generalOA); + + } + + protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException { + if (!ValidationHelper.validateOAID(oaidobj)) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + + } + oaid = Long.valueOf(oaidobj); + + UserDatabase userdb = null; + OnlineApplication onlineapplication = null; + + if (authUser.isAdmin()) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + } else { + userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + // TODO: change to direct Database operation + final List<String> oas = userdb.getOnlineApplication(); + for (final String oa : oas) { + if (oa.equals(oaid)) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + break; } - oaid = Long.valueOf(oaidobj); + } + if (onlineapplication == null) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + } - UserDatabase userdb = null; - OnlineApplication onlineapplication = null; + return onlineapplication; - if (authUser.isAdmin()) - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + } - else { - userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + protected void populateBasicNewOnlineApplicationInformation() { + session.setAttribute(Constants.SESSION_OAID, null); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); + setNewOA(true); - } + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + } - // TODO: change to direct Database operation - List<String> oas = userdb.getOnlineApplication(); - for (String oa : oas) { - if (oa.equals(oaid)) { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); - break; - } - } - if (onlineapplication == null) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); - } + protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication, + boolean persistOA) throws BasicOAActionException { + if (onlineapplication == null) { + onlineapplication = new OnlineApplication(); + onlineapplication.setIsNew(true); + onlineapplication.setIsActive(false); + + if (!authUser.isAdmin()) { + onlineapplication.setIsAdminRequired(true); + + } else { + isMetaDataRefreshRequired = true; + } + + } else { + onlineapplication.setIsNew(false); + if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA() + .getIdentifier())) { + + onlineapplication.setIsAdminRequired(true); + onlineapplication.setIsActive(false); + log.info("User with ID " + authUser.getUserID() + + " change OA-PublicURLPrefix. Reaktivation is required."); + } + + } + + if (onlineapplication.isIsAdminRequired() == null + || authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired()) { + + onlineapplication.setIsAdminRequired(false); + isMetaDataRefreshRequired = true; + + UserDatabase userdb = null; + if (onlineapplication.getHjid() != null) { + userdb = configuration.getUserManagement().getUsersWithOADBID(onlineapplication.getHjid()); + } + + if (userdb != null && !userdb.isIsAdmin()) { + try { + MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), + userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); + } catch (final ConfigurationException e) { + log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); } - - return onlineapplication; - - } - - protected void populateBasicNewOnlineApplicationInformation() { - session.setAttribute(Constants.SESSION_OAID, null); - - setNewOA(true); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + } + } + + // save OA configuration + final String error = saveOAConfigToDatabase(onlineapplication, persistOA); + if (MiscUtil.isNotEmpty(error)) { + log.warn("OA configuration can not be stored!"); + addActionError(error); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION); } - - protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication, boolean persistOA) throws BasicOAActionException { - if (onlineapplication == null) { - onlineapplication = new OnlineApplication(); - onlineapplication.setIsNew(true); - onlineapplication.setIsActive(false); - - if (!authUser.isAdmin()) { - onlineapplication.setIsAdminRequired(true); - - } else - isMetaDataRefreshRequired = true; - - } else { - onlineapplication.setIsNew(false); - if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA().getIdentifier())) { - - onlineapplication.setIsAdminRequired(true); - onlineapplication.setIsActive(false); - log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); - } - - } - - if ((onlineapplication.isIsAdminRequired() == null) - || (authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired())) { - - onlineapplication.setIsAdminRequired(false); - isMetaDataRefreshRequired = true; - - UserDatabase userdb = null; - if (onlineapplication.getHjid() != null) - userdb = configuration.getUserManagement().getUsersWithOADBID(onlineapplication.getHjid()); - - if (userdb != null && !userdb.isIsAdmin()) { - try { - MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), - userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); - } catch (ConfigurationException e) { - log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); - } - } - } - - //save OA configuration - String error = saveOAConfigToDatabase(onlineapplication, persistOA); - if (MiscUtil.isNotEmpty(error)) { - log.warn("OA configuration can not be stored!"); - addActionError(error); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION); - } // //set metadata reload flag if reload is required -// +// // if (getPvp2OA() != null && getPvp2OA().getMetaDataURL() != null) { // // try { @@ -234,290 +237,302 @@ public class BasicOAAction extends BasicAction { // } // // } - - return onlineapplication; - } - - protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException { - try { - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - } - } else { - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); - } - - OnlineApplication onlineapplication = null; - - Long oaid = getOAIDFromSession(); - - // valid DBID and check entry - OAGeneralConfig oaGeneralForm = ((OAGeneralConfig)formList.get(new OAGeneralConfig().getName())); - String oaidentifier = oaGeneralForm.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - - if (!ValidationHelper.validateURL(oaidentifier)) { - log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - - if (oaid == -1) { - List<OnlineApplication> oaList = configuration.getDbRead().getAllOnlineApplications(); - - if (oaList != null) { - for (OnlineApplication el : oaList) { - if (el.getPublicURLPrefix().startsWith(oaidentifier) ) - onlineapplication = el; - - } - } - - if (onlineapplication == null) { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier); - - } - - if (onlineapplication != null) { - log.info("The OAIdentifier is not unique"); - throw new BasicOAActionException( - LanguageHelper.getErrorString( - "validation.general.oaidentifier.notunique", - new Object[]{onlineapplication.getPublicURLPrefix()}, - request), - Constants.STRUTS_ERROR_VALIDATION); - - } else - setNewOA(true); - - } else { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); - if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { - - OnlineApplication dbOA = null; - List<OnlineApplication> oaList = configuration.getDbRead().getAllOnlineApplications(); - for (OnlineApplication el : oaList) { - if (el.getPublicURLPrefix().startsWith(oaidentifier) ) - dbOA = el; - - } - if (dbOA == null) - dbOA = configuration.getDbRead().getOnlineApplication(oaidentifier); - - if ( (dbOA != null && !dbOA.getHjid().equals(oaid))) { - log.info("The OAIdentifier is not unique"); - throw new BasicOAActionException( - LanguageHelper.getErrorString( - "validation.general.oaidentifier.notunique", - new Object[]{dbOA.getPublicURLPrefix()}, - request), - Constants.STRUTS_ERROR_VALIDATION); - - } - } - } - } - } - - return onlineapplication; - - } catch (BasicOAActionException e) { - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw e; - } - - } - - protected Long getOAIDFromSession() throws BasicOAActionException { - Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); - Long oaid = (long) -1; - - if (oadbid != null) { - try { - oaid = (Long) oadbid; - if (oaid < 0 || oaid > Long.MAX_VALUE) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); + + return onlineapplication; + } + + protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException { + try { + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + } else { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + } + + OnlineApplication onlineapplication = null; + + final Long oaid = getOAIDFromSession(); + + // valid DBID and check entry + final OAGeneralConfig oaGeneralForm = (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); + final String oaidentifier = oaGeneralForm.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (!ValidationHelper.validateURL(oaidentifier)) { + log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (oaid == -1) { + final List<OnlineApplication> oaList = configuration.getDbRead().getAllOnlineApplications(); + + if (oaList != null) { + for (final OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier)) { + onlineapplication = el; } - } catch (Throwable t) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); + } + } + + if (onlineapplication == null) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier); + } + + if (onlineapplication != null) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString( + "validation.general.oaidentifier.notunique", + new Object[] { onlineapplication.getPublicURLPrefix() }, + request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + setNewOA(true); + } + + } else { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { + + OnlineApplication dbOA = null; + final List<OnlineApplication> oaList = configuration.getDbRead().getAllOnlineApplications(); + for (final OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier)) { + dbOA = el; + } + + } + if (dbOA == null) { + dbOA = configuration.getDbRead().getOnlineApplication(oaidentifier); + } + + if (dbOA != null && !dbOA.getHjid().equals(oaid)) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString( + "validation.general.oaidentifier.notunique", + new Object[] { dbOA.getPublicURLPrefix() }, + request), + Constants.STRUTS_ERROR_VALIDATION); + + } + } + } } - - return oaid; + } + + return onlineapplication; + + } catch (final BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; } - - protected String preProcessDeleteOnlineApplication() throws BasicOAActionException { - try { - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); - - } - - String oaidentifier = getGeneralOA().getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), - Constants.STRUTS_ERROR_VALIDATION); - } - } - - return oaidentifier; - - } catch (BasicOAActionException e) { - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw e; - } + + } + + protected Long getOAIDFromSession() throws BasicOAActionException { + final Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); + Long oaid = (long) -1; + + if (oadbid != null) { + try { + oaid = (Long) oadbid; + if (oaid < 0 || oaid > Long.MAX_VALUE) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + + } catch (final Throwable t) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } } - - private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) { - - for (IOnlineApplicationData form : formList.values()) - form.store(dboa, authUser, request); - - try { - if (dboa.isIsNew()) { - if (!authUser.isAdmin()) { - UserDatabase user = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - List<String> useroas = user.getOnlineApplication(); - if (useroas == null) useroas = new ArrayList<String>(); + return oaid; + } + + protected String preProcessDeleteOnlineApplication() throws BasicOAActionException { + try { + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser + .getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); - useroas.add(String.valueOf(dboa.getHjid())); - configuration.getUserManagement().saveOrUpdate(user); - - } else { - if (persistOA) - save(dboa); - - } - - } else - if (persistOA) - save(dboa); - - } catch (MOADatabaseException e) { - log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + final String oaidentifier = getGeneralOA().getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); - return null; + } else { + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request), + Constants.STRUTS_ERROR_VALIDATION); + } + } + + return oaidentifier; + + } catch (final BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; + } + } + + private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) { + + for (final IOnlineApplicationData form : formList.values()) { + form.store(dboa, authUser, request); } - - protected void save(OnlineApplication oa) throws MOADatabaseException { - try { - STORK storkConfig = null; - try { - MOAIDConfiguration moaidConfig = - ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - - storkConfig = moaidConfig.getAuthComponentGeneral().getForeignIdentities().getSTORK(); - - } catch (Exception e) { - - } - - log.debug("JaxB to Key/Value configuration transformation started ..."); - Map<String, String> keyValueConfig = - ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa, storkConfig); - - log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); - - String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); - if (MiscUtil.isEmpty(serviceIdentifier)) { - log.info("Use default ServiceIdentifier."); - serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; - } - - if (oa.getHjid() == null) { - log.debug("No hjID -> find new Service ID ..."); - String hjID = configuration.getConfigModule().buildArrayIdentifier( - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier, 0, keyValueConfig); - log.debug("Find new hjID: " + hjID + " for service: " + oa.getPublicURLPrefix()); - oa.setHjid(Long.valueOf(hjID)); - - } else { - //TODO: work-around for old config tool and new key/value configuration - //see: NewConfigurationDBRead.java Line 81 + + try { + if (dboa.isIsNew()) { + if (!authUser.isAdmin()) { + final UserDatabase user = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + List<String> useroas = user.getOnlineApplication(); + if (useroas == null) { + useroas = new ArrayList<>(); + } + + useroas.add(String.valueOf(dboa.getHjid())); + configuration.getUserManagement().saveOrUpdate(user); + + } else { + if (persistOA) { + save(dboa); + } + + } + + } else if (persistOA) { + save(dboa); + } + + } catch (final MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + } + + return null; + } + + protected void save(OnlineApplication oa) throws MOADatabaseException { + try { + STORK storkConfig = null; + try { + final MOAIDConfiguration moaidConfig = + ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); + + storkConfig = moaidConfig.getAuthComponentGeneral().getForeignIdentities().getSTORK(); + + } catch (final Exception e) { + + } + + log.debug("JaxB to Key/Value configuration transformation started ..."); + final Map<String, String> keyValueConfig = + ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa, storkConfig); + + log.debug( + "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); + + String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); + if (MiscUtil.isEmpty(serviceIdentifier)) { + log.info("Use default ServiceIdentifier."); + serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; + } + + if (oa.getHjid() == null) { + log.debug("No hjID -> find new Service ID ..."); + final String hjID = configuration.getConfigModule().buildArrayIdentifier( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier, 0, keyValueConfig); + log.debug("Find new hjID: " + hjID + " for service: " + oa.getPublicURLPrefix()); + oa.setHjid(Long.valueOf(hjID)); + + } else { + // TODO: work-around for old config tool and new key/value configuration + // see: NewConfigurationDBRead.java Line 81 // if (oa.getHjid() > 1000000) { -// if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) +// if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) // oa.setHjid(oa.getHjid() - 1000000); // else if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_IIDP)) // oa.setHjid(oa.getHjid() - 2000000); @@ -525,208 +540,210 @@ public class BasicOAAction extends BasicAction { // oa.setHjid(oa.getHjid() - 3000000); // else // log.warn("Inconsistent state found! Service Identifier for OA found but Hjid is > 1000000."); -// +// // } - - } - - Map<String, String> absolutKeyValue = KeyValueUtils.makeKeysAbsolut( - keyValueConfig, - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(oa.getHjid()), - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); - - configuration.getConfigModule().storeChanges(absolutKeyValue, null, null); - - log.info("MOA-ID Service Key/Value configuration successfull stored."); - - - } catch (ConfigurationStorageException | at.gv.egiz.components.configuration.api.ConfigurationException e) { - log.warn("MOAID Configuration can not be stored in Database", e); - throw new MOADatabaseException(e.getMessage(), e); - - } - + + } + + final Map<String, String> absolutKeyValue = KeyValueUtils.makeKeysAbsolut( + keyValueConfig, + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf( + oa.getHjid()), + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + + configuration.getConfigModule().storeChanges(absolutKeyValue, null, null); + + log.info("MOA-ID Service Key/Value configuration successfull stored."); + + } catch (ConfigurationStorageException + | at.gv.egiz.components.configuration.api.ConfigurationException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + throw new MOADatabaseException(e.getMessage(), e); + } - - protected boolean delete(OnlineApplication onlineapplication) { - try { - log.debug("JaxB to Key/Value configuration transformation started ..."); - Map<String, String> keyValueConfig = - ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(onlineapplication, null); - - log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); - - String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); - if (MiscUtil.isEmpty(serviceIdentifier)) { - log.info("Use default ServiceIdentifier."); - serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; - } - - String deleteServiceKey = - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(onlineapplication.getHjid()) + ".*"; - - configuration.getConfigModule().storeChanges(null, null, Arrays.asList(new String[]{deleteServiceKey})); - - log.info("MOA-ID Service Key/Value configuration successfull stored."); - return true; - - } catch (ConfigurationStorageException e) { - log.warn("MOAID Configuration can not be stored in Database", e); - - } - - return false; - + + } + + protected boolean delete(OnlineApplication onlineapplication) { + try { + log.debug("JaxB to Key/Value configuration transformation started ..."); + final Map<String, String> keyValueConfig = + ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(onlineapplication, null); + + log.debug( + "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); + + String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); + if (MiscUtil.isEmpty(serviceIdentifier)) { + log.info("Use default ServiceIdentifier."); + serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; + } + + final String deleteServiceKey = + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf( + onlineapplication.getHjid()) + ".*"; + + configuration.getConfigModule().storeChanges(null, null, Arrays.asList(new String[] { + deleteServiceKey })); + + log.info("MOA-ID Service Key/Value configuration successfull stored."); + return true; + + } catch (final ConfigurationStorageException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + } - - public String bkuFramePreview() { - String preview = null; + return false; - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - InputStream input = null; + } - try { - Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); - if (mapobj != null && mapobj instanceof Map<?, ?>) { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR - + ConfigurationProvider.HTMLTEMPLATE_FILE; - - File file = new File(new URI(templateURL)); - input = new FileInputStream(file); - - String contextpath = config.getMOAIDInstanceURL(); - if (MiscUtil.isEmpty(contextpath)) { - log.info("NO MOA-ID instance URL configurated."); - input.close(); - throw new ConfigurationException("No MOA-ID instance configurated"); - - } - - //set parameters - Map<String, Object> params = (Map<String, Object>) mapobj; - params.put( - AbstractServiceProviderSpecificGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, - contextpath); - - request.setCharacterEncoding("UTF-8"); - String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); - String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); - - if (value != null) { - String[] query = URLDecoder.decode(request.getQueryString()).split("&"); - value = query[1].substring("value=".length()); - } + public String bkuFramePreview() { - synchronized (params) { - if (MiscUtil.isNotEmpty(module)) { - if (params.containsKey(module)) { - if (MiscUtil.isNotEmpty(value)) { - if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT.contains(module) - || value.startsWith("#")) - params.put(module, value); - else - params.put(module, "#" + value); - - } else { - params.put(module, FormBuildUtils.getDefaultMap().get(module)); - } - } - } - } - - //write preview - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - VelocityContext context = new VelocityContext(); - Iterator<Entry<String, Object>> interator = params.entrySet().iterator(); - while (interator.hasNext()) { - Entry<String, Object> el = interator.next(); - context.put(el.getKey(), el.getValue()); - - } - StringWriter writer = new StringWriter(); - engine.evaluate(context, writer, "BKUSelection_preview", - new BufferedReader(new InputStreamReader(input))); - stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8")); + String preview = null; - } else { - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + try { + populateBasicInformations(); - } + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + InputStream input = null; + + try { + final Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); + if (mapobj != null && mapobj instanceof Map<?, ?>) { + + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR + + ConfigurationProvider.HTMLTEMPLATE_FILE; - } catch (Exception e) { - log.warn("BKUSelection Preview can not be generated.", e); - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + final File file = new File(new URI(templateURL)); + input = new FileInputStream(file); + + final String contextpath = config.getMOAIDInstanceURL(); + if (MiscUtil.isEmpty(contextpath)) { + log.info("NO MOA-ID instance URL configurated."); + input.close(); + throw new ConfigurationException("No MOA-ID instance configurated"); } - if (stream == null && MiscUtil.isNotEmpty(preview)) { - try { - stream = new ByteArrayInputStream(preview.getBytes("UTF-8")); - - } catch (UnsupportedEncodingException e) { - e.printStackTrace(); - - } + // set parameters + final Map<String, Object> params = (Map<String, Object>) mapobj; + params.put( + AbstractGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, + contextpath); + + request.setCharacterEncoding("UTF-8"); + final String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); + String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); + + if (value != null) { + final String[] query = URLDecoder.decode(request.getQueryString()).split("&"); + value = query[1].substring("value=".length()); } - - - return Constants.STRUTS_SUCCESS; - } - - - /** - * @param oaidobj the oaidobj to set - */ - public void setOaidobj(String oaidobj) { - this.oaidobj = oaidobj; - } - - /** - * @return the newOA - */ - public boolean isNewOA() { - return newOA; - } - /** - * @param newOA the newOA to set - */ - public void setNewOA(boolean newOA) { - this.newOA = newOA; - } - - public OAGeneralConfig getGeneralOA() { - return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); - } + synchronized (params) { + if (MiscUtil.isNotEmpty(module)) { + if (params.containsKey(module)) { + if (MiscUtil.isNotEmpty(value)) { + if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT + .contains(module) + || value.startsWith("#")) { + params.put(module, value); + } else { + params.put(module, "#" + value); + } - public void setGeneralOA(OAGeneralConfig generalOA) { - formList.put(generalOA.getName(), generalOA); - } - - - public OAPVP2Config getPvp2OA() { - return (OAPVP2Config) formList.get(new OAPVP2Config().getName()); - } + } else { + params.put(module, FormBuildUtils.getDefaultMap().get(module)); + } + } + } + } + + // write preview + final VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); + final VelocityContext context = new VelocityContext(); + final Iterator<Entry<String, Object>> interator = params.entrySet().iterator(); + while (interator.hasNext()) { + final Entry<String, Object> el = interator.next(); + context.put(el.getKey(), el.getValue()); + + } + final StringWriter writer = new StringWriter(); + engine.evaluate(context, writer, "BKUSelection_preview", + new BufferedReader(new InputStreamReader(input))); + stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8")); + + } else { + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + + } + + } catch (final Exception e) { + log.warn("BKUSelection Preview can not be generated.", e); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); - public void setPvp2OA(OAPVP2Config pvp2oa) { - formList.put(pvp2oa.getName(), pvp2oa); } - /** - * @return the stream - */ - public InputStream getStream() { - return stream; - } + if (stream == null && MiscUtil.isNotEmpty(preview)) { + try { + stream = new ByteArrayInputStream(preview.getBytes("UTF-8")); + + } catch (final UnsupportedEncodingException e) { + e.printStackTrace(); + + } + } + return Constants.STRUTS_SUCCESS; + } + + /** + * @param oaidobj the oaidobj to set + */ + public void setOaidobj(String oaidobj) { + this.oaidobj = oaidobj; + } + + /** + * @return the newOA + */ + public boolean isNewOA() { + return newOA; + } + + /** + * @param newOA the newOA to set + */ + public void setNewOA(boolean newOA) { + this.newOA = newOA; + } + + public OAGeneralConfig getGeneralOA() { + return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); + } + + public void setGeneralOA(OAGeneralConfig generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + public OAPVP2Config getPvp2OA() { + return (OAPVP2Config) formList.get(new OAPVP2Config().getName()); + } + + public void setPvp2OA(OAPVP2Config pvp2oa) { + formList.put(pvp2oa.getName(), pvp2oa); + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 8e057db0f..0992d7f1a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -30,7 +30,6 @@ import java.util.Map; import java.util.Set; import org.apache.commons.lang3.StringUtils; -import org.apache.log4j.Logger; import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; @@ -76,164 +75,160 @@ import at.gv.egovernment.moa.id.configuration.helper.StringHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class EditGeneralConfigAction extends BasicAction { - - private static final Logger log = Logger.getLogger(EditGeneralConfigAction.class); - private static final long serialVersionUID = 1L; - - private GeneralMOAIDConfig moaconfig; - private GeneralStorkConfig storkconfig; - - private String formID; - - public String loadConfig() { - try { - populateBasicInformations(); - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (authUser.isAdmin()) { - - - MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); - - moaconfig = new GeneralMOAIDConfig(); - moaconfig.parse(dbconfig); - if (moaconfig == null) { - log.error("MOA configuration is null"); - } - if (moaconfig.isMoaidMode()) { - storkconfig = new GeneralStorkConfig(); - storkconfig.parse(dbconfig); - if (storkconfig == null) { - log.error("Stork configuration is null"); - } - } + private static final long serialVersionUID = 1L; + + private GeneralMOAIDConfig moaconfig; + private GeneralStorkConfig storkconfig; + + private String formID; + + public String loadConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (authUser.isAdmin()) { + + final MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); + + moaconfig = new GeneralMOAIDConfig(); + moaconfig.parse(dbconfig); + if (moaconfig == null) { + log.error("MOA configuration is null"); + } + + if (moaconfig.isMoaidMode()) { + storkconfig = new GeneralStorkConfig(); + storkconfig.parse(dbconfig); + if (storkconfig == null) { + log.error("Stork configuration is null"); + } + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_SUCCESS; + + } else { + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String saveConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + boolean isMoaidMode = false; + try { + isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (final ConfigurationException e) { + log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); + } + + if (authUser.isAdmin()) { + + final MOAConfigValidator validator = new MOAConfigValidator(); + + final List<String> errors = validator.validate(moaconfig, request, isMoaidMode); + + if (isMoaidMode) { + errors.addAll(new StorkConfigValidator().validate(storkconfig, request)); + } + + if (errors.size() > 0) { + log.info("General MOA-ID configuration has some errors."); + for (final String el : errors) { + addActionError(el); + } + + if (moaconfig.getSecLayerTransformation() != null) { + session.setAttribute(Constants.SESSION_SLTRANSFORMATION, moaconfig.getSecLayerTransformation()); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + if (moaconfig.getSecLayerTransformation() == null && + session.getAttribute(Constants.SESSION_SLTRANSFORMATION) != null && + session.getAttribute(Constants.SESSION_SLTRANSFORMATION) instanceof Map<?, ?>) { + moaconfig.setSecLayerTransformation((Map<String, byte[]>) session.getAttribute( + Constants.SESSION_SLTRANSFORMATION)); + + } + } + + final String error = saveFormToDatabase(isMoaidMode); + if (error != null) { + log.warn("General MOA-ID config can not be stored in Database"); + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + addActionError(error); + return Constants.STRUTS_ERROR_VALIDATION; + } + + session.setAttribute(Constants.SESSION_SLTRANSFORMATION, null); + + } else { + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success", request)); + return Constants.STRUTS_SUCCESS; + } + + public String back() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + return Constants.STRUTS_SUCCESS; + } - - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_SUCCESS; - - } else { - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - public String saveConfig() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - boolean isMoaidMode = false; - try { - isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); - } catch (ConfigurationException e) { - log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); - } - - if (authUser.isAdmin()) { - - MOAConfigValidator validator = new MOAConfigValidator(); - - List<String> errors = validator.validate(moaconfig, request, isMoaidMode); - - if (isMoaidMode) - errors.addAll(new StorkConfigValidator().validate(storkconfig, request)); - - if (errors.size() > 0) { - log.info("General MOA-ID configuration has some errors."); - for (String el : errors) - addActionError(el); - - if (moaconfig.getSecLayerTransformation() != null) { - session.setAttribute(Constants.SESSION_SLTRANSFORMATION, moaconfig.getSecLayerTransformation()); - } - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - if (moaconfig.getSecLayerTransformation() == null && - session.getAttribute(Constants.SESSION_SLTRANSFORMATION) != null && - session.getAttribute(Constants.SESSION_SLTRANSFORMATION) instanceof Map<?, ?> ) { - moaconfig.setSecLayerTransformation((Map<String, byte[]>) - session.getAttribute(Constants.SESSION_SLTRANSFORMATION)); - - } - } - - String error = saveFormToDatabase(isMoaidMode); - if (error != null) { - log.warn("General MOA-ID config can not be stored in Database"); - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - addActionError(error); - return Constants.STRUTS_ERROR_VALIDATION; - } - - session.setAttribute(Constants.SESSION_SLTRANSFORMATION, null); - - } else { - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - - addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success", request)); - return Constants.STRUTS_SUCCESS; - } - - public String back() { - try { - populateBasicInformations(); - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - return Constants.STRUTS_SUCCESS; - } - - private String saveFormToDatabase(boolean isMoaidMode) { - - log.debug("Saving form to database"); + private String saveFormToDatabase(boolean isMoaidMode) { + + log.debug("Saving form to database"); // log.error("Saving form to db"); // log.info("SV frm db"); @@ -244,630 +239,649 @@ public class EditGeneralConfigAction extends BasicAction { // log.error(" SES PARAM: " + obj.toString()); // } - try { - log.error(" ASSERTION " + moaconfig.getTimeoutAssertion()); - } catch (Exception ex) { - ex.printStackTrace(); - } - - MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); - if (dbconfig == null) - dbconfig = new MOAIDConfiguration(); - - - AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); - if (dbauth == null) { - dbauth = new AuthComponentGeneral(); - dbconfig.setAuthComponentGeneral(dbauth); - } - - GeneralConfiguration dbauthgeneral = dbauth.getGeneralConfiguration(); - if (dbauthgeneral == null) { - dbauthgeneral = new GeneralConfiguration(); - dbauth.setGeneralConfiguration(dbauthgeneral); - } - + try { + log.error(" ASSERTION " + moaconfig.getTimeoutAssertion()); + } catch (final Exception ex) { + ex.printStackTrace(); + } + + MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); + if (dbconfig == null) { + dbconfig = new MOAIDConfiguration(); + } + + AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); + if (dbauth == null) { + dbauth = new AuthComponentGeneral(); + dbconfig.setAuthComponentGeneral(dbauth); + } + + GeneralConfiguration dbauthgeneral = dbauth.getGeneralConfiguration(); + if (dbauthgeneral == null) { + dbauthgeneral = new GeneralConfiguration(); + dbauth.setGeneralConfiguration(dbauthgeneral); + } + // GeneralConfiguration oldauthgeneral = null; // if (oldauth != null) // oldauthgeneral = oldauth.getGeneralConfiguration(); - - //set Public URL Prefix - String pubURLPrefix = moaconfig.getPublicURLPrefix(); - if (moaconfig.isVirtualPublicURLPrefixEnabled()) { - dbauthgeneral.setPublicURLPreFix( - KeyValueUtils.normalizeCSVValueString(pubURLPrefix)); - - } else { - if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) { - dbauthgeneral.setPublicURLPreFix( - pubURLPrefix.trim().substring(0, - pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER))); - - } else - dbauthgeneral.setPublicURLPreFix( - StringUtils.chomp(pubURLPrefix.trim())); - - } - - dbauthgeneral.setVirtualPublicURLPrefixEnabled( - moaconfig.isVirtualPublicURLPrefixEnabled()); - - + + // set Public URL Prefix + final String pubURLPrefix = moaconfig.getPublicURLPrefix(); + if (moaconfig.isVirtualPublicURLPrefixEnabled()) { + dbauthgeneral.setPublicURLPreFix( + KeyValueUtils.normalizeCSVValueString(pubURLPrefix)); + + } else { + if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) { + dbauthgeneral.setPublicURLPreFix( + pubURLPrefix.trim().substring(0, + pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER))); + + } else { + dbauthgeneral.setPublicURLPreFix( + StringUtils.chomp(pubURLPrefix.trim())); + } + + } + + dbauthgeneral.setVirtualPublicURLPrefixEnabled( + moaconfig.isVirtualPublicURLPrefixEnabled()); + // if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID())) // dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID()); // else { // if (oldauthgeneral != null) // dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID()); // } - + // if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory())) // dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory()); - - TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts(); - if (dbtimeouts == null) { - dbtimeouts = new TimeOuts(); - dbauthgeneral.setTimeOuts(dbtimeouts); - } - if (MiscUtil.isEmpty(moaconfig.getTimeoutAssertion())) - dbtimeouts.setAssertion(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTASSERTION)); - else - dbtimeouts.setAssertion(new BigInteger(moaconfig.getTimeoutAssertion())); - - if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionCreated())) - dbtimeouts.setMOASessionCreated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONCREATED)); - else - dbtimeouts.setMOASessionCreated(new BigInteger(moaconfig.getTimeoutMOASessionCreated())); - - if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionUpdated())) - dbtimeouts.setMOASessionUpdated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONUPDATED)); - else - dbtimeouts.setMOASessionUpdated(new BigInteger(moaconfig.getTimeoutMOASessionUpdated())); - - dbauthgeneral.setTrustManagerRevocationChecking(moaconfig.isTrustmanagerrevocationcheck()); - - - - Protocols dbprotocols = dbauth.getProtocols(); - if (dbprotocols == null) { - dbprotocols = new Protocols(); - dbauth.setProtocols(dbprotocols); - } - LegacyAllowed legprot = dbprotocols.getLegacyAllowed(); - if (legprot == null) { - legprot = new LegacyAllowed(); - dbprotocols.setLegacyAllowed(legprot); - } - - List<String> el = legprot.getProtocolName(); - if (el == null) { - el = new ArrayList<String>(); - legprot.setProtocolName(el); - - } - - //Workaround for DB cleaning is only needed for one or the releases (insert in 2.1.1) - if (el.size() > 2) - el.clear(); - - if (el.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) { - if (!moaconfig.isLegacy_pvp2()) - el.remove(Constants.MOA_CONFIG_PROTOCOL_PVP2); - - } else { - if (moaconfig.isLegacy_pvp2()) - el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2); - } - - if (el.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) { - if (!moaconfig.isLegacy_saml1()) - el.remove(Constants.MOA_CONFIG_PROTOCOL_SAML1); - - } else { - if (moaconfig.isLegacy_saml1()) - el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); - } - - SAML1 saml1= dbprotocols.getSAML1(); - if (saml1 == null) { - saml1 = new SAML1(); - dbprotocols.setSAML1(saml1); - } - saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); - - if (MiscUtil.isNotEmpty(moaconfig.getSaml1SourceID())) { - saml1.setSourceID(moaconfig.getSaml1SourceID()); - - } else { - if (MiscUtil.isNotEmpty(saml1.getSourceID())) - saml1.setSourceID(moaconfig.getSaml1SourceID()); - - } - - - OAuth oauth= dbprotocols.getOAuth(); - if (oauth == null) { - oauth = new OAuth(); - dbprotocols.setOAuth(oauth); - } - - PVP2 pvp2 = dbprotocols.getPVP2(); - if (pvp2 == null) { - pvp2 = new PVP2(); - dbprotocols.setPVP2(pvp2); - } - - if (isMoaidMode) { - oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); - pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); - - } - - if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) - pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); + + TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts(); + if (dbtimeouts == null) { + dbtimeouts = new TimeOuts(); + dbauthgeneral.setTimeOuts(dbtimeouts); + } + if (MiscUtil.isEmpty(moaconfig.getTimeoutAssertion())) { + dbtimeouts.setAssertion(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTASSERTION)); + } else { + dbtimeouts.setAssertion(new BigInteger(moaconfig.getTimeoutAssertion())); + } + + if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionCreated())) { + dbtimeouts.setMOASessionCreated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONCREATED)); + } else { + dbtimeouts.setMOASessionCreated(new BigInteger(moaconfig.getTimeoutMOASessionCreated())); + } + + if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionUpdated())) { + dbtimeouts.setMOASessionUpdated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONUPDATED)); + } else { + dbtimeouts.setMOASessionUpdated(new BigInteger(moaconfig.getTimeoutMOASessionUpdated())); + } + + dbauthgeneral.setTrustManagerRevocationChecking(moaconfig.isTrustmanagerrevocationcheck()); + + Protocols dbprotocols = dbauth.getProtocols(); + if (dbprotocols == null) { + dbprotocols = new Protocols(); + dbauth.setProtocols(dbprotocols); + } + LegacyAllowed legprot = dbprotocols.getLegacyAllowed(); + if (legprot == null) { + legprot = new LegacyAllowed(); + dbprotocols.setLegacyAllowed(legprot); + } + + List<String> el = legprot.getProtocolName(); + if (el == null) { + el = new ArrayList<>(); + legprot.setProtocolName(el); + + } + + // Workaround for DB cleaning is only needed for one or the releases (insert in + // 2.1.1) + if (el.size() > 2) { + el.clear(); + } + + if (el.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) { + if (!moaconfig.isLegacy_pvp2()) { + el.remove(Constants.MOA_CONFIG_PROTOCOL_PVP2); + } + + } else { + if (moaconfig.isLegacy_pvp2()) { + el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2); + } + } + + if (el.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) { + if (!moaconfig.isLegacy_saml1()) { + el.remove(Constants.MOA_CONFIG_PROTOCOL_SAML1); + } + + } else { + if (moaconfig.isLegacy_saml1()) { + el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); + } + } + + SAML1 saml1 = dbprotocols.getSAML1(); + if (saml1 == null) { + saml1 = new SAML1(); + dbprotocols.setSAML1(saml1); + } + saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); + + if (MiscUtil.isNotEmpty(moaconfig.getSaml1SourceID())) { + saml1.setSourceID(moaconfig.getSaml1SourceID()); + + } else { + if (MiscUtil.isNotEmpty(saml1.getSourceID())) { + saml1.setSourceID(moaconfig.getSaml1SourceID()); + } + + } + + OAuth oauth = dbprotocols.getOAuth(); + if (oauth == null) { + oauth = new OAuth(); + dbprotocols.setOAuth(oauth); + } + + PVP2 pvp2 = dbprotocols.getPVP2(); + if (pvp2 == null) { + pvp2 = new PVP2(); + dbprotocols.setPVP2(pvp2); + } + + if (isMoaidMode) { + oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); + pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); + + } + + if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) { + pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); // if (MiscUtil.isNotEmpty(moaconfig.getPvp2PublicUrlPrefix())) // pvp2.setPublicURLPrefix(moaconfig.getPvp2PublicUrlPrefix()); - - Organization pvp2org = pvp2.getOrganization(); - if (pvp2org == null) { - pvp2org = new Organization(); - pvp2.setOrganization(pvp2org); - } - if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgDisplayName())) - pvp2org.setDisplayName(StringHelper.getUTF8String( - moaconfig.getPvp2OrgDisplayName())); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgName())) - pvp2org.setName(StringHelper.getUTF8String(moaconfig.getPvp2OrgName())); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgURL())) - pvp2org.setURL(moaconfig.getPvp2OrgURL()); - - List<Contact> pvp2cont = pvp2.getContact(); - if (pvp2cont == null) { - pvp2cont = new ArrayList<Contact>(); - pvp2.setContact(pvp2cont); - } - - if (pvp2cont.size() == 0) { - Contact cont = new Contact(); - pvp2cont.add(cont); - } - - Contact cont = pvp2cont.get(0); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getCompany())) - cont.setCompany(StringHelper.getUTF8String( - moaconfig.getPvp2Contact().getCompany())); - - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getGivenname())) - cont.setGivenName(StringHelper.getUTF8String( - moaconfig.getPvp2Contact().getGivenname())); - - if (cont.getMail() != null && cont.getMail().size() > 0) - cont.getMail().set(0, moaconfig.getPvp2Contact().getMail()); - else - cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail())); - - if (cont.getPhone() != null && cont.getPhone().size() > 0) - cont.getPhone().set(0, moaconfig.getPvp2Contact().getPhone()); - else - cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone())); - - cont.setSurName(StringHelper.getUTF8String(moaconfig.getPvp2Contact().getSurname())); - if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) - cont.setType(moaconfig.getPvp2Contact().getType()); - - - ChainingModes dbchainingmodes = dbconfig.getChainingModes(); - if (dbchainingmodes == null) { - dbchainingmodes = new ChainingModes(); - dbconfig.setChainingModes(dbchainingmodes); - } - - dbchainingmodes.setSystemDefaultMode( - ChainingModeType.fromValue("pkix")); - - - if (isMoaidMode) { - SSO dbsso = dbauth.getSSO(); - if (dbsso == null) { - dbsso = new SSO(); - dbauth.setSSO(dbsso); - } - - if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) - dbsso.setFriendlyName(StringHelper.getUTF8String( - moaconfig.getSsoFriendlyName())); - if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) - dbsso.setSpecialText(StringHelper.getUTF8String( - moaconfig.getSsoSpecialText())); - // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) - // dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); - - if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { - - if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { - String num = moaconfig.getSsoTarget().replaceAll(" ", ""); - String pre = null; - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - pre = Constants.IDENIFICATIONTYPE_FN; - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { - num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - pre = Constants.IDENIFICATIONTYPE_ZVR; - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){ - num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - pre = Constants.IDENIFICATIONTYPE_ERSB; - } - - dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); - - } else { - dbsso.setTarget(moaconfig.getSsoTarget()); - - } - } - // if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { - // IdentificationNumber ssoid = dbsso.getIdentificationNumber(); - // if (ssoid == null) { - // ssoid = new IdentificationNumber(); - // dbsso.setIdentificationNumber(ssoid); - // } - // ssoid.setValue(moaconfig.getSsoIdentificationNumber()); - // } - - DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); - - if (dbbkus == null) { - dbbkus = new DefaultBKUs(); - dbconfig.setDefaultBKUs(dbbkus); - } - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) - dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy()); - else - dbbkus.setHandyBKU(new String()); - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) - dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline()); - else - dbbkus.setOnlineBKU(new String()); - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) - dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal()); - else - dbbkus.setLocalBKU(new String()); - - - - IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); - if (idlsigners == null) { - idlsigners = new IdentityLinkSigners(); - dbauth.setIdentityLinkSigners(idlsigners); - } - - ForeignIdentities dbforeign = dbauth.getForeignIdentities(); - if (dbforeign == null) { - dbforeign = new ForeignIdentities(); - dbauth.setForeignIdentities(dbforeign); - } - - if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) { - ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); - if (forcon == null) { - forcon = new ConnectionParameterClientAuthType(); - dbforeign.setConnectionParameter(forcon); - } - - if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) - forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL())); - - else { - if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) - forcon.setURL( - moaconfig.getSzrgwURL().trim().substring(0, - moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - forcon.setURL( - StringUtils.chomp(moaconfig.getSzrgwURL().trim())); - - } - - } - - ForeignIdentities foreign = dbauth.getForeignIdentities(); - if (foreign != null) { - STORK stork = foreign.getSTORK(); - if (stork == null) { - stork = new STORK(); - foreign.setSTORK(stork); - - } - - try { - log.error("QAAAA " + storkconfig.getDefaultQaa()); - stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa()); - - if (storkconfig.getAttributes() != null) { - List<StorkAttribute> dbStorkAttr = new ArrayList<StorkAttribute>(); - stork.setAttributes(dbStorkAttr); - - - for (StorkAttribute attr : storkconfig.getAttributes()) { - if (attr != null && MiscUtil.isNotEmpty(attr.getName())) - dbStorkAttr.add(attr); - - else - log.info("Remove null or empty STORK attribute"); - } - - } else - stork.setAttributes((List<StorkAttribute>) (new ArrayList<StorkAttribute>())); - - if (storkconfig.getCpepslist() != null) { - List<CPEPS> dbStorkCPEPS = new ArrayList<CPEPS>(); - stork.setCPEPS(dbStorkCPEPS); - - for (CPEPS cpeps : storkconfig.getCpepslist()) { - if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) && - MiscUtil.isNotEmpty(cpeps.getCountryCode())) { - - if (cpeps.getCountryCode().equals("CC") && - cpeps.getURL().equals("http://")) - log.info("Remove dummy STORK CPEPS entry."); - - else - dbStorkCPEPS.add(cpeps); - - } else - log.info("Remove null or emtpy STORK CPEPS configuration"); - } - - } else - stork.setCPEPS((List<CPEPS>) (new ArrayList<CPEPS>())); - - } catch (Exception e) { - e.printStackTrace(); - - } - - try{ - log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() ); - log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); - - } catch (Exception ex) { - log.info("CPEPS LIST is null"); - - } - } - - //write MIS Mandate-Service URLs - if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { - OnlineMandates dbmandate = dbauth.getOnlineMandates(); - if (dbmandate == null) { - dbmandate = new OnlineMandates(); - dbauth.setOnlineMandates(dbmandate); - } - ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter(); - - if (dbmandateconnection == null) { - dbmandateconnection = new ConnectionParameterClientAuthType(); - dbmandate.setConnectionParameter(dbmandateconnection); - } - - if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) - dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL())); - - else { - if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbmandateconnection.setURL( - moaconfig.getMandateURL().trim().substring(0, - moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - dbmandateconnection.setURL( - StringUtils.chomp(moaconfig.getMandateURL().trim())); - - } - } - - //write ELGA Mandate-Service URLs - if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) { - if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) - dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getElgaMandateServiceURL())); - - else { - if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbconfig.setElgaMandateServiceURLs( - moaconfig.getElgaMandateServiceURL().trim().substring(0, - moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - dbconfig.setElgaMandateServiceURLs( - StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); - - } - } else - dbconfig.setElgaMandateServiceURLs(null); - } - - - //write E-ID System URLs - if (MiscUtil.isNotEmpty(moaconfig.getEidSystemServiceURL())) { - if (KeyValueUtils.isCSVValueString(moaconfig.getEidSystemServiceURL())) - dbconfig.setEidSystemServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getEidSystemServiceURL())); - - else { - if (moaconfig.getEidSystemServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbconfig.setEidSystemServiceURLs( - moaconfig.getEidSystemServiceURL().trim().substring(0, - moaconfig.getEidSystemServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - - else - dbconfig.setEidSystemServiceURLs( - StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim())); - - } - - } else - dbconfig.setEidSystemServiceURLs(null); - - - if (isMoaidMode) { - MOASP dbmoasp = dbauth.getMOASP(); - if (dbmoasp == null) { - dbmoasp = new MOASP(); - dbauth.setMOASP(dbmoasp); - } - if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) { - ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter(); - if (moaspcon == null) { - moaspcon = new ConnectionParameterClientAuthType(); - dbmoasp.setConnectionParameter(moaspcon); - } - moaspcon.setURL(moaconfig.getMoaspssURL()); - } - VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink(); - if (moaidl == null) { - moaidl = new VerifyIdentityLink(); - dbmoasp.setVerifyIdentityLink(moaidl); - } - moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); - moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest()); - - VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); - if (moaauth == null) { - moaauth = new VerifyAuthBlock(); - dbmoasp.setVerifyAuthBlock(moaauth); - } - moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); - moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest()); - - if (moaauth.getVerifyTransformsInfoProfileID() != null && - moaauth.getVerifyTransformsInfoProfileID().size() > 0) - moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0)); - - else { - if (moaauth.getVerifyTransformsInfoProfileID() == null) { - moaauth.setVerifyTransformsInfoProfileID(new ArrayList<String>()); - - } - moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0)); - } - - SecurityLayer seclayertrans = dbauth.getSecurityLayer(); - if (seclayertrans == null) { - seclayertrans = new SecurityLayer(); - dbauth.setSecurityLayer(seclayertrans); - } - List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>(); - Map<String, byte[]> moatrans = moaconfig.getSecLayerTransformation(); - if (moatrans != null) { - Set<String> keys = moatrans.keySet(); - for (String key : keys) { - TransformsInfoType elem = new TransformsInfoType(); - elem.setFilename(key); - elem.setTransformation(moatrans.get(key)); - trans.add(elem); - } - } - if (trans.size() > 0) - seclayertrans.setTransformsInfo(trans); - - - SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates(); - if (slrequesttempl == null) { - slrequesttempl = new SLRequestTemplates(); - dbconfig.setSLRequestTemplates(slrequesttempl); - } - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) - slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy()); - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) - slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal()); - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) - slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline()); - - } - - if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts())) - dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts()); - - //save config - try { - log.debug("JaxB to Key/Value configuration transformation started ..."); - Map<String, String> keyValueConfig = - ConfigurationMigrationUtils.convertHyberJaxBMOAIDConfigToKeyValue(dbconfig); - - log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); - - configuration.getConfigModule().storeChanges(keyValueConfig, null, null); - - log.info("General MOA-ID Key/Value configuration successfull stored."); - - - } catch (ConfigurationStorageException e) { - log.warn("MOAID Configuration can not be stored in Database", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); - - } finally { - - - } - - return null; - } - - /** - * @return the moaconfig - */ - public GeneralMOAIDConfig getMoaconfig() { - return moaconfig; - } - - /** - * @param moaconfig the moaconfig to set - */ - public void setMoaconfig(GeneralMOAIDConfig moaconfig) { - this.moaconfig = moaconfig; - } - - /** - * Gets the storkconfig. - * - * @return the storkconfig - */ - public GeneralStorkConfig getStorkconfig() { - return storkconfig; - } - - /** - * Sets the storkconfig. - * - * @param storkconfig the new storkconfig - */ - public void setStorkconfig(GeneralStorkConfig storkconfig) { - this.storkconfig = storkconfig; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - - - + } + + Organization pvp2org = pvp2.getOrganization(); + if (pvp2org == null) { + pvp2org = new Organization(); + pvp2.setOrganization(pvp2org); + } + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgDisplayName())) { + pvp2org.setDisplayName(StringHelper.getUTF8String( + moaconfig.getPvp2OrgDisplayName())); + } + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgName())) { + pvp2org.setName(StringHelper.getUTF8String(moaconfig.getPvp2OrgName())); + } + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgURL())) { + pvp2org.setURL(moaconfig.getPvp2OrgURL()); + } + + List<Contact> pvp2cont = pvp2.getContact(); + if (pvp2cont == null) { + pvp2cont = new ArrayList<>(); + pvp2.setContact(pvp2cont); + } + + if (pvp2cont.size() == 0) { + final Contact cont = new Contact(); + pvp2cont.add(cont); + } + + final Contact cont = pvp2cont.get(0); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getCompany())) { + cont.setCompany(StringHelper.getUTF8String( + moaconfig.getPvp2Contact().getCompany())); + } + + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getGivenname())) { + cont.setGivenName(StringHelper.getUTF8String( + moaconfig.getPvp2Contact().getGivenname())); + } + + if (cont.getMail() != null && cont.getMail().size() > 0) { + cont.getMail().set(0, moaconfig.getPvp2Contact().getMail()); + } else { + cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail())); + } + + if (cont.getPhone() != null && cont.getPhone().size() > 0) { + cont.getPhone().set(0, moaconfig.getPvp2Contact().getPhone()); + } else { + cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone())); + } + + cont.setSurName(StringHelper.getUTF8String(moaconfig.getPvp2Contact().getSurname())); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) { + cont.setType(moaconfig.getPvp2Contact().getType()); + } + + ChainingModes dbchainingmodes = dbconfig.getChainingModes(); + if (dbchainingmodes == null) { + dbchainingmodes = new ChainingModes(); + dbconfig.setChainingModes(dbchainingmodes); + } + + dbchainingmodes.setSystemDefaultMode( + ChainingModeType.fromValue("pkix")); + + if (isMoaidMode) { + SSO dbsso = dbauth.getSSO(); + if (dbsso == null) { + dbsso = new SSO(); + dbauth.setSSO(dbsso); + } + + if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) { + dbsso.setFriendlyName(StringHelper.getUTF8String( + moaconfig.getSsoFriendlyName())); + } + if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) { + dbsso.setSpecialText(StringHelper.getUTF8String( + moaconfig.getSsoSpecialText())); + // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) + // dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); + } + + if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { + + if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { + String num = moaconfig.getSsoTarget().replaceAll(" ", ""); + String pre = null; + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + pre = Constants.IDENIFICATIONTYPE_FN; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + pre = Constants.IDENIFICATIONTYPE_ZVR; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + pre = Constants.IDENIFICATIONTYPE_ERSB; + } + + dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); + + } else { + dbsso.setTarget(moaconfig.getSsoTarget()); + + } + } + // if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { + // IdentificationNumber ssoid = dbsso.getIdentificationNumber(); + // if (ssoid == null) { + // ssoid = new IdentificationNumber(); + // dbsso.setIdentificationNumber(ssoid); + // } + // ssoid.setValue(moaconfig.getSsoIdentificationNumber()); + // } + + DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); + + if (dbbkus == null) { + dbbkus = new DefaultBKUs(); + dbconfig.setDefaultBKUs(dbbkus); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) { + dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy()); + } else { + dbbkus.setHandyBKU(new String()); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) { + dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline()); + } else { + dbbkus.setOnlineBKU(new String()); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) { + dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal()); + } else { + dbbkus.setLocalBKU(new String()); + } + + IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); + if (idlsigners == null) { + idlsigners = new IdentityLinkSigners(); + dbauth.setIdentityLinkSigners(idlsigners); + } + + ForeignIdentities dbforeign = dbauth.getForeignIdentities(); + if (dbforeign == null) { + dbforeign = new ForeignIdentities(); + dbauth.setForeignIdentities(dbforeign); + } + + if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) { + ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); + if (forcon == null) { + forcon = new ConnectionParameterClientAuthType(); + dbforeign.setConnectionParameter(forcon); + } + + if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) { + forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL())); + } else { + if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) { + forcon.setURL( + moaconfig.getSzrgwURL().trim().substring(0, + moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + forcon.setURL( + StringUtils.chomp(moaconfig.getSzrgwURL().trim())); + } + + } + + } + + final ForeignIdentities foreign = dbauth.getForeignIdentities(); + if (foreign != null) { + STORK stork = foreign.getSTORK(); + if (stork == null) { + stork = new STORK(); + foreign.setSTORK(stork); + + } + + try { + log.error("QAAAA " + storkconfig.getDefaultQaa()); + stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa()); + + if (storkconfig.getAttributes() != null) { + final List<StorkAttribute> dbStorkAttr = new ArrayList<>(); + stork.setAttributes(dbStorkAttr); + + for (final StorkAttribute attr : storkconfig.getAttributes()) { + if (attr != null && MiscUtil.isNotEmpty(attr.getName())) { + dbStorkAttr.add(attr); + } else { + log.info("Remove null or empty STORK attribute"); + } + } + + } else { + stork.setAttributes(new ArrayList<StorkAttribute>()); + } + + if (storkconfig.getCpepslist() != null) { + final List<CPEPS> dbStorkCPEPS = new ArrayList<>(); + stork.setCPEPS(dbStorkCPEPS); + + for (final CPEPS cpeps : storkconfig.getCpepslist()) { + if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) && + MiscUtil.isNotEmpty(cpeps.getCountryCode())) { + + if (cpeps.getCountryCode().equals("CC") && + cpeps.getURL().equals("http://")) { + log.info("Remove dummy STORK CPEPS entry."); + } else { + dbStorkCPEPS.add(cpeps); + } + + } else { + log.info("Remove null or emtpy STORK CPEPS configuration"); + } + } + + } else { + stork.setCPEPS(new ArrayList<CPEPS>()); + } + + } catch (final Exception e) { + e.printStackTrace(); + + } + + try { + log.info("CPEPS LIST: " + storkconfig.getCpepslist().size()); + log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() + storkconfig + .getCpepslist().get(0).getURL()); + + } catch (final Exception ex) { + log.info("CPEPS LIST is null"); + + } + } + + // write MIS Mandate-Service URLs + if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { + OnlineMandates dbmandate = dbauth.getOnlineMandates(); + if (dbmandate == null) { + dbmandate = new OnlineMandates(); + dbauth.setOnlineMandates(dbmandate); + } + ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter(); + + if (dbmandateconnection == null) { + dbmandateconnection = new ConnectionParameterClientAuthType(); + dbmandate.setConnectionParameter(dbmandateconnection); + } + + if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) { + dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL())); + } else { + if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) { + dbmandateconnection.setURL( + moaconfig.getMandateURL().trim().substring(0, + moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + dbmandateconnection.setURL( + StringUtils.chomp(moaconfig.getMandateURL().trim())); + } + + } + } + + // write ELGA Mandate-Service URLs + if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) { + if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) { + dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig + .getElgaMandateServiceURL())); + } else { + if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) { + dbconfig.setElgaMandateServiceURLs( + moaconfig.getElgaMandateServiceURL().trim().substring(0, + moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + dbconfig.setElgaMandateServiceURLs( + StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); + } + + } + } else { + dbconfig.setElgaMandateServiceURLs(null); + } + } + + // write E-ID System URLs + if (MiscUtil.isNotEmpty(moaconfig.getEidSystemServiceURL())) { + if (KeyValueUtils.isCSVValueString(moaconfig.getEidSystemServiceURL())) { + dbconfig.setEidSystemServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig + .getEidSystemServiceURL())); + } else { + if (moaconfig.getEidSystemServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) { + dbconfig.setEidSystemServiceURLs( + moaconfig.getEidSystemServiceURL().trim().substring(0, + moaconfig.getEidSystemServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + } else { + dbconfig.setEidSystemServiceURLs( + StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim())); + } + + } + + } else { + dbconfig.setEidSystemServiceURLs(null); + } + + if (isMoaidMode) { + MOASP dbmoasp = dbauth.getMOASP(); + if (dbmoasp == null) { + dbmoasp = new MOASP(); + dbauth.setMOASP(dbmoasp); + } + if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) { + ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter(); + if (moaspcon == null) { + moaspcon = new ConnectionParameterClientAuthType(); + dbmoasp.setConnectionParameter(moaspcon); + } + moaspcon.setURL(moaconfig.getMoaspssURL()); + } + VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink(); + if (moaidl == null) { + moaidl = new VerifyIdentityLink(); + dbmoasp.setVerifyIdentityLink(moaidl); + } + moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); + moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest()); + + VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); + if (moaauth == null) { + moaauth = new VerifyAuthBlock(); + dbmoasp.setVerifyAuthBlock(moaauth); + } + moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); + moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest()); + + if (moaauth.getVerifyTransformsInfoProfileID() != null && + moaauth.getVerifyTransformsInfoProfileID().size() > 0) { + moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0)); + } else { + if (moaauth.getVerifyTransformsInfoProfileID() == null) { + moaauth.setVerifyTransformsInfoProfileID(new ArrayList<String>()); + + } + moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0)); + } + + SecurityLayer seclayertrans = dbauth.getSecurityLayer(); + if (seclayertrans == null) { + seclayertrans = new SecurityLayer(); + dbauth.setSecurityLayer(seclayertrans); + } + final List<TransformsInfoType> trans = new ArrayList<>(); + final Map<String, byte[]> moatrans = moaconfig.getSecLayerTransformation(); + if (moatrans != null) { + final Set<String> keys = moatrans.keySet(); + for (final String key : keys) { + final TransformsInfoType elem = new TransformsInfoType(); + elem.setFilename(key); + elem.setTransformation(moatrans.get(key)); + trans.add(elem); + } + } + if (trans.size() > 0) { + seclayertrans.setTransformsInfo(trans); + } + + SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates(); + if (slrequesttempl == null) { + slrequesttempl = new SLRequestTemplates(); + dbconfig.setSLRequestTemplates(slrequesttempl); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) { + slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy()); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) { + slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal()); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) { + slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline()); + } + + } + + if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts())) { + dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts()); + } + + // save config + try { + log.debug("JaxB to Key/Value configuration transformation started ..."); + final Map<String, String> keyValueConfig = + ConfigurationMigrationUtils.convertHyberJaxBMOAIDConfigToKeyValue(dbconfig); + + log.debug( + "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); + + configuration.getConfigModule().storeChanges(keyValueConfig, null, null); + + log.info("General MOA-ID Key/Value configuration successfull stored."); + + } catch (final ConfigurationStorageException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + + } finally { + + } + + return null; + } + + /** + * @return the moaconfig + */ + public GeneralMOAIDConfig getMoaconfig() { + return moaconfig; + } + + /** + * @param moaconfig the moaconfig to set + */ + public void setMoaconfig(GeneralMOAIDConfig moaconfig) { + this.moaconfig = moaconfig; + } + + /** + * Gets the storkconfig. + * + * @return the storkconfig + */ + public GeneralStorkConfig getStorkconfig() { + return storkconfig; + } + + /** + * Sets the storkconfig. + * + * @param storkconfig the new storkconfig + */ + public void setStorkconfig(GeneralStorkConfig storkconfig) { + this.storkconfig = storkconfig; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 31126d14f..1ad6e7d6b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -27,8 +27,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; @@ -53,505 +51,512 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class EditOAAction extends BasicOAAction { - private final Logger log = Logger.getLogger(EditOAAction.class); - private static final long serialVersionUID = 1L; - - private String nextPage; - - public EditOAAction() { - super(); - - OATargetConfiguration oaTarget = new OATargetConfiguration(); - formList.put(oaTarget.getName(), oaTarget); - - OAAuthenticationData authOA = new OAAuthenticationData(); - formList.put(authOA.getName(), authOA); - - OASAML1Config saml1OA = new OASAML1Config(); - formList.put(saml1OA.getName(), saml1OA); - - if (isMoaidMode) { - OABPKEncryption bPKEncDec = new OABPKEncryption(); - formList.put(bPKEncDec.getName(), bPKEncDec); - - OASSOConfig ssoOA = new OASSOConfig(); - formList.put(ssoOA.getName(), ssoOA); - - OAPVP2Config pvp2OA = new OAPVP2Config(); - formList.put(pvp2OA.getName(), pvp2OA); - - OAOAuth20Config oauth20OA = new OAOAuth20Config(); - formList.put(oauth20OA.getName(), oauth20OA); - - OASTORKConfig storkOA = new OASTORKConfig(); - formList.put(storkOA.getName(), storkOA); - - Map<String, String> map = new HashMap<String, String>(); - map.putAll(FormBuildUtils.getDefaultMap()); - FormularCustomization formOA = new FormularCustomization(map); - formList.put(formOA.getName(), formOA); - - OARevisionsLogData revisOA = new OARevisionsLogData(); - formList.put(revisOA.getName(), revisOA); - } - - } - - // STRUTS actions - public String inital() { - try { - populateBasicInformations(); - - OnlineApplication onlineapplication = populateOnlineApplicationFromRequest(); - - if (onlineapplication == null) { - addActionError(LanguageHelper.getErrorString( - "errors.listOAs.noOA", request)); - return Constants.STRUTS_SUCCESS; - } - - List<String> errors = new ArrayList<String>(); - for (IOnlineApplicationData form : formList.values()) { - List<String> error = form.parse(onlineapplication, authUser, - request); - if (error != null) - errors.addAll(error); - } - if (errors.size() > 0) { - for (String el : errors) - addActionError(el); - } - - setNewOA(false); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_OAID, oaid); - - return Constants.STRUTS_OA_EDIT; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String newOA() { - log.debug("insert new Online-Application"); - - try { - populateBasicInformations(); - - populateBasicNewOnlineApplicationInformation(); - - // prepare attribute helper list - ArrayList<AttributeHelper> attributes = new ArrayList<AttributeHelper>(); - - try { - for (StorkAttribute current : configuration.getDbRead() - .getMOAIDConfiguration().getAuthComponentGeneral() - .getForeignIdentities().getSTORK().getAttributes()) - attributes.add(new AttributeHelper(current)); - - - } catch (NullPointerException e) { - - } - - if (getStorkOA() != null) - getStorkOA().setHelperAttributes(attributes); - - UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser - .getUserID()); - - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null - && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString( - "error.editoa.mailverification", request)); - return Constants.STRUTS_SUCCESS; - } - - if (formList.get(new OAOAuth20Config().getName()) != null) - session.setAttribute( - Constants.SESSION_OAUTH20SECRET, - ((OAOAuth20Config) formList.get(new OAOAuth20Config().getName())) - .getClientSecret()); - - if (getFormOA() != null) - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); - - - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - - return Constants.STRUTS_OA_EDIT; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String saveOA() { - - OnlineApplication onlineapplication = null; - - try { - populateBasicInformations(); - onlineapplication = preProcessSaveOnlineApplication(); - - List<String> errors = new ArrayList<String>(); - - // validate forms - for (IOnlineApplicationData form : formList.values()) - errors.addAll(form.validate(getGeneralOA(), authUser, request)); - - // Do not allow SSO in combination with special BKUSelection features - if (getSsoOA() != null && getSsoOA().isUseSSO() - && (getFormOA() != null && getFormOA().isOnlyMandateAllowed() || !getFormOA() - .isShowMandateLoginButton())) { - log.warn("Special BKUSelection features can not be used in combination with SSO"); - errors.add(LanguageHelper.getErrorString( - "validation.general.bkuselection.specialfeatures.valid", - request)); - } - - if (errors.size() > 0) { - log.info("OAConfiguration with ID " - + getGeneralOA().getIdentifier() + " has some errors."); - for (String el : errors) - addActionError(el); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - try { - onlineapplication = postProcessSaveOnlineApplication(onlineapplication, true); - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - } - - } - - Object nextPageAttr = session - .getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - if (onlineapplication.isIsAdminRequired()) { - int numoas = 0; - int numusers = 0; - - List<OnlineApplication> openOAs = configuration.getDbRead() - .getAllNewOnlineApplications(); - if (openOAs != null) - numoas = openOAs.size(); - - List<UserDatabase> openUsers = configuration.getUserManagement().getAllNewUsers(); - if (openUsers != null) - numusers = openUsers.size(); - try { - - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.success.admin", getGeneralOA() - .getIdentifier(), request)); - - if (numusers > 0 || numoas > 0) - MailHelper.sendAdminMail(numoas, numusers); - - } catch (ConfigurationException e) { - log.warn("Sending Mail to Admin failed.", e); - } - - } else - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.success", - getGeneralOA().getIdentifier(), request)); - - // remove session attributes - session.setAttribute(Constants.SESSION_OAID, null); - session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); - - return Constants.STRUTS_SUCCESS; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String cancleAndBackOA() { - try { - populateBasicInformations(); - - Object nextPageAttr = session - .getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - session.setAttribute(Constants.SESSION_OAID, null); - - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.cancle", getGeneralOA().getIdentifier(), - request)); - - return Constants.STRUTS_SUCCESS; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String deleteOA() { - String oaidentifier = null; - try { - populateBasicInformations(); - - Object nextPageAttr = session - .getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - oaidentifier = preProcessDeleteOnlineApplication(); - List<OnlineApplication> onlineapplications = configuration.getDbRead() - .getOnlineApplications(oaidentifier); - - Long oaid = getOAIDFromSession(); - - OnlineApplication onlineapplication = null; - - if (onlineapplications != null && onlineapplications.size() > 1) { - log.info("Found more then one OA with PublicURLPrefix in configuration. " - + "Select OA with DB Id ..."); - - for (OnlineApplication oa : onlineapplications) { - if (oa.getHjid().equals(oaid)) { - if (onlineapplication == null) - onlineapplication = oa; - - else { - log.error("Found more then one OA with same PublicURLPrefix and same DBID."); - new BasicOAActionException( - "Found more then one OA with same PublicURLPrefix and same DBID.", - Constants.STRUTS_SUCCESS); - - } - } - } - - } else if (onlineapplications != null && onlineapplications.size() == 1) - onlineapplication = onlineapplications.get(0); - - request.getSession().setAttribute(Constants.SESSION_OAID, null); - + private static final long serialVersionUID = 1L; + + private String nextPage; + + public EditOAAction() { + super(); + + final OATargetConfiguration oaTarget = new OATargetConfiguration(); + formList.put(oaTarget.getName(), oaTarget); + + final OAAuthenticationData authOA = new OAAuthenticationData(); + formList.put(authOA.getName(), authOA); + + final OASAML1Config saml1OA = new OASAML1Config(); + formList.put(saml1OA.getName(), saml1OA); + + if (isMoaidMode) { + final OABPKEncryption bPKEncDec = new OABPKEncryption(); + formList.put(bPKEncDec.getName(), bPKEncDec); + + final OASSOConfig ssoOA = new OASSOConfig(); + formList.put(ssoOA.getName(), ssoOA); + + final OAPVP2Config pvp2OA = new OAPVP2Config(); + formList.put(pvp2OA.getName(), pvp2OA); + + final OAOAuth20Config oauth20OA = new OAOAuth20Config(); + formList.put(oauth20OA.getName(), oauth20OA); + + final OASTORKConfig storkOA = new OASTORKConfig(); + formList.put(storkOA.getName(), storkOA); + + final Map<String, String> map = new HashMap<>(); + map.putAll(FormBuildUtils.getDefaultMap()); + final FormularCustomization formOA = new FormularCustomization(map); + formList.put(formOA.getName(), formOA); + + final OARevisionsLogData revisOA = new OARevisionsLogData(); + formList.put(revisOA.getName(), revisOA); + } + + } + + // STRUTS actions + public String inital() { + try { + populateBasicInformations(); + + final OnlineApplication onlineapplication = populateOnlineApplicationFromRequest(); + + if (onlineapplication == null) { + addActionError(LanguageHelper.getErrorString( + "errors.listOAs.noOA", request)); + return Constants.STRUTS_SUCCESS; + } + + final List<String> errors = new ArrayList<>(); + for (final IOnlineApplicationData form : formList.values()) { + final List<String> error = form.parse(onlineapplication, authUser, + request); + if (error != null) { + errors.addAll(error); + } + } + if (errors.size() > 0) { + for (final String el : errors) { + addActionError(el); + } + } + + setNewOA(false); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_OAID, oaid); + + return Constants.STRUTS_OA_EDIT; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String newOA() { + log.debug("insert new Online-Application"); + + try { + populateBasicInformations(); + + populateBasicNewOnlineApplicationInformation(); + + // prepare attribute helper list + final ArrayList<AttributeHelper> attributes = new ArrayList<>(); + + try { + for (final StorkAttribute current : configuration.getDbRead() + .getMOAIDConfiguration().getAuthComponentGeneral() + .getForeignIdentities().getSTORK().getAttributes()) { + attributes.add(new AttributeHelper(current)); + } + + } catch (final NullPointerException e) { + + } + + if (getStorkOA() != null) { + getStorkOA().setHelperAttributes(attributes); + } + + final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser + .getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null + && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString( + "error.editoa.mailverification", request)); + return Constants.STRUTS_SUCCESS; + } + + if (formList.get(new OAOAuth20Config().getName()) != null) { + session.setAttribute( + Constants.SESSION_OAUTH20SECRET, + ((OAOAuth20Config) formList.get(new OAOAuth20Config().getName())) + .getClientSecret()); + } + + if (getFormOA() != null) { + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); + } + + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + + return Constants.STRUTS_OA_EDIT; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String saveOA() { + + OnlineApplication onlineapplication = null; + + try { + populateBasicInformations(); + onlineapplication = preProcessSaveOnlineApplication(); + + final List<String> errors = new ArrayList<>(); + + // validate forms + for (final IOnlineApplicationData form : formList.values()) { + errors.addAll(form.validate(getGeneralOA(), authUser, request)); + } + + // Do not allow SSO in combination with special BKUSelection features + if (getSsoOA() != null && getSsoOA().isUseSSO() + && (getFormOA() != null && getFormOA().isOnlyMandateAllowed() || !getFormOA() + .isShowMandateLoginButton())) { + log.warn("Special BKUSelection features can not be used in combination with SSO"); + errors.add(LanguageHelper.getErrorString( + "validation.general.bkuselection.specialfeatures.valid", + request)); + } + + if (errors.size() > 0) { + log.info("OAConfiguration with ID " + + getGeneralOA().getIdentifier() + " has some errors."); + for (final String el : errors) { + addActionError(el); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + try { + onlineapplication = postProcessSaveOnlineApplication(onlineapplication, true); + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + } + + } + + final Object nextPageAttr = session + .getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + if (onlineapplication.isIsAdminRequired()) { + int numoas = 0; + int numusers = 0; + + final List<OnlineApplication> openOAs = configuration.getDbRead() + .getAllNewOnlineApplications(); + if (openOAs != null) { + numoas = openOAs.size(); + } + + final List<UserDatabase> openUsers = configuration.getUserManagement().getAllNewUsers(); + if (openUsers != null) { + numusers = openUsers.size(); + } + try { + + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.success.admin", getGeneralOA() + .getIdentifier(), request)); + + if (numusers > 0 || numoas > 0) { + MailHelper.sendAdminMail(numoas, numusers); + } + + } catch (final ConfigurationException e) { + log.warn("Sending Mail to Admin failed.", e); + } + + } else { + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.success", + getGeneralOA().getIdentifier(), request)); + } + + // remove session attributes + session.setAttribute(Constants.SESSION_OAID, null); + session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String cancleAndBackOA() { + try { + populateBasicInformations(); + + final Object nextPageAttr = session + .getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + session.setAttribute(Constants.SESSION_OAID, null); + + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.cancle", getGeneralOA().getIdentifier(), + request)); + + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String deleteOA() { + String oaidentifier = null; + try { + populateBasicInformations(); + + final Object nextPageAttr = session + .getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + oaidentifier = preProcessDeleteOnlineApplication(); + final List<OnlineApplication> onlineapplications = configuration.getDbRead() + .getOnlineApplications(oaidentifier); + + final Long oaid = getOAIDFromSession(); + + OnlineApplication onlineapplication = null; + + if (onlineapplications != null && onlineapplications.size() > 1) { + log.info("Found more then one OA with PublicURLPrefix in configuration. " + + "Select OA with DB Id ..."); + + for (final OnlineApplication oa : onlineapplications) { + if (oa.getHjid().equals(oaid)) { + if (onlineapplication == null) { + onlineapplication = oa; + } else { + log.error("Found more then one OA with same PublicURLPrefix and same DBID."); + new BasicOAActionException( + "Found more then one OA with same PublicURLPrefix and same DBID.", + Constants.STRUTS_SUCCESS); + + } + } + } + + } else if (onlineapplications != null && onlineapplications.size() == 1) { + onlineapplication = onlineapplications.get(0); + } + + request.getSession().setAttribute(Constants.SESSION_OAID, null); + // try { // if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA() // .getOAPVP2().getMetadataURL())) { -// +// // MOAIDConfiguration moaconfig = configuration.getDbRead() // .getMOAIDConfiguration(); // moaconfig.setPvp2RefreshItem(new Date()); // ConfigurationDBUtils.saveOrUpdate(moaconfig); -// +// // } -// } catch (NullPointerException e) { +// } catch (NullPointerException e) { // log.debug("Found no MetadataURL in OA-Databaseconfig"); -// +// // } catch (Throwable e) { // log.info("Set metadata refresh flag FAILED.", e); // } - - if (onlineapplication != null && delete(onlineapplication)) { - - if (!authUser.isAdmin()) { - UserDatabase user = configuration.getUserManagement().getUserWithID(authUser - .getUserID()); - List<String> useroas = user.getOnlineApplication(); - - for (String oa : useroas) { - if (oa.equals(onlineapplication.getHjid())) { - useroas.remove(oa); - } - } - - try { - configuration.getUserManagement().saveOrUpdate(user); - - } catch (MOADatabaseException e) { - log.warn("User information can not be updated in database", - e); - addActionError(LanguageHelper.getGUIString( - "error.db.oa.store", request)); - return Constants.STRUTS_ERROR; - } - } - - addActionMessage(LanguageHelper.getGUIString( - "webpages.oaconfig.delete.message", oaidentifier, request)); - - return Constants.STRUTS_SUCCESS; - - } else { - addActionError(LanguageHelper.getGUIString( - "webpages.oaconfig.delete.error", oaidentifier, request)); - return Constants.STRUTS_SUCCESS; - } - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - - } - - public OAAuthenticationData getAuthOA() { - return (OAAuthenticationData) formList.get(new OAAuthenticationData() - .getName()); - } - - public void setAuthOA(OAAuthenticationData generalOA) { - formList.put(generalOA.getName(), generalOA); - } - - public OASAML1Config getSaml1OA() { - return (OASAML1Config) formList.get(new OASAML1Config().getName()); - } - - public void setSaml1OA(OASAML1Config saml1oa) { - formList.put(saml1oa.getName(), saml1oa); - } - - public OASSOConfig getSsoOA() { - return (OASSOConfig) formList.get(new OASSOConfig().getName()); - } - - public void setSsoOA(OASSOConfig ssoOA) { - formList.put(ssoOA.getName(), ssoOA); - } - - public OASTORKConfig getStorkOA() { - return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); - } - - public void setStorkOA(OASTORKConfig storkOA) { - formList.put(storkOA.getName(), storkOA); - } - - - public OARevisionsLogData getRevisionsLogOA() { - return (OARevisionsLogData) formList.get(new OARevisionsLogData().getName()); - } - - public void setRevisionsLogOA(OARevisionsLogData storkOA) { - formList.put(storkOA.getName(), storkOA); - } - - - /** - * @return the nextPage - */ - public String getNextPage() { - return nextPage; - } - - /** - * @return the formOA - */ - public FormularCustomization getFormOA() { - return (FormularCustomization) formList.get(new FormularCustomization( - null).getName()); - } - - /** - * @param formOA - * the formOA to set - */ - public void setFormOA(FormularCustomization formOA) { - formList.put(formOA.getName(), formOA); - } - - public OAOAuth20Config getOauth20OA() { - return (OAOAuth20Config) formList.get(new OAOAuth20Config().getName()); - } - - public void setOauth20OA(OAOAuth20Config oauth20OA) { - formList.put(oauth20OA.getName(), oauth20OA); - } - - /** - * @return the formOA - */ - public OATargetConfiguration getTargetConfig() { - return (OATargetConfiguration) formList.get(new OATargetConfiguration() - .getName()); - } - - /** - * @param formOA - * the formOA to set - */ - public void setTargetConfig(OATargetConfiguration formOA) { - formList.put(formOA.getName(), formOA); - } - - /** - * @return the bPK encryption/decryption form - */ - public OABPKEncryption getBPKEncDecr() { - return (OABPKEncryption) formList.get(new OABPKEncryption().getName()); - } - - /** - * @param bPK encryption/decryption form - * the bPK encryption/decryption form to set - */ - public void setBPKEncDecr(OABPKEncryption formOA) { - formList.put(formOA.getName(), formOA); - } - + + if (onlineapplication != null && delete(onlineapplication)) { + + if (!authUser.isAdmin()) { + final UserDatabase user = configuration.getUserManagement().getUserWithID(authUser + .getUserID()); + final List<String> useroas = user.getOnlineApplication(); + + for (final String oa : useroas) { + if (oa.equals(onlineapplication.getHjid())) { + useroas.remove(oa); + } + } + + try { + configuration.getUserManagement().saveOrUpdate(user); + + } catch (final MOADatabaseException e) { + log.warn("User information can not be updated in database", + e); + addActionError(LanguageHelper.getGUIString( + "error.db.oa.store", request)); + return Constants.STRUTS_ERROR; + } + } + + addActionMessage(LanguageHelper.getGUIString( + "webpages.oaconfig.delete.message", oaidentifier, request)); + + return Constants.STRUTS_SUCCESS; + + } else { + addActionError(LanguageHelper.getGUIString( + "webpages.oaconfig.delete.error", oaidentifier, request)); + return Constants.STRUTS_SUCCESS; + } + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + + } + + public OAAuthenticationData getAuthOA() { + return (OAAuthenticationData) formList.get(new OAAuthenticationData() + .getName()); + } + + public void setAuthOA(OAAuthenticationData generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + public OASAML1Config getSaml1OA() { + return (OASAML1Config) formList.get(new OASAML1Config().getName()); + } + + public void setSaml1OA(OASAML1Config saml1oa) { + formList.put(saml1oa.getName(), saml1oa); + } + + public OASSOConfig getSsoOA() { + return (OASSOConfig) formList.get(new OASSOConfig().getName()); + } + + public void setSsoOA(OASSOConfig ssoOA) { + formList.put(ssoOA.getName(), ssoOA); + } + + public OASTORKConfig getStorkOA() { + return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); + } + + public void setStorkOA(OASTORKConfig storkOA) { + formList.put(storkOA.getName(), storkOA); + } + + public OARevisionsLogData getRevisionsLogOA() { + return (OARevisionsLogData) formList.get(new OARevisionsLogData().getName()); + } + + public void setRevisionsLogOA(OARevisionsLogData storkOA) { + formList.put(storkOA.getName(), storkOA); + } + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the formOA + */ + public FormularCustomization getFormOA() { + return (FormularCustomization) formList.get(new FormularCustomization( + null).getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setFormOA(FormularCustomization formOA) { + formList.put(formOA.getName(), formOA); + } + + public OAOAuth20Config getOauth20OA() { + return (OAOAuth20Config) formList.get(new OAOAuth20Config().getName()); + } + + public void setOauth20OA(OAOAuth20Config oauth20OA) { + formList.put(oauth20OA.getName(), oauth20OA); + } + + /** + * @return the formOA + */ + public OATargetConfiguration getTargetConfig() { + return (OATargetConfiguration) formList.get(new OATargetConfiguration() + .getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setTargetConfig(OATargetConfiguration formOA) { + formList.put(formOA.getName(), formOA); + } + + /** + * @return the bPK encryption/decryption form + */ + public OABPKEncryption getBPKEncDecr() { + return (OABPKEncryption) formList.get(new OABPKEncryption().getName()); + } + + /** + * @param bPK encryption/decryption form the bPK encryption/decryption form to + * set + */ + public void setBPKEncDecr(OABPKEncryption formOA) { + formList.put(formOA.getName(), formOA); + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java index e238c6d37..6a6cf1d27 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java @@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.LinkedHashMap; import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; -import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig; -import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.data.oa.PVPGatewayInterfederationConfig; /** @@ -35,22 +33,22 @@ import at.gv.egovernment.moa.id.configuration.data.oa.PVPGatewayInterfederationC */ public class IDPGatewayAction extends InterfederationIDPAction { - private static final long serialVersionUID = -2047128481980413334L; - - public IDPGatewayAction() { - super(); - formList.putAll(buildIDPGatewayFormList()); - } - - public static LinkedHashMap<String, IOnlineApplicationData> buildIDPGatewayFormList() { - - LinkedHashMap<String, IOnlineApplicationData> forms = - new LinkedHashMap<String, IOnlineApplicationData>(); - - PVPGatewayInterfederationConfig pvpGatewayconfig = new PVPGatewayInterfederationConfig(); - forms.put(pvpGatewayconfig.getName(), pvpGatewayconfig); - - return forms; - } + private static final long serialVersionUID = -2047128481980413334L; + + public IDPGatewayAction() { + super(); + formList.putAll(buildIDPGatewayFormList()); + } + + public static LinkedHashMap<String, IOnlineApplicationData> buildIDPGatewayFormList() { + + final LinkedHashMap<String, IOnlineApplicationData> forms = + new LinkedHashMap<>(); + + final PVPGatewayInterfederationConfig pvpGatewayconfig = new PVPGatewayInterfederationConfig(); + forms.put(pvpGatewayconfig.getName(), pvpGatewayconfig); + + return forms; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index d72505c0f..e2458a6a5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -38,7 +38,6 @@ import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; -import org.apache.log4j.Logger; import org.springframework.beans.BeansException; import at.gv.egiz.components.configuration.api.Configuration; @@ -52,472 +51,468 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class ImportExportAction extends BasicAction { - - private static final Logger log = Logger.getLogger(ImportExportAction.class); - private static final long serialVersionUID = 1L; - - private String formID; - private File fileUpload = null; - private String fileUploadContentType = null; - private String fileUploadFileName = null; - - private InputStream fileInputStream; - - public String init() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (authUser.isAdmin()) { - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_SUCCESS; - - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - public String importLegacyConfig() throws ConfigurationException { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - if (authUser.isAdmin()) { - - //load legacy config if it is configured - - if (fileUpload == null) { - addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - Properties result = null; - - try { - log.warn("WARNING! The legacy import deletes the hole old config"); - - InputStream inStream = new FileInputStream(fileUpload); - // get config from xml file - JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config.deprecated"); - Unmarshaller m = jc.createUnmarshaller(); - MOAIDConfiguration config = (MOAIDConfiguration) m.unmarshal(inStream); - - // serialize config to JSON properties - result = ConfigurationUtil.moaIdConfigToJsonProperties(config); - - if (result == null || result.isEmpty()) { - log.info("Legacy configuration has is empty"); - addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {"Empty Configuratiobn"}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - } catch (JAXBException | FileNotFoundException e) { - log.info("Legacy configuration has an Import Error", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - try { - //check if XML config should be use - log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); - - Configuration dbConfiguration = - (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); - - if (dbConfiguration == null) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - boolean isOverwriteData = true; - - List<String> keys = Arrays.asList(dbConfiguration.getConfigurationIds()); - - if (keys == null) { - log.info("Configuration is not readable."); - throw new MOADatabaseException("Configuration is not readable."); - } - - if (isOverwriteData) { - // remove existing entries - for (String key : keys) { - dbConfiguration.deleteIds(key); - } - } - - Enumeration<?> propertyNames = result.propertyNames(); - - while (propertyNames.hasMoreElements()) { - String key = (String) propertyNames.nextElement(); - String json = result.getProperty(key); - - dbConfiguration.setStringValue(key, json); - } - - } catch (ConfigurationException | MOADatabaseException | at.gv.egiz.components.configuration.api.ConfigurationException e1) { - log.warn("General MOA-ID config can not be stored in Database", e1); - addActionError(e1.getMessage()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - finally { - - } - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - log.info("Legacy Configuration load is completed."); - addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); - return Constants.STRUTS_SUCCESS; - - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - public String downloadXMLConfig() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - if (authUser.isAdmin()) { - - log.info("Write MOA-ID 3.x config"); - try { - - Configuration dbConfiguration = - (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); - - if (dbConfiguration == null) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - Properties result = new Properties(); - String[] allConfigIDs = dbConfiguration.getConfigurationIds(); - for (String key : allConfigIDs) { - String value = dbConfiguration.getStringValue(key); - if (MiscUtil.isNotEmpty(value)) { - result.put(key, value); - log.debug("Put key: " + key + " with value: " + value + " to property file."); - - } else - log.info("Leave key: " + key + " Reason: Value is null or empty"); - - } - - - if (result.isEmpty()) { - log.info("No MOA-ID 3.x configruation available"); - addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig", request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - ByteArrayOutputStream output = new ByteArrayOutputStream(); - result.store(output, null); - fileInputStream = new ByteArrayInputStream(output.toByteArray()); - - } catch (IOException | at.gv.egiz.components.configuration.api.ConfigurationException e) { - log.info("MOA-ID 3.x configruation could not be exported into file.", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.export", - new Object[]{e.getMessage()}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } catch (ConfigurationException | BeansException e) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - finally { - - } - - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_SUCCESS; - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - } - - - public String importXMLConfig() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - - session.setAttribute(Constants.SESSION_FORMID, null); - - if (authUser.isAdmin()) { - - if (fileUpload == null) { - addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_ERROR_VALIDATION; - } - - log.info("Load configuration from MOA-ID 3.x XML configuration"); - - try { - - Properties inProperties = new Properties(); - inProperties.load(new FileInputStream(fileUpload)); - - //check if XML config should be use - log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); - - Configuration dbConfiguration = - (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); - - if (dbConfiguration == null) { - log.warn("Open Database connection FAILED."); - addActionError("Open Database connection FAILED."); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - boolean isOverwriteData = true; - - List<String> keys = Arrays.asList(dbConfiguration.getConfigurationIds()); - - if (keys == null) { - log.info("Configuration is not readable."); - throw new MOADatabaseException("Configuration is not readable."); - } - - if (isOverwriteData) { - // remove existing entries - for (String key : keys) { - dbConfiguration.deleteIds(key); - } - } - - Enumeration<?> propertyNames = inProperties.propertyNames(); - - while (propertyNames.hasMoreElements()) { - String key = (String) propertyNames.nextElement(); - String json = inProperties.getProperty(key); - - dbConfiguration.setStringValue(key, json); - } - - } catch (Exception e) { - log.warn("MOA-ID XML configuration can not be loaded from File.", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.import", - new Object[]{e.getMessage()}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } - - finally { - - } - - //set new formID - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - log.info("XML Configuration load is completed."); - addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); - return Constants.STRUTS_SUCCESS; - - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - } - - /** - * @return the fileUpload - */ - public File getFileUpload() { - return fileUpload; - } - - - - /** - * @param fileUpload the fileUpload to set - */ - public void setFileUpload(File fileUpload) { - this.fileUpload = fileUpload; - } - - - - /** - * @return the fileUploadContentType - */ - public String getFileUploadContentType() { - return fileUploadContentType; - } - - - - /** - * @param fileUploadContentType the fileUploadContentType to set - */ - public void setFileUploadContentType(String fileUploadContentType) { - this.fileUploadContentType = fileUploadContentType; - } - - - - /** - * @return the fileUploadFileName - */ - public String getFileUploadFileName() { - return fileUploadFileName; - } - - - - /** - * @param fileUploadFileName the fileUploadFileName to set - */ - public void setFileUploadFileName(String fileUploadFileName) { - this.fileUploadFileName = fileUploadFileName; - } - - - public InputStream getFileInputStream() { - return fileInputStream; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - + + private static final long serialVersionUID = 1L; + + private String formID; + private File fileUpload = null; + private String fileUploadContentType = null; + private String fileUploadFileName = null; + + private InputStream fileInputStream; + + public String init() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (authUser.isAdmin()) { + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String importLegacyConfig() throws ConfigurationException { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + if (authUser.isAdmin()) { + + // load legacy config if it is configured + + if (fileUpload == null) { + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + + Properties result = null; + + try { + log.warn("WARNING! The legacy import deletes the hole old config"); + + final InputStream inStream = new FileInputStream(fileUpload); + // get config from xml file + final JAXBContext jc = JAXBContext.newInstance( + "at.gv.egovernment.moa.id.commons.db.dao.config.deprecated"); + final Unmarshaller m = jc.createUnmarshaller(); + final MOAIDConfiguration config = (MOAIDConfiguration) m.unmarshal(inStream); + + // serialize config to JSON properties + result = ConfigurationUtil.moaIdConfigToJsonProperties(config); + + if (result == null || result.isEmpty()) { + log.info("Legacy configuration has is empty"); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] { + "Empty Configuratiobn" }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + } catch (JAXBException | FileNotFoundException e) { + log.info("Legacy configuration has an Import Error", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] { e + .getMessage() }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + try { + // check if XML config should be use + log.warn( + "WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + + final Configuration dbConfiguration = + (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); + + if (dbConfiguration == null) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + final boolean isOverwriteData = true; + + final List<String> keys = Arrays.asList(dbConfiguration.getConfigurationIds()); + + if (keys == null) { + log.info("Configuration is not readable."); + throw new MOADatabaseException("Configuration is not readable."); + } + + if (isOverwriteData) { + // remove existing entries + for (final String key : keys) { + dbConfiguration.deleteIds(key); + } + } + + final Enumeration<?> propertyNames = result.propertyNames(); + + while (propertyNames.hasMoreElements()) { + final String key = (String) propertyNames.nextElement(); + final String json = result.getProperty(key); + + dbConfiguration.setStringValue(key, json); + } + + } catch (ConfigurationException | MOADatabaseException + | at.gv.egiz.components.configuration.api.ConfigurationException e1) { + log.warn("General MOA-ID config can not be stored in Database", e1); + addActionError(e1.getMessage()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + finally { + + } + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + log.info("Legacy Configuration load is completed."); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String downloadXMLConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + if (authUser.isAdmin()) { + + log.info("Write MOA-ID 3.x config"); + try { + + final Configuration dbConfiguration = + (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); + + if (dbConfiguration == null) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + final Properties result = new Properties(); + final String[] allConfigIDs = dbConfiguration.getConfigurationIds(); + for (final String key : allConfigIDs) { + final String value = dbConfiguration.getStringValue(key); + if (MiscUtil.isNotEmpty(value)) { + result.put(key, value); + log.debug("Put key: " + key + " with value: " + value + " to property file."); + + } else { + log.info("Leave key: " + key + " Reason: Value is null or empty"); + } + + } + + if (result.isEmpty()) { + log.info("No MOA-ID 3.x configruation available"); + addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig", request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + + final ByteArrayOutputStream output = new ByteArrayOutputStream(); + result.store(output, null); + fileInputStream = new ByteArrayInputStream(output.toByteArray()); + + } catch (IOException | at.gv.egiz.components.configuration.api.ConfigurationException e) { + log.info("MOA-ID 3.x configruation could not be exported into file.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.export", + new Object[] { e.getMessage() }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } catch (ConfigurationException | BeansException e) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + + finally { + + } + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_SUCCESS; + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String importXMLConfig() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + + session.setAttribute(Constants.SESSION_FORMID, null); + + if (authUser.isAdmin()) { + + if (fileUpload == null) { + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_ERROR_VALIDATION; + } + + log.info("Load configuration from MOA-ID 3.x XML configuration"); + + try { + + final Properties inProperties = new Properties(); + inProperties.load(new FileInputStream(fileUpload)); + + // check if XML config should be use + log.warn( + "WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + + final Configuration dbConfiguration = + (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig"); + + if (dbConfiguration == null) { + log.warn("Open Database connection FAILED."); + addActionError("Open Database connection FAILED."); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + final boolean isOverwriteData = true; + + final List<String> keys = Arrays.asList(dbConfiguration.getConfigurationIds()); + + if (keys == null) { + log.info("Configuration is not readable."); + throw new MOADatabaseException("Configuration is not readable."); + } + + if (isOverwriteData) { + // remove existing entries + for (final String key : keys) { + dbConfiguration.deleteIds(key); + } + } + + final Enumeration<?> propertyNames = inProperties.propertyNames(); + + while (propertyNames.hasMoreElements()) { + final String key = (String) propertyNames.nextElement(); + final String json = inProperties.getProperty(key); + + dbConfiguration.setStringValue(key, json); + } + + } catch (final Exception e) { + log.warn("MOA-ID XML configuration can not be loaded from File.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.import", + new Object[] { e.getMessage() }, request)); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + finally { + + } + + // set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + log.info("XML Configuration load is completed."); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + } + + /** + * @return the fileUpload + */ + public File getFileUpload() { + return fileUpload; + } + + /** + * @param fileUpload the fileUpload to set + */ + public void setFileUpload(File fileUpload) { + this.fileUpload = fileUpload; + } + + /** + * @return the fileUploadContentType + */ + public String getFileUploadContentType() { + return fileUploadContentType; + } + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(String fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + /** + * @return the fileUploadFileName + */ + public String getFileUploadFileName() { + return fileUploadFileName; + } + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(String fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + public InputStream getFileInputStream() { + return fileInputStream; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index 6f9d233b1..666785e24 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringEscapeUtils; -import org.apache.log4j.Logger; import org.joda.time.DateTime; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; @@ -78,817 +77,837 @@ import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class IndexAction extends BasicAction { - - /** - * @throws ConfigurationException - */ - - private static final long serialVersionUID = -2781497863862504896L; - - private static final Logger log = Logger.getLogger(IndexAction.class); - - private String password; - private String username; - private UserDatabaseFrom user = null; - private String formID; - - private String ssologouturl; - - private boolean pvp2LoginActiv = false; - - public IndexAction() throws BasicActionException { - super(); - } - - public String start() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - pvp2LoginActiv = configuration.isPVP2LoginActive(); - - if (session.getAttribute(Constants.SESSION_I18n) == null) - session.setAttribute(Constants.SESSION_I18n, - Locale.forLanguageTag(configuration.getDefaultLanguage())); - - if (configuration.isLoginDeaktivated()) { - return "loginWithOutAuth"; - - } else { - return Constants.STRUTS_SUCCESS; - - } - } - - public String authenticate() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - pvp2LoginActiv = configuration.isPVP2LoginActive(); - - String key = null; - - if (MiscUtil.isNotEmpty(username)) { - if (ValidationHelper.containsNotValidCharacter(username, false)) { - log.warn("Username contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(username)); - addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("Username is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); - return Constants.STRUTS_ERROR; - } - - if (MiscUtil.isEmpty(password)) { - log.warn("Password is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); - return Constants.STRUTS_ERROR; - - } else { - key = AuthenticationHelper.generateKeyFormPassword(password); - if (key == null) { - addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); - return Constants.STRUTS_ERROR; - } - } - - - UserDatabase dbuser = configuration.getUserManagement().getUserWithUserName(username); - if (dbuser == null) { - log.warn("Unknown Username"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); - return Constants.STRUTS_ERROR; - - } else { - //TODO: maybe remove this default value in a later version - if (dbuser.isIsUsernamePasswordAllowed() == null) - dbuser.setIsUsernamePasswordAllowed(true); - - if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) { - log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " is not active or Username/Password login is not allowed"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); - return Constants.STRUTS_ERROR; - } - - if (!dbuser.getPassword().equals(key)) { - log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " use a false password"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); - return Constants.STRUTS_ERROR; - } - - //TODO: maybe remove this default value in a later version - boolean ismandateuser = false; - if (dbuser.isIsMandateUser() != null) - ismandateuser = dbuser.isIsMandateUser(); - - int sessionTimeOut = session.getMaxInactiveInterval(); - Date sessionExpired = new Date(new Date().getTime() + - (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS)); - - AuthenticatedUser authuser = new AuthenticatedUser(dbuser, - true, - ismandateuser, - false, - dbuser.getHjid()+"dbID", - "username/password", - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authuser); - - Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); - if (date != null) - authuser.setLastLogin(date);; - - dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - } catch (MOADatabaseException e) { - log.warn("UserDatabase communicaton error", e); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - finally { - } - - HttpSession session = generateNewJSession(request); - session.setAttribute(Constants.SESSION_AUTH, authuser); - - return Constants.STRUTS_SUCCESS; - } - } - - public String pvp2login() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - String method = request.getMethod(); - if (session == null) { - log.info("NO HTTP Session"); - return Constants.STRUTS_ERROR; - } - - String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); - session.setAttribute(Constants.SESSION_PVP2REQUESTID, null); - - if (method.equals("POST")) { - - try { - pvp2LoginActiv = configuration.isPVP2LoginActive(); - - //Decode with HttpPost Binding - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - request)); - decode.decode(messageContext); - - Response samlResponse = (Response) messageContext.getInboundMessage(); - - //ckeck InResponseTo matchs requestID - if (MiscUtil.isEmpty(authID)) { - log.info("NO AuthRequestID"); - return Constants.STRUTS_ERROR; - } - - if (!authID.equals(samlResponse.getInResponseTo())) { - log.warn("PVPRequestID does not match PVP2 Assertion ID!"); - return Constants.STRUTS_ERROR; - - } - - //check response destination - String serviceURL = configuration.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - String responseDestination = samlResponse.getDestination(); - if (MiscUtil.isEmpty(responseDestination) || - !responseDestination.equals(serviceURL + Constants.SERVLET_PVP2ASSERTION)) { - log.warn("PVPResponse destination does not match requested destination"); - return Constants.STRUTS_ERROR; - } - - //check if response is signed - Signature sign = samlResponse.getSignature(); - if (sign == null) { - log.info("Only http POST Requests can be used"); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - - //validate signature - PVP2Utils.validateSignature(samlResponse, configuration); - - log.info("PVP2 Assertion is valid"); - - if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); - - //check encrypted Assertion - List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions(); - if (encryAssertionList != null && encryAssertionList.size() > 0) { - //decrypt assertions - - log.debug("Found encryped assertion. Start decryption ..."); - - KeyStore keyStore = configuration.getPVP2KeyStore(); - - X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( - keyStore, - configuration.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - configuration.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - - - StaticKeyInfoCredentialResolver skicr = - new StaticKeyInfoCredentialResolver(authDecCredential); - - ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); - encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); - - Decrypter samlDecrypter = - new Decrypter(null, skicr, encryptedKeyResolver); - - for (EncryptedAssertion encAssertion : encryAssertionList) { - saml2assertions.add(samlDecrypter.decrypt(encAssertion)); - - } - - log.debug("Assertion decryption finished. "); - - } else { - saml2assertions = samlResponse.getAssertions(); - - } - - for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { - - Conditions conditions = saml2assertion.getConditions(); - DateTime notbefore = conditions.getNotBefore(); - DateTime notafter = conditions.getNotOnOrAfter(); - if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { - log.warn("PVP2 Assertion is out of Date"); - return Constants.STRUTS_ERROR; - - } - - Subject subject = saml2assertion.getSubject(); - if (subject == null) { - log.warn("Assertion has no Subject element"); - return Constants.STRUTS_ERROR; - - } - - NameID nameID = subject.getNameID(); - if (nameID == null) { - log.warn("No NameID element in PVP2 assertion!"); - return Constants.STRUTS_ERROR; - } - - String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue(); - - int sessionTimeOut = session.getMaxInactiveInterval(); - Date sessionExpired = new Date(new Date().getTime() + - (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS)); - - //search user - UserDatabase dbuser = configuration.getUserManagement().getUserWithUserBPKWBPK(bpkwbpk); - if (dbuser == null) { - log.info("No user found with bpk/wbpk " + bpkwbpk); - - //read PVP2 assertion attributes; - user = new UserDatabaseFrom(); - user.setActive(false); - user.setAdmin(false); - user.setBpk(bpkwbpk); - user.setIsusernamepasswordallowed(false); - user.setIsmandateuser(false); - user.setPVPGenerated(true); - - //loop through the nodes to get what we want - List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); - for (int i = 0; i < attributeStatements.size(); i++) - { - List<Attribute> attributes = attributeStatements.get(i).getAttributes(); - for (int x = 0; x < attributes.size(); x++) - { - String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); - - if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) { - user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); - } - - if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) { - user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); - } - - if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) { - user.setIsmandateuser(true); - } - - if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) { - user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue()); - } - } - } - - //create AuthUser data element - authUser = AuthenticatedUser.generateUserRequestUser(user, - nameID.getValue(), - nameID.getFormat(), - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authUser); - - //set Random value - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_FORM, user); - session.setAttribute(Constants.SESSION_AUTH, authUser); - - - return Constants.STRUTS_NEWUSER; - - } else { - if (!dbuser.isIsActive()) { - - if (!dbuser.isIsMailAddressVerified()) { - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - user = new UserDatabaseFrom(dbuser); - authUser = new AuthenticatedUser(dbuser, - false, - dbuser.isIsMandateUser(), - true, - nameID.getValue(), - nameID.getFormat(), - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authUser); - - session.setAttribute(Constants.SESSION_FORM, user); - session.setAttribute(Constants.SESSION_AUTH, authUser); - - return Constants.STRUTS_NEWUSER; - - } - - log.info("User with bpk/wbpk " + bpkwbpk + " is not active"); - addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive", request)); - return Constants.STRUTS_ERROR; - } - - //TODO: maybe remove this default value in a later version - boolean ismandateuser = false; - if (dbuser.isIsMandateUser() != null) - ismandateuser = dbuser.isIsMandateUser(); - - authUser = new AuthenticatedUser(dbuser, true, - ismandateuser, - true, - nameID.getValue(), - nameID.getFormat(), - sessionExpired); - - //store user as authenticated user - AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authUser); - - Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); - if (date != null) - authUser.setLastLogin(date);; - - dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - } catch (MOADatabaseException e) { - log.warn("UserDatabase communicaton error", e); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - finally { - } - - HttpSession newsession = generateNewJSession(request); - newsession.setAttribute(Constants.SESSION_AUTH, authUser); - return Constants.STRUTS_SUCCESS; - - } - } - - log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found."); - addActionError(LanguageHelper.getErrorString("error.login.internal", request)); - return Constants.STRUTS_ERROR; - - } else { - log.info("Receive Error Assertion."); - addActionError(LanguageHelper.getErrorString("error.login", request)); - return Constants.STRUTS_ERROR; - } - - } catch (Exception e) { - log.warn("An internal error occurs.", e); - addActionError(LanguageHelper.getErrorString("error.login.internal", request)); - return Constants.STRUTS_ERROR; - } - - } else { - log.info("Only http POST Requests can be used"); - addActionError(LanguageHelper.getErrorString("error.login.internal", request)); - return Constants.STRUTS_ERROR; - } - } - - public String requestNewUser() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (session == null) { - log.warn("No active Session found"); - return Constants.STRUTS_ERROR; - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - Object sessionformobj = session.getAttribute(Constants.SESSION_FORM); - if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) { - UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj; - - Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); - authUser = (AuthenticatedUser) authUserObj; - - if (user == null) { - log.warn("No form transmited"); - return Constants.STRUTS_ERROR; - } - - //get UserID - String useridobj = user.getUserID(); - long userID = -1; - if (MiscUtil.isEmpty(useridobj)) { - userID = -1; - - } else { - if (!ValidationHelper.validateOAID(useridobj)){ - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase ID " + useridobj); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - userID = Long.valueOf(useridobj); - } - - String check; - if (!sessionform.isIsmandateuser()) { - check = user.getInstitut(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Organisation contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(check)); - addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Organisation is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); - } - } - - check = user.getMail(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isEmailAddressFormat(check)) { - log.warn("Mailaddress is not valid: " + StringEscapeUtils.escapeHtml(check)); - addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Mailaddress is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); - } - - check = user.getPhone(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validatePhoneNumber(check)) { - log.warn("No valid Phone Number: " + StringEscapeUtils.escapeHtml(check)); - addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Phonenumber is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); - } - - if (hasActionErrors()) { - log.info("Some form errors found. Send user back to form"); - - user.setPVPGenerated(true); - user.setFamilyName(sessionform.getFamilyName()); - user.setGivenName(sessionform.getGivenName()); - user.setIsmandateuser(sessionform.isIsmandateuser()); - user.setBpk(sessionform.getBpk()); - - if (sessionform.isIsmandateuser()) - user.setInstitut(sessionform.getInstitut()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_NEWUSER; - } - - UserDatabase dbuser; - - if (userID < 0) { - dbuser = new UserDatabase(); - dbuser.setBpk(sessionform.getBpk()); - dbuser.setFamilyname(sessionform.getFamilyName()); - dbuser.setGivenname(sessionform.getGivenName()); - - if (sessionform.isIsmandateuser()) - dbuser.setInstitut(sessionform.getInstitut()); - else - dbuser.setInstitut(user.getInstitut()); - - dbuser.setIsPVP2Generated(true); - dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); - dbuser.setIsActive(false); - dbuser.setIsAdmin(false); - dbuser.setIsMandateUser(sessionform.isIsmandateuser()); - dbuser.setIsUsernamePasswordAllowed(false); - - } else - dbuser = configuration.getUserManagement().getUserWithID(userID); - - dbuser.setMail(user.getMail()); - dbuser.setPhone(user.getPhone()); - dbuser.setIsAdminRequest(true); - dbuser.setIsMailAddressVerified(false); - dbuser.setUserRequestTokken(Random.nextRandom()); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - MailHelper.sendUserMailAddressVerification(dbuser); - - } catch (MOADatabaseException e) { - log.warn("New UserRequest can not be stored in database", e); - return Constants.STRUTS_ERROR; - - } catch (ConfigurationException e) { - log.warn("Sending of mailaddress verification mail failed.", e); - addActionError(LanguageHelper.getErrorString("error.mail.send", request)); - return Constants.STRUTS_NEWUSER; - } - - finally { - session.setAttribute(Constants.SESSION_FORM, null); - session.setAttribute(Constants.SESSION_AUTH, null); - } - - addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); - - session.invalidate(); - - return Constants.STRUTS_SUCCESS; - - } else { - log.warn("No SessionForm found"); - return Constants.STRUTS_ERROR; - } - - } - - public String mailAddressVerification() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN); - if (MiscUtil.isNotEmpty(userrequesttokken)) { - - userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken); - - try { - Long.parseLong(userrequesttokken); - - } catch (NumberFormatException e) { - log.warn("Verificationtokken has no number format."); - return Constants.STRUTS_ERROR; - } - - UserDatabase dbuser = configuration.getUserManagement().getNewUserWithTokken(userrequesttokken); - if (dbuser != null) { - dbuser.setUserRequestTokken(null); - dbuser.setIsMailAddressVerified(true); - - if (dbuser.isIsActive()) - dbuser.setIsAdminRequest(false); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - int numoas = 0; - int numusers = 0; - - List<OnlineApplication> openOAs = configuration.getDbRead().getAllNewOnlineApplications(); - if (openOAs != null) - numoas = openOAs.size(); - - List<UserDatabase> openUsers = configuration.getUserManagement().getAllNewUsers(); - if (openUsers != null) - numusers = openUsers.size(); - - if (numusers > 0 || numoas > 0) - MailHelper.sendAdminMail(numoas, numusers); - - } catch (MOADatabaseException e) { - log.warn("Userinformation can not be stored in Database.", e); - addActionError(LanguageHelper.getErrorString("error.mail.verification", request)); - - } catch (ConfigurationException e) { - log.warn("Send mail to admin failed.", e); - } - - finally { - } - - addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress", request)); - return Constants.STRUTS_SUCCESS; - } - } - - return Constants.STRUTS_ERROR; - } - - public String logout() { - HttpSession session = request.getSession(false); - - if (session != null) { - if (MiscUtil.isNotEmpty((String)session.getAttribute(Constants.SESSION_SLOSUCCESS))) - addActionMessage((String)session.getAttribute(Constants.SESSION_SLOSUCCESS)); - - if (MiscUtil.isNotEmpty((String)session.getAttribute(Constants.SESSION_SLOERROR))) - addActionError((String)session.getAttribute(Constants.SESSION_SLOERROR)); - - session.invalidate(); - - } - - return Constants.STRUTS_SUCCESS; - } - - private HttpSession generateNewJSession(HttpServletRequest request) { - HttpSession session = request.getSession(false); - - if (session != null) { - - HashMap<String, Object> attributes = new HashMap<String,Object>(); - - Enumeration<String> enames = session.getAttributeNames(); - while (enames.hasMoreElements()) { - String name = enames.nextElement(); - if (!name.equals("JSESSIONID")) - attributes.put(name, session.getAttribute( name)); - } - session.invalidate(); - - session = request.getSession(true); - for (Entry<String,Object> et : attributes.entrySet()) - session.setAttribute( et.getKey(), et.getValue()); - - } else - session = request.getSession(true); - - return session; - } - - /** - * @return the password - */ - public String getPassword() { - return password; - } - - /** - * @param password the password to set - */ - public void setPassword(String password) { - this.password = password; - } - - /** - * @return the username - */ - public String getUsername() { - return username; - } - - /** - * @param username the username to set - */ - public void setUsername(String username) { - this.username = username; - } - - /** - * @return the user - */ - public UserDatabaseFrom getUser() { - return user; - } - - /** - * @param user the user to set - */ - public void setUser(UserDatabaseFrom user) { - this.user = user; - } - - /** - * @return the ssologouturl - */ - public String getSsologouturl() { - return ssologouturl; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - - /** - * @return the pvp2LoginActiv - */ - public boolean isPvp2LoginActiv() { - return pvp2LoginActiv; - } - - + + /** + * @throws ConfigurationException + */ + + private static final long serialVersionUID = -2781497863862504896L; + + private String password; + private String username; + private UserDatabaseFrom user = null; + private String formID; + + private String ssologouturl; + + private boolean pvp2LoginActiv = false; + + public IndexAction() throws BasicActionException { + super(); + } + + public String start() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + pvp2LoginActiv = configuration.isPVP2LoginActive(); + + if (session.getAttribute(Constants.SESSION_I18n) == null) { + session.setAttribute(Constants.SESSION_I18n, + Locale.forLanguageTag(configuration.getDefaultLanguage())); + } + + if (configuration.isLoginDeaktivated()) { + return "loginWithOutAuth"; + + } else { + return Constants.STRUTS_SUCCESS; + + } + } + + public String authenticate() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + pvp2LoginActiv = configuration.isPVP2LoginActive(); + + String key = null; + + if (MiscUtil.isNotEmpty(username)) { + if (ValidationHelper.containsNotValidCharacter(username, false)) { + log.warn("Username contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(username)); + addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("Username is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); + return Constants.STRUTS_ERROR; + } + + if (MiscUtil.isEmpty(password)) { + log.warn("Password is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); + return Constants.STRUTS_ERROR; + + } else { + key = AuthenticationHelper.generateKeyFormPassword(password); + if (key == null) { + addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); + return Constants.STRUTS_ERROR; + } + } + + final UserDatabase dbuser = configuration.getUserManagement().getUserWithUserName(username); + if (dbuser == null) { + log.warn("Unknown Username"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); + return Constants.STRUTS_ERROR; + + } else { + // TODO: maybe remove this default value in a later version + if (dbuser.isIsUsernamePasswordAllowed() == null) { + dbuser.setIsUsernamePasswordAllowed(true); + } + + if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) { + log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + + " is not active or Username/Password login is not allowed"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); + return Constants.STRUTS_ERROR; + } + + if (!dbuser.getPassword().equals(key)) { + log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " use a false password"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); + return Constants.STRUTS_ERROR; + } + + // TODO: maybe remove this default value in a later version + boolean ismandateuser = false; + if (dbuser.isIsMandateUser() != null) { + ismandateuser = dbuser.isIsMandateUser(); + } + + final int sessionTimeOut = session.getMaxInactiveInterval(); + final Date sessionExpired = new Date(new Date().getTime() + + sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS); + + final AuthenticatedUser authuser = new AuthenticatedUser(dbuser, + true, + ismandateuser, + false, + dbuser.getHjid() + "dbID", + "username/password", + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authuser); + + final Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + if (date != null) { + authuser.setLastLogin(date); + } + + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + } catch (final MOADatabaseException e) { + log.warn("UserDatabase communicaton error", e); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } finally { + } + + final HttpSession session = generateNewJSession(request); + session.setAttribute(Constants.SESSION_AUTH, authuser); + + return Constants.STRUTS_SUCCESS; + } + } + + public String pvp2login() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final String method = request.getMethod(); + if (session == null) { + log.info("NO HTTP Session"); + return Constants.STRUTS_ERROR; + } + + final String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); + session.setAttribute(Constants.SESSION_PVP2REQUESTID, null); + + if (method.equals("POST")) { + + try { + pvp2LoginActiv = configuration.isPVP2LoginActive(); + + // Decode with HttpPost Binding + final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + final BasicSAMLMessageContext<Response, ?, ?> messageContext = + new BasicSAMLMessageContext<>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + request)); + decode.decode(messageContext); + + final Response samlResponse = (Response) messageContext.getInboundMessage(); + + // ckeck InResponseTo matchs requestID + if (MiscUtil.isEmpty(authID)) { + log.info("NO AuthRequestID"); + return Constants.STRUTS_ERROR; + } + + if (!authID.equals(samlResponse.getInResponseTo())) { + log.warn("PVPRequestID does not match PVP2 Assertion ID!"); + return Constants.STRUTS_ERROR; + + } + + // check response destination + String serviceURL = configuration.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + final String responseDestination = samlResponse.getDestination(); + if (MiscUtil.isEmpty(responseDestination) || + !responseDestination.equals(serviceURL + Constants.SERVLET_PVP2ASSERTION)) { + log.warn("PVPResponse destination does not match requested destination"); + return Constants.STRUTS_ERROR; + } + + // check if response is signed + final Signature sign = samlResponse.getSignature(); + if (sign == null) { + log.info("Only http POST Requests can be used"); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } + + // validate signature + PVP2Utils.validateSignature(samlResponse, configuration); + + log.info("PVP2 Assertion is valid"); + + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + List<org.opensaml.saml2.core.Assertion> saml2assertions = + new ArrayList<>(); + + // check encrypted Assertion + final List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions(); + if (encryAssertionList != null && encryAssertionList.size() > 0) { + // decrypt assertions + + log.debug("Found encryped assertion. Start decryption ..."); + + final KeyStore keyStore = configuration.getPVP2KeyStore(); + + final X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( + keyStore, + configuration.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + configuration.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + + final StaticKeyInfoCredentialResolver skicr = + new StaticKeyInfoCredentialResolver(authDecCredential); + + final ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); + encryptedKeyResolver.getResolverChain().add(new InlineEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver()); + + final Decrypter samlDecrypter = + new Decrypter(null, skicr, encryptedKeyResolver); + + for (final EncryptedAssertion encAssertion : encryAssertionList) { + saml2assertions.add(samlDecrypter.decrypt(encAssertion)); + + } + + log.debug("Assertion decryption finished. "); + + } else { + saml2assertions = samlResponse.getAssertions(); + + } + + for (final org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + + final Conditions conditions = saml2assertion.getConditions(); + final DateTime notbefore = conditions.getNotBefore(); + final DateTime notafter = conditions.getNotOnOrAfter(); + if (notbefore.isAfterNow() || notafter.isBeforeNow()) { + log.warn("PVP2 Assertion is out of Date"); + return Constants.STRUTS_ERROR; + + } + + final Subject subject = saml2assertion.getSubject(); + if (subject == null) { + log.warn("Assertion has no Subject element"); + return Constants.STRUTS_ERROR; + + } + + final NameID nameID = subject.getNameID(); + if (nameID == null) { + log.warn("No NameID element in PVP2 assertion!"); + return Constants.STRUTS_ERROR; + } + + final String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue(); + + final int sessionTimeOut = session.getMaxInactiveInterval(); + final Date sessionExpired = new Date(new Date().getTime() + + sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS); + + // search user + final UserDatabase dbuser = configuration.getUserManagement().getUserWithUserBPKWBPK(bpkwbpk); + if (dbuser == null) { + log.info("No user found with bpk/wbpk " + bpkwbpk); + + // read PVP2 assertion attributes; + user = new UserDatabaseFrom(); + user.setActive(false); + user.setAdmin(false); + user.setBpk(bpkwbpk); + user.setIsusernamepasswordallowed(false); + user.setIsmandateuser(false); + user.setPVPGenerated(true); + + // loop through the nodes to get what we want + final List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); + for (final AttributeStatement attributeStatement : attributeStatements) { + final List<Attribute> attributes = attributeStatement.getAttributes(); + for (final Attribute attribute : attributes) { + final String strAttributeName = attribute.getDOM().getAttribute("Name"); + + if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) { + user.setFamilyName(attribute.getAttributeValues().get(0).getDOM().getFirstChild() + .getNodeValue()); + } + + if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) { + user.setGivenName(attribute.getAttributeValues().get(0).getDOM().getFirstChild() + .getNodeValue()); + } + + if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) { + user.setIsmandateuser(true); + } + + if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) { + user.setInstitut(attribute.getAttributeValues().get(0).getDOM().getFirstChild() + .getNodeValue()); + } + } + } + + // create AuthUser data element + authUser = AuthenticatedUser.generateUserRequestUser(user, + nameID.getValue(), + nameID.getFormat(), + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authUser); + + // set Random value + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_FORM, user); + session.setAttribute(Constants.SESSION_AUTH, authUser); + + return Constants.STRUTS_NEWUSER; + + } else { + if (!dbuser.isIsActive()) { + + if (!dbuser.isIsMailAddressVerified()) { + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + user = new UserDatabaseFrom(dbuser); + authUser = new AuthenticatedUser(dbuser, + false, + dbuser.isIsMandateUser(), + true, + nameID.getValue(), + nameID.getFormat(), + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authUser); + + session.setAttribute(Constants.SESSION_FORM, user); + session.setAttribute(Constants.SESSION_AUTH, authUser); + + return Constants.STRUTS_NEWUSER; + + } + + log.info("User with bpk/wbpk " + bpkwbpk + " is not active"); + addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive", request)); + return Constants.STRUTS_ERROR; + } + + // TODO: maybe remove this default value in a later version + boolean ismandateuser = false; + if (dbuser.isIsMandateUser() != null) { + ismandateuser = dbuser.isIsMandateUser(); + } + + authUser = new AuthenticatedUser(dbuser, true, + ismandateuser, + true, + nameID.getValue(), + nameID.getFormat(), + sessionExpired); + + // store user as authenticated user + final AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.setActiveUser(authUser); + + final Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + if (date != null) { + authUser.setLastLogin(date); + } + + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + } catch (final MOADatabaseException e) { + log.warn("UserDatabase communicaton error", e); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } finally { + } + + final HttpSession newsession = generateNewJSession(request); + newsession.setAttribute(Constants.SESSION_AUTH, authUser); + return Constants.STRUTS_SUCCESS; + + } + } + + log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found."); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); + return Constants.STRUTS_ERROR; + + } else { + log.info("Receive Error Assertion."); + addActionError(LanguageHelper.getErrorString("error.login", request)); + return Constants.STRUTS_ERROR; + } + + } catch (final Exception e) { + log.warn("An internal error occurs.", e); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); + return Constants.STRUTS_ERROR; + } + + } else { + log.info("Only http POST Requests can be used"); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); + return Constants.STRUTS_ERROR; + } + } + + public String requestNewUser() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (session == null) { + log.warn("No active Session found"); + return Constants.STRUTS_ERROR; + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final Object sessionformobj = session.getAttribute(Constants.SESSION_FORM); + if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) { + final UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj; + + final Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + if (user == null) { + log.warn("No form transmited"); + return Constants.STRUTS_ERROR; + } + + // get UserID + final String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + String check; + if (!sessionform.isIsmandateuser()) { + check = user.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + StringEscapeUtils.escapeHtml( + check)); + addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Organisation is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); + } + } + + check = user.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + log.warn("Mailaddress is not valid: " + StringEscapeUtils.escapeHtml(check)); + addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Mailaddress is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); + } + + check = user.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validatePhoneNumber(check)) { + log.warn("No valid Phone Number: " + StringEscapeUtils.escapeHtml(check)); + addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Phonenumber is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); + } + + if (hasActionErrors()) { + log.info("Some form errors found. Send user back to form"); + + user.setPVPGenerated(true); + user.setFamilyName(sessionform.getFamilyName()); + user.setGivenName(sessionform.getGivenName()); + user.setIsmandateuser(sessionform.isIsmandateuser()); + user.setBpk(sessionform.getBpk()); + + if (sessionform.isIsmandateuser()) { + user.setInstitut(sessionform.getInstitut()); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_NEWUSER; + } + + UserDatabase dbuser; + + if (userID < 0) { + dbuser = new UserDatabase(); + dbuser.setBpk(sessionform.getBpk()); + dbuser.setFamilyname(sessionform.getFamilyName()); + dbuser.setGivenname(sessionform.getGivenName()); + + if (sessionform.isIsmandateuser()) { + dbuser.setInstitut(sessionform.getInstitut()); + } else { + dbuser.setInstitut(user.getInstitut()); + } + + dbuser.setIsPVP2Generated(true); + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + dbuser.setIsActive(false); + dbuser.setIsAdmin(false); + dbuser.setIsMandateUser(sessionform.isIsmandateuser()); + dbuser.setIsUsernamePasswordAllowed(false); + + } else { + dbuser = configuration.getUserManagement().getUserWithID(userID); + } + + dbuser.setMail(user.getMail()); + dbuser.setPhone(user.getPhone()); + dbuser.setIsAdminRequest(true); + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + MailHelper.sendUserMailAddressVerification(dbuser); + + } catch (final MOADatabaseException e) { + log.warn("New UserRequest can not be stored in database", e); + return Constants.STRUTS_ERROR; + + } catch (final ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + addActionError(LanguageHelper.getErrorString("error.mail.send", request)); + return Constants.STRUTS_NEWUSER; + } + + finally { + session.setAttribute(Constants.SESSION_FORM, null); + session.setAttribute(Constants.SESSION_AUTH, null); + } + + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); + + session.invalidate(); + + return Constants.STRUTS_SUCCESS; + + } else { + log.warn("No SessionForm found"); + return Constants.STRUTS_ERROR; + } + + } + + public String mailAddressVerification() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN); + if (MiscUtil.isNotEmpty(userrequesttokken)) { + + userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken); + + try { + Long.parseLong(userrequesttokken); + + } catch (final NumberFormatException e) { + log.warn("Verificationtokken has no number format."); + return Constants.STRUTS_ERROR; + } + + final UserDatabase dbuser = configuration.getUserManagement().getNewUserWithTokken(userrequesttokken); + if (dbuser != null) { + dbuser.setUserRequestTokken(null); + dbuser.setIsMailAddressVerified(true); + + if (dbuser.isIsActive()) { + dbuser.setIsAdminRequest(false); + } + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + int numoas = 0; + int numusers = 0; + + final List<OnlineApplication> openOAs = configuration.getDbRead().getAllNewOnlineApplications(); + if (openOAs != null) { + numoas = openOAs.size(); + } + + final List<UserDatabase> openUsers = configuration.getUserManagement().getAllNewUsers(); + if (openUsers != null) { + numusers = openUsers.size(); + } + + if (numusers > 0 || numoas > 0) { + MailHelper.sendAdminMail(numoas, numusers); + } + + } catch (final MOADatabaseException e) { + log.warn("Userinformation can not be stored in Database.", e); + addActionError(LanguageHelper.getErrorString("error.mail.verification", request)); + + } catch (final ConfigurationException e) { + log.warn("Send mail to admin failed.", e); + } + + finally { + } + + addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress", request)); + return Constants.STRUTS_SUCCESS; + } + } + + return Constants.STRUTS_ERROR; + } + + public String logout() { + final HttpSession session = request.getSession(false); + + if (session != null) { + if (MiscUtil.isNotEmpty((String) session.getAttribute(Constants.SESSION_SLOSUCCESS))) { + addActionMessage((String) session.getAttribute(Constants.SESSION_SLOSUCCESS)); + } + + if (MiscUtil.isNotEmpty((String) session.getAttribute(Constants.SESSION_SLOERROR))) { + addActionError((String) session.getAttribute(Constants.SESSION_SLOERROR)); + } + + session.invalidate(); + + } + + return Constants.STRUTS_SUCCESS; + } + + private HttpSession generateNewJSession(HttpServletRequest request) { + HttpSession session = request.getSession(false); + + if (session != null) { + + final HashMap<String, Object> attributes = new HashMap<>(); + + final Enumeration<String> enames = session.getAttributeNames(); + while (enames.hasMoreElements()) { + final String name = enames.nextElement(); + if (!name.equals("JSESSIONID")) { + attributes.put(name, session.getAttribute(name)); + } + } + session.invalidate(); + + session = request.getSession(true); + for (final Entry<String, Object> et : attributes.entrySet()) { + session.setAttribute(et.getKey(), et.getValue()); + } + + } else { + session = request.getSession(true); + } + + return session; + } + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * @param password the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * @return the username + */ + public String getUsername() { + return username; + } + + /** + * @param username the username to set + */ + public void setUsername(String username) { + this.username = username; + } + + /** + * @return the user + */ + public UserDatabaseFrom getUser() { + return user; + } + + /** + * @param user the user to set + */ + public void setUser(UserDatabaseFrom user) { + this.user = user; + } + + /** + * @return the ssologouturl + */ + public String getSsologouturl() { + return ssologouturl; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } + + /** + * @return the pvp2LoginActiv + */ + public boolean isPvp2LoginActiv() { + return pvp2LoginActiv; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index 180f32235..3918dfc16 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.ArrayList; import java.util.List; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber; @@ -46,438 +44,444 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class InterfederationIDPAction extends BasicOAAction { - private static final Logger log = Logger.getLogger(InterfederationIDPAction.class); - private static final long serialVersionUID = 2879192135387083131L; - - public static final String STRUTS_IDP_VIDP = "-VIDP"; - public static final String STRUTS_IDP_MOA = "-MOAIDP"; - public static final String STRUTS_IDP_GATEWAY = "-IDPGATEWAY"; - - private List<OAListElement> formOAs; - - private String interfederationType; - - public InterfederationIDPAction() { - super(); - - } - - public String listAllIDPs() { - try { - populateBasicInformations(); - - if (authUser.isAdmin()) { - List<OnlineApplication> dbOAs = configuration.getDbRead().getAllOnlineApplications(); - - if (dbOAs == null || dbOAs.size() == 0) { - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); - - } else { - formOAs = FormDataHelper.populateFormWithInderfederationIDPs(dbOAs); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.main.name()); - - return Constants.STRUTS_SUCCESS; - - } else { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String newIDP() { - log.debug("insert new interfederation IDP"); - - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - populateBasicNewOnlineApplicationInformation(); - - if (STRUTS_IDP_MOA.equals(interfederationType)) { - formList.putAll(MOAIDPAction.buildMOAIDPFormList()); - - } else if (STRUTS_IDP_GATEWAY.equals(interfederationType)) { - formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); - - } else if (STRUTS_IDP_VIDP.equals(interfederationType)) { - formList.putAll(VIDPAction.buildVIDPFormList()); - getStorkOA().setVidpEnabled(true); - getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); - - } else { - log.warn("Unkown interfederation IDP type"); - addActionError("Unkown interfederation IDP type"); - return Constants.STRUTS_ERROR; - } - - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - - return Constants.STRUTS_OA_EDIT + interfederationType; - - } - - public String loadIDPInformation() { - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - OnlineApplication oa = populateOnlineApplicationFromRequest(); - - if (oa.isIsInterfederationIDP() != null - && oa.isIsInterfederationIDP()) { - - formList.putAll(MOAIDPAction.buildMOAIDPFormList()); - interfederationType = STRUTS_IDP_MOA; - - } else if (oa.getAuthComponentOA().getOASTORK() != null - && oa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && oa.getAuthComponentOA().getOASTORK().isVidpEnabled()) { - - formList.putAll(VIDPAction.buildVIDPFormList()); - if (getStorkOA().getAttributeProviderPlugins() == null || - getStorkOA().getAttributeProviderPlugins().size() == 0) - getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); - interfederationType = STRUTS_IDP_VIDP; - - } else if (oa.isIsInterfederationGateway() != null && oa.isIsInterfederationGateway()) { - formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); - interfederationType = STRUTS_IDP_GATEWAY; - - } else { - log.warn("Requested application is not an interfederation IDP."); - return Constants.STRUTS_NOTALLOWED; - } - - parseOAToForm(oa); - return Constants.STRUTS_SUCCESS + interfederationType; - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String saveIDP() { - - OnlineApplication onlineapplication= null; - - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - onlineapplication = preProcessSaveOnlineApplication(); - - if ( onlineapplication != null && - !((onlineapplication.isIsInterfederationIDP() != null && onlineapplication.isIsInterfederationIDP()) || - (onlineapplication.isIsInterfederationGateway() != null && onlineapplication.isIsInterfederationGateway()) || - (onlineapplication.getAuthComponentOA().getOASTORK() != null - && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled()))) { - log.warn("IDP which should be stored is not of type interfederation IDP."); - addActionError("IDP which should be stored is not of type MOA-ID interfederation IDP."); - return Constants.STRUTS_ERROR; - - } - - List<String> errors = new ArrayList<String>(); - - //validate forms - for (IOnlineApplicationData form : formList.values()) - errors.addAll(form.validate(getGeneralOA(), authUser, request)); - - - if (getPvp2OA() != null) { - boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA().getMetaDataURL()); - if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) { - log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService."); - errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.metadataurl.publicservice", - new Object[] {getPvp2OA().getMetaDataURL()}, request )); - getGeneralOA().setBusinessService(true); - - } - } - - - if (errors.size() > 0) { - log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors."); - for (String el : errors) - addActionError(el); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - onlineapplication = postProcessSaveOnlineApplication(onlineapplication, - !