aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
authorBojan Suzic <bojan.suzic@iaik.tugraz.at>2014-01-27 17:42:51 +0100
committerBojan Suzic <bojan.suzic@iaik.tugraz.at>2014-01-27 17:42:51 +0100
commitaba2defe8f95cf960395158f6eb2ad7b1fb6e150 (patch)
tree298a0165a30b8538b89abb93a399c615f91702d3 /id/ConfigWebTool/src/main/java/at/gv/egovernment
parented9ad9b0c13ee0de3231bab038f35b01beeb0d0b (diff)
parentcea2f395ec773b386ec628d60120752cf320f6b6 (diff)
downloadmoa-id-spss-aba2defe8f95cf960395158f6eb2ad7b1fb6e150.tar.gz
moa-id-spss-aba2defe8f95cf960395158f6eb2ad7b1fb6e150.tar.bz2
moa-id-spss-aba2defe8f95cf960395158f6eb2ad7b1fb6e150.zip
merging
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java5
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java30
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java17
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java87
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java509
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java53
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java33
8 files changed, 459 insertions, 279 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
index 97e763ec6..604670f37 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
@@ -23,6 +23,7 @@ public class Constants {
public static final String SESSION_PVP2REQUESTID = "pvp2requestid";
public static final String SESSION_RETURNAREA = "returnarea";
public static final String SESSION_BKUFORMPREVIEW = "bkuformpreview";
+ public static final String SESSION_OAUTH20SECRET = "oauth20secret";
public static enum STRUTS_RETURNAREA_VALUES {adminRequestsInit, main, usermanagementInit};
@@ -49,11 +50,8 @@ public class Constants {
public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at";
public static final String IDENIFICATIONTYPE_FN = "FN";
- public static final String IDENIFICATIONTYPE_FN_TYPE = "Firmenbuchnummer";
public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
- public static final String IDENIFICATIONTYPE_ERSB_TYPE = "ERJPZahl";
public static final String IDENIFICATIONTYPE_ZVR = "ZVR";
- public static final String IDENIFICATIONTYPE_ZVR_TYPE = "Vereinsnummer";
public static final String IDENIFICATIONTYPE_BASEID = "urn:publicid:gv.at:baseid+";
public static final String IDENIFICATIONTYPE_BASEID_FN = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_FN;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java
index 8684b8cc1..e298bcdb3 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java
@@ -146,11 +146,12 @@ public class Authenticate extends HttpServlet {
for (SingleSignOnService sss :
idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
- if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { //Get the service address for the binding you wish to use
+ //Get the service address for the binding you wish to use
+ if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
redirectEndpoint = sss;
}
}
-
+
authReq.setDestination(redirectEndpoint.getLocation());
RequestedAuthnContext reqAuthContext =
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
index fa02443dc..9c6f39b30 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
@@ -142,21 +142,38 @@ public class BuildMetadata extends HttpServlet {
entitiesSignKeyDescriptor.setUse(UsageType.SIGNING);
entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential));
Signature entitiesSignature = getSignature(signingcredential);
-
+ spEntitiesDescriptor.setSignature(entitiesSignature);
+
+ //Set AuthRequest Signing certificate
X509Credential authcredential = new KeyStoreX509CredentialAdapter(
keyStore,
config.getPVP2KeystoreAuthRequestKeyAlias(),
- config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
-
-
- //Set AuthRequest Signing certificate
+ config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
KeyDescriptor signKeyDescriptor = SAML2Utils
.createSAMLObject(KeyDescriptor.class);
signKeyDescriptor.setUse(UsageType.SIGNING);
signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
- spEntitiesDescriptor.setSignature(entitiesSignature);
spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ //set AuthRequest encryption certificate
+ if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias())) {
+ X509Credential authEncCredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),
+ config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray());
+ KeyDescriptor encryKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
+ encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));
+ spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
+
+ } else {
+ log.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
+
+ }
+
+
NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
persistentnameIDFormat.setFormat(NameIDType.PERSISTENT);
@@ -187,6 +204,7 @@ public class BuildMetadata extends HttpServlet {
spSSODescriptor.setWantAssertionsSigned(true);
spSSODescriptor.setAuthnRequestsSigned(true);
+
AttributeConsumingService attributeService =
SAML2Utils.createSAMLObject(AttributeConsumingService.class);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index f5121aaf2..28dfefb91 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -91,6 +91,8 @@ public class ConfigurationProvider {
fis = new FileInputStream(propertiesFile);
props.load(fis);
+ fis.close();
+
// initialize hibernate
synchronized (ConfigurationProvider.class) {
@@ -206,11 +208,8 @@ public class ConfigurationProvider {
}
public boolean isPVP2LoginActive() {
- if (!pvp2logininitialzied)
- return false;
-
- String result = props.getProperty("general.login.pvp2.isactive", "false");
- return Boolean.parseBoolean(result);
+
+ return Boolean.parseBoolean(props.getProperty("general.login.pvp2.isactive", "false"));
}
public boolean isPVP2LoginBusinessService() {
@@ -258,6 +257,14 @@ public class ConfigurationProvider {
return props.getProperty("general.login.pvp2.keystore.authrequest.key.password");
}
+ public String getPVP2KeystoreAuthRequestEncryptionKeyAlias() {
+ return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.alias");
+ }
+
+ public String getPVP2KeystoreAuthRequestEncryptionKeyPassword() {
+ return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.password");
