diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-19 16:19:00 +0200 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-19 16:19:00 +0200 | 
| commit | a27cf61551c129aee48ea533ad73f2ade37a757a (patch) | |
| tree | c97a1ccc7b3afdec906c609de165b582db2b3149 /id/ConfigWebTool/src/main/java | |
| parent | 2c7d70f182b554321b6baf3e225139a883d61035 (diff) | |
| download | moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.gz moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.bz2 moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.zip | |
ConfigWebTool Version 0.9.5
 --PVP2 Login
 --PVP2 Users to UserDatabase functionality
 --Mailaddress verification
 --Mail status messages to users and admin
 --add List with OpenRequests for admins
 --change OA Target configuration
 --add cleanUp Thread to remove old unused UserAccount requests
 --update UserDatabase to support PVP2 logins
 --add formID element validate received forms
 -- add first classes for STORK configuration
make some Bugfixes
Diffstat (limited to 'id/ConfigWebTool/src/main/java')
33 files changed, 3928 insertions, 464 deletions
| diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index d088edf34..47e6e83d5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -1,29 +1,49 @@  package at.gv.egovernment.moa.id.configuration;  public class Constants { +	public static final String FILEPREFIX = "file:"; +	 +	public static final String SERVLET_PVP2ASSERTION = "pvp2login.action"; +	public static final String SERVLET_ACCOUNTVERIFICATION = "mailAddressVerification.action"; +	  	public static final String STRUTS_SUCCESS = "success";  	public static final String STRUTS_ERROR = "error";  	public static final String STRUTS_ERROR_VALIDATION = "error_validation";  	public static final String STRUTS_OA_EDIT = "editOA";  	public static final String STRUTS_REAUTHENTICATE = "reauthentication";  	public static final String STRUTS_NOTALLOWED = "notallowed"; +	public static final String STRUTS_NEWUSER = "newuser"; +	public static final String STRUTS_SSOLOGOUT = "ssologout";  	public static final String SESSION_AUTH = "authsession";  	public static final String SESSION_AUTH_ERROR = "authsessionerror";  	public static final String SESSION_OAID = "oadbidentifier"; +	public static final String SESSION_FORMID = "formId"; +	public static final String SESSION_FORM = "form"; +	public static final String SESSION_PVP2REQUESTID = "pvp2requestid"; +	public static final String SESSION_RETURNAREA = "returnarea"; +	 +	public static enum STRUTS_RETURNAREA_VALUES {adminRequestsInit, main, usermanagementInit};   	public static final String REQUEST_OAID = "oaid"; +	public static final String REQUEST_USERREQUESTTOKKEN = "tokken";  	public static final String BKU_ONLINE = "bkuonline";  	public static final String BKU_LOCAL = "bkulocal";  	public static final String BKU_HANDY = "bkuhandy"; -	  	public static final String MOA_CONFIG_BUSINESSSERVICE = "businessService"; -	  	public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1";  	public static final String MOA_CONFIG_PROTOCOL_PVP2 = "id_pvp2x";  	public static final String DEFAULT_LOCALBKU_URL = "https://127.0.0.1:3496/https-security-layer-request";  	public static final String DEFAULT_HANDYBKU_URL = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; +	 +	public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at"; +	 +	public static final String IDENIFICATIONTYPE_FN = "FN"; +	public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; +	public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; +	 +	public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";  } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java index 8f75a357c..009a13f4b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java @@ -2,14 +2,19 @@ package at.gv.egovernment.moa.id.configuration.auth;  import java.util.Date; +import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; +  public class AuthenticatedUser {  	private boolean isAuthenticated = false;  	private boolean isAdmin = false; +	private boolean isPVP2Login = false; +	private boolean isMandateUser = false;  	private long userID;  	private String givenName;  	private String familyName; +	private String institute;  	private String userName;  	private Date lastLogin; @@ -17,18 +22,26 @@ public class AuthenticatedUser {  	} -	public AuthenticatedUser(long userID, String givenName, String familyName, String userName, -			boolean isAuthenticated, boolean isAdmin) { +	public AuthenticatedUser(long userID, String givenName, String familyName, String institute,  +			String userName, boolean isAuthenticated, boolean isAdmin, boolean isMandateUser,  +			boolean isPVP2Login) {  		this.familyName = familyName;  		this.givenName = givenName;  		this.userName = userName;  		this.userID = userID; +		this.institute = institute;  		this.isAdmin = isAdmin;  		this.isAuthenticated = isAuthenticated; +		this.isMandateUser = isMandateUser; +		this.isPVP2Login = isPVP2Login;  		this.lastLogin = new Date();  	} +	public String getFormatedLastLogin() { +		return DateTimeHelper.getDateTime(lastLogin); +	} +	  	/**  	 * @return the isAuthenticated  	 */ @@ -105,7 +118,7 @@ public class AuthenticatedUser {  	public Date getLastLogin() {  		return lastLogin;  	} - +	  	/**  	 * @param lastLogin the lastLogin to set  	 */ @@ -126,8 +139,49 @@ public class AuthenticatedUser {  	public void setUserName(String userName) {  		this.userName = userName;  	} + +	/** +	 * @return the institute +	 */ +	public String getInstitute() { +		return institute; +	} + +	/** +	 * @param institute the institute to set +	 */ +	public void setInstitute(String institute) { +		this.institute = institute; +	} + +	/** +	 * @return the isPVP2Login +	 */ +	public boolean isPVP2Login() { +		return isPVP2Login; +	} + +	/** +	 * @param isPVP2Login the isPVP2Login to set +	 */ +	public void setPVP2Login(boolean isPVP2Login) { +		this.isPVP2Login = isPVP2Login; +	} + +	/** +	 * @return the isMandateUser +	 */ +	public boolean isMandateUser() { +		return isMandateUser; +	} + +	/** +	 * @param isMandateUser the isMandateUser to set +	 */ +	public void setMandateUser(boolean isMandateUser) { +		this.isMandateUser = isMandateUser; +	} -	 -	 +  } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java new file mode 100644 index 000000000..199e89d7c --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.RequestedAttribute; + +import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +public class AttributeListBuilder implements PVPConstants{ + +	protected static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) { +		RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class); +		attribute.setIsRequired(required); +		attribute.setName(name); +		attribute.setFriendlyName(friendlyName); +		attribute.setNameFormat(Attribute.URI_REFERENCE); +		return attribute; +	} +	 +	public static List<RequestedAttribute> getRequestedAttributes() { +		List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>(); +		 +		requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); +		requestedAttributes.add(buildReqAttribute(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); +		requestedAttributes.add(buildReqAttribute(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true)); +		requestedAttributes.add(buildReqAttribute(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, false)); +		requestedAttributes.add(buildReqAttribute(BPK_NAME, BPK_FRIENDLY_NAME, true)); +		requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true)); +		requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true)); +		requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true)); +		 +		requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); +		requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); +		requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); +		requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); +		 +		requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); +		requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); +		requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); +		requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); +		 +		requestedAttributes.add(buildReqAttribute(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); +		requestedAttributes.add(buildReqAttribute(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false)); +		requestedAttributes.add(buildReqAttribute(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false)); +		return requestedAttributes; +	} +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java new file mode 100644 index 000000000..ed496ae16 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java @@ -0,0 +1,245 @@ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.io.FileInputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.NameIDPolicy; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.security.MetadataCredentialResolverFactory; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.credential.BasicCredential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.iaik.commons.util.ConfigException; + + +/** + * Servlet implementation class Authenticate + */ +public class Authenticate extends HttpServlet { +	private static final long serialVersionUID = 1L; + +	private static final Logger log = LoggerFactory +			.getLogger(Authenticate.class);	 +	/** +	 * @see HttpServlet#HttpServlet() +	 */ +	public Authenticate() { +		super(); +		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); +		factory.setNamespaceAware(true); +		try { +			builder = factory.newDocumentBuilder(); +		} catch (ParserConfigurationException e) { +			// TODO Auto-generated catch block +			e.printStackTrace(); +		} +	} + +	DocumentBuilder builder; + +	public Document asDOMDocument(XMLObject object) throws IOException, +			MarshallingException, TransformerException { +		Document document = builder.newDocument(); +		Marshaller out = Configuration.getMarshallerFactory().getMarshaller( +				object); +		out.marshall(object, document); +		return document; +	} + +	protected void process(HttpServletRequest request, +			HttpServletResponse response, Map<String,String> legacyParameter) throws ServletException, IOException { +		try { +			 +			ConfigurationProvider config = ConfigurationProvider.getInstance(); +			config.initializePVP2Login(); +			 +			AuthnRequest authReq = SAML2Utils +					.createSAMLObject(AuthnRequest.class); +			SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); +			authReq.setID(gen.generateIdentifier()); +			 +			HttpSession session = request.getSession(); +			if (session != null) { +				session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); +			} +			 +			authReq.setAssertionConsumerServiceIndex(0); +			authReq.setAttributeConsumingServiceIndex(0); +			authReq.setIssueInstant(new DateTime()); +			Subject subject = SAML2Utils.createSAMLObject(Subject.class); +			NameID name = SAML2Utils.createSAMLObject(NameID.class); +			Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); +			 +			String serviceURL = config.getPublicUrlPreFix(request); +			if (!serviceURL.endsWith("/")) +				serviceURL = serviceURL + "/"; +			name.setValue(serviceURL); +			issuer.setValue(serviceURL); + +			subject.setNameID(name); +			authReq.setSubject(subject); +			issuer.setFormat(NameIDType.ENTITY); +			authReq.setIssuer(issuer); +			NameIDPolicy policy = SAML2Utils +					.createSAMLObject(NameIDPolicy.class); +			policy.setAllowCreate(true); +			policy.setFormat(NameID.PERSISTENT); +			authReq.setNameIDPolicy(policy); +			 +			String entityname = config.getPVP2IDPMetadataEntityName(); +			if (MiscUtil.isEmpty(entityname)) { +				log.info("No IDP EntityName configurated"); +				throw new ConfigurationException("No IDP EntityName configurated"); +			} +			 +			HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); +			EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); +			if (idpEntity == null) { +				log.info("IDP EntityName is not found in IDP Metadata"); +				throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); +			} +			 +			SingleSignOnService redirectEndpoint = null;   +			for (SingleSignOnService sss :  +					idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { +				 +				if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { //Get the service address for the binding you wish to use   +					redirectEndpoint = sss;   +				}   +			} +						 +			authReq.setDestination(redirectEndpoint.getLocation()); +			 +			RequestedAuthnContext reqAuthContext =  +					SAML2Utils.createSAMLObject(RequestedAuthnContext.class); +			 +			AuthnContextClassRef authnClassRef =  +					SAML2Utils.createSAMLObject(AuthnContextClassRef.class); +			 +			authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + +			reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); +			 +			reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); +			 +			authReq.setRequestedAuthnContext(reqAuthContext); +			 +			KeyStore keyStore = config.getPVP2KeyStore(); + +			X509Credential authcredential = new KeyStoreX509CredentialAdapter( +					keyStore,  +					config.getPVP2KeystoreAuthRequestKeyAlias(),  +					config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + +			Signature signer = SAML2Utils.createSAMLObject(Signature.class); +			signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); +			signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); +			signer.setSigningCredential(authcredential); + +			authReq.setSignature(signer); + +			VelocityEngine engine = new VelocityEngine(); +			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); +			engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); +			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); +			engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); +			engine.setProperty("classpath.resource.loader.class", +					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); +			engine.init(); + +			HTTPPostEncoder encoder = new HTTPPostEncoder(engine, +					"templates/pvp_postbinding_template.html"); +			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( +					response, true); +			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); +			SingleSignOnService service = new SingleSignOnServiceBuilder() +					.buildObject(); +			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); +			service.setLocation(redirectEndpoint.getLocation());; +			 +			context.setOutboundSAMLMessageSigningCredential(authcredential); +			context.setPeerEntityEndpoint(service); +			context.setOutboundSAMLMessage(authReq); +			context.setOutboundMessageTransport(responseAdapter); + +			encoder.encode(context); + +		} catch (Exception e) { +			log.warn("Authentication Request can not be generated", e); +			throw new ServletException("Authentication Request can not be generated.", e); +		} +	} + +	/** +	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse +	 *      response) +	 */ +	protected void doGet(HttpServletRequest request, +			HttpServletResponse response) throws ServletException, IOException { +				 +		process(request, response, null); +	} + +	/** +	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse +	 *      response) +	 */ +	protected void doPost(HttpServletRequest request, +			HttpServletResponse response) throws ServletException, IOException { +		process(request, response, null); +	} + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java new file mode 100644 index 000000000..fa02443dc --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java @@ -0,0 +1,288 @@ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.io.IOException; +import java.io.StringWriter; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.apache.log4j.Logger; +import org.opensaml.Configuration; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.LocalizedString; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.ServiceName; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.Signer; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * Servlet implementation class BuildMetadata + */ +public class BuildMetadata extends HttpServlet { +	private static final long serialVersionUID = 1L; +	 +	private static final Logger log = Logger.getLogger(BuildMetadata.class); + +	/** +	 * @see HttpServlet#HttpServlet() +	 */ +	public BuildMetadata() { +		super(); +	} + +	protected static Signature getSignature(Credential credentials) { +		Signature signer = SAML2Utils.createSAMLObject(Signature.class); +		signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); +		signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); +		signer.setSigningCredential(credentials); +		return signer; +	} +	 +	/** +	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse +	 *      response) +	 */ +	protected void doGet(HttpServletRequest request, +			HttpServletResponse response) throws ServletException, IOException { +		try { +			ConfigurationProvider config = ConfigurationProvider.getInstance(); +			 +			//config.initializePVP2Login(); +			 +			SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); +			 +			EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. +					createSAMLObject(EntitiesDescriptor.class); +			 +			String name = config.getPVP2MetadataEntitiesName(); +			if (MiscUtil.isEmpty(name)) { +				log.info("NO Metadata EntitiesName configurated"); +				throw new ConfigurationException("NO Metadata EntitiesName configurated"); +			} +			 +			spEntitiesDescriptor.setName(name); +			spEntitiesDescriptor.setID(idGen.generateIdentifier()); +			 +			EntityDescriptor spEntityDescriptor = SAML2Utils +					.createSAMLObject(EntityDescriptor.class); + +			spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); +			 +			String serviceURL = config.getPublicUrlPreFix(request); +			if (!serviceURL.endsWith("/")) +				serviceURL = serviceURL + "/"; +			 +			log.debug("Set OnlineApplicationURL to " + serviceURL); +			spEntityDescriptor.setEntityID(serviceURL); + +			SPSSODescriptor spSSODescriptor = SAML2Utils +					.createSAMLObject(SPSSODescriptor.class); + +			spSSODescriptor.setAuthnRequestsSigned(true); +			spSSODescriptor.setWantAssertionsSigned(true); + +			X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); +			keyInfoFactory.setEmitEntityCertificate(true); +			KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); +			 +			KeyStore keyStore = config.getPVP2KeyStore(); + +			X509Credential signingcredential = new KeyStoreX509CredentialAdapter( +					keyStore,  +					config.getPVP2KeystoreMetadataKeyAlias(),  +					config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); + +			 +			log.debug("Set Metadata key information"); +			//Set MetaData Signing key +			KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils +					.createSAMLObject(KeyDescriptor.class); +			entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); +			entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); +			Signature entitiesSignature = getSignature(signingcredential); +			 +			X509Credential authcredential = new KeyStoreX509CredentialAdapter( +					keyStore,  +					config.getPVP2KeystoreAuthRequestKeyAlias(),  +					config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); +			 +			 +			//Set AuthRequest Signing certificate +			KeyDescriptor signKeyDescriptor = SAML2Utils +					.createSAMLObject(KeyDescriptor.class); +			signKeyDescriptor.setUse(UsageType.SIGNING); +			signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));	 +			spEntitiesDescriptor.setSignature(entitiesSignature); +			spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); +			 +			NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); +			persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); +			 +			spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); +			 +			NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); +			transientnameIDFormat.setFormat(NameIDType.TRANSIENT); +			 +			spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); +			 +			NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); +			unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); +			 +			spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); +						 +			AssertionConsumerService postassertionConsumerService =  +					SAML2Utils.createSAMLObject(AssertionConsumerService.class); +			 +			postassertionConsumerService.setIndex(0); +			postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); +			postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); +			 +			spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); +			 +			spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); +			 +			spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); +			 +			spSSODescriptor.setWantAssertionsSigned(true); +			spSSODescriptor.setAuthnRequestsSigned(true); +			AttributeConsumingService attributeService =  +					SAML2Utils.createSAMLObject(AttributeConsumingService.class); +			 +			attributeService.setIndex(0); +			attributeService.setIsDefault(true); +			ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); +			serviceName.setName(new LocalizedString("Default Service", "de")); +			attributeService.getNames().add(serviceName); +			 +			attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); +			 +			spSSODescriptor.getAttributeConsumingServices().add(attributeService); + +			DocumentBuilder builder; +			DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); +			 +			builder = factory.newDocumentBuilder(); +			Document document = builder.newDocument(); +			Marshaller out = Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor); +			out.marshall(spEntitiesDescriptor, document); +			 +			Signer.signObject(entitiesSignature); +			 +			Transformer transformer = TransformerFactory.newInstance().newTransformer(); +			 +			StringWriter sw = new StringWriter(); +			StreamResult sr = new StreamResult(sw); +			DOMSource source  = new DOMSource(document); +			transformer.transform(source, sr); +			sw.close(); +			 +			String metadataXML = sw.toString(); +						 +			response.setContentType("text/xml"); +			response.getOutputStream().write(metadataXML.getBytes()); +			 +			response.getOutputStream().close(); +			 +		} catch (ConfigurationException e) { +			log.warn("Configuration can not be loaded.", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +			 +		} catch (NoSuchAlgorithmException e) { +			log.warn("Requested Algorithm could not found.", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +			 +		} catch (KeyStoreException e) { +			log.warn("Requested KeyStoreType is not implemented.", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +			 +		} catch (CertificateException e) { +			log.warn("KeyStore can not be opend or userd.", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +			 +		} catch (SecurityException e) { +			log.warn("KeyStore can not be opend or used", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +			 +		} catch (ParserConfigurationException e) { +			log.warn("PVP2 Metadata createn error", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +			 +		} catch (MarshallingException e) { +			log.warn("PVP2 Metadata createn error", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +			 +		} catch (SignatureException e) { +			log.warn("PVP2 Metadata can not be signed", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +			 +		} catch (TransformerConfigurationException e) { +			log.warn("PVP2 Metadata createn error", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +			 +		} catch (TransformerFactoryConfigurationError e) { +			log.warn("PVP2 Metadata createn error", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +			 +		} catch (TransformerException e) { +			log.warn("PVP2 Metadata createn error", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +		} +		 +		catch (Exception e) { +			log.warn("Unspecific PVP2 Metadata createn error", e); +			throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); +		} + +	} + +	/** +	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse +	 *      response) +	 */ +	protected void doPost(HttpServletRequest request, +			HttpServletResponse response) throws ServletException, IOException { +	} + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java new file mode 100644 index 000000000..d08354c43 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.util.Iterator; + +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.x509.BasicX509Credential; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; + +public class MetaDataVerificationFilter implements MetadataFilter { + +	BasicX509Credential credential; +	 +	public MetaDataVerificationFilter(BasicX509Credential credential) { +		this.credential = credential; +	} +	 +	 +	public void doFilter(XMLObject metadata) throws FilterException { +		if (metadata instanceof EntitiesDescriptor) { +			EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; +			 +			if(entitiesDescriptor.getSignature() == null) { +				throw new FilterException("Root element of metadata file has to be signed", null); +			} +			try { +				processEntitiesDescriptor(entitiesDescriptor); +				 +			} catch (MOAIDException e) { +				throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); +			} +		} +	} +	 +	private void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException { +		Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); +		 +		if(desc.getSignature() != null) { +			EntityVerifier.verify(desc, this.credential); +		} +		 +		while(entID.hasNext()) { +			processEntitiesDescriptor(entID.next()); +		} +		 +		Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); +		 +		while(entIT.hasNext()) { +			EntityDescriptor entity = entIT.next(); +			if (entity.getSignature() != null) +				EntityVerifier.verify(entity); +		} +	} +	 +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index aeadbd0bb..f08632d83 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -1,24 +1,55 @@  package at.gv.egovernment.moa.id.configuration.config; +import iaik.x509.X509Certificate; +  import java.io.File;  import java.io.FileInputStream;  import java.io.FileNotFoundException;  import java.io.IOException; +import java.io.InputStream; +import java.net.MalformedURLException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException;  import java.util.Properties; +import java.util.Timer; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.log4j.Logger; +import org.opensaml.DefaultBootstrap; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.x509.BasicX509Credential;  import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;  import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; -import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; +import at.gv.egovernment.moa.util.MiscUtil;  public class ConfigurationProvider { +	private static final Logger log = Logger.getLogger(ConfigurationProvider.class); +	  	private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig";  	private static ConfigurationProvider instance;  	private Properties props;  	private String configFileName; +	private String configRootDir; +	 +	private HTTPMetadataProvider idpMetadataProvider = null; +	private KeyStore keyStore = null; +	 +	private String publicURLPreFix = null; +	 +	private boolean pvp2logininitialzied = false;  	public static ConfigurationProvider getInstance() throws ConfigurationException {  		if (instance == null) { @@ -39,10 +70,14 @@ public class ConfigurationProvider {  	    if (configFileName == null) {  	        throw new ConfigurationException("config.01");  	    } -	    Logger.info("Loading MOA-ID-AUTH configuration " + configFileName); +	     +		// determine the directory of the root config file +	    configRootDir = new File(configFileName).getParent();	 +	     +	    log.info("Loading MOA-ID-AUTH configuration " + configFileName);  		//Initial Hibernate Framework -		Logger.trace("Initializing Hibernate framework."); +		log.trace("Initializing Hibernate framework.");  		//Load MOAID-2.0 properties file  		File propertiesFile = new File(configFileName); @@ -60,26 +95,349 @@ public class ConfigurationProvider {  				//Initial config Database  				ConfigurationDBUtils.initHibernate(props);			  			  } -			Logger.trace("Hibernate initialization finished."); +			log.trace("Hibernate initialization finished."); +			DefaultBootstrap.bootstrap(); +			log.info("OPENSAML initialized"); + +			//TODO: start CleanUP Thread +			UserRequestCleaner.start(); -				 +							  		} catch (FileNotFoundException e) {  			throw new ConfigurationException("config.01", e); +			  		} catch (IOException e) {  			throw new ConfigurationException("config.02", e); +			  		} catch (MOADatabaseException e) {  			throw new ConfigurationException("config.03", e); +			 +		} catch (org.opensaml.xml.ConfigurationException e) { +			throw new ConfigurationException("config.04", e);  		}  	} +	public String getPublicUrlPreFix(HttpServletRequest request) { +		publicURLPreFix = props.getProperty("general.publicURLContext"); +		 +		if (MiscUtil.isEmpty(publicURLPreFix) && request != null) { +			String url = request.getRequestURL().toString(); +			String contextpath = request.getContextPath(); +			int index = url.indexOf(contextpath); +			publicURLPreFix = url.substring(0, index + contextpath.length() + 1); +		}  +		 +		return publicURLPreFix; +	} +	 +	public int getUserRequestCleanUpDelay() { +		String delay = props.getProperty("general.userrequests.cleanup.delay"); +		return Integer.getInteger(delay, 12); +	} +	 +	public String getContactMailAddress() { +		return props.getProperty("general.contact.mail"); +	} +	 +	public String getSSOLogOutURL() { +		return props.getProperty("general.login.pvp2.idp.sso.logout.url"); +	} +	 +	public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException { +		if (keyStore == null) { +			String keystoretype = getPVP2MetadataKeystoreType(); +			if (MiscUtil.isEmpty(keystoretype)) { +				log.debug("No KeyStoreType defined. Using default KeyStoreType."); +				keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); +				 +			} else { +				log.debug("Using " + keystoretype + " KeyStoreType."); +				keyStore = KeyStore.getInstance(keystoretype); + +			} +			 +			 +			String file = getPVP2MetadataKeystoreURL();	 +			log.debug("Load KeyStore from URL " + file); +			if (MiscUtil.isEmpty(file)) { +				log.info("Metadata KeyStoreURL is empty"); +				throw new ConfigurationException("Metadata KeyStoreURL is empty"); +			} +			 +			FileInputStream inputStream = new FileInputStream(file); +			keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray()); +			inputStream.close(); +		} +		 +		return keyStore; +		 +	} + +	public String getConfigFile() { +		return configFileName; +	} +	 +	public String getConfigRootDir() { +		return configRootDir; +	} +	  	public boolean isLoginDeaktivated() {  		String result = props.getProperty("general.login.deaktivate", "false");  		return Boolean.parseBoolean(result);  	} -	public String getConfigFile() { -		return configFileName; +	public boolean isOATargetVerificationDeaktivated() { +		String result = props.getProperty("general.OATargetVerification.deaktivate", "false"); +		return Boolean.parseBoolean(result); +	} +	 +	//PVP2 Login configuration +	 +	public void initializePVP2Login() throws ConfigurationException { +		if (!pvp2logininitialzied) +			initalPVP2Login(); +	} +	 +	public boolean isPVP2LoginActive() { +		if (!pvp2logininitialzied) +			return false; +		 +		String result = props.getProperty("general.login.pvp2.isactive", "false"); +		return Boolean.parseBoolean(result); +	} +	 +	public boolean isPVP2LoginBusinessService() { +		String result = props.getProperty("general.login.pvp2.isbusinessservice", "false"); +		return Boolean.parseBoolean(result); +	}	 +	 +	public String getPVP2LoginTarget() { +		return props.getProperty("general.login.pvp2.target"); +	} + +	public String getPVP2LoginIdenificationValue() { +		return props.getProperty("general.login.pvp2.identificationvalue"); +	} +	 +	public String getPVP2MetadataEntitiesName() { +		return props.getProperty("general.login.pvp2.metadata.entities.name"); +	} +	 +	public String getPVP2MetadataKeystoreURL() { +		return props.getProperty("general.login.pvp2.keystore.url"); +	} +	 +	public String getPVP2MetadataKeystorePassword() { +		return props.getProperty("general.login.pvp2.keystore.password"); +	} +	 +	public String getPVP2MetadataKeystoreType() { +		return props.getProperty("general.login.pvp2.keystore.type"); +	} + +	public String getPVP2KeystoreMetadataKeyAlias() { +		return props.getProperty("general.login.pvp2.keystore.metadata.key.alias"); +	} +	 +	public String getPVP2KeystoreMetadataKeyPassword() { +		return props.getProperty("general.login.pvp2.keystore.metadata.key.password"); +	} +	 +	public String getPVP2KeystoreAuthRequestKeyAlias() { +		return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias"); +	} +	 +	public String getPVP2KeystoreAuthRequestKeyPassword() { +		return props.getProperty("general.login.pvp2.keystore.authrequest.key.password"); +	} +	 +	public String getPVP2IDPMetadataURL() { +		return props.getProperty("general.login.pvp2.idp.metadata.url"); +	} +	 +	public String getPVP2IDPMetadataCertificate() { +		return props.getProperty("general.login.pvp2.idp.metadata.certificate"); +	} +	 +	public String getPVP2IDPMetadataEntityName() { +		return props.getProperty("general.login.pvp2.idp.metadata.entityID"); +	} +	 +	public HTTPMetadataProvider getMetaDataProvier() { +		return idpMetadataProvider; +	} +	 +	 +	//SMTP Server +	public String getSMTPMailHost() { +		return props.getProperty("general.mail.host"); +	} +	 +	public String getSMTPMailPort() { +		return props.getProperty("general.mail.host.port"); +	} +	 +	public String getSMTPMailUsername() { +		return props.getProperty("general.mail.host.username"); +	} +	 +	public String getSMTPMailPassword() { +		return props.getProperty("general.mail.host.password"); +	} +	 +	//Mail Configuration +	public String getMailFromName() { +		return props.getProperty("general.mail.from.name"); +	} +	 +	public String getMailFromAddress() { +		return props.getProperty("general.mail.from.address"); +	} +	 +	public String getMailUserAcountVerificationSubject() { +		return props.getProperty("general.mail.useraccountrequest.verification.subject"); +	} +	 +	public String getMailUserAcountVerificationTemplate() throws ConfigurationException { +		String url = props.getProperty("general.mail.useraccountrequest.verification.template"); +		 +		if (MiscUtil.isNotEmpty(url)) { +			if (url.startsWith(Constants.FILEPREFIX)) +				return url; +			 +			else +				return configRootDir + "/" + url; +					 +		} else { +			log.warn("MailUserAcountVerificationTemplate is empty"); +			throw new ConfigurationException("MailUserAcountVerificationTemplate is empty"); +			 +		} +	} +	 +	public String getMailUserAcountActivationSubject() { +		return props.getProperty("general.mail.useraccountrequest.isactive.subject"); +	} +	 +	public String getMailUserAcountActivationTemplate() throws ConfigurationException { +		String url = props.getProperty("general.mail.useraccountrequest.isactive.template"); +		 +		if (MiscUtil.isNotEmpty(url)) { +			if (url.startsWith(Constants.FILEPREFIX)) +				return url; +			 +			else +				return configRootDir + "/" + url; +					 +		} else { +			log.warn("MailUserAcountVerificationTemplate is empty"); +			throw new ConfigurationException("MailUserAcountActivationTemplate is empty"); +			 +		} +	} +	 +	public String getMailOAActivationSubject() { +		return props.getProperty("general.mail.createOArequest.isactive.subject"); +	} +	 +	public String getMailOAActivationTemplate() throws ConfigurationException { +		String url = props.getProperty("general.mail.createOArequest.isactive.template"); +		 +		if (MiscUtil.isNotEmpty(url)) { +			if (url.startsWith(Constants.FILEPREFIX)) +				return url; +			 +			else +				return configRootDir + "/" + url; +					 +		} else { +			log.warn("MailOAActivationTemplate is empty"); +			throw new ConfigurationException("MailOAActivationTemplate is empty"); +			 +		} +	} +	 +	public String getMailUserAcountRevocationTemplate() throws ConfigurationException { +		String url = props.getProperty("general.mail.useraccountrequest.rejected.template"); +		 +		if (MiscUtil.isNotEmpty(url)) { +			if (url.startsWith(Constants.FILEPREFIX)) +				return url; +			 +			else +				return configRootDir + "/" + url; +					 +		} else { +			log.warn("MailUserAcountVerificationTemplate is empty"); +			throw new ConfigurationException("MailUserAcountRevocationTemplate is empty"); +			 +		} +	} +	 +	public String getMailAdminSubject() { +		return props.getProperty("general.mail.admin.subject"); +	} +	 +	public String getMailAdminTemplate() throws ConfigurationException { +		String url = props.getProperty("general.mail.admin.adresses.template"); +		 +		if (MiscUtil.isNotEmpty(url)) { +			if (url.startsWith(Constants.FILEPREFIX)) +				return url; +			 +			else +				return configRootDir + "/" + url; +					 +		} else { +			log.warn("MailUserAcountVerificationTemplate is empty"); +			throw new ConfigurationException("MailAdminTemplate is empty"); +			 +		} +	} + +	public String getMailAdminAddress() { +		return props.getProperty("general.mail.admin.adress"); +	} +	 +	 +	private void initalPVP2Login() throws ConfigurationException { +		try { +					 +			String metadataCert = getPVP2IDPMetadataCertificate(); +			if (MiscUtil.isEmpty(metadataCert)) { +				log.info("NO IDP Certificate to verify IDP Metadata"); +				throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); +			} +			 +			InputStream certstream = new FileInputStream(metadataCert); +			X509Certificate cert = new X509Certificate(certstream); +			BasicX509Credential idpCredential = new BasicX509Credential(); +			idpCredential.setEntityCertificate(cert); +			 +			log.debug("IDP Certificate loading finished"); +			 +			String metadataurl = getPVP2IDPMetadataURL(); +			if (MiscUtil.isEmpty(metadataurl)) { +				log.info("NO IDP Metadata URL."); +				throw new ConfigurationException("NO IDP Metadata URL."); +			} +						 +			idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl);   +			idpMetadataProvider.setRequireValidMetadata(true);   +			idpMetadataProvider.setParserPool(new BasicParserPool()); +			idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); +			idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12 ); //refresh Metadata every 12h +			idpMetadataProvider.initialize();  +						 +			pvp2logininitialzied = true; +			 +		} catch (Exception e) { +			log.warn("PVP2 authentification can not be initialized."); +			throw new ConfigurationException("PVP2 authentification can not be initialized.", e); +		} +		 +		  	}  } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java new file mode 100644 index 000000000..d0b108e1e --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.configuration.data; + +public class GeneralStorkConfig { + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java new file mode 100644 index 000000000..b1857aea1 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.configuration.data; + +public class StorkAttributes { + + +	public AttributValues eIdentifier; +	 +	 +	public void parse() { +		eIdentifier = AttributValues.MANDATORY; +	} +	 +	 +	public enum AttributValues { +		MANDATORY, OPTIONAL, NOT; +		 +		public String getValue() { +			if (this == MANDATORY) +				return MANDATORY.name(); +			if (this == OPTIONAL) +				return OPTIONAL.name(); +			else +				return NOT.name(); +		} +	} +	 +} + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java index 881cdf277..ab08b458a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java @@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.configuration.data;  import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;  import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.util.data.BPK;  public class UserDatabaseFrom { @@ -18,10 +17,14 @@ public class UserDatabaseFrom {  	private boolean active = false;  	private boolean admin = false;  	private boolean passwordActive; +	private boolean isusernamepasswordallowed = false; +	private boolean isadminrequest = true; +	private boolean ismandateuser = false; +	private boolean isPVPGenerated;   	private String userID = null;  	public UserDatabaseFrom() { -		 +  	}  	public UserDatabaseFrom(UserDatabase db) { @@ -41,6 +44,26 @@ public class UserDatabaseFrom {  		active = db.isIsActive();  		admin = db.isIsAdmin(); +		if (db.isIsUsernamePasswordAllowed() != null) +			isusernamepasswordallowed = db.isIsUsernamePasswordAllowed(); +		else +			isusernamepasswordallowed = true; +		 +		if (db.isIsAdminRequest() != null) +			isadminrequest = db.isIsAdminRequest(); +		else +			isadminrequest = false; +		 +		if (db.isIsMandateUser() != null) +			ismandateuser = db.isIsMandateUser(); +		else +			ismandateuser = false; +		 +		if (db.isIsPVP2Generated() != null) +			isPVPGenerated = db.isIsPVP2Generated(); +		else +			isPVPGenerated = false; +		  		userID = String.valueOf(db.getHjid());  	} @@ -247,7 +270,62 @@ public class UserDatabaseFrom {  	public void setPassword_second(String password_second) {  		this.password_second = password_second;  	} + +	/** +	 * @return the isusernamepasswordallowed +	 */ +	public boolean isIsusernamepasswordallowed() { +		return isusernamepasswordallowed; +	} + +	/** +	 * @param isusernamepasswordallowed the isusernamepasswordallowed to set +	 */ +	public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) { +		this.isusernamepasswordallowed = isusernamepasswordallowed; +	} + +	/** +	 * @return the ismandateuser +	 */ +	public boolean isIsmandateuser() { +		return ismandateuser; +	} +	/** +	 * @param ismandateuser the ismandateuser to set +	 */ +	public void setIsmandateuser(boolean ismandateuser) { +		this.ismandateuser = ismandateuser; +	} + +	/** +	 * @return the isadminrequest +	 */ +	public boolean isIsadminrequest() { +		return isadminrequest; +	} + +	/** +	 * @param isadminrequest the isadminrequest to set +	 */ +	public void setIsadminrequest(boolean isadminrequest) { +		this.isadminrequest = isadminrequest; +	} + +	/** +	 * @return the isPVPGenerated +	 */ +	public boolean isPVPGenerated() { +		return isPVPGenerated; +	} + +	/** +	 * @param isPVPGenerated the isPVPGenerated to set +	 */ +	public void setPVPGenerated(boolean isPVPGenerated) { +		this.isPVPGenerated = isPVPGenerated; +	}  } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index 57ae4863a..2b4ea53c1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -1,9 +1,11 @@  package at.gv.egovernment.moa.id.configuration.data.oa;  import java.util.ArrayList; +import java.util.Arrays;  import java.util.HashMap;  import java.util.List;  import java.util.Map; +import java.util.Set;  import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;  import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; @@ -18,6 +20,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;  import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;  import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;  import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.validation.TargetValidator;  import at.gv.egovernment.moa.util.MiscUtil; @@ -35,19 +38,21 @@ public class OAGeneralConfig {  	private boolean businessService = false;  	private String target = null; +	private String target_subsector = null; +	private String target_admin = null; +	private static List<String> targetList = null;  	private String targetFriendlyName = null; +	private boolean isAdminTarget = false;  	private String identificationNumber = null;  	private String identificationType = null; +	private static List<String> identificationTypeList = null;  	private String aditionalAuthBlockText = null;  	private String mandateProfiles = null;  	private boolean isActive = false; -	private String slVersion = null; -	private boolean useIFrame = false; -	private boolean useUTC = false;  	private boolean calculateHPI = false;  	private String keyBoxIdentifier = null; @@ -56,6 +61,8 @@ public class OAGeneralConfig {  	private boolean legacy = false;  	List<String> SLTemplates = null; +	private boolean isHideBPKAuthBlock = false; +	  	private Map<String, byte[]> transformations; @@ -69,6 +76,14 @@ public class OAGeneralConfig {  		 bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL;  		 bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; + +		 targetList = TargetValidator.getListOfTargets(); +		 target = ""; + +		 identificationTypeList = Arrays.asList( +				 Constants.IDENIFICATIONTYPE_FN, +				 Constants.IDENIFICATIONTYPE_ZVR, +				 