(this instanceof MOAIDPAction)); - - //set default Target interfederated nameID caluclation - if (getPvp2OA() != null) { - if (getGeneralOA().isBusinessService()) { - IdentificationNumber businessID = onlineapplication.getAuthComponentOA().getIdentificationNumber(); - if (businessID == null) { - businessID = new IdentificationNumber(); - onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID); - } - businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP"); - } else - onlineapplication.setTarget("MOA-IDP"); - - try { - save(onlineapplication); - - } catch (MOADatabaseException e) { - log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); - } - } - } - - //remove session attributes - session.setAttribute(Constants.SESSION_OAID, null); - - addActionMessage(LanguageHelper.getGUIString("webpages.idp.success", getGeneralOA().getIdentifier(), request)); - return Constants.STRUTS_SUCCESS; - - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - } - - public String cancleAndBackIDP() { - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - session.setAttribute(Constants.SESSION_OAID, null); - addActionMessage(LanguageHelper.getGUIString("webpages.idp.cancle", getGeneralOA().getIdentifier(), request)); - - return Constants.STRUTS_SUCCESS; - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } finally { - - } - } - - public String deleteIDP() { - String oaidentifier = null; - try { - populateBasicInformations(); - - if (!authUser.isAdmin()) { - log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } - - oaidentifier = preProcessDeleteOnlineApplication(); - - session.setAttribute(Constants.SESSION_OAID, null); - OnlineApplication onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier); - + + private static final long serialVersionUID = 2879192135387083131L; + + public static final String STRUTS_IDP_VIDP = "-VIDP"; + public static final String STRUTS_IDP_MOA = "-MOAIDP"; + public static final String STRUTS_IDP_GATEWAY = "-IDPGATEWAY"; + + private List<OAListElement> formOAs; + + private String interfederationType; + + public InterfederationIDPAction() { + super(); + + } + + public String listAllIDPs() { + try { + populateBasicInformations(); + + if (authUser.isAdmin()) { + final List<OnlineApplication> dbOAs = configuration.getDbRead().getAllOnlineApplications(); + + if (dbOAs == null || dbOAs.size() == 0) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + formOAs = FormDataHelper.populateFormWithInderfederationIDPs(dbOAs); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + return Constants.STRUTS_SUCCESS; + + } else { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String newIDP() { + log.debug("insert new interfederation IDP"); + + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + populateBasicNewOnlineApplicationInformation(); + + if (STRUTS_IDP_MOA.equals(interfederationType)) { + formList.putAll(MOAIDPAction.buildMOAIDPFormList()); + + } else if (STRUTS_IDP_GATEWAY.equals(interfederationType)) { + formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); + + } else if (STRUTS_IDP_VIDP.equals(interfederationType)) { + formList.putAll(VIDPAction.buildVIDPFormList()); + getStorkOA().setVidpEnabled(true); + getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap()); + + } else { + log.warn("Unkown interfederation IDP type"); + addActionError("Unkown interfederation IDP type"); + return Constants.STRUTS_ERROR; + } + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + + return Constants.STRUTS_OA_EDIT + interfederationType; + + } + + public String loadIDPInformation() { + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + final OnlineApplication oa = populateOnlineApplicationFromRequest(); + + if (oa.isIsInterfederationIDP() != null + && oa.isIsInterfederationIDP()) { + + formList.putAll(MOAIDPAction.buildMOAIDPFormList()); + interfederationType = STRUTS_IDP_MOA; + + } else if (oa.getAuthComponentOA().getOASTORK() != null + && oa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && oa.getAuthComponentOA().getOASTORK().isVidpEnabled()) { + + formList.putAll(VIDPAction.buildVIDPFormList()); + if (getStorkOA().getAttributeProviderPlugins() == null || + getStorkOA().getAttributeProviderPlugins().size() == 0) { + getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + } + interfederationType = STRUTS_IDP_VIDP; + + } else if (oa.isIsInterfederationGateway() != null && oa.isIsInterfederationGateway()) { + formList.putAll(IDPGatewayAction.buildIDPGatewayFormList()); + interfederationType = STRUTS_IDP_GATEWAY; + + } else { + log.warn("Requested application is not an interfederation IDP."); + return Constants.STRUTS_NOTALLOWED; + } + + parseOAToForm(oa); + return Constants.STRUTS_SUCCESS + interfederationType; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String saveIDP() { + + OnlineApplication onlineapplication = null; + + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + onlineapplication = preProcessSaveOnlineApplication(); + + if (onlineapplication != null && + !(onlineapplication.isIsInterfederationIDP() != null && onlineapplication.isIsInterfederationIDP() + || + onlineapplication.isIsInterfederationGateway() != null && onlineapplication + .isIsInterfederationGateway() || + onlineapplication.getAuthComponentOA().getOASTORK() != null + && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled())) { + log.warn("IDP which should be stored is not of type interfederation IDP."); + addActionError("IDP which should be stored is not of type MOA-ID interfederation IDP."); + return Constants.STRUTS_ERROR; + + } + + final List<String> errors = new ArrayList<>(); + + // validate forms + for (final IOnlineApplicationData form : formList.values()) { + errors.addAll(form.validate(getGeneralOA(), authUser, request)); + } + + if (getPvp2OA() != null) { + final boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA() + .getMetaDataURL()); + if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) { + log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService."); + errors.add(LanguageHelper.getErrorString( + "validation.interfederation.moaidp.metadataurl.publicservice", + new Object[] { getPvp2OA().getMetaDataURL() }, request)); + getGeneralOA().setBusinessService(true); + + } + } + + if (errors.size() > 0) { + log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors."); + for (final String el : errors) { + addActionError(el); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + onlineapplication = postProcessSaveOnlineApplication(onlineapplication, + !(this instanceof MOAIDPAction)); + + // set default Target interfederated nameID caluclation + if (getPvp2OA() != null) { + if (getGeneralOA().isBusinessService()) { + IdentificationNumber businessID = onlineapplication.getAuthComponentOA() + .getIdentificationNumber(); + if (businessID == null) { + businessID = new IdentificationNumber(); + onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID); + } + businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP"); + } else { + onlineapplication.setTarget("MOA-IDP"); + } + + try { + save(onlineapplication); + + } catch (final MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + } + } + } + + // remove session attributes + session.setAttribute(Constants.SESSION_OAID, null); + + addActionMessage(LanguageHelper.getGUIString("webpages.idp.success", getGeneralOA().getIdentifier(), + request)); + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } finally { + + } + } + + public String cancleAndBackIDP() { + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + session.setAttribute(Constants.SESSION_OAID, null); + addActionMessage(LanguageHelper.getGUIString("webpages.idp.cancle", getGeneralOA().getIdentifier(), + request)); + + return Constants.STRUTS_SUCCESS; + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } finally { + + } + } + + public String deleteIDP() { + String oaidentifier = null; + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + oaidentifier = preProcessDeleteOnlineApplication(); + + session.setAttribute(Constants.SESSION_OAID, null); + final OnlineApplication onlineapplication = configuration.getDbRead().getOnlineApplication( + oaidentifier); + // try { // if (onlineapplication.getAuthComponentOA().getOAPVP2() != null && // MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { // MOAIDConfiguration moaconfig = configuration.getDbRead().getMOAIDConfiguration(); // moaconfig.setPvp2RefreshItem(new Date()); // ConfigurationDBUtils.saveOrUpdate(moaconfig); -// +// // } // } catch (Throwable e) { // log.info("Found no MetadataURL in OA-Databaseconfig!", e); // } - - if (delete(onlineapplication)) { - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, request)); - return Constants.STRUTS_SUCCESS; - - } else { - addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request)); - return Constants.STRUTS_SUCCESS; - } - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } catch (BasicOAActionException e) { - addActionError(e.getStrutsError()); - return e.getStrutsReturnValue(); - - } finally { - - } - - } - - /** - * @param oa - */ - private void parseOAToForm(OnlineApplication oa) { - List<String> errors = new ArrayList<String>(); - for (IOnlineApplicationData form : formList.values()) { - List<String> error = form.parse(oa, authUser, request); - if (error != null) - errors.addAll(error); - } - if (errors.size() > 0) { - for (String el : errors) - addActionError(el); - } - setNewOA(false); - + if (delete(onlineapplication)) { + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, + request)); + return Constants.STRUTS_SUCCESS; - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_OAID, oaid); - } - - /** - * @return the formOAs - */ - public List<OAListElement> getFormOAs() { - return formOAs; - } - - public OAMOAIDPInterfederationConfig getMoaIDP() { - return (OAMOAIDPInterfederationConfig) formList.get(new OAMOAIDPInterfederationConfig().getName()); - } + } else { + addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request)); + return Constants.STRUTS_SUCCESS; + } - public void setMoaIDP(OAMOAIDPInterfederationConfig pvp2oa) { - formList.put(pvp2oa.getName(), pvp2oa); - } + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; - public PVPGatewayInterfederationConfig getPVPGateway() { - return (PVPGatewayInterfederationConfig) formList.get(new PVPGatewayInterfederationConfig().getName()); - } - - public void setPVPGateway(PVPGatewayInterfederationConfig val) { - formList.put(val.getName(), val); - } - - /** - * @return the formOA - */ - public OATargetConfiguration getTargetConfig() { - return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName()); - } + } catch (final BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); - /** - * @param formOA the formOA to set - */ - public void setTargetConfig(OATargetConfiguration formOA) { - formList.put(formOA.getName(), formOA); - } - - /** - * @return the formOA - */ - public FormularCustomization getFormOA() { - return (FormularCustomization) formList.get(new FormularCustomization(null).getName()); - } + } finally { - /** - * @param formOA the formOA to set - */ - public void setFormOA(FormularCustomization formOA) { - formList.put(formOA.getName(), formOA); - } - - public OASTORKConfig getStorkOA() { - return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); } - public void setStorkOA(OASTORKConfig storkOA) { - formList.put(storkOA.getName(), storkOA); + } + + /** + * @param oa + */ + private void parseOAToForm(OnlineApplication oa) { + final List<String> errors = new ArrayList<>(); + for (final IOnlineApplicationData form : formList.values()) { + final List<String> error = form.parse(oa, authUser, request); + if (error != null) { + errors.addAll(error); + } } - - - public OAAuthenticationData getAuthOA() { - return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName()); + if (errors.size() > 0) { + for (final String el : errors) { + addActionError(el); + } } - public void setAuthOA(OAAuthenticationData generalOA) { - formList.put(generalOA.getName(), generalOA); - } - - - /** - * @return the interfederationType - */ - public String getInterfederationType() { - return interfederationType; - } - - /** - * @param interfederationType the interfederationType to set - */ - public void setInterfederationType(String interfederationType) { - this.interfederationType = interfederationType; - } - - - + setNewOA(false); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_OAID, oaid); + } + + /** + * @return the formOAs + */ + public List<OAListElement> getFormOAs() { + return formOAs; + } + + public OAMOAIDPInterfederationConfig getMoaIDP() { + return (OAMOAIDPInterfederationConfig) formList.get(new OAMOAIDPInterfederationConfig().getName()); + } + + public void setMoaIDP(OAMOAIDPInterfederationConfig pvp2oa) { + formList.put(pvp2oa.getName(), pvp2oa); + } + + public PVPGatewayInterfederationConfig getPVPGateway() { + return (PVPGatewayInterfederationConfig) formList.get(new PVPGatewayInterfederationConfig().getName()); + } + + public void setPVPGateway(PVPGatewayInterfederationConfig val) { + formList.put(val.getName(), val); + } + + /** + * @return the formOA + */ + public OATargetConfiguration getTargetConfig() { + return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setTargetConfig(OATargetConfiguration formOA) { + formList.put(formOA.getName(), formOA); + } + + /** + * @return the formOA + */ + public FormularCustomization getFormOA() { + return (FormularCustomization) formList.get(new FormularCustomization(null).getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setFormOA(FormularCustomization formOA) { + formList.put(formOA.getName(), formOA); + } + + public OASTORKConfig getStorkOA() { + return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); + } + + public void setStorkOA(OASTORKConfig storkOA) { + formList.put(storkOA.getName(), storkOA); + } + + public OAAuthenticationData getAuthOA() { + return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName()); + } + + public void setAuthOA(OAAuthenticationData generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + /** + * @return the interfederationType + */ + public String getInterfederationType() { + return interfederationType; + } + + /** + * @param interfederationType the interfederationType to set + */ + public void setInterfederationType(String interfederationType) { + this.interfederationType = interfederationType; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index ca018d5b0..11be61bb6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -25,179 +25,162 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.ArrayList; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; - -import com.opensymphony.xwork2.ActionSupport; - -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; -import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class ListOAsAction extends BasicAction { - - private final Logger log = Logger.getLogger(ListOAsAction.class); - - private static final long serialVersionUID = 1L; - - private List<OAListElement> formOAs; - private String friendlyname; - - public ListOAsAction() throws ConfigurationException { + + private static final long serialVersionUID = 1L; + + private List<OAListElement> formOAs; + private String friendlyname; + + public ListOAsAction() throws ConfigurationException { // configuration = ConfigurationProvider.getInstance(); - } - - - public String listAllOnlineAppliactions() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - List<OnlineApplication> dbOAs = null; - - if (authUser.isAdmin()) { - dbOAs = configuration.getDbRead().getAllOnlineApplications(); - - } else { - UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - - if (authUserDB != null) { - for (String el : authUserDB.getOnlineApplication()) { - dbOAs.add(configuration.getDbRead().getOnlineApplication(Long.valueOf(el))); - - } - } - } - - if (dbOAs == null || dbOAs.size() == 0) { - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); - - } else { - formOAs = FormDataHelper.populateFormWithOAs(dbOAs); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.main.name()); - - - return Constants.STRUTS_SUCCESS; - } - - public String searchOAInit() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - formOAs = null; - friendlyname = ""; - - return Constants.STRUTS_SUCCESS; - - } - - public String searchOA() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (MiscUtil.isEmpty(friendlyname)) { - log.info("SearchOA textfield is empty"); - addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); - return Constants.STRUTS_SUCCESS; - - } else { - if (ValidationHelper.containsNotValidCharacter(friendlyname, false)) { - log.warn("SearchOA textfield contains potential XSS characters"); - addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request)); - return Constants.STRUTS_SUCCESS; - } - } - - List<OnlineApplication> dbOAs = null; - - if (authUser.isAdmin()) { - dbOAs = configuration.getDbRead().searchOnlineApplications(friendlyname); - - } else { - UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (authUserDB != null) { - List<String> alldbOAs = authUserDB.getOnlineApplication(); - - dbOAs = new ArrayList<OnlineApplication>(); - - for (String el : alldbOAs) { - OnlineApplication oa = configuration.getDbRead().getOnlineApplication(Long.valueOf(el)); - - if (oa.getPublicURLPrefix() - .toLowerCase().indexOf(friendlyname.toLowerCase()) > -1) - dbOAs.add(oa); - } - } - } - - if (dbOAs == null || dbOAs.size() == 0) { - log.debug("No IDPs found with Identifier " + friendlyname); - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); - - } else { - formOAs = FormDataHelper.populateFormWithOAs(dbOAs); - - } - - - return Constants.STRUTS_SUCCESS; - } - - /** - * @return the formOAs - */ - public List<OAListElement> getFormOAs() { - return formOAs; - } - - - /** - * @return the friendlyname - */ - public String getFriendlyname() { - return friendlyname; - } - - - /** - * @param friendlyname the friendlyname to set - */ - public void setFriendlyname(String friendlyname) { - this.friendlyname = friendlyname; - } - - + } + + public String listAllOnlineAppliactions() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + List<OnlineApplication> dbOAs = null; + + if (authUser.isAdmin()) { + dbOAs = configuration.getDbRead().getAllOnlineApplications(); + + } else { + final UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + if (authUserDB != null) { + for (final String el : authUserDB.getOnlineApplication()) { + dbOAs.add(configuration.getDbRead().getOnlineApplication(Long.valueOf(el))); + + } + } + } + + if (dbOAs == null || dbOAs.size() == 0) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + return Constants.STRUTS_SUCCESS; + } + + public String searchOAInit() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + formOAs = null; + friendlyname = ""; + + return Constants.STRUTS_SUCCESS; + + } + + public String searchOA() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (MiscUtil.isEmpty(friendlyname)) { + log.info("SearchOA textfield is empty"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); + return Constants.STRUTS_SUCCESS; + + } else { + if (ValidationHelper.containsNotValidCharacter(friendlyname, false)) { + log.warn("SearchOA textfield contains potential XSS characters"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + return Constants.STRUTS_SUCCESS; + } + } + + List<OnlineApplication> dbOAs = null; + + if (authUser.isAdmin()) { + dbOAs = configuration.getDbRead().searchOnlineApplications(friendlyname); + + } else { + final UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (authUserDB != null) { + final List<String> alldbOAs = authUserDB.getOnlineApplication(); + + dbOAs = new ArrayList<>(); + + for (final String el : alldbOAs) { + final OnlineApplication oa = configuration.getDbRead().getOnlineApplication(Long.valueOf(el)); + + if (oa.getPublicURLPrefix() + .toLowerCase().indexOf(friendlyname.toLowerCase()) > -1) { + dbOAs.add(oa); + } + } + } + } + + if (dbOAs == null || dbOAs.size() == 0) { + log.debug("No IDPs found with Identifier " + friendlyname); + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); + + } + + return Constants.STRUTS_SUCCESS; + } + + /** + * @return the formOAs + */ + public List<OAListElement> getFormOAs() { + return formOAs; + } + + /** + * @return the friendlyname + */ + public String getFriendlyname() { + return friendlyname; + } + + /** + * @param friendlyname the friendlyname to set + */ + public void setFriendlyname(String friendlyname) { + this.friendlyname = friendlyname; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java index 8c04a382a..ce3af689d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java @@ -34,26 +34,25 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; */ public class MOAIDPAction extends InterfederationIDPAction { - private static final long serialVersionUID = -2047128481980413334L; - - public MOAIDPAction() { - super(); - formList.putAll(buildMOAIDPFormList()); - } - - public static LinkedHashMap<String, IOnlineApplicationData> buildMOAIDPFormList() { - - LinkedHashMap<String, IOnlineApplicationData> forms = - new LinkedHashMap<String, IOnlineApplicationData>(); - - - OAPVP2Config pvp2OA = new OAPVP2Config(); - forms.put(pvp2OA.getName(), pvp2OA); - - OAMOAIDPInterfederationConfig moaidp = new OAMOAIDPInterfederationConfig(); - forms.put(moaidp.getName(), moaidp); - - return forms; - } + private static final long serialVersionUID = -2047128481980413334L; + + public MOAIDPAction() { + super(); + formList.putAll(buildMOAIDPFormList()); + } + + public static LinkedHashMap<String, IOnlineApplicationData> buildMOAIDPFormList() { + + final LinkedHashMap<String, IOnlineApplicationData> forms = + new LinkedHashMap<>(); + + final OAPVP2Config pvp2OA = new OAPVP2Config(); + forms.put(pvp2OA.getName(), pvp2OA); + + final OAMOAIDPInterfederationConfig moaidp = new OAMOAIDPInterfederationConfig(); + forms.put(moaidp.getName(), moaidp); + + return forms; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java index ea6f17fc7..785eb583a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java @@ -22,41 +22,41 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class MainAction extends BasicAction { - - private static final long serialVersionUID = 221178766809263908L; - - private static final Logger log = Logger.getLogger(MainAction.class); - - public String changeLanguage() { - - return Constants.STRUTS_SUCCESS; - } - - public String generateMainFrame() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (hasActionMessages()) - setActionMessages(getActionMessages()); - - if (hasActionErrors()) - setActionErrors(getActionErrors()); - - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - return Constants.STRUTS_SUCCESS; - } - + + private static final long serialVersionUID = 221178766809263908L; + + public String changeLanguage() { + + return Constants.STRUTS_SUCCESS; + } + + public String generateMainFrame() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (hasActionMessages()) { + setActionMessages(getActionMessages()); + } + + if (hasActionErrors()) { + setActionErrors(getActionErrors()); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + return Constants.STRUTS_SUCCESS; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java index 26d4e13ab..e1965e951 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java @@ -24,81 +24,68 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; - -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; +import lombok.extern.slf4j.Slf4j; -import com.opensymphony.xwork2.ActionSupport; - +@Slf4j public class OpenAdminRequestsAction extends BasicAction { - - private static final Logger log = Logger.getLogger(OpenAdminRequestsAction.class); - - private static final long serialVersionUID = 1L; - - private List<OAListElement> formOAs = null; - private List<AuthenticatedUser> userlist = null; - - - public String init() { - - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (authUser.isAdmin()) { - - List<OnlineApplication> dbOAs = configuration.getDbRead().getAllNewOnlineApplications(); - if (dbOAs != null) { - formOAs = FormDataHelper.populateFormWithOAs(dbOAs); - } - - List<UserDatabase> dbUsers = configuration.getUserManagement().getAllNewUsers(); - if (dbUsers != null){ - userlist = FormDataHelper.addFormUsers(dbUsers); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()); - - return Constants.STRUTS_SUCCESS; - } else { - log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID()); - return Constants.STRUTS_NOTALLOWED; - } - - } - - - /** - * @return the formOAs - */ - public List<OAListElement> getFormOAs() { - return formOAs; - } - - - /** - * @return the userlist - */ - public List<AuthenticatedUser> getUserlist() { - return userlist; - } - + + private static final long serialVersionUID = 1L; + + private List<OAListElement> formOAs = null; + private List<AuthenticatedUser> userlist = null; + + public String init() { + + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (authUser.isAdmin()) { + + final List<OnlineApplication> dbOAs = configuration.getDbRead().getAllNewOnlineApplications(); + if (dbOAs != null) { + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); + } + + final List<UserDatabase> dbUsers = configuration.getUserManagement().getAllNewUsers(); + if (dbUsers != null) { + userlist = FormDataHelper.addFormUsers(dbUsers); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()); + + return Constants.STRUTS_SUCCESS; + } else { + log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID()); + return Constants.STRUTS_NOTALLOWED; + } + + } + + /** + * @return the formOAs + */ + public List<OAListElement> getFormOAs() { + return formOAs; + } + + /** + * @return the userlist + */ + public List<AuthenticatedUser> getUserlist() { + return userlist; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index 26afb0205..6a60b6816 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -26,14 +26,6 @@ import java.io.ByteArrayInputStream; import java.io.InputStream; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; - import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -49,564 +41,570 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; -import com.opensymphony.xwork2.ActionSupport; - +@Slf4j public class UserManagementAction extends BasicAction { - - private static final Logger log = Logger.getLogger(UserManagementAction.class); - - private static final long serialVersionUID = 1L; - - private List<AuthenticatedUser> userlist = null; - private UserDatabaseFrom user = null; - - private String useridobj = null; - private static boolean newUser = false; - private InputStream stream; - private String nextPage; - private String formID; - - public String init() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - if (session == null) { - log.info("No http Session found."); - return Constants.STRUTS_ERROR; - } - - if (authUser.isAdmin()) { - - log.info("Show NewserRequests"); - - log.info("Show UserList"); - - List<UserDatabase> dbuserlist = configuration.getUserManagement().getAllUsers(); - - if (dbuserlist != null) { - userlist = FormDataHelper.addFormUsers(dbuserlist); - } - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name()); - - return Constants.STRUTS_SUCCESS; - - } else { - log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame"); - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (dbuser == null) { - return Constants.STRUTS_REAUTHENTICATE; - } - user = new UserDatabaseFrom(dbuser); - - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.main.name()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_NOTALLOWED; - } - } - - public String createuser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - - if (authUser.isAdmin()) { - - user = new UserDatabaseFrom(); - - newUser = true; - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_SUCCESS; - - } else { - return Constants.STRUTS_NOTALLOWED; - } - } - - public String edituser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String - && MiscUtil.isNotEmpty((String)nextPageAttr) ) { - nextPage = (String) nextPageAttr; - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - } - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - if (authUser.isAdmin()) { - long userid = -1; - - if (!ValidationHelper.validateOAID(useridobj)) { - addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); - return Constants.STRUTS_ERROR; - } - userid = Long.valueOf(useridobj); - - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userid); - if (dbuser == null) { - log.info("No User with ID " + userid + " in Database");; - addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); - return Constants.STRUTS_ERROR; - } - user = new UserDatabaseFrom(dbuser); - - newUser = false; - - return Constants.STRUTS_SUCCESS; - - } else { - log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame"); - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - user = new UserDatabaseFrom(dbuser); - return Constants.STRUTS_SUCCESS; - } - } - - public String saveuser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - String useridobj = user.getUserID(); - long userID = -1; - if (MiscUtil.isEmpty(useridobj)) { - userID = -1; - - } else { - if (!ValidationHelper.validateOAID(useridobj)){ - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase ID " + useridobj); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - userID = Long.valueOf(useridobj); - } - - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); - - if( dbuser == null) { - dbuser = new UserDatabase(); - dbuser.setIsMandateUser(false); - dbuser.setIsAdminRequest(false); - dbuser.setIsPVP2Generated(false); - dbuser.setUserRequestTokken(null); - dbuser.setIsMailAddressVerified(false); - dbuser.setUsername(user.getUsername()); - } - - List<String> errors; - UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); - - boolean ispvp2 = false; - boolean ismandate = false; - if (dbuser.isIsPVP2Generated() != null) - ispvp2 = dbuser.isIsPVP2Generated(); - - if (dbuser.isIsMandateUser() != null) - ismandate = dbuser.isIsMandateUser(); - - errors = validator.validate(user, userID, ispvp2, ismandate, request); - - if (errors.size() > 0) { - log.info("UserDataForm has some erros."); - for (String el : errors) - addActionError(el); - user.setPassword(""); - - if (MiscUtil.isEmpty(user.getUsername())) - newUser = true; - - user.setIsmandateuser(ismandate); - user.setPVPGenerated(ispvp2); - if (dbuser.isIsUsernamePasswordAllowed() != null) - user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed()); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - return Constants.STRUTS_ERROR_VALIDATION; - } - - if (!authUser.isAdmin()) { - if (authUser.getUserID() != userID) { - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase Entry " + user.getUsername()); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - - } - - if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) { - dbuser.setIsMailAddressVerified(false); - dbuser.setUserRequestTokken(Random.nextRandom()); - - try { - MailHelper.sendUserMailAddressVerification(dbuser); - addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); - - } catch (ConfigurationException e) { - log.warn("Sending of mailaddress verification mail failed.", e); - addActionError(LanguageHelper.getErrorString("error.mail.send", request)); - } - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String - && MiscUtil.isNotEmpty((String)nextPageAttr) ) { - nextPage = (String) nextPageAttr; - - if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) && - user.isActive()) { - dbuser.setIsAdminRequest(false); - try { - if (dbuser.isIsMandateUser()) - MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), - dbuser.getInstitut(), user.getMail()); - else - MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), - null, user.getMail()); - - } catch (ConfigurationException e) { - log.warn("Send UserAccountActivation mail failed", e); - } - } - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - } - - String error = saveFormToDB(dbuser); - - if (error != null) { - log.warn("UserData can not be stored in Database"); - addActionError(error); - return Constants.STRUTS_SUCCESS; - } - - return Constants.STRUTS_SUCCESS; - } - - public String deleteuser() { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " - + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - String useridobj = user.getUserID(); - long userID = -1; - if (MiscUtil.isEmpty(useridobj)) { - userID = -1; - - } else { - if (!ValidationHelper.validateOAID(useridobj)){ - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase ID " + useridobj); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - userID = Long.valueOf(useridobj); - } - - if (!authUser.isAdmin()) { - if (authUser.getUserID() != userID) { - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase Entry " + user.getUsername()); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - } - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String - && MiscUtil.isNotEmpty((String)nextPageAttr) ) { - nextPage = (String) nextPageAttr; - session.setAttribute(Constants.SESSION_RETURNAREA, null); - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); - } - - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); - if (dbuser != null) { - dbuser.setOaIDs(null); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - configuration.getUserManagement().delete(dbuser); - - if (authUser.isAdmin()) { - MailHelper.sendUserAccountRevocationMail(dbuser); - } - - if (dbuser.getHjid().equals(String.valueOf(authUser.getUserID()))) { - return Constants.STRUTS_REAUTHENTICATE; - } - - } catch (MOADatabaseException e) { - log.warn("UserData can not be deleted from Database", e); - addActionError(e.getMessage()); - return Constants.STRUTS_SUCCESS; - - } catch (ConfigurationException e) { - log.warn("Information mail sending failed.", e); - addActionError(e.getMessage()); - return Constants.STRUTS_SUCCESS; - } - - finally { - } - } - - - return Constants.STRUTS_SUCCESS; - } - - public String sendVerificationMail () { - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - - String message = LanguageHelper.getErrorString("error.mail.send", request); - - if (authUser != null) { - UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - - if (dbuser != null) { - dbuser.setIsMailAddressVerified(false); - dbuser.setUserRequestTokken(Random.nextRandom()); - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - - MailHelper.sendUserMailAddressVerification(dbuser); - - message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message", request); - - } catch (ConfigurationException e) { - log.warn("Sending of mailaddress verification mail failed.", e); - message = LanguageHelper.getErrorString("error.mail.send", request); - - } catch (MOADatabaseException e) { - log.warn("Access UserInformationDatabase failed.", e); - } - } - } - - stream = new ByteArrayInputStream(message.getBytes()); - - return SUCCESS; - } - - private String saveFormToDB(UserDatabase dbuser) { - - dbuser.setMail(user.getMail()); - dbuser.setPhone(user.getPhone()); - - if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) { - dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed()); - - if (authUser.isAdmin()) { - dbuser.setIsActive(user.isActive()); - dbuser.setIsAdmin(user.isAdmin()); - - } - } - - if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) { - dbuser.setFamilyname(user.getFamilyName()); - dbuser.setGivenname(user.getGivenName()); - dbuser.setInstitut(user.getInstitut()); - - if (authUser.isAdmin()) { - dbuser.setBpk(user.getBpk()); - if ( user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID - + "X" + Constants.IDENIFICATIONTYPE_FN) || - user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID - + "X" + Constants.IDENIFICATIONTYPE_ZVR) || - user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID - + "X" + Constants.IDENIFICATIONTYPE_ERSB)) { - dbuser.setIsMandateUser(true); - } - } - - } else { - if (!dbuser.isIsMandateUser()) - dbuser.setInstitut(user.getInstitut()); - } - - if (dbuser.isIsUsernamePasswordAllowed()) { - - if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) - dbuser.setUsername(user.getUsername()); - - if (MiscUtil.isNotEmpty(user.getPassword())) { - String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); - if (key == null) { - return LanguageHelper.getErrorString("errors.edit.user.save", request); - } - dbuser.setPassword(key); - } - } - - try { - configuration.getUserManagement().saveOrUpdate(dbuser); - } catch (MOADatabaseException e) { - log.warn("User information can not be stored in Database.", e); - return LanguageHelper.getErrorString("errors.edit.user.save", request); - } - - return null; - } - - - /** - * @return the userlist - */ - public List<AuthenticatedUser> getUserlist() { - return userlist; - } - - /** - * @param userlist the userlist to set - */ - public void setUserlist(List<AuthenticatedUser> userlist) { - this.userlist = userlist; - } - - /** - * @return the user - */ - public UserDatabaseFrom getUser() { - return user; - } - - /** - * @param user the user to set - */ - public void setUser(UserDatabaseFrom user) { - this.user = user; - } - - /** - * @return the useridobj - */ - public String getUseridobj() { - return useridobj; - } - - /** - * @param useridobj the useridobj to set - */ - public void setUseridobj(String useridobj) { - this.useridobj = useridobj; - } - - /** - * @return the newUser - */ - public boolean isNewUser() { - return newUser; - } - - /** - * @return the nextPage - */ - public String getNextPage() { - return nextPage; - } - - /** - * @return the stream - */ - public InputStream getStream() { - return stream; - } - - /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - + + private static final long serialVersionUID = 1L; + + private List<AuthenticatedUser> userlist = null; + private UserDatabaseFrom user = null; + + private String useridobj = null; + private static boolean newUser = false; + private InputStream stream; + private String nextPage; + private String formID; + + public String init() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + if (authUser.isAdmin()) { + + log.info("Show NewserRequests"); + + log.info("Show UserList"); + + final List<UserDatabase> dbuserlist = configuration.getUserManagement().getAllUsers(); + + if (dbuserlist != null) { + userlist = FormDataHelper.addFormUsers(dbuserlist); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name()); + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame"); + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (dbuser == null) { + return Constants.STRUTS_REAUTHENTICATE; + } + user = new UserDatabaseFrom(dbuser); + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_NOTALLOWED; + } + } + + public String createuser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + + if (authUser.isAdmin()) { + + user = new UserDatabaseFrom(); + + newUser = true; + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_SUCCESS; + + } else { + return Constants.STRUTS_NOTALLOWED; + } + } + + public String edituser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String) nextPageAttr)) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + if (authUser.isAdmin()) { + long userid = -1; + + if (!ValidationHelper.validateOAID(useridobj)) { + addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); + return Constants.STRUTS_ERROR; + } + userid = Long.valueOf(useridobj); + + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userid); + if (dbuser == null) { + log.info("No User with ID " + userid + " in Database"); + addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); + return Constants.STRUTS_ERROR; + } + user = new UserDatabaseFrom(dbuser); + + newUser = false; + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame"); + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + user = new UserDatabaseFrom(dbuser); + return Constants.STRUTS_SUCCESS; + } + } + + public String saveuser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); + + if (dbuser == null) { + dbuser = new UserDatabase(); + dbuser.setIsMandateUser(false); + dbuser.setIsAdminRequest(false); + dbuser.setIsPVP2Generated(false); + dbuser.setUserRequestTokken(null); + dbuser.setIsMailAddressVerified(false); + dbuser.setUsername(user.getUsername()); + } + + List<String> errors; + final UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); + + boolean ispvp2 = false; + boolean ismandate = false; + if (dbuser.isIsPVP2Generated() != null) { + ispvp2 = dbuser.isIsPVP2Generated(); + } + + if (dbuser.isIsMandateUser() != null) { + ismandate = dbuser.isIsMandateUser(); + } + + errors = validator.validate(user, userID, ispvp2, ismandate, request); + + if (errors.size() > 0) { + log.info("UserDataForm has some erros."); + for (final String el : errors) { + addActionError(el); + } + user.setPassword(""); + + if (MiscUtil.isEmpty(user.getUsername())) { + newUser = true; + } + + user.setIsmandateuser(ismandate); + user.setPVPGenerated(ispvp2); + if (dbuser.isIsUsernamePasswordAllowed() != null) { + user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed()); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_ERROR_VALIDATION; + } + + if (!authUser.isAdmin()) { + if (authUser.getUserID() != userID) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase Entry " + user.getUsername()); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + + } + + if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + MailHelper.sendUserMailAddressVerification(dbuser); + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); + + } catch (final ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + addActionError(LanguageHelper.getErrorString("error.mail.send", request)); + } + } + + final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String) nextPageAttr)) { + nextPage = (String) nextPageAttr; + + if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) && + user.isActive()) { + dbuser.setIsAdminRequest(false); + try { + if (dbuser.isIsMandateUser()) { + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + dbuser.getInstitut(), user.getMail()); + } else { + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + null, user.getMail()); + } + + } catch (final ConfigurationException e) { + log.warn("Send UserAccountActivation mail failed", e); + } + } + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + final String error = saveFormToDB(dbuser); + + if (error != null) { + log.warn("UserData can not be stored in Database"); + addActionError(error); + return Constants.STRUTS_SUCCESS; + } + + return Constants.STRUTS_SUCCESS; + } + + public String deleteuser() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + if (!authUser.isAdmin()) { + if (authUser.getUserID() != userID) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase Entry " + user.getUsername()); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + } + + final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String) nextPageAttr)) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); + if (dbuser != null) { + dbuser.setOaIDs(null); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + configuration.getUserManagement().delete(dbuser); + + if (authUser.isAdmin()) { + MailHelper.sendUserAccountRevocationMail(dbuser); + } + + if (dbuser.getHjid().equals(String.valueOf(authUser.getUserID()))) { + return Constants.STRUTS_REAUTHENTICATE; + } + + } catch (final MOADatabaseException e) { + log.warn("UserData can not be deleted from Database", e); + addActionError(e.getMessage()); + return Constants.STRUTS_SUCCESS; + + } catch (final ConfigurationException e) { + log.warn("Information mail sending failed.", e); + addActionError(e.getMessage()); + return Constants.STRUTS_SUCCESS; + } + + finally { + } + } + + return Constants.STRUTS_SUCCESS; + } + + public String sendVerificationMail() { + try { + populateBasicInformations(); + + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + String message = LanguageHelper.getErrorString("error.mail.send", request); + + if (authUser != null) { + final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + if (dbuser != null) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + + MailHelper.sendUserMailAddressVerification(dbuser); + + message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message", request); + + } catch (final ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + message = LanguageHelper.getErrorString("error.mail.send", request); + + } catch (final MOADatabaseException e) { + log.warn("Access UserInformationDatabase failed.", e); + } + } + } + + stream = new ByteArrayInputStream(message.getBytes()); + + return SUCCESS; + } + + private String saveFormToDB(UserDatabase dbuser) { + + dbuser.setMail(user.getMail()); + dbuser.setPhone(user.getPhone()); + + if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) { + dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed()); + + if (authUser.isAdmin()) { + dbuser.setIsActive(user.isActive()); + dbuser.setIsAdmin(user.isAdmin()); + + } + } + + if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) { + dbuser.setFamilyname(user.getFamilyName()); + dbuser.setGivenname(user.getGivenName()); + dbuser.setInstitut(user.getInstitut()); + + if (authUser.isAdmin()) { + dbuser.setBpk(user.getBpk()); + if (user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_FN) || + user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_ZVR) || + user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_ERSB)) { + dbuser.setIsMandateUser(true); + } + } + + } else { + if (!dbuser.isIsMandateUser()) { + dbuser.setInstitut(user.getInstitut()); + } + } + + if (dbuser.isIsUsernamePasswordAllowed()) { + + if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) { + dbuser.setUsername(user.getUsername()); + } + + if (MiscUtil.isNotEmpty(user.getPassword())) { + final String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); + if (key == null) { + return LanguageHelper.getErrorString("errors.edit.user.save", request); + } + dbuser.setPassword(key); + } + } + + try { + configuration.getUserManagement().saveOrUpdate(dbuser); + } catch (final MOADatabaseException e) { + log.warn("User information can not be stored in Database.", e); + return LanguageHelper.getErrorString("errors.edit.user.save", request); + } + + return null; + } + + /** + * @return the userlist + */ + public List<AuthenticatedUser> getUserlist() { + return userlist; + } + + /** + * @param userlist the userlist to set + */ + public void setUserlist(List<AuthenticatedUser> userlist) { + this.userlist = userlist; + } + + /** + * @return the user + */ + public UserDatabaseFrom getUser() { + return user; + } + + /** + * @param user the user to set + */ + public void setUser(UserDatabaseFrom user) { + this.user = user; + } + + /** + * @return the useridobj + */ + public String getUseridobj() { + return useridobj; + } + + /** + * @param useridobj the useridobj to set + */ + public void setUseridobj(String useridobj) { + this.useridobj = useridobj; + } + + /** + * @return the newUser + */ + public boolean isNewUser() { + return newUser; + } + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } + + /** + * @return the formID + */ + @Override + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + @Override + public void setFormID(String formID) { + this.formID = formID; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java index c00eb46a5..5f03d89c1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java @@ -39,37 +39,36 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; */ public class VIDPAction extends InterfederationIDPAction { - private static final long serialVersionUID = 1981465294474566533L; + private static final long serialVersionUID = 1981465294474566533L; + + public VIDPAction() { + super(); + formList.putAll(buildVIDPFormList()); + } + + /** + * @return + * + */ + public static LinkedHashMap<String, IOnlineApplicationData> buildVIDPFormList() { + final LinkedHashMap<String, IOnlineApplicationData> forms = + new LinkedHashMap<>(); + + final OATargetConfiguration oaTarget = new OATargetConfiguration(); + forms.put(oaTarget.getName(), oaTarget); + + final OAAuthenticationData authOA = new OAAuthenticationData(); + forms.put(authOA.getName(), authOA); + + final OASTORKConfig storkOA = new OASTORKConfig(); + forms.put(storkOA.getName(), storkOA); + + final Map<String, String> map = new HashMap<>(); + map.putAll(FormBuildUtils.getDefaultMap()); + final FormularCustomization formOA = new FormularCustomization(map); + forms.put(formOA.getName(), formOA); + + return forms; + } - - public VIDPAction() { - super(); - formList.putAll(buildVIDPFormList()); - } - - /** - * @return - * - */ - public static LinkedHashMap<String, IOnlineApplicationData> buildVIDPFormList() { - LinkedHashMap<String, IOnlineApplicationData> forms = - new LinkedHashMap<String, IOnlineApplicationData>(); - - OATargetConfiguration oaTarget = new OATargetConfiguration(); - forms.put(oaTarget.getName(), oaTarget); - - OAAuthenticationData authOA = new OAAuthenticationData(); - forms.put(authOA.getName(), authOA); - - OASTORKConfig storkOA = new OASTORKConfig(); - forms.put(storkOA.getName(), storkOA); - - Map<String, String> map = new HashMap<String, String>(); - map.putAll(FormBuildUtils.getDefaultMap()); - FormularCustomization formOA = new FormularCustomization(map); - forms.put(formOA.getName(), formOA); - - return forms; - } - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java index 08cd7c59d..e26e67196 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java @@ -33,47 +33,51 @@ import at.gv.egovernment.moa.logging.Logger; */ public class ConfigurationEncryptionUtils extends AbstractEncrytionUtil { - private static ConfigurationEncryptionUtils instance = null; - private static String key = null; - - public static ConfigurationEncryptionUtils getInstance() { - if (instance == null) { - try { - key = ConfigurationProvider.getInstance().getConfigurationEncryptionKey(); - instance = new ConfigurationEncryptionUtils(); - - } catch (Exception e) { - Logger.warn("MOAConfiguration encryption initialization FAILED.", e); - - } - } - return instance; - } - - /** - * @throws DatabaseEncryptionException - */ - public ConfigurationEncryptionUtils() throws DatabaseEncryptionException { - super(); - - } + private static ConfigurationEncryptionUtils instance = null; + private static String key = null; - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt() - */ - @Override - protected String getSalt() { - return "Configuration-Salt"; - - } + public static ConfigurationEncryptionUtils getInstance() { + if (instance == null) { + try { + key = ConfigurationProvider.getInstance().getConfigurationEncryptionKey(); + instance = new ConfigurationEncryptionUtils(); - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey() - */ - @Override - protected String getKey() { - return key; - - } + } catch (final Exception e) { + Logger.warn("MOAConfiguration encryption initialization FAILED.", e); + + } + } + return instance; + } + + /** + * @throws DatabaseEncryptionException + */ + public ConfigurationEncryptionUtils() throws DatabaseEncryptionException { + super(); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt() + */ + @Override + protected String getSalt() { + return "Configuration-Salt"; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey() + */ + @Override + protected String getKey() { + return key; + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java index eca4c05ef..c4a9894ca 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java @@ -32,7 +32,6 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; -import org.opensaml.Configuration; import org.opensaml.xml.XMLObject; import org.opensaml.xml.XMLObjectBuilder; import org.opensaml.xml.XMLObjectBuilderFactory; @@ -41,59 +40,59 @@ import org.opensaml.xml.io.MarshallingException; public class SAML2Utils { - static { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - factory.setValidating(false); - try { - builder = factory.newDocumentBuilder(); - } catch (ParserConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } + static { + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + factory.setValidating(false); + try { + builder = factory.newDocumentBuilder(); + } catch (final ParserConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } - private static DocumentBuilder builder; + private static DocumentBuilder builder; - public static <T> T createSAMLObject(final Class<T> clazz) { - try { + public static <T> T createSAMLObject(final Class<T> clazz) { + try { - XMLObjectBuilderFactory builderFactory = Configuration - .getBuilderFactory(); + final XMLObjectBuilderFactory builderFactory = org.opensaml.xml.Configuration + .getBuilderFactory(); - QName defaultElementName = (QName) clazz.getDeclaredField( - "DEFAULT_ELEMENT_NAME").get(null); - Map<QName, XMLObjectBuilder> builder = builderFactory.getBuilders(); - Iterator<QName> it = builder.keySet().iterator(); + final QName defaultElementName = (QName) clazz.getDeclaredField( + "DEFAULT_ELEMENT_NAME").get(null); + final Map<QName, XMLObjectBuilder> builder = builderFactory.getBuilders(); + final Iterator<QName> it = builder.keySet().iterator(); - while (it.hasNext()) { - QName qname = it.next(); - if (qname.equals(defaultElementName)) { - System.out.printf("Builder for: %s\n", qname.toString()); - } - } - XMLObjectBuilder xmlBuilder = builderFactory - .getBuilder(defaultElementName); - - T object = (T) xmlBuilder.buildObject(defaultElementName); - return object; - } catch (Throwable e) { - System.out.printf("Failed to create object for: %s\n", - clazz.toString()); - e.printStackTrace(); - return null; - } - } + while (it.hasNext()) { + final QName qname = it.next(); + if (qname.equals(defaultElementName)) { + System.out.printf("Builder for: %s\n", qname.toString()); + } + } + final XMLObjectBuilder xmlBuilder = builderFactory + .getBuilder(defaultElementName); + + final T object = (T) xmlBuilder.buildObject(defaultElementName); + return object; + } catch (final Throwable e) { + System.out.printf("Failed to create object for: %s\n", + clazz.toString()); + e.printStackTrace(); + return null; + } + } + + public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException { + final org.w3c.dom.Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + } - public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException, - MarshallingException, TransformerException { - org.w3c.dom.Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller( - object); - out.marshall(object, document); - return document; - } - // public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() throws ConfigurationException { // MetadataCredentialResolver resolver; // @@ -113,7 +112,5 @@ public class SAML2Utils { // return engine; // // } - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java index 5f55a61d5..a78de7362 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java @@ -26,68 +26,66 @@ import java.util.Calendar; import java.util.Date; import java.util.List; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.auth.AuthenticationManager; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class UserRequestCleaner implements Runnable { - private static final Logger log = Logger.getLogger(UserRequestCleaner.class); - - private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min - - public void run() { - while (true) { - try { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - - //clean up user request storage - List<UserDatabase> userrequests = config.getUserManagement().getAllOpenUsersRequests(); - if (userrequests != null) { - Calendar cal = Calendar.getInstance(); - cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay()*-1); - Date cleanupdate = cal.getTime(); - - for(UserDatabase dbuser : userrequests) { - Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); - - if (requestdate != null && requestdate.after(cleanupdate)) { - log.info("Remove UserRequest from Database"); - config.getUserManagement().delete(dbuser); - } - - } - } - - //clean up active user storage - AuthenticationManager.getInstance().removeAllUsersAfterTimeOut(); - - Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); - - } catch (ConfigurationException e) { - log.info("UserRequestCleaner can not load configuration", e); - - } catch (InterruptedException e) { - - } - } - } - - /** - * start the sessionCleaner - */ - public static void start() { - // start the session cleanup thread - Thread sessionCleaner = new Thread(new UserRequestCleaner()); - sessionCleaner.setName("UserRequestCleaner"); - sessionCleaner.setDaemon(true); - sessionCleaner.setPriority(Thread.MIN_PRIORITY); - sessionCleaner.start(); - } - + private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min + + @Override + public void run() { + while (true) { + try { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + + // clean up user request storage + final List<UserDatabase> userrequests = config.getUserManagement().getAllOpenUsersRequests(); + if (userrequests != null) { + final Calendar cal = Calendar.getInstance(); + cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay() * -1); + final Date cleanupdate = cal.getTime(); + + for (final UserDatabase dbuser : userrequests) { + final Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + + if (requestdate != null && requestdate.after(cleanupdate)) { + log.info("Remove UserRequest from Database"); + config.getUserManagement().delete(dbuser); + } + + } + } + + // clean up active user storage + AuthenticationManager.getInstance().removeAllUsersAfterTimeOut(); + + Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); + + } catch (final ConfigurationException e) { + log.info("UserRequestCleaner can not load configuration", e); + + } catch (final InterruptedException e) { + + } + } + } + + /** + * start the sessionCleaner + */ + public static void start() { + // start the session cleanup thread + final Thread sessionCleaner = new Thread(new UserRequestCleaner()); + sessionCleaner.setName("UserRequestCleaner"); + sessionCleaner.setDaemon(true); + sessionCleaner.setPriority(Thread.MIN_PRIORITY); + sessionCleaner.start(); + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java index b96b1e4b0..cbba90a6b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java @@ -28,51 +28,53 @@ import at.gv.egovernment.moa.id.configuration.Constants; public class CompanyNumberValidator implements IdentificationNumberValidator { - public boolean validate(String commercialRegisterNumber) { - - String normalizedNumber = commercialRegisterNumber.replaceAll(" ", ""); - if(normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN)) - normalizedNumber = normalizedNumber.substring(2); - - return checkCommercialRegisterNumber(normalizedNumber); - } + @Override + public boolean validate(String commercialRegisterNumber) { - private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) { - if (commercialRegisterNumber == null) { - return false; - } - commercialRegisterNumber = StringUtils.leftPad(commercialRegisterNumber, 7, - '0'); - if (!commercialRegisterNumber.matches("\\d{6}[abdfghikmpstvwxzy]")) { - return false; - } - String digits = commercialRegisterNumber.substring(0, - commercialRegisterNumber.length() - 1); - char checkDigit = commercialRegisterNumber.charAt(commercialRegisterNumber - .length() - 1); - boolean result = calcCheckDigitFromCommercialRegisterNumber(digits) == checkDigit; - return result; - } + String normalizedNumber = commercialRegisterNumber.replaceAll(" ", ""); + if (normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + normalizedNumber = normalizedNumber.substring(2); + } - public static char calcCheckDigitFromCommercialRegisterNumber( - String commercialRegisterDigits) { - final int[] WEIGHT = { 6, 4, 14, 15, 10, 1 }; - final char[] CHECKDIGIT = { 'a', 'b', 'd', 'f', 'g', 'h', 'i', 'k', 'm', - 'p', 's', 't', 'v', 'w', 'x', 'y', 'z' }; - if (commercialRegisterDigits == null) { - throw new NullPointerException("Commercial register number missing."); - } - commercialRegisterDigits = StringUtils.leftPad(commercialRegisterDigits, 6, - '0'); - if (!commercialRegisterDigits.matches("\\d{6}")) { - throw new IllegalArgumentException( - "Invalid commercial register number provided."); - } - int sum = 0; - for (int i = 0; i < commercialRegisterDigits.length(); i++) { - int value = commercialRegisterDigits.charAt(i) - '0'; - sum += WEIGHT[i] * value; - } - return CHECKDIGIT[sum % 17]; - } + return checkCommercialRegisterNumber(normalizedNumber); + } + + private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) { + if (commercialRegisterNumber == null) { + return false; + } + commercialRegisterNumber = StringUtils.leftPad(commercialRegisterNumber, 7, + '0'); + if (!commercialRegisterNumber.matches("\\d{6}[abdfghikmpstvwxzy]")) { + return false; + } + final String digits = commercialRegisterNumber.substring(0, + commercialRegisterNumber.length() - 1); + final char checkDigit = commercialRegisterNumber.charAt(commercialRegisterNumber + .length() - 1); + final boolean result = calcCheckDigitFromCommercialRegisterNumber(digits) == checkDigit; + return result; + } + + public static char calcCheckDigitFromCommercialRegisterNumber( + String commercialRegisterDigits) { + final int[] WEIGHT = { 6, 4, 14, 15, 10, 1 }; + final char[] CHECKDIGIT = { 'a', 'b', 'd', 'f', 'g', 'h', 'i', 'k', 'm', + 'p', 's', 't', 'v', 'w', 'x', 'y', 'z' }; + if (commercialRegisterDigits == null) { + throw new NullPointerException("Commercial register number missing."); + } + commercialRegisterDigits = StringUtils.leftPad(commercialRegisterDigits, 6, + '0'); + if (!commercialRegisterDigits.matches("\\d{6}")) { + throw new IllegalArgumentException( + "Invalid commercial register number provided."); + } + int sum = 0; + for (int i = 0; i < commercialRegisterDigits.length(); i++) { + final int value = commercialRegisterDigits.charAt(i) - '0'; + sum += WEIGHT[i] * value; + } + return CHECKDIGIT[sum % 17]; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java index 4ef4bc762..318492e66 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java @@ -27,149 +27,155 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class FormularCustomizationValitator { - - private static final Logger log = Logger.getLogger(FormularCustomizationValitator.class); - - public List<String> validate(FormularCustomization form, HttpServletRequest request) { - - List<String> errors = new ArrayList<String>(); - String check; - - if (form.isOnlyMandateAllowed() && !form.isShowMandateLoginButton()) { - log.warn("OnlyMandateAllowed in combination with hidden MandateLoginCheckbox is not possible."); - errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.combination", request)); - } - - check = form.getBackGroundColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.color.background", request)); - } - } - - check = form.getFrontColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("BKUSelectionFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.color.front", request)); - } - } - - check = form.getHeader_BackGroundColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("HeaderBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.back", request)); - } - } - - check = form.getHeader_FrontColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("HeaderFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.front", request)); - } - } - - check = form.getHeader_text(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("HeaderText contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.header.text", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getButton_BackGroundColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("ButtonBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back", request)); - } - } - - check = form.getButton_BackGroundColorFocus(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back.focus", request)); - } - } - - check = form.getButton_FrontColor(); - if (MiscUtil.isNotEmpty(check)) { - if (!check.startsWith("#")) - check = "#" + check; - - if (!ValidationHelper.isValidHexValue(check)) { - log.warn("ButtonFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.front", request)); - } - } - - check = form.getAppletRedirectTarget(); - if (MiscUtil.isNotEmpty(check)) { - if (!FormularCustomization.appletRedirectTargetList.contains(check)) { - log.warn("AppletRedirectTarget has not valid value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.appletredirecttarget", request)); - } - } - - check = form.getFontType(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.warn("FontType contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - check = form.getApplet_height(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("Applet height "+ check + " is no valid number"); - errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - check = form.getApplet_width(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("Applet width "+ check + " is no valid number"); - errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - return errors; - - } + + public List<String> validate(FormularCustomization form, HttpServletRequest request) { + + final List<String> errors = new ArrayList<>(); + String check; + + if (form.isOnlyMandateAllowed() && !form.isShowMandateLoginButton()) { + log.warn("OnlyMandateAllowed in combination with hidden MandateLoginCheckbox is not possible."); + errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.combination", + request)); + } + + check = form.getBackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.color.background", request)); + } + } + + check = form.getFrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.color.front", request)); + } + } + + check = form.getHeader_BackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.back", request)); + } + } + + check = form.getHeader_FrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.front", request)); + } + } + + check = form.getHeader_text(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("HeaderText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.text", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getButton_BackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back", request)); + } + } + + check = form.getButton_BackGroundColorFocus(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back.focus", request)); + } + } + + check = form.getButton_FrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) { + check = "#" + check; + } + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.front", request)); + } + } + + check = form.getAppletRedirectTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!FormularCustomization.appletRedirectTargetList.contains(check)) { + log.warn("AppletRedirectTarget has not valid value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.appletredirecttarget", request)); + } + } + + check = form.getFontType(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, true)) { + log.warn("FontType contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + check = form.getApplet_height(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet height " + check + " is no valid number"); + errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + check = form.getApplet_width(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet width " + check + " is no valid number"); + errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + return errors; + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java index d66c0da3a..84993f464 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java @@ -24,6 +24,6 @@ package at.gv.egovernment.moa.id.configuration.validation; public interface IdentificationNumberValidator { - boolean validate(String idNumber); - + boolean validate(String idNumber); + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java index f0594c38d..13708c257 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -27,8 +27,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; @@ -38,163 +36,161 @@ import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class UserDatabaseFormValidator { - private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class); - - public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, - boolean isMandateUser, HttpServletRequest request) { - List<String> errors = new ArrayList<String>(); - - String check = null; - FileBasedUserConfiguration newConfigRead = null; - try { - newConfigRead = ConfigurationProvider.getInstance().getUserManagement(); - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - errors.add("Internal Server Error"); - return errors; - - } - - if (!isPVP2Generated) { - check = form.getGivenName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("GivenName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("GivenName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request)); - } - - - check = form.getFamilyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("FamilyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("FamilyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request)); - } - } - - if (!isMandateUser) { - check = form.getInstitut(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Organisation contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Organisation is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); - } - } - - check = form.getMail(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isEmailAddressFormat(check)) { - log.warn("Mailaddress is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Mailaddress is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); - } - - check = form.getPhone(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Phonenumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } else { - log.warn("Phonenumber is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); - } - - if (form.isIsusernamepasswordallowed()) { - check = form.getUsername(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Username contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - - } else { - UserDatabase dbuser = newConfigRead.getUserWithUserName(check); - if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID ))) { - log.warn("Username " + check + " exists in UserDatabase"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request)); - form.setUsername(""); - } - } - } else { - if (userID == -1) { - log.warn("Username is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); - } else { - UserDatabase dbuser = newConfigRead.getUserWithID(userID); - if (dbuser == null) { - log.warn("Username is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); - } else { - form.setUsername(dbuser.getUsername()); - } - } - } - - check = form.getPassword(); - - if (MiscUtil.isEmpty(check)) { - if (userID == -1) { - log.warn("Password is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); - } else { - UserDatabase dbuser = newConfigRead.getUserWithID(userID); - if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { - log.warn("Password is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); - } - } - - } else { - - if (check.equals(form.getPassword_second())) { - - String key = AuthenticationHelper.generateKeyFormPassword(check); - if (key == null) { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); - } - - } - else { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request)); - } - } - } - - check = form.getBpk(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.warn("BPK contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", - new Object[] {ValidationHelper.getNotValidIdentityLinkSignerCharacters()}, request )); - } - } - - return errors; - - } + public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, + boolean isMandateUser, HttpServletRequest request) { + final List<String> errors = new ArrayList<>(); + + String check = null; + FileBasedUserConfiguration newConfigRead = null; + try { + newConfigRead = ConfigurationProvider.getInstance().getUserManagement(); + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + errors.add("Internal Server Error"); + return errors; + + } + + if (!isPVP2Generated) { + check = form.getGivenName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("GivenName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("GivenName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request)); + } + + check = form.getFamilyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("FamilyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("FamilyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request)); + } + } + + if (!isMandateUser) { + check = form.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Organisation is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); + } + } + + check = form.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + log.warn("Mailaddress is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Mailaddress is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); + } + + check = form.