+ }
+
public String getPVP2IDPMetadataURL() {
return props.getProperty("general.login.pvp2.idp.metadata.url");
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java
new file mode 100644
index 000000000..63aa1a1cb
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java
@@ -0,0 +1,87 @@
+package at.gv.egovernment.moa.id.configuration.data.oa;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+
+public class OAOAuth20Config {
+
+ private final Logger log = Logger.getLogger(OAOAuth20Config.class);
+
+ private String clientId = null;
+ private String clientSecret = null;
+ private String redirectUri = null;
+
+ public OAOAuth20Config() {
+ }
+
+ public List<String> parse(OnlineApplication dbOAConfig) {
+ List<String> errors = new ArrayList<String>();
+
+ AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
+ if (authdata != null) {
+ // set client id to public url prefix
+ this.clientId = dbOAConfig.getPublicURLPrefix();
+
+ OAOAUTH20 config = authdata.getOAOAUTH20();
+
+ if (config != null) {
+ // validate secret
+ if (StringUtils.isNotEmpty(config.getOAuthClientSecret())) {
+ this.clientSecret = config.getOAuthClientSecret();
+ } else {
+ this.generateClientSecret();
+ }
+
+ // validate redirectUri
+ if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config.getOAuthRedirectUri())) {
+ this.redirectUri = config.getOAuthRedirectUri();
+ } else {
+ errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi"));
+ }
+ } else {
+ this.generateClientSecret();
+ }
+ }
+
+ return errors;
+ }
+
+ public String getClientId() {
+ return clientId;
+ }
+
+ public void setClientId(String clientId) {
+ this.clientId = clientId;
+ }
+
+ public String getClientSecret() {
+ return clientSecret;
+ }
+
+ public void setClientSecret(String clientSecret) {
+ this.clientSecret = clientSecret;
+ }
+
+ public String getRedirectUri() {
+ return redirectUri;
+ }
+
+ public void setRedirectUri(String redirectUri) {
+ this.redirectUri = redirectUri;
+ }
+
+ public void generateClientSecret() {
+ this.clientSecret = UUID.randomUUID().toString();
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 5bde5dd66..fc66eede4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -19,7 +19,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
@@ -35,6 +34,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
@@ -46,12 +46,12 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.FormularCustomization;
import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config;
import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config;
import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig;
@@ -63,28 +63,27 @@ import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationVa
import at.gv.egovernment.moa.id.configuration.validation.TargetValidator;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation;
+import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
import com.opensymphony.xwork2.ActionSupport;
-public class EditOAAction extends ActionSupport implements ServletRequestAware,
-ServletResponseAware {
-
+public class EditOAAction extends ActionSupport implements ServletRequestAware, ServletResponseAware {
+
private final Logger log = Logger.getLogger(EditOAAction.class);
private static final long serialVersionUID = 1L;
-
+
private HttpServletRequest request;
private HttpServletResponse response;
- private AuthenticatedUser authUser;
+ private AuthenticatedUser authUser;
private String oaidobj;
private boolean newOA;
@@ -96,17 +95,18 @@ ServletResponseAware {
private boolean isMetaDataRefreshRequired = false;
private String nextPage;
-
+
private OAGeneralConfig generalOA = new OAGeneralConfig();
private OAPVP2Config pvp2OA = new OAPVP2Config();
private OASAML1Config saml1OA = new OASAML1Config();
private OASSOConfig ssoOA = new OASSOConfig();
+ private OAOAuth20Config oauth20OA = new OAOAuth20Config();
private OASTORKConfig storkOA;
private FormularCustomization formOA = new FormularCustomization();
private InputStream stream;
- //STRUTS actions
+ // STRUTS actions
public String inital() {
HttpSession session = request.getSession();
if (session == null) {
@@ -127,40 +127,39 @@ ServletResponseAware {
oaid = Long.valueOf(oaidobj);
UserDatabase userdb = null;
- OnlineApplication onlineapplication = null;;
+ OnlineApplication onlineapplication = null;
if (authUser.isAdmin())
onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
else {
userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
-
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null
- && !userdb.isIsMailAddressVerified()) {
+
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
log.info("Online-Applikation managemant disabled. Mail address is not verified.");
addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
return Constants.STRUTS_SUCCESS;
}
-
- //TODO: change to direct Database operation
+ // TODO: change to direct Database operation
List<OnlineApplication> oas = userdb.getOnlineApplication();
for (OnlineApplication oa : oas) {
if (oa.getHjid() == oaid) {
onlineapplication = oa;
break;
}
- }
+ }
if (onlineapplication == null) {
addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
return Constants.STRUTS_ERROR;
}
}
-
+
generalOA.parse(onlineapplication);
ssoOA.parse(onlineapplication);
saml1OA.parse(onlineapplication);
-
+ oauth20OA.parse(onlineapplication);
+ session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret());
Map<String, String> map = new HashMap<String, String>();
map.putAll(FormBuildUtils.getDefaultMap());
@@ -172,14 +171,13 @@ ServletResponseAware {
if (errors.size() > 0) {
for (String el : errors)
- addActionError(el);
+ addActionError(el);
}
subTargetSet = MiscUtil.isNotEmpty(generalOA.getTarget_subsector());
- //set UserSpezific OA Parameters
- if (!authUser.isAdmin())
- generateUserSpecificConfigurationOptions(userdb);
+ // set UserSpezific OA Parameters
+ if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb);
ConfigurationDBUtils.closeSession();
session.setAttribute(Constants.SESSION_OAID, oaid);
@@ -194,24 +192,23 @@ ServletResponseAware {
public String newOA() {
log.debug("insert new Online-Application");
-
+
HttpSession session = request.getSession();
