fix some possible problems with STORK configuration in config-GUI

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-04-07 10:44:11 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-04-07 10:44:11 +0200
commit: 4b932484d66ef161bb547a419fdc32f04677fe57 (patch)
tree: a99bbc8c9357e6a55c1cff24267b244309d4a775 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
parent: 2fb3856bb3412bc825ea789f8d98177a8c527964 (diff)
download: moa-id-spss-4b932484d66ef161bb547a419fdc32f04677fe57.tar.gz
moa-id-spss-4b932484d66ef161bb547a419fdc32f04677fe57.tar.bz2
moa-id-spss-4b932484d66ef161bb547a419fdc32f04677fe57.zip
1 files changed, 30 insertions, 25 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index b73859d81..6b5c51e3f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -47,31 +47,33 @@ public class StorkConfigValidator {
 							errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
 									new Object[] {check}, request ));
 					}
+					
+					// check url
+					check = current.getURL();
+					if (MiscUtil.isNotEmpty(check)) {
+						if (!ValidationHelper.validateURL(check)) {
+							log.info("CPEPS config URL is invalid : " + check);
+							errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request));
+						}
+					} else {
+						log.warn("CPEPS config url is empty : " + check);
+						errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
+								new Object[] {check}, request ));
+					}
+					
 				} else {
 					log.warn("CPEPS config countrycode is empty : " + check);
-					errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
-							new Object[] {check}, request ));
+//					errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
+//							new Object[] {check}, request ));
 				}
 
-				// check url
-				check = current.getURL();
-				if (MiscUtil.isNotEmpty(check)) {
-					if (!ValidationHelper.validateURL(check)) {
-						log.info("CPEPS config URL is invalid : " + check);
-						errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request));
-					}
-				} else {
-					log.warn("CPEPS config url is empty : " + check);
-					errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
-							new Object[] {check}, request ));
-				}
 			}
 
 			if (form.getCpepslist() != null) {
 				// ensure uniqueness of country code
 				for (CPEPS one : form.getCpepslist())
 					for (CPEPS another : form.getCpepslist())
-						if (null != one && null != another)
+						if (null != one && null != another && one.getCountryCode() != null)
 							if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) {
 								errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request));
 								break;
@@ -90,17 +92,20 @@ public class StorkConfigValidator {
 		// check attributes
 		if (MiscUtil.isNotEmpty(form.getAttributes())) {
 			for(StorkAttribute check : form.getAttributes()) {
-				String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
-				if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { 
-					log.warn("default attributes contains potentail XSS characters: " + check);
-					errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
-				}
-				if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
-						log.warn("default attributes do not match the requested format : " + check);
+				if (check != null && MiscUtil.isNotEmpty(check.getName())) {
+					String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
+					if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { 
+						log.warn("default attributes contains potentail XSS characters: " + check);
 						errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
-								new Object[] {check}, request ));
-				}
+								new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+					}
+					if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
+							log.warn("default attributes do not match the requested format : " + check);
+							errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
+									new Object[] {check}, request ));
+					}
+					
+				} 
 			}
 			
 		//TODO: STORK attributes check if no attribute is set
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-04-07 10:44:11 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-04-07 10:44:11 +0200
commit	4b932484d66ef161bb547a419fdc32f04677fe57 (patch)
tree	a99bbc8c9357e6a55c1cff24267b244309d4a775 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
parent	2fb3856bb3412bc825ea789f8d98177a8c527964 (diff)
download	moa-id-spss-4b932484d66ef161bb547a419fdc32f04677fe57.tar.gz moa-id-spss-4b932484d66ef161bb547a419fdc32f04677fe57.tar.bz2 moa-id-spss-4b932484d66ef161bb547a419fdc32f04677fe57.zip