diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-09-15 13:42:36 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-09-15 13:42:36 +0200 |
commit | 8074865580b5fa28817b37c9ad2e8c992ebef977 (patch) | |
tree | 475cd1ed9bc517dffbf023e7d9c7d16ce2bde8c5 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data | |
parent | 234f17d14f9f48655c27d54114df0aa2593cf6d8 (diff) | |
parent | 714a8cb32dd5585829dfc1926e56971425a2a692 (diff) | |
download | moa-id-spss-8074865580b5fa28817b37c9ad2e8c992ebef977.tar.gz moa-id-spss-8074865580b5fa28817b37c9ad2e8c992ebef977.tar.bz2 moa-id-spss-8074865580b5fa28817b37c9ad2e8c992ebef977.zip |
Merge branch 'moa-2.1-Snapshot'
Conflicts:
id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
pom.xml
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data')
4 files changed, 405 insertions, 7 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 9e5ba684c..5e177655d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -25,12 +25,14 @@ package at.gv.egovernment.moa.id.configuration.data; import java.util.ArrayList; import java.util.List; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; + import org.apache.log4j.Logger; public class GeneralStorkConfig { @@ -78,7 +80,7 @@ public class GeneralStorkConfig { } if (cpepslist.isEmpty()) - cpepslist.add(new CPEPS()); + cpepslist = null; if(attributes.isEmpty()) attributes.add(new StorkAttribute()); @@ -88,7 +90,34 @@ public class GeneralStorkConfig { } public List<CPEPS> getCpepslist() { - return cpepslist; + if (null == cpepslist) + return null; + + MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + try { + List<CPEPS> cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS(); + + if (cpepss != null) { + // make CountryCode "readonly" + for (CPEPS newone : cpepslist) { + for (CPEPS current : cpepss) { + if (null != newone) + if (current.getHjid().equals(newone.getHjid())) { + newone.setCountryCode(current.getCountryCode()); + break; + } + } + } + } + + return cpepslist; + + } catch (NullPointerException e) { + return null; + + } + } public void setCpepslist(List<CPEPS> list) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java new file mode 100644 index 000000000..6782987e5 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java @@ -0,0 +1,370 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.io.File; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.SerializationUtils; +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BPKDecryption; +import at.gv.egovernment.moa.id.commons.db.dao.config.EncBPKInformation; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.utils.ConfigurationEncryptionUtils; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; +import at.gv.egovernment.moa.id.data.EncryptedData; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class OABPKEncryption implements IOnlineApplicationData { + + private static final Logger log = Logger.getLogger(OABPKEncryption.class); + + private static final String MODULENAME = "bPKEncryptionDecryption"; + + private String keyStorePassword = null; + private String keyAlias = null; + private String keyPassword = null; + + private Map<String, byte[]> keyStoreForm = new HashMap<String, byte[]>(); + + private List<File> keyStoreFileUpload = null; + private List<String> keyStoreFileUploadContentType = null; + private List<String> keyStoreFileUploadFileName = new ArrayList<String>();; + private boolean deletekeyStore = false; + private boolean validationError = false; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + // TODO Auto-generated method stub + return MODULENAME; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth != null) { + EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec != null) { + BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec != null) { + keyAlias = bPKDec.getKeyAlias(); + if (bPKDec.getKeyStoreFileName() != null) + keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName()); + + } + } + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA oaAuth = dbOA.getAuthComponentOA(); + if (oaAuth == null) { + oaAuth = new AuthComponentOA(); + dbOA.setAuthComponentOA(oaAuth); + + } + EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation(); + if (bPKEncDec == null) { + bPKEncDec = new EncBPKInformation(); + oaAuth.setEncBPKInformation(bPKEncDec); + + } + + BPKDecryption bPKDec = bPKEncDec.getBPKDecryption(); + if (bPKDec == null) { + bPKDec = new BPKDecryption(); + bPKEncDec.setBPKDecryption(bPKDec); + } + + if (isDeletekeyStore()) { + bPKDec.setIv(null); + bPKDec.setKeyAlias(null); + bPKDec.setKeyInformation(null); + bPKDec.setKeyStoreFileName(null); + + } + + BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + if (keyStoreForm != null && keyStoreForm.size() > 0) { + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + + Iterator<String> interator = keyStoreForm.keySet().iterator(); + bPKDec.setKeyStoreFileName(interator.next()); + bPKDec.setKeyAlias(keyAlias); + keyInfo.setKeyStore(keyStoreForm.get( + bPKDec.getKeyStoreFileName())); + + //encrypt key information + byte[] serKeyInfo = SerializationUtils.serialize(keyInfo); + try { + EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo); + bPKDec.setIv(encryptkeyInfo.getIv()); + bPKDec.setKeyInformation(encryptkeyInfo.getEncData()); + + } catch (BuildException e) { + log.error("Configuration encryption FAILED.", e); + return LanguageHelper.getErrorString("error.general.text", request); + + } + } + + request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null); + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + HttpSession session = request.getSession(); + List<String> errors = new ArrayList<String>(); + + String check = null; + + OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + //validate BKU-selection template + List<String> templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName() + , getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request); + if (templateError != null && templateError.size() == 0) { + if (keyStoreForm != null && keyStoreForm.size() > 0) { + session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm); + + } else + keyStoreForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION); + + } else { + errors.addAll(templateError); + + } + + if (keyStoreForm != null && keyStoreForm.size() > 0) { + check = getKeyStorePassword(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption keystore password is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request)); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("bPK decryption keystore password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + + } + } + + check = getKeyAlias(); + if (MiscUtil.isEmpty(check)) { + log.info("bPK decryption key alias is empty"); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request)); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("bPK decryption key alias contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + + } + } + + check = getKeyPassword(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("bPK decryption key password contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + + } + } + + BPKDecryptionParameters keyInfo = new BPKDecryptionParameters(); + keyInfo.setKeyAlias(keyAlias); + keyInfo.setKeyPassword(keyPassword); + keyInfo.setKeyStorePassword(keyStorePassword); + Iterator<String> interator = keyStoreForm.keySet().iterator(); + String fileName = interator.next(); + keyInfo.setKeyStore(keyStoreForm.get(fileName)); + if (keyInfo.getPrivateKey() == null) { + log.info("Open keyStore FAILED."); + errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request)); + + } + } + + if (errors.size() > 0) { + validationError = true; + + } + + return errors; + + } + + /** + * @return the keyStorePassword + */ + public String getKeyStorePassword() { + return keyStorePassword; + } + + /** + * @param keyStorePassword the keyStorePassword to set + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * @return the keyAlias + */ + public String getKeyAlias() { + return keyAlias; + } + + /** + * @param keyAlias the keyAlias to set + */ + public void setKeyAlias(String keyAlias) { + this.keyAlias = keyAlias; + } + + /** + * @return the keyPassword + */ + public String getKeyPassword() { + return keyPassword; + } + + /** + * @param keyPassword the keyPassword to set + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + /** + * @return the keyStoreFileUpload + */ + public List<File> getKeyStoreFileUpload() { + return keyStoreFileUpload; + } + + /** + * @param keyStoreFileUpload the keyStoreFileUpload to set + */ + public void setKeyStoreFileUpload(List<File> keyStoreFileUpload) { + this.keyStoreFileUpload = keyStoreFileUpload; + } + + /** + * @return the keyStoreFileUploadContentType + */ + public List<String> getKeyStoreFileUploadContentType() { + return keyStoreFileUploadContentType; + } + + /** + * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set + */ + public void setKeyStoreFileUploadContentType( + List<String> keyStoreFileUploadContentType) { + this.keyStoreFileUploadContentType = keyStoreFileUploadContentType; + } + + /** + * @return the keyStoreFileUploadFileName + */ + public List<String> getKeyStoreFileUploadFileName() { + return keyStoreFileUploadFileName; + } + + /** + * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set + */ + public void setKeyStoreFileUploadFileName( + List<String> keyStoreFileUploadFileName) { + this.keyStoreFileUploadFileName = keyStoreFileUploadFileName; + } + + /** + * @return the deletekeyStore + */ + public boolean isDeletekeyStore() { + return deletekeyStore; + } + + /** + * @param deletekeyStore the deletekeyStore to set + */ + public void setDeletekeyStore(boolean deletekeyStore) { + this.deletekeyStore = deletekeyStore; + } + + /** + * @return the validationError + */ + public boolean isValidationError() { + return validationError; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java index 5db9029bd..9431cc1fd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java @@ -117,10 +117,10 @@ public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData { } } - if (inboundSSO && MiscUtil.isEmpty(queryURL)) { - log.info("Inbound Single Sign-On requires AttributQueryURL configuration."); - errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request)); - } +// if (inboundSSO && MiscUtil.isEmpty(queryURL)) { +// log.info("Inbound Single Sign-On requires AttributQueryURL configuration."); +// errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request)); +// } return errors; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index 550844700..bb7bac4f8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -83,7 +83,6 @@ public class OATargetConfiguration implements IOnlineApplicationData { @Override public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { - String target_full = dbOA.getTarget(); if (MiscUtil.isNotEmpty(target_full)) { if (TargetValidator.isValidTarget(target_full)) { |