if (session == null) {
log.info("No http Session found.");
return Constants.STRUTS_ERROR;
}
-
+
session.setAttribute(Constants.SESSION_OAID, null);
nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
-
+
UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null
- && !userdb.isIsMailAddressVerified()) {
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
log.info("Online-Applikation managemant disabled. Mail address is not verified.");
addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
return Constants.STRUTS_SUCCESS;
@@ -227,10 +224,8 @@ ServletResponseAware {
}
}
- //set UserSpezific OA Parameters
- if (!authUser.isAdmin())
- generateUserSpecificConfigurationOptions(userdb);
-
+ // set UserSpezific OA Parameters
+ if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb);
ConfigurationDBUtils.closeSession();
@@ -240,6 +235,9 @@ ServletResponseAware {
session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null);
+ this.oauth20OA.generateClientSecret();
+ session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret());
+
return Constants.STRUTS_OA_EDIT;
}
@@ -252,25 +250,24 @@ ServletResponseAware {
Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
-
+
Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
if (formidobj != null && formidobj instanceof String) {
String formid = (String) formidobj;
if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID());
return Constants.STRUTS_ERROR;
- }
+ }
} else {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID());
return Constants.STRUTS_ERROR;
}
session.setAttribute(Constants.SESSION_FORMID, null);
UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
- if (!authUser.isAdmin() &&
- userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
log.info("Online-Applikation managemant disabled. Mail address is not verified.");
addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
return Constants.STRUTS_SUCCESS;
@@ -282,21 +279,22 @@ ServletResponseAware {
Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID);
Long oaid = (long) -1;
- if (oadbid != null ) {
+ if (oadbid != null) {
try {
- oaid = (Long) oadbid;
+ oaid = (Long) oadbid;
if (oaid < 0 || oaid > Long.MAX_VALUE) {
addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
- return Constants.STRUTS_ERROR;
+ return Constants.STRUTS_ERROR;
}
- } catch (Throwable t) {
+ }
+ catch (Throwable t) {
addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request));
- return Constants.STRUTS_ERROR;
+ return Constants.STRUTS_ERROR;
}
}
- //valid DBID and check entry
+ // valid DBID and check entry
String oaidentifier = generalOA.getIdentifier();
if (MiscUtil.isEmpty(oaidentifier)) {
log.info("Empty OA identifier");
@@ -306,14 +304,14 @@ ServletResponseAware {
if (!ValidationHelper.validateURL(oaidentifier)) {
log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier);
- errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
- new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+ errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
+ new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }));
} else {
-
+
if (oaid == -1) {
onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
newOA = true;
- if (onlineapplication != null) {
+ if (onlineapplication != null) {
log.info("The OAIdentifier is not unique");
errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique"));
}
@@ -322,7 +320,7 @@ ServletResponseAware {
onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) {
- if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) {
+ if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) {
log.info("The OAIdentifier is not unique");
errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique"));
}
@@ -331,113 +329,104 @@ ServletResponseAware {
}
}
- //set UserSpezific OA Parameters
- if (!authUser.isAdmin())
- generateUserSpecificConfigurationOptions(userdb);
+ // set UserSpezific OA Parameters
+ if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb);
- //check form
+ // check form
OAGeneralConfigValidation validatior_general = new OAGeneralConfigValidation();
OAPVP2ConfigValidation validatior_pvp2 = new OAPVP2ConfigValidation();
OASAML1ConfigValidation validatior_saml1 = new OASAML1ConfigValidation();
OASSOConfigValidation validatior_sso = new OASSOConfigValidation();
OASTORKConfigValidation validator_stork = new OASTORKConfigValidation();
FormularCustomizationValitator validator_form = new FormularCustomizationValitator();
+ OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation();
- errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin()));
+ errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin()));
errors.addAll(validatior_pvp2.validate(pvp2OA));
errors.addAll(validatior_saml1.validate(saml1OA, generalOA));
errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin()));
- errors.addAll(validator_stork.validate(storkOA));
+ errors.addAll(validator_stork.validate(storkOA));
errors.addAll(validator_form.validate(formOA));
+ errors.addAll(validatior_oauth20.validate(oauth20OA));
- //Do not allow SSO in combination with special BKUSelection features
- if (ssoOA.isUseSSO() &&
- ( formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton()) ) {
+ // Do not allow SSO in combination with special BKUSelection features
+ if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) {
log.warn("Special BKUSelection features can not be used in combination with SSO");
- errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid"));
+ errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid"));
}
if (errors.size() > 0) {
log.info("OAConfiguration with ID " + generalOA.getIdentifier() + " has some errors.");
for (String el : errors)
- addActionError(el);
+ addActionError(el);
formID = Random.nextRandom();
session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
} else {
-
+
boolean newentry = false;
if (onlineapplication == null) {
onlineapplication = new OnlineApplication();
newentry = true;
onlineapplication.setIsActive(false);
-
+
if (!authUser.isAdmin()) {
onlineapplication.setIsAdminRequired(true);
} else
isMetaDataRefreshRequired = true;
-
} else {
- if (!authUser.isAdmin() &&
- !onlineapplication.getPublicURLPrefix().
