Merge remote-tracking branch 'remotes/origin/outgoingstork' into moa2_0_tlenz

Conflicts: id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-02-03 08:06:55 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-02-03 08:06:55 +0100
commit: 04ba04826a5f88e0459b7a47a55118933d929cc6 (patch)
tree: 7f5083300ac4026bbf06b51ac8c3ba01423bbd29 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig
parent: 080e499cc22a0065ea7f47e04b6c0f336533e21e (diff)
parent: 3c1884ee275350e7b2a78256342d9610b1766898 (diff)
download: moa-id-spss-04ba04826a5f88e0459b7a47a55118933d929cc6.tar.gz
moa-id-spss-04ba04826a5f88e0459b7a47a55118933d929cc6.tar.bz2
moa-id-spss-04ba04826a5f88e0459b7a47a55118933d929cc6.zip
1 files changed, 89 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
new file mode 100644
index 000000000..318b3b3e7
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -0,0 +1,89 @@
+package at.gv.egovernment.moa.id.configuration.validation.moaconfig;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
+import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class StorkConfigValidator {
+
+	private static final Logger log = Logger.getLogger(StorkConfigValidator.class);
+
+	public List<String> validate(GeneralStorkConfig form) {
+
+		List<String> errors = new ArrayList<String>();
+
+		log.debug("Validate general STORK configuration");
+
+		// check peps list
+		for(CPEPS current : form.getCpepslist()) {
+			// check country code
+			String check = current.getCountryCode();
+			if (MiscUtil.isNotEmpty(check)) {
+				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+					log.warn("CPEPS config countrycode contains potentail XSS characters: " + check);
+					errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
+							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+				}
+				if(!check.toLowerCase().matches("^[a-z][a-z]$")) {
+						log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check);
+						errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
+								new Object[] {check} ));
+				}
+			} else {
+				log.warn("CPEPS config countrycode is empty : " + check);
+				errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
+						new Object[] {check} ));
+			}
+
+			// check url
+			check = current.getURL();
+			if (MiscUtil.isNotEmpty(check)) {
+				if (!ValidationHelper.validateURL(check)) {
+					log.info("CPEPS config URL is invalid : " + check);
+					errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url"));
+				}
+			} else {
+				log.warn("CPEPS config url is empty : " + check);
+				errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
+						new Object[] {check} ));
+			}
+		}
+
+		// check qaa
+		int qaa = form.getDefaultQaa();
+		if(1 > qaa && 4 < qaa) {
+			log.warn("QAA is out of range : " + qaa);
+			errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
+					new Object[] {qaa} ));
+		}
+
+		// check attributes
+		if (MiscUtil.isNotEmpty(form.getAttributes())) {
+			for(StorkAttribute check : form.getAttributes()) {
+				if (ValidationHelper.containsPotentialCSSCharacter(check.getName(), true)) {
+					log.warn("default attributes contains potentail XSS characters: " + check);
+					errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
+							new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} ));
+				}
+				if(!check.getName().toLowerCase().matches("^[a-z0-9]*$")) {
+						log.warn("default attributes do not match the requested format : " + check);
+						errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
+								new Object[] {check} ));
+				}
+			}
+		} else {
+			log.warn("no attributes specified");
+			errors.add(LanguageHelper.getErrorString("validation.stork.attributes.empty",
+					new Object[] {} ));
+		}
+
+		return errors;
+	}
+}
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-02-03 08:06:55 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-02-03 08:06:55 +0100
commit	04ba04826a5f88e0459b7a47a55118933d929cc6 (patch)
tree	7f5083300ac4026bbf06b51ac8c3ba01423bbd29 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig
parent	080e499cc22a0065ea7f47e04b6c0f336533e21e (diff)
parent	3c1884ee275350e7b2a78256342d9610b1766898 (diff)
download	moa-id-spss-04ba04826a5f88e0459b7a47a55118933d929cc6.tar.gz moa-id-spss-04ba04826a5f88e0459b7a47a55118933d929cc6.tar.bz2 moa-id-spss-04ba04826a5f88e0459b7a47a55118933d929cc6.zip