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Phonenumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } else { + log.warn("Phonenumber is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); + } + + if (form.isIsusernamepasswordallowed()) { + check = form.getUsername(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("Username contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + + } else { + final UserDatabase dbuser = newConfigRead.getUserWithUserName(check); + if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID))) { + log.warn("Username " + check + " exists in UserDatabase"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request)); + form.setUsername(""); + } + } + } else { + if (userID == -1) { + log.warn("Username is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); + } else { + final UserDatabase dbuser = newConfigRead.getUserWithID(userID); + if (dbuser == null) { + log.warn("Username is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); + } else { + form.setUsername(dbuser.getUsername()); + } + } + } + + check = form.getPassword(); + + if (MiscUtil.isEmpty(check)) { + if (userID == -1) { + log.warn("Password is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); + } else { + final UserDatabase dbuser = newConfigRead.getUserWithID(userID); + if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { + log.warn("Password is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); + } + } + + } else { + + if (check.equals(form.getPassword_second())) { + + final String key = AuthenticationHelper.generateKeyFormPassword(check); + if (key == null) { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); + } + + } else { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request)); + } + } + } + + check = form.getBpk(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.warn("BPK contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", + new Object[] { ValidationHelper.getNotValidIdentityLinkSignerCharacters() }, request)); + } + } + + return errors; + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 247004b75..62d53ab56 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -32,7 +32,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; @@ -41,114 +40,115 @@ import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class MOAConfigValidator { - private static final Logger log = Logger.getLogger(MOAConfigValidator.class); - - public List<String> validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) { - - List<String> errors = new ArrayList<String>(); - - log.debug("Validate general MOA configuration"); - - - String check = form.getSaml1SourceID(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("SAML1 SourceID contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPublicURLPrefix(); - if (MiscUtil.isNotEmpty(check)) { - String[] publicURLPreFix = check.split(","); - if (form.isVirtualPublicURLPrefixEnabled()) { - for (String el : publicURLPreFix) { - if (!ValidationHelper.validateURL( - StringUtils.chomp(el.trim()))) { - log.info("Public URL Prefix " + el + " is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}, request)); - } - } - - } else { - if (!ValidationHelper.validateURL( - StringUtils.chomp(publicURLPreFix[0].trim()))) { - log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{publicURLPreFix[0]}, request)); - - } - - } - } else { - log.info("PublicURL Prefix is empty."); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); - } - - check = form.getTimeoutAssertion(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("Assertion Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - check = form.getTimeoutMOASessionCreated(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("MOASessionCreated Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - check = form.getTimeoutMOASessionUpdated(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("MOASessionUpdated Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - + public List<String> validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) { + + final List<String> errors = new ArrayList<>(); + + log.debug("Validate general MOA configuration"); + + String check = form.getSaml1SourceID(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("SAML1 SourceID contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPublicURLPrefix(); + if (MiscUtil.isNotEmpty(check)) { + final String[] publicURLPreFix = check.split(","); + if (form.isVirtualPublicURLPrefixEnabled()) { + for (final String el : publicURLPreFix) { + if (!ValidationHelper.validateURL( + StringUtils.chomp(el.trim()))) { + log.info("Public URL Prefix " + el + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", + new Object[] { el }, request)); + } + } + + } else { + if (!ValidationHelper.validateURL( + StringUtils.chomp(publicURLPreFix[0].trim()))) { + log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[] { + publicURLPreFix[0] }, request)); + + } + + } + } else { + log.info("PublicURL Prefix is empty."); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); + } + + check = form.getTimeoutAssertion(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Assertion Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + check = form.getTimeoutMOASessionCreated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionCreated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + check = form.getTimeoutMOASessionUpdated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionUpdated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + // check = form.getCertStoreDirectory(); // if (MiscUtil.isNotEmpty(check)) { // if (ValidationHelper.isValidOAIdentifier(check)) { // log.warn("CertStoreDirectory contains potentail XSS characters: " + check); -// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", +// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", // new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); // } // } else { // log.info("CertStoreDirectory is empty."); // errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request)); // } - - check = form.getDefaultBKUHandy(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); - } - } - - check = form.getDefaultBKULocal(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); - } - } - - check = form.getDefaultBKUOnline(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); - } - } - + + check = form.getDefaultBKUHandy(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); + } + } + + check = form.getDefaultBKULocal(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); + } + } + + check = form.getDefaultBKUOnline(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); + } + } + // check = form.getDefaultchainigmode(); // if (MiscUtil.isEmpty(check)) { // log.info("Empty Defaultchainigmode"); @@ -160,166 +160,169 @@ public class MOAConfigValidator { // errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid", request)); // } // } - - check = form.getMandateURL(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - String[] misURLs = check.split(","); - for (String el : misURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getElgaMandateServiceURL(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - String[] elgaServiceURLs = check.split(","); - for (String el : elgaServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getEidSystemServiceURL(); - if (MiscUtil.isNotEmpty(check)) { - String[] eidServiceURLs = check.split(","); - for (String el : eidServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid E-ID System Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getMoaspssAuthTransformations(); - List<String> authtranslist = new ArrayList<String>(); - if (isMOAIDMode) { - if (MiscUtil.isEmpty(check)) { - log.info("Empty MoaspssAuthTransformation"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request)); - } else { - - //is only required if more then one transformation is in use - // check = StringHelper.formatText(check); - // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); - // int i=1; - // for(String el : list) { - // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { - // log.info("IdentityLinkSigners is not valid: " + el); - // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", - // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); - // - // } else { - // if (MiscUtil.isNotEmpty(el.trim())) - // authtranslist.add(el.trim()); - // } - // i++; - // } - authtranslist.add(check.trim()); - } - } - form.setAuthTransformList(authtranslist); - - if (isMOAIDMode) { - check = form.getMoaspssAuthTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssIdlTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssAuthTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssIdlTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - - check = form.getMoaspssURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid MOA-SP/SS Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); - } - } - } - - check = form.getPvp2IssuerName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 IssuerName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgDisplayName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 organisation display name is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 organisation name is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("PVP2 organisation URL is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request)); - } - } - + + check = form.getMandateURL(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + final String[] misURLs = check.split(","); + for (final String el : misURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getElgaMandateServiceURL(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + final String[] elgaServiceURLs = check.split(","); + for (final String el : elgaServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getEidSystemServiceURL(); + if (MiscUtil.isNotEmpty(check)) { + final String[] eidServiceURLs = check.split(","); + for (final String el : eidServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid E-ID System Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getMoaspssAuthTransformations(); + final List<String> authtranslist = new ArrayList<>(); + if (isMOAIDMode) { + if (MiscUtil.isEmpty(check)) { + log.info("Empty MoaspssAuthTransformation"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", + request)); + } else { + + // is only required if more then one transformation is in use + // check = StringHelper.formatText(check); + // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); + // int i=1; + // for(String el : list) { + // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { + // log.info("IdentityLinkSigners is not valid: " + el); + // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", + // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); + // + // } else { + // if (MiscUtil.isNotEmpty(el.trim())) + // authtranslist.add(el.trim()); + // } + // i++; + // } + authtranslist.add(check.trim()); + } + } + form.setAuthTransformList(authtranslist); + + if (isMOAIDMode) { + check = form.getMoaspssAuthTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Authblock TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssIdlTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("IdentityLink TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssAuthTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-Authblock TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssIdlTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-IdentityLink TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MOA-SP/SS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); + } + } + } + + check = form.getPvp2IssuerName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 IssuerName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgDisplayName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 organisation display name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 organisation name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("PVP2 organisation URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request)); + } + } + // check = form.getPvp2PublicUrlPrefix(); // if (MiscUtil.isNotEmpty(check)) { // if (!ValidationHelper.validateURL(check)) { @@ -327,175 +330,175 @@ public class MOAConfigValidator { // errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.serviceurl.valid")); // } // } - - if (isMOAIDMode) { - check = form.getSLRequestTemplateHandy(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Handy-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Handy-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); - } - } - - check = form.getSLRequestTemplateLocal(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate local BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate local BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); - } - } - - check = form.getSLRequestTemplateOnline(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Online-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Online-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); - } - } - - check = form.getSsoFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("SSO friendlyname is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - // check = form.getSsoIdentificationNumber(); - // if (MiscUtil.isNotEmpty(check)) { - // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - // log.info("SSO IdentificationNumber is not valid: " + check); - // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", - // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - // } - // } - - // check = form.getSsoPublicUrl(); - // if (MiscUtil.isNotEmpty(check)) { - // if (!ValidationHelper.validateURL(check)) { - // log.info("SSO Public URL is not valid"); - // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); - // } - // } - - check = form.getSsoSpecialText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.info("SSO SpecialText is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", - new Object[] {ValidationHelper.getNotValidCharacter(true)} , request)); - } - } - - check = form.getSsoTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SSO Target"); - //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request)); - - } else { - if (!ValidationHelper.isValidAdminTarget(check)) { - - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - - String num = check.replaceAll(" ", ""); - - if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || - num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || - num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) { - - log.info("Not valid SSO Target"); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); - } - - } - } - - check = form.getSzrgwURL(); - if (MiscUtil.isNotEmpty(check)) { - String[] szrGWServiceURLs = check.split(","); - for (String el : szrGWServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", - new Object[]{el}, request)); - } - } - } - } - - check = form.getTrustedCACerts(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty TrustCACerts Directory"); - errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty", request)); - - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("Not valid TrustCACerts Directory"); - errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - - - if (isMOAIDMode) { - if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { - HashMap<String, byte[]> map = new HashMap<String, byte[]>(); - for (int i=0; i<form.getFileUploadFileName().size(); i++) { - String filename = form.getFileUploadFileName().get(i); - - if (MiscUtil.isNotEmpty(filename)) { - if (ValidationHelper.containsNotValidCharacter(filename, false)) { - log.info("SL Transformation Filename is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", request)); - - } else { - try { - File file = form.getFileUpload().get(i); - FileInputStream stream = new FileInputStream(file); - map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); - - } catch (IOException e) { - log.info("SecurtiyLayerTransformation with FileName " - + filename +" can not be loaded." , e); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", - new Object[] {filename}, request )); - } - } - } - } - - form.setSecLayerTransformation(map); - - } else { - if (form.getSecLayerTransformation() == null) { - log.info("AuthBlock Transformation file is empty"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request)); - - } - } - } - - - ContactForm contact = form.getPvp2Contact(); - if (contact != null) { - PVP2ContactValidator pvp2validator = new PVP2ContactValidator(); - errors.addAll(pvp2validator.validate(contact, request)); - } - - return errors; - } + + if (isMOAIDMode) { + check = form.getSLRequestTemplateHandy(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Handy-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate Handy-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); + } + } + + check = form.getSLRequestTemplateLocal(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate local BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate local BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); + } + } + + check = form.getSLRequestTemplateOnline(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Online-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate Online-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); + } + } + + check = form.getSsoFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("SSO friendlyname is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + // check = form.getSsoIdentificationNumber(); + // if (MiscUtil.isNotEmpty(check)) { + // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + // log.info("SSO IdentificationNumber is not valid: " + check); + // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", + // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + // } + // } + + // check = form.getSsoPublicUrl(); + // if (MiscUtil.isNotEmpty(check)) { + // if (!ValidationHelper.validateURL(check)) { + // log.info("SSO Public URL is not valid"); + // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); + // } + // } + + check = form.getSsoSpecialText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, true)) { + log.info("SSO SpecialText is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + check = form.getSsoTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SSO Target"); + // errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", + // request)); + + } else { + if (!ValidationHelper.isValidAdminTarget(check)) { + + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + + final String num = check.replaceAll(" ", ""); + + if (!(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || + num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || + num.startsWith(Constants.IDENIFICATIONTYPE_ERSB))) { + + log.info("Not valid SSO Target"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); + } + + } + } + + check = form.getSzrgwURL(); + if (MiscUtil.isNotEmpty(check)) { + final String[] szrGWServiceURLs = check.split(","); + for (final String el : szrGWServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", + new Object[] { el }, request)); + } + } + } + } + + check = form.getTrustedCACerts(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty TrustCACerts Directory"); + errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty", request)); + + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("Not valid TrustCACerts Directory"); + errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + + if (isMOAIDMode) { + if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { + final HashMap<String, byte[]> map = new HashMap<>(); + for (int i = 0; i < form.getFileUploadFileName().size(); i++) { + final String filename = form.getFileUploadFileName().get(i); + + if (MiscUtil.isNotEmpty(filename)) { + if (ValidationHelper.containsNotValidCharacter(filename, false)) { + log.info("SL Transformation Filename is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", + request)); + + } else { + try { + final File file = form.getFileUpload().get(i); + final FileInputStream stream = new FileInputStream(file); + map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); + + } catch (final IOException e) { + log.info("SecurtiyLayerTransformation with FileName " + + filename + " can not be loaded.", e); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", + new Object[] { filename }, request)); + } + } + } + } + + form.setSecLayerTransformation(map); + + } else { + if (form.getSecLayerTransformation() == null) { + log.info("AuthBlock Transformation file is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request)); + + } + } + } + + final ContactForm contact = form.getPvp2Contact(); + if (contact != null) { + final PVP2ContactValidator pvp2validator = new PVP2ContactValidator(); + errors.addAll(pvp2validator.validate(contact, request)); + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java index f7edbee71..f6deb6b09 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java @@ -28,76 +28,76 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class PVP2ContactValidator { - public static final List<String> AllowedTypes= Arrays.asList( - "technical", - "support", - "administrative", - "billing", - "other"); - - private static final Logger log = Logger.getLogger(PVP2ContactValidator.class); - - public List<String >validate(ContactForm contact, HttpServletRequest request) { - List<String> errors = new ArrayList<String>(); - - String check = contact.getCompany(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: Company is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getGivenname(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: GivenName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getSurname(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: SureName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getType(); - if (MiscUtil.isNotEmpty(check)) { - if (!AllowedTypes.contains(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid", request)); - } - } - - check = contact.getMail(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isEmailAddressFormat(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid", request)); - } - } - - check = contact.getPhone(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validatePhoneNumber(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid", request)); - } - } - - return errors; - } + public static final List<String> AllowedTypes = Arrays.asList( + "technical", + "support", + "administrative", + "billing", + "other"); + + public List<String> validate(ContactForm contact, HttpServletRequest request) { + final List<String> errors = new ArrayList<>(); + + String check = contact.getCompany(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: Company is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getGivenname(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: GivenName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getSurname(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: SureName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getType(); + if (MiscUtil.isNotEmpty(check)) { + if (!AllowedTypes.contains(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid", + request)); + } + } + + check = contact.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid", + request)); + } + } + + check = contact.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validatePhoneNumber(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid", + request)); + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 41fce8e60..088e377b4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -5,8 +5,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; @@ -14,108 +12,117 @@ import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class StorkConfigValidator { - private static final Logger log = Logger.getLogger(StorkConfigValidator.class); + public List<String> validate(GeneralStorkConfig form, HttpServletRequest request) { - public List<String> validate(GeneralStorkConfig form, HttpServletRequest request) { + final List<String> errors = new ArrayList<>(); - List<String> errors = new ArrayList<String>(); + log.debug("Validate general STORK configuration"); - log.debug("Validate general STORK configuration"); + // check peps list - // check peps list - // if (form.getCpepslist() != null) { // for(CPEPS current : form.getCpepslist()) { - if (form.getRawCPEPSList() != null) { - for(CPEPS current : form.getRawCPEPSList()) { - // if an existing record got deleted - if(null == current) - continue; - - // check country code - String check = current.getCountryCode(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - if(!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) { - log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {check}, request )); - } - - // check url - check = current.getURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("CPEPS config URL is invalid : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request)); - } - } else { - log.warn("CPEPS config url is empty : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {check}, request )); - } - - } else { - log.warn("CPEPS config countrycode is empty : " + check); + if (form.getRawCPEPSList() != null) { + for (final CPEPS current : form.getRawCPEPSList()) { + // if an existing record got deleted + if (null == current) { + continue; + } + + // check country code + String check = current.getCountryCode(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + if (!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) { + log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] { check }, request)); + } + + // check url + check = current.getURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("CPEPS config URL is invalid : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request)); + } + } else { + log.warn("CPEPS config url is empty : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] { check }, request)); + } + + } else { + log.warn("CPEPS config countrycode is empty : " + check); // errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", // new Object[] {check}, request )); - } - - } - - if (form.getCpepslist() != null) { - // ensure uniqueness of country code - for (CPEPS one : form.getCpepslist()) - for (CPEPS another : form.getCpepslist()) - if (null != one && null != another && one.getCountryCode() != null) - if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) { - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request)); - break; - } - } - } - - // check qaa - String qaa = form.getDefaultQaa(); - if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { - log.warn("eIDAS LoA is not allowed : " + qaa); - errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", - new Object[] {qaa}, request )); - } - - // check attributes - if (MiscUtil.isNotEmpty(form.getAttributes())) { - for(StorkAttribute check : form.getAttributes()) { - if (check != null && MiscUtil.isNotEmpty(check.getName())) { - String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI? - if (ValidationHelper.containsNotValidCharacter(tmp, true)) { - log.warn("default attributes contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) { - log.warn("default attributes do not match the requested format : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {check}, request )); - } - - } - } - - //TODO: STORK attributes check if no attribute is set + } + + } + + if (form.getCpepslist() != null) { + // ensure uniqueness of country code + for (final CPEPS one : form.getCpepslist()) { + for (final CPEPS another : form.getCpepslist()) { + if (null != one && null != another && one.getCountryCode() != null) { + if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) { + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request)); + break; + } + } + } + } + } + } + + // check qaa + final String qaa = form.getDefaultQaa(); + if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { + log.warn("eIDAS LoA is not allowed : " + qaa); + errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] { qaa }, request)); + } + + // check attributes + if (MiscUtil.isNotEmpty(form.getAttributes())) { + for (final StorkAttribute check : form.getAttributes()) { + if (check != null && MiscUtil.isNotEmpty(check.getName())) { + final String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come + // with a "/", we need to + // exclude them from + // validation. TODO Or should + // we require the admin to + // escape them in the UI? + if (ValidationHelper.containsNotValidCharacter(tmp, true)) { + log.warn("default attributes contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + if (!tmp.toLowerCase().matches("^[A-Za-z]*$")) { + log.warn("default attributes do not match the requested format : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] { check }, request)); + } + + } + } + + // TODO: STORK attributes check if no attribute is set // } else { // log.warn("no attributes specified"); // errors.add(LanguageHelper.getErrorString("validation.stork.attributes.empty", // new Object[] {} )); - } + } - return errors; - } + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index 5a31d8f47..9c5b145b8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -28,233 +28,228 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OAAuthenticationDataValidation { - private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - - public List<String> validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) { - - List<String> errors = new ArrayList<String>(); - String check; - - - - //Check BKU URLs - if (isAdmin) { - check =form.getBkuHandyURL(); - if (MiscUtil.isNotEmpty(check)) { + public List<String> validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) { + + final List<String> errors = new ArrayList<>(); + String check; + + // Check BKU URLs + if (isAdmin) { + check = form.getBkuHandyURL(); + if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Handy-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); -// +// // } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); - } - } - - check =form.getBkuLocalURL(); - if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); + } + } + + check = form.getBkuLocalURL(); + if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Local-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); -// +// // } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); - } - } - - check =form.getBkuOnlineURL(); - if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); + } + } + + check = form.getBkuOnlineURL(); + if (MiscUtil.isNotEmpty(check)) { // log.info("Empty Online-BKU URL"); // errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); -// +// // } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); - } - } - } - - if (isAdmin) { - //check KeyBoxIdentifier - check = form.getKeyBoxIdentifier(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty KeyBoxIdentifier"); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request)); - } else { - Map<String, String> list = form.getKeyBoxIdentifierList(); - if (!list.containsKey(check)) { - log.info("Not valid KeyBoxIdentifier " + check); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request)); - } - } - - //check LegacyMode SLTemplates - if (form.isLegacy()) { - if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && - MiscUtil.isEmpty(form.getSLTemplateURL2()) && - MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { - log.info("Empty OA-specific SecurityLayer Templates"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request)); - - } else { - check = form.getSLTemplateURL1(); - if (MiscUtil.isNotEmpty(check) && - ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("First OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request)); - } - check = form.getSLTemplateURL2(); - if (MiscUtil.isNotEmpty(check) && - ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("Second OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request)); - } - check = form.getSLTemplateURL3(); - if (MiscUtil.isNotEmpty(check) && - ValidationHelper.isNotValidIdentityLinkSigner(check) ) { - log.info("Third OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request)); - } - } - } - } - - //check Mandate Profiles - check = form.getMandateProfiles(); - if (MiscUtil.isNotEmpty(check)) { - - if (!form.isUseMandates()) { - log.info("MandateProfiles configured but useMandates is false."); - errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request)); - } - - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.warn("MandateProfiles contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - } - - check =form.getMisServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid MIS Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", - new Object[]{check}, request)); - } - } - - check =form.getElgaServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid ELGA Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", - new Object[]{check}, request)); - } - } - - check =form.getSzrgwServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid SZR-GW Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", - new Object[]{check}, request)); - } - } - - check =form.getEidServiceSelected(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid E-ID Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", - new Object[]{check}, request)); - } - } - - if (form.isEnableTestCredentials() - && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) { - for (String el : form.getTestCredialOIDList()) { - if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID)) { - log.warn("Test credential OID does not start with test credential root OID"); - errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", - new Object[] {el}, request )); - } - } - - - } - - if (form.isSl20Active()) { - if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) { - log.debug("Validate SL2.0 configuration ... "); - List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints()); - if (sl20Endpoints.size() == 1) { - String value = sl20Endpoints.get(0); - - if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && - value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { - log.warn("SL2.0 endpoint '" + value + "' has wrong format"); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", - new Object[] {value}, request )); - - } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && - !value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) { - log.info("Find one SL2.0 endpoint without 'default='. Start update ... "); - form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value); - - } - - } else { - boolean findDefault = false; - for (String el : sl20Endpoints) { - if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { - log.warn("SL2.0 endpoint '" + el + "' has wrong format"); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", - new Object[] {el}, request )); - - } else { - if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) { - log.debug("Find default endpoint."); - findDefault = true; - - } else { - String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0]; - try { - Integer.valueOf(firstPart); - - } catch (NumberFormatException e) { - log.warn("SL2.0 endpoint '" + el + "' has wrong format", e); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", - new Object[] {el}, request )); - - } - } - } - } - - if (!findDefault) { - log.warn("SL2.0 endpoints contains NO default endpoint"); - errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", - new Object[] {}, request )); - - } - } - } - } - - return errors; - } + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); + } + } + } + + if (isAdmin) { + // check KeyBoxIdentifier + check = form.getKeyBoxIdentifier(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty KeyBoxIdentifier"); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request)); + } else { + final Map<String, String> list = form.getKeyBoxIdentifierList(); + if (!list.containsKey(check)) { + log.info("Not valid KeyBoxIdentifier " + check); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request)); + } + } + + // check LegacyMode SLTemplates + if (form.isLegacy()) { + if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && + MiscUtil.isEmpty(form.getSLTemplateURL2()) && + MiscUtil.isEmpty(form.getSLTemplateURL3())) { + log.info("Empty OA-specific SecurityLayer Templates"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request)); + + } else { + check = form.getSLTemplateURL1(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("First OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request)); + } + check = form.getSLTemplateURL2(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("Second OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request)); + } + check = form.getSLTemplateURL3(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("Third OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request)); + } + } + } + } + + // check Mandate Profiles + check = form.getMandateProfiles(); + if (MiscUtil.isNotEmpty(check)) { + + if (!form.isUseMandates()) { + log.info("MandateProfiles configured but useMandates is false."); + errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request)); + } + + if (ValidationHelper.containsNotValidCharacter(check, true)) { + log.warn("MandateProfiles contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + check = form.getMisServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MIS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", + new Object[] { check }, request)); + } + } + + check = form.getElgaServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid ELGA Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", + new Object[] { check }, request)); + } + } + + check = form.getSzrgwServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid SZR-GW Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", + new Object[] { check }, request)); + } + } + + check = form.getEidServiceSelected(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid E-ID Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", + new Object[] { check }, request)); + } + } + + if (form.isEnableTestCredentials() + && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) { + for (final String el : form.getTestCredialOIDList()) { + if (!el.startsWith(MOAIDConstants.TESTCREDENTIALROOTOID)) { + log.warn("Test credential OID does not start with test credential root OID"); + errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", + new Object[] { el }, request)); + } + } + + } + + if (form.isSl20Active()) { + if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) { + log.debug("Validate SL2.0 configuration ... "); + final List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints()); + if (sl20Endpoints.size() == 1) { + final String value = sl20Endpoints.get(0); + + if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + value + "' has wrong format"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] { value }, request)); + + } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + !value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.info("Find one SL2.0 endpoint without 'default='. Start update ... "); + form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value); + + } + + } else { + boolean findDefault = false; + for (final String el : sl20Endpoints) { + if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] { el }, request)); + + } else { + if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) { + log.debug("Find default endpoint."); + findDefault = true; + + } else { + final String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0]; + try { + Integer.valueOf(firstPart); + + } catch (final NumberFormatException e) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format", e); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] { el }, request)); + + } + } + } + } + + if (!findDefault) { + log.warn("SL2.0 endpoints contains NO default endpoint"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", + new Object[] {}, request)); + + } + } + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java index 2011a07f1..951b89753 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java @@ -27,67 +27,62 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; -import org.apache.commons.io.IOUtils; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; -import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class OAFileUploadValidation { - private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - - public List<String> validate(List<String> fileName, List<File> files, - String errorMsgPreFix, Map<String, byte[]> output, HttpServletRequest request) { - - List<String> errors = new ArrayList<String>(); - - if (fileName != null) { - - if (fileName.size() > 1) { - log.info("Only one BKU-selecten template file can be stored"); - errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected", request)); - } - - for (int i=0; i<fileName.size(); i++) { - String filename = fileName.get(i); - - if (MiscUtil.isNotEmpty(filename)) { - if (ValidationHelper.containsNotValidCharacter(filename, false)) { - log.info("Filename is not valid"); - errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid", request)); - - } else { - try { - File file = files.get(i); - InputStream stream = new FileInputStream(file); - output.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); - stream.close(); - - } catch (IOException e) { - log.info("File with FileName " - + filename +" can not be loaded." , e); - errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.valid", - new Object[] {filename}, request )); - } - } - } - } - } - - return errors; - } + public List<String> validate(List<String> fileName, List<File> files, + String errorMsgPreFix, Map<String, byte[]> output, HttpServletRequest request) { + + final List<String> errors = new ArrayList<>(); + + if (fileName != null) { + + if (fileName.size() > 1) { + log.info("Only one BKU-selecten template file can be stored"); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected", request)); + } + + for (int i = 0; i < fileName.size(); i++) { + final String filename = fileName.get(i); + + if (MiscUtil.isNotEmpty(filename)) { + if (ValidationHelper.containsNotValidCharacter(filename, false)) { + log.info("Filename is not valid"); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid", request)); + + } else { + try { + final File file = files.get(i); + final InputStream stream = new FileInputStream(file); + output.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); + stream.close(); + + } catch (final IOException e) { + log.info("File with FileName " + + filename + " can not be loaded.", e); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.valid", + new Object[] { filename }, request)); + } + } + } + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java index c30c11f5a..205e792fa 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java @@ -28,30 +28,29 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OAOAUTH20ConfigValidation { - - private static final Logger log = Logger.getLogger(OAOAUTH20ConfigValidation.class); - - public List<String> validate(OAOAuth20Config form, HttpServletRequest request) { - - List<String> errors = new ArrayList<String>(); - - // validate secret + + public List<String> validate(OAOAuth20Config form, HttpServletRequest request) { + + final List<String> errors = new ArrayList<>(); + + // validate secret // if (StringUtils.isEmpty(form.getClientSecret())) { // errors.add(LanguageHelper.getErrorString("error.oa.oauth.clientSecret")); // } - - // validate redirectUri - if (StringUtils.isNotEmpty(form.getRedirectUri()) && !OAuth20Util.isUrl(form.getRedirectUri())) { - errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); - } - - return errors; - } + + // validate redirectUri + if (StringUtils.isNotEmpty(form.getRedirectUri()) && !OAuth20Util.isUrl(form.getRedirectUri())) { + errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index cbb7c88b2..8e9865a3a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -33,7 +33,6 @@ import javax.net.ssl.SSLHandshakeException; import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.MOAHttpClient; -import org.apache.log4j.Logger; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataFilterChain; @@ -57,186 +56,189 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OAPVP2ConfigValidation { - private static final Logger log = Logger.getLogger(OAPVP2ConfigValidation.class); - - public List<String> validate(OAPVP2Config form, String oaID, HttpServletRequest request) { - - Timer timer = null; - MOAHttpClient httpClient = null; - HTTPMetadataProvider httpProvider = null; - - List<String> errors = new ArrayList<String>(); - try { - byte[] certSerialized = null; - if (form.getFileUpload() != null) - certSerialized = form.getCertificate(); - - else { - try { - //Some databases does not allow the selection of a lob in SQL where expression - String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class"); - boolean backupVersion = false; - if (MiscUtil.isNotEmpty(dbDriver)) { - for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { - if (dbDriver.startsWith(el)) { - backupVersion = true; - log.debug("JDBC driver '" + dbDriver - + "' is blacklisted --> Switch to alternative DB access methode implementation."); - - } - - } - } - - Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion); - if (oa != null && - MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE))) { - certSerialized = Base64Utils.decode(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE), false); - form.setStoredCert(certSerialized); - } - - } catch (ConfigurationException e) { - log.error("MOA-ID-Configuration initialization FAILED.", e); - - } - } - - String check = form.getMetaDataURL(); - if (MiscUtil.isNotEmpty(check)) { - - if (!ValidationHelper.validateURL(check)) { - log.info("MetaDataURL has no valid form."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); - - } else { - if (certSerialized == null) { - log.info("No certificate for metadata validation"); - errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); - - } else { - if (form.getMetaDataURL().startsWith("http")) { - X509Certificate cert = new X509Certificate(certSerialized); - BasicX509Credential credential = new BasicX509Credential(); - credential.setEntityCertificate(cert); - - timer = new Timer(); - httpClient = new MOAHttpClient(); - - if (form.getMetaDataURL().startsWith("https:")) - try { - MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - "MOAMetaDataProvider", - true, - ConfigurationProvider.getInstance().getCertStoreDirectory(), - ConfigurationProvider.getInstance().getTrustStoreDirectory(), - null, - "pkix", - true, - new String[]{"crl"}, - false); - - httpClient.setCustomSSLTrustStore( - form.getMetaDataURL(), - protoSocketFactory); - - } catch (MOAHttpProtocolSocketFactoryException e) { - log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); - - } catch (ConfigurationException e) { - log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore."); - - } - - List<MetadataFilter> filterList = new ArrayList<MetadataFilter>(); - filterList.add(new MetaDataVerificationFilter(credential)); - - try { - filterList.add(new SchemaValidationFilter( - ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); - - } catch (ConfigurationException e) { - log.warn("Configuration access FAILED!", e); - - } - - MetadataFilterChain filter = new MetadataFilterChain(); - filter.setFilters(filterList); - - httpProvider = - new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); - httpProvider.setParserPool(new BasicParserPool()); - httpProvider.setRequireValidMetadata(true); - httpProvider.setMetadataFilter(filter); - httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes - httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours - - httpProvider.setRequireValidMetadata(true); - - httpProvider.initialize(); - - - - - if (httpProvider.getMetadata() == null) { - log.info("Metadata could be received but validation FAILED."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); - } - - } else { - log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form.getMetaDataURL()); - - } - - } - } - } - - } catch (CertificateException e) { - log.info("Uploaded Certificate can not be found", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); - - } catch (IOException e) { - log.info("Metadata can not be loaded from URL", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); - - } catch (MetadataProviderException e) { - - try { - if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { - log.info("SSL Server certificate not trusted.", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); - - } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request)); - - } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request)); - - } else { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); - } - - } catch (Exception e1) { - log.info("MetaDate verification failed", e1); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); - - } - - } finally { - if (httpProvider != null) - httpProvider.destroy(); - - if (timer != null) - timer.cancel(); - - } - - return errors; - } + public List<String> validate(OAPVP2Config form, String oaID, HttpServletRequest request) { + + Timer timer = null; + MOAHttpClient httpClient = null; + HTTPMetadataProvider httpProvider = null; + + final List<String> errors = new ArrayList<>(); + try { + byte[] certSerialized = null; + if (form.getFileUpload() != null) { + certSerialized = form.getCertificate(); + } else { + try { + // Some databases does not allow the selection of a lob in SQL where expression + final String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties() + .getProperty("hibernate.connection.driver_class"); + boolean backupVersion = false; + if (MiscUtil.isNotEmpty(dbDriver)) { + for (final String el : MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { + if (dbDriver.startsWith(el)) { + backupVersion = true; + log.debug("JDBC driver '" + dbDriver + + "' is blacklisted --> Switch to alternative DB access methode implementation."); + + } + + } + } + + final Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead() + .getOnlineApplicationKeyValueWithId(oaID, backupVersion); + if (oa != null && + MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE))) { + certSerialized = Base64Utils.decode(oa.get( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE), false); + form.setStoredCert(certSerialized); + } + + } catch (final ConfigurationException e) { + log.error("MOA-ID-Configuration initialization FAILED.", e); + + } + } + + final String check = form.getMetaDataURL(); + if (MiscUtil.isNotEmpty(check)) { + + if (!ValidationHelper.validateURL(check)) { + log.info("MetaDataURL has no valid form."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); + + } else { + if (certSerialized == null) { + log.info("No certificate for metadata validation"); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); + + } else { + if (form.getMetaDataURL().startsWith("http")) { + final X509Certificate cert = new X509Certificate(certSerialized); + final BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); + + timer = new Timer(); + httpClient = new MOAHttpClient(); + + if (form.getMetaDataURL().startsWith("https:")) { + try { + final MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + true, + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true, + new String[] { "crl" }, + false); + + httpClient.setCustomSSLTrustStore( + form.getMetaDataURL(), + protoSocketFactory); + + } catch (final MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } catch (final ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore."); + + } + } + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new MetaDataVerificationFilter(credential)); + + try { + filterList.add(new SchemaValidationFilter( + ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); + + } catch (final ConfigurationException e) { + log.warn("Configuration access FAILED!", e); + + } + + final MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + httpProvider = + new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMetadataFilter(filter); + httpProvider.setMinRefreshDelay(1000 * 60 * 15); // 15 minutes + httpProvider.setMaxRefreshDelay(1000 * 60 * 60 * 24); // 24 hours + + httpProvider.setRequireValidMetadata(true); + + httpProvider.initialize(); + + if (httpProvider.getMetadata() == null) { + log.info("Metadata could be received but validation FAILED."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); + } + + } else { + log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form + .getMetaDataURL()); + + } + + } + } + } + + } catch (final CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); + + } catch (final IOException e) { + log.info("Metadata can not be loaded from URL", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); + + } catch (final MetadataProviderException e) { + + try { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request)); + + } else { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); + } + + } catch (final Exception e1) { + log.info("MetaDate verification failed", e1); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); + + } + + } finally { + if (httpProvider != null) { + httpProvider.destroy(); + } + + if (timer != null) { + timer.cancel(); + } + + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java index 95104b929..903e8899a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java @@ -27,25 +27,23 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OASAML1ConfigValidation { - private static final Logger log = Logger.getLogger(OASAML1ConfigValidation.class); - - public List<String> validate(OASAML1Config form, OAGeneralConfig general, HttpServletRequest request) { - - List<String> errors = new ArrayList<String>(); - - if (general.isBusinessService() && form.isProvideStammZahl()) { - log.info("ProvideStammZahl can not be used with BusinessService applications"); - errors.add(LanguageHelper.getErrorString("validation.saml1.providestammzahl", request)); - } - - return errors; - } + public List<String> validate(OASAML1Config form, OAGeneralConfig general, HttpServletRequest request) { + + final List<String> errors = new ArrayList<>(); + + if (general.isBusinessService() && form.isProvideStammZahl()) { + log.info("ProvideStammZahl can not be used with BusinessService applications"); + errors.add(LanguageHelper.getErrorString("validation.saml1.providestammzahl", request)); + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java index 971e11cc4..109257551 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java @@ -27,33 +27,31 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OASSOConfigValidation { - - private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - - public List<String> validate(OASSOConfig form, boolean isAdmin, HttpServletRequest request) { - - List<String> errors = new ArrayList<String>(); - - String urlString = form.getSingleLogOutURL(); - if (MiscUtil.isEmpty(urlString)) { - log.info("No Single Log-Out URL"); - //TODO: set error if it is implemented - //errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.empty")); - } else { - if (!ValidationHelper.validateURL(urlString) && form.isUseSSO()) { - log.info("Single Log-Out url validation error"); - errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.valid", request)); - } - } - - return errors; - } + + public List<String> validate(OASSOConfig form, boolean isAdmin, HttpServletRequest request) { + + final List<String> errors = new ArrayList<>(); + + final String urlString = form.getSingleLogOutURL(); + if (MiscUtil.isEmpty(urlString)) { + log.info("No Single Log-Out URL"); + // TODO: set error if it is implemented + // errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.empty")); + } else { + if (!ValidationHelper.validateURL(urlString) && form.isUseSSO()) { + log.info("Single Log-Out url validation error"); + errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.valid", request)); + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 00ccdca8c..a8836145a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -28,60 +28,59 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OASTORKConfigValidation { - private static final Logger log = Logger.getLogger(OASTORKConfigValidation.class); + public List<String> validate(OASTORKConfig oageneral, HttpServletRequest request) { + + final List<String> errors = new ArrayList<>(); + + // check qaa + final String qaa = oageneral.getQaa(); + if (MiscUtil.isNotEmpty(qaa) && !MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { + log.warn("eIDAS LoA is not allowed : " + qaa); + errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] { qaa }, request)); + } + + if (oageneral.isVidpEnabled()) { + final Iterator<AttributeProviderPlugin> interator = oageneral.getAttributeProviderPlugins().iterator(); + while (interator.hasNext()) { + final AttributeProviderPlugin current = interator.next(); + if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { + log.info("AttributeProviderPlugin URL has no valid form."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request)); + } + if (MiscUtil.isEmpty(current.getName())) { + log.info("AttributeProviderPlugin Name is empty."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty", request)); - public List<String> validate(OASTORKConfig oageneral, HttpServletRequest request) { + } else { + if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) { + log.info("AttributeProviderPlugin Name is not supported."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid", request)); + } + } - List<String> errors = new ArrayList<String>(); + if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches( + "[a-zA-Z]+(, ?[a-zA-Z]+)*")) { + log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid", request)); + } + } - // check qaa - String qaa = oageneral.getQaa(); - if (MiscUtil.isNotEmpty(qaa) && !MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { - log.warn("eIDAS LoA is not allowed : " + qaa); - errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", - new Object[] {qaa}, request )); - } - - if (oageneral.isVidpEnabled()) { - Iterator<AttributeProviderPlugin> interator = oageneral.getAttributeProviderPlugins().iterator(); - while (interator.hasNext()) { - AttributeProviderPlugin current = interator.next(); - if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { - log.info("AttributeProviderPlugin URL has no valid form."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request)); - } - if (MiscUtil.isEmpty(current.getName())) { - log.info("AttributeProviderPlugin Name is empty."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty", request)); - - } else { - if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) { - log.info("AttributeProviderPlugin Name is not supported."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid", request)); - } - } - - if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { - log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid", request)); - } - } - - } else { - oageneral.setAttributeProviderPlugins(null); - } + } else { + oageneral.setAttributeProviderPlugins(null); + } - return errors; - } + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java index 4807d479e..3e1ed0a38 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java @@ -29,8 +29,6 @@ import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; @@ -38,133 +36,133 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class OATargetConfigValidation { - private static final Logger log = Logger.getLogger(OATargetConfigValidation.class); - - public List<String> validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general, HttpServletRequest request) { - - List<String> errors = new ArrayList<String>(); - String check; - - if (general.isBusinessService()) { - - //check identification type - check = form.getIdentificationType(); - if (!form.getIdentificationTypeList().contains(check)) { - log.info("IdentificationType is not known."); - errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); - } - - //check identification number - check = form.getIdentificationNumber(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty IdentificationNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); - - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - - if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { - CompanyNumberValidator val = new CompanyNumberValidator(); - if (!val.validate(check)) { - log.info("Not valid CompanyNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request)); - } - - } else if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { - Pattern pattern = Pattern.compile("[A-Z,a-z]{2}\\+[A-Z,a-z]{2}"); - Matcher matcher = pattern.matcher(check); - if (!matcher.matches()) { - log.info("Not valid eIDAS Target"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.eidas.valid", request)); - - } - - } - } - - } else { - - check = form.getTarget_subsector(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target-Subsector"); - errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); - } - } - - - if (!isAdmin) { - //check PublicURL Prefix allows PublicService - if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) { - log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier()); - errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", - new Object[] {general.getIdentifier()}, request )); - general.setBusinessService(true); - return errors; - - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - - } else { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - } else { - - //check targetFrindlyName(); - check = form.getTargetFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("TargetFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - //check Admin Target - check = form.getTarget_admin(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); - } - } - } - } - - - //foreign bPK configuration - - - return errors; - } + public List<String> validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general, + HttpServletRequest request) { + + final List<String> errors = new ArrayList<>(); + String check; + + if (general.isBusinessService()) { + + // check identification type + check = form.getIdentificationType(); + if (!form.getIdentificationTypeList().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); + } + + // check identification number + check = form.getIdentificationNumber(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty IdentificationNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); + + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + + if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { + final CompanyNumberValidator val = new CompanyNumberValidator(); + if (!val.validate(check)) { + log.info("Not valid CompanyNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", + request)); + } + + } else if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { + final Pattern pattern = Pattern.compile("[A-Z,a-z]{2}\\+[A-Z,a-z]{2}"); + final Matcher matcher = pattern.matcher(check); + if (!matcher.matches()) { + log.info("Not valid eIDAS Target"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.eidas.valid", + request)); + + } + + } + } + + } else { + + check = form.getTarget_subsector(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); + } + } + + if (!isAdmin) { + // check PublicURL Prefix allows PublicService + if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) { + log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier()); + errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] { general.getIdentifier() }, request)); + general.setBusinessService(true); + return errors; + + } + + // check Target + check = form.getTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + + } else { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + } else { + + // check targetFrindlyName(); + check = form.getTargetFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + } + + // check Target + check = form.getTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + // check Admin Target + check = form.getTarget_admin(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); + } + } + } + } + + // foreign bPK configuration + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/resources/logback.xml b/id/ConfigWebTool/src/main/resources/logback.xml new file mode 100644 index 000000000..fc7508598 --- /dev/null +++ b/id/ConfigWebTool/src/main/resources/logback.xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + <appender name="CONFIGTOOL" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-id-webgui.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>1</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i.gz</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern> + </encoder> + </appender> + + <logger name="at.gv.egovernment.moa.id.configuration" level="info"> + <appender-ref ref="CONFIGTOOL"/> + </logger> + <logger name="at.gv.egovernment.moa.id.config.webgui" level="info"> + <appender-ref ref="CONFIGTOOL"/> + </logger> + + <logger name="at.gv.egiz.eaaf" level="info"> + <appender-ref ref="moaid"/> + </logger> + <logger name="at.gv.egiz.components.configuration" level="info"> + <appender-ref ref="CONFIGTOOL"/> + </logger> + + <root level="warn"> + <appender-ref ref="stdout"/> + </root> +</configuration> diff --git a/id/assembly-auth-edu.xml b/id/assembly-auth-edu.xml deleted file mode 100644 index c11f790e4..000000000 --- a/id/assembly-auth-edu.xml +++ /dev/null @@ -1,191 +0,0 @@ -<assembly> - <id>id-auth-edu-${moa-id-version}</id> - - <formats> - <format>dir</format> - <format>zip</format> - <!-- <format>tar.gz</format> --> - </formats> - - <baseDirectory>moa-id-auth-edu-${moa-id-version}</baseDirectory> - - <fileSets> - <fileSet> - <directory>${basedir}/id/server/data/deploy</directory> - <outputDirectory>/</outputDirectory> - <excludes> - <exclude>**/conf/Catalina/**</exclude> - <exclude>${basedir}/id/server/data/deploy/conf/moa-id-proxy/**</exclude> - </excludes> - </fileSet> - <fileSet> - <directory>${basedir}/spss/handbook/conf/moa-spss/certstore</directory> - <outputDirectory>/conf/moa-id/certs/certstore</outputDirectory> - <includes> - <include>**/*</include> - </includes> - </fileSet> - <fileSet> - <directory>${basedir}/spss/handbook/conf/moa-spss/certstore</directory> - <outputDirectory>/conf/moa-spss/certstore</outputDirectory> - <includes> - <include>**/*</include> - </includes> - </fileSet> - <fileSet> - <directory>${basedir}/id/server/doc</directory> - <outputDirectory>/doc</outputDirectory> - <excludes> - <exclude>${basedir}/id/server/doc/proxy/**</exclude> - </excludes> - </fileSet> - <fileSet> - <directory>${basedir}/id/server/data/deploy/conf</directory> - <outputDirectory>/doc/conf</outputDirectory> - <excludes> - <exclude>${basedir}/id/server/data/deploy/conf/moa-id-proxy/**</exclude> - </excludes> - </fileSet> - <fileSet> - <directory>${basedir}/id</directory> - <outputDirectory>/</outputDirectory> - <includes> - <include>history.txt</include> - <include>readme_${moa-id-version}.txt</include> - </includes> - </fileSet> - <fileSet> - <directory>${basedir}</directory> - <outputDirectory>/</outputDirectory> - <includes> - <include>LICENSE-2.0.txt</include> - <include>NOTICE.txt</include> - <include>IAIK-LICENSE.txt</include> - <include>EUPL v.1.1 - Licence.pdf</include> - <include>SIC_LICENSE.txt</include> - </includes> - </fileSet> - </fileSets> - - <moduleSets> - <moduleSet> - <includes> - <include>MOA.id.server:moa-id-auth-edu</include> - </includes> - <binaries> - <includeDependencies>true</includeDependencies> - <outputDirectory>/</outputDirectory> - <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping> - <dependencySets> - <dependencySet> - <includes> - <include>xalan-bin-dist:xalan</include> - <include>xerces:xercesImpl</include> - <include>xalan-bin-dist:xml-apis</include> - <include>xalan-bin-dist:serializer</include> - </includes> - <outputDirectory>/endorsed</outputDirectory> - <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping> - </dependencySet> - <dependencySet> - <includes> - <include>iaik.prod:iaik_ecc</include> - <include>iaik.prod:iaik_jce_full</include> - <include>iaik.prod:iaik_Pkcs11Provider</include> - <include>iaik.prod:iaik_Pkcs11Wrapper:jar</include> - </includes> - <outputDirectory>/ext</outputDirectory> - <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping> - </dependencySet> - </dependencySets> - <unpack>false</unpack> - </binaries> - </moduleSet> - - <moduleSet> - <includes> - <include>MOA.id.server:moa-id-lib</include> - </includes> - <binaries> - <attachmentClassifier>javadoc</attachmentClassifier> - <includeDependencies>false</includeDependencies> - <outputFileNameMapping>api-doc</outputFileNameMapping> - <outputDirectory>/doc</outputDirectory> - <unpack>true</unpack> - </binaries> - </moduleSet> - - <moduleSet> - <includes> - <include>MOA.id:moa-id-configuration</include> - </includes> - <binaries> - <includeDependencies>false</includeDependencies> - <outputDirectory>/</outputDirectory> - <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping> - <unpack>false</unpack> - </binaries> - </moduleSet> - - <moduleSet> - <includes> - <include>MOA.id.server:moa-id-commons</include> - </includes> - <binaries> - <includeDependencies>false</includeDependencies> - <outputDirectory>/migration/</outputDirectory> - <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping> - <unpack>false</unpack> - <dependencySets> - <dependencySet> - <outputDirectory>/migration/dependency-jars</outputDirectory> - <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping> - </dependencySet> - </dependencySets> - </binaries> - </moduleSet> - - <moduleSet> - <includes> - <include>MOA.id:moa-id-oa</include> - </includes> - <sources> - <useDefaultExcludes>true</useDefaultExcludes> - <outputDirectory>../</outputDirectory> - <includeModuleDirectory>true</includeModuleDirectory> - <outputDirectoryMapping>/source/${artifactId}/src</outputDirectoryMapping> - <excludes> - <exclude>**/target/**</exclude> - <exclude>**/bin/**</exclude> - <exclude>**/.settings/**</exclude> - <exclude>.*</exclude> - </excludes> - <includes> - <include>pom.xml</include> - </includes> - </sources> - <binaries> - <includeDependencies>false</includeDependencies> - <outputDirectory>/</outputDirectory> - <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping> - <unpack>false</unpack> - <dependencySets> - <dependencySet> - <includes> - <include>iaik:commons-iaik</include> - <include>MOA:moa-common</include> - </includes> - <outputDirectory>/source/repositority</outputDirectory> - <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping> - </dependencySet> - </dependencySets> - </binaries> - </moduleSet> - - </moduleSets> - - <componentDescriptors> - <componentDescriptor>component-pkcs11libs.xml</componentDescriptor> - </componentDescriptors> - -</assembly> diff --git a/id/assembly-auth-final.xml b/id/assembly-auth-final.xml deleted file mode 100644 index 504f5620a..000000000 --- a/id/assembly-auth-final.xml +++ /dev/null @@ -1,191 +0,0 @@ -<assembly>
- <id>id-auth-final-${moa-id-version}</id>
-
- <formats>
- <format>dir</format>
- <format>zip</format>
- <!-- <format>tar.gz</format> -->
- </formats>
-
- <baseDirectory>moa-id-auth-final-${moa-id-version}</baseDirectory>
-
- <fileSets>
- <fileSet>
- <directory>${basedir}/id/server/data/deploy</directory>
- <outputDirectory>/</outputDirectory>
- <excludes>
- <exclude>**/conf/Catalina/**</exclude>
- <exclude>${basedir}/id/server/data/deploy/conf/moa-id-proxy/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/spss/handbook/conf/moa-spss/certstore</directory>
- <outputDirectory>/conf/moa-id/certs/certstore</outputDirectory>
- <includes>
- <include>**/*</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/spss/handbook/conf/moa-spss/certstore</directory>
- <outputDirectory>/conf/moa-spss/certstore</outputDirectory>
- <includes>
- <include>**/*</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id/server/doc</directory>
- <outputDirectory>/doc</outputDirectory>
- <excludes>
- <exclude>${basedir}/id/server/doc/proxy/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id/server/data/deploy/conf</directory>
- <outputDirectory>/doc/conf</outputDirectory>
- <excludes>
- <exclude>${basedir}/id/server/data/deploy/conf/moa-id-proxy/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>history.txt</include>
- <include>readme_${moa-id-version}.txt</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>${basedir}</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>LICENSE-2.0.txt</include>
- <include>NOTICE.txt</include>
- <include>IAIK-LICENSE.txt</include>
- <include>EUPL v.1.1 - Licence.pdf</include>
- <include>SIC_LICENSE.txt</include>
- </includes>
- </fileSet>
- </fileSets>
-
- <moduleSets>
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-auth-final</include>
- </includes>
- <binaries>
- <includeDependencies>true</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <dependencySets>
- <dependencySet>
- <includes>
- <include>xalan-bin-dist:xalan</include>
- <include>xerces:xercesImpl</include>
- <include>xalan-bin-dist:xml-apis</include>
- <include>xalan-bin-dist:serializer</include>
- </includes>
- <outputDirectory>/endorsed</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- <dependencySet>
- <includes>
- <include>iaik.prod:iaik_ecc</include>
- <include>iaik.prod:iaik_jce_full</include>
- <include>iaik.prod:iaik_Pkcs11Provider</include>
- <include>iaik.prod:iaik_Pkcs11Wrapper:jar</include>
- </includes>
- <outputDirectory>/ext</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- </dependencySets>
- <unpack>false</unpack>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-lib</include>
- </includes>
- <binaries>
- <attachmentClassifier>javadoc</attachmentClassifier>
- <includeDependencies>false</includeDependencies>
- <outputFileNameMapping>api-doc</outputFileNameMapping>
- <outputDirectory>/doc</outputDirectory>
- <unpack>true</unpack>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id:moa-id-configuration</include>
- </includes>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <unpack>false</unpack>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-commons</include>
- </includes>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputDirectory>/migration/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <unpack>false</unpack>
- <dependencySets>
- <dependencySet>
- <outputDirectory>/migration/dependency-jars</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- </dependencySets>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id:moa-id-oa</include>
- </includes>
- <sources>
- <useDefaultExcludes>true</useDefaultExcludes>
- <outputDirectory>../</outputDirectory>
- <includeModuleDirectory>true</includeModuleDirectory>
- <outputDirectoryMapping>/source/${artifactId}/src</outputDirectoryMapping>
- <excludes>
- <exclude>**/target/**</exclude>
- <exclude>**/bin/**</exclude>
- <exclude>**/.settings/**</exclude>
- <exclude>.*</exclude>
- </excludes>
- <includes>
- <include>pom.xml</include>
- </includes>
- </sources>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <unpack>false</unpack>
- <dependencySets>
- <dependencySet>
- <includes>
- <include>iaik:commons-iaik</include>
- <include>MOA:moa-common</include>
- </includes>
- <outputDirectory>/source/repositority</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- </dependencySets>
- </binaries>
- </moduleSet>
-
- </moduleSets>
-
- <componentDescriptors>
- <componentDescriptor>component-pkcs11libs.xml</componentDescriptor>
- </componentDescriptors>
-
-</assembly>
diff --git a/id/assembly-proxy.xml b/id/assembly-proxy.xml deleted file mode 100644 index d43783e69..000000000 --- a/id/assembly-proxy.xml +++ /dev/null @@ -1,120 +0,0 @@ -<assembly>
- <id>id-proxy-${moa-id-proxy-version}</id>
-
- <formats>
- <format>dir</format>
- <format>zip</format>
- <!-- <format>tar.gz</format> -->
- </formats>
-
- <baseDirectory>moa-id-proxy-${moa-id-proxy-version}</baseDirectory>
-
- <fileSets>
- <fileSet>
- <directory>${basedir}/id/server/data/deploy</directory>
- <outputDirectory>/</outputDirectory>
- <excludes>
- <exclude>**/conf/moa-spss/**</exclude>
- <exclude>**/conf/moa-id/transforms/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id/server/doc/proxy</directory>
- <outputDirectory>/doc</outputDirectory>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>history.txt</include>
- <include>readme_${moa-id-proxy-version}.txt</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>${basedir}</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>LICENSE-2.0.txt</include>
- <include>NOTICE.txt</include>
- <include>IAIK-LICENSE.txt</include>
- <include>EUPL v.1.1 - Licence.pdf</include>
- <include>SIC_LICENSE.txt</include>
- </includes>
- </fileSet>
- </fileSets>
-
- <moduleSets>
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-proxy</include>
- </includes>
- <binaries>
- <includeDependencies>true</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <dependencySets>
- <dependencySet>
- <includes>
- <include>xalan-bin-dist:xalan</include>
- <include>xerces:xercesImpl</include>
- <include>xalan-bin-dist:xml-apis</include>
- <include>xalan-bin-dist:serializer</include>
- </includes>
- <outputDirectory>/endorsed</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- <dependencySet>
- <includes>
- <include>iaik.prod:iaik_ecc</include>
- <include>iaik.prod:iaik_jce_full</include>
- <include>iaik.prod:iaik_Pkcs11Provider</include>
- <include>iaik.prod:iaik_Pkcs11Wrapper:jar</include>
- </includes>
- <outputDirectory>/ext</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- </dependencySets>
- <unpack>false</unpack>
- </binaries>
- </moduleSet>
-<!-- <moduleSet>
- <includes>
- <include>MOA:moa-id-oa</include>
- </includes>
- <binaries>
- <includeDependencies>true</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>oa.${extension}</outputFileNameMapping>
- <unpack>false</unpack>
- </binaries>
- </moduleSet> -->
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-lib</include>
- </includes>
- <binaries>
- <attachmentClassifier>javadoc</attachmentClassifier>
- <includeDependencies>false</includeDependencies>
- <outputFileNameMapping>api-doc</outputFileNameMapping>
- <outputDirectory>/doc</outputDirectory>
- <unpack>true</unpack>
- </binaries>
- </moduleSet>
- <!-- <moduleSet>
- <includes>
- <include>MOA.id:moa-id-templates</include>
- </includes>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputFileNameMapping>moaid-templates.war</outputFileNameMapping>
- <outputDirectory>/templates</outputDirectory>
- <unpack>false</unpack>
- </binaries>
- </moduleSet>-->
- </moduleSets>
-
- <componentDescriptors>
- <componentDescriptor>component-pkcs11libs.xml</componentDescriptor>
- </componentDescriptors>
-
-</assembly>
diff --git a/id/history.txt b/id/history.txt index cdcc56261..116cd4b2e 100644 --- a/id/history.txt +++ b/id/history.txt @@ -1,5 +1,38 @@ Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf.