- equals(generalOA.getIdentifier())) {
+ if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(generalOA.getIdentifier())) {
onlineapplication.setIsAdminRequired(true);
onlineapplication.setIsActive(false);
- log.info("User with ID " + authUser.getUserID()
- + " change OA-PublicURLPrefix. Reaktivation is required.");
+ log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required.");
}
}
- if ( (onlineapplication.isIsAdminRequired() == null) ||
- (authUser.isAdmin() && generalOA.isActive()
- && onlineapplication.isIsAdminRequired()) ) {
+ if ((onlineapplication.isIsAdminRequired() == null)
+ || (authUser.isAdmin() && generalOA.isActive() && onlineapplication.isIsAdminRequired())) {
onlineapplication.setIsAdminRequired(false);
isMetaDataRefreshRequired = true;
- if (onlineapplication.getHjid() != null)
- userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid());
+ if (onlineapplication.getHjid() != null) userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid());
- if (userdb != null && !userdb.isIsAdmin() ) {
+ if (userdb != null && !userdb.isIsAdmin()) {
try {
- MailHelper.sendUserOnlineApplicationActivationMail(
- userdb.getGivenname(),
- userdb.getFamilyname(),
- userdb.getInstitut(),
- onlineapplication.getPublicURLPrefix(),
- userdb.getMail());
- } catch (ConfigurationException e) {
+ MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(),
+ userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail());
+ }
+ catch (ConfigurationException e) {
log.warn("Sending Mail to User " + userdb.getMail() + " failed", e);
}
- }
+ }
}
if (pvp2OA.getMetaDataURL() != null) {
try {
- if (isMetaDataRefreshRequired || !pvp2OA.getMetaDataURL().
- equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) {
-
+ if (isMetaDataRefreshRequired
+ || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) {
+
log.debug("Set PVP2 Metadata refresh flag.");
MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration();
moaconfig.setPvp2RefreshItem(new Date());
ConfigurationDBUtils.saveOrUpdate(moaconfig);
-
+
}
- } catch (Throwable e) {
+ }
+ catch (Throwable e) {
log.info("Found no MetadataURL in OA-Databaseconfig!", e);
}
}
-
String error = saveOAConfigToDatabase(onlineapplication, newentry);
if (MiscUtil.isNotEmpty(error)) {
log.warn("OA configuration can not be stored!");
@@ -449,7 +438,7 @@ ServletResponseAware {
}
}
- Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
if (nextPageAttr != null && nextPageAttr instanceof String) {
nextPage = (String) nextPageAttr;
session.setAttribute(Constants.SESSION_RETURNAREA, null);
@@ -458,33 +447,29 @@ ServletResponseAware {
nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
}
-
if (onlineapplication.isIsAdminRequired()) {
int numoas = 0;
int numusers = 0;
List<OnlineApplication> openOAs = ConfigurationDBRead.getAllNewOnlineApplications();
- if (openOAs != null)
- numoas = openOAs.size();
+ if (openOAs != null) numoas = openOAs.size();
List<UserDatabase> openUsers = ConfigurationDBRead.getAllNewUsers();
- if (openUsers != null)
- numusers = openUsers.size();
+ if (openUsers != null) numusers = openUsers.size();
try {
addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request));
- if (numusers > 0 || numoas > 0)
- MailHelper.sendAdminMail(numoas, numusers);
+ if (numusers > 0 || numoas > 0) MailHelper.sendAdminMail(numoas, numusers);
- } catch (ConfigurationException e) {
+ }
+ catch (ConfigurationException e) {
log.warn("Sending Mail to Admin failed.", e);
}
} else
- addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request));
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request));
-
request.getSession().setAttribute(Constants.SESSION_OAID, null);
ConfigurationDBUtils.closeSession();
@@ -498,8 +483,8 @@ ServletResponseAware {
log.info("No http Session found.");
return Constants.STRUTS_ERROR;
}
-
- Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
if (nextPageAttr != null && nextPageAttr instanceof String) {
nextPage = (String) nextPageAttr;
session.setAttribute(Constants.SESSION_RETURNAREA, null);
@@ -531,28 +516,27 @@ ServletResponseAware {
if (formidobj != null && formidobj instanceof String) {
String formid = (String) formidobj;
if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID());
return Constants.STRUTS_ERROR;
- }
+ }
} else {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID());
return Constants.STRUTS_ERROR;
}
session.setAttribute(Constants.SESSION_FORMID, null);
- Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
if (nextPageAttr != null && nextPageAttr instanceof String) {
nextPage = (String) nextPageAttr;
} else {
nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
}
-
+
UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null &&
- !userdb.isIsMailAddressVerified()) {
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
log.info("Online-Applikation managemant disabled. Mail address is not verified.");
addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
return Constants.STRUTS_SUCCESS;
@@ -570,32 +554,31 @@ ServletResponseAware {
} else {
if (ValidationHelper.isValidOAIdentifier(oaidentifier)) {
log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);
- addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
- new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+ addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
+ new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }));
formID = Random.nextRandom();
session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
}
-
+
OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
request.getSession().setAttribute(Constants.SESSION_OAID, null);
-
try {
if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) {
-
+
MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration();
moaconfig.setPvp2RefreshItem(new Date());
ConfigurationDBUtils.saveOrUpdate(moaconfig);
-
+
}
- } catch (Throwable e) {
+ }
+ catch (Throwable e) {
log.info("Found no MetadataURL in OA-Databaseconfig!", e);
}
-
if (ConfigurationDBUtils.delete(onlineapplication)) {
if (!authUser.isAdmin()) {
@@ -611,7 +594,8 @@ ServletResponseAware {
try {
ConfigurationDBUtils.saveOrUpdate(user);
- } catch (MOADatabaseException e) {
+ }
+ catch (MOADatabaseException e) {
log.warn("User information can not be updated in database", e);
addActionError(LanguageHelper.getGUIString("error.db.oa.store", request));
return Constants.STRUTS_ERROR;
@@ -627,15 +611,13 @@ ServletResponseAware {
} else {
ConfigurationDBUtils.closeSession();
addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", generalOA.getIdentifier(), request));
- return Constants.STRUTS_SUCCESS;
+ return Constants.STRUTS_SUCCESS;
}
-
-
}
public String bkuFramePreview() {
-
+
String preview = null;
HttpSession session = request.getSession();
@@ -651,12 +633,11 @@ ServletResponseAware {
if (mapobj != null && mapobj instanceof Map<?, ?>) {
ConfigurationProvider config = ConfigurationProvider.getInstance();
- String templateURL = config.getConfigRootDir() +
- ConfigurationProvider.HTMLTEMPLATE_DIR +
- ConfigurationProvider.HTMLTEMPLATE_FILE;
+ String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR
+ + ConfigurationProvider.HTMLTEMPLATE_FILE;
File file = new File(templateURL);
- input = new FileInputStream(file);
+ input = new FileInputStream(file);
String contextpath = config.getMOAIDInstanceURL();
if (MiscUtil.isEmpty(contextpath)) {
@@ -667,7 +648,6 @@ ServletResponseAware {
preview = LoginFormBuilder.getTemplate(input);
preview = preview.replace(LoginFormBuilder.CONTEXTPATH, contextpath);
-
Map<String, String> map = (Map<String, String>) mapobj;
request.setCharacterEncoding("UTF-8");
@@ -679,22 +659,20 @@ ServletResponseAware {
String[] query = URLDecoder.decode(request.getQueryString()).split("&");
value = query[1].substring("value=".length());
}
-
+
synchronized (map) {
-
+
if (MiscUtil.isNotEmpty(module)) {
- if (map.containsKey("#"+module+"#")) {
+ if (map.containsKey("#" + module + "#")) {
if (MiscUtil.isNotEmpty(value)) {
- if (FormBuildUtils.FONTFAMILY.contains(module) ||
- FormBuildUtils.HEADER_TEXT.contains(module) ||
- value.startsWith("#"))
- map.put("#"+module+"#", value);
+ if (FormBuildUtils.FONTFAMILY.contains(module) || FormBuildUtils.HEADER_TEXT.contains(module)
+ || value.startsWith("#"))
+ map.put("#" + module + "#", value);
else
- map.put("#"+module+"#", "#"+value);
-
+ map.put("#" + module + "#", "#" + value);
+
} else {
- map.put("#"+module+"#",
- FormBuildUtils.getDefaultMap().get("#"+module+"#"));
+ map.put("#" + module + "#", FormBuildUtils.getDefaultMap().get("#" + module + "#"));
}
}
}
@@ -705,12 +683,13 @@ ServletResponseAware {
preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible");
}
-
- } catch (Exception e) {
+
+ }
+ catch (Exception e) {
log.warn("BKUSelection Preview can not be generated.", e);
preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible");
- }
+ }
}
stream = new ByteArrayInputStream(preview.getBytes());
@@ -719,15 +698,14 @@ ServletResponseAware {
}
private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) {
-
+
AuthComponentOA authoa = dboa.getAuthComponentOA();
- if (authoa == null) {
+ if (authoa == null) {
authoa = new AuthComponentOA();
dboa.setAuthComponentOA(authoa);
}
-
- if (authUser.isAdmin())
- dboa.setIsActive(generalOA.isActive());
+
+ if (authUser.isAdmin()) dboa.setIsActive(generalOA.isActive());
dboa.setFriendlyName(generalOA.getFriendlyName());
dboa.setCalculateHPI(generalOA.isCalculateHPI());
@@ -736,8 +714,7 @@ ServletResponseAware {
if (authUser.isAdmin())
dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier()));
else {
- if (newentry)
- dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR);
+ if (newentry) dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR);
}
dboa.setPublicURLPrefix(generalOA.getIdentifier());
@@ -747,58 +724,42 @@ ServletResponseAware {
dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
String num = generalOA.getIdentificationNumber().replaceAll(" ", "");
- String type = null;
if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) {
num = num.substring(Constants.IDENIFICATIONTYPE_FN.length());
num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num);
- //num = StringUtils.leftPad(num, 7, '0');
- type = Constants.IDENIFICATIONTYPE_FN_TYPE;
+ // num = StringUtils.leftPad(num, 7, '0');
}
