fix some problems in ELGA-mandate module

5 files changed, 64 insertions, 7 deletions

diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/id/server/auth/src/main/webapp/index.html
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index 07679999b..47f784c33 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -99,7 +99,7 @@ public class Random {
 		char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)];
 	 
 		//generate ID
-		return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue), true)); // 20 bytes = 160 bits
+		return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits
 		
 	}
 	
@@ -111,7 +111,7 @@ public class Random {
 	 * @return random hex encoded value [256bit]
 	 */
 	public static String nextHexRandom() {
-		return new String(Hex.encodeHex(nextByteRandom(32), true)); // 32 bytes = 256 bits
+		return new String(Hex.encodeHex(nextByteRandom(32))); // 32 bytes = 256 bits
 		
 	}
 	
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
index cbdd13d0e..add929e1d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
@@ -31,8 +31,6 @@ import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Set;
 
-import org.apache.commons.lang3.StringUtils;
-
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
@@ -283,6 +281,27 @@ public class KeyValueUtils {
 		return false;
 	}
 	
+	/**
+	 * Convert a CSV list to a List of CSV values
+	 * <br><br>
+	 * This method removes all whitespace at the begin or the 
+	 * end of CSV values and remove newLine signs at the end of value.
+	 * The ',' is used as list delimiter
+	 * 
+	 * @param csv CSV encoded input data
+	 * @return List of CSV normalized values, but never null
+	 */
+	public static List<String> getListOfCSVValues(String csv) {
+		List<String> list = new ArrayList<String>();
+		if (MiscUtil.isNotEmpty(csv)) {		
+			String[] values = csv.split(CSV_DELIMITER);
+			for (String el: values)
+				list.add(el.trim());
+		
+		}
+		
+		return list;
+	}
 	
 	/**
 	 * This method remove all newline delimiter (\n or \r\n) from input data
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
index f682913e6..acb0b3aa1 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -52,6 +52,7 @@ public class ELGAMandatesAuthConstants {
 	public static final String CONFIG_PROPS_ENTITYID = CONFIG_PROPS_PREFIX + "service.entityID";
 	public static final String CONFIG_PROPS_METADATAURL = CONFIG_PROPS_PREFIX + "service.metadataurl";
 	public static final String CONFIG_PROPS_METADATA_TRUSTPROFILE = CONFIG_PROPS_PREFIX + "service.metadata.trustprofileID";
+	public static final String CONFIG_PROPS_ALLOWED_MANDATE_TYPES = "service.mandateprofiles";
 	
 	public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path";
 	public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password";
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
index 50bac3eab..03711aa40 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
 
+import java.util.List;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -30,8 +32,10 @@ import org.springframework.stereotype.Component;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -69,8 +73,7 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica
 					elgaMandateUsed = (boolean) elgaMandateUsedObj;
 								
 			}
-			
-			
+						
 			//check if both mandate Services are requested
 			if ( (misMandateUsed != null && misMandateUsed) &&
 					elgaMandateUsed ) {
@@ -79,8 +82,19 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica
 				
 			}
 			
-			//remove MIS-Mandate flag and set useMandate flag to MOASession
+			
 			if (elgaMandateUsed) {
+				//check mandateProfiles against ELGA-MandateService configuration				
+				if (!checkServiceProviderAgainstELGAModulConfigration()) {
+					Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() 
+							+ " does not fulfill requirements to use ELGA-MandateService.");
+					throw new MOAIDException("service.10", new Object[]{
+							ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+							"No valid mandate-profile defined"});
+					
+				}
+				
+				//remove MIS-Mandate flag and set useMandate flag to MOASession
 				Logger.debug("Authentication process select ELGA-MandateService.");
 				executionContext.remove(MOAIDAuthConstants.PARAM_USEMISMANDATE);
 				moasession.setUseMandates(elgaMandateUsed);
@@ -104,4 +118,27 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica
 			
 		}
 	}
+
+	/**
+	 * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService.
+	 * 
+	 * @return true, if ELGA mandateservice is allowed, otherwise false
+	 */
+	private boolean checkServiceProviderAgainstELGAModulConfigration() {
+		String allowedMandateTypesCSV = 
+				authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);		
+		List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);		
+		List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
+
+		boolean isELGAMandateServiceAllowed = false;
+		if (spMandateProfiles != null) {			
+			for (String el : allowedMandateTypes) {
+				if (spMandateProfiles.contains(el))
+					isELGAMandateServiceAllowed = true;
+			
+			}
+		}
+		
+		return isELGAMandateServiceAllowed;
+	}
 }