+Version MOA-ID Release 4.2.0: Änderungen seit Version MOA-ID 4.1.5
+ - Änderungen
+ - Erfordert mindestens Java 8
+ - Optionale Erweiterung für Gesundheitsanwendungen hinzugefügt
+ - Switch from log4j to logback
+ - Update von Libraries
+ > org.springframework 5.3.13.RELEASE
+ > org.springframework.data.spring-data-jpa 2.6.0.RELEASE
+ > org.springframework.data.spring-data-redis 2.6.0.RELEASE
+ > redis.clients 3.7.1
+ > org.hibernate:hibernate-core 5.6.2.Final
+ > commons-dbcp2 2.9.0
+ > log4j 2.17.0
+ > logback 1.2.9
+ > com.google.guava 31.0.1-jre
+ > org.apache.santuario.xmlsec 2.3.0
+ > org.apache.cxf 3.3.12
+ > org.apache.struts2 2.5.28
+ > org.apache.httpcomponents.httpcore 4.5.15
+ > mysql-connector 8.0.27
+ > fasterxml:jackson 2.13.0
+ > commons-io 2.11.0
+ > jodatime 2.10.13
+ > org.apache.commons-commons-pool2 2.11.1
+ > iaik_jce_full 5.62_moa
+ > moa-spss 3.1.4
+
+Version MOA-ID Release 4.1.7
+ - Diese Version war bereits für ein Release vorbereitet, wurde jedoch nicht offiziell veröffentlicht
+
+Version MOA-ID Release 4.1.6:
+ - Diese Version war bereits für ein Release vorbereitet, wurde jedoch nicht offiziell veröffentlicht
+
Version MOA-ID Release 4.1.5: Änderungen seit Version MOA-ID 4.1.4
- Änderungen
- Anpassung der E-ID Proxy Implementierung an eine zusätzliche Anforderungen an das E-ID System
diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index fa7694129..8752e2d8c 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -1,92 +1,99 @@ -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - - <parent> - <groupId>MOA</groupId> - <artifactId>id</artifactId> - <version>4.1.5</version> - </parent> - - <modelVersion>4.0.0</modelVersion> - <groupId>MOA.id</groupId> - <artifactId>moa-id-webgui</artifactId> - <version>1.0</version> - <name>MOA-ID WebGUI Module</name> - - <properties> - <repositoryPath>${basedir}/../../repository</repositoryPath> - </properties> - - <repositories> +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + + <parent> + <groupId>MOA</groupId> + <artifactId>id</artifactId> + <version>4.2.0</version> + </parent> + + <modelVersion>4.0.0</modelVersion> + <groupId>MOA.id</groupId> + <artifactId>moa-id-webgui</artifactId> + <version>1.0</version> + <name>MOA-ID WebGUI Module</name> + + <properties> + <repositoryPath>${basedir}/../../repository</repositoryPath> + </properties> + + <repositories> <repository> <id>shibboleth.internet2.edu</id> <name>Internet2</name> <url>https://apps.egiz.gv.at/shibboleth_nexus/</url> </repository> </repositories> - - <build> - <sourceDirectory>src/main/java</sourceDirectory> - <plugins> - <plugin> - <artifactId>maven-compiler-plugin</artifactId> - <configuration> - <source>1.7</source> - <target>1.7</target> - </configuration> - </plugin> - </plugins> - </build> - - <dependencies> - <dependency> - <groupId>at.gv.egiz.components</groupId> - <artifactId>egiz-configuration-meta-api</artifactId> - <version>0.3</version> - </dependency> - <dependency> - <groupId>at.gv.egiz.components</groupId> - <artifactId>egiz-spring-api</artifactId> - <version>0.1</version> - </dependency> - - <dependency> - <groupId>MOA.id.server</groupId> - <artifactId>moa-id-commons</artifactId> - <exclusions> - <exclusion> - <artifactId>hyperjaxb3-ejb-runtime</artifactId> - <groupId>org.jvnet.hyperjaxb3</groupId> - </exclusion> - </exclusions> - </dependency> - - <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-log4j12</artifactId> + + <build> + <sourceDirectory>src/main/java</sourceDirectory> + <plugins> + <plugin> + <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <source>1.8</source> + <target>1.8</target> + </configuration> + </plugin> + </plugins> + </build> + + <dependencies> + <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>egiz-configuration-meta-api</artifactId> + <version>0.3</version> </dependency> - - <dependency> - <groupId>org.opensaml</groupId> - <artifactId>opensaml</artifactId> - <exclusions> - <exclusion> - <groupId>org.slf4j</groupId> - <artifactId>log4j-over-slf4j</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> - <groupId>org.opensaml</groupId> - <artifactId>xmltooling</artifactId> - <exclusions> - <exclusion> - <groupId>org.slf4j</groupId> - <artifactId>log4j-over-slf4j</artifactId> - </exclusion> - </exclusions> - </dependency> - - </dependencies> - - + <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>egiz-spring-api</artifactId> + </dependency> + + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-commons</artifactId> + <exclusions> + <exclusion> + <artifactId>hyperjaxb3-ejb-runtime</artifactId> + <groupId>org.jvnet.hyperjaxb3</groupId> + </exclusion> + </exclusions> + </dependency> + + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-context</artifactId> + </dependency> + + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + </dependency> + + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>opensaml</artifactId> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>log4j-over-slf4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.opensaml</groupId> + <artifactId>xmltooling</artifactId> + <exclusions> + <exclusion> + <groupId>org.slf4j</groupId> + <artifactId>log4j-over-slf4j</artifactId> + </exclusion> + </exclusions> + </dependency> + + </dependencies> + + </project>
\ No newline at end of file diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index b60e62ac3..2ea7d35ad 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -6,7 +6,7 @@ <parent> <groupId>MOA</groupId> <artifactId>id</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <groupId>MOA.id</groupId> <artifactId>moa-spss-container</artifactId> @@ -38,6 +38,17 @@ <layout>default</layout> <url>https://git.egiz.gv.at/EAAF-Components/plain/eaaf_modules/eaaf_module_moa-sig/repository</url> </repository> + <repository> + <id>egiz-commons</id> + <url>https://apps.egiz.gv.at/maven</url> + <releases> + <enabled>true</enabled> + <checksumPolicy>ignore</checksumPolicy> + </releases> + <snapshots> + <enabled>false</enabled> + </snapshots> + </repository> </repositories> <build> @@ -57,37 +68,37 @@ <dependencies> <dependency> - <groupId>MOA.spss.server</groupId> - <artifactId>moa-sig-lib</artifactId> - <version>3.1.3</version> - <exclusions> - <exclusion> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </exclusion> - <exclusion> - <artifactId>*</artifactId> - <groupId>axis</groupId> - </exclusion> - </exclusions> + <groupId>moaSig</groupId> + <artifactId>moa-sig-lib</artifactId> + <version>3.1.4</version> + <exclusions> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + <exclusion> + <artifactId>*</artifactId> + <groupId>axis</groupId> + </exclusion> + </exclusions> </dependency> <!-- MOA-SPSS 3.x --> <dependency> - <groupId>MOA.spss</groupId> - <artifactId>common</artifactId> - <version>3.1.3</version> + <groupId>moaSig</groupId> + <artifactId>common</artifactId> + <version>3.1.4</version> </dependency> <dependency> - <groupId>MOA.spss</groupId> - <artifactId>tsl_lib</artifactId> - <version>2.0.3</version> + <groupId>at.gv.egovernment.moa.sig</groupId> + <artifactId>tsl-lib</artifactId> + <version>2.0.5</version> </dependency> <dependency> <groupId>iaik.prod</groupId> <artifactId>iaik_cms</artifactId> - <version>5.1</version> + <version>5.1.1</version> </dependency> <dependency> <groupId>iaik.prod</groupId> @@ -129,7 +140,7 @@ <dependency> <groupId>iaik.prod</groupId> <artifactId>iaik_moa</artifactId> - <version>2.06</version> + <version>2.07</version> </dependency> <dependency> <groupId>iaik.prod</groupId> @@ -162,8 +173,10 @@ <version>2.14_moa</version> </dependency> - - + <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + </dependency> <dependency> <groupId>javax.mail</groupId> diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 1522121d2..658dab494 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>MOA</groupId> <artifactId>id</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <modelVersion>4.0.0</modelVersion> @@ -19,7 +19,7 @@ </properties> <build> - <finalName>oa</finalName> + <finalName>moa-id-oa</finalName> <plugins> <!-- <plugin> <groupId>org.codehaus.mojo</groupId> @@ -43,8 +43,8 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> - <source>1.7</source> - <target>1.7</target> + <source>1.8</source> + <target>1.8</target> </configuration> </plugin> </plugins> @@ -98,10 +98,18 @@ <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> </dependency> - <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-log4j12</artifactId> - </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-1.2-api</artifactId> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-to-slf4j</artifactId> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </dependency> <dependency> <groupId>MOA.id.server</groupId> diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java index 07edb250d..5db37d2f7 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java @@ -35,7 +35,6 @@ import java.util.Timer; import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.HttpClient; -import org.apache.log4j.Logger; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.xml.parse.BasicParserPool; @@ -45,11 +44,10 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.MetaDataVerificationFilter; import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class Configuration { - - private static final Logger log = Logger.getLogger(Configuration.class); private Properties props; private static final String SYSTEM_PROP_CONFIG = "moa.id.demoOA"; diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index d4c67cfae..040ec330c 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -48,12 +48,10 @@ import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; -import org.opensaml.saml2.common.Extensions; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.Issuer; -import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDPolicy; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; @@ -64,12 +62,10 @@ import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.io.Unmarshaller; import org.opensaml.xml.io.UnmarshallingException; -import org.opensaml.xml.schema.XSAny; import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; @@ -82,296 +78,299 @@ import org.xml.sax.SAXException; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; -import at.gv.egiz.eaaf.core.impl.utils.EAAFDomEntityResolver; import at.gv.egovernment.moa.id.demoOA.Configuration; import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; - - /** * Servlet implementation class Authenticate */ public class Authenticate extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = LoggerFactory - .getLogger(Authenticate.class); - - /** - * @see HttpServlet#HttpServlet() - */ - public Authenticate() { - super(); - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - try { - builder = factory.newDocumentBuilder(); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 AuthenticationServlet can not be initialized.", e); - } - } - - DocumentBuilder builder; - - - //generate AuthenticationRequest - protected void process(HttpServletRequest request, - HttpServletResponse response, Map<String,String> legacyParameter) throws ServletException, IOException { - try { - - Configuration config = Configuration.getInstance(); - config.initializePVP2Login(); - - AuthnRequest authReq = SAML2Utils - .createSAMLObject(AuthnRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - authReq.setID(gen.generateIdentifier()); - - String relayState = String.valueOf(RandomUtils.nextLong()); - - if (config.useRedirectBindingResponse()) - authReq.setAssertionConsumerServiceIndex(1); - else - authReq.setAssertionConsumerServiceIndex(0); - - authReq.setAttributeConsumingServiceIndex(0); - - authReq.setIssueInstant(new DateTime()); + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(Authenticate.class); + + /** + * @see HttpServlet#HttpServlet() + */ + public Authenticate() { + super(); + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + builder = factory.newDocumentBuilder(); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 AuthenticationServlet can not be initialized.", e); + } + } + + DocumentBuilder builder; + + // generate AuthenticationRequest + protected void process(HttpServletRequest request, + HttpServletResponse response, Map<String, String> legacyParameter) throws ServletException, + IOException { + try { + + final Configuration config = Configuration.getInstance(); + config.initializePVP2Login(); + + AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + final String relayState = String.valueOf(RandomUtils.nextLong()); + + if (config.useRedirectBindingResponse()) { + authReq.setAssertionConsumerServiceIndex(1); + } else { + authReq.setAssertionConsumerServiceIndex(0); + } + + authReq.setAttributeConsumingServiceIndex(0); + + authReq.setIssueInstant(new DateTime()); // Subject subject = SAML2Utils.createSAMLObject(Subject.class); // NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - //name.setValue(serviceURL); - issuer.setValue(serviceURL); - + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + // name.setValue(serviceURL); + issuer.setValue(serviceURL); + // subject.setNameID(name); // authReq.setSubject(subject); - issuer.setFormat(NameIDType.ENTITY); - authReq.setIssuer(issuer); - - if (config.setNameIdPolicy()) { - NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(true); - policy.setFormat(NameID.PERSISTENT); - authReq.setNameIDPolicy(policy); - } - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - //select authentication-service url from metadata - SingleSignOnService redirectEndpoint = null; - for (SingleSignOnService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && !config.useRedirectBindingRequest()) { - redirectEndpoint = sss; - } - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && config.useRedirectBindingRequest()) { - redirectEndpoint = sss; - } - - } - - if (redirectEndpoint == null) { - log.warn("Can not find valid EndPoint for SAML2 response"); - throw new ConfigurationException("Can not find valid EndPoint for SAML2 response"); - - } - - authReq.setDestination(redirectEndpoint.getLocation()); - - //authReq.setDestination("http://test.test.test"); - - if (config.setAuthnContextClassRef()) { - RequestedAuthnContext reqAuthContext = - SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - AuthnContextClassRef authnClassRef = - SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) { - authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue()); - - } else { - authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); - - } - - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); - authReq.setRequestedAuthnContext(reqAuthContext); - } - - if (StringUtils.isNotEmpty(config.getScopeRequesterId())) { - Scoping scope = SAML2Utils.createSAMLObject(Scoping.class); - RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class); - requesterId.setRequesterID(config.getScopeRequesterId()); - scope.getRequesterIDs().add(requesterId ); - authReq.setScoping(scope ); - - } - - if (config.isEidasProxySimulatorEnabled()) { - authReq = injectEidasMsProxyAttributes(request, authReq); - - } - - - //sign authentication request - KeyStore keyStore = config.getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(authcredential); - authReq.setSignature(signer); - - - if (!config.useRedirectBindingRequest()) { - //generate Http-POST Binding message - VelocityEngine engine = new VelocityEngine(); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); - engine.setProperty("classpath.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); - engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, - "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); - engine.init(); - - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "templates/pvp_postbinding_template.html"); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - service.setLocation(redirectEndpoint.getLocation());; - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(authReq); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(relayState); - encoder.encode(context); - - } else { - //generate Redirect Binding message - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - service.setLocation(redirectEndpoint.getLocation()); - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(authReq); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(relayState); - encoder.encode(context); - - } - - } catch (Exception e) { - log.warn("Authentication Request can not be generated", e); - throw new ServletException("Authentication Request can not be generated.", e); - } - } - - - private AuthnRequest injectEidasMsProxyAttributes(HttpServletRequest request, AuthnRequest authReq) - throws SAXException, IOException, ParserConfigurationException, MarshallingException, UnmarshallingException { - - //build extension from template - String xmlTemplate = IOUtils.toString( - Authenticate.class.getResourceAsStream("/templates/reqAttributes.xml"), - StandardCharsets.UTF_8); - - String target = EAAFConstants.URN_PREFIX_EIDAS + "AT+" + getParameterOrDefault(request, "eidasCountry", "DE"); - String loa = EAAFConstants.EIDAS_LOA_PREFIX + getParameterOrDefault(request, "loa", "high"); - String eidasConnector = "https://simple.test/" + getParameterOrDefault(request, "eidasIdPostfix", "test"); - String xmlString = MessageFormat.format(xmlTemplate, target, loa, eidasConnector); + issuer.setFormat(NameIDType.ENTITY); + authReq.setIssuer(issuer); + + if (config.setNameIdPolicy()) { + final NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameIDType.PERSISTENT); + authReq.setNameIDPolicy(policy); + } + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + // select authentication-service url from metadata + SingleSignOnService redirectEndpoint = null; + for (final SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleSignOnServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && !config + .useRedirectBindingRequest()) { + redirectEndpoint = sss; + } + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && config + .useRedirectBindingRequest()) { + redirectEndpoint = sss; + } + + } + + if (redirectEndpoint == null) { + log.warn("Can not find valid EndPoint for SAML2 response"); + throw new ConfigurationException("Can not find valid EndPoint for SAML2 response"); + + } + + authReq.setDestination(redirectEndpoint.getLocation()); + + // authReq.setDestination("http://test.test.test"); + + if (config.setAuthnContextClassRef()) { + final RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + final AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) { + authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue()); + + } else { + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + } + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + authReq.setRequestedAuthnContext(reqAuthContext); + } + + if (StringUtils.isNotEmpty(config.getScopeRequesterId())) { + final Scoping scope = SAML2Utils.createSAMLObject(Scoping.class); + final RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class); + requesterId.setRequesterID(config.getScopeRequesterId()); + scope.getRequesterIDs().add(requesterId); + authReq.setScoping(scope); + + } + + if (config.isEidasProxySimulatorEnabled()) { + authReq = injectEidasMsProxyAttributes(request, authReq); + + } + + // sign authentication request + final KeyStore keyStore = config.getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(authcredential); + authReq.setSignature(signer); + + if (!config.useRedirectBindingRequest()) { + // generate Http-POST Binding message + final VelocityEngine engine = new VelocityEngine(); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + engine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); + engine.init(); + + final HTTPPostEncoder encoder = new HTTPPostEncoder(engine, + "templates/pvp_postbinding_template.html"); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); + service.setLocation(redirectEndpoint.getLocation()); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(authReq); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + encoder.encode(context); + + } else { + // generate Redirect Binding message + final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(redirectEndpoint.getLocation()); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(authReq); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + encoder.encode(context); + + } + + } catch (final Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + private AuthnRequest injectEidasMsProxyAttributes(HttpServletRequest request, AuthnRequest authReq) + throws SAXException, IOException, ParserConfigurationException, MarshallingException, + UnmarshallingException { + + // build extension from template + final String xmlTemplate = IOUtils.toString( + Authenticate.class.getResourceAsStream("/templates/reqAttributes.xml"), + StandardCharsets.UTF_8); + + final String target = EAAFConstants.URN_PREFIX_EIDAS + "AT+" + getParameterOrDefault(request, + "eidasCountry", "DE"); + final String loa = EAAFConstants.EIDAS_LOA_PREFIX + getParameterOrDefault(request, "loa", "high"); + final String eidasConnector = "https://simple.test/" + getParameterOrDefault(request, "eidasIdPostfix", + "test"); + final String xmlString = MessageFormat.format(xmlTemplate, target, loa, eidasConnector); log.debug("Formated requested attributes: " + xmlString); - - Document extension = DOMUtils.parseDocument(xmlString, false, null, null); - - - //marshalle, inject, and unmarshalle request to set extension - //TODO: find better solution, be it is good enough for a first simple test + + final Document extension = DOMUtils.parseDocument(xmlString, false, null, null); + + // marshalle, inject, and unmarshalle request to set extension + // TODO: find better solution, be it is good enough for a first simple test DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - Marshaller out = org.opensaml.Configuration.getMarshallerFactory().getMarshaller(authReq); + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(authReq); out.marshall(authReq, document); - - Node extElement = document.importNode(extension.getDocumentElement(), true); - //document.getDocumentElement().appendChild(extElement); + + final Node extElement = document.importNode(extension.getDocumentElement(), true); + // document.getDocumentElement().appendChild(extElement); document.getDocumentElement().insertBefore(extElement, document.getChildNodes().item(2)); - - Unmarshaller in = org.opensaml.Configuration.getUnmarshallerFactory().getUnmarshaller(document.getDocumentElement()); + + final Unmarshaller in = org.opensaml.xml.Configuration.getUnmarshallerFactory().getUnmarshaller(document + .getDocumentElement()); return (AuthnRequest) in.unmarshall(document.getDocumentElement()); - + } - - + private String getParameterOrDefault(HttpServletRequest request, String paramName, String defaultValue) { - String reqParam = request.getParameter(paramName); + final String reqParam = request.getParameter(paramName); if (MiscUtil.isEmpty(reqParam)) { return defaultValue; - + } else { return reqParam; - + } - + } + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response, null); + } /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response, null); - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response, null); - } + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response, null); + } } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java index d28f94fd6..005291082 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java @@ -42,7 +42,6 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; -import org.apache.log4j.Logger; import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; @@ -75,267 +74,263 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.AttributeListBuilder; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class BuildMetadata extends HttpServlet { - Logger log = Logger.getLogger(BuildMetadata.class); - - private static final long serialVersionUID = 1L; - - private static final int VALIDUNTIL_IN_HOURS = 24; - - /** - * @see HttpServlet#HttpServlet() - */ - public BuildMetadata() { - super(); - } - - protected static Signature getSignature(Credential credentials) { - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); - return signer; - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - Configuration config = Configuration.getInstance(); - - SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); - - EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. - createSAMLObject(EntitiesDescriptor.class); - - DateTime date = new DateTime(); - spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); - - String name = config.getPVP2MetadataEntitiesName(); - if (MiscUtil.isEmpty(name)) { - log.info("NO Metadata EntitiesName configurated"); - throw new ConfigurationException("NO Metadata EntitiesName configurated"); - } - - spEntitiesDescriptor.setName(name); - spEntitiesDescriptor.setID(idGen.generateIdentifier()); - - //set period of validity for metadata information - DateTime validUntil = new DateTime(); - spEntitiesDescriptor.setValidUntil(validUntil.plusDays(7)); - - - EntityDescriptor spEntityDescriptor = SAML2Utils - .createSAMLObject(EntityDescriptor.class); - - spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); - - spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); - - //set OA-ID (PublicURL Prefix) as identifier - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - - log.debug("Set OnlineApplicationURL to " + serviceURL); - spEntityDescriptor.setEntityID(serviceURL); - - SPSSODescriptor spSSODescriptor = SAML2Utils - .createSAMLObject(SPSSODescriptor.class); - - spSSODescriptor.setAuthnRequestsSigned(true); - spSSODescriptor.setWantAssertionsSigned(true); - - X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); - keyInfoFactory.setEmitEntityCertificate(true); - KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - - - KeyStore keyStore = config.getPVP2KeyStore(); - - X509Credential signingcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreMetadataKeyAlias(), - config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); - - - log.debug("Set Metadata key information"); - //Set MetaData Signing key - KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); - entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); - Signature entitiesSignature = getSignature(signingcredential); - spEntitiesDescriptor.setSignature(entitiesSignature); - - - //Set AuthRequest Signing certificate - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); - - spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - - //set AuthRequest encryption certificate - if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias()) || - MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyPassword())) { - X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - KeyDescriptor encryKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - encryKeyDescriptor.setUse(UsageType.ENCRYPTION); - encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); - - //set encryption methode + + private static final long serialVersionUID = 1L; + + private static final int VALIDUNTIL_IN_HOURS = 24; + + /** + * @see HttpServlet#HttpServlet() + */ + public BuildMetadata() { + super(); + } + + protected static Signature getSignature(Credential credentials) { + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + final Configuration config = Configuration.getInstance(); + + final SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); + + final EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + + final DateTime date = new DateTime(); + spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); + + final String name = config.getPVP2MetadataEntitiesName(); + if (MiscUtil.isEmpty(name)) { + log.info("NO Metadata EntitiesName configurated"); + throw new ConfigurationException("NO Metadata EntitiesName configurated"); + } + + spEntitiesDescriptor.setName(name); + spEntitiesDescriptor.setID(idGen.generateIdentifier()); + + // set period of validity for metadata information + final DateTime validUntil = new DateTime(); + spEntitiesDescriptor.setValidUntil(validUntil.plusDays(7)); + + final EntityDescriptor spEntityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); + + spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); + + // set OA-ID (PublicURL Prefix) as identifier + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + + log.debug("Set OnlineApplicationURL to " + serviceURL); + spEntityDescriptor.setEntityID(serviceURL); + + final SPSSODescriptor spSSODescriptor = SAML2Utils + .createSAMLObject(SPSSODescriptor.class); + + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(true); + + final X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitEntityCertificate(true); + final KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + final KeyStore keyStore = config.getPVP2KeyStore(); + + final X509Credential signingcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreMetadataKeyAlias(), + config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); + + log.debug("Set Metadata key information"); + // Set MetaData Signing key + final KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); + entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); + final Signature entitiesSignature = getSignature(signingcredential); + spEntitiesDescriptor.setSignature(entitiesSignature); + + // Set AuthRequest Signing certificate + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + final KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + // set AuthRequest encryption certificate + if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias()) || + MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyPassword())) { + final X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + final KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + + // set encryption methode // EncryptionMethod encMethode = SAML2Utils.createSAMLObject(EncryptionMethod.class); -// encMethode.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM); +// encMethode.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM); // encryKeyDescriptor.getEncryptionMethods().add(encMethode); -// +// // EncryptionMethod keyencMethode = SAML2Utils.createSAMLObject(EncryptionMethod.class); -// keyencMethode.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); +// keyencMethode.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); // encryKeyDescriptor.getEncryptionMethods().add(keyencMethode); - - spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); - - } else { - log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); - - } - - - NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); - - spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); - - NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - transientnameIDFormat.setFormat(NameIDType.TRANSIENT); - - spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); - - NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); - - spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); - - //set HTTP-POST Binding assertion consumer service - AssertionConsumerService postassertionConsumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - postassertionConsumerService.setIndex(0); - postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); - spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); - - //set HTTP-Redirect Binding assertion consumer service - AssertionConsumerService redirectassertionConsumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - redirectassertionConsumerService.setIndex(1); - redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - redirectassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); - spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); - - //set Single Log-Out service - SingleLogoutService sloService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - sloService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - sloService.setLocation(serviceURL + Constants.SERVLET_PVPSINGLELOGOUT); - spSSODescriptor.getSingleLogoutServices().add(sloService); - - spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); - - AttributeConsumingService attributeService = - SAML2Utils.createSAMLObject(AttributeConsumingService.class); - - attributeService.setIndex(0); - attributeService.setIsDefault(true); - ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); - serviceName.setName(new LocalizedString("Default Service", "de")); - attributeService.getNames().add(serviceName); - - //set attributes which are requested - attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); - spSSODescriptor.getAttributeConsumingServices().add(attributeService); - - - //build metadata - DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - - builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - Marshaller out = org.opensaml.Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor); - out.marshall(spEntitiesDescriptor, document); - - Signer.signObject(entitiesSignature); - - Transformer transformer = TransformerFactory.newInstance().newTransformer(); - - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(document); - transformer.transform(source, sr); - sw.close(); - - String metadataXML = sw.toString(); - - response.setContentType("text/xml"); - response.getOutputStream().write(metadataXML.getBytes()); - - response.getOutputStream().close(); - - } catch (ConfigurationException e) { - log.warn("Configuration can not be loaded.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (NoSuchAlgorithmException e) { - log.warn("Requested Algorithm could not found.", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerFactoryConfigurationError e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - - } catch (TransformerException e) { - log.warn("PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - catch (Exception e) { - log.warn("Unspecific PVP2 Metadata createn error", e); - throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); - } - - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - } + + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + final NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); + + spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); + + final NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientnameIDFormat.setFormat(NameIDType.TRANSIENT); + + spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); + + final NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); + + // set HTTP-POST Binding assertion consumer service + final AssertionConsumerService postassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + // set HTTP-Redirect Binding assertion consumer service + final AssertionConsumerService redirectassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + redirectassertionConsumerService.setIndex(1); + redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + redirectassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); + spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); + + // set Single Log-Out service + final SingleLogoutService sloService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + sloService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + sloService.setLocation(serviceURL + Constants.SERVLET_PVPSINGLELOGOUT); + spSSODescriptor.getSingleLogoutServices().add(sloService); + + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); + + final AttributeConsumingService attributeService = + SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + final ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "de")); + attributeService.getNames().add(serviceName); + + // set attributes which are requested + attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); + spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + // build metadata + DocumentBuilder builder; + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + + builder = factory.newDocumentBuilder(); + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + spEntitiesDescriptor); + out.marshall(spEntitiesDescriptor, document); + + Signer.signObject(entitiesSignature); + + final Transformer transformer = TransformerFactory.newInstance().newTransformer(); + + final StringWriter sw = new StringWriter(); + final StreamResult sr = new StreamResult(sw); + final DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + final String metadataXML = sw.toString(); + + response.setContentType("text/xml"); + response.getOutputStream().write(metadataXML.getBytes()); + + response.getOutputStream().close(); + + } catch (final ConfigurationException e) { + log.warn("Configuration can not be loaded.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final NoSuchAlgorithmException e) { + log.warn("Requested Algorithm could not found.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerFactoryConfigurationError e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (final TransformerException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + catch (final Exception e) { + log.warn("Unspecific PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + } }
\ No newline at end of file diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index e36a880ba..e4acd8152 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.apache.log4j.Logger; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; @@ -41,6 +40,7 @@ import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; +import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeStatement; import org.opensaml.saml2.core.EncryptedAssertion; @@ -84,263 +84,285 @@ import at.gv.egovernment.moa.id.demoOA.Constants; import at.gv.egovernment.moa.id.demoOA.PVPConstants; import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class DemoApplication extends HttpServlet { - Logger log = Logger.getLogger(DemoApplication.class); - - private static final long serialVersionUID = -2129228304760706063L; - - - - private void process(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - - ApplicationBean bean = new ApplicationBean(); - - log.debug("Receive request on secure-area endpoint ..."); - - String method = request.getMethod(); - HttpSession session = request.getSession(); - if (session == null) { - log.info("NO HTTP Session"); - bean.setErrorMessage("NO HTTP session"); - setAnser(request, response, bean); - return; - } - - try { - Configuration config = Configuration.getInstance(); - Response samlResponse = null; - - if (method.equals("GET")) { - log.debug("Find possible SAML2 Redirect-Binding response ..."); - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool()); - BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); - - messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - - messageContext.setMetadataProvider(config.getMetaDataProvier()); - - MetadataCredentialResolver resolver = new MetadataCredentialResolver(config.getMetaDataProvier()); - List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( - resolver, keyInfoResolver); - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(engine); - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); - SecurityPolicyResolver resolver1 = new StaticSecurityPolicyResolver(policy); - messageContext.setSecurityPolicyResolver(resolver1); - - decode.decode(messageContext); - - log.info("PVP2 Assertion with Redirect-Binding is valid"); - - } else if (method.equals("POST")) { - log.debug("Find possible SAML2 Post-Binding response ..."); - //Decode with HttpPost Binding - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - request)); - decode.decode(messageContext); - - samlResponse = (Response) messageContext.getInboundMessage(); - - Signature sign = samlResponse.getSignature(); - if (sign == null) { - log.info("Only http POST Requests can be used"); - bean.setErrorMessage("Only http POST Requests can be used"); - setAnser(request, response, bean); - return; - } - - //Validate Signature - SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); - profileValidator.validate(sign); - - //Verify Signature - List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - - MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory(); - MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier()); - - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); - criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); - criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); - - ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver); - trustEngine.validate(sign, criteriaSet); - - log.info("PVP2 Assertion with POST-Binding is valid"); - - } else { - bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); - setAnser(request, response, bean); - return; - - } - - - if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); - - //check encrypted Assertion - List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions(); - if (encryAssertionList != null && encryAssertionList.size() > 0) { - //decrypt assertions - - log.debug("Found encryped assertion. Start decryption ..."); - - KeyStore keyStore = config.getPVP2KeyStore(); - - X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), - config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); - - - StaticKeyInfoCredentialResolver skicr = - new StaticKeyInfoCredentialResolver(authDecCredential); - - ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); - encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); - - Decrypter samlDecrypter = - new Decrypter(null, skicr, encryptedKeyResolver); - - for (EncryptedAssertion encAssertion : encryAssertionList) { - saml2assertions.add(samlDecrypter.decrypt(encAssertion)); - - } - - log.debug("Assertion decryption finished. "); - - } else { - saml2assertions = samlResponse.getAssertions(); - - } - - samlResponse.getAssertions().clear(); - samlResponse.getAssertions().addAll(saml2assertions); - - //set assertion - org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); - String assertion = DOMUtils.serializeNode(doc); - bean.setAssertion(assertion); - - String principleId = null; - String givenName = null; - String familyName = null; - String birthday = null; - - for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { - - try { - principleId = saml2assertion.getSubject().getNameID().getValue(); - - } catch (Exception e) { - log.warn("Can not read SubjectNameId", e); - } - - //loop through the nodes to get what we want - List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); - for (int i = 0; i < attributeStatements.size(); i++) - { - List<Attribute> attributes = attributeStatements.get(i).getAttributes(); - for (int x = 0; x < attributes.size(); x++) - { - String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); - - if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) - familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) - givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - - if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) { - birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); - } - } - } - request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT, - saml2assertion.getSubject().getNameID().getFormat()); - request.getSession().setAttribute(Constants.SESSION_NAMEID, - saml2assertion.getSubject().getNameID().getValue()); - - } - - bean.setPrincipleId(principleId); - bean.setDateOfBirth(birthday); - bean.setFamilyName(familyName); - bean.setGivenName(givenName); - bean.setLogin(true); - - setAnser(request, response, bean); - return; - - - } else { - bean.setErrorMessage("Der Anmeldevorgang wurde abgebrochen.<br>Eine genaue Beschreibung des Fehlers finden Sie in der darunterliegenden Assertion."); - setAnser(request, response, bean); - return; - - } - - } catch (Exception e) { - log.warn(e); - bean.setErrorMessage("Internal Error: " + e.getMessage()); - setAnser(request, response, bean); - return; - } - - } - - private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) throws ServletException, IOException { - // store bean in session - request.setAttribute("answers", answersBean); - - // you now can forward to some view, for example some results.jsp - request.getRequestDispatcher("demoapp.jsp").forward(request, response); - - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response); - } - - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response); - } + + private static final long serialVersionUID = -2129228304760706063L; + + private void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + final ApplicationBean bean = new ApplicationBean(); + + log.debug("Receive request on secure-area endpoint ..."); + + final String method = request.getMethod(); + final HttpSession session = request.getSession(); + if (session == null) { + log.info("NO HTTP Session"); + bean.setErrorMessage("NO HTTP session"); + setAnser(request, response, bean); + return; + } + + try { + final Configuration config = Configuration.getInstance(); + Response samlResponse = null; + + if (method.equals("GET")) { + log.debug("Find possible SAML2 Redirect-Binding response ..."); + final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool()); + final BasicSAMLMessageContext<Response, ?, ?> messageContext = + new BasicSAMLMessageContext<>(); + + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + messageContext.setMetadataProvider(config.getMetaDataProvier()); + + final MetadataCredentialResolver resolver = new MetadataCredentialResolver(config + .getMetaDataProvier()); + final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + final ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( + resolver, keyInfoResolver); + + final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + engine); + final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); + final BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); + final SecurityPolicyResolver resolver1 = new StaticSecurityPolicyResolver(policy); + messageContext.setSecurityPolicyResolver(resolver1); + + decode.decode(messageContext); + + log.info("PVP2 Assertion with Redirect-Binding is valid"); + + } else if (method.equals("POST")) { + log.debug("Find possible SAML2 Post-Binding response ..."); + // Decode with HttpPost Binding + final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + final BasicSAMLMessageContext<Response, ?, ?> messageContext = + new BasicSAMLMessageContext<>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + request)); + decode.decode(messageContext); + + samlResponse = (Response) messageContext.getInboundMessage(); + + final Signature sign = samlResponse.getSignature(); + if (sign == null) { + log.info("Only http POST Requests can be used"); + bean.setErrorMessage("Only http POST Requests can be used"); + setAnser(request, response, bean); + return; + } + + // Validate Signature + final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + profileValidator.validate(sign); + + // Verify Signature + final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + final MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory + .getFactory(); + final MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config + .getMetaDataProvier()); + + final CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, + SAMLConstants.SAML20P_NS)); + criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); + criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); + + final ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine( + credentialResolver, keyInfoResolver); + trustEngine.validate(sign, criteriaSet); + + log.info("PVP2 Assertion with POST-Binding is valid"); + + } else { + bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); + setAnser(request, response, bean); + return; + + } + + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + final List<org.opensaml.saml2.core.Assertion> saml2assertions = + new ArrayList<>(); + + // check encrypted Assertion + final List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions(); + if (encryAssertionList != null && encryAssertionList.size() > 0) { + // decrypt assertions + + log.debug("Found encryped assertion. Start decryption ..."); + + final KeyStore keyStore = config.getPVP2KeyStore(); + + final X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + + final StaticKeyInfoCredentialResolver skicr = + new StaticKeyInfoCredentialResolver(authDecCredential); + + final ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); + encryptedKeyResolver.getResolverChain().add(new InlineEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver()); + encryptedKeyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver()); + + final Decrypter samlDecrypter = + new Decrypter(null, skicr, encryptedKeyResolver); + + for (final EncryptedAssertion encAssertion : encryAssertionList) { + final Assertion decryptedAssertion = samlDecrypter.decrypt(encAssertion); + samlResponse.getAssertions().add(decryptedAssertion); + log.debug("Decrypted Assertion: " + DOMUtils.serializeNode(SAML2Utils.asDOMDocument( + decryptedAssertion))); + + } + + log.debug("Assertion decryption finished. "); + + } else { + log.debug("Assertiojn is not encryted. Use it as it is"); + + } + + // set assertion + final org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); + final String assertion = DOMUtils.serializeNode(doc); + bean.setAssertion(assertion); + + String principleId = null; + String givenName = null; + String familyName = null; + String birthday = null; + + log.debug("Find #" + samlResponse.getAssertions().size() + " assertions after decryption"); + + for (final org.opensaml.saml2.core.Assertion saml2assertion : samlResponse.getAssertions()) { + + try { + principleId = saml2assertion.getSubject().getNameID().getValue(); + + } catch (final Exception e) { + log.warn("Can not read SubjectNameId", e); + } + + // loop through the nodes to get what we want + final List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); + for (final AttributeStatement attributeStatement : attributeStatements) { + final List<Attribute> attributes = attributeStatement.getAttributes(); + for (final Attribute attribute : attributes) { + + final String strAttributeName = attribute.getName(); + + log.debug("Find attribute with name: " + strAttributeName + " and value: " + + attribute.getAttributeValues().get(0).getDOM().getNodeValue()); + + if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { + familyName = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + + if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { + givenName = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + + if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) { + birthday = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + + if (strAttributeName.equals(PVPConstants.BPK_NAME)) { + principleId = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); + + } + } + } + request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT, + saml2assertion.getSubject().getNameID().getFormat()); + request.getSession().setAttribute(Constants.SESSION_NAMEID, + saml2assertion.getSubject().getNameID().getValue()); + + } + + bean.setPrincipleId(principleId); + bean.setDateOfBirth(birthday); + bean.setFamilyName(familyName); + bean.setGivenName(givenName); + bean.setLogin(true); + + setAnser(request, response, bean); + return; + + } else { + bean.setErrorMessage( + "Der Anmeldevorgang wurde abgebrochen.<br>Eine genaue Beschreibung des Fehlers finden Sie in der darunterliegenden Assertion."); + setAnser(request, response, bean); + return; + + } + + } catch (final Exception e) { + log.warn(e.getMessage(), e); + bean.setErrorMessage("Internal Error: " + e.getMessage()); + setAnser(request, response, bean); + return; + } + + } + + private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) + throws ServletException, IOException { + // store bean in session + request.setAttribute("answers", answersBean); + + // you now can forward to some view, for example some results.jsp + request.getRequestDispatcher("demoapp.jsp").forward(request, response); + + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response); + } } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java index bac3e1949..1b0eb35c9 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java @@ -90,241 +90,240 @@ import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; +public class Index extends HttpServlet { + private static final long serialVersionUID = -2129228304760706063L; + private static final Logger log = LoggerFactory + .getLogger(Index.class); -public class Index extends HttpServlet { + private void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + final ApplicationBean bean = new ApplicationBean(); + + final String method = request.getMethod(); + final HttpSession session = request.getSession(); + if (session == null) { + log.info("NO HTTP Session"); + bean.setErrorMessage("NO HTTP session"); + setAnser(request, response, bean); + return; + } + + if (method.equals("GET")) { + try { + final Configuration config = Configuration.getInstance(); + + // Decode with HttpPost Binding + final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + final BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = + new BasicSAMLMessageContext<>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(request)); + + decode.decode(messageContext); + + messageContext.setMetadataProvider(config.getMetaDataProvier()); + final CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, + SAMLConstants.SAML20P_NS)); + criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); + criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); + + final MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory + .getFactory(); + final MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config + .getMetaDataProvier()); + + // Verify Signature + final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + final ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine( + credentialResolver, keyInfoResolver); + + final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + trustEngine); + final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); + final BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); + final SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setSecurityPolicyResolver(resolver); + + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + signatureRule.evaluate(messageContext); + + final SignableXMLObject samlResponse = (SignableXMLObject) messageContext.getInboundMessage(); + + log.info("PVP2 statusrequest or statusresponse is valid"); + + if (samlResponse instanceof LogoutResponse) { + + final LogoutResponse sloResp = (LogoutResponse) samlResponse; + + // set assertion + final org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); + final String assertion = DOMUtils.serializeNode(doc); + bean.setAssertion(assertion); + + if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + bean.setSuccessMessage("Der Single Log-Out Vorgang konnte erfolgreich durchgeführt werden."); + + setAnser(request, response, bean); + return; + + } else { + bean.setErrorMessage( + "Der Single Log-Out Vorgang war nicht erfolgreich.<br>Bitte schließen Sie aus sicherheitsgründen den Browser!"); + setAnser(request, response, bean); + return; + + } + + } else if (samlResponse instanceof LogoutRequest) { + // invalidate user session + request.getSession().invalidate(); + + // build LogOutResponse + final LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloResp.setID(gen.generateIdentifier()); + sloResp.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloResp.setIssuer(issuer); + + final Status status = SAML2Utils.createSAMLObject(Status.class); + sloResp.setStatus(status); + final StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + statusCode.setValue(StatusCode.SUCCESS_URI); + status.setStatusCode(statusCode); + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + // select authentication-service url from metadata + SingleLogoutService redirectEndpoint = null; + for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleLogoutServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + redirectEndpoint = sss; + } + } + sloResp.setDestination(redirectEndpoint.getLocation()); + + // sign authentication request + final KeyStore keyStore = config.getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(authcredential); + sloResp.setSignature(signer); + + final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); + service.setLocation(redirectEndpoint.getLocation()); + + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(sloResp); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(messageContext.getRelayState()); + + encoder.encode(context); + + } else { + bean.setErrorMessage("Kein gültiger LogOut Request oder LogOut Response"); + setAnser(request, response, bean); + return; + + } + + } catch (final Exception e) { + log.warn("Internal error", e); + bean.setErrorMessage("Internal Error: " + e.getMessage()); + setAnser(request, response, bean); + return; + } + + } else { + bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); + setAnser(request, response, bean); + return; + + } + } + + private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) + throws ServletException, IOException { + // store bean in session + request.setAttribute("answers", answersBean); + + // you now can forward to some view, for example some results.jsp + request.getRequestDispatcher("demoapp.jsp").forward(request, response); + + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response); + } - private static final long serialVersionUID = -2129228304760706063L; - private static final Logger log = LoggerFactory - .getLogger(Index.class); - - - private void process(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - - ApplicationBean bean = new ApplicationBean(); - - - String method = request.getMethod(); - HttpSession session = request.getSession(); - if (session == null) { - log.info("NO HTTP Session"); - bean.setErrorMessage("NO HTTP session"); - setAnser(request, response, bean); - return; - } - - if (method.equals("GET")) { - try { - Configuration config = Configuration.getInstance(); - - //Decode with HttpPost Binding - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( - new BasicParserPool()); - BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter(request)); - - decode.decode(messageContext); - - messageContext.setMetadataProvider(config.getMetaDataProvier()); - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); - criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); - criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); - - MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory(); - MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier()); - - //Verify Signature - List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); - keyInfoProvider.add(new DSAKeyValueProvider()); - keyInfoProvider.add(new RSAKeyValueProvider()); - keyInfoProvider.add(new InlineX509DataProvider()); - - KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( - keyInfoProvider); - - - ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver); - - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - trustEngine); - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); - SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setSecurityPolicyResolver(resolver); - - messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - - signatureRule.evaluate(messageContext); - - SignableXMLObject samlResponse = (SignableXMLObject) messageContext.getInboundMessage(); - - - - log.info("PVP2 statusrequest or statusresponse is valid"); - - - if (samlResponse instanceof LogoutResponse) { - - LogoutResponse sloResp = (LogoutResponse) samlResponse; - - //set assertion - org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); - String assertion = DOMUtils.serializeNode(doc); - bean.setAssertion(assertion); - - if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - bean.setSuccessMessage("Der Single Log-Out Vorgang konnte erfolgreich durchgeführt werden."); - - setAnser(request, response, bean); - return; - - } else { - bean.setErrorMessage("Der Single Log-Out Vorgang war nicht erfolgreich.<br>Bitte schließen Sie aus sicherheitsgründen den Browser!"); - setAnser(request, response, bean); - return; - - } - - } else if (samlResponse instanceof LogoutRequest) { - //invalidate user session - request.getSession().invalidate(); - - //build LogOutResponse - LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloResp.setID(gen.generateIdentifier()); - sloResp.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloResp.setIssuer(issuer); - - Status status = SAML2Utils.createSAMLObject(Status.class); - sloResp.setStatus(status); - StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); - statusCode.setValue(StatusCode.SUCCESS_URI); - status.setStatusCode(statusCode ); - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - //select authentication-service url from metadata - SingleLogoutService redirectEndpoint = null; - for (SingleLogoutService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - redirectEndpoint = sss; - } - } - sloResp.setDestination(redirectEndpoint.getLocation()); - - //sign authentication request - KeyStore keyStore = config.getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(authcredential); - sloResp.setSignature(signer); - - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response, true); - BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - service.setLocation(redirectEndpoint.getLocation());; - - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(sloResp); - context.setOutboundMessageTransport(responseAdapter); - context.setRelayState(messageContext.getRelayState()); - - encoder.encode(context); - - } else { - bean.setErrorMessage("Kein gültiger LogOut Request oder LogOut Response"); - setAnser(request, response, bean); - return; - - } - - - } catch (Exception e) { - log.warn("Internal error", e); - bean.setErrorMessage("Internal Error: " + e.getMessage()); - setAnser(request, response, bean); - return; - } - - } else { - bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); - setAnser(request, response, bean); - return; - - } - } - - private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) throws ServletException, IOException { - // store bean in session - request.setAttribute("answers", answersBean); - - // you now can forward to some view, for example some results.jsp - request.getRequestDispatcher("demoapp.jsp").forward(request, response); - - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response); - } - - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response); - } + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response); + } } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java index 9bd0ff2e3..49d7b2cc6 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java @@ -62,156 +62,158 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; - /** * Servlet implementation class Authenticate */ public class SingleLogOut extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = LoggerFactory - .getLogger(SingleLogOut.class); - - /** - * @see HttpServlet#HttpServlet() - */ - public SingleLogOut() { - super(); - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - try { - builder = factory.newDocumentBuilder(); - - } catch (ParserConfigurationException e) { - log.warn("PVP2 AuthenticationServlet can not be initialized.", e); - } - } - - DocumentBuilder builder; - - - //generate AuthenticationRequest - protected void process(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - try { - - Configuration config = Configuration.getInstance(); - config.initializePVP2Login(); - - String nameIDFormat = (String) request.getSession().getAttribute(Constants.SESSION_NAMEIDFORMAT); - String nameID = (String) request.getSession().getAttribute(Constants.SESSION_NAMEID); - - if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { - log.warn("No user information found. Single Log-Out not possible"); - throw new ServletException("No user information found. Single Log-Out not possible"); - - } else - log.info("Fount user information for user nameID: " + nameID - + " , nameIDFormat: " + nameIDFormat - + ". Build Single Log-Out request ..."); - - //invalidate local session - request.getSession().invalidate(); - - //build Single LogOut request - LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - sloReq.setID(gen.generateIdentifier()); - sloReq.setIssueInstant(new DateTime()); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - issuer.setFormat(NameIDType.ENTITY); - sloReq.setIssuer(issuer); - - NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); - sloReq.setNameID(userNameID); - userNameID.setFormat(nameIDFormat); - userNameID.setValue(nameID); - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - //get IDP metadata from metadataprovider - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - //select authentication-service url from metadata - SingleLogoutService redirectEndpoint = null; - for (SingleLogoutService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - redirectEndpoint = sss; - } - } - sloReq.setDestination(redirectEndpoint.getLocation()); - - //sign authentication request - KeyStore keyStore = config.getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( - keyStore, - config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(authcredential); - sloReq.setSignature(signer); - - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - response - , true); - BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - service.setLocation(redirectEndpoint.getLocation()); - context.setOutboundSAMLMessageSigningCredential(authcredential); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(sloReq); - context.setOutboundMessageTransport(responseAdapter); - - encoder.encode(context); - - } catch (Exception e) { - log.warn("Authentication Request can not be generated", e); - throw new ServletException("Authentication Request can not be generated.", e); - } - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response); - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response); - } + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(SingleLogOut.class); + + /** + * @see HttpServlet#HttpServlet() + */ + public SingleLogOut() { + super(); + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + builder = factory.newDocumentBuilder(); + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 AuthenticationServlet can not be initialized.", e); + } + } + + DocumentBuilder builder; + + // generate AuthenticationRequest + protected void process(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + + final Configuration config = Configuration.getInstance(); + config.initializePVP2Login(); + + final String nameIDFormat = (String) request.getSession().getAttribute(Constants.SESSION_NAMEIDFORMAT); + final String nameID = (String) request.getSession().getAttribute(Constants.SESSION_NAMEID); + + if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) { + log.warn("No user information found. Single Log-Out not possible"); + throw new ServletException("No user information found. Single Log-Out not possible"); + + } else { + log.info("Fount user information for user nameID: " + nameID + + " , nameIDFormat: " + nameIDFormat + + ". Build Single Log-Out request ..."); + } + + // invalidate local session + request.getSession().invalidate(); + + // build Single LogOut request + final LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + sloReq.setID(gen.generateIdentifier()); + sloReq.setIssueInstant(new DateTime()); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + issuer.setFormat(NameIDType.ENTITY); + sloReq.setIssuer(issuer); + + final NameID userNameID = SAML2Utils.createSAMLObject(NameID.class); + sloReq.setNameID(userNameID); + userNameID.setFormat(nameIDFormat); + userNameID.setValue(nameID); + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + // get IDP metadata from metadataprovider + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + // select authentication-service url from metadata + SingleLogoutService redirectEndpoint = null; + for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleLogoutServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + redirectEndpoint = sss; + } + } + sloReq.setDestination(redirectEndpoint.getLocation()); + + // sign authentication request + final KeyStore keyStore = config.getPVP2KeyStore(); + final X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + final Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(authcredential); + sloReq.setSignature(signer); + + final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = + new BasicSAMLMessageContext<>(); + final SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(redirectEndpoint.getLocation()); + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(sloReq); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + + } catch (final Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response); + } } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java index 1dcc66a56..9dc0d1d6f 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java @@ -47,19 +47,19 @@ public class AttributeListBuilder implements PVPConstants{ //select PVP2 attributes which are needed for this application - requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(BPK_NAME, BPK_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false)); - requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, false)); - requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(MANDATE_FULL_MANDATE_NAME, MANDATE_FULL_MANDATE_FRIENDLY_NAME, false)); diff --git a/id/oa/src/main/resources/logback.xml b/id/oa/src/main/resources/logback.xml new file mode 100644 index 000000000..b94b7476a --- /dev/null +++ b/id/oa/src/main/resources/logback.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + <appender name="DEMO_SP" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-demo-sp.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>1</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-demo-sp.%i.gz</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTrimoa-demo-spggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern> + </encoder> + </appender> + + <logger name="at.gv.egovernment.moa.id.demoOA" level="info"> + <appender-ref ref="DEMO_SP"/> + </logger> + + <root level="warn"> + <appender-ref ref="stdout"/> + </root> +</configuration> diff --git a/id/pom.xml b/id/pom.xml index 84506b71c..95dd3a3f5 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/id/readme_4.1.6-RC1.txt b/id/readme_4.1.6-RC1.txt new file mode 100644 index 000000000..d3388ce82 --- /dev/null +++ b/id/readme_4.1.6-RC1.txt @@ -0,0 +1,573 @@ +=============================================================================== +MOA ID Version Release 4.1.6-RC1 - Wichtige Informationen zur Installation +=============================================================================== + +------------------------------------------------------------------------------- +A. Neuerungen/Änderungen +------------------------------------------------------------------------------- + +Mit MOA ID Version 4.1.6 unterstützt MOA-ID nun wieder Authentifizierung mittels +Bürgerkarte, Handy-Signatur oder eIDAS als auch den Betrieb als SAML1 Proxy zum +zentralen E-ID System entsprechend dem neuen elektronischen Identitätsnachweis. +Im Detail umfasst das folgende Neuerungen und Änderungen (siehe auch +history.txt im gleichen Verzeichnis). + + - Änderungen + - Aktualisierung von Dritthersteller Bibliotheken + +Hinweis: Vor einem Parallelbetrieb von MOA-ID und MOA-SPSS als eigenständige Web-Applikationen in der gleichen + Apache Tomcat Instanz wird seit Java >= 9 abgeraten da es potentiell zu Problem mit dem Java Classloader + im Tomcat Appliactionsserver kommen kann. + + +------------------------------------------------------------------------------- +B. Durchführung eines Updates +------------------------------------------------------------------------------- + +Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch +eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher +MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend +angebebenen Updateschritte. + +Hinweis: Die bestehende Konfiguration von MOA-ID 3.x.x kann weitestgehend +übernommen werden da mit dem Update auf die Version 4.0.x viele Konfigurationsparameter +nicht mehr erforderlich sind und somit (sofern vorhanden) ignoriert werden. Somit ist +ein Löschen der bestehenden Konfiguration nicht zwingend notwendig. +Für den Betrieb als E-ID Proxy muss in diesem Fall nur die Konfiguration für das das neue +E-ID Proxy Authentifizierungsmodul hinzugefügt wurde. + +Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 4.0.x +reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export +Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden. +Diese Datei dient dann als Basis für den Import in MOA-ID 4.0.x. + +............................................................................... +B.0 Durchführung eines Updates von Version 4.1.5 auf Version 4.1.6 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.1 Durchführung eines Updates von Version 4.1.2 auf Version 4.1.6 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +6.1 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +6.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + > -Dhttp.nonProxyHosts= + +7. Neue Zertifikate für die Anbindung an das E-ID System +7.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.2 Durchführung eines Updates von Version 4.1.x auf Version 4.1.6 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +7.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +7.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +7.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +8. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +9. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und für die Anbindung an das E-ID System +9.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +9.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + + +11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.3 Durchführung eines Updates von Version 4.0.0 auf Version 4.1.6 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +10. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und die Anbindung an das E-ID System +10.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +10.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +11. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.4 Durchführung eines Updates von Version 3.4.x auf Version 4.1.6 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + <cfg:Id>eid_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.5 Durchführung eines Updates von Version 3.x.x auf Version 4.1.6 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + + 5.3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + + 5.4 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das + Verzeichnis CATALINA_HOME_ID\endorsed. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + <cfg:Id>eid_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + + +12. Optionale Updates: +12.1. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect' + sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber + für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer + Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'. + Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch: + a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + +13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + + +............................................................................... +B.6 Durchführung eines Updates von Version < 3.0.0 +............................................................................... + +Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen +Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter +Zuhilfenahme Ihrer bisherigen Konfiguration an. + diff --git a/id/readme_4.1.6.txt b/id/readme_4.1.6.txt new file mode 100644 index 000000000..15973c13d --- /dev/null +++ b/id/readme_4.1.6.txt @@ -0,0 +1,574 @@ +=============================================================================== +MOA ID Version Release 4.1.6 - Wichtige Informationen zur Installation +=============================================================================== + +------------------------------------------------------------------------------- +A. Neuerungen/Änderungen +------------------------------------------------------------------------------- + +Mit MOA ID Version 4.1.6 unterstützt MOA-ID nun wieder Authentifizierung mittels +Bürgerkarte, Handy-Signatur oder eIDAS als auch den Betrieb als SAML1 Proxy zum +zentralen E-ID System entsprechend dem neuen elektronischen Identitätsnachweis. +Im Detail umfasst das folgende Neuerungen und Änderungen (siehe auch +history.txt im gleichen Verzeichnis). + + - Änderungen + - Erfordert mindestens Java 8 + - Aktualisierung von Dritthersteller Bibliotheken + +Hinweis: Vor einem Parallelbetrieb von MOA-ID und MOA-SPSS als eigenständige Web-Applikationen in der gleichen + Apache Tomcat Instanz wird seit Java >= 9 abgeraten da es potentiell zu Problem mit dem Java Classloader + im Tomcat Appliactionsserver kommen kann. + + +------------------------------------------------------------------------------- +B. Durchführung eines Updates +------------------------------------------------------------------------------- + +Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch +eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher +MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend +angebebenen Updateschritte. + +Hinweis: Die bestehende Konfiguration von MOA-ID 3.x.x kann weitestgehend +übernommen werden da mit dem Update auf die Version 4.0.x viele Konfigurationsparameter +nicht mehr erforderlich sind und somit (sofern vorhanden) ignoriert werden. Somit ist +ein Löschen der bestehenden Konfiguration nicht zwingend notwendig. +Für den Betrieb als E-ID Proxy muss in diesem Fall nur die Konfiguration für das das neue +E-ID Proxy Authentifizierungsmodul hinzugefügt wurde. + +Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 4.0.x +reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export +Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden. +Diese Datei dient dann als Basis für den Import in MOA-ID 4.0.x. + +............................................................................... +B.0 Durchführung eines Updates von Version 4.1.5 auf Version 4.1.6 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.1 Durchführung eines Updates von Version 4.1.2 auf Version 4.1.6 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +6.1 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +6.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + > -Dhttp.nonProxyHosts= + +7. Neue Zertifikate für die Anbindung an das E-ID System +7.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.2 Durchführung eines Updates von Version 4.1.x auf Version 4.1.6 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +7.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +7.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +7.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +8. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +9. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und für die Anbindung an das E-ID System +9.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +9.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + + +11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.3 Durchführung eines Updates von Version 4.0.0 auf Version 4.1.6 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +10. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und die Anbindung an das E-ID System +10.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +10.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +11. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.4 Durchführung eines Updates von Version 3.4.x auf Version 4.1.6 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + <cfg:Id>eid_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.5 Durchführung eines Updates von Version 3.x.x auf Version 4.1.6 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + + 5.3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + + 5.4 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das + Verzeichnis CATALINA_HOME_ID\endorsed. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + <cfg:Id>eid_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + + +12. Optionale Updates: +12.1. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect' + sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber + für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer + Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'. + Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch: + a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + +13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + + +............................................................................... +B.6 Durchführung eines Updates von Version < 3.0.0 +............................................................................... + +Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen +Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter +Zuhilfenahme Ihrer bisherigen Konfiguration an. + diff --git a/id/readme_4.1.7.txt b/id/readme_4.1.7.txt new file mode 100644 index 000000000..a39ad572b --- /dev/null +++ b/id/readme_4.1.7.txt @@ -0,0 +1,574 @@ +=============================================================================== +MOA ID Version Release 4.1.7 - Wichtige Informationen zur Installation +=============================================================================== + +------------------------------------------------------------------------------- +A. Neuerungen/Änderungen +------------------------------------------------------------------------------- + +Mit MOA ID Version 4.1.7 unterstützt MOA-ID nun wieder Authentifizierung mittels +Bürgerkarte, Handy-Signatur oder eIDAS als auch den Betrieb als SAML1 Proxy zum +zentralen E-ID System entsprechend dem neuen elektronischen Identitätsnachweis. +Im Detail umfasst das folgende Neuerungen und Änderungen (siehe auch +history.txt im gleichen Verzeichnis). + + - Änderungen + - Erfordert mindestens Java 8 + - Aktualisierung von Dritthersteller Bibliotheken + +Hinweis: Vor einem Parallelbetrieb von MOA-ID und MOA-SPSS als eigenständige Web-Applikationen in der gleichen + Apache Tomcat Instanz wird seit Java >= 9 abgeraten da es potentiell zu Problem mit dem Java Classloader + im Tomcat Appliactionsserver kommen kann. + + +------------------------------------------------------------------------------- +B. Durchführung eines Updates +------------------------------------------------------------------------------- + +Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch +eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher +MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend +angebebenen Updateschritte. + +Hinweis: Die bestehende Konfiguration von MOA-ID 3.x.x kann weitestgehend +übernommen werden da mit dem Update auf die Version 4.0.x viele Konfigurationsparameter +nicht mehr erforderlich sind und somit (sofern vorhanden) ignoriert werden. Somit ist +ein Löschen der bestehenden Konfiguration nicht zwingend notwendig. +Für den Betrieb als E-ID Proxy muss in diesem Fall nur die Konfiguration für das das neue +E-ID Proxy Authentifizierungsmodul hinzugefügt wurde. + +Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 4.0.x +reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export +Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden. +Diese Datei dient dann als Basis für den Import in MOA-ID 4.0.x. + +............................................................................... +B.0 Durchführung eines Updates von Version 4.1.5 auf Version 4.1.7 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.1 Durchführung eines Updates von Version 4.1.2 auf Version 4.1.7 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +6.1 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +6.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + > -Dhttp.nonProxyHosts= + +7. Neue Zertifikate für die Anbindung an das E-ID System +7.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.2 Durchführung eines Updates von Version 4.1.x auf Version 4.1.7 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +7.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +7.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +7.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +8. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +9. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und für die Anbindung an das E-ID System +9.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +9.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + + +11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.3 Durchführung eines Updates von Version 4.0.0 auf Version 4.1.7 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +10. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und die Anbindung an das E-ID System +10.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +10.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +11. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.4 Durchführung eines Updates von Version 3.4.x auf Version 4.1.7 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + <cfg:Id>eid_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.5 Durchführung eines Updates von Version 3.x.x auf Version 4.1.7 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + + 5.3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + + 5.4 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das + Verzeichnis CATALINA_HOME_ID\endorsed. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + <cfg:Id>eid_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + + +12. Optionale Updates: +12.1. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect' + sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber + für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer + Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'. + Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch: + a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + +13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + + +............................................................................... +B.6 Durchführung eines Updates von Version < 3.0.0 +............................................................................... + +Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen +Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter +Zuhilfenahme Ihrer bisherigen Konfiguration an. + diff --git a/id/readme_4.2.0.txt b/id/readme_4.2.0.txt new file mode 100644 index 000000000..9e02a41d1 --- /dev/null +++ b/id/readme_4.2.0.txt @@ -0,0 +1,594 @@ +=============================================================================== +MOA ID Version Release 4.2.0 - Wichtige Informationen zur Installation +=============================================================================== + +------------------------------------------------------------------------------- +A. Neuerungen/Änderungen +------------------------------------------------------------------------------- + +Mit MOA ID Version 4.2.0 unterstützt MOA-ID nun wieder Authentifizierung mittels +Bürgerkarte, Handy-Signatur oder eIDAS als auch den Betrieb als SAML1 Proxy zum +zentralen E-ID System entsprechend dem neuen elektronischen Identitätsnachweis. +Im Detail umfasst das folgende Neuerungen und Änderungen (siehe auch +history.txt im gleichen Verzeichnis). + + - Änderungen + - Erfordert mindestens Java 8 + - Aktualisierung von Dritthersteller Bibliotheken + - Wechsel von log4j auf logback + +Hinweis: Vor einem Parallelbetrieb von MOA-ID und MOA-SPSS als eigenständige Web-Applikationen in der gleichen + Apache Tomcat Instanz wird seit Java >= 9 abgeraten da es potentiell zu Problem mit dem Java Classloader + im Tomcat Appliactionsserver kommen kann. + + +------------------------------------------------------------------------------- +B. Durchführung eines Updates +------------------------------------------------------------------------------- + +Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch +eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher +MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend +angebebenen Updateschritte. + +Hinweis: Die bestehende Konfiguration von MOA-ID 3.x.x kann weitestgehend +übernommen werden da mit dem Update auf die Version 4.0.x viele Konfigurationsparameter +nicht mehr erforderlich sind und somit (sofern vorhanden) ignoriert werden. Somit ist +ein Löschen der bestehenden Konfiguration nicht zwingend notwendig. +Für den Betrieb als E-ID Proxy muss in diesem Fall nur die Konfiguration für das das neue +E-ID Proxy Authentifizierungsmodul hinzugefügt wurde. + +Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 4.0.x +reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export +Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden. +Diese Datei dient dann als Basis für den Import in MOA-ID 4.0.x. + +............................................................................... +B.0 Durchführung eines Updates von Version 4.1.5 auf Version 4.2.0 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +7. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.1 Durchführung eines Updates von Version 4.1.2 auf Version 4.2.0 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +6.1 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +6.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= + > -Dhttp.nonProxyHosts= +6.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +7. Neue Zertifikate für die Anbindung an das E-ID System +7.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.2 Durchführung eines Updates von Version 4.1.x auf Version 4.2.0 +............................................................................... +1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +4 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr + unterstuetzt). + +5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +7.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +7.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +7.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= +7.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +8. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +9. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und für die Anbindung an das E-ID System +9.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +9.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + + +11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + +............................................................................... +B.3 Durchführung eines Updates von Version 4.0.0 auf Version 4.2.0 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.endpoint.appreginfo.enable +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.2 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= +8.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +9. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +10. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und die Anbindung an das E-ID System +10.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + +10.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +11. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode: + Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier + von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister + registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten + zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy + konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden. + Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B. + https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1) + einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt + werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1 + Authentifizierungsrequest verwendet werden (siehe Handbuch + https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth). + Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich. + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.4 Durchführung eines Updates von Version 3.4.x auf Version 4.2.0 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= +8.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + <cfg:Id>eid_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + +12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + +............................................................................... +B.5 Durchführung eines Updates von Version 3.x.x auf Version 4.2.0 +............................................................................... +1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export + Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export + dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt. + +2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird. + Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an. + +3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in + ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST + bezeichnet. + +4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth + beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps, + wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation + für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war + als auch das komplette Verzeichnis moa-id-auth. + +5 Umstellung auf Java JDK 9 + Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 + nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts + entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in + den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert. + Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen + Verzeichnissen abgelegt haben müssen diese aktualisiert werden: + + 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach. + + 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das + Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr + unterstuetzt). + + 5.3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis + CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach. + + 5.4 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das + Verzeichnis CATALINA_HOME_ID\endorsed. + +6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach + CATALINA_HOME_ID/webapps. + +7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach + CATALINA_HOME_ID/webapps. + +8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth + Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties +8.1 Anbindung an das zentrale E-ID System + > modules.eidproxyauth.keystore.path= + > modules.eidproxyauth.keystore.password= + > modules.eidproxyauth.metadata.sign.password=password + > modules.eidproxyauth.metadata.sign.alias=pvp_metadata + > modules.eidproxyauth.request.sign.password=password + > modules.eidproxyauth.request.sign.alias=pvp_assertion + > modules.eidproxyauth.response.encryption.password=password + > modules.eidproxyauth.response.encryption.alias=pvp_assertion + > modules.eidproxyauth.EID.trustprofileID=eid_metadata + > modules.eidproxyauth.endpoint.appreginfo.enable=true +8.2 SAML1 Requestparameter Validierung + >configuration.validate.saml1.parameter.strict +8.3 HTTP Proxy Konfiguration via JAVA System-Properties + > -Dhttp.proxyHost= + > -Dhttp.proxyPort= + > -Dhttp.proxyUser= + > -Dhttp.proxyPassword= +8.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des + Java Startparameters: + -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml + +9. Update der MOA-SPSS Konfiguration + a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse: + - CATALINA_HOME\conf\moa-spss + b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata + in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata + c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml + in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell + verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt: + ... + <cfg:Id>eid_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + ... + d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt + > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt + + e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer + > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer + + +10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool + Diese Schitte können erst nach der Installation und dem Start der Applikation + moa-id-configuration.war durchgeführt werden +10.1 Anbindung das zentrale E-ID System + a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten + IDPs des zentralen E-ID Systems + + b.) Auswahl des gewünschte EndPunkts je Online-Applikation + sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. + Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet + +11. Geänderte GUI Templates + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css + > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js + + +12. Optionale Updates: +12.1. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect' + sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber + für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer + Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'. + Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch: + a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties + moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect + advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties + hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver + +13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im + Logging von MOA ID beim Einlesen der Konfiguration. + + + +............................................................................... +B.6 Durchführung eines Updates von Version < 3.0.0 +............................................................................... + +Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen +Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter +Zuhilfenahme Ihrer bisherigen Konfiguration an. + diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 5a743549b..53cbacedf 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <modelVersion>4.0.0</modelVersion> @@ -207,7 +207,12 @@ <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-bkaMobilaAuthSAML2Test</artifactId> </dependency> - + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-dummy-authenticatiuon</artifactId> + </dependency> + <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-sl20_authentication</artifactId> @@ -223,6 +228,16 @@ <artifactId>moa-id-module-EID_connector</artifactId> </dependency> + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-ehvd_integration</artifactId> + </dependency> + + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </dependency> + <!-- <dependency> <groupId>org.apache.santuario</groupId> diff --git a/id/server/auth-edu/src/main/resources/logback.xml b/id/server/auth-edu/src/main/resources/logback.xml new file mode 100644 index 000000000..582f6d44c --- /dev/null +++ b/id/server/auth-edu/src/main/resources/logback.xml @@ -0,0 +1,79 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + <appender name="moaid" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-id.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>1</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-id.log.%i.gz</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="moaspss" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-spss.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>1</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-spss.log.%i.gz</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="reversion" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-id-reversion.log</File> + <encoder> + <pattern>%5p | %d{ISO8601} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>9999</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-id-reversion.log.%i.gz</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern> + </encoder> + </appender> + + <logger name="at.gv.egovernment.moa.id" level="info"> + <appender-ref ref="moaid"/> + </logger> + + <logger name="at.gv.egiz.eventlog.plain.all" level="info"> + <appender-ref ref="reversion"/> + </logger> + + <logger name="at.gv.egiz.eaaf" level="info"> + <appender-ref ref="moaid"/> + </logger> + <logger name="at.gv.egiz.components.configuration" level="info"> + <appender-ref ref="CONFIGTOOL"/> + </logger> + + <logger name="at.gv.egovernment.moa.spss" level="info"> + <appender-ref ref="moaspss"/> + </logger> + <logger name="pki" level="info"> + <appender-ref ref="moaspss"/> + </logger> + <logger name="iaik.server" level="info"> + <appender-ref ref="moaspss"/> + </logger> + + <root level="warn"> + <appender-ref ref="stdout"/> + </root> +</configuration> diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 72d5b51d7..e83448eec 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -2,7 +2,7 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <modelVersion>4.0.0</modelVersion> @@ -170,7 +170,16 @@ <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-EID_connector</artifactId> </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-ehvd_integration</artifactId> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + </dependency> <!-- transitive dependencies we don't want to include into the war --> <dependency> diff --git a/id/server/data/deploy/conf/moa-id/logback_config.xml b/id/server/auth-final/src/main/resources/logback.xml index fa221fbc2..0e86d3c68 100644 --- a/id/server/data/deploy/conf/moa-id/logback_config.xml +++ b/id/server/auth-final/src/main/resources/logback.xml @@ -1,12 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> - -<!-- For assistance related to logback-translator or configuration --> -<!-- files in general, please contact the logback user mailing list --> -<!-- at http://www.qos.ch/mailman/listinfo/logback-user --> -<!-- --> -<!-- For professional support please see --> -<!-- http://www.qos.ch/shop/products/professionalSupport --> -<!-- --> <configuration> <appender name="moaid" class="ch.qos.logback.core.rolling.RollingFileAppender"> <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> @@ -16,7 +8,7 @@ </encoder> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>1</maxIndex> - <FileNamePattern>${catalina.base}/logs/moa-id.log.%i</FileNamePattern> + <FileNamePattern>${catalina.base}/logs/moa-id.log.%i.gz</FileNamePattern> </rollingPolicy> <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <MaxFileSize>10000KB</MaxFileSize> @@ -30,7 +22,7 @@ </encoder> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>1</maxIndex> - <FileNamePattern>${catalina.base}/logs/moa-spss.log.%i</FileNamePattern> + <FileNamePattern>${catalina.base}/logs/moa-spss.log.%i.gz</FileNamePattern> </rollingPolicy> <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <MaxFileSize>10000KB</MaxFileSize> @@ -44,7 +36,7 @@ </encoder> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>1</maxIndex> - <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i</FileNamePattern> + <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i.gz</FileNamePattern> </rollingPolicy> <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <MaxFileSize>10000KB</MaxFileSize> @@ -52,13 +44,13 @@ </appender> <appender name="reversion" class="ch.qos.logback.core.rolling.RollingFileAppender"> <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> - <File>${catalina.base}/moa-id-reversion.log</File> + <File>${catalina.base}/logs/moa-id-reversion.log</File> <encoder> <pattern>%5p | %d{ISO8601} | %t | %m%n</pattern> </encoder> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>9999</maxIndex> - <FileNamePattern>${catalina.base}/moa-id-reversion.log.%i</FileNamePattern> + <FileNamePattern>${catalina.base}/logs/moa-id-reversion.log.%i.gz</FileNamePattern> </rollingPolicy> <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <MaxFileSize>10000KB</MaxFileSize> @@ -68,37 +60,40 @@ <encoder> <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern> </encoder> - </appender> - <logger name="at.gv.egiz.eaaf" level="info"> + </appender> + + <logger name="at.gv.egovernment.moa.id" level="info"> <appender-ref ref="moaid"/> </logger> - <logger name="at.gv.egovernment.moa.spss" level="info"> - <appender-ref ref="moaspss"/> - </logger> - <logger name="pki" level="info"> - <appender-ref ref="moaspss"/> - </logger> - <logger name="at.gv.egovernment.moa.id.commons" level="info"> - <appender-ref ref="CONFIGTOOL"/> + + <logger name="at.gv.egiz.eventlog.plain.all" level="info"> + <appender-ref ref="reversion"/> </logger> + <logger name="at.gv.egovernment.moa.id.configuration" level="info"> <appender-ref ref="CONFIGTOOL"/> </logger> - <logger name="at.gv.egiz.eventlog.plain.all" level="info"> - <appender-ref ref="reversion"/> - </logger> <logger name="at.gv.egovernment.moa.id.config.webgui" level="info"> <appender-ref ref="CONFIGTOOL"/> </logger> + + <logger name="at.gv.egiz.eaaf" level="info"> + <appender-ref ref="moaid"/> + </logger> <logger name="at.gv.egiz.components.configuration" level="info"> <appender-ref ref="CONFIGTOOL"/> </logger> - <logger name="at.gv.egovernment.moa.id" level="info"> - <appender-ref ref="moaid"/> + + <logger name="at.gv.egovernment.moa.spss" level="info"> + <appender-ref ref="moaspss"/> </logger> + <logger name="pki" level="info"> + <appender-ref ref="moaspss"/> + </logger> <logger name="iaik.server" level="info"> <appender-ref ref="moaspss"/> </logger> + <root level="warn"> <appender-ref ref="stdout"/> </root> diff --git a/id/server/data/deploy/conf/moa-id-configuration/logback.xml b/id/server/data/deploy/conf/moa-id-configuration/logback.xml new file mode 100644 index 000000000..fc7508598 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/logback.xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + <appender name="CONFIGTOOL" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-id-webgui.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>1</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i.gz</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern> + </encoder> + </appender> + + <logger name="at.gv.egovernment.moa.id.configuration" level="info"> + <appender-ref ref="CONFIGTOOL"/> + </logger> + <logger name="at.gv.egovernment.moa.id.config.webgui" level="info"> + <appender-ref ref="CONFIGTOOL"/> + </logger> + + <logger name="at.gv.egiz.eaaf" level="info"> + <appender-ref ref="moaid"/> + </logger> + <logger name="at.gv.egiz.components.configuration" level="info"> + <appender-ref ref="CONFIGTOOL"/> + </logger> + + <root level="warn"> + <appender-ref ref="stdout"/> + </root> +</configuration> diff --git a/id/server/data/deploy/conf/moa-id-configuration/logback_config.xml b/id/server/data/deploy/conf/moa-id-configuration/logback_config.xml deleted file mode 100644 index c00e62e52..000000000 --- a/id/server/data/deploy/conf/moa-id-configuration/logback_config.xml +++ /dev/null @@ -1,71 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> - -<!-- For assistance related to logback-translator or configuration --> -<!-- files in general, please contact the logback user mailing list --> -<!-- at http://www.qos.ch/mailman/listinfo/logback-user --> -<!-- --> -<!-- For professional support please see --> -<!-- http://www.qos.ch/shop/products/professionalSupport --> -<!-- --> -<configuration> - <!-- Errors were reported during translation. --> - <!-- No class found for appender CONFIGTOOL R --> - <!-- Could not find transformer for null --> - <appender name="R" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> - <File>${catalina.base}/logs/moa-id.log</File> - <encoder> - <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n</pattern> - </encoder> - <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>1</maxIndex> - <FileNamePattern>${catalina.base}/logs/moa-id.log.%i</FileNamePattern> - </rollingPolicy> - <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <MaxFileSize>10000KB</MaxFileSize> - </triggeringPolicy> - </appender> - <appender name="CONFIGTOOL R"> - <!--No layout specified for appender named [CONFIGTOOL R] of class [null]--> - </appender> - <appender name="CONFIGTOOL" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> - <File>${catalina.base}/logs/moa-id-webgui.log</File> - <encoder> - <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n</pattern> - </encoder> - <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <maxIndex>1</maxIndex> - <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i</FileNamePattern> - </rollingPolicy> - <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <MaxFileSize>10000KB</MaxFileSize> - </triggeringPolicy> - </appender> - <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n</pattern> - </encoder> - </appender> - <logger name="eu.stork" level="info"/> - <logger name="iaik.server" level="info"/> - <logger name="at.gv.egovernment.moa.id" level="info"> - <appender-ref ref="R"/> - </logger> - <logger name="at.gv.egovernment.moa.id.commons" level="info"> - <appender-ref ref="CONFIGTOOL R"/> - </logger> - <logger name="org.hibernate" level="warn"/> - <logger name="at.gv.egiz.components.configuration" level="info"> - <appender-ref ref="CONFIGTOOL"/> - </logger> - <logger name="at.gv.egovernment.moa.id.proxy" level="info"/> - <logger name="at.gv.egovernment.moa.id.config.webgui" level="info"> - <appender-ref ref="CONFIGTOOL"/> - </logger> - <logger name="at.gv.egovernment.moa.spss" level="info"/> - <logger name="at.gv.egovernment.moa" level="info"/> - <root level="info"> - <appender-ref ref="stdout"/> - </root> -</configuration> diff --git a/id/server/data/deploy/conf/moa-id-oa/logback.xml b/id/server/data/deploy/conf/moa-id-oa/logback.xml new file mode 100644 index 000000000..b94b7476a --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-oa/logback.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + <appender name="DEMO_SP" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-demo-sp.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>1</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-demo-sp.%i.gz</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTrimoa-demo-spggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern> + </encoder> + </appender> + + <logger name="at.gv.egovernment.moa.id.demoOA" level="info"> + <appender-ref ref="DEMO_SP"/> + </logger> + + <root level="warn"> + <appender-ref ref="stdout"/> + </root> +</configuration> diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties deleted file mode 100644 index 2914fcff1..000000000 --- a/id/server/data/deploy/conf/moa-id/log4j.properties +++ /dev/null @@ -1,62 +0,0 @@ -# commons-logging setup -org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory - -# define log4j root loggers -log4j.rootLogger=warn,stdout - -### MOA-ID process log ### -log4j.logger.at.gv.egiz.eaaf=info,moaid -log4j.logger.at.gv.egovernment.moa.id=info,moaid -log4j.logger.at.gv.egovernment.moa.spss=info,moaid - -### process revision log with event-codes ### -log4j.logger.at.gv.egiz.eventlog.plain.all=info,reversion - -### Signature verification and certificate proofing #### -log4j.logger.at.gv.egovernment.moa.spss=info,moaspss -log4j.logger.iaik.server=info,moaspss -log4j.logger.pki=info,moaspss - -### ConfigTool Logs #### -log4j.logger.at.gv.egiz.components.configuration=info,CONFIGTOOL -log4j.logger.at.gv.egovernment.moa.id.commons=info,CONFIGTOOL -log4j.logger.at.gv.egovernment.moa.id.config.webgui=info,CONFIGTOOL -log4j.logger.at.gv.egovernment.moa.id.configuration=info,CONFIGTOOL - - -### Log Appender #### -# configure the stdout appender -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n - -# configure the rolling file appender (moaid) -log4j.appender.moaid=org.apache.log4j.RollingFileAppender -log4j.appender.moaid.File=${catalina.base}/logs/moa-id.log -log4j.appender.moaid.MaxFileSize=10000KB -log4j.appender.moaid.MaxBackupIndex=1 -log4j.appender.moaid.layout=org.apache.log4j.PatternLayout -log4j.appender.moaid.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n - -# configure the rolling file appender (moaid) -log4j.appender.moaspss=org.apache.log4j.RollingFileAppender -log4j.appender.moaspss.File=${catalina.base}/logs/moa-spss.log -log4j.appender.moaspss.MaxFileSize=10000KB -log4j.appender.moaspss.MaxBackupIndex=1 -log4j.appender.moaspss.layout=org.apache.log4j.PatternLayout -log4j.appender.moaspss.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n - -log4j.appender.reversion=org.apache.log4j.RollingFileAppender -log4j.appender.reversion.File=${catalina.base}/moa-id-reversion.log -log4j.appender.reversion.MaxFileSize=10000KB -log4j.appender.reversion.MaxBackupIndex=9999 -log4j.appender.reversion.layout=org.apache.log4j.PatternLayout -log4j.appender.reversion.layout.ConversionPattern=%5p | %d{ISO8601} | %t | %m%n - -# configure the rolling file appender (configtool) -log4j.appender.CONFIGTOOL=org.apache.log4j.RollingFileAppender -log4j.appender.CONFIGTOOL.File=${catalina.base}/logs/moa-id-webgui.log -log4j.appender.CONFIGTOOL.MaxFileSize=10000KB -log4j.appender.CONFIGTOOL.MaxBackupIndex=1 -log4j.appender.CONFIGTOOL.layout=org.apache.log4j.PatternLayout -log4j.appender.CONFIGTOOL.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/logback.xml b/id/server/data/deploy/conf/moa-id/logback.xml new file mode 100644 index 000000000..3f0d54fe5 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/logback.xml @@ -0,0 +1,79 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + <appender name="moaid" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-id.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>1</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-id.log.%i.gz</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="moaspss" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-spss.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>1</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-spss.log.%i.gz</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="reversion" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/moa-id-reversion.log</File> + <encoder> + <pattern>%5p | %d{ISO8601} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>9999</maxIndex> + <FileNamePattern>${catalina.base}/moa-id-reversion.log.%i.gz</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern> + </encoder> + </appender> + + <logger name="at.gv.egovernment.moa.id" level="info"> + <appender-ref ref="moaid"/> + </logger> + + <logger name="at.gv.egiz.eventlog.plain.all" level="info"> + <appender-ref ref="reversion"/> + </logger> + + <logger name="at.gv.egiz.eaaf" level="info"> + <appender-ref ref="moaid"/> + </logger> + <logger name="at.gv.egiz.components.configuration" level="info"> + <appender-ref ref="CONFIGTOOL"/> + </logger> + + <logger name="at.gv.egovernment.moa.spss" level="info"> + <appender-ref ref="moaspss"/> + </logger> + <logger name="pki" level="info"> + <appender-ref ref="moaspss"/> + </logger> + <logger name="iaik.server" level="info"> + <appender-ref ref="moaspss"/> + </logger> + + <root level="warn"> + <appender-ref ref="stdout"/> + </root> +</configuration> diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 0a579a53d..03640b252 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -226,6 +226,14 @@ modules.elga_mandate.request.sign.password=password modules.elga_mandate.response.encryption.alias=pvp_assertion modules.elga_mandate.response.encryption.password=password +######## EHVD Service module +modules.ehvd.enabled=false +#modules.ehvd.sp.1= +#modules.ehvd.sp.2= +modules.ehvd.service.url= +modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$ +modules.ehvd.role.pvp=EPI-GDA() + ######## SSO Interfederation client module ######## modules.federatedAuth.keystore.path=keys/moa_idp[password].p12 modules.federatedAuth.keystore.password=password @@ -280,4 +288,4 @@ service.egovutil.szr.ssl.laxhostnameverification=false ## Additonal encryption keys can be added by add a ney configuration line, like ## configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG (VKZ='BMI', Public Target='T1') ######## -#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw...