- if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) {
- num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
- type = Constants.IDENIFICATIONTYPE_ZVR_TYPE;
- }
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
- if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) {
- num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
- type = Constants.IDENIFICATIONTYPE_ERSB_TYPE;
- }
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
IdentificationNumber idnumber = new IdentificationNumber();
- idnumber.setType(type);
- idnumber.setValue(
- Constants.PREFIX_WPBK +
- generalOA.getIdentificationType() +
- "+" +
- num);
-
+ idnumber.setValue(Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num);
+
authoa.setIdentificationNumber(idnumber);
- }
- else {
+ } else {
dboa.setType(null);
if (authUser.isAdmin()) {
- if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) &&
- generalOA.isAdminTarget() ) {
+ if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) && generalOA.isAdminTarget()) {
dboa.setTarget(generalOA.getTarget_admin());
dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName());
} else {
String target = generalOA.getTarget();
-
+
if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet)
dboa.setTarget(target + "-" + generalOA.getTarget_subsector());
else
dboa.setTarget(target);
String targetname = TargetValidator.getTargetFriendlyName(target);
- if (MiscUtil.isNotEmpty(targetname))
- dboa.setTargetFriendlyName(targetname);
+ if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname);
}
@@ -807,7 +768,7 @@ ServletResponseAware {
if (MiscUtil.isNotEmpty(generalOA.getTarget())) {
String target = generalOA.getTarget();
-
+
if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet)
dboa.setTarget(target + "-" + generalOA.getTarget_subsector());
@@ -815,11 +776,10 @@ ServletResponseAware {
dboa.setTarget(target);
String targetname = TargetValidator.getTargetFriendlyName(target);
- if (MiscUtil.isNotEmpty(targetname))
- dboa.setTargetFriendlyName(targetname);
+ if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname);
}
- }
+ }
}
BKUURLS bkuruls = new BKUURLS();
@@ -829,7 +789,7 @@ ServletResponseAware {
bkuruls.setLocalBKU(generalOA.getBkuLocalURL());
bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL());
}
-
+
TemplatesType templates = authoa.getTemplates();
if (templates == null) {
templates = new TemplatesType();
@@ -856,15 +816,15 @@ ServletResponseAware {
if (authUser.isAdmin()) {
templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText());
-
+
List<TemplateType> template = templates.getTemplate();
if (generalOA.isLegacy()) {
-
+
if (template == null)
template = new ArrayList<TemplateType>();
else
template.clear();
-
+
if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) {
TemplateType el = new TemplateType();
el.setURL(generalOA.getSLTemplateURL1());
@@ -882,10 +842,9 @@ ServletResponseAware {
}
} else {
- if (template != null && template.size() > 0)
- template.clear();
+ if (template != null && template.size() > 0) template.clear();
}
-
+
bkuselectioncustom.setBackGroundColor(parseColor(formOA.getBackGroundColor()));
bkuselectioncustom.setFrontColor(parseColor(formOA.getFrontColor()));
@@ -896,19 +855,19 @@ ServletResponseAware {
bkuselectioncustom.setButtonBackGroundColor(parseColor(formOA.getButton_BackGroundColor()));
bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(formOA.getButton_BackGroundColorFocus()));
bkuselectioncustom.setButtonFontColor(parseColor(formOA.getButton_FrontColor()));
-
+
if (MiscUtil.isNotEmpty(formOA.getAppletRedirectTarget()))
bkuselectioncustom.setAppletRedirectTarget(formOA.getAppletRedirectTarget());
- bkuselectioncustom.setFontType(formOA.getFontType());
-
+ bkuselectioncustom.setFontType(formOA.getFontType());
+
}
-
- //set default transformation if it is empty
+
+ // set default transformation if it is empty
List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo();
if (transformsInfo == null) {
- //TODO: set OA specific transformation if it is required
-
+ // TODO: set OA specific transformation if it is required
+
}
OAPVP2 pvp2 = authoa.getOAPVP2();
@@ -920,17 +879,18 @@ ServletResponseAware {
pvp2.setMetadataURL(pvp2OA.getMetaDataURL());
try {
- if (pvp2OA.getFileUpload() != null)
- pvp2.setCertificate(pvp2OA.getCertificate());
+ if (pvp2OA.getFileUpload() != null) pvp2.setCertificate(pvp2OA.getCertificate());
- } catch (CertificateException e) {
+ }
+ catch (CertificateException e) {
log.info("Uploaded Certificate can not be found", e);
return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound");
- } catch (IOException e) {
+ }
+ catch (IOException e) {
log.info("Uploaded Certificate can not be parsed", e);
return LanguageHelper.getErrorString("validation.pvp2.certificate.format");
}
-
+
OASAML1 saml1 = authoa.getOASAML1();
if (saml1 == null) {
saml1 = new OASAML1();
@@ -941,7 +901,7 @@ ServletResponseAware {
if (authUser.isAdmin()) {
saml1.setIsActive(saml1OA.isActive());
}
-
+
if (saml1.isIsActive() != null && saml1.isIsActive()) {
saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock());
saml1.setProvideCertificate(saml1OA.isProvideCertificate());