Constants.IDENIFICATIONTYPE_ERSB);  	} @@ -81,8 +96,32 @@ public class OAGeneralConfig {  		keyBoxIdentifier = dbOAConfig.getKeyBoxIdentifier().value();		  		identifier = dbOAConfig.getPublicURLPrefix(); -		target = dbOAConfig.getTarget(); -		targetFriendlyName = dbOAConfig.getTargetFriendlyName(); +		 +		String target_full = dbOAConfig.getTarget(); +		 +		if (MiscUtil.isNotEmpty(target_full)) { +			String[] target_split = target_full.split("-"); + +			if (TargetValidator.isValidTarget(target_full)) { +				target = dbOAConfig.getTarget(); +				if (target_split.length > 1) +					target_subsector = target_split[1]; +				 +			} else { +				if (TargetValidator.isValidTarget(target_split[0])) { +					target = target_split[0]; +					if (target_split.length > 1) +						target_subsector = target_split[1]; +					 +				} else { +					target = ""; +					target_subsector = null; +					target_admin = target_full; +					isAdminTarget = true; +				} +			} +			targetFriendlyName = dbOAConfig.getTargetFriendlyName(); +		}  		if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE))  			businessService = true; @@ -127,7 +166,15 @@ public class OAGeneralConfig {  			IdentificationNumber idnumber = oaauth.getIdentificationNumber();  			if (idnumber != null) { -				identificationNumber = idnumber.getValue(); +				String number = idnumber.getValue(); +				if (MiscUtil.isNotEmpty(number)) { +					String[] split = number.split("\\+"); +				 +					if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { +						identificationType = split[1]; +						identificationNumber = split[2]; +					} +				}  			}  			Mandates mandates = oaauth.getMandates(); @@ -135,8 +182,6 @@ public class OAGeneralConfig {  				mandateProfiles = mandates.getProfiles();  			} -			slVersion = oaauth.getSlVersion(); -			  			TemplatesType templates = oaauth.getTemplates();  			if (templates != null) {  				aditionalAuthBlockText = templates.getAditionalAuthBlockText(); @@ -162,11 +207,9 @@ public class OAGeneralConfig {  				transformations.put(el.getFilename(), el.getTransformation());  			} -			 useIFrame = oaauth.isUseIFrame(); -			 useUTC = oaauth.isUseUTC();  		} -		 +		isHideBPKAuthBlock = dbOAConfig.isRemoveBPKFromAuthBlock();  	} @@ -243,30 +286,6 @@ public class OAGeneralConfig {  		this.isActive = isActive;  	} -	public String getSlVersion() { -		return slVersion; -	} - -	public void setSlVersion(String slVersion) { -		this.slVersion = slVersion; -	} - -	public boolean isUseIFrame() { -		return useIFrame; -	} - -	public void setUseIFrame(boolean useIFrame) { -		this.useIFrame = useIFrame; -	} - -	public boolean isUseUTC() { -		return useUTC; -	} - -	public void setUseUTC(boolean useUTC) { -		this.useUTC = useUTC; -	} -  	public boolean isBusinessService() {  		return businessService;  	} @@ -461,6 +480,84 @@ public class OAGeneralConfig {  		SLTemplates.add(sLTemplateURL3);  	} -	 + +	/** +	 * @return the target_subsector +	 */ +	public String getTarget_subsector() { +		return target_subsector; +	} + + +	/** +	 * @param target_subsector the target_subsector to set +	 */ +	public void setTarget_subsector(String target_subsector) { +		this.target_subsector = target_subsector; +	} + + +	/** +	 * @return the target_admin +	 */ +	public String getTarget_admin() { +		return target_admin; +	} + + +	/** +	 * @param target_admin the target_admin to set +	 */ +	public void setTarget_admin(String target_admin) { +		this.target_admin = target_admin; +	} + + +	/** +	 * @return the targetList +	 */ +	public List<String> getTargetList() { +		return targetList; +	} + + +	/** +	 * @return the identificationTypeList +	 */ +	public List<String> getIdentificationTypeList() { +		return identificationTypeList; +	} + + +	/** +	 * @return the isAdminTarget +	 */ +	public boolean isAdminTarget() { +		return isAdminTarget; +	} + + +	/** +	 * @param isAdminTarget the isAdminTarget to set +	 */ +	public void setAdminTarget(boolean isAdminTarget) { +		this.isAdminTarget = isAdminTarget; +	} + + +	/** +	 * @return the isHideBPKAuthBlock +	 */ +	public boolean isHideBPKAuthBlock() { +		return isHideBPKAuthBlock; +	} + + +	/** +	 * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set +	 */ +	public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { +		this.isHideBPKAuthBlock = isHideBPKAuthBlock; +	}  } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java index e83bf6997..0c78f996c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java @@ -1,5 +1,7 @@  package at.gv.egovernment.moa.id.configuration.exception; +import javax.mail.MessagingException; +  import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;  public class ConfigurationException extends Exception { @@ -14,4 +16,8 @@ public class ConfigurationException extends Exception {  		super(LanguageHelper.getErrorString(errorname), e);  	} +	public ConfigurationException(Throwable e) { +		super(e); +	} +  } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index 7dac458ca..9f81e1212 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -129,7 +129,7 @@ public class AuthenticationFilter implements Filter{  				if (authuser == null) { -					authuser = new AuthenticatedUser(0, "Max", "TestUser", "maxtestuser", true, true); +					authuser = new AuthenticatedUser(0, "Max", "TestUser", null, "maxtestuser", true, true, false, false);  					//authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false);  					httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser);  				} @@ -184,7 +184,7 @@ public class AuthenticationFilter implements Filter{  			filterchain.doFilter(req, resp);  		} catch (Exception e) { -			 +						  //			String redirectURL = "./index.action";  //			HttpServletResponse httpResp = (HttpServletResponse) resp;  //			redirectURL = httpResp.encodeRedirectURL(redirectURL); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java new file mode 100644 index 000000000..aed20ce9e --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.configuration.helper; + +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.util.MiscUtil; + +public class DateTimeHelper { + +	private static final Logger log = Logger.getLogger(DateTimeHelper.class); +	 +	private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm"; +	 +	public static String getDateTime(Date date) { +		SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); +		return f.format(date); +	} +	 +	public static Date parseDateTime(String date) { +		SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); +		 +		if (MiscUtil.isNotEmpty(date)) { +		 +			try { +				return f.parse(date); +			 +			} catch (ParseException e) { +				log.warn("Parse DATETIME String " + date + " failed", e); +				 +			} +		} +		return null; +	} +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java new file mode 100644 index 000000000..d2814f6a6 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -0,0 +1,53 @@ +package at.gv.egovernment.moa.id.configuration.helper; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.OAListElement; + +public class FormDataHelper { + +	public static ArrayList<OAListElement> addFormOAs(List<OnlineApplication> dbOAs) { +		 +		ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>(); + +		for (OnlineApplication dboa : dbOAs) { +			OAListElement listoa = new OAListElement(); +			listoa.setActive(dboa.isIsActive()); +			listoa.setDataBaseID(dboa.getHjid()); +			listoa.setOaFriendlyName(dboa.getFriendlyName()); +			listoa.setOaIdentifier(dboa.getPublicURLPrefix()); +			listoa.setOaType(dboa.getType()); +			formOAs.add(listoa); +		} +		 +		return formOAs; +	} +	 +	public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) { +		ArrayList<AuthenticatedUser> userlist = new ArrayList<AuthenticatedUser>(); +		 +		for (UserDatabase dbuser : dbuserlist) { +			 +			boolean ismandate = false; +			if (dbuser.isIsMandateUser() != null) +				ismandate = dbuser.isIsMandateUser(); +			 +			 +			userlist.add(new AuthenticatedUser( +					dbuser.getHjid(),  +					dbuser.getGivenname(),  +					dbuser.getFamilyname(), +					dbuser.getInstitut(), +					dbuser.getUsername(), +					dbuser.isIsActive(),  +					dbuser.isIsAdmin(), +					ismandate, +					false)); +		} +		return userlist; +	} +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java new file mode 100644 index 000000000..3081f3929 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java @@ -0,0 +1,254 @@ +package at.gv.egovernment.moa.id.configuration.helper; + +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; +import java.text.SimpleDateFormat; +import java.util.Date; +import java.util.Properties; + +import javax.mail.BodyPart; +import javax.mail.Message; +import javax.mail.MessagingException; +import javax.mail.Session; +import javax.mail.Transport; +import javax.mail.internet.InternetAddress; +import javax.mail.internet.MimeBodyPart; +import javax.mail.internet.MimeMessage; +import javax.mail.internet.MimeMultipart; + +import