\ No newline at end of file +#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw... diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20241209.SerNo165fb8.crt index ee17cdb80..ee17cdb80 100644 --- a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20241209.SerNo165fb8.crt diff --git a/id/server/data/deploy/tomcat/unix/tomcat-start.sh b/id/server/data/deploy/tomcat/unix/tomcat-start.sh index d717ecd25..0ad50ff0e 100644 --- a/id/server/data/deploy/tomcat/unix/tomcat-start.sh +++ b/id/server/data/deploy/tomcat/unix/tomcat-start.sh @@ -7,8 +7,7 @@ export CATALINA_BASE=$CATALINA_HOME FILE_ENCODING=-Dfile.encoding=UTF-8
RAND_FILE=-Djava.security.egd=file:///dev/urandom
-LOGGING_OPT=-Dlog4j.configuration=file:$CATALINA_BASE/conf/moa-id/log4j.properties
-LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback_config.xml
+LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml
CONFIG_OPT=-Dmoa.id.configuration=file:$CATALINA_BASE/conf/moa-id/moa-id.properties
SPSS_OPT=-Dmoa.spss.server.configuration=$CATALINA_BASE/conf/moa-spss/SampleMOASPSSConfiguration.xml
diff --git a/id/server/data/deploy/tomcat/win32/startTomcat.bat b/id/server/data/deploy/tomcat/win32/startTomcat.bat index afdd907c8..93eb3ea80 100644 --- a/id/server/data/deploy/tomcat/win32/startTomcat.bat +++ b/id/server/data/deploy/tomcat/win32/startTomcat.bat @@ -12,8 +12,7 @@ rem ---------------------------------------------------------------------------- set FILE_ENCODING=-Dfile.encoding=UTF-8
set RAND_FILE=-Djava.security.egd=file:///dev/urandom
-set LOGGING_OPT=-Dlog4j.configuration=file:%CATALINA_HOME%/conf/moa-id/log4j.properties
-set LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=%CATALINA_HOME%/conf/moa-id/logback_config.xml
+set LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=%CATALINA_HOME%/conf/moa-id/logback.xml
set CONFIG_OPT_SPSS=-Dmoa.spss.server.configuration=%CATALINA_HOME%/conf/moa-spss/SampleMOASPSSConfiguration.xml
set CONFIG_OPT_ID=-Dmoa.id.configuration=file:%CATALINA_HOME%/conf/moa-id/moa-id.properties
diff --git a/id/server/doc/handbook/install/install.html b/id/server/doc/handbook/install/install.html index f755fd782..1e55aed78 100644 --- a/id/server/doc/handbook/install/install.html +++ b/id/server/doc/handbook/install/install.html @@ -7,7 +7,7 @@ <link rel="stylesheet" href="../common/MOA.css" type="text/css"> <link href='https://fonts.googleapis.com/css?family=Roboto:300,400' rel='stylesheet' type='text/css'> </head> -<body link="#990000"> +<body link="#990000"> <div id="headline"> <div class="container"> <a href="http://www.digitales.oesterreich.gv.at/"><img src="../common/logo_digAT.png"/></a> @@ -16,65 +16,65 @@ </div> </div> <div class="container"> -<h1 align="center">Installation</h1> +<h1 align="center">Installation</h1> <h2>Inhalt</h2> - <ol class="index"> - <li> - <p><a href="#webservice">MOA-ID-Auth und MOA-ID-Configuration</a></p> - <ol> - <li><a href="#webservice_basisinstallation">Basisinstallation</a> - <ol> - <li><a href="#webservice_basisinstallation_einfuehrung">Einführung</a></li> - <li><a href="#webservice_basisinstallation_installation">Installation</a> - <ol> - <li><a href="#webservice_basisinstallation_installation_vorbereitung">Vorbereitung</a></li> - <li><a href="#webservice_basisinstallation_installation_tomcatconfig">Konfiguration von Apache Tomcat</a> - <ol> - <li><a href="#webservice_basisinstallation_installation_tomcatconfig_httpconn">Konfiguration des HTTP Connectors</a></li> - <li><a href="#webservice_basisinstallation_installation_tomcatconfig_httpsconn">Konfiguration des HTTPS Connectors</a></li> - </ol> - </li> + <ol class="index"> + <li> + <p><a href="#webservice">MOA-ID-Auth und MOA-ID-Configuration</a></p> + <ol> + <li><a href="#webservice_basisinstallation">Basisinstallation</a> + <ol> + <li><a href="#webservice_basisinstallation_einfuehrung">Einführung</a></li> + <li><a href="#webservice_basisinstallation_installation">Installation</a> + <ol> + <li><a href="#webservice_basisinstallation_installation_vorbereitung">Vorbereitung</a></li> + <li><a href="#webservice_basisinstallation_installation_tomcatconfig">Konfiguration von Apache Tomcat</a> + <ol> + <li><a href="#webservice_basisinstallation_installation_tomcatconfig_httpconn">Konfiguration des HTTP Connectors</a></li> + <li><a href="#webservice_basisinstallation_installation_tomcatconfig_httpsconn">Konfiguration des HTTPS Connectors</a></li> + </ol> + </li> <li><a href="#webservice_basisinstallation_installation_spssdeploy">Einsatz des Moduls MOA-ID-Auth in Tomcat</a></li> - <li><a href="#moa_id_configuration_deploy">Einsatz des Moduls MOA-ID-Configuration in Tomcat</a></li> - <li><a href="#webservice_basisinstallation_installation_tomcatstartstop">Starten und Stoppen von Tomcat</a> - <ol> - <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_windows">Unter Windows</a></li> - <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_unix">Unter Unix</a></li> - <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_verify">Prüfen des erfolgreichen Starts</a> </li> - </ol> - </li> - <li><a href="#webservice_basisinstallation_installation_changeonthefly">Änderung der Konfiguration im laufenden Betrieb</a></li> - </ol> - </li> - <li><a href="#webservice_basisinstallation_logging">Logging</a> - <ol> - <li><a href="#webservice_basisinstallation_logging_format">Format der Log-Meldungen</a></li> - <li><a href="#webservice_basisinstallation_logging_messages">Wichtige Log-Meldungen</a></li> - </ol> - </li> - </ol> - </li> - <li><a href="#webservice_erweiterungsmoeglichkeiten">Erweiterungsmöglichkeiten</a> <ol> - <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver">Vorgeschalteter Webserver</a> <ol> - <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis">Microsoft Internet Information Server (MS IIS)</a> <ol> - <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_jk">Konfiguration von <span class="term"> mod_jk</span> im MS IIS</a></li> - <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_tomcat">Konfiguration von Tomcat</a></li> - <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_ssl">Konfiguration von SSL</a></li> - </ol> - </li> - <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache">Apache</a> <ol> - <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_jk">Konfiguration von <span class="term"> mod_jk</span> im Apache </a></li> - <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_tomcat">Konfiguration von Tomcat</a></li> - <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_ssl">Konfiguration von SSL mit <span class="term">mod_SSL</span></a></li> - </ol> - </li> + <li><a href="#moa_id_configuration_deploy">Einsatz des Moduls MOA-ID-Configuration in Tomcat</a></li> + <li><a href="#webservice_basisinstallation_installation_tomcatstartstop">Starten und Stoppen von Tomcat</a> + <ol> + <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_windows">Unter Windows</a></li> + <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_unix">Unter Unix</a></li> + <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_verify">Prüfen des erfolgreichen Starts</a> </li> + </ol> + </li> + <li><a href="#webservice_basisinstallation_installation_changeonthefly">Änderung der Konfiguration im laufenden Betrieb</a></li> + </ol> + </li> + <li><a href="#webservice_basisinstallation_logging">Logging</a> + <ol> + <li><a href="#webservice_basisinstallation_logging_format">Format der Log-Meldungen</a></li> + <li><a href="#webservice_basisinstallation_logging_messages">Wichtige Log-Meldungen</a></li> + </ol> + </li> + </ol> + </li> + <li><a href="#webservice_erweiterungsmoeglichkeiten">Erweiterungsmöglichkeiten</a> <ol> + <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver">Vorgeschalteter Webserver</a> <ol> + <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis">Microsoft Internet Information Server (MS IIS)</a> <ol> + <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_jk">Konfiguration von <span class="term"> mod_jk</span> im MS IIS</a></li> + <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_tomcat">Konfiguration von Tomcat</a></li> + <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_ssl">Konfiguration von SSL</a></li> + </ol> + </li> + <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache">Apache</a> <ol> + <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_jk">Konfiguration von <span class="term"> mod_jk</span> im Apache </a></li> + <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_tomcat">Konfiguration von Tomcat</a></li> + <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_ssl">Konfiguration von SSL mit <span class="term">mod_SSL</span></a></li> + </ol> + </li> </ol> </li> </ol> </li> - </ol> + </ol> </ol> - <ol type="A" class="index"> + <ol type="A" class="index"> <li><a href="#referenzierte_software">Referenzierte Software</a></li> </ol> <h2><a name="uebersicht" id="uebersicht"></a>1 Übersicht</h2> @@ -95,7 +95,7 @@ <li><a href="#referenziertesoftware">Java SE Update SE 7 (neuestes Update) bzw. Java SE 8 (neuestes Update)</a><a href="#referenziertesoftware"></a></li> <li><a href="#referenziertesoftware">Apache Tomcat 7 (neuestes Update) bzw. Apache Tomcat 8</a><a href="#referenziertesoftware"> (neuestes Update)</a></li> </ul> - <p>In diesem Betriebs-Szenario wird das MOA-ID-Auth Webservice und das MOA-ID Konfigurationstool in Tomcat zum Einsatz gebracht. Beide Module können sowohl in derselben Tomcat-Instanz, als auch in separaten Tomcat-Instanzen betrieben werden. Für den Fall des separaten Betriebs muss die Installation auf beiden Tomcat-Instanzen ausgeführt werden. In beiden Fällen fungiert der Tomcat gleichzeitig als HTTP- und HTTPS-Endpunkt für beide Module. Beide Protokolle werden direkt in Tomcat konfiguriert, wobei MOA-ID-Auth und MOA-ID-Configuration Log4j als Logging Toolkit verwenden.</p> + <p>In diesem Betriebs-Szenario wird das MOA-ID-Auth Webservice und das MOA-ID Konfigurationstool in Tomcat zum Einsatz gebracht. Beide Module können sowohl in derselben Tomcat-Instanz, als auch in separaten Tomcat-Instanzen betrieben werden. Für den Fall des separaten Betriebs muss die Installation auf beiden Tomcat-Instanzen ausgeführt werden. In beiden Fällen fungiert der Tomcat gleichzeitig als HTTP- und HTTPS-Endpunkt für beide Module. Beide Protokolle werden direkt in Tomcat konfiguriert, wobei MOA-ID-Auth und MOA-ID-Configuration LogBack als Logging Toolkit verwenden.</p> <h4><a name="webservice_basisinstallation_installation" id="webservice_basisinstallation_installation"></a>2.1.2 Installation</h4> <h5><a name="webservice_basisinstallation_installation_vorbereitung" id="webservice_basisinstallation_installation_vorbereitung"></a>2.1.2.1 Vorbereitung</h5> <p>Die folgenden Schritte dienen der Vorbereitung der Installation.</p> @@ -108,9 +108,9 @@ <dd> Entpacken Sie die Datei <code>moa-id-auth-3.0.0.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_ID_AUTH_INST</code> bezeichnet. </dd> <dt>Installation der Kryptographiebibliotheken von SIC/IAIK</dt> <dd> - <p>Kopieren Sie alle Dateien aus dem Verzeichnis <code>$MOA_ID_AUTH_INST/ext</code> in das Verzeichnis <code>$JAVA_HOME/jre/lib/ext</code>. Zusätzlich müssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden <span class="term">Unlimited Strength - - + <p>Kopieren Sie alle Dateien aus dem Verzeichnis <code>$MOA_ID_AUTH_INST/ext</code> in das Verzeichnis <code>$JAVA_HOME/jre/lib/ext</code>. Zusätzlich müssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden <span class="term">Unlimited Strength + + Jurisdiction Policy Files</span> von der <a href="http://java.com/download" target="_blank">Java SE Downloadseite </a>und achten Sie darauf die für ihre verwendete Java SE Installation richtige Version zu nehmen. Anschließend folgen Sie der darin enthaltenen Installationsanweisung. </p> </dd> <dt>Installation einer Datenbank</dt> @@ -142,8 +142,7 @@ <li id="klein"><code>moa.id.configuration</code>: Pfad und Name der Basiskonfigurationsdatei für MOA-ID-Auth. Eine beispielhafte Konfigurationsdatei finden Sie <a href="../../../deploy/conf/moa-id/moa-id.properties">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li> <li><code>moa.spss.server.configuration</code>: Pfad und Name der zentralen Konfigurationsdatei für MOA SP/SS. Eine beispielhafte Konfigurationsdatei finden Sie <a href="../../../conf/moa-spss/SampleMOASPSSConfiguration.xml">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/conf</code> enthaltene Default-Konfiguration herangezogen.</li> <li><code>eu.stork.samlengine.config.location</code>: Pfad auf den Ordner mit den zentralen Konfigurationsdateien für STORK. Die Beispielkonfiguration für das Modul MOA-ID-Auth enthält bereits den<a href="../../../conf/moa-id/stork/"> Ordner für die STORK Konfiguration</a>. </li> - <li id="klein"><code>log4j.configuration</code>: URL der Log4j Konfigurationsdatei. Eine beispielhafte Log4j-Konfiguration finden Sie <a href="../../../conf/moa-id/log4j.properties">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen.</li> - <li><code>-Dlogback.configurationFile</code>: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie <a href="../../../conf/moa-id/logback_config.xml">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen. Überdies besteht die Möglichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu überführen (<a href="http://logback.qos.ch/translator/">http://logback.qos.ch/translator/</a>). </li> + <li><code>-Dlogback.configurationFile</code>: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie <a href="../../../conf/moa-id/logback.xml">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen. Überdies besteht die Möglichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu überführen (<a href="http://logback.qos.ch/translator/">http://logback.qos.ch/translator/</a>). </li> <li id="klein"><code>javax.net.ssl.trustStore</code>: Pfad und Dateiname des <span class="term">Truststores</span> für vertrauenswürdige SSL Zertifikate. Die SSL Serverzertifikate der Server von denen mittels https Dateien bezogen werden müssen im Truststore abgelegt werden. Ein relativer Pfad werden relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li> <li id="klein"><code>javax.net.ssl.trustStorePassword</code>: Passwort für den <span class="term">Truststore</span> (optional; nur, wenn SSL Client-Authentisierung durchgeführt werden soll). </li> <li id="klein"><code>javax.net.ssl.trustStoreType</code>: Truststore-Typ (optional; nur, wenn SSL Client-Authentisierung durchgeführt werden soll). Je nach verwendetem Keystore-Typ muss <code>jks</code> (<span class="term">Java Key Store</span>) oder <code>pkcs12</code> (PKCS#12-Datei) angegeben werden.</li> @@ -162,8 +161,7 @@ <ul> <li><code>moa.id.webconfig</code>: Pfad und Name der Basiskonfigurationsdatei für MOA-ID-Configuration. Eine beispielhafte Konfigurationsdatei finden Sie <a href="../../../conf/moa-id-configuration/moa-id-configtool.properties">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li> <li><code>user.properties</code>: Pfad und Name der Basiskonfigurationsdatei für das Usermanagement der Konfigurationsoberfläche. Eine beispielhafte Konfigurationsdatei finden Sie <a href="../../../conf/moa-id-configuration/userdatabase.properties">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li> - <li><code>log4j.configuration</code>: URL der Log4j Konfigurationsdatei. Eine beispielhafte Log4j-Konfiguration finden Sie <a href="../../../conf/moa-id/log4j.properties">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen.</li> - <li><code>logback.configurationFile</code>: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie <a href="../../../conf/moa-id/logback_config.xml">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen. Überdies besteht die Möglichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu überführen (<a href="http://logback.qos.ch/translator/">http://logback.qos.ch/translator/</a>).</li> + <li><code>logback.configurationFile</code>: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie <a href="../../../conf/moa-id/logback.xml">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen. Überdies besteht die Möglichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu überführen (<a href="http://logback.qos.ch/translator/">http://logback.qos.ch/translator/</a>).</li> <li><code>javax.net.ssl.trustStore</code>: Pfad und Dateiname des <span class="term">Truststores</span> für vertrauenswürdige SSL Zertifikate Die SSL Serverzertifikate der Server von denen mittels https Dateien bezogen werden müssen im Truststore abgelegt werden. Ein relativer Pfad werden relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li> <li><code>javax.net.ssl.trustStorePassword</code>: Passwort für den <span class="term">Truststore</span> (optional; nur, wenn SSL Client-Authentisierung durchgeführt werden soll). </li> <li><code>javax.net.ssl.trustStoreType</code>: Truststore-Typ (optional; nur, wenn SSL Client-Authentisierung durchgeführt werden soll). Je nach verwendetem Keystore-Typ muss <code>jks</code> (<span class="term">Java Key Store</span>) oder <code>pkcs12</code> (PKCS#12-Datei) angegeben werden.</li> @@ -187,7 +185,7 @@ gestartet werden. Das Stoppen von Tomcat erfolgt analog mit <p>Ein erfolgreicher Start des MOA-ID-Auth Modules ist an folgender Log-Meldung ersichtlich: <br> </p> </div> -<pre>32131 [localhost-startStop-1] INFO moa.id.auth - MOA ID Authentisierung wurde erfolgreich gestartet +<pre>32131 [localhost-startStop-1] INFO moa.id.auth - MOA ID Authentisierung wurde erfolgreich gestartet 32131 [localhost-startStop-1] INFO moa.id.auth - Dispatcher Servlet initialization finished.</pre> <p>Analog bei MOA-ID-Configuration</p> <pre>INFO | 21 10:16:22 | localhost-startStop-1 | Loading config module: MOAIDConfigurationModul</pre> @@ -203,7 +201,7 @@ https://<host>:<port>/moa-id-auth/ https://<host>:<port>/egiz-configuration-webapp/</pre> <p>Die Verfügbarkeit des Services können Sie einfach überprüfen, indem Sie die Endpunkte mit einem Web-Browser aufgerufen; dies sollte nach erfolgreichem Start zur Anzeige einer Informationsseite führen. </p> <h5><a name="webservice_basisinstallation_logging" id="webservice_basisinstallation_logging"></a>2.1.3 Logging </h5> -<p>Beide Module verwenden <a href="#referenziertesoftware">Log4j</a> für die Ausgabe von Log-Meldungen am Bildschirm bzw. in Log-Dateien. Log4j bietet zahlreiche Konfigurationsmöglichkeiten, die ausführlich im Log4j Handbuch beschrieben sind. Unter anderem gibt es die Möglichkeit, folgende Einstellungen vorzunehmen: +<p>Beide Module verwenden <a href="#referenziertesoftware">LobBack</a> für die Ausgabe von Log-Meldungen am Bildschirm bzw. in Log-Dateien. LogBack bietet zahlreiche Konfigurationsmöglichkeiten, die ausführlich im LogBack Handbuch beschrieben sind. Unter anderem gibt es die Möglichkeit, folgende Einstellungen vorzunehmen: <ul> <li id="klein"> <p>Das verwendete Log-Level (<code>DEBUG</code>, <code>INFO</code>, <code>WARN</code>, <code>ERROR</code>, <code>FATAL</code>);</p> @@ -229,16 +227,16 @@ https://<host>:<port>/egiz-configuration-webapp/</pre> </li> <li> <p><code>at.gv.egiz.eventlog.plain.all</code> für alle Log-Meldungen aus dem MOA-ID EventLog zur Revisionssicherung</p> - </li> + </li> <li> <p><code>iaik.server</code> für alle Log-Meldungen aus den SIC/IAIK Kryptographie-Modulen. </p> </li> </ul> -<p>Eine für beide Module passende Konfigurationsdatei für Log4j finden Sie <a href="../../../conf/moa-spss/log4j.properties">hier</a>. Wird diese Datei als Logging-Konfiguration verwendet, so werden alle Log-Meldungen sowohl in die Konsole, als auch in die Dateien <code>moa-id-auth.log</code> und <code>moa-id-configuration.log</code> geschrieben. </p> +<p>Wird diese Datei als Logging-Konfiguration verwendet, so werden alle Log-Meldungen sowohl in die Konsole, als auch in die Dateien <code>moa-id-auth.log</code> und <code>moa-id-configuration.log</code> geschrieben. </p> <h5><a name="webservice_basisinstallation_logging_format" id="webservice_basisinstallation_logging_format"></a>2.1.3.1 Format der Log-Meldungen</h5> - <p> Anhand einer konkreten Log-Meldung wird das Format der MOA SP/SS Log-Meldungen erläutert: </p> + <p> Anhand einer konkreten Log-Meldung wird das Format der MOA-ID-Meldungen erläutert: </p> <pre> - INFO | 2017-09-18 10:29:22,904 | SID-7947921060553739539 | TID-4708232418268334030 | https://sso.demosp.at/handysignatur + INFO | 2017-09-18 10:29:22,904 | SID-7947921060553739539 | TID-4708232418268334030 | https://sso.demosp.at/handysignatur | ajp-nio-28109-exec-7 | No SSO Session cookie found </pre> <p> Der Wert <code>INFO</code> besagt, dass die Log-Meldung im Log-Level <code>INFO</code> entstanden ist. Folgende Log-Levels existieren:</p> @@ -260,19 +258,19 @@ https://<host>:<port>/egiz-configuration-webapp/</pre> </li> </ul> <p>Der nächste Wert <code>01 21:25:26,540</code> gibt den Zeitpunkt an, zu dem die Log-Meldung generiert wurde (in diesem Fall den 1. Tag im aktuellen Monat, sowie die genaue Uhrzeit). </p> - <p>Der Wert <code>SID-7947921060553739539</code> bezeichnet die SessionID, welche diesem Request zugeordnet wurde. Eine SessionID ist innerhalb einer SSO auch über mehrere Authentifizierungsrequests eindeutig. Das Loggen der SessionID kann mittels <code>%X{sessionId}</code> in der log4j Konfiguration gesetzt werden</p> - <p>Der Wert <code>TID-4708232418268334030</code> bezeichnet die TransactionsID, welche diesem Request zugeordnet wurde. Eine TransactionsID ist innerhalb eines Authentifizierungsrequests eindeutig. Das Loggen der TransactionsID kann mittels <code>%X{transactionId}</code> in der log4j Konfiguration gesetzt werden</p> - <p>Der Wert <code>https://sso.demosp.at/handysignatur</code> bezeichnet die Online Applikation (eindeutiger Identifier dieses Service Providers) für welchen dieser Authentifizierungsrequest durchgeführt wird. Das Loggen des OA Identifiers kann mittels <code>%X{oaId}</code> in der log4j Konfiguration gesetzt werden</p> + <p>Der Wert <code>SID-7947921060553739539</code> bezeichnet die SessionID, welche diesem Request zugeordnet wurde. Eine SessionID ist innerhalb einer SSO auch über mehrere Authentifizierungsrequests eindeutig. Das Loggen der SessionID kann mittels <code>%X{sessionId}</code> in der LogBack Konfiguration gesetzt werden</p> + <p>Der Wert <code>TID-4708232418268334030</code> bezeichnet die TransactionsID, welche diesem Request zugeordnet wurde. Eine TransactionsID ist innerhalb eines Authentifizierungsrequests eindeutig. Das Loggen der TransactionsID kann mittels <code>%X{transactionId}</code> in der LogBack Konfiguration gesetzt werden</p> + <p>Der Wert <code>https://sso.demosp.at/handysignatur</code> bezeichnet die Online Applikation (eindeutiger Identifier dieses Service Providers) für welchen dieser Authentifizierungsrequest durchgeführt wird. Das Loggen des OA Identifiers kann mittels <code>%X{oaId}</code> in der LogBack Konfiguration gesetzt werden</p> <p>Der Wert <code>ajp-nio-28109-exec-7</code> bezeichnet den Thread, von dem die Anfrage bearbeitet wird.</p> <p> Der Rest der Zeile einer Log-Meldung ist der eigentliche Text, mit dem das System bestimmte Informationen anzeigt. Im Fehlerfall ist häufig ein Java Stack-Trace angefügt, der eine genauere Ursachen-Forschung ermöglicht.</p> <h5> <a name="webservice_basisinstallation_logging_messages" id="webservice_basisinstallation_logging_messages"></a>2.1.3.2 Wichtige Log-Meldungen</h5> <p> Neben den im Abschnitt <a href="#webservice_basisinstallation_installation_tomcatstartstop_verify">2.1.2.4.3</a> beschriebenen Log-Meldungen, die anzeigen, ob das Service ordnungsgemäß gestartet wurde, geben nachfolgenden Log-Meldungen Aufschluss über die Abarbeitung von Anfragen. </p> <p>Die Entgegennahme einer Anfrage wird angezeigt durch: - + </p> <pre>125690 [ajp-bio-129.27.142.119-38609-exec-1] INFO moa.id.auth - REQUEST: /moa-id-auth/dispatcher 125690 [ajp-bio-129.27.142.119-38609-exec-1] INFO moa.id.auth - QUERY : mod=id_pvp2x&action=Post&</pre> -<p>Ein Fehler beim Abarbeiten der Anfrage wird angezeigt durch: +<p>Ein Fehler beim Abarbeiten der Anfrage wird angezeigt durch: <pre>2435298 [ajp-bio-129.27.142.119-38609-exec-10] ERROR moa.id.auth - Failed to generate a valid protocol request!</pre> <div id="block"> <p>In diesem Fall gibt der mitgeloggte Stacktrace Auskunft über die Art des Fehlers.</p> @@ -319,7 +317,7 @@ https://<host>:<port>/egiz-configuration-webapp/</pre> <td>Java Standard Edition (Software Development Kit bzw. Java Runtime Environment) </td> </tr> <tr> - <td><a href="http://logging.apache.org/log4j/1.2/" target="_blank"> Log4J </a></td> + <td><a href="http://logback.qos.ch/" target="_blank"> LogBack </a></td> <td>Logging Framework </td> </tr> </table> diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 28d0b3f68..995d15476 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -4,7 +4,7 @@ <parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<groupId>MOA.id.server</groupId>
@@ -228,6 +228,10 @@ <artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>commons-beanutils</groupId>
+ <artifactId>commons-beanutils</artifactId>
+ </dependency>
<!-- <dependency>
<groupId>MOA</groupId>
@@ -287,6 +291,10 @@ <artifactId>bcprov-jdk15on</artifactId>
<groupId>org.bouncycastle</groupId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -321,7 +329,17 @@ <type>test-jar</type>
<classifier>tests</classifier>
<version>1.0.0</version>
- <scope>test</scope>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- <dependency>
<groupId>org.opensaml</groupId>
@@ -495,13 +513,13 @@ <dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
- <version>2.9.0</version>
+ <version>2.11.1</version>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
<!-- version>3.0.1</version -->
- <version>3.3.0</version>
+ <version>3.7.1</version>
</dependency>
<!-- <dependency>
@@ -694,8 +712,8 @@ <artifactId>maven-compiler-plugin</artifactId>
<version>3.6.1</version>
<configuration>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index b0f452861..baf4349e8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -77,10 +77,10 @@ public class MOAIDAuthInitializer { System.setProperty( "https.cipherSuites", //high secure RSA bases ciphers - ",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" + - ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + - ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + - ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" + + ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + + ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + + ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + //high secure ECC bases ciphers ",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java index 8fdf1eab8..1bf240589 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java @@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.GCMParameterSpec; -import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; @@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil { } } - public EncryptedData encrypt(byte[] data) throws BuildException { - Cipher cipher; - + public EncryptedData encrypt(byte[] data) throws BuildException { if (secret != null) { - try { - final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); - -// final byte[] nonce = new byte[GCM_NONCE_LENGTH]; -// SecureRandom.getInstanceStrong().nextBytes(nonce); - - GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); - - cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); - cipher.init(Cipher.ENCRYPT_MODE, secret, spec); - - Logger.debug("Encrypt MOASession"); - - byte[] encdata = cipher.doFinal(data); - byte[] iv = cipher.getIV(); - - return new EncryptedData(encdata, iv); + try { + final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); + final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + cipher.init(Cipher.ENCRYPT_MODE, secret, spec); + + final byte[] encdata = cipher.doFinal(data); + final byte[] iv = cipher.getIV(); + Logger.trace("Encrypt MOASession"); + return new EncryptedData(encdata, iv); } catch (Exception e) { Logger.warn("MOASession is not encrypted",e); @@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil { } public byte[] decrypt(EncryptedData data) throws BuildException { - Cipher cipher; if (secret != null) { - try { - IvParameterSpec iv = new IvParameterSpec(data.getIv()); - - cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); - cipher.init(Cipher.DECRYPT_MODE, secret, iv); - - Logger.debug("Decrypt MOASession"); - return cipher.doFinal(data.getEncData()); + try { + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv()); + cipher.init(Cipher.DECRYPT_MODE, secret, iv); + Logger.trace("Decrypt MOASession"); + return cipher.doFinal(data.getEncData()); } catch (Exception e) { Logger.warn("MOASession is not decrypted",e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java index 498f8408b..d4a6ee786 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java @@ -32,14 +32,15 @@ public class SessionEncrytionUtil extends AbstractEncrytionUtil { private static String key = null; public static SessionEncrytionUtil getInstance() { - if (instance == null) { + if (instance == null) { try { key = AuthConfigurationProviderFactory.getInstance().getMOASessionEncryptionKey(); - instance = new SessionEncrytionUtil(); + instance = new SessionEncrytionUtil(); } catch (Exception e) { Logger.warn("MOASession encryption can not be inizialized.", e); - + throw new RuntimeException("MOASession encryption can not be inizialized.", e); + } } return instance; diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java index 645cb601f..a3a717072 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java @@ -1,9 +1,12 @@ package at.gv.egovernment.moa.id.config.auth.data; +import static org.junit.Assert.assertEquals; + import java.io.ByteArrayInputStream; import java.util.Arrays; import java.util.List; +import org.apache.commons.lang3.RandomStringUtils; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; @@ -13,6 +16,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; + import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.data.IMOAAuthData; @@ -153,6 +158,33 @@ public class AuthenticationDataBuilderTest { } + @Test + public void genericDataTransfer() throws Exception { + TestRequestImpl pendingReq = new TestRequestImpl(); + DummyOAConfig oaParam = new DummyOAConfig(); + oaParam.setHasBaseIdTransferRestriction(false); + oaParam.setTarget("urn:publicid:gv.at:cdid+ZP-MH"); + oaParam.setForeignbPKSectors(Arrays.asList("wbpk+FN+195738a")); + pendingReq.setSpConfig(oaParam); + + final AuthenticationSessionWrapper session = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink()); + + // set random data to transfer + String key = RandomStringUtils.randomAlphabetic(5); + String value = RandomStringUtils.randomAlphabetic(5); + session.setGenericDataToSession(key, value); + + + // execute test + IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq); + + + assertEquals("generic data-transfer failed", value, authData.getGenericData(key, String.class)); + + } + @Test public void buildAuthDataWithIDLOnly_1() throws Exception { @@ -166,7 +198,7 @@ public class AuthenticationDataBuilderTest { IAuthenticationSession session = new DummyAuthSession(); session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink()); pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession()); - + IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq); diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 545a9d953..1cb2db257 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -6,7 +6,7 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-commons</artifactId> <name>moa-id-commons</name> @@ -167,7 +167,6 @@ <dependency> <groupId>joda-time</groupId> <artifactId>joda-time</artifactId> - <version>${jodatime.version}</version> </dependency> <dependency> <groupId>org.slf4j</groupId> @@ -182,14 +181,13 @@ <artifactId>jul-to-slf4j</artifactId> </dependency> <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-log4j12</artifactId> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-1.2-api</artifactId> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-to-slf4j</artifactId> </dependency> - <!-- <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> - </dependency> --> - <!-- <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> - </dependency> --> - <dependency> <groupId>org.hibernate</groupId> @@ -347,8 +345,8 @@ <artifactId>maven-compiler-plugin</artifactId> <version>3.6.1</version> <configuration> - <source>1.7</source> - <target>1.7</target> + <source>1.8</source> + <target>1.8</target> <encoding>UTF-8</encoding> </configuration> </plugin> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index dd606ea18..4da6888a9 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -156,8 +156,8 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { certList.add(cert); } catch (Exception e) { - Logger.error("Can NOT initialize SSLTrustManager. Certificate: " + certFile.getPath() - + " is not loadable, Reason: " + e.getMessage()); + Logger.warn("Can NOT import Certificate: " + certFile.getPath() + + " into SSLTrustManager. Reason: " + e.getMessage()); if (Logger.isDebugEnabled()) { try { @@ -171,13 +171,13 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { } } - throw new SSLConfigurationException("config.28", new Object[]{certFile.getPath(), e.getMessage()}, e); + //throw new SSLConfigurationException("config.28", new Object[]{certFile.getPath(), e.getMessage()}, e); } finally { if (fis != null) fis.close(); - } + } } // store acceptedServerCertificates diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index 85857cd59..b0dac8718 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <groupId>MOA.id.server</groupId> diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml index 427bab738..293ff0b77 100644 --- a/id/server/moa-id-jaxb_classes/pom.xml +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <groupId>MOA.id.server</groupId> <artifactId>moa-id-jaxb_classes</artifactId> diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml index e4441dc95..fb638a2c6 100644 --- a/id/server/moa-id-spring-initializer/pom.xml +++ b/id/server/moa-id-spring-initializer/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <groupId>MOA.id.server</groupId> diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index b1dd44779..b5d99d53d 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-modul-citizencard_authentication</artifactId> diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index b826597e9..8ae8c9a63 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-module-AT_eIDAS_connector</artifactId> <name>moa-id-module-AT_eIDAS_connector</name> diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index 9764a8ee6..ac08879d3 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-module-EID_connector</artifactId> <name>moa-id-module-E-ID_connector</name> @@ -50,7 +50,13 @@ <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_module_pvp2_core</artifactId> - </dependency> + <exclusions> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> + </dependency> <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_module_pvp2_sp</artifactId> diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index e3cc3cb52..a190c861a 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-module-bkaMobilaAuthSAML2Test</artifactId> <description>BKA MobileAuth Test for SAML2 applications</description> @@ -12,12 +12,12 @@ <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> - <version>1.52</version> + <version>1.70</version> </dependency> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk15on</artifactId> - <version>1.52</version> + <version>1.70</version> </dependency> <!-- JSON JWT implementation --> diff --git a/id/server/modules/moa-id-module-dummyAuth/pom.xml b/id/server/modules/moa-id-module-dummyAuth/pom.xml new file mode 100644 index 000000000..7b7e2d77e --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/pom.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules</artifactId> + <version>4.2.0</version> + </parent> + <artifactId>moa-id-module-dummy-authenticatiuon</artifactId> + <version>${moa-id-dummy-auth.version}</version> + <description>Module for dummy authentication in MOA-ID</description> + + <dependencies> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_utils</artifactId> + <scope>test</scope> + <type>test-jar</type> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + <scope>test</scope> + <type>test-jar</type> + </dependency> + </dependencies> + + + +</project> diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/ConfigurationProperties.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/ConfigurationProperties.java new file mode 100644 index 000000000..b42e5b0f7 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/ConfigurationProperties.java @@ -0,0 +1,58 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy; + +import java.util.Collection; +import java.util.Set; + +import com.google.common.collect.Sets; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; + +public class ConfigurationProperties { + + // configuration properties + private static final String MODULE_PREFIX = "modules.dummyauth."; + + public static final String PROP_MODULE_ENABLED = MODULE_PREFIX + "enabled"; + public static final String PROP_MODULE_SP_PREFIX = MODULE_PREFIX + "sp"; + public static final String PROP_MODULE_IDENTITY_STORE_PATH = MODULE_PREFIX + "identity.store.path"; + + // http parameter + public static final String HTTP_PARAM_START_DUMMY_AUTH = "dummyauth"; + + // configuration filetype + public static final String ALLOWED_FILE_TYPE = "json"; + + + //minimum required attributes + public static final Collection<String> MINIMUM_REQ_ATTRIBUTES = Sets.newHashSet( + PVPAttributeDefinitions.BIRTHDATE_NAME, + PVPAttributeDefinitions.GIVEN_NAME_NAME, + PVPAttributeDefinitions.PRINCIPAL_NAME_NAME, + PVPAttributeDefinitions.BPK_NAME); + + private ConfigurationProperties() { + // hide constructor or static class + } +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthModule.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthModule.java new file mode 100644 index 000000000..e2f550736 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthModule.java @@ -0,0 +1,152 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy; + +import java.io.Serializable; +import java.util.Collection; +import java.util.Collections; +import java.util.stream.Collectors; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class DummyIdentityAuthModule implements AuthModule { + + private int priority = 2; + + @Autowired(required = true) + protected IConfigurationWithSP authConfig; + @Autowired(required = true) + private IAuthenticationManager authManager; + + private Collection<String> uniqueIDsDummyAuthEnabled; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + @PostConstruct + private void initialDummyAuthWhiteList() { + if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + Logger.info("AuthModule for 'dummy-identities' is enabled"); + + // load allowed service-provider Id's + uniqueIDsDummyAuthEnabled = authConfig.getBasicConfigurationWithPrefix( + ConfigurationProperties.PROP_MODULE_SP_PREFIX).values().stream() + .filter(el -> StringUtils.isNotEmpty(el)) + .collect(Collectors.toSet()); + + if (!uniqueIDsDummyAuthEnabled.isEmpty()) { + Logger.info("Dummy authentication is enabled for ...."); + uniqueIDsDummyAuthEnabled.forEach(el -> Logger.info(" EntityID: " + el)); + + } + + // TODO: do we need a selection parameter from external + authManager.addParameterNameToWhiteList(ConfigurationProperties.HTTP_PARAM_START_DUMMY_AUTH); + + } else { + uniqueIDsDummyAuthEnabled = Collections.emptySet(); + Logger.info("AuthModule for 'dummy-identities' is disabled"); + + } + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv. + * egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + + if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(); + Logger.trace("Check dummy-auth for SP: " + spEntityID); + if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) { + final Serializable flagObj = context.get(ConfigurationProperties.HTTP_PARAM_START_DUMMY_AUTH); + if (flagObj instanceof String && Boolean.valueOf((String) flagObj)) { + Logger.info("Starting Dummy-Identity authentication for SP: " + spEntityID); + return "dummyIdentityAuthentication"; + + } else { + Logger.debug("Dummy-Identity authentication flag not 'true'. Skip it ... "); + + } + + } else { + Logger.debug("Unique SP-Id: " + spEntityID + + " is not in whitelist for Dummy-Identity authentication."); + + } + + } else { + Logger.trace("Dummy-Identity authentication is disabled"); + + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:/dummy_identity_auth.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthSpringResourceProvider.java new file mode 100644 index 000000000..d8218b7f1 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthSpringResourceProvider.java @@ -0,0 +1,62 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class DummyIdentityAuthSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource authConfig = new ClassPathResource("/moaid_dummy_identity_auth.beans.xml", DummyIdentityAuthSpringResourceProvider.class); + return new Resource[] {authConfig}; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "Module for 'Dummy Authentication'"; + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/service/DummyIdentityService.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/service/DummyIdentityService.java new file mode 100644 index 000000000..9bb961e47 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/service/DummyIdentityService.java @@ -0,0 +1,182 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.service; + +import java.io.IOException; +import java.nio.file.FileVisitOption; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; + +import javax.annotation.PostConstruct; + +import org.apache.commons.io.FilenameUtils; +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility; +import com.fasterxml.jackson.annotation.PropertyAccessor; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.ObjectMapper; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.ConfigurationProperties; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Service that holdes and selects dummy-identities for dummy-authentication. + * + * @author tlenz + * + */ +public class DummyIdentityService { + + @Autowired IConfiguration config; + + private List<Map<String, String>> availableIdentities = new ArrayList<>(); + + + private static ObjectMapper jsonMapper = new ObjectMapper(); + + static { + // initialize JSON Mapper + jsonMapper.configure(DeserializationFeature.FAIL_ON_READING_DUP_TREE_KEY, true); + jsonMapper.configure(DeserializationFeature.FAIL_ON_TRAILING_TOKENS, true); + jsonMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, true); + jsonMapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE); + jsonMapper.setVisibility(PropertyAccessor.GETTER, Visibility.PUBLIC_ONLY); + jsonMapper.setVisibility(PropertyAccessor.IS_GETTER, Visibility.PUBLIC_ONLY); + + } + + + /** + * Get an identity randomly from available identities. + * + * @return Map of identity attributes + * @throws EAAFAuthenticationException In case of an empty identity store + */ + public Map<String, String> getIdentityRandomly() throws EAAFAuthenticationException { + if (availableIdentities.isEmpty()) { + throw new EAAFAuthenticationException("builder.08", new Object[] {"No Dummy-Identity available"}); + + } + + + + int num = (int) (Math.random() * 1000000) % availableIdentities.size(); + Logger.debug("Select element: " + num + " from dummy-identity store"); + return availableIdentities.get(num); + + } + + /** + * Get number of available identity sets. + * + * @return available dummy identities + */ + public int getNumberOfLoadedIdentitySets( ) { + return availableIdentities.size(); + + } + + + @PostConstruct + private void initialize() throws EAAFException { + try { + Logger.debug("Initializing Dummy-Identity authentication service ... "); + + //get all files from datastore + Set<Path> identityConfigFiles = getAllFilesFromIdentityStore(); + Logger.debug("Find #" + identityConfigFiles.size() + " files in identity-store. Starting identity extraction ... "); + + //extract identity informations + identityConfigFiles.stream() + .filter(el -> FilenameUtils.isExtension(el.getFileName().toString(), ConfigurationProperties.ALLOWED_FILE_TYPE)) + .forEach(el -> loadJson(el)); + + Logger.info("Dummy-Identity authentication service contains #" + availableIdentities.size() + " data-sets"); + + } catch (EAAFException e) { + handleError(e); + + } catch (IOException e) { + handleError(new EAAFException("config.05", + new Object[] {ConfigurationProperties.PROP_MODULE_IDENTITY_STORE_PATH}, e)); + + } + } + + + private void loadJson(Path file) { + try { + Logger.debug("Reading dummy-identity from file: " + file.getFileName() + " ... "); + Map<String, String> dummyEid = jsonMapper.readValue(file.toFile(), Map.class); + + // check minimum required attributes + ConfigurationProperties.MINIMUM_REQ_ATTRIBUTES.stream().forEach( + el -> { + if (!dummyEid.containsKey(el)) { + throw new RuntimeException("dummy-identity from file: " + file.getFileName() + " missing attribute: " + el); + + } + }); + + Logger.debug("Add dummy-identity from file: " + file.getFileName()); + availableIdentities.add(dummyEid); + + + } catch (Exception e) { + Logger.warn("Can NOT read dummy-identity from file: " + file.getFileName() + " Identity will be skipped", e); + + } + + } + + + private Set<Path> getAllFilesFromIdentityStore() throws IOException, EAAFConfigurationException { + String identityStorePath = config.getBasicConfiguration(ConfigurationProperties.PROP_MODULE_IDENTITY_STORE_PATH); + if (StringUtils.isEmpty(identityStorePath)) { + throw new EAAFConfigurationException("config.08", + new Object[] {ConfigurationProperties.PROP_MODULE_IDENTITY_STORE_PATH}); + + } + + String absIdentityStorePath = FileUtils.makeAbsoluteURL(identityStorePath, config.getConfigurationRootDirectory()); + if (absIdentityStorePath.startsWith("file:")) { + absIdentityStorePath = absIdentityStorePath.substring("file:".length()); + + } + + return Files.walk(Paths.get(absIdentityStorePath), FileVisitOption.FOLLOW_LINKS) + .filter(Files::isRegularFile) + .filter(Files::isReadable) + .collect(Collectors.toSet()); + + } + + + private void handleError(EAAFException e) throws EAAFException { + if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + throw e; + + } else { + Logger.info("Dummy-Identity authentication is disabled. Ignore exception: " + e.getMessage()); + + } + + } + + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java new file mode 100644 index 000000000..5eb441bc9 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java @@ -0,0 +1,140 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.task; + +import java.util.Map; +import java.util.Map.Entry; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("InjectDummyIdentityInformationTask") +public class InjectDummyIdentityInformationTask extends AbstractAuthServletTask { + + @Autowired + IConfiguration moaAuthConfig; + @Autowired + DummyIdentityService service; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv. + * egovernment.moa.id.process.api.ExecutionContext, + * javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) + throws TaskExecutionException { + + try { + Logger.debug("Injecting user credentials for Dummy-Identity authentication ... "); + parseDemoValuesIntoMOASession(pendingReq); + + // set 'needConsent' to false, because user gives consent during authentication + pendingReq.setNeedUserConsent(false); + + // set 'authenticated' flag to true + pendingReq.setAuthenticated(true); + + // store MOASession into database + requestStoreage.storePendingRequest(pendingReq); + + } catch (final MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (final Exception e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + + /** + * @param pendingReq + * @param moaSession + * @throws MOAIDException + * @throws EAAFStorageException + * @throws EAAFAuthenticationException + */ + private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException, + EAAFAuthenticationException { + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setForeigner(false); + moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); + + final Map<String, String> rawIdentity = service.getIdentityRandomly(); + + // add attributes into session + for (final Entry<String, String> el : rawIdentity.entrySet()) { + moaSession.setGenericDataToSession(el.getKey(), el.getValue()); + Logger.debug("Add PVP-attribute " + el.getKey() + " into MOASession"); + + } + + // set BKU URL + if (rawIdentity.containsKey(PVPAttributeDefinitions.EID_CCS_URL_NAME)) { + moaSession.setBkuURL(rawIdentity.get(PVPAttributeDefinitions.EID_CCS_URL_NAME)); + + } else { + moaSession.setBkuURL("http://egiz.gv.at/dummy-authentication"); + + } + + // check if mandates are included + if (rawIdentity.containsKey(PVPAttributeDefinitions.MANDATE_TYPE_NAME) + || rawIdentity.containsKey(PVPAttributeDefinitions.MANDATE_TYPE_OID_NAME)) { + Logger.debug("Find Mandate-Attributes in E-ID response. Switch to mandate-mode ... "); + moaSession.setUseMandates(true); + + } else { + moaSession.setUseMandates(false); + + } + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..a60db29cb --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/resources/dummy_identity_auth.process.xml b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/dummy_identity_auth.process.xml new file mode 100644 index 000000000..d7351fbbd --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/dummy_identity_auth.process.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="dummyIdentityAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + + <pd:Task id="dummyAuth" class="InjectDummyIdentityInformationTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + + <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> + <pd:StartEvent id="start" /> + + <pd:Transition from="start" to="dummyAuth" /> + <pd:Transition from="dummyAuth" to="finalizeAuthentication" /> + <pd:Transition from="finalizeAuthentication" to="end" /> + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/resources/moaid_dummy_identity_auth.beans.xml b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/moaid_dummy_identity_auth.beans.xml new file mode 100644 index 000000000..5c2ea1176 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/moaid_dummy_identity_auth.beans.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <bean id="dummyIdentityAuthModule" class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthModule"> + <property name="priority" value="4" /> + </bean> + + <bean id="dummyIdentityService" + class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService" /> + + <bean id="InjectDummyIdentityInformationTask" + class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.task.InjectDummyIdentityInformationTask" + scope="prototype"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/BeanCreationTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/BeanCreationTest.java new file mode 100644 index 000000000..7fa2eab93 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/BeanCreationTest.java @@ -0,0 +1,67 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.BeanCreationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthModule; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_dummy_identity_auth_lazy.beans.xml" }) +public class BeanCreationTest { + + @Autowired DummyAuthConfigMap config; + @Autowired ApplicationContext context; + + @Before + public void initialize() { + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(false)); + + } + + @Test + public void authModuleDeactivated() { + assertNotNull("AuthModule", context.getBean(DummyIdentityAuthModule.class)); + + } + + @Test + @DirtiesContext + public void dummyIdentityServiceDisabled() { + assertNotNull("IdentityService", context.getBean(DummyIdentityService.class)); + + } + + @Test + @DirtiesContext + public void dummyIdentityServiceEnabled() { + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + try { + context.getBean(DummyIdentityService.class); + fail("Wrong config not detected"); + + } catch (Exception e) { + assertTrue("wrong exception", e instanceof BeanCreationException); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthModuleTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthModuleTest.java new file mode 100644 index 000000000..37bb0d9b4 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthModuleTest.java @@ -0,0 +1,117 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthModule; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_dummy_identity_auth.beans.xml" }) +public class DummyIdentityAuthModuleTest { + + @Autowired DummyAuthConfigMap config; + @Autowired DummyIdentityAuthModule module; + + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map<String, String> spConfigMap; + + @Before + public void initialize() { + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + } + + @Test + public void checkProcessDefinition() { + String[] def = module.getProcessDefinitions(); + + assertNotNull("no process definition", def); + Arrays.asList(def).stream().forEach( + el -> DummyIdentityAuthModuleTest.class.getResourceAsStream(el)); + + } + + + @Test + public void deactivated() { + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(false)); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void unknownServiceProvider() { + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void allowedServiceProviderButNotRequested() { + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323"); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void allowedServiceProviderButWrongRequested() { + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323"); + context.put("dummyauth", 27); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void allowedServiceProviderButFalseRequested() { + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323"); + context.put("dummyauth", "false"); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void allowedServiceProviderAndRequested() { + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323"); + context.put("dummyauth", "true"); + + assertEquals("wrong authmethod identifier", "dummyIdentityAuthentication", + module.selectProcess(context, pendingReq)); + + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthSpringResourceProviderTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthSpringResourceProviderTest.java new file mode 100644 index 000000000..0e9da9fea --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthSpringResourceProviderTest.java @@ -0,0 +1,55 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test; + +import java.io.IOException; +import java.io.InputStream; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthSpringResourceProvider; + +import org.apache.commons.io.IOUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.core.io.Resource; + + + +@RunWith(BlockJUnit4ClassRunner.class) +public class DummyIdentityAuthSpringResourceProviderTest { + + @Test + public void testSpringConfig() { + final DummyIdentityAuthSpringResourceProvider test = + new DummyIdentityAuthSpringResourceProvider(); + for (final Resource el : test.getResourcesToLoad()) { + try { + IOUtils.toByteArray(el.getInputStream()); + + } catch (final IOException e) { + Assert.fail("Ressouce: " + el.getFilename() + " not found"); + } + + } + + Assert.assertNotNull("no Name", test.getName()); + Assert.assertNull("Find package definitions", test.getPackagesToScan()); + + } + + @Test + public void testSpILoaderConfig() { + final InputStream el = this.getClass().getResourceAsStream( + "/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider"); + try { + final String spiFile = IOUtils.toString(el, "UTF-8"); + + Assert.assertEquals("Wrong classpath in SPI file", + DummyIdentityAuthSpringResourceProvider.class.getName(), spiFile); + + + } catch (final IOException e) { + Assert.fail("Ressouce: '/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider' not found"); + + } + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityServiceTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityServiceTest.java new file mode 100644 index 000000000..19a9fc72e --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityServiceTest.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.util.Map; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_dummy_identity_auth.beans.xml" }) +public class DummyIdentityServiceTest { + + @Autowired DummyIdentityService service; + + + @Test + public void numberOfLoadedIdentities() { + assertEquals("wrong number of identities in store", 3, service.getNumberOfLoadedIdentitySets()); + + } + + @Test + public void getRandomIdentity() throws EAAFAuthenticationException { + Map<String, String> idl = service.getIdentityRandomly(); + + assertNotNull("idl", idl); + assertEquals("wrong number of attributes", 4, idl.size()); + + } + + @Test + public void getManyRandomIdentity() throws EAAFAuthenticationException { + for(int i=0; i<50; i++) { + assertNotNull("idl", service.getIdentityRandomly()); + + } + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/InjectDummyIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/InjectDummyIdentityInformationTaskTest.java new file mode 100644 index 000000000..5d41496e2 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/InjectDummyIdentityInformationTaskTest.java @@ -0,0 +1,92 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; + +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.task.InjectDummyIdentityInformationTask; +import at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_dummy_identity_auth.beans.xml" }) +public class InjectDummyIdentityInformationTaskTest { + + @Autowired InjectDummyIdentityInformationTask task; + @Autowired DummyAuthConfigMap config; + @Autowired IRequestStorage storage; + + protected MockHttpServletRequest httpReq; + protected MockHttpServletResponse httpResp; + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map<String, String> spConfigMap; + + @Before + public void initialize() { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + } + + @Test + public void injectIdentityData() throws TaskExecutionException, PendingReqIdValidationException { + + task.execute(pendingReq, context); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertNotNull("bkuUrl", moaSession.getBkuURL()); + assertEquals("missing attributes", 4, moaSession.getGenericSessionDataStorage().size()); + + } + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/dummy/DummyAuthConfigMap.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/dummy/DummyAuthConfigMap.java new file mode 100644 index 000000000..3c0f9edf1 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/dummy/DummyAuthConfigMap.java @@ -0,0 +1,136 @@ +package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +/** + * Dummy Application-configuration implementation for jUnit tests. + * + * @author tlenz + * + */ +public class DummyAuthConfigMap implements IConfigurationWithSP { + + private Map<String, String> config = new HashMap<>(); + + public DummyAuthConfigMap() { + + } + + /** + * Dummy Application-configuration. + * + * @param configIs Property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final InputStream configIs) throws IOException { + + final Properties props = new Properties(); + props.load(configIs); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + /** + * Dummy Application-configuration. + * + * @param path Path to property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final String path) throws IOException { + + final Properties props = new Properties(); + props.load(this.getClass().getResourceAsStream(path)); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + + @Override + public String getBasicConfiguration(final String key) { + return config.get(key); + + } + + @Override + public String getBasicConfiguration(final String key, final String defaultValue) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + + } + + @Override + public Boolean getBasicConfigurationBoolean(final String key) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return false; + } else { + return Boolean.valueOf(value); + } + } + + @Override + public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue))); + + } + + @Override + public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) { + return KeyValueUtils.getSubSetWithPrefix(config, prefix); + + } + + @Override + public ISPConfiguration getServiceProviderConfiguration(final String uniqueID) + throws EAAFConfigurationException { + return null; + } + + @Override + public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator) + throws EAAFConfigurationException { + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + return new java.io.File(".").toURI(); + + } + + @Override + public String validateIDPURL(final URL authReqUrl) throws EAAFException { + return null; + } + + public void putConfigValue(final String key, final String value) { + config.put(key, value); + } + + public void removeConfigValue(final String key) { + config.remove(key); + + } + + +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config1.properties new file mode 100644 index 000000000..18bd21df1 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config1.properties @@ -0,0 +1,6 @@ +modules.dummyauth.enabled=true +modules.dummyauth.identity.store.path=src/test/resources/config/idlstore/ +modules.dummyauth.sp.1=aaabbccddeeffgg +modules.dummyauth.sp.2=yyasdfasfsa2323 +modules.dummyauth.sp.3= +modules.dummyauth.sp.4=435344534egewgegf diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config2.properties b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config2.properties new file mode 100644 index 000000000..d38ba692b --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config2.properties @@ -0,0 +1,5 @@ +modules.dummyauth.enabled=false +modules.dummyauth.identity.store.path=notexit +modules.dummyauth.sp.1=aaabbccddeeffgg +modules.dummyauth.sp.2=yyasdfasfsa2323 +modules.dummyauth.sp.3=435344534egewgegf diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_1.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_1.json new file mode 100644 index 000000000..4d927b7ad --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_1.json @@ -0,0 +1,6 @@ +{ + "urn:oid:2.5.4.42": "Max", + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann", + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_2.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_2.json new file mode 100644 index 000000000..1cffdd696 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_2.json @@ -0,0 +1,6 @@ +{ + "urn:oid:2.5.4.42": "Susi", + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Musterfrau", + "urn:oid:1.2.40.0.10.2.1.1.55": "1950-02-02", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:zzyyxx99887dd" +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_1.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_1.json new file mode 100644 index 000000000..ec1a4ba49 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_1.json @@ -0,0 +1,6 @@ +{ + "urn:oid:2.5.4.42": "Max" + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann", + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_2.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_2.json new file mode 100644 index 000000000..71c2f654e --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_2.json @@ -0,0 +1,7 @@ +{ + "urn:oid:2.5.4.42": { + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann" + }, + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_3.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_3.json new file mode 100644 index 000000000..29a245ca4 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_3.json @@ -0,0 +1,8 @@ +{ + "urn:oid:2.5.4.42": { + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann" + }, + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann", + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_missing_attr.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_missing_attr.json new file mode 100644 index 000000000..2f241c291 --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_missing_attr.json @@ -0,0 +1,5 @@ +{ + "urn:oid:2.5.4.42": "Max", + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +} diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_wrong_extension.txt b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_wrong_extension.txt new file mode 100644 index 000000000..4d927b7ad --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_wrong_extension.txt @@ -0,0 +1,6 @@ +{ + "urn:oid:2.5.4.42": "Max", + "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann", + "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01", + "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg" +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth.beans.xml b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth.beans.xml new file mode 100644 index 000000000..cca27822e --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth.beans.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <import resource="classpath:/SpringTest-context_authManager.xml" /> + <import resource="classpath:/moaid_dummy_identity_auth.beans.xml" /> + + <bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap"> + <constructor-arg name="path" value="/config/config1.properties" /> + </bean> + + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth_lazy.beans.xml b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth_lazy.beans.xml new file mode 100644 index 000000000..e818bd29c --- /dev/null +++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth_lazy.beans.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <import resource="classpath:/SpringTest-context_authManager.xml" /> + + <bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap"> + <constructor-arg name="path" value="/config/config2.properties" /> + </bean> + + <beans default-lazy-init="true"> + <bean id="dummyIdentityAuthModule" class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthModule"> + <property name="priority" value="4" /> + </bean> + + <bean id="dummyIdentityService" + class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService" /> + </beans> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 45fd97508..fc73206a7 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-module-eIDAS</artifactId> <name>MOA-ID eIDAS Module</name> @@ -237,14 +237,14 @@ <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> - <version>1.52</version> + <version>1.70</version> <!-- <scope>provided</scope> --> </dependency> <dependency> <groupId>com.ibm.icu</groupId> <artifactId>icu4j</artifactId> - <version>58.2</version> + <version>70.1</version> </dependency> diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml new file mode 100644 index 000000000..15edb681e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml @@ -0,0 +1,145 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules</artifactId> + <version>4.2.0</version> + </parent> + <artifactId>moa-id-module-ehvd_integration</artifactId> + <version>${moa-id-ehvd_integration.version}</version> + <description>Module to integrate information from EHVD into MOA-ID response</description> + + <dependencies> + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modul-citizencard_authentication</artifactId> + <exclusions> + <exclusion> + <groupId>*</groupId> + </exclusion> + </exclusions> + </dependency> + + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + <scope>provided</scope> + </dependency> + + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <scope>provided</scope> + </dependency> + + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-frontend-jaxws</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-http</artifactId> + <scope>provided</scope> + </dependency> + + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_utils</artifactId> + <scope>test</scope> + <type>test-jar</type> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + <scope>test</scope> + <type>test-jar</type> + </dependency> + <dependency> + <groupId>com.github.skjolber</groupId> + <artifactId>mockito-soap-cxf</artifactId> + <version>1.2.0</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-http-jetty</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-rs-extension-providers</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.tomcat</groupId> + <artifactId>tomcat-servlet-api</artifactId> + <version>9.0.56</version> + <scope>test</scope> + </dependency> + </dependencies> + + <build> + <plugins> + <plugin> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-codegen-plugin</artifactId> + <version>3.3.12</version> + <dependencies> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.8.1</version> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-impl</artifactId> + <version>2.2.5</version> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-xjc</artifactId> + <version>2.2.5</version> + </dependency> + </dependencies> + <executions> + <execution> + <id>generate-sources</id> + <phase>generate-sources</phase> + <configuration> + <sourceRoot>${project.build.directory}/generated/cxf</sourceRoot> + <wsdlOptions> + <wsdlOption> + <wsdl>${basedir}/src/main/resources/wsdl/eHVD.wsdl</wsdl> + <packagenames> + <packagename>eHVD=at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl</packagename> + </packagenames> + <extraargs> + <extraarg>-verbose </extraarg> + </extraargs> + </wsdlOption> + </wsdlOptions> + </configuration> + <goals> + <goal>wsdl2java</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + +</project> diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java new file mode 100644 index 000000000..6cb9c08e3 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java @@ -0,0 +1,61 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; + +public class ConfigurationProperties { + + // configuration properties + private static final String MODULE_PREFIX = "modules.ehvd."; + + public static final String PROP_MODULE_ENABLED = MODULE_PREFIX + "enabled"; + public static final String PROP_MODULE_SP_PREFIX = MODULE_PREFIX + "sp"; + + public static final String PROP_MODULE_SERVICE_TARGET = MODULE_PREFIX + "service.bpk.target"; + public static final String PROP_MODULE_SERVICE_ENDPOINT = MODULE_PREFIX + "service.url"; + public static final String PROP_MODULE_EHVD_ROLE_REGEX = MODULE_PREFIX + "service.role.regex"; + public static final String PROP_MODULE_EHVD_OTHERID_PREFIX = MODULE_PREFIX + "service.otherid.prefix"; + + public static final String PROP_MODULE_PVP_ROLE = MODULE_PREFIX + "role.pvp"; + + public static final String PROP_MODULE_PROXY_SOCKS_PORT = MODULE_PREFIX + "proxy.socks.port"; + + public static final String DEFAULT_EHVD_SERVICE_TARGET = EAAFConstants.URN_PREFIX_CDID + "GH"; + + + //TODO: define custom EHVD SAML2 attributes + public static final String ATTRIBUTE_URN_EHVD_PREFIX = "urn:brzgvat:attributes.ehvd."; + public static final String ATTRIBUTE_URN_EHVD_TITLE = ATTRIBUTE_URN_EHVD_PREFIX + "title"; + public static final String ATTRIBUTE_URN_EHVD_FIRSTNAME = ATTRIBUTE_URN_EHVD_PREFIX + "firstname"; + public static final String ATTRIBUTE_URN_EHVD_SURNAME = ATTRIBUTE_URN_EHVD_PREFIX + "surname"; + public static final String ATTRIBUTE_URN_EHVD_ZIPCODE = ATTRIBUTE_URN_EHVD_PREFIX + "zip"; + public static final String ATTRIBUTE_URN_EHVD_STATE = ATTRIBUTE_URN_EHVD_PREFIX + "state"; + public static final String ATTRIBUTE_URN_EHVD_ID = ATTRIBUTE_URN_EHVD_PREFIX + "id"; + public static final String ATTRIBUTE_URN_EHVD_OTHERID = ATTRIBUTE_URN_EHVD_PREFIX + "otherid"; + + + private ConfigurationProperties() { + // hide constructor or static class + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java new file mode 100644 index 000000000..d087b9fe2 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java @@ -0,0 +1,147 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd; + +import java.util.Collection; +import java.util.Collections; +import java.util.stream.Collectors; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EhvdServiceAuthModule extends DefaultCitizenCardAuthModuleImpl { + + private int priority = 2; + + @Autowired(required = true) + protected IConfigurationWithSP authConfig; + + private Collection<String> uniqueIDsEnabled; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + + } + + @PostConstruct + private void initialDummyAuthWhiteList() { + if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + Logger.info("AuthModule for 'EHVD injection' is enabled"); + + // load allowed service-provider Id's + uniqueIDsEnabled = authConfig.getBasicConfigurationWithPrefix( + ConfigurationProperties.PROP_MODULE_SP_PREFIX).values().stream() + .filter(el -> StringUtils.isNotEmpty(el)) + .collect(Collectors.toSet()); + + if (!uniqueIDsEnabled.isEmpty()) { + Logger.info("EHVD communication is enabled for ...."); + uniqueIDsEnabled.forEach(el -> Logger.info(" EntityID: " + el)); + + } + + } else { + uniqueIDsEnabled = Collections.emptySet(); + Logger.info("AuthModule for 'EHVD injection' is disabled"); + + } + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv. + * egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + + if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(); + Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ...."); + final boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq)); + if (uniqueIDsEnabled.contains(spEntityID) && ccAuthRequested) { + Logger.debug("EHVD communication is allowed for SP: " + spEntityID); + return "DefaultAuthenticationWithEHVDInteraction"; + + } else { + if (Logger.isDebugEnabled()) { + if (ccAuthRequested) { + Logger.debug("Unique SP-Id: " + spEntityID + " is not in whitelist for EHVD communication."); + + } else { + Logger.trace("No CititzenCard authentication requested. EHVD communication skipped too"); + + } + } + } + + } else { + Logger.trace("'EHVD injection' authentication is disabled"); + + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:/DefaultAuth_with_ehvd_interaction.