@@ -950,8 +910,8 @@ ServletResponseAware {
saml1.setProvideStammzahl(saml1OA.isProvideStammZahl());
saml1.setUseCondition(saml1OA.isUseCondition());
saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength()));
- //TODO: set sourceID
- //saml1.setSourceID("");
+ // TODO: set sourceID
+ // saml1.setSourceID("");
}
OASSO sso = authoa.getOASSO();
@@ -962,42 +922,60 @@ ServletResponseAware {
}
sso.setUseSSO(ssoOA.isUseSSO());
- if (authUser.isAdmin())
- sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame());
+ if (authUser.isAdmin()) sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame());
sso.setSingleLogOutURL(ssoOA.getSingleLogOutURL());
-
STORK stork = authoa.getSTORK();
if (stork == null) {
- //TODO: make stork configurable
+ // TODO: make stork configurable
}
-
+
+ if (oauth20OA != null) {
+ log.debug("Saving OAuth 2.0 configuration:");
+ OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20();
+ if (oaOAuth20 == null) {
+ oaOAuth20 = new OAOAUTH20();
+ authoa.setOAOAUTH20(oaOAuth20);
+ }
+
+ oaOAuth20.setOAuthClientId(generalOA.getIdentifier());
+ // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret());
+ oaOAuth20.setOAuthRedirectUri(oauth20OA.getRedirectUri());
+ log.debug("client id: " + oauth20OA.getClientId());
+ log.debug("client secret: " + oauth20OA.getClientSecret());
+ log.debug("redirect uri:" + oauth20OA.getRedirectUri());
+
+ oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET));
+ request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null);
+
+ }
+
try {
if (newentry) {
ConfigurationDBUtils.save(dboa);
-
+
if (!authUser.isAdmin()) {
UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID());
-
+
List<OnlineApplication> useroas = user.getOnlineApplication();
- if (useroas == null)
- useroas = new ArrayList<OnlineApplication>();
+ if (useroas == null) useroas = new ArrayList<OnlineApplication>();
useroas.add(dboa);
- ConfigurationDBUtils.saveOrUpdate(user);
+ ConfigurationDBUtils.saveOrUpdate(user);
}
}
else
ConfigurationDBUtils.saveOrUpdate(dboa);
- } catch (MOADatabaseException e) {
+ }
+ catch (MOADatabaseException e) {
log.warn("Online-Application can not be stored.", e);
return LanguageHelper.getErrorString("error.db.oa.store");
}
-
+
return null;
}
@@ -1016,9 +994,8 @@ ServletResponseAware {
private void generateUserSpecificConfigurationOptions(UserDatabase userdb) {
if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) {
- String bpk = userdb.getBpk();
- if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) ||
- bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR)) {
+ String bpk = userdb.getBpk();
+ if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR)) {
onlyBusinessService = true;
generalOA.setBusinessService(true);
@@ -1030,15 +1007,12 @@ ServletResponseAware {
generalOA.setIdentificationType(split[1].substring(1));
if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN))
- generalOA.setIdentificationNumber(
- at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2]));
+ generalOA.setIdentificationNumber(at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2]));
else
generalOA.setIdentificationNumber(split[2]);
}
-
-
}
public String setGeneralOAConfig() {
@@ -1066,179 +1040,185 @@ ServletResponseAware {
return Constants.STRUTS_SUCCESS;
}
-
- //Getter and Setter
+ // Getter and Setter
public void setServletResponse(HttpServletResponse arg0) {
this.response = arg0;
}
-
+
public void setServletRequest(HttpServletRequest arg0) {
this.request = arg0;
}
-
+
public HttpServletRequest getRequest() {
return request;
}
-
+
public void setRequest(HttpServletRequest request) {
this.request = request;
}
-
+
public HttpServletResponse getResponse() {
return response;
}
-
+
public void setResponse(HttpServletResponse response) {
this.response = response;
}
-
+
public OAGeneralConfig getGeneralOA() {
return generalOA;
}
-
+
public void setGeneralOA(OAGeneralConfig generalOA) {
this.generalOA = generalOA;
}
-
+
public OAPVP2Config getPvp2OA() {
return pvp2OA;
}
-
+
public void setPvp2OA(OAPVP2Config pvp2oa) {
pvp2OA = pvp2oa;
}
-
+
public OASAML1Config getSaml1OA() {
return saml1OA;
}
-
+
public void setSaml1OA(OASAML1Config saml1oa) {
saml1OA = saml1oa;
}
-
+
public OASSOConfig getSsoOA() {
return ssoOA;
}
-
+
public void setSsoOA(OASSOConfig ssoOA) {
this.ssoOA = ssoOA;
}
-
+
public OASTORKConfig getStorkOA() {
return storkOA;
}
-
+
public void setStorkOA(OASTORKConfig storkOA) {
this.storkOA = storkOA;
}
-
+
/**
- * @param oaidobj the oaidobj to set
+ * @param oaidobj
+ * the oaidobj to set
*/
public void setOaidobj(String oaidobj) {
this.oaidobj = oaidobj;
}
-
+
/**
* @return the authUser
*/
public AuthenticatedUser getAuthUser() {
return authUser;
}
-
+
/**
* @return the newOA
*/
public boolean isNewOA() {
return newOA;
}
-
+
/**
- * @param newOA the newOA to set
+ * @param newOA
+ * the newOA to set
*/
public void setNewOA(boolean newOA) {
this.newOA = newOA;
}
-
+
/**
* @return the nextPage
*/
public String getNextPage() {
return nextPage;
}
-
+
/**
* @return the formID
*/
public String getFormID() {
return formID;
}
-
+
/**
- * @param formID the formID to set
+ * @param formID
+ * the formID to set
