aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-09-08 14:37:54 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-09-08 14:37:54 +0200
commit698a0066e84dee07f0f8de8aa408d9744f755660 (patch)
tree17085c61b97cef37b7d2443513622c1d02553710 /id/ConfigWebTool/src/main/java/at/gv
parentb754f06150f8a8b6235bc3a138ab403175036171 (diff)
parenta512ce06caa134ea978ca54a87a8b78d5c10bf1c (diff)
downloadmoa-id-spss-698a0066e84dee07f0f8de8aa408d9744f755660.tar.gz
moa-id-spss-698a0066e84dee07f0f8de8aa408d9744f755660.tar.bz2
moa-id-spss-698a0066e84dee07f0f8de8aa408d9744f755660.zip
Merge tag 'MOA-ID-3.2.3' into development_previewMOA-ID-3.2.3
JoinUp Release # Conflicts: # pom.xml
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java20
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java7
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java10
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java105
4 files changed, 87 insertions, 55 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index 05ce3344b..c5ae5065f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -63,6 +63,7 @@ import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUse
import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.asn1.structures.AlgorithmID;
import iaik.x509.X509Certificate;
@@ -150,6 +151,8 @@ public class ConfigurationProvider {
UserRequestCleaner.start();
+ fixJava8_141ProblemWithSSLAlgorithms();
+
log.info("MOA-ID-Configuration initialization completed");
@@ -168,6 +171,23 @@ public class ConfigurationProvider {
}
+ private static void fixJava8_141ProblemWithSSLAlgorithms() {
+ log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
+ //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption",
+ new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption",
+ new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption",
+ new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption",
+ new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption",
+ new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true);
+
+ log.info("Change AlgorithmIDs finished");
+ }
+
@Autowired(required = true)
public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) {
this.configModule = module;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
index f660b5feb..b4b3aaf13 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -178,6 +178,13 @@ public class OATargetConfiguration implements IOnlineApplicationData {
num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num);
+ /*Fixme:
+ * Company numbers had to be padded with '0' on left site
+ * But this bugfix can not be activated, because this would
+ * change all bPKs for company numbers.
+ *
+ * Change this in case of new bPK generation algorithms
+ */
// num = StringUtils.leftPad(num, 7, '0');
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
index 67fef3b1d..c69998fa2 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
@@ -28,9 +28,6 @@ import java.util.Date;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
-import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Logger;
-
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -42,6 +39,9 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
@@ -205,7 +205,9 @@ public class AuthenticationFilter implements Filter{
filterchain.doFilter(req, resp);
} catch (Exception e) {
-
+
+ log.error("Servlet filter catchs an unhandled exception! Msg: " + e.getMessage(), e);
+
//String redirectURL = "./index.action";
//HttpServletResponse httpResp = (HttpServletResponse) resp;
//redirectURL = httpResp.encodeRedirectURL(redirectURL);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 61a380188..79e7e9252 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -111,81 +111,84 @@ public class OAPVP2ConfigValidation {
log.info("MetaDataURL has no valid form.");
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request));
- } else {
-
+ } else {
if (certSerialized == null) {
log.info("No certificate for metadata validation");
errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request));
- } else {
-
- X509Certificate cert = new X509Certificate(certSerialized);
- BasicX509Credential credential = new BasicX509Credential();
- credential.setEntityCertificate(cert);
+ } else {
+ if (form.getMetaDataURL().startsWith("http")) {
+ X509Certificate cert = new X509Certificate(certSerialized);
+ BasicX509Credential credential = new BasicX509Credential();
+ credential.setEntityCertificate(cert);
- timer = new Timer();
- httpClient = new MOAHttpClient();
+ timer = new Timer();
+ httpClient = new MOAHttpClient();
- if (form.getMetaDataURL().startsWith("https:"))
- try {
- MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- "MOAMetaDataProvider",
- ConfigurationProvider.getInstance().getCertStoreDirectory(),
- ConfigurationProvider.getInstance().getTrustStoreDirectory(),
- null,
- "pkix",
- true,
- new String[]{"crl"},
- false);
+ if (form.getMetaDataURL().startsWith("https:"))
+ try {
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ "MOAMetaDataProvider",
+ ConfigurationProvider.getInstance().getCertStoreDirectory(),
+ ConfigurationProvider.getInstance().getTrustStoreDirectory(),
+ null,
+ "pkix",
+ true,
+ new String[]{"crl"},
+ false);
- httpClient.setCustomSSLTrustStore(
- form.getMetaDataURL(),
- protoSocketFactory);
+ httpClient.setCustomSSLTrustStore(
+ form.getMetaDataURL(),
+ protoSocketFactory);
- } catch (MOAHttpProtocolSocketFactoryException e) {
- log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
- } catch (ConfigurationException e) {
- log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
+ } catch (ConfigurationException e) {
+ log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
- }
+ }
- List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
- filterList.add(new MetaDataVerificationFilter(credential));
+ List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
+ filterList.add(new MetaDataVerificationFilter(credential));
- try {
- filterList.add(new SchemaValidationFilter(
- ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
+ try {
+ filterList.add(new SchemaValidationFilter(
+ ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
- } catch (ConfigurationException e) {
- log.warn("Configuration access FAILED!", e);
+ } catch (ConfigurationException e) {
+ log.warn("Configuration access FAILED!", e);
- }
+ }
+
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.setFilters(filterList);
- MetadataFilterChain filter = new MetadataFilterChain();
- filter.setFilters(filterList);
+ httpProvider =
+ new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
+ httpProvider.setParserPool(new BasicParserPool());
+ httpProvider.setRequireValidMetadata(true);
+ httpProvider.setMetadataFilter(filter);
+ httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+ httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
- httpProvider =
- new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
- httpProvider.setParserPool(new BasicParserPool());
- httpProvider.setRequireValidMetadata(true);
- httpProvider.setMetadataFilter(filter);
- httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
- httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+ httpProvider.setRequireValidMetadata(true);
- httpProvider.setRequireValidMetadata(true);
+ httpProvider.initialize();
- httpProvider.initialize();
+ if (httpProvider.getMetadata() == null) {
+ log.info("Metadata could be received but validation FAILED.");
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
+ }
- if (httpProvider.getMetadata() == null) {
- log.info("Metadata could be received but validation FAILED.");
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
+ } else {
+ log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form.getMetaDataURL());
+
}
-
}
}
}