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java new file mode 100644 index 000000000..589a316fe --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java @@ -0,0 +1,71 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class EhvdServiceAuthSpringResourceProvider implements SpringResourceProvider { + + /* + * (non-Javadoc) + * + * @see + * at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + final ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml", + EhvdServiceAuthSpringResourceProvider.class); + return new Resource[] { authConfig }; + } + + /* + * (non-Javadoc) + * + * @see + * at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "Module for 'Dummy Authentication'"; + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java new file mode 100644 index 000000000..af413ffc3 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.logging.Logger; + +public abstract class AbstractEhvdAttributeBuilder implements IPVPAttributeBuilder { + + @Override + public <ATT> ATT build(ISPConfiguration spConfig, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + try { + GdaDescriptor fullGdaInfo = + authData.getGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, GdaDescriptor.class); + + if (fullGdaInfo != null) { + String attrValue = generateAttributeValue(fullGdaInfo); + Logger.debug(StringUtils.isEmpty(attrValue) ? "Skip" : "Build" + + "attribute: " + getName()); + return g.buildStringAttribute(getName(), getName(), + StringUtils.isNotEmpty(attrValue) ? attrValue : null); + + } else { + Logger.trace("Skipping attr: " + getName() + " because no GDA info available"); + return null; + + } + + } catch (ClassCastException e) { + Logger.trace("Skipping attr: " + getName() + " because no GDA info available"); + return null; + + } + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(getName(), getName()); + + } + + protected abstract String generateAttributeValue(GdaDescriptor fullGdaInfo); + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java new file mode 100644 index 000000000..7056c3099 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java @@ -0,0 +1,28 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; +// +//import java.util.stream.Collectors; +// +//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +// +//@PVPMETADATA +//public class EhvdAddressStateAttributeBuilder extends AbstractEhvdAttributeBuilder { +// +// private static final String ATTR_VALUE_DELIMITER = "|"; +// +// @Override +// public String getName() { +// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_STATE; +// +// } +// +// @Override +// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { +// return fullGdaInfo.getAddress().stream() +// .map(el -> el.getState() != null ? el.getState() : "") +// .collect(Collectors.joining(ATTR_VALUE_DELIMITER)); +// +// } +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java new file mode 100644 index 000000000..98a0567f2 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java @@ -0,0 +1,28 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; +// +//import java.util.stream.Collectors; +// +//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +// +//@PVPMETADATA +//public class EhvdAddressZipcodeAttributeBuilder extends AbstractEhvdAttributeBuilder { +// +// private static final String ATTR_VALUE_DELIMITER = "|"; +// +// @Override +// public String getName() { +// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_ZIPCODE; +// +// } +// +// @Override +// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { +// return fullGdaInfo.getAddress().stream() +// .map(el -> el.getZip() != null ? el.getZip() : "") +// .collect(Collectors.joining(ATTR_VALUE_DELIMITER)); +// +// } +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java new file mode 100644 index 000000000..1bb923cf4 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdFirstnameAttributeBuilder extends AbstractEhvdAttributeBuilder { + + @Override + public String getName() { + return ConfigurationProperties.ATTRIBUTE_URN_EHVD_FIRSTNAME; + + } + + @Override + protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { + return fullGdaInfo.getFirstname(); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java new file mode 100644 index 000000000..918b02c2e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdIdAttributeBuilder extends AbstractEhvdAttributeBuilder { + + @Override + public String getName() { + return ConfigurationProperties.ATTRIBUTE_URN_EHVD_ID; + + } + + @Override + protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { + return fullGdaInfo.getId() != null ? fullGdaInfo.getId().getId() : null; + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java new file mode 100644 index 000000000..2d0e20c9c --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java @@ -0,0 +1,54 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; +// +//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +//import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +//import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +//import at.gv.egovernment.moa.logging.Logger; +// +//@PVPMETADATA +//public class EhvdOtherIdAttributeBuilder extends AbstractEhvdAttributeBuilder { +// +// private static final String DEFAULT_ID_PREFIX = "1.2.40.0.34.4.18:"; +// +// private String idPrefix; +// +// public EhvdOtherIdAttributeBuilder() { +// try { +// AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); +// if (config != null) { +// idPrefix = config.getBasicConfiguration( +// ConfigurationProperties.PROP_MODULE_EHVD_OTHERID_PREFIX, DEFAULT_ID_PREFIX); +// +// } else { +// idPrefix = DEFAULT_ID_PREFIX; +// +// } +// } catch (ConfigurationException e) { +// idPrefix = DEFAULT_ID_PREFIX; +// +// } +// +// Logger.info(" Set-up " + getName() + " with otherId prefix: " + idPrefix); +// +// } +// +// @Override +// public String getName() { +// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_OTHERID; +// +// } +// +// @Override +// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { +// return fullGdaInfo.getOtherID().stream() +// .filter(el -> el.startsWith(idPrefix)) +// .findFirst() +// .map(el -> el.substring(idPrefix.length())) +// .orElse(null); +// +// } +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java new file mode 100644 index 000000000..db8de397b --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdSurnameAttributeBuilder extends AbstractEhvdAttributeBuilder { + + @Override + public String getName() { + return ConfigurationProperties.ATTRIBUTE_URN_EHVD_SURNAME; + + } + + @Override + protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { + return fullGdaInfo.getSurname(); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java new file mode 100644 index 000000000..c978d4dd2 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdTitelAttributeBuilder extends AbstractEhvdAttributeBuilder { + + @Override + public String getName() { + return ConfigurationProperties.ATTRIBUTE_URN_EHVD_TITLE; + + } + + @Override + protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { + return fullGdaInfo.getTitle(); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java new file mode 100644 index 000000000..a79aa86dd --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java @@ -0,0 +1,57 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import java.util.stream.Collectors; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; + +@PVPMETADATA +public class PvpRoleAttributeBuilder implements IPVPAttributeBuilder { + + private static final String ROLE_NAME_DELIMITER = ";"; + + @Override + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + final IMOAAuthData moaAuthData = (IMOAAuthData) authData; + if (moaAuthData.getAuthenticationRoles() != null + && !moaAuthData.getAuthenticationRoles().isEmpty()) { + return g.buildStringAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME, + moaAuthData.getAuthenticationRoles().stream() + .map(el -> el.getRawRoleString()) + .collect(Collectors.joining(ROLE_NAME_DELIMITER))); + + } else { + Logger.trace("No PVP roles available. Skipping attribute: " + ROLES_FRIENDLY_NAME); + + } + + } else { + Logger.info("Attribute: " + ROLES_FRIENDLY_NAME + " is only available in MOA-ID context"); + + } + + return null; + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME); + + } + + @Override + public String getName() { + return ROLES_NAME; + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java new file mode 100644 index 000000000..f621d1bb4 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java @@ -0,0 +1,19 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.exception; + +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; + +public class EhvdException extends AuthenticationException { + + private static final long serialVersionUID = 380654627005502948L; + + public EhvdException(String messageId, Object[] parameters) { + super(messageId, parameters); + + } + + public EhvdException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java new file mode 100644 index 000000000..b165d05e2 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -0,0 +1,321 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.service; + +import java.net.URL; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.annotation.Nonnull; +import javax.annotation.PostConstruct; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.handler.Handler; +import javax.xml.ws.soap.SOAPFaultException; + +import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.ProxyServerType; +import org.springframework.beans.factory.annotation.Autowired; + +import com.google.common.collect.Sets; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVDService; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GetGdaDescriptors; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; +import at.gv.egovernment.moa.id.auth.modules.ehvd.exception.EhvdException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.util.LoggingHandler; + +/** + * Implement interaction with EHVD service to get GDA information. + * + * @author tlenz + * + */ +public class EhvdCommunicationService implements IEhvdCommunication { + + private static final String GDA_RESP_STATUS_ACTIVE = "Aktiv"; + + private static final String ERROR_EHVD_00 = "ehvd.00"; + private static final String ERROR_EHVD_01 = "ehvd.01"; + private static final String ERROR_EHVD_02 = "ehvd.02"; + private static final String ERROR_EHVD_03 = "ehvd.03"; + private static final String ERROR_EHVD_04 = "ehvd.04"; + private static final String ERROR_CONFIG_05 = "config.05"; + + private static final Set<String> SERVICE_ERRORS_LOG_INFO = Sets.newHashSet("6002"); + + @Autowired + IConfiguration config; + + private String ehvdBpkTarget; + + private EHVD ehvdClient; + private Pattern ehvdRolePattern; + + private List<String> ehvhPvpRoleList; + + /** + * Get user's GDA roles from EHVD Service. + * + * @param identityLink IdentityLink of the user + * @return {@link List} of Roles that are received from EHVD + * @throws AuthenticationException In case of an EHVD communication error + * @throws EAAFBuilderException In case of a bPK generation error + */ + @Override + @Nonnull + public EhvdResponseHolder getRoles(IIdentityLink identityLink) throws AuthenticationException, + EAAFBuilderException { + + // get bPK for EHVD request + final Pair<String, String> ehvdBpk = BPKBuilder.generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + ehvdBpkTarget); + + // request EHVD and handle errors + final GdaIndexResponse gdaResp = requestingGda(ehvdBpk.getFirst()); + + // parse roles from response + return EhvdResponseHolder.getInstance(gdaResp.getGda(), parseGdaResponse(gdaResp)); + + } + + @Nonnull + private GdaIndexResponse requestingGda(String bpk) throws EhvdException { + try { + final GetGdaDescriptors gdaReq = buildGdaRequest(bpk); + Logger.debug("Requesting EHVD to get GDA status ... "); + final GdaIndexResponse gdaResp = ehvdClient.getGDA(gdaReq); + Logger.debug("Receive GDA status. Starting response validation ... "); + return gdaResp; + + } catch (final SOAPFaultException e) { + throw handleSoapFaultError(e); + + } catch (final Exception e) { + Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e); + throw new EhvdException(ERROR_EHVD_01, new Object[] {}, e); + + } + + } + + private EhvdException handleSoapFaultError(SOAPFaultException e) { + // extract reason for this error + final String errorMsg = e.getFault() != null + ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() + : e.getMessage() + : e.getMessage(); + + if (SERVICE_ERRORS_LOG_INFO.stream() + .filter(el -> errorMsg.contains(el)) + .findFirst() + .isPresent()) { + Logger.info("EHVD communication failed with SOAP response: " + errorMsg); + return new EhvdException(ERROR_EHVD_03, new Object[] { errorMsg }); + + } else { + Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); + return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg }); + + } + + + + } + + private List<String> parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException { + if (ehvdResp.getGda() != null) { + final GdaDescriptor gdaInfo = ehvdResp.getGda(); + if (GDA_RESP_STATUS_ACTIVE.equals(gdaInfo.getStatus().getEhvdstatus())) { + Logger.debug("Find #" + gdaInfo.getRoles().getRole().size() + " roles"); + + // match roles with regex from configuration + final Optional<String> validGdaRole = gdaInfo.getRoles().getRole().stream() + .filter(el -> matchGdaRole(el)) + .findFirst(); + + if (validGdaRole.isPresent()) { + Logger.info("Find valid GDA role: " + validGdaRole.get() + " Set PVP Role: " + + StringUtils.join(ehvhPvpRoleList, ",") + " into Session"); + + // set role into response + return ehvhPvpRoleList; + + } else { + Logger.info("No valid GDA role in EHVD response"); + throw new EhvdException(ERROR_EHVD_04, null); + + } + + } else { + Logger.info("GDA is marked as 'inactive'. Stopping process with an error ... "); + throw new EhvdException(ERROR_EHVD_00, null); + + } + + } else { + Logger.info("Receive empty GDA response"); + throw new EhvdException(ERROR_EHVD_03, new Object[] {}); + + } + } + + private boolean matchGdaRole(String role) { + final Matcher matcher = ehvdRolePattern.matcher(role); + final boolean matches = matcher.matches(); + Logger.trace(matches ? "EHVD role: " + role + " matches" + : "EHVD role: " + role + " does not matche to pattern: " + matcher.toString()); + return matches; + + } + + private GetGdaDescriptors buildGdaRequest(String bPK) { + final GetGdaDescriptors req = new GetGdaDescriptors(); + final InstanceIdentifier gdaIdentifier = new InstanceIdentifier(); + gdaIdentifier.setOidIssuingAuthority(PVPAttributeDefinitions.BPK_OID); + gdaIdentifier.setId(bPK); + req.setHcIdentifier(gdaIdentifier); + return req; + + } + + @PostConstruct + private void initialize() throws EAAFConfigurationException { + if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + initializeEhvdClient(); + + // load EHVD bPK target + ehvdBpkTarget = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, + ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET); + Logger.info("Set-up EHVD Client with bPK target: " + ehvdBpkTarget); + + // load Regex to match EHVD Roles to PVP Roles + final String ehvdRoleRegex = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX); + checkConfigPropertyNotNull(ehvdRoleRegex, ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX); + ehvdRolePattern = Pattern.compile(ehvdRoleRegex); + + Logger.info("Set-up EHVD Client with Role regex: " + ehvdRolePattern.toString()); + + // load PVP Roles for EHVD integration + final String ehvdPvpRole = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_PVP_ROLE); + checkConfigPropertyNotNull(ehvdPvpRole, ConfigurationProperties.PROP_MODULE_PVP_ROLE); + ehvhPvpRoleList = KeyValueUtils.getListOfCSVValues(ehvdPvpRole); + Logger.info("Set-up EHVD module with PVP Role: " + StringUtils.join(ehvhPvpRoleList, ",")); + + } else { + Logger.info("Skipping EHVD client because it's not active"); + + } + } + + private void checkConfigPropertyNotNull(String valueToCheck, String configPropName) + throws EAAFConfigurationException { + if (StringUtils.isEmpty(valueToCheck)) { + Logger.error("Missing configuration for EHVD module. " + + "(Property: " + configPropName + ")"); + throw new EAAFConfigurationException(ERROR_CONFIG_05, + new Object[] { configPropName }); + + } + + } + + private void initializeEhvdClient() throws EAAFConfigurationException { + Logger.debug("Initializing EHVD client ... "); + final URL url = EhvdCommunicationService.class.getResource("/wsdl/eHVD.wsdl"); + final EHVDService service = new EHVDService(url); + ehvdClient = service.getEHVDPort12(); + + // load service end-point URL from configuration + final String ehvdEndpointUrl = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT); + if (StringUtils.isEmpty(ehvdEndpointUrl)) { + Logger.error("Missing configuration for EHVD WebService endpoint. " + + "(Property: " + ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT + ")"); + throw new EAAFConfigurationException(ERROR_CONFIG_05, + new Object[] { ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT }); + + } + + // inject service end-point URL + final Map<String, Object> requestContext = ((BindingProvider) ehvdClient).getRequestContext(); + requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, ehvdEndpointUrl); + + // inject Logging handler + List<Handler> handlerList = ((BindingProvider) ehvdClient).getBinding().getHandlerChain(); + if (handlerList == null) { + handlerList = new ArrayList<>(); + + } + + handlerList.add(new LoggingHandler()); + ((BindingProvider) ehvdClient).getBinding().setHandlerChain(handlerList); + + Logger.info("Initialize EHVD Client with service end-point: " + ehvdEndpointUrl); + + // these code is only for local testing + final String socksPort = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT); + if (StringUtils.isNotEmpty(socksPort)) { + Logger.warn("Injecting SOCKS5 Proxy for service communication!"); + final Client client = ClientProxy.getClient(ehvdClient); + final HTTPConduit http = (HTTPConduit) client.getConduit(); + http.getClient().setProxyServerType(ProxyServerType.SOCKS); + http.getClient().setProxyServer("127.0.0.1"); + http.getClient().setProxyServerPort(Integer.valueOf(socksPort)); + + } + } + + public static class EhvdResponseHolder { + final List<String> roles; + final GdaDescriptor fullGdaResponse; + + + public static EhvdResponseHolder getInstance(GdaDescriptor gdaInfo, List<String> processedRoles) { + return new EhvdResponseHolder(gdaInfo, processedRoles); + + } + + private EhvdResponseHolder(GdaDescriptor gdaInfo, List<String> processedRoles) { + this.roles = processedRoles; + this.fullGdaResponse = gdaInfo; + + } + + public List<String> getRoles() { + return roles; + } + + public GdaDescriptor getFullGdaResponse() { + return fullGdaResponse; + } + + + + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java new file mode 100644 index 000000000..6b7c7e2f5 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java @@ -0,0 +1,20 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.service; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService.EhvdResponseHolder; + +public interface IEhvdCommunication { + + /** + * Get user's GDA roles from EHVD Service. + * + * @param identityLink IdentityLink of the user + * @return {@link EhvdResponseHolder} that contains the Roles received from EHVD and the full GDA response + * @throws AuthenticationException In case of an EHVD communication error + * @throws EAAFBuilderException In case of a bPK generation error + */ + EhvdResponseHolder getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException; + +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java new file mode 100644 index 000000000..ee5dbb2fd --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java @@ -0,0 +1,109 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd.task; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService.EhvdResponseHolder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.service.IEhvdCommunication; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("InjectEhvdInformationTask") +public class InjectEhvdInformationTask extends AbstractAuthServletTask { + + @Autowired + IEhvdCommunication ehvdService; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv. + * egovernment.moa.id.process.api.ExecutionContext, + * javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) + throws TaskExecutionException { + try { + final AuthenticationSessionWrapper session = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + + // validate internal state + validateInternalState(session); + + // requesting roles from EHVD + final EhvdResponseHolder ehvdResponse = ehvdService.getRoles(session.getIdentityLink()); + + // inject EHVD roles + session.setGenericDataToSession(PVPAttributeDefinitions.ROLES_NAME, + StringUtils.join(ehvdResponse.getRoles(), ";")); + + // inject full EHVD response + session.setGenericDataToSession(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, + ehvdResponse.getFullGdaResponse()); + + // store MOASession into database + requestStoreage.storePendingRequest(pendingReq); + + } catch (final MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (final Exception e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + + private void validateInternalState(AuthenticationSessionWrapper session) throws AuthenticationException { + // check if identityLink is available + if (session.getIdentityLink() == null) { + Logger.error("No IdentityLink in session. There is an internal error in process definition"); + throw new AuthenticationException("process.04", null); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml new file mode 100644 index 000000000..2ff0d552f --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="DefaultAuthenticationWithEHVDInteraction" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + + <!-- Tasks involved in this authentication flow --> + <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" /> + <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" /> + <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" /> + <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" /> + <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" /> + + <pd:Task id="injectEhvdInformation" class="InjectEhvdInformationTask" /> + <pd:Task id="userRestrictionTask" class="UserRestrictionTask" /> + + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + + + <!-- definition of the authentication flow --> + <pd:StartEvent id="start" /> + + <pd:Transition from="start" to="initializeBKUAuthentication" /> + <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" /> + <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" /> + <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" /> + <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" /> + <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" /> + <pd:Transition from="userRestrictionTask" to="injectEhvdInformation" /> + <pd:Transition from="injectEhvdInformation" to="finalizeAuthentication" /> + <pd:Transition from="finalizeAuthentication" to="end" /> + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..6985f2b7d --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder new file mode 100644 index 000000000..44f8d26cf --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -0,0 +1,5 @@ +at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder +at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder +at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder +at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder +at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdIdAttributeBuilder diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml new file mode 100644 index 000000000..4ef523ec8 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <bean id="ehvdServiceAuthModule" class="at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule"> + <property name="priority" value="4" /> + </bean> + + <bean id="ehvdCommunicationService" + class="at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService"/> + + <bean id="InjectEhvdInformationTask" + class="at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask" + scope="prototype"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties new file mode 100644 index 000000000..b4a752a2d --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties @@ -0,0 +1,7 @@ +ehvd.00=Für den abgefragtem GDA liegt keine Berechtigung vor +ehvd.01=Technischer Fehler bei der Abfrage von GDA Informationen. Ursache: {0} +ehvd.02=Fehler bei der Abfrage von GDA Informationen. Ursache: {0} +ehvd.03=Antwort des EHVD Service beinhaltet keine GDA Informationen +ehvd.04=Keine gültige EHVD Role gefunden + +ehvd.99=Allgemeiner Fehler bei der Abfrage des EHVD Service diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties new file mode 100644 index 000000000..d3ba65c11 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties @@ -0,0 +1,9 @@ +test.01=aabbccdd +test.02=zzzyyyxxx + +ehvd.00=7000 +ehvd.01=7001 +ehvd.02=7001 +ehvd.03=7003 +ehvd.04=7002 +ehvd.99=7099
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/wsdl/eHVD.wsdl b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/wsdl/eHVD.wsdl new file mode 100644 index 000000000..a1138f068 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/wsdl/eHVD.wsdl @@ -0,0 +1,220 @@ +<?xml version="1.0" encoding="UTF-8"?><wsdl:definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="eHVD" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:mime="http://www.w3.org/2003/01/wsdl/mime" targetNamespace="eHVD"> + + <wsdl:documentation> + Service: eHVD + Version: 2 + Owner: BRZ + </wsdl:documentation> + + <wsdl:types> + <xs:schema xmlns:ehvd="eHVD" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" xmlns:xs="http://www.w3.org/2001/XMLSchema" jaxb:extensionBindingPrefixes="xjc" jaxb:version="2.0" elementFormDefault="qualified" targetNamespace="eHVD" version="1.0"> + <xs:annotation> + <xs:appinfo> + <jaxb:globalBindings> + <jaxb:serializable uid="1"/> + </jaxb:globalBindings> + </xs:appinfo> + </xs:annotation> + + <xs:complexType name="InstanceIdentifier"> + <xs:sequence> + <xs:element maxOccurs="1" minOccurs="0" name="oidIssuingAuthority" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="1" name="id" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="InstanceIdentifierSearch"> + <xs:sequence> + <xs:element maxOccurs="1" minOccurs="0" name="firstname" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="1" name="surname" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="rolecode" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="postcode" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="streetNumber" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="streetName" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="city" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="state" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="1" name="maxResults" type="xs:integer"/> + <xs:element maxOccurs="1" minOccurs="0" name="ehvdstatus" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="elgastatus" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="description" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="GDAStatus"> + <xs:sequence> + <xs:element maxOccurs="1" minOccurs="1" name="ehvdstatus" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="1" name="elgastatus" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="GDARoles"> + <xs:sequence> + <xs:element maxOccurs="unbounded" minOccurs="0" name="role" type="xs:string"/> + <xs:element maxOccurs="unbounded" minOccurs="0" name="elgaRole" type="xs:string"/> + <xs:element maxOccurs="unbounded" minOccurs="0" name="specialisation" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="GdaAddress"> + <xs:sequence> + <xs:element maxOccurs="1" minOccurs="0" name="streetNumber" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="streetName" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="city" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="state" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="zip" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="country" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="GDARelationship"> + <xs:sequence> + <xs:element maxOccurs="unbounded" minOccurs="0" name="memberof" type="xs:string"/> + <xs:element maxOccurs="unbounded" minOccurs="0" name="ownerof" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="GDADBTimestamps"> + <xs:sequence> + <xs:element maxOccurs="1" minOccurs="0" name="add" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="modify" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="GdaDescriptor"> + <xs:sequence> + <xs:element maxOccurs="1" minOccurs="1" name="id" type="ehvd:InstanceIdentifier"/> + <xs:element maxOccurs="unbounded" minOccurs="0" name="otherID" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="1" name="status" type="ehvd:GDAStatus"/> + <xs:element maxOccurs="1" minOccurs="0" name="firstname" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="1" name="surname" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="gender" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="title" type="xs:string"/> + <xs:element maxOccurs="unbounded" minOccurs="0" name="knownname" type="xs:string"/> + <xs:element maxOccurs="unbounded" minOccurs="0" name="address" type="ehvd:GdaAddress"/> + <xs:element maxOccurs="unbounded" minOccurs="1" name="description" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="1" name="roles" type="ehvd:GDARoles"/> + <xs:element maxOccurs="1" minOccurs="0" name="relations" type="ehvd:GDARelationship"/> + <xs:element maxOccurs="1" minOccurs="0" name="tel" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="fax" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="web" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="0" name="mail" type="xs:string"/> + <xs:element maxOccurs="1" minOccurs="1" name="timestamps" type="ehvd:GDADBTimestamps"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="GetGdaSearch"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="1" minOccurs="1" name="hcIdentifierSearch" type="ehvd:InstanceIdentifierSearch"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="GetGdaDescriptors"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="1" minOccurs="1" name="hcIdentifier" type="ehvd:InstanceIdentifier"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="GdaIndexResponse"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="1" minOccurs="0" name="gda" type="ehvd:GdaDescriptor"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="GdaIndexResponseList"> + <xs:complexType> + <xs:sequence> + <xs:element maxOccurs="unbounded" minOccurs="0" name="gda" type="ehvd:GdaDescriptor"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + </xs:schema> + </wsdl:types> + + <wsdl:message name="GetGdaDescriptors"> + <wsdl:part element="tns:GetGdaDescriptors" name="GetGdaDescriptors"> + </wsdl:part> + </wsdl:message> + + <wsdl:message name="GetGdaSearch"> + <wsdl:part element="tns:GetGdaSearch" name="GetGdaSearch"> + </wsdl:part> + </wsdl:message> + + + <wsdl:message name="GdaIndexResponse"> + <wsdl:part element="tns:GdaIndexResponse" name="GdaIndexResponse"> + </wsdl:part> + </wsdl:message> + + <wsdl:message name="GdaIndexResponseList"> + <wsdl:part element="tns:GdaIndexResponseList" name="GdaIndexResponseList"> + </wsdl:part> + </wsdl:message> + + <wsdl:portType name="eHVD"> + + <wsdl:documentation>eHVD Service Interfaces + </wsdl:documentation> + + <wsdl:operation name="GetGDA"> + <wsdl:input message="tns:GetGdaDescriptors" name="GetGdaDescriptors"> + </wsdl:input> + <wsdl:output message="tns:GdaIndexResponse" name="GdaIndexResponse"> + </wsdl:output> + </wsdl:operation> + + <wsdl:operation name="GdaSearch"> + <wsdl:input message="tns:GetGdaSearch" name="GetGdaSearch"> + </wsdl:input> + <wsdl:output message="tns:GdaIndexResponseList" name="GdaIndexResponseList"> + </wsdl:output> + </wsdl:operation> + + </wsdl:portType> + + <wsdl:binding name="eHVDSOAPBinding12" type="tns:eHVD"> + <wsdl:documentation>SOAP 1.2 Binding</wsdl:documentation> + + <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/> + + <wsdl:operation name="GetGDA"> + <soap12:operation soapAction="eHVD/GetGDA"/> + <wsdl:input name="GetGdaDescriptors"> + <mime:content type="application/soap+xml"/> + <soap12:body use="literal"/> + </wsdl:input> + <wsdl:output name="GdaIndexResponse"> + <soap12:body use="literal"/> + </wsdl:output> + </wsdl:operation> + + <wsdl:operation name="GdaSearch"> + <soap12:operation soapAction="eHVD/GdaSearch"/> + <wsdl:input name="GetGdaSearch"> + <mime:content type="application/soap+xml"/> + <soap12:body use="literal"/> + </wsdl:input> + <wsdl:output name="GdaIndexResponseList"> + <soap12:body use="literal"/> + </wsdl:output> + </wsdl:operation> + + </wsdl:binding> + + <wsdl:service name="eHVDService"> + <wsdl:documentation>eHVD Service</wsdl:documentation> + + <wsdl:port name="eHVDPort12" binding="tns:eHVDSOAPBinding12"> + <soap12:address location="https://ehvdws.gesundheit.gv.at"/> + </wsdl:port> + + </wsdl:service> + +</wsdl:definitions>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java new file mode 100644 index 000000000..91bf67b2d --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test; + +import static org.junit.Assert.assertNotNull; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth_lazy.beans.xml" }) +public class BeanCreationTest { + + @Autowired + DummyAuthConfigMap config; + @Autowired + ApplicationContext context; + + @Before + public void initialize() { + // re-set config + config.putConfigValue("modules.ehvd.enabled", String.valueOf(false)); + + } + + @Test + public void authModuleDeactivated() { + assertNotNull("AuthModule", context.getBean(EhvdServiceAuthModule.class)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java new file mode 100644 index 000000000..4a7c98803 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java @@ -0,0 +1,101 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class EhvdServiceAuthModuleTest { + + @Autowired DummyAuthConfigMap config; + @Autowired EhvdServiceAuthModule module; + + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map<String, String> spConfigMap; + + @Before + public void initialize() { + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.ehvd.enabled", String.valueOf(true)); + + context.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, String.valueOf(false)); + context.put(MOAIDAuthConstants.PARAM_BKU, RandomStringUtils.randomAlphabetic(5)); + + } + + @Test + public void checkProcessDefinition() { + String[] def = module.getProcessDefinitions(); + + assertNotNull("no process definition", def); + Arrays.asList(def).stream().forEach( + el -> EhvdServiceAuthModuleTest.class.getResourceAsStream(el)); + + } + + @Test + public void bkuSelectionActiv() { + context.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, String.valueOf(true)); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void deactivated() { + config.putConfigValue("modules.ehvd.enabled", String.valueOf(false)); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void unknownServiceProvider() { + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void allowedServiceProviderAndRequested() { + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323"); + + assertEquals("wrong authmethod identifier", "DefaultAuthenticationWithEHVDInteraction", + module.selectProcess(context, pendingReq)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java new file mode 100644 index 000000000..b584e8753 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test; + +import java.io.IOException; +import java.io.InputStream; + +import org.apache.commons.io.IOUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.core.io.Resource; + +import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthSpringResourceProvider; + + + +@RunWith(BlockJUnit4ClassRunner.class) +public class EhvdServiceAuthSpringResourceProviderTest { + + @Test + public void testSpringConfig() { + final EhvdServiceAuthSpringResourceProvider test = + new EhvdServiceAuthSpringResourceProvider(); + for (final Resource el : test.getResourcesToLoad()) { + try { + IOUtils.toByteArray(el.getInputStream()); + + } catch (final IOException e) { + Assert.fail("Ressouce: " + el.getFilename() + " not found"); + } + + } + + Assert.assertNotNull("no Name", test.getName()); + Assert.assertNull("Find package definitions", test.getPackagesToScan()); + + } + + @Test + public void testSpILoaderConfig() { + final InputStream el = this.getClass().getResourceAsStream( + "/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider"); + try { + final String spiFile = IOUtils.toString(el, "UTF-8"); + + Assert.assertEquals("Wrong classpath in SPI file", + EhvdServiceAuthSpringResourceProvider.class.getName(), spiFile); + + + } catch (final IOException e) { + Assert.fail("Ressouce: '/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider' not found"); + + } + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/AbstractEhvdAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/AbstractEhvdAttributeBuilderTest.java new file mode 100644 index 000000000..b1ac7d99a --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/AbstractEhvdAttributeBuilderTest.java @@ -0,0 +1,97 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import java.util.Collections; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +public abstract class AbstractEhvdAttributeBuilderTest { + + @Autowired + protected IConfiguration basicConfig; + + protected DummySPConfiguration oaParam; + protected AuthenticationData authData; + protected IAttributeGenerator<String> g = new SimpleStringAttributeGenerator(); + + protected abstract String expectedAttrName(); + protected abstract IAttributeBuilder getAttributeBuilderUnderTest(); + + protected GdaAddress generateAddress(String zip, String state) { + GdaAddress addr = new GdaAddress(); + addr.setZip(zip); + addr.setState(state); + return addr; + + } + + @Before + public void initialize() { + oaParam = new DummySPConfiguration(Collections.emptyMap(), basicConfig); + authData = new AuthenticationData(); + + } + + @Test + public void checkAttributeRegistration() { + assertNotNull("Attribute: " + expectedAttrName() + " not registrated", + PVPAttributeBuilder.getAttributeBuilder(expectedAttrName())); + + } + + @Test + public void checkName() { + assertEquals("wrong attr. name", expectedAttrName(), getAttributeBuilderUnderTest().getName()); + + } + + @Test + public void checkEmptyAttribute() { + assertNull("wrong empty attr.", getAttributeBuilderUnderTest().buildEmpty(g)); + + } + + @Test + public void noGdaInfos() throws AttributeBuilderException { + IAuthData authData = new AuthenticationData(); + assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + + @Test + public void wrongGdaInfos() throws AttributeBuilderException, EAAFStorageException { + AuthenticationData authData = new AuthenticationData(); + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, RandomStringUtils.randomAlphabetic(10)); + assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + + @Test + public void emptyGdaInfos() throws AttributeBuilderException, EAAFStorageException { + AuthenticationData authData = new AuthenticationData(); + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, new GdaDescriptor()); + assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressStateAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressStateAttributeBuilderTest.java new file mode 100644 index 000000000..d342d331b --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressStateAttributeBuilderTest.java @@ -0,0 +1,106 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; +// +//import static org.junit.Assert.assertEquals; +//import static org.junit.Assert.assertNull; +// +//import org.apache.commons.lang3.RandomStringUtils; +//import org.junit.Test; +//import org.junit.runner.RunWith; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +// +//import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +//import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +//import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdAddressStateAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdAddressZipcodeAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdOtherIdAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; +// +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration({ +// "/test_ehvd_service_auth.beans.xml" }) +//public class EhvdAddressStateAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { +// +// @Override +// protected String expectedAttrName() { +// return "urn:brzgvat:attributes.ehvd.state"; +// +// } +// +// @Override +// protected IAttributeBuilder getAttributeBuilderUnderTest() { +// return new EhvdAddressStateAttributeBuilder(); +// +// } +// +// @Test +// public void checkMissing() throws EAAFStorageException, AttributeBuilderException { +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void singleAddress() throws EAAFStorageException, AttributeBuilderException { +// String state = RandomStringUtils.randomAlphabetic(5); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(5), state)); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", state, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddress() throws EAAFStorageException, AttributeBuilderException { +// String state1 = RandomStringUtils.randomAlphabetic(4); +// String state2 = RandomStringUtils.randomAlphabetic(4); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state1)); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state2)); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", state1 + "|" + state2, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddressNullBefore() throws EAAFStorageException, AttributeBuilderException { +// String state1 = null; +// String state2 = RandomStringUtils.randomAlphabetic(4); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state1)); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state2)); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", "|" + state2, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddressNullAfter() throws EAAFStorageException, AttributeBuilderException { +// String state1 = RandomStringUtils.randomAlphabetic(4); +// String state2 = null; +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state1)); +// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state2)); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", state1 + "|", +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressZipAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressZipAttributeBuilderTest.java new file mode 100644 index 000000000..69d17f8c3 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressZipAttributeBuilderTest.java @@ -0,0 +1,107 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; +// +//import static org.junit.Assert.assertEquals; +//import static org.junit.Assert.assertNull; +// +//import org.apache.commons.lang3.RandomStringUtils; +//import org.junit.Test; +//import org.junit.runner.RunWith; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +// +//import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +//import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +//import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdAddressZipcodeAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdOtherIdAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; +// +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration({ +// "/test_ehvd_service_auth.beans.xml" }) +//public class EhvdAddressZipAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { +// +// @Override +// protected String expectedAttrName() { +// return "urn:brzgvat:attributes.ehvd.zip"; +// +// } +// +// @Override +// protected IAttributeBuilder getAttributeBuilderUnderTest() { +// return new EhvdAddressZipcodeAttributeBuilder(); +// +// } +// +// @Test +// public void checkMissing() throws EAAFStorageException, AttributeBuilderException { +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void singleAddress() throws EAAFStorageException, AttributeBuilderException { +// String zip = RandomStringUtils.randomNumeric(4); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress( +// zip, +// RandomStringUtils.randomAlphabetic(5))); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", zip, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddress() throws EAAFStorageException, AttributeBuilderException { +// String zip1 = RandomStringUtils.randomNumeric(4); +// String zip2 = RandomStringUtils.randomNumeric(4); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(zip1, RandomStringUtils.randomAlphabetic(5))); +// gdaInfo.getAddress().add(generateAddress(zip2, RandomStringUtils.randomAlphabetic(5))); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", zip1 + "|" + zip2, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddressNullBefore() throws EAAFStorageException, AttributeBuilderException { +// String zip1 = null; +// String zip2 = RandomStringUtils.randomNumeric(4); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(zip1, RandomStringUtils.randomAlphabetic(5))); +// gdaInfo.getAddress().add(generateAddress(zip2, RandomStringUtils.randomAlphabetic(5))); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", "|" + zip2, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void multiAddressNullAfter() throws EAAFStorageException, AttributeBuilderException { +// String zip1 = RandomStringUtils.randomNumeric(4); +// String zip2 = null; +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getAddress().add(generateAddress(zip1, RandomStringUtils.randomAlphabetic(5))); +// gdaInfo.getAddress().add(generateAddress(zip2, RandomStringUtils.randomAlphabetic(5))); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", zip1 + "|", +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdFirstnameAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdFirstnameAttributeBuilderTest.java new file mode 100644 index 000000000..66f1b5028 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdFirstnameAttributeBuilderTest.java @@ -0,0 +1,47 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class EhvdFirstnameAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { + + @Override + protected String expectedAttrName() { + return "urn:brzgvat:attributes.ehvd.firstname"; + + } + + @Override + protected IAttributeBuilder getAttributeBuilderUnderTest() { + return new EhvdFirstnameAttributeBuilder(); + + } + + @Test + public void checkValid() throws EAAFStorageException, AttributeBuilderException { + final GdaDescriptor gdaInfo = new GdaDescriptor(); + gdaInfo.setFirstname(RandomStringUtils.randomAlphabetic(5)); + + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); + assertEquals("wrong empty attr.", gdaInfo.getFirstname(), + getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdIdAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdIdAttributeBuilderTest.java new file mode 100644 index 000000000..db73f9191 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdIdAttributeBuilderTest.java @@ -0,0 +1,64 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdIdAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class EhvdIdAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { + + @Override + protected String expectedAttrName() { + return "urn:brzgvat:attributes.ehvd.id"; + + } + + @Override + protected IAttributeBuilder getAttributeBuilderUnderTest() { + return new EhvdIdAttributeBuilder(); + + } + + @Test + public void checkMissingId() throws EAAFStorageException, AttributeBuilderException { + final GdaDescriptor gdaInfo = new GdaDescriptor(); + InstanceIdentifier id = new InstanceIdentifier(); + gdaInfo.setId(id ); + + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); + assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + + @Test + public void checkValid() throws EAAFStorageException, AttributeBuilderException { + final GdaDescriptor gdaInfo = new GdaDescriptor(); + InstanceIdentifier id = new InstanceIdentifier(); + id.setId(RandomStringUtils.randomAlphabetic(5)); + gdaInfo.setId(id ); + + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); + assertEquals("wrong empty attr.", id.getId(), + getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdOtherIdAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdOtherIdAttributeBuilderTest.java new file mode 100644 index 000000000..bce8924d9 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdOtherIdAttributeBuilderTest.java @@ -0,0 +1,86 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; +// +//import static org.junit.Assert.assertEquals; +//import static org.junit.Assert.assertNull; +// +//import org.apache.commons.lang3.RandomStringUtils; +//import org.junit.Test; +//import org.junit.runner.RunWith; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +// +//import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +//import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +//import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdOtherIdAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; +// +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration({ +// "/test_ehvd_service_auth.beans.xml" }) +//public class EhvdOtherIdAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { +// +// @Override +// protected String expectedAttrName() { +// return "urn:brzgvat:attributes.ehvd.otherid"; +// +// } +// +// @Override +// protected IAttributeBuilder getAttributeBuilderUnderTest() { +// return new EhvdOtherIdAttributeBuilder(); +// +// } +// +// @Test +// public void checkMissingId() throws EAAFStorageException, AttributeBuilderException { +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void checkWrongId() throws EAAFStorageException, AttributeBuilderException { +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getOtherID().add(RandomStringUtils.randomAlphabetic(10)); +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void checkValidRandom() throws EAAFStorageException, AttributeBuilderException { +// String value = RandomStringUtils.randomAlphabetic(5); +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getOtherID().add(RandomStringUtils.randomAlphabetic(10)); +// gdaInfo.getOtherID().add("1.2.40.0.34.4.18:" + value); +// +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", value, +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +// @Test +// public void checkValidBrzReal() throws EAAFStorageException, AttributeBuilderException { +// final GdaDescriptor gdaInfo = new GdaDescriptor(); +// gdaInfo.getOtherID().add(RandomStringUtils.randomAlphabetic(10)); +// gdaInfo.getOtherID().add("1.2.40.0.34.4.18:1234-12"); +// gdaInfo.getOtherID().add("1.2.40.0.34.4.17:aabbccdd"); +// +// +// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); +// assertEquals("wrong empty attr.", "1234-12", +// getAttributeBuilderUnderTest().build(oaParam, authData, g)); +// +// } +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdSurnameAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdSurnameAttributeBuilderTest.java new file mode 100644 index 000000000..af9e60cb7 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdSurnameAttributeBuilderTest.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class EhvdSurnameAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { + + @Override + protected String expectedAttrName() { + return "urn:brzgvat:attributes.ehvd.surname"; + + } + + @Override + protected IAttributeBuilder getAttributeBuilderUnderTest() { + return new EhvdSurnameAttributeBuilder(); + + } + + @Test + public void checkValid() throws EAAFStorageException, AttributeBuilderException { + final GdaDescriptor gdaInfo = new GdaDescriptor(); + gdaInfo.setSurname(RandomStringUtils.randomAlphabetic(5)); + + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); + assertEquals("wrong empty attr.", gdaInfo.getSurname(), + getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdTitelAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdTitelAttributeBuilderTest.java new file mode 100644 index 000000000..2863c3508 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdTitelAttributeBuilderTest.java @@ -0,0 +1,46 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class EhvdTitelAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest { + + @Override + protected String expectedAttrName() { + return "urn:brzgvat:attributes.ehvd.title"; + + } + + @Override + protected IAttributeBuilder getAttributeBuilderUnderTest() { + return new EhvdTitelAttributeBuilder(); + + } + + @Test + public void checkTitelValid() throws EAAFStorageException, AttributeBuilderException { + final GdaDescriptor gdaInfo = new GdaDescriptor(); + gdaInfo.setTitle(RandomStringUtils.randomAlphabetic(5)); + + authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo); + assertEquals("wrong empty attr.", gdaInfo.getTitle(), + getAttributeBuilderUnderTest().build(oaParam, authData, g)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java new file mode 100644 index 000000000..624abff5f --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java @@ -0,0 +1,159 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder; +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class PvpRoleAttributeBuilderTest { + + @Autowired + private IConfiguration basicConfig; + + private PvpRoleAttributeBuilder toTest = new PvpRoleAttributeBuilder(); + private IAttributeGenerator<String> g = new SimpleStringAttributeGenerator(); + private ISPConfiguration oaParam; + + + @Before + public void initialize() { + oaParam = new DummySPConfiguration(Collections.emptyMap(), basicConfig); + + } + + @Test + public void checkAttributeRegistration() { + assertNotNull("Attribute: urn:oid:1.2.40.0.10.2.1.1.261.30 not registrated", + PVPAttributeBuilder.getAttributeBuilder("urn:oid:1.2.40.0.10.2.1.1.261.30")); + + } + + @Test + public void checkName() { + assertEquals("wrong attr. name", "urn:oid:1.2.40.0.10.2.1.1.261.30", toTest.getName()); + + } + + @Test + public void checkEmptyAttribute() { + assertNull("wrong empty attr.", toTest.buildEmpty(g)); + + } + + @Test + public void wrongAuthData() throws AttributeBuilderException { + IAuthData authData = new AuthenticationData(); + assertNull("wrong attr. value", toTest.build(oaParam, authData, g)); + + } + + @Test + public void noRoles() throws AttributeBuilderException { + IAuthData authData = generateAuthData(null); + assertNull("wrong attr. value", toTest.build(oaParam, authData, g)); + + } + + @Test + public void emptyRoles() throws AttributeBuilderException { + IAuthData authData = generateAuthData(Collections.emptyList()); + assertNull("wrong attr. value", toTest.build(oaParam, authData, g)); + + } + + @Test + public void randomRoles() throws AttributeBuilderException { + String role1 = RandomStringUtils.randomAlphabetic(5); + String role2 = RandomStringUtils.randomAlphabetic(5); + String role3 = RandomStringUtils.randomAlphabetic(5); + String role4 = RandomStringUtils.randomAlphabetic(5); + + IAuthData authData = generateAuthData(Arrays.asList( + new AuthenticationRole(role1, role1), + new AuthenticationRole(role2, role2), + new AuthenticationRole(role3, role3 + "()"), + new AuthenticationRole(role4, role4 + "(\"aaa\"=\"bbb\")") + )); + + // perform test + String attrValue = toTest.build(oaParam, authData, g); + + // validate state + assertNotNull("wrong attr. value", attrValue); + assertFalse("List delimiter after last element" ,attrValue.endsWith(";")); + + + String[] el = attrValue.split(";"); + assertEquals("wrong role count", 4, el.length); + assertEquals("wrong 1. role", role1, el[0]); + assertEquals("wrong 2. role", role2, el[1]); + assertEquals("wrong 3. role", role3 + "()", el[2]); + assertEquals("wrong 4. role", role4 + "(\"aaa\"=\"bbb\")", el[3]); + + + } + + @Test + public void brzProductionRole() throws AttributeBuilderException { + + IAuthData authData = generateAuthData(Arrays.asList( + AuthenticationRoleFactory.buildFormPVPole("EPI-GDA()"))); + + // perform test + String attrValue = toTest.build(oaParam, authData, g); + + // validate state + assertNotNull("wrong attr. value", attrValue); + assertFalse("List delimiter after last element" ,attrValue.endsWith(";")); + + + String[] el = attrValue.split(";"); + assertEquals("wrong role count", 1, el.length); + assertEquals("wrong 1. role", "EPI-GDA()", el[0]); + + assertEquals("wrong role attr. value", "EPI-GDA()", attrValue); + + } + + private IAuthData generateAuthData(List<AuthenticationRole> roles) { + MOAAuthenticationData authData = new MOAAuthenticationData(null); + if (roles != null) { + roles.forEach(el -> authData.addAuthenticationRole(el)); + + } + + return authData; + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java new file mode 100644 index 000000000..865cf7157 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java @@ -0,0 +1,136 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +/** + * Dummy Application-configuration implementation for jUnit tests. + * + * @author tlenz + * + */ +public class DummyAuthConfigMap implements IConfigurationWithSP { + + private Map<String, String> config = new HashMap<>(); + + public DummyAuthConfigMap() { + + } + + /** + * Dummy Application-configuration. + * + * @param configIs Property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final InputStream configIs) throws IOException { + + final Properties props = new Properties(); + props.load(configIs); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + /** + * Dummy Application-configuration. + * + * @param path Path to property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final String path) throws IOException { + + final Properties props = new Properties(); + props.load(this.getClass().getResourceAsStream(path)); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + + @Override + public String getBasicConfiguration(final String key) { + return config.get(key); + + } + + @Override + public String getBasicConfiguration(final String key, final String defaultValue) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + + } + + @Override + public Boolean getBasicConfigurationBoolean(final String key) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return false; + } else { + return Boolean.valueOf(value); + } + } + + @Override + public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue))); + + } + + @Override + public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) { + return KeyValueUtils.getSubSetWithPrefix(config, prefix); + + } + + @Override + public ISPConfiguration getServiceProviderConfiguration(final String uniqueID) + throws EAAFConfigurationException { + return null; + } + + @Override + public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator) + throws EAAFConfigurationException { + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + return new java.io.File(".").toURI(); + + } + + @Override + public String validateIDPURL(final URL authReqUrl) throws EAAFException { + return null; + } + + public void putConfigValue(final String key, final String value) { + config.put(key, value); + } + + public void removeConfigValue(final String key) { + config.remove(key); + + } + + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java new file mode 100644 index 000000000..9ab52a27e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java @@ -0,0 +1,150 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy; + +import java.io.IOException; +import java.security.PublicKey; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; + +public class TestUtils { + + public static IIdentityLink generateDummyIdl(String baseId, String baseIdType) { + return new IIdentityLink() { + + @Override + public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { + // TODO Auto-generated method stub + + } + + @Override + public void setPublicKey(PublicKey[] publicKey) { + // TODO Auto-generated method stub + + } + + @Override + public void setPrPerson(Element prPerson) { + // TODO Auto-generated method stub + + } + + @Override + public void setIssueInstant(String issueInstant) { + // TODO Auto-generated method stub + + } + + @Override + public void setIdentificationValue(String identificationValue) { + // TODO Auto-generated method stub + + } + + @Override + public void setIdentificationType(String identificationType) { + // TODO Auto-generated method stub + + } + + @Override + public void setGivenName(String givenName) { + // TODO Auto-generated method stub + + } + + @Override + public void setFamilyName(String familyName) { + // TODO Auto-generated method stub + + } + + @Override + public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { + // TODO Auto-generated method stub + + } + + @Override + public void setDateOfBirth(String dateOfBirth) { + // TODO Auto-generated method stub + + } + + @Override + public String getSerializedSamlAssertion() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Element getSamlAssertion() { + // TODO Auto-generated method stub + return null; + } + + @Override + public PublicKey[] getPublicKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Element getPrPerson() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIssueInstant() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIdentificationValue() { + return baseId; + + } + + @Override + public String getIdentificationType() { + return baseIdType; + + } + + @Override + public String getGivenName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFamilyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Element[] getDsigReferenceTransforms() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDateOfBirth() { + // TODO Auto-generated method stub + return null; + } + }; + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java new file mode 100644 index 000000000..8bccefc8d --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java @@ -0,0 +1,171 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.tasks; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.fail; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + +import java.net.SocketTimeoutException; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Locale; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.soap.Detail; +import javax.xml.soap.Name; +import javax.xml.soap.SOAPElement; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPFault; +import javax.xml.ws.soap.SOAPFaultException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.IfProfileValue; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Assert; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.w3c.dom.Attr; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.TypeInfo; +import org.w3c.dom.UserDataHandler; + +import com.github.skjolber.mockito.soap.Soap12EndpointRule; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDARoles; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDAStatus; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse; +import at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.TestUtils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_qs_service_auth.beans.xml" }) +@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment") +public class InjectEhvdIdentityInformationQsSystemTest { + + @Autowired + InjectEhvdInformationTask task; + @Autowired + DummyAuthConfigMap config; + @Autowired + IRequestStorage storage; + + protected MockHttpServletRequest httpReq; + protected MockHttpServletResponse httpResp; + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map<String, String> spConfigMap; + + @BeforeClass + public static void classInitializer() { + System.setProperty( + "https.cipherSuites", + //high secure RSA bases ciphers + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" + + ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + + ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + + ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + + + //high secure ECC bases ciphers + ",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" + + ",TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + + ",TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + + ",TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" + + ",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" + + ",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" + + ",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + + ",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" + + + //secure backup chipers + ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA" + + ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + + ",TLS_RSA_WITH_AES_128_CBC_SHA" + + ",TLS_RSA_WITH_AES_256_CBC_SHA" + ); + + } + + @Before + public void initialize() throws EAAFParserException { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + final ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + } + + @Test + public void validateState() throws TaskExecutionException, PendingReqIdValidationException { + // inject identityLink + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setIdentityLink(TestUtils.generateDummyIdl( + "SUTFhJ/FXHmLGfTFchYnnWG/e3A=", + EAAFConstants.URN_PREFIX_CDID + "GH")); + + task.execute(pendingReq, context); + + // validate state + final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSessionStored = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSessionStored.isForeigner()); + assertFalse("mandate", moaSessionStored.isMandateUsed()); + assertEquals("missing attributes", 1, moaSessionStored.getGenericSessionDataStorage().size()); + assertNotNull("no Role attr", moaSessionStored.getGenericDataFromSession(PVPConstants.ROLES_NAME)); + + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java new file mode 100644 index 000000000..818a2c34b --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java @@ -0,0 +1,1086 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.tasks; + +import static org.hamcrest.CoreMatchers.instanceOf; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Locale; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.soap.Detail; +import javax.xml.soap.Name; +import javax.xml.soap.SOAPElement; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPFault; +import javax.xml.ws.soap.SOAPFaultException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Assert; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.w3c.dom.Attr; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.TypeInfo; +import org.w3c.dom.UserDataHandler; + +import com.github.skjolber.mockito.soap.Soap12EndpointRule; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDARoles; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDAStatus; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; +import at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.TestUtils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class InjectEhvdIdentityInformationTaskTest { + + @Autowired + InjectEhvdInformationTask task; + @Autowired + DummyAuthConfigMap config; + @Autowired + IRequestStorage storage; + + @Rule + public final Soap12EndpointRule soap = Soap12EndpointRule.newInstance(); + + protected MockHttpServletRequest httpReq; + protected MockHttpServletResponse httpResp; + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map<String, String> spConfigMap; + + private EHVD ehvdService; + + @Before + public void initialize() throws EAAFParserException { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + final ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + // inject identityLink + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setIdentityLink(TestUtils.generateDummyIdl( + RandomStringUtils.randomAlphanumeric(10), + EAAFConstants.URN_PREFIX_BASEID)); + + // mock EHVD service + ehvdService = soap.mock(EHVD.class, "http://localhost:1234/ehvd"); + + } + + @Test + public void noIdentityLinkInSession() { + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setIdentityLink(null); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "process.04", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void noActiveGda() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(false, Arrays.asList(role1))); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "ehvd.00", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void gdaGenericServiceError() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + when(ehvdService.getGDA(any())).thenThrow(new RuntimeException("No anwser from Service")); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "ehvd.02", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void gdaServiceError() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String msg = RandomStringUtils.randomAlphabetic(10); + SOAPFault fault = generateSoaFault(msg); + SOAPFaultException error = new SOAPFaultException(fault ); + when(ehvdService.getGDA(any())).thenThrow(error); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "ehvd.02", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void noGdaInfosInResponse() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + GdaIndexResponse gdaResponse = new GdaIndexResponse(); + when(ehvdService.getGDA(any())).thenReturn(gdaResponse); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "ehvd.03", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + + @Test + public void noValidGdaRole() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = RandomStringUtils.randomAlphabetic(10); + String role2 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2))); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "ehvd.04", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + + @Test + public void validateStateWithRandomData() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = RandomStringUtils.randomAlphabetic(10); + String role2 = "1.2.40.0.34.5.2:101"; + String role3 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3))); + + task.execute(pendingReq, context); + + // validate state + final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertEquals("missing attributes", 2, moaSession.getGenericSessionDataStorage().size()); + assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); + assertEquals("wrong role attr", + "EPI-GDA()", + moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class)); + + } + + @Test + public void validateState() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = "1.2.40.0.33.5.2.101"; + String role2 = "1.2.40.0.34.5.2:100"; + String role3 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3))); + + task.execute(pendingReq, context); + + // validate state + final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertEquals("missing attributes", 2, moaSession.getGenericSessionDataStorage().size()); + assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); + assertEquals("wrong role attr", + "EPI-GDA()", + moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class)); + + } + + @Test + public void validateStateSecondOid() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = "1.2.40.0.33.5.2.101"; + String role2 = "1.2.40.0.34.5.2:158"; + String role3 = RandomStringUtils.randomAlphabetic(10); + GdaIndexResponse gdaResponse = generateGdaResponse(true, Arrays.asList(role1, role2, role3)); + when(ehvdService.getGDA(any())).thenReturn(gdaResponse); + + task.execute(pendingReq, context); + + // validate state + final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertEquals("missing attributes", 2, moaSession.getGenericSessionDataStorage().size()); + assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); + assertEquals("wrong role attr", + "EPI-GDA()", + moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class)); + + assertNotNull("no full GDA response", + moaSession.getGenericDataFromSession(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX)); + assertTrue("wrong GDA response type", + moaSession.getGenericDataFromSession(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX) instanceof GdaDescriptor); + + + } + + private GdaIndexResponse generateGdaResponse(boolean isActive, List<String> roles) { + GdaIndexResponse resp = new GdaIndexResponse(); + GdaDescriptor gda = new GdaDescriptor(); + resp.setGda(gda); + + GDAStatus status = new GDAStatus(); + gda.setStatus(status); + status.setEhvdstatus(isActive ? "Aktiv" : "Inaktiv"); + + gda.setFirstname(RandomStringUtils.randomAlphabetic(5)); + gda.setSurname(RandomStringUtils.randomAlphabetic(5)); + gda.setTitle(RandomStringUtils.randomAlphabetic(5)); + + InstanceIdentifier id = new InstanceIdentifier(); + id.setId(RandomStringUtils.randomAlphabetic(5)); + gda.setId(id); + + gda.getOtherID().add(RandomStringUtils.randomAlphabetic(5)); + gda.getOtherID().add(RandomStringUtils.randomAlphabetic(5)); + + gda.getAddress().add(generateAddress()); + gda.getAddress().add(generateAddress()); + + GDARoles gdaRoles = new GDARoles(); + gda.setRoles(gdaRoles); + gdaRoles.getRole().addAll(roles); + + return resp; + } + + private GdaAddress generateAddress() { + GdaAddress address = new GdaAddress(); + address.setZip(RandomStringUtils.randomNumeric(4)); + address.setState(RandomStringUtils.randomAlphabetic(10)); + return address; + + } + + private SOAPFault generateSoaFault(String msg) { + return new SOAPFault() { + + @Override + public void setIdAttributeNode(Attr idAttr, boolean isId) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void setIdAttributeNS(String namespaceURI, String localName, boolean isId) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void setIdAttribute(String name, boolean isId) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public Attr setAttributeNodeNS(Attr newAttr) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Attr setAttributeNode(Attr newAttr) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setAttributeNS(String namespaceURI, String qualifiedName, String value) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void setAttribute(String name, String value) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public Attr removeAttributeNode(Attr oldAttr) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void removeAttributeNS(String namespaceURI, String localName) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void removeAttribute(String name) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public boolean hasAttributeNS(String namespaceURI, String localName) throws DOMException { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasAttribute(String name) { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getTagName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public TypeInfo getSchemaTypeInfo() { + // TODO Auto-generated method stub + return null; + } + + @Override + public NodeList getElementsByTagNameNS(String namespaceURI, String localName) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public NodeList getElementsByTagName(String name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Attr getAttributeNodeNS(String namespaceURI, String localName) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Attr getAttributeNode(String name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAttributeNS(String namespaceURI, String localName) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAttribute(String name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Object setUserData(String key, Object data, UserDataHandler handler) { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setTextContent(String textContent) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void setPrefix(String prefix) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public void setNodeValue(String nodeValue) throws DOMException { + // TODO Auto-generated method stub + + } + + @Override + public Node replaceChild(Node newChild, Node oldChild) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node removeChild(Node oldChild) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void normalize() { + // TODO Auto-generated method stub + + } + + @Override + public String lookupPrefix(String namespaceURI) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String lookupNamespaceURI(String prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isSupported(String feature, String version) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isSameNode(Node other) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isEqualNode(Node arg) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isDefaultNamespace(String namespaceURI) { + // TODO Auto-generated method stub + return false; + } + + @Override + public Node insertBefore(Node newChild, Node refChild) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean hasChildNodes() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasAttributes() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Object getUserData(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getTextContent() throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node getPreviousSibling() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getPrefix() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node getParentNode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Document getOwnerDocument() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getNodeValue() throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public short getNodeType() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getNodeName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node getNextSibling() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getNamespaceURI() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLocalName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node getLastChild() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node getFirstChild() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Object getFeature(String feature, String version) { + // TODO Auto-generated method stub + return null; + } + + @Override + public NodeList getChildNodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBaseURI() { + // TODO Auto-generated method stub + return null; + } + + @Override + public NamedNodeMap getAttributes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public short compareDocumentPosition(Node other) throws DOMException { + // TODO Auto-generated method stub + return 0; + } + + @Override + public Node cloneNode(boolean deep) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Node appendChild(Node newChild) throws DOMException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setValue(String value) { + // TODO Auto-generated method stub + + } + + @Override + public void setParentElement(SOAPElement parent) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void recycleNode() { + // TODO Auto-generated method stub + + } + + @Override + public String getValue() { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement getParentElement() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void detachNode() { + // TODO Auto-generated method stub + + } + + @Override + public void setEncodingStyle(String encodingStyle) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public SOAPElement setElementQName(QName newName) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean removeNamespaceDeclaration(String prefix) { + // TODO Auto-generated method stub + return false; + } + + @Override + public void removeContents() { + // TODO Auto-generated method stub + + } + + @Override + public boolean removeAttribute(QName qname) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean removeAttribute(Name name) { + // TODO Auto-generated method stub + return false; + } + + @Override + public Iterator getVisibleNamespacePrefixes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getNamespaceURI(String prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getNamespacePrefixes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getEncodingStyle() { + // TODO Auto-generated method stub + return null; + } + + @Override + public QName getElementQName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Name getElementName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getChildElements(QName qname) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getChildElements(Name name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getChildElements() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAttributeValue(QName qname) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAttributeValue(Name name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getAllAttributesAsQNames() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getAllAttributes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public QName createQName(String localName, String prefix) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addTextNode(String text) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addNamespaceDeclaration(String prefix, String uri) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(String localName, String prefix, String uri) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(String localName, String prefix) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(SOAPElement element) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(String localName) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(QName qname) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addChildElement(Name name) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addAttribute(QName qname, String value) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public SOAPElement addAttribute(Name name, String value) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setFaultString(String faultString, Locale locale) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultString(String faultString) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultRole(String uri) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultNode(String uri) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultCode(String faultCode) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultCode(QName faultCodeQName) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultCode(Name faultCodeQName) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void setFaultActor(String faultActor) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void removeAllFaultSubcodes() { + // TODO Auto-generated method stub + + } + + @Override + public boolean hasDetail() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Iterator getFaultSubcodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Locale getFaultStringLocale() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFaultString() { + return msg; + + } + + @Override + public String getFaultRole() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getFaultReasonTexts() throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFaultReasonText(Locale locale) throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Iterator getFaultReasonLocales() throws SOAPException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFaultNode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public QName getFaultCodeAsQName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Name getFaultCodeAsName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFaultCode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFaultActor() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Detail getDetail() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void appendFaultSubcode(QName subcode) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public void addFaultReasonText(String text, Locale locale) throws SOAPException { + // TODO Auto-generated method stub + + } + + @Override + public Detail addDetail() throws SOAPException { + // TODO Auto-generated method stub + return null; + } + }; + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java new file mode 100644 index 000000000..5ff8ffba7 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.util.List; + +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.xml.ConfigurationException; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; + +@RunWith(BlockJUnit4ClassRunner.class) +public class AttributeBuilderRegistrationTest { + + @BeforeClass + public static void classInitializer() throws ConfigurationException { + EAAFDefaultSAML2Bootstrap.bootstrap(); + + } + + @Test + public void checkRegistratedAttributeBuilder() { + + List<Attribute> supportedAttributes = PVPAttributeBuilder.buildSupportedEmptyAttributes(); + + assertFalse("Registered Attribute-Builder is empty", supportedAttributes.isEmpty()); + assertTrue("No role attribute registrated", supportedAttributes.stream() + .filter(el -> PVPAttributeDefinitions.ROLES_NAME.equals(el.getName())) + .findFirst() + .isPresent()); + + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java new file mode 100644 index 000000000..6d39b926e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; + +@RunWith(BlockJUnit4ClassRunner.class) +public class AuthenticationRoleFactoryTest { + + @Test + public void simpleRole() { + String role = RandomStringUtils.randomAlphabetic(5); + + AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(role); + + assertEquals("wrong role name", role, toCheck.getRoleName()); + assertEquals("wrong raw role", role, toCheck.getRawRoleString()); + assertNull("wrong role attr", toCheck.getParams()); + + } + + @Test + public void complexeRoleEmptyParams() { + String role = RandomStringUtils.randomAlphabetic(5); + String fullRole = role + "()"; + + AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(fullRole); + + assertEquals("wrong role name", role, toCheck.getRoleName()); + assertEquals("wrong raw role", fullRole, toCheck.getRawRoleString()); + assertNull("wrong role attr", toCheck.getParams()); + + } + + @Test + public void complexeRoleWithParams() { + String p1 = RandomStringUtils.randomAlphabetic(5); + String v1 = RandomStringUtils.randomAlphabetic(5); + String p2 = RandomStringUtils.randomAlphabetic(5); + String v2 = RandomStringUtils.randomAlphabetic(5); + + String role = RandomStringUtils.randomAlphabetic(5); + String fullRole = role + "(\"" + + p1 + "\"=\"" + v1 + "\"," + + p2 + "\"=\"" + v2 + "\"" + +")"; + + AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(fullRole); + + assertEquals("wrong role name", role, toCheck.getRoleName()); + assertEquals("wrong raw role", fullRole, toCheck.getRawRoleString()); + assertNotNull("wrong role attr", toCheck.getParams()); + assertEquals("wrong param size", 2, toCheck.getParams().size()); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java new file mode 100644 index 000000000..387aca540 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java @@ -0,0 +1,55 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils; + +import static org.junit.Assert.assertEquals; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.IStatusMessenger; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({"/test_ehvd_service_messager_auth.beans.xml"}) +public class MoaStatusMessagerTest { + + @Autowired IStatusMessenger messager; + + + @Test + public void checkErrorCodeMapper() { + assertEquals("default errorcode", "9199", + messager.getResponseErrorCode(new NullPointerException())); + + + assertEquals("new errorCode file", "aabbccdd", + messager.mapInternalErrorToExternalError("test.01")); + assertEquals("new errorCode file", "zzzyyyxxx", + messager.mapInternalErrorToExternalError("test.02")); + + assertEquals("existing errorCode file", "4401", + messager.mapInternalErrorToExternalError("auth.34")); + assertEquals("existing errorCode file", "1101", + messager.mapInternalErrorToExternalError("parser.07")); + + } + + @Test + public void checkErrorMessages() { + assertEquals("new error msg", + "Für den abgefragtem GDA liegt keine Berechtigung vor", messager.getMessage("ehvd.00", null)); + assertEquals("new error msg", + "Allgemeiner Fehler bei der Abfrage des EHVD Service", messager.getMessage("ehvd.99", null)); + + + assertEquals("existing error msg", + "Zertifikat konnte nicht ausgelesen werden.", messager.getMessage("auth.14", null)); + assertEquals("existing error msg", + "\"Issuer\" im AUTH-Block nicht vorhanden.", messager.getMessage("validator.32", null)); + + } + + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/com/github/skjolber/mockito/soap/Soap12EndpointRule.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/com/github/skjolber/mockito/soap/Soap12EndpointRule.java new file mode 100644 index 000000000..547401cc3 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/com/github/skjolber/mockito/soap/Soap12EndpointRule.java @@ -0,0 +1,195 @@ +package com.github.skjolber.mockito.soap; + +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.ws.soap.SOAPBinding; +import javax.xml.ws.spi.Provider; + +import org.apache.cxf.Bus; +import org.apache.cxf.endpoint.EndpointException; +import org.apache.cxf.endpoint.ServerImpl; +import org.apache.cxf.jaxws.EndpointImpl; +import org.apache.cxf.jaxws.JaxWsServerFactoryBean; +import org.apache.cxf.jaxws.support.JaxWsServiceFactoryBean; +import org.apache.cxf.service.ServiceImpl; +import org.apache.cxf.service.model.EndpointInfo; +import org.apache.cxf.transport.ChainInitiationObserver; +import org.apache.cxf.transport.Destination; +import org.apache.cxf.transport.DestinationFactory; +import org.apache.cxf.transport.DestinationFactoryManager; + + +/** + * Fork of {@link SoapEndpointRule} that set <i>endpoint.setBindingUri(SOAPBinding.SOAP12HTTP_BINDING)</i> + * into {@link EndpointImpl}. + * + * @author tlenz + * + */ +public class Soap12EndpointRule extends SoapServerRule { + private static final int PORT_RANGE_START = 1024 + 1; + private static final int PORT_RANGE_END = PortManager.PORT_RANGE_MAX; + + public static Soap12EndpointRule newInstance() { + return new Soap12EndpointRule(); + } + + private final Map<String, EndpointImpl> endpoints = new HashMap<>(); + + private PortManager<Destination> portManager; + + public Soap12EndpointRule() { + this(PORT_RANGE_START, PORT_RANGE_END); + } + + public Soap12EndpointRule(String... portNames) { + this(PORT_RANGE_START, PORT_RANGE_END, portNames); + } + + public Soap12EndpointRule(int portRangeStart, int portRangeEnd, String... portNames) { + portManager = new PortManager<Destination>(portRangeStart, portRangeEnd) { + @Override + public Destination reserve(int port) throws Exception { + return createDestination(port); + } + + @Override + public void release(Destination destination) { + destination.shutdown(); + } + }; + + portManager.add(portNames); + } + + /** + * Returns the port number that was reserved for the given name. + * + * @param portName port name + * @return a valid port number if the port has been reserved, -1 otherwise + */ + public int getPort(String portName) { + return portManager.getPort(portName); + } + + /** + * Returns all port names and respective port numbers. + * + * @return a map of port name and port value (a valid port number if the port + * has been reserved, or -1 otherwise) + */ + public Map<String, Integer> getPorts() { + return portManager.getPorts(); + } + + /** + * Attempt to reserve a port by starting a server. + * + * @param port port to reserve + * @return destination if successful + * @throws IOException + * @throws EndpointException + */ + private Destination createDestination(int port) throws IOException, EndpointException { + final JaxWsServiceFactoryBean jaxWsServiceFactoryBean = new JaxWsServiceFactoryBean(); + + final JaxWsServerFactoryBean serverFactoryBean = new JaxWsServerFactoryBean(jaxWsServiceFactoryBean); + final Bus bus = serverFactoryBean.getBus(); + + final String address = "http://localhost:" + port; + serverFactoryBean.setAddress(address); + + final DestinationFactory destinationFactory = bus.getExtension(DestinationFactoryManager.class) + .getDestinationFactoryForUri(address); + + final EndpointInfo ei = new EndpointInfo(null, Integer.toString(port)); + ei.setAddress(address); + + final Destination destination = destinationFactory.getDestination(ei, bus); + + final ServiceImpl serviceImpl = new ServiceImpl(); + + final org.apache.cxf.endpoint.Endpoint endpoint = new org.apache.cxf.endpoint.EndpointImpl(bus, + serviceImpl, ei); + destination.setMessageObserver(new ChainInitiationObserver(endpoint, bus)); + return destination; + } + + @Override + public <T> void proxy(T target, Class<T> port, String address, String wsdlLocation, + List<String> schemaLocations, Map<String, Object> properties) { + assertValidParams(target, port, address); + + if (endpoints.containsKey(address)) { + throw new IllegalArgumentException("Endpoint " + address + " already exists"); + } + + final T serviceInterface = SoapServiceProxy.newInstance(target); + + final EndpointImpl endpoint = (EndpointImpl) Provider.provider().createEndpoint(null, serviceInterface); + endpoint.setBindingUri(SOAPBinding.SOAP12HTTP_BINDING); + + if (wsdlLocation != null) { + endpoint.setWsdlLocation(wsdlLocation); + } + + if (schemaLocations != null) { + endpoint.setSchemaLocations(schemaLocations); + } + + endpoint.setProperties(processProperties(properties, wsdlLocation, schemaLocations)); + + final Destination destination = portManager.getData(parsePort(address)); + if (destination != null) { + final ServerImpl server = endpoint.getServer(); + server.setDestination(destination); + } + + endpoint.publish(address); + + endpoints.put(address, endpoint); + } + + @Override + protected void before() { + // reserve all ports + portManager.start(); + } + + @Override + protected void after() { + destroy(); + } + + /** + * Stop and remove endpoints, keeping port reservations. + */ + public void clear() { + endpoints.values().forEach(EndpointImpl::stop); + endpoints.clear(); + } + + @Override + public void destroy() { + endpoints.values().forEach(endpoint -> { + endpoint.stop(); + endpoint.getBus().shutdown(true); + }); + endpoints.clear(); + portManager.stop(); + } + + @Override + public void stop() { + endpoints.values().forEach(endpoint -> endpoint.getServer().stop()); + } + + @Override + public void start() { + // republish + endpoints.values().forEach(endpoint -> endpoint.getServer().start()); + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties new file mode 100644 index 000000000..580af5559 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties @@ -0,0 +1,11 @@ +modules.ehvd.enabled=true +modules.ehvd.sp.1=aaabbccddeeffgg +modules.ehvd.sp.2=yyasdfasfsa2323 +modules.ehvd.sp.3= +modules.ehvd.sp.4=435344534egewgegf + +modules.ehvd.service.url=http://localhost:1234/ehvd +#modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at + +modules.ehvd.role.pvp=EPI-GDA() +modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$ diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties new file mode 100644 index 000000000..4e666c204 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties @@ -0,0 +1,4 @@ +modules.ehvd.enabled=false +modules.ehvd.sp.1=aaabbccddeeffgg +modules.ehvd.sp.2=yyasdfasfsa2323 +modules.ehvd.sp.3=435344534egewgegf diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties new file mode 100644 index 000000000..dc8fe54d5 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties @@ -0,0 +1,12 @@ +modules.ehvd.enabled=true +modules.ehvd.sp.1=aaabbccddeeffgg +modules.ehvd.sp.2=yyasdfasfsa2323 +modules.ehvd.sp.3= +modules.ehvd.sp.4=435344534egewgegf + +modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at +#modules.ehvd.service.bpk.target= +modules.ehvd.proxy.socks.port=12345 +modules.ehvd.role.pvp=EPI-GDA() +modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$ +#modules.ehvd.service.otherid.prefix=1.2.40.0.34.4.18:
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_qs_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_qs_service_auth.beans.xml new file mode 100644 index 000000000..0595d4eb4 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_qs_service_auth.beans.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <import resource="classpath:/SpringTest-context_authManager.xml" /> + <import resource="classpath:/moaid_ehvd_service_auth.beans.xml" /> + + <bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap"> + <constructor-arg name="path" value="/config/config_qs_service.properties" /> + </bean> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml new file mode 100644 index 000000000..b499ad395 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <import resource="classpath:/SpringTest-context_authManager.xml" /> + <import resource="classpath:/moaid_ehvd_service_auth.beans.xml" /> + + <bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap"> + <constructor-arg name="path" value="/config/config1.properties" /> + </bean> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml new file mode 100644 index 000000000..7116034b7 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <import resource="classpath:/SpringTest-context_authManager.xml" /> + + <bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap"> + <constructor-arg name="path" value="/config/config2.properties" /> + </bean> + + <beans default-lazy-init="true"> + <bean id="ehvdServiceAuthModule" class="at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule"> + <property name="priority" value="4" /> + </bean> + + </beans> +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml new file mode 100644 index 000000000..5d8e03fb5 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <bean id="testMsgProvider" + class="at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index 46b645403..41da7ff51 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-module-elga_mandate_service</artifactId> <version>${moa-id-module-elga_mandate_client}</version> diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 131ae455b..f9ff3333b 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-module-openID</artifactId> @@ -38,13 +38,13 @@ <dependency> <groupId>com.google.http-client</groupId> <artifactId>google-http-client-jackson2</artifactId> - <version>1.22.0</version> + <version>1.40.1</version> <scope>test</scope> </dependency> <dependency> <groupId>com.google.oauth-client</groupId> <artifactId>google-oauth-client-jetty</artifactId> - <version>1.22.0</version> + <version>1.32.1</version> <scope>test</scope> <exclusions> <exclusion> @@ -78,7 +78,6 @@ <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> - <version>19.0</version> </dependency> <!-- TestNG --> diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 0dccba648..d3a2cc94e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-module-sl20_authentication</artifactId> <name>moa-id-module-sl20_authentication</name> @@ -53,20 +53,19 @@ <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> - <version>2.8.2</version> + <version>2.8.9</version> </dependency> <dependency> <groupId>org.bitbucket.b_c</groupId> <artifactId>jose4j</artifactId> - <version>0.6.3</version> + <version>0.7.9</version> </dependency> - <dependency> - <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> - <version>1.52</version> - <!-- <scope>provided</scope> --> -</dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + <version>1.70</version> + </dependency> <!-- Dependencies for testing --> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index 759d9c838..6bf297a4e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -13,7 +13,6 @@ import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.utils.URIBuilder; -import org.apache.log4j.Logger; import org.jose4j.base64url.Base64Url; import com.google.gson.JsonElement; @@ -23,328 +22,347 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class SL20JSONExtractorUtils { - private static final Logger log = Logger.getLogger(SL20JSONExtractorUtils.class); - - /** - * Extract String value from JSON - * - * @param input - * @param keyID - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static String getStringValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - try { - JsonElement internal = getAndCheck(input, keyID, isRequired); - - if (internal != null) - return internal.getAsString(); - else - return null; - - } catch (SLCommandoParserException e) { - throw e; - - } catch (Exception e) { - throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e); - - } - } - - /** - * Extract Boolean value from JSON - * - * @param input - * @param keyID - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired, boolean defaultValue) throws SLCommandoParserException { - try { - JsonElement internal = getAndCheck(input, keyID, isRequired); - - if (internal != null) - return internal.getAsBoolean(); - else - return defaultValue; - - } catch (SLCommandoParserException e) { - throw e; - - } catch (Exception e) { - throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); - - } - } - - /** - * Extract JSONObject value from JSON - * - * @param input - * @param keyID - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - try { - JsonElement internal = getAndCheck(input, keyID, isRequired); - - if (internal != null) - return internal.getAsJsonObject(); - else - return null; - - } catch (SLCommandoParserException e) { - throw e; - - } catch (Exception e) { - throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); - - } - } - - /** - * Extract a List of String elements from a JSON element - * - * @param input - * @return - * @throws SLCommandoParserException - */ - public static List<String> getListOfStringElements(JsonElement input) throws SLCommandoParserException { - List<String> result = new ArrayList<String>(); - if (input != null) { - if (input.isJsonArray()) { - Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator(); - while(arrayIterator.hasNext()) { - JsonElement next = arrayIterator.next(); - if (next.isJsonPrimitive()) - result.add(next.getAsString()); - } - - } else if (input.isJsonPrimitive()) { - result.add(input.getAsString()); - - } else { - log.warn("JSON Element IS NOT a JSON array or a JSON Primitive"); - throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive"); - - } - } - - return result; - } - - /** - * Extract Map of Key/Value pairs from a JSON Element - * - * @param input parent JSON object - * @param keyID KeyId of the child that should be parsed - * @param isRequired - * @return - * @throws SLCommandoParserException - */ - public static Map<String, String> getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - JsonElement internal = getAndCheck(input, keyID, isRequired); - return getMapOfStringElements(internal); - - } - - /** - * Extract Map of Key/Value pairs from a JSON Element - * - * @param input - * @return - * @throws SLCommandoParserException - */ - public static Map<String, String> getMapOfStringElements(JsonElement input) throws SLCommandoParserException { - Map<String, String> result = new HashMap<String, String>(); - - if (input != null) { - if (input.isJsonArray()) { - Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator(); - while(arrayIterator.hasNext()) { - JsonElement next = arrayIterator.next(); - Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator(); - entitySetToMap(result, entry); - - } - - } else if (input.isJsonObject()) { - Iterator<Entry<String, JsonElement>> objectKeys = input.getAsJsonObject().entrySet().iterator(); - entitySetToMap(result, objectKeys); - - } else - throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object"); - - } - - return result; - } - - private static void entitySetToMap(Map<String, String> result, Iterator<Entry<String, JsonElement>> entry) { - while (entry.hasNext()) { - Entry<String, JsonElement> el = entry.next(); - if (result.containsKey(el.getKey())) - log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); - - result.put(el.getKey(), el.getValue().getAsString()); - - } - - } - - - public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception { - JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); - JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); - - if (result == null && encryptedResult == null) - throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); - - else if (encryptedResult == null && mustBeEncrypted) - throw new SLCommandoParserException("result MUST be signed."); - - else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { - try { - return decrypter.decryptPayload(encryptedResult.getAsString()); - - } catch (Exception e) { - log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); - if (!mustBeEncrypted) { - log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); - - //dummy code - try { - String[] signedPayload = encryptedResult.toString().split("\\."); - JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); - return payLoad; - - } catch (Exception e1) { - log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ..."); - throw new SL20Exception(e.getMessage(), null, e); - - } - - } else - throw e; - - } - - } else if (result != null) { - return result; - - } else - throw new SLCommandoParserException("Internal build error"); - - - } - - /** - * Extract payLoad from generic transport container - * - * @param container - * @param joseTools - * @return - * @throws SLCommandoParserException - */ - public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools, boolean mustBeSigned) throws SL20Exception { - - JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); - JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); - - if (mustBeSigned && joseTools == null) - throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'"); - - if (sl20Payload == null && sl20SignedPayload == null) - throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); - - else if (sl20SignedPayload == null && mustBeSigned) - throw new SLCommandoParserException("payLoad MUST be signed."); - - else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { - return joseTools.validateSignature(sl20SignedPayload.getAsString()); - - } else if (sl20Payload != null) - return new VerificationResult(sl20Payload.getAsJsonObject()); - - else - throw new SLCommandoParserException("Internal build error"); - - - } - - - /** - * Extract generic transport container from httpResponse - * - * @param httpResp - * @return - * @throws SLCommandoParserException - */ - public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp) throws SLCommandoParserException { - try { - JsonObject sl20Resp = null; - if (httpResp.getStatusLine().getStatusCode() == 307) { - Header[] locationHeader = httpResp.getHeaders("Location"); - if (locationHeader == null) - throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); - - String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); - sl20Resp = new JsonParser().parse(Base64Url.encode((sl20RespString.getBytes()))).getAsJsonObject(); - - } else if (httpResp.getStatusLine().getStatusCode() == 200) { - if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) - throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); - sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - - } else if ( (httpResp.getStatusLine().getStatusCode() == 500) || - (httpResp.getStatusLine().getStatusCode() == 401) || - (httpResp.getStatusLine().getStatusCode() == 400) ) { - log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() - + ". Search for error message"); - sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - - - } else - throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); - - log.info("Find JSON object in http response"); - return sl20Resp; - - } catch (Exception e) { - throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); - - } - } - - private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception { - if (resp != null && resp.getContent() != null) { - JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent())); - if (sl20Resp != null && sl20Resp.isJsonObject()) { - return sl20Resp.getAsJsonObject(); - - } else - throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object"); - - - } else - throw new SLCommandoParserException("Can NOT find content in http response"); - - } - - - private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { - JsonElement internal = input.get(keyID); - - if (internal == null && isRequired) - throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); - - return internal; - - } + + /** + * Extract String value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static String getStringValue(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + try { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) { + return internal.getAsString(); + } else { + return null; + } + + } catch (final SLCommandoParserException e) { + throw e; + + } catch (final Exception e) { + throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e); + + } + } + + /** + * Extract Boolean value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired, + boolean defaultValue) throws SLCommandoParserException { + try { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) { + return internal.getAsBoolean(); + } else { + return defaultValue; + } + + } catch (final SLCommandoParserException e) { + throw e; + + } catch (final Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract JSONObject value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + try { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) { + return internal.getAsJsonObject(); + } else { + return null; + } + + } catch (final SLCommandoParserException e) { + throw e; + + } catch (final Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract a List of String elements from a JSON element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static List<String> getListOfStringElements(JsonElement input) throws SLCommandoParserException { + final List<String> result = new ArrayList<>(); + if (input != null) { + if (input.isJsonArray()) { + final Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator(); + while (arrayIterator.hasNext()) { + final JsonElement next = arrayIterator.next(); + if (next.isJsonPrimitive()) { + result.add(next.getAsString()); + } + } + + } else if (input.isJsonPrimitive()) { + result.add(input.getAsString()); + + } else { + log.warn("JSON Element IS NOT a JSON array or a JSON Primitive"); + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive"); + + } + } + + return result; + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input parent JSON object + * @param keyID KeyId of the child that should be parsed + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static Map<String, String> getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + final JsonElement internal = getAndCheck(input, keyID, isRequired); + return getMapOfStringElements(internal); + + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static Map<String, String> getMapOfStringElements(JsonElement input) + throws SLCommandoParserException { + final Map<String, String> result = new HashMap<>(); + + if (input != null) { + if (input.isJsonArray()) { + final Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator(); + while (arrayIterator.hasNext()) { + final JsonElement next = arrayIterator.next(); + final Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, entry); + + } + + } else if (input.isJsonObject()) { + final Iterator<Entry<String, JsonElement>> objectKeys = input.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, objectKeys); + + } else { + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object"); + } + + } + + return result; + } + + private static void entitySetToMap(Map<String, String> result, Iterator<Entry<String, JsonElement>> entry) { + while (entry.hasNext()) { + final Entry<String, JsonElement> el = entry.next(); + if (result.containsKey(el.getKey())) { + log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); + } + + result.put(el.getKey(), el.getValue().getAsString()); + + } + + } + + public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, + boolean mustBeEncrypted) throws SL20Exception { + final JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); + final JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); + + if (result == null && encryptedResult == null) { + throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); + } else if (encryptedResult == null && mustBeEncrypted) { + throw new SLCommandoParserException("result MUST be signed."); + } else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { + try { + return decrypter.decryptPayload(encryptedResult.getAsString()); + + } catch (final Exception e) { + log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); + if (!mustBeEncrypted) { + log.warn( + "Decrypted results are disabled by configuration. Parse result in plain if it is possible"); + + // dummy code + try { + final String[] signedPayload = encryptedResult.toString().split("\\."); + final JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode( + signedPayload[1]))); + return payLoad; + + } catch (final Exception e1) { + log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ..."); + throw new SL20Exception(e.getMessage(), null, e); + + } + + } else { + throw e; + } + + } + + } else if (result != null) { + return result; + + } else { + throw new SLCommandoParserException("Internal build error"); + } + + } + + /** + * Extract payLoad from generic transport container + * + * @param container + * @param joseTools + * @return + * @throws SLCommandoParserException + */ + public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools, + boolean mustBeSigned) throws SL20Exception { + + final JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); + final JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); + + if (mustBeSigned && joseTools == null) { + throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'"); + } + + if (sl20Payload == null && sl20SignedPayload == null) { + throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); + } else if (sl20SignedPayload == null && mustBeSigned) { + throw new SLCommandoParserException("payLoad MUST be signed."); + } else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { + return joseTools.validateSignature(sl20SignedPayload.getAsString()); + + } else if (sl20Payload != null) { + return new VerificationResult(sl20Payload.getAsJsonObject()); + } else { + throw new SLCommandoParserException("Internal build error"); + } + + } + + /** + * Extract generic transport container from httpResponse + * + * @param httpResp + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp) + throws SLCommandoParserException { + try { + JsonObject sl20Resp = null; + if (httpResp.getStatusLine().getStatusCode() == 307) { + final Header[] locationHeader = httpResp.getHeaders("Location"); + if (locationHeader == null) { + throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); + } + + final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0) + .getValue(); + sl20Resp = new JsonParser().parse(Base64Url.encode(sl20RespString.getBytes())).getAsJsonObject(); + + } else if (httpResp.getStatusLine().getStatusCode() == 200) { + if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) { + throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp + .getEntity().getContentType().getValue()); + } + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + } else if (httpResp.getStatusLine().getStatusCode() == 500 || + httpResp.getStatusLine().getStatusCode() == 401 || + httpResp.getStatusLine().getStatusCode() == 400) { + log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + + ". Search for error message"); + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + } else { + throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine() + .getStatusCode()); + } + + log.info("Find JSON object in http response"); + return sl20Resp; + + } catch (final Exception e) { + throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); + + } + } + + private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception { + if (resp != null && resp.getContent() != null) { + final JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent())); + if (sl20Resp != null && sl20Resp.isJsonObject()) { + return sl20Resp.getAsJsonObject(); + + } else { + throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object"); + } + + } else { + throw new SLCommandoParserException("Can NOT find content in http response"); + } + + } + + private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) + throws SLCommandoParserException { + final JsonElement internal = input.get(keyID); + + if (internal == null && isRequired) { + throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); + } + + return internal; + + } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index d0869994b..70db729e1 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-module-ssoTransfer</artifactId> <name>MOA-ID_SSO_Transfer_modul</name> @@ -36,14 +36,14 @@ <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> - <version>1.52</version> + <version>1.70</version> <!-- <scope>provided</scope> --> </dependency> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk15on</artifactId> - <version>1.52</version> + <version>1.70</version> </dependency> <dependency> diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index 1148ab31c..4e72ede0c 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-modules-federated_authentication</artifactId> <description>PVP2 ServiceProvider implementation for federated authentication</description> diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index d2cd5686e..a05794be6 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-module-saml1</artifactId> diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index 5b19d44c0..cd9c1087e 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <artifactId>moa-id-module-monitoring</artifactId> diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index d2bce7b0d..7fd7107e9 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>4.1.5</version> + <version>4.2.0</version> </parent> <groupId>MOA.id.server.modules</groupId> @@ -36,7 +36,10 @@ <module>moa-id-module-sl20_authentication</module> <module>moa-id-module-AT_eIDAS_connector</module> - <module>moa-id-module-E-ID_connector</module> + <module>moa-id-module-E-ID_connector</module> + <module>moa-id-module-dummyAuth</module> + <module>moa-id-module-ehvd_integration</module> + </modules> <dependencies> diff --git a/id/server/pom.xml b/id/server/pom.xml index e9fb44b80..8e9d1a14c 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ <parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/id/server/proxy/.gitignore b/id/server/proxy/.gitignore deleted file mode 100644 index 4dc009173..000000000 --- a/id/server/proxy/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/target -/bin diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml deleted file mode 100644 index 4a18f6b2e..000000000 --- a/id/server/proxy/pom.xml +++ /dev/null @@ -1,152 +0,0 @@ -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>MOA.id</groupId>
- <artifactId>moa-id</artifactId>
- <version>4.0.1-snapshot</version>
- </parent>
-
- <properties>
- <repositoryPath>${basedir}/../../../repository</repositoryPath>
- </properties>
-
- <repositories>
- <repository>
- <id>shibboleth.internet2.edu</id>
- <name>Internet2</name>
- <url>https://apps.egiz.gv.at/shibboleth_nexus/</url>
- </repository>
- </repositories>
-
- <modelVersion>4.0.0</modelVersion>
- <groupId>MOA.id.server</groupId>
- <artifactId>moa-id-proxy</artifactId>
- <version>${moa-id-proxy-version}</version>
- <packaging>war</packaging>
- <name>MOA ID-Proxy WebService</name>
-
- <build>
- <plugins>
-<!-- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>properties-maven-plugin</artifactId>
- <version>1.0-alpha-2</version>
- <executions>
- <execution>
- <phase>initialize</phase>
- <goals>
- <goal>read-project-properties</goal>
- </goals>
- <configuration>
- <files>
- <file>${basedir}/../../../moa-id.properties</file>
- </files>
- </configuration>
- </execution>
- </executions>
- </plugin> -->
-
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.1.1</version>
- <!-- <version>2.0.2</version>-->
- <configuration>
- <archive>
- <manifest>
- <addDefaultSpecificationEntries>false</addDefaultSpecificationEntries>
- <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
- </manifest>
- <addMavenDescriptor>false</addMavenDescriptor>
- </archive>
-<!--
- <webResources>
- <resource>
- <directory>${basedir}/../resources</directory>
- <targetPath>WEB-INF/classes/resources</targetPath>
- </resource>
- <resource>
- <directory>${basedir}/../services</directory>
- <targetPath>WEB-INF/classes/META-INF/services</targetPath>
- </resource>
- </webResources>
--->
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-compiler-plugin</artifactId>
- <configuration>
- <source>1.7</source>
- <target>1.7</target>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <!-- we need Axis 1.1 here, 1.0 is included in SPSS -->
- <dependency>
- <groupId>axis</groupId>
- <artifactId>axis</artifactId>
- </dependency>
- <dependency>
- <groupId>MOA.spss.server</groupId>
- <artifactId>moa-spss-lib</artifactId>
- </dependency>
- <dependency>
- <groupId>MOA.id.server</groupId>
- <artifactId>moa-id-lib</artifactId>
- <!--version>${project.version}</version-->
- </dependency>
- <!-- transitive dependencies we don't want to include into the war -->
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_jce_full</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_ecc</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_Pkcs11Provider</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_Pkcs11Wrapper</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>xalan</artifactId>
- <!-- should be provided by the container or jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <!-- should be provided by the container or jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>xml-apis</artifactId>
- <!-- should be provided by the container or jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>serializer</artifactId>
- <!-- should be provided by the container or jre -->
- <scope>provided</scope>
- </dependency>
- </dependencies>
-
-</project>
diff --git a/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF b/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF deleted file mode 100644 index 58630c02e..000000000 --- a/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF +++ /dev/null @@ -1,2 +0,0 @@ -Manifest-Version: 1.0
-
diff --git a/id/server/proxy/src/main/webapp/WEB-INF/web.xml b/id/server/proxy/src/main/webapp/WEB-INF/web.xml deleted file mode 100644 index 57926f207..000000000 --- a/id/server/proxy/src/main/webapp/WEB-INF/web.xml +++ /dev/null @@ -1,82 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'> -<web-app> - <display-name>MOA ID Proxy</display-name> - <description>MOA ID Proxy Service</description> - - <filter> - <filter-name>ParameterInOrder Filter</filter-name> - <filter-class>at.gv.egovernment.moa.id.util.ParameterInOrderFilter</filter-class> - </filter> - <filter-mapping> - <filter-name>ParameterInOrder Filter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - - <servlet> - <servlet-name>Proxy</servlet-name> - <display-name>Proxy</display-name> - <description>Forwards requests to the online application</description> - <servlet-class>at.gv.egovernment.moa.id.proxy.servlet.ProxyServlet</servlet-class> - <load-on-startup>0</load-on-startup> - </servlet> - <servlet> - <servlet-name>ConfigurationUpdate</servlet-name> - <display-name>ConfigurationUpdate</display-name> - <description>Update MOA-ID Proxy configuration from the configuration file</description> - <servlet-class>at.gv.egovernment.moa.id.proxy.servlet.ConfigurationServlet</servlet-class> - </servlet> - - <!-- JSP servlet --> - <servlet> - <servlet-name>jspservlet</servlet-name> - <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> - </servlet> - - <!-- servlet mapping for jsp pages --> - <!-- errorpage.jsp (customizeable) --> - <servlet-mapping> - <servlet-name>jspservlet</servlet-name> - <url-pattern>/errorpage-proxy.jsp</url-pattern> - </servlet-mapping> - <!-- message-proxy.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) --> - <servlet-mapping> - <servlet-name>jspservlet</servlet-name> - <url-pattern>/message-proxy.jsp</url-pattern> - </servlet-mapping> - - <servlet-mapping> - <servlet-name>ConfigurationUpdate</servlet-name> - <url-pattern>/ConfigurationUpdate</url-pattern> - </servlet-mapping> - <servlet-mapping> - <servlet-name>Proxy</servlet-name> - <url-pattern>/*</url-pattern> - </servlet-mapping> - <session-config> - <session-timeout>30</session-timeout> - </session-config> - <error-page> - <error-code>500</error-code> - <location>/errorpage-proxy.jsp</location> - </error-page> - <security-constraint> - <web-resource-collection> - <web-resource-name>ConfigurationUpdate</web-resource-name> - <url-pattern>/ConfigurationUpdate</url-pattern> - </web-resource-collection> - <auth-constraint> - <role-name>moa-admin</role-name> - </auth-constraint> - </security-constraint> - <login-config> - <auth-method>BASIC</auth-method> - <realm-name>UserDatabase</realm-name> - </login-config> - <security-role> - <description> - The role that is required to log in to the moa Application - </description> - <role-name>moa-admin</role-name> - </security-role> -</web-app> diff --git a/id/server/proxy/src/main/webapp/errorpage-proxy.jsp b/id/server/proxy/src/main/webapp/errorpage-proxy.jsp deleted file mode 100644 index 07f3e7f69..000000000 --- a/id/server/proxy/src/main/webapp/errorpage-proxy.jsp +++ /dev/null @@ -1,50 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<%@ page contentType="text/html; charset=UTF-8" %>
-<html>
-<head>
-<title>Ein Fehler ist aufgetreten</title>
-</head>
-<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown");
- String errorMessage = (String)request.getAttribute("ErrorMessage");
- String wrongParameters = (String)request.getAttribute("WrongParameters");
-%>
-
-<body>
-<h1>Fehler bei der Anmeldung</h1>
-<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
-
-<% if (errorMessage != null) { %>
-<p>
-<%= errorMessage%><br>
-</p>
-<% } %>
-<% if (exceptionThrown != null) { %>
-<p>
-<%= exceptionThrown.getMessage()%>
-</p>
-<% } %>
-<% if (wrongParameters != null) { %>
-<p>Die Angabe der Parameter ist unvollständig.<br></p>
-<b> <%= wrongParameters %> </b><br>
-<p>
- Beispiele für korrekte Links zur MOA-ID Authentisierung sind:
-</p>
-<p>
-<tt><a href="https://<MOA-URL>/StartAuthentication?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>"></tt>
-</p>
-<p>
-<tt><a href="https://<MOA-URL>/SelectBKU?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"></tt>
-</p>
-<p>
-Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entfällt die Angabe des <i>Target</i> Parameters:
-</p>
-<p>
-<tt><a href="https://<MOA-URL>/StartAuthentication?OA=<OA-URL>&Template=<Template-URL>"></tt>
-</p>
-<p>
-<tt><a href="https://<MOA-URL>/SelectBKU?OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"></tt>
-</p>
-<p>Die Angabe der Parameter <tt>"Template"</tt> und <tt>"BKUSelectionTemplate"</tt> ist optional.</p>
-<% } %>
-</body>
-</html>
\ No newline at end of file diff --git a/id/server/proxy/src/main/webapp/message-proxy.jsp b/id/server/proxy/src/main/webapp/message-proxy.jsp deleted file mode 100644 index 0d970898a..000000000 --- a/id/server/proxy/src/main/webapp/message-proxy.jsp +++ /dev/null @@ -1,20 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<%@ page contentType="text/html; charset=UTF-8" %>
-<html>
-<head>
-<title>MOA-ID Proxy</title>
-</head>
-<% String message = (String)request.getAttribute("Message");
-%>
-
-<body>
-<h1>MOA-ID Proxy</h1>
-
-<% if (message != null) { %>
-<p>
-<%= message%><br>
-</p>
-<% } %>
-
-</body>
-</html>
\ No newline at end of file @@ -1,4 +1,4 @@ -<?xml version="1.0" encoding="UTF-8"?> +<?xml version="1.0" encoding="UTF-8"?><!-- ass<?xml version="1.0" encoding="UTF-8"?> --> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> @@ -6,7 +6,7 @@ <groupId>MOA</groupId> <artifactId>MOA</artifactId> <packaging>pom</packaging> - <version>4.1.5</version> + <version>4.2.0</version> <name>MOA</name> <properties> @@ -14,68 +14,92 @@ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <!-- Project Version --> - <moa-id-version>4.1.5</moa-id-version> + <moa-id-version>4.2.0</moa-id-version> - <moa-id-version-final>4.1.5</moa-id-version-final> - <moa-id-version-edu>4.1.5</moa-id-version-edu> + + + <moa-id-version-final>4.2.0</moa-id-version-final> + <moa-id-version-edu>4.2.0</moa-id-version-edu> <moa-id-proxy-version>2.0.1</moa-id-proxy-version> - <configtool-version>3.0.6</configtool-version> - <demo-oa-version>2.0.8</demo-oa-version> + <configtool-version>3.1.0</configtool-version> + <demo-oa-version>2.1.0</demo-oa-version> <moa-id-module-elga_mandate_client>1.3.2</moa-id-module-elga_mandate_client> - + + <moa-id-dummy-auth.version>4.1.5.2</moa-id-dummy-auth.version> + <moa-id-ehvd_integration.version>4.1.5.3</moa-id-ehvd_integration.version> + <!-- =================================================================================== --> <egiz-spring-api.version>0.3</egiz-spring-api.version> <egiz.eaaf.version>1.0.15</egiz.eaaf.version> - <org.springframework.version>5.2.11.RELEASE</org.springframework.version> - <org.springframework.data.spring-data-jpa>2.3.5.RELEASE</org.springframework.data.spring-data-jpa> - <org.springframework.data.spring-data-redis>2.3.5.RELEASE</org.springframework.data.spring-data-redis> + <org.springframework.version>5.3.13</org.springframework.version> + <org.springframework.data.spring-data-jpa>2.6.0</org.springframework.data.spring-data-jpa> + <org.springframework.data.spring-data-redis>2.6.0</org.springframework.data.spring-data-redis> <surefire.version>2.22.0</surefire.version> <jaxb.version>2.3.1</jaxb.version> <jaxb-core.version>2.3.0.1</jaxb-core.version> - <guava.version>30.0-jre</guava.version> + <guava.version>31.0.1-jre</guava.version> <opensaml.version>2.6.6</opensaml.version> <!-- update to v3 (v2 is end-of-life in june 2016) --> <org.opensaml.openws.version>1.5.6</org.opensaml.openws.version> <xmltooling.version>1.4.6</xmltooling.version> - <xmlsec.version>2.1.5</xmlsec.version> + <xmlsec.version>2.3.0</xmlsec.version> <jaxws-api.version>2.3.1</jaxws-api.version> <jws-api.version>1.1</jws-api.version> - <hibernate.version>5.4.25.Final</hibernate.version> - <org.apache.commons.commons.dbcp2>2.8.0</org.apache.commons.commons.dbcp2> + <hibernate.version>5.6.2.Final</hibernate.version> + <org.apache.commons.commons.dbcp2>2.9.0</org.apache.commons.commons.dbcp2> - <cxf.version>3.3.8</cxf.version> - <struts.version>2.5.26</struts.version> <!-- 2.5.10.1 --> + <cxf.version>3.3.12</cxf.version> + <struts.version>2.5.28</struts.version> <!-- 2.5.10.1 --> <egovutils.version>2.0.0</egovutils.version> <slf4j.version>1.7.30</slf4j.version> + <log4j.version>2.17.0</log4j.version> + <logback.version>1.2.9</logback.version> <httpclient.version>4.5.13</httpclient.version> - <httpcore.version>4.4.14</httpcore.version> + <httpcore.version>4.4.15</httpcore.version> <!-- Maybe problems with Hibernate 5.0.10 --> - <mysql-connector.java>8.0.22</mysql-connector.java> + <mysql-connector.java>8.0.27</mysql-connector.java> <!-- <mysql-connector.java>5.1.40</mysql-connector.java> --> - <junit.version>4.12</junit.version> - <org.apache.commons.io.version>2.8.0</org.apache.commons.io.version> - <org.apache.commons.lang3.version>3.11</org.apache.commons.lang3.version> + <junit.version>4.13.2</junit.version> + <org.apache.commons.io.version>2.11.0</org.apache.commons.io.version> + <org.apache.commons.lang3.version>3.12.0</org.apache.commons.lang3.version> <org.apache.commons.collections4.version>4.4</org.apache.commons.collections4.version> <org.apache.commons.collections3.version>3.2.2</org.apache.commons.collections3.version> <org.apache.commons-text.version>1.9</org.apache.commons-text.version> - <jodatime.version>2.10.8</jodatime.version> + <commons-beanutils.version>1.9.4</commons-beanutils.version> + <joda-time.version>2.10.13</joda-time.version> - <jackson-version>2.12.0</jackson-version> + <jackson-version>2.13.0</jackson-version> <apache-cli-version>1.4</apache-cli-version> <spring-orm-version>${org.springframework.version}</spring-orm-version> + + <org.projectlombok.lombok.version>1.18.22</org.projectlombok.lombok.version> + + <jacoco-maven-plugin.version>0.8.6</jacoco-maven-plugin.version> + <maven-checkstyle-plugin.version>3.1.1</maven-checkstyle-plugin.version> + <maven-pmd-plugin.version>3.14.0</maven-pmd-plugin.version> + <spotbugs-maven-plugin.version>4.1.4</spotbugs-maven-plugin.version> + <findsecbugs-plugin.version>1.11.0</findsecbugs-plugin.version> + + <pmw_rules_location>https://apps.egiz.gv.at/checkstyle/egiz_pmd_checks.xml</pmw_rules_location> + </properties> + <modules> + <module>id</module> + <module>assembly</module> + </modules> + <profiles> <profile> <id>default</id> @@ -85,58 +109,40 @@ <name>default</name> </property> </activation> - <modules> - <module>id</module> - </modules> - <repositories> - <repository> - <id>moaid_local</id> - <name>local</name> - <url>file:${basedir}/../../../repository</url> - </repository> - <repository> - <id>shibboleth.internet2.edu</id> - <name>Internet2</name> - <url>https://build.shibboleth.net/nexus/content/groups/public/</url> - </repository> - <repository> - <id>jboss</id> - <url>https://repository.jboss.org/nexus/content/repositories/central/</url> - <releases> - <enabled>true</enabled> - </releases> - </repository> - <repository> - <id>egiz-commons</id> - <url>https://apps.egiz.gv.at/maven/</url> - <releases> - <enabled>true</enabled> - </releases> - <snapshots> - <enabled>false</enabled> - </snapshots> - </repository> - <repository> - <id>egiz-commons-snapshot</id> - <url>https://apps.egiz.gv.at/maven-snapshot/</url> - <releases> - <enabled>false</enabled> - </releases> - <snapshots> - <enabled>true</enabled> - </snapshots> - </repository> + </profile> + <profile> + <id>jenkinsDeploy</id> + <distributionManagement> <repository> - <id>MOA_web</id> - <name>MOA Dependencies weblocation</name> - <releases> - <enabled>true</enabled> - <checksumPolicy>ignore</checksumPolicy> - </releases> - <layout>default</layout> - <url>https://git.egiz.gv.at/EAAF-Components/plain/eaaf_modules/eaaf_module_moa-sig/repository</url> + <id>egizMaven</id> + <url>sftp://apps.egiz.gv.at/maven</url> </repository> - </repositories> + <snapshotRepository> + <id>egizMaven</id> + <url>sftp://apps.egiz.gv.at/maven-snapshot</url> + </snapshotRepository> + </distributionManagement> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-deploy-plugin</artifactId> + <version>2.8.2</version> + <configuration> + <deployAtEnd>true</deployAtEnd> + </configuration> + <executions> + <execution> + <id>default-deploy</id> + <phase>deploy</phase> + <goals> + <goal>deploy</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> </profile> </profiles> @@ -147,6 +153,14 @@ </resource> </resources> + <extensions> + <extension> + <groupId>org.apache.maven.wagon</groupId> + <artifactId>wagon-ssh</artifactId> + <version>3.4.3</version> + </extension> + </extensions> + <pluginManagement> <plugins> <plugin> @@ -244,24 +258,57 @@ </configuration> </plugin> <plugin> - <inherited>false</inherited> - <artifactId>maven-assembly-plugin</artifactId> - <!-- <version>2.2-beta-1</version> --> - <version>2.2.2</version> - <!-- TODO Update Version 2.2-beta-1 for MOA-SPSS --> - <configuration> - <finalName>moa</finalName> - <encoding>UTF-8</encoding> - <descriptors> - <descriptor>id/assembly-auth-final.xml</descriptor> - <descriptor>id/assembly-auth-edu.xml</descriptor> - <descriptor>id/assembly-proxy.xml</descriptor> - - <!-- <descriptor>spss/assembly.xml</descriptor> <descriptor>spss/assembly-lib.xml</descriptor> --> - </descriptors> - </configuration> + <groupId>org.jacoco</groupId> + <artifactId>jacoco-maven-plugin</artifactId> + <version>${jacoco-maven-plugin.version}</version> + <executions> + <execution> + <id>pre-unit-test</id> + <goals> + <goal>prepare-agent</goal> + </goals> + </execution> + <execution> + <id>post-unit-report</id> + <phase>test</phase> + <goals> + <goal>report</goal> + </goals> + <configuration> + <outputDirectory>target/jacoco-report</outputDirectory> + </configuration> + </execution> + <execution> + <id>post-unit-check</id> + <phase>test</phase> + <goals> + <goal>check</goal> + </goals> + <configuration> + <haltOnFailure>false</haltOnFailure> + <rules> + <rule> + <element>BUNDLE</element> + <limits> + <limit> + <counter>INSTRUCTION</counter> + <value>COVEREDRATIO</value> + <minimum>0.70</minimum> + </limit> + <limit> + <counter>BRANCH</counter> + <value>COVEREDRATIO</value> + <minimum>0.70</minimum> + </limit> + </limits> + </rule> + </rules> + </configuration> + </execution> + </executions> </plugin> + <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>versions-maven-plugin</artifactId> @@ -294,6 +341,12 @@ <dependencies> <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + <version>${joda-time.version}</version> + </dependency> + + <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-dbcp2</artifactId> <version>${org.apache.commons.commons.dbcp2}</version> @@ -347,6 +400,16 @@ <artifactId>cxf-rt-transports-http</artifactId> <version>${cxf.version}</version> </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-http-jetty</artifactId> + <version>${cxf.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-rs-extension-providers</artifactId> + <version>${cxf.version}</version> + </dependency> <dependency> <groupId>commons-collections</groupId> @@ -355,12 +418,24 @@ </dependency> <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + <version>${org.apache.commons.collections4.version}</version> + </dependency> + + <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-text</artifactId> <version>${org.apache.commons-text.version}</version> </dependency> <dependency> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils</artifactId> + <version>${commons-beanutils.version}</version> + </dependency> + + <dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>${struts.version}</version> @@ -399,9 +474,19 @@ <version>${slf4j.version}</version> </dependency> <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-log4j12</artifactId> - <version>${slf4j.version}</version> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-1.2-api</artifactId> + <version>${log4j.version}</version> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-to-slf4j</artifactId> + <version>${log4j.version}</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>${logback.version}</version> </dependency> <dependency> @@ -417,12 +502,6 @@ </dependency> <dependency> - <groupId>org.apache.logging.log4j</groupId> - <artifactId>log4j-core</artifactId> - <version>2.13.3</version> - </dependency> - - <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>${httpclient.version}</version> @@ -467,12 +546,6 @@ <version>JSSE-1.0</version> <scope>compile</scope> </dependency> - <!-- <dependency> <groupId>regexp</groupId> <artifactId>regexp</artifactId> - <version>1.3</version> </dependency> --> - - - <!-- <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk16</artifactId> - <version>1.46</version> </dependency> --> <dependency> <groupId>at.gv.egiz.eaaf</groupId> @@ -626,6 +699,19 @@ <version>${moa-id-version}</version> </dependency> + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-dummy-authenticatiuon</artifactId> + <version>${moa-id-dummy-auth.version}</version> + </dependency> + + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-ehvd_integration</artifactId> + <version>${moa-id-ehvd_integration.version}</version> + </dependency> + + <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-sl20_authentication</artifactId> @@ -688,7 +774,7 @@ <dependency> <groupId>iaik.prod</groupId> <artifactId>iaik_jce_full</artifactId> - <version>5.61_moa</version> + <version>5.62_moa</version> </dependency> <dependency> @@ -767,7 +853,7 @@ <dependency> <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> - <version>2.11.0</version> + <version>2.12.1</version> <scope>compile</scope> </dependency> <!-- The xmlParserAPIs.jar of the official xalan distribution and the @@ -804,6 +890,12 @@ </dependency> <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-context</artifactId> + <version>${org.springframework.version}</version> + </dependency> + + <dependency> <groupId>org.springframework.data</groupId> <artifactId>spring-data-redis</artifactId> <version>${org.springframework.data.spring-data-redis}</version> @@ -909,15 +1001,69 @@ <version>${org.apache.commons.io.version}</version> </dependency> + <dependency> + <groupId>org.projectlombok</groupId> + <artifactId>lombok</artifactId> + <version>${org.projectlombok.lombok.version}</version> + <scope>provided</scope> + </dependency> + </dependencies> <repositories> <repository> + <id>shibboleth.internet2.edu</id> + <name>Internet2</name> + <url>https://build.shibboleth.net/nexus/content/groups/public/</url> + </repository> + <repository> + <id>jboss</id> + <url>https://repository.jboss.org/nexus/content/repositories/central/</url> + <releases> + <enabled>true</enabled> + </releases> + </repository> + <repository> + <id>egiz-commons</id> + <url>https://apps.egiz.gv.at/maven/</url> + <releases> + <enabled>true</enabled> + </releases> + <snapshots> + <enabled>false</enabled> + </snapshots> + </repository> + <repository> + <id>egiz-commons-snapshot</id> + <url>https://apps.egiz.gv.at/maven-snapshot/</url> + <releases> + <enabled>false</enabled> + </releases> + <snapshots> + <enabled>true</enabled> + </snapshots> + </repository> + <repository> + <id>MOA_web</id> + <name>MOA Dependencies weblocation</name> + <releases> + <enabled>true</enabled> + <checksumPolicy>ignore</checksumPolicy> + </releases> + <layout>default</layout> + <url>https://git.egiz.gv.at/EAAF-Components/plain/eaaf_modules/eaaf_module_moa-sig/repository</url> + </repository> + + <repository> <id>MOA</id> <name>MOA Dependencies</name> - <!--releases> <enabled>false</enabled> </releases --> <layout>default</layout> <url>file://${repositoryPath}</url> + <releases> + <enabled>true</enabled> + <checksumPolicy>ignore</checksumPolicy> + </releases> </repository> + </repositories> </project> |