*/
public void setFormID(String formID) {
this.formID = formID;
}
-
+
/**
* @return the onlyBusinessService
*/
public boolean isOnlyBusinessService() {
return onlyBusinessService;
}
-
+
/**
- * @param onlyBusinessService the onlyBusinessService to set
+ * @param onlyBusinessService
+ * the onlyBusinessService to set
*/
public void setOnlyBusinessService(boolean onlyBusinessService) {
this.onlyBusinessService = onlyBusinessService;
}
-
+
/**
* @return the subTargetSet
*/
public boolean isSubTargetSet() {
return subTargetSet;
}
-
+
/**
- * @param subTargetSet the subTargetSet to set
+ * @param subTargetSet
+ * the subTargetSet to set
*/
public void setSubTargetSet(boolean subTargetSet) {
this.subTargetSet = subTargetSet;
}
-
+
/**
* @return the deaktivededBusinessService
*/
public boolean isDeaktivededBusinessService() {
return deaktivededBusinessService;
}
-
+
/**
- * @param deaktivededBusinessService the deaktivededBusinessService to set
+ * @param deaktivededBusinessService
+ * the deaktivededBusinessService to set
*/
public void setDeaktivededBusinessService(boolean deaktivededBusinessService) {
this.deaktivededBusinessService = deaktivededBusinessService;
}
-
+
/**
* @return the formOA
*/
public FormularCustomization getFormOA() {
return formOA;
}
-
+
/**
- * @param formOA the formOA to set
+ * @param formOA
+ * the formOA to set
*/
public void setFormOA(FormularCustomization formOA) {
this.formOA = formOA;
}
-
+
/**
* @return the stream
*/
@@ -1246,5 +1226,12 @@ ServletResponseAware {
return stream;
}
+ public OAOAuth20Config getOauth20OA() {
+ return oauth20OA;
+ }
+
+ public void setOauth20OA(OAOAuth20Config oauth20OA) {
+ this.oauth20OA = oauth20OA;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index c82746dbc..b5896aecf 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -1,5 +1,6 @@
package at.gv.egovernment.moa.id.configuration.struts.action;
+import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
@@ -23,18 +24,24 @@ import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.encryption.Decrypter;
+import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.security.MetadataCredentialResolverFactory;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver;
+import org.opensaml.xml.encryption.InlineEncryptedKeyResolver;
+import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.credential.UsageType;
@@ -43,9 +50,12 @@ import org.opensaml.xml.security.criteria.UsageCriteria;
import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
+import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver;
import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
+import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
+import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
@@ -261,8 +271,47 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
- List<org.opensaml.saml2.core.Assertion> saml2assertions = samlResponse.getAssertions();
-
+ List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
+
+ //check encrypted Assertion
+ List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions();
+ if (encryAssertionList != null && encryAssertionList.size() > 0) {
+ //decrypt assertions
+
+ log.debug("Found encryped assertion. Start decryption ...");
+
+ KeyStore keyStore = config.getPVP2KeyStore();
+
+ X509Credential authDecCredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),
+ config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray());
+
+
+ StaticKeyInfoCredentialResolver skicr =
+ new StaticKeyInfoCredentialResolver(authDecCredential);
+
+ ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver();
+ encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() );
+ encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() );
+ encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() );
+
+ Decrypter samlDecrypter =
+ new Decrypter(null, skicr, encryptedKeyResolver);
+
+ for (EncryptedAssertion encAssertion : encryAssertionList) {
+ saml2assertions.add(samlDecrypter.decrypt(encAssertion));
+
+ }
+
+ log.debug("Assertion decryption finished. ");
+
+ } else {
+ saml2assertions = samlResponse.getAssertions();
+
+ }
+
+
if (MiscUtil.isEmpty(authID)) {
log.info("NO AuthRequestID");
return Constants.STRUTS_ERROR;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java
new file mode 100644
index 000000000..867abafc3
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java
@@ -0,0 +1,33 @@
+package at.gv.egovernment.moa.id.configuration.validation.oa;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+
+public class OAOAUTH20ConfigValidation {
+
+ private static final Logger log = Logger.getLogger(OAOAUTH20ConfigValidation.class);
+
+ public List<String> validate(OAOAuth20Config form) {
+
+ List<String> errors = new ArrayList<String>();
+
+ // validate secret
+// if (StringUtils.isEmpty(form.getClientSecret())) {
+// errors.add(LanguageHelper.getErrorString("error.oa.oauth.clientSecret"));
+// }
+
+ // validate redirectUri
+ if (StringUtils.isNotEmpty(form.getRedirectUri()) && !OAuth20Util.isUrl(form.getRedirectUri())) {
+ errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi"));
+ }
+
+ return errors;
+ }
+}