org.apache.commons.io.IOUtils; +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.util.MiscUtil; + +public class MailHelper { + +	private static final Logger log = Logger.getLogger(MailHelper.class); + +	private static final String PATTERN_GIVENNAME = "#GIVENNAME#"; +	private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#"; +	private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#"; +	private static final String PATTERN_DATE = "#TODAY_DATE#"; +	private static final String PATTERN_OPENOAS = "#NUMBER_OAS#"; +	private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#"; +	private static final String PATTERN_OANAME = "#OANAME#"; +	 +	public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException { +		 +		ConfigurationProvider config = ConfigurationProvider.getInstance(); +		String templateurl = config.getMailUserAcountVerificationTemplate(); +		 +		String template = readTemplateFromURL(templateurl); +		 +		if (userdb.isIsMandateUser()) { +			template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); +			template = template.replace(PATTERN_FAMILYNAME, ""); +			 +		} else { +			template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); +			template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); +		} +		 +		SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");	 +		template = template.replace(PATTERN_DATE, dateformat.format(new Date())); +		 +		String verificationURL = config.getPublicUrlPreFix(null); +		 +		if (!verificationURL.endsWith("/")) +			verificationURL = verificationURL + "/"; +		 +		verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION +  +				"?" + Constants.REQUEST_USERREQUESTTOKKEN + +				"=" + userdb.getUserRequestTokken(); +		template = template.replace(PATTERN_URL, verificationURL); +		 +		sendMail(config, config.getMailUserAcountVerificationSubject(),  +				userdb.getMail(), template); +		 +	} +	 +	public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException { +		ConfigurationProvider config = ConfigurationProvider.getInstance(); +		String templateurl = config.getMailAdminTemplate(); +		 +		String template = readTemplateFromURL(templateurl); +		template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs)); +		template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers)); +		 +		SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");	 +		template = template.replace(PATTERN_DATE, dateformat.format(new Date())); +		 +		sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template); +		 +	} +	 +	public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, String mailurl) throws ConfigurationException { +		ConfigurationProvider config = ConfigurationProvider.getInstance(); +		String templateurl = config.getMailUserAcountActivationTemplate(); +		 +		String template = readTemplateFromURL(templateurl); +		if (MiscUtil.isNotEmpty(institut)) { +			template = template.replace(PATTERN_GIVENNAME, institut); +			template = template.replace(PATTERN_FAMILYNAME, ""); +			 +		} else { +			template = template.replace(PATTERN_GIVENNAME, givenname); +			template = template.replace(PATTERN_FAMILYNAME, familyname); +		} +			 +		 +		SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");	 +		template = template.replace(PATTERN_DATE, dateformat.format(new Date())); +		 +		String verificationURL = config.getPublicUrlPreFix(null); +		if (!verificationURL.endsWith("/")) +			verificationURL = verificationURL + "/"; +		 +		template = template.replace(PATTERN_URL, verificationURL); +		 +		sendMail(config, config.getMailUserAcountActivationSubject(),  +				mailurl, template); +	} +	 +	public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, String institut, String oaname, String mailurl) throws ConfigurationException { +		ConfigurationProvider config = ConfigurationProvider.getInstance(); +		String templateurl = config.getMailOAActivationTemplate(); +		 +		String template = readTemplateFromURL(templateurl); +		if (MiscUtil.isNotEmpty(institut)) { +			template = template.replace(PATTERN_GIVENNAME, institut); +			template = template.replace(PATTERN_FAMILYNAME, ""); +			 +		} else { +			template = template.replace(PATTERN_GIVENNAME, givenname); +			template = template.replace(PATTERN_FAMILYNAME, familyname); +		} +			 +		template = template.replace(PATTERN_OANAME, oaname); +		 +		SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");	 +		template = template.replace(PATTERN_DATE, dateformat.format(new Date())); +		 +		String verificationURL = config.getPublicUrlPreFix(null); +		if (!verificationURL.endsWith("/")) +			verificationURL = verificationURL + "/"; +		 +		template = template.replace(PATTERN_URL, verificationURL); +		 +		sendMail(config, config.getMailOAActivationSubject(),  +				mailurl, template); +	} +	 +	public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException { +		ConfigurationProvider config = ConfigurationProvider.getInstance(); +		String templateurl = config.getMailUserAcountRevocationTemplate(); +		 +		String template = readTemplateFromURL(templateurl); +		 +		if (userdb.isIsMandateUser()) { +			template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); +			template = template.replace(PATTERN_FAMILYNAME, ""); +			 +		} else { +			template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); +			template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); +		} +		 +		SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");	 +		template = template.replace(PATTERN_DATE, dateformat.format(new Date())); +				 +		sendMail(config, config.getMailUserAcountActivationSubject(),  +				userdb.getMail(), template); +	} +	 +	private static String readTemplateFromURL(String templateurl) throws ConfigurationException { +		InputStream input; +		try { +			File file = new File(templateurl); +			input = new  FileInputStream(file); +			StringWriter writer = new StringWriter(); +			IOUtils.copy(input, writer); +			input.close(); +			return writer.toString(); +			 +		} catch (Exception e)  { +			log.warn("Mailtemplate can not be read from source" + templateurl); +			throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl); +			 +		} +	} +	 +	private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) throws ConfigurationException { +		try { +			log.debug("Sending mail."); +			MiscUtil.assertNotNull(subject, "subject"); +			MiscUtil.assertNotNull(recipient, "recipient"); +			MiscUtil.assertNotNull(content, "content"); +						 +			Properties props = new Properties(); +			props.setProperty("mail.transport.protocol", "smtp"); +			props.setProperty("mail.host", config.getSMTPMailHost()); +			log.trace("Mail host: " + config.getSMTPMailHost()); +			if (config.getSMTPMailPort() != null) { +				log.trace("Mail port: " + config.getSMTPMailPort()); +				props.setProperty("mail.port", config.getSMTPMailPort()); +			} +			if (config.getSMTPMailUsername() != null) { +				log.trace("Mail user: " + config.getSMTPMailUsername()); +				props.setProperty("mail.user", config.getSMTPMailUsername()); +			} +			if (config.getSMTPMailPassword() != null) { +				log.trace("Mail password: " + config.getSMTPMailPassword()); +				props.setProperty("mail.password", config.getSMTPMailPassword()); +			} +	     +			Session mailSession = Session.getDefaultInstance(props, null); +			Transport transport = mailSession.getTransport(); +	 +			MimeMessage message = new MimeMessage(mailSession); +			message.setSubject(subject); +			log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress()); +			message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName())); +			log.trace("Recipient: " + recipient); +			message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient)); +	     +			log.trace("Creating multipart content of mail."); +			MimeMultipart multipart = new MimeMultipart("related"); +	     +			log.trace("Adding first part (html)"); +			BodyPart messageBodyPart = new MimeBodyPart(); +			messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15"); +			multipart.addBodyPart(messageBodyPart); +	 +//			log.trace("Adding mail images"); +//			messageBodyPart = new MimeBodyPart(); +//			for (Image image : images) { +//				messageBodyPart.setDataHandler(new DataHandler(image)); +//				messageBodyPart.setHeader("Content-ID", "<" + image.getContentId() + ">"); +//				multipart.addBodyPart(messageBodyPart); +//			} +			 +			message.setContent(multipart); +			transport.connect(); +			log.trace("Sending mail message."); +			transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO)); +			log.trace("Successfully sent."); +			transport.close(); +			 +		} catch(MessagingException e) { +			throw new ConfigurationException(e); +			 +		} catch (UnsupportedEncodingException e) { +			throw new ConfigurationException(e); +			 +		} +	} +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 3f6005b97..bad522a4b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -10,6 +10,7 @@ import java.util.Set;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession;  import org.apache.log4j.Logger;  import org.apache.struts2.interceptor.ServletRequestAware; @@ -53,6 +54,7 @@ import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;  import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;  import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator;  import at.gv.egovernment.moa.id.configuration.validation.moaconfig.PVP2ContactValidator; +import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.util.MiscUtil;  import com.opensymphony.xwork2.ActionSupport; @@ -67,12 +69,18 @@ public class EditGeneralConfigAction extends ActionSupport  	private HttpServletResponse response;  	private AuthenticatedUser authUser;  -	  	private GeneralMOAIDConfig moaconfig; +	private String formID; +	  	public String loadConfig() { +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj;  		if (authUser.isAdmin()) { @@ -84,6 +92,9 @@ public class EditGeneralConfigAction extends ActionSupport  			ConfigurationDBUtils.closeSession(); +			formID = Random.nextRandom(); +			session.setAttribute(Constants.SESSION_FORMID, formID); +			  			return Constants.STRUTS_SUCCESS;  		} else { @@ -93,11 +104,30 @@ public class EditGeneralConfigAction extends ActionSupport  	}  	public String saveConfig() { +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); -		 +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; +		Object formidobj = session.getAttribute(Constants.SESSION_FORMID); +		if (formidobj != null && formidobj instanceof String) { +			String formid = (String) formidobj; +			if (!formid.equals(formID)) { +				log.warn("FormIDs does not match. Some suspect Form is received from user " +						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +				return Constants.STRUTS_ERROR; +			}			 +		} else { +			log.warn("FormIDs does not match. Some suspect Form is received from user " +					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +			return Constants.STRUTS_ERROR; +		} +		session.setAttribute(Constants.SESSION_FORMID, null); +		  		if (authUser.isAdmin()) {  			MOAConfigValidator validator = new MOAConfigValidator(); @@ -109,6 +139,8 @@ public class EditGeneralConfigAction extends ActionSupport  				for (String el : errors)  					addActionError(el);	 +				formID = Random.nextRandom(); +				session.setAttribute(Constants.SESSION_FORMID, formID);  				return Constants.STRUTS_ERROR_VALIDATION;  			} @@ -505,6 +537,20 @@ public class EditGeneralConfigAction extends ActionSupport  	public void setMoaconfig(GeneralMOAIDConfig moaconfig) {  		this.moaconfig = moaconfig;  	} + +	/** +	 * @return the formID +	 */ +	public String getFormID() { +		return formID; +	} + +	/** +	 * @param formID the formID to set +	 */ +	public void setFormID(String formID) { +		this.formID = formID; +	} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 297d80726..8d20fe118 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -8,6 +8,7 @@ import java.util.List;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession;  import org.apache.log4j.Logger;  import org.apache.struts2.interceptor.ServletRequestAware; @@ -38,13 +39,17 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;  import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config;  import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig;  import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;  import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper; +import at.gv.egovernment.moa.id.configuration.validation.TargetValidator;  import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;  import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation;  import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation;  import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation;  import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation;  import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; +import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.util.MiscUtil;  import com.opensymphony.xwork2.ActionSupport; @@ -63,6 +68,9 @@ ServletResponseAware {  	private String oaidobj;  	private boolean newOA; +	private String formID; +	 +	private String nextPage;  	private OAGeneralConfig generalOA = new OAGeneralConfig();  	private OAPVP2Config pvp2OA = new OAPVP2Config(); @@ -72,11 +80,16 @@ ServletResponseAware {  	//STRUTS actions  	public String inital() { +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; - +		  		long oaid = -1;  		if (!ValidationHelper.validateOAID(oaidobj)) { @@ -88,8 +101,15 @@ ServletResponseAware {  		OnlineApplication onlineapplication = null;;  		if (authUser.isAdmin())  			onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); +		  		else {  			UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + +			if (!userdb.isIsMailAddressVerified() && !authUser.isAdmin()) { +				log.info("Online-Applikation managemant disabled. Mail address is not verified."); +				addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); +			} +			  			List<OnlineApplication> oas = userdb.getOnlineApplication();  			for (OnlineApplication oa : oas) {  				if (oa.getHjid() == oaid) { @@ -115,7 +135,10 @@ ServletResponseAware {  		ConfigurationDBUtils.closeSession(); -		request.getSession().setAttribute(Constants.SESSION_OAID, oaid); +		session.setAttribute(Constants.SESSION_OAID, oaid); +		 +		formID = Random.nextRandom(); +		session.setAttribute(Constants.SESSION_FORMID, formID);  		newOA = false; @@ -124,24 +147,66 @@ ServletResponseAware {  	public String newOA() {  		log.debug("insert new Online-Application"); +	 +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +	 +		session.setAttribute(Constants.SESSION_OAID, null); +		nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); -		request.getSession().setAttribute(Constants.SESSION_OAID, null); -		 -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; +		UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); +		if (!userdb.isIsMailAddressVerified() && !authUser.isAdmin()) { +			log.info("Online-Applikation managemant disabled. Mail address is not verified."); +			addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); +		} +		  		newOA = true; +		formID = Random.nextRandom(); +		session.setAttribute(Constants.SESSION_FORMID, formID); +		  		return Constants.STRUTS_OA_EDIT;  	}  	public String saveOA() { - -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; +		Object formidobj = session.getAttribute(Constants.SESSION_FORMID); +		if (formidobj != null && formidobj instanceof String) { +			String formid = (String) formidobj; +			if (!formid.equals(formID)) { +				log.warn("FormIDs does not match. Some suspect Form is received from user " +						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +				return Constants.STRUTS_ERROR; +			}			 +		} else { +			log.warn("FormIDs does not match. Some suspect Form is received from user " +					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +			return Constants.STRUTS_ERROR; +		} +		session.setAttribute(Constants.SESSION_FORMID, null); +		 +		UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); +		if (!authUser.isAdmin() && !userdb.isIsMailAddressVerified()) { +			log.info("Online-Applikation managemant disabled. Mail address is not verified."); +			addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); +			return Constants.STRUTS_SUCCESS; +		} +		  		OnlineApplication onlineapplication = null;  		List<String> errors = new ArrayList<String>(); @@ -170,15 +235,15 @@ ServletResponseAware {  		} else { -			//TODO: oaidentifier has to be a URL according to PVP2.1 specification -			if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { -				log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); +			if (!ValidationHelper.validateURL(oaidentifier)) { +				log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier);  				errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",   						new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));  			} else {  				if (oaid == -1) {  					onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); +					newOA = true;  					if (onlineapplication != null)  {  						log.info("The OAIdentifier is not unique");  						errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); @@ -215,23 +280,108 @@ ServletResponseAware {  			for (String el : errors)  				addActionError(el);	 +			formID = Random.nextRandom(); +			session.setAttribute(Constants.SESSION_FORMID, formID);  			return Constants.STRUTS_ERROR_VALIDATION;  		} else { -			String error = saveOAConfigToDatabase(onlineapplication); +			boolean newentry = false; +			 +			if (onlineapplication == null) { +				onlineapplication = new OnlineApplication(); +				newentry = true; +				onlineapplication.setIsActive(false); +								 +				if (!authUser.isAdmin()) { +					onlineapplication.setIsAdminRequired(true); +				} +				 +			} else { +				if (!authUser.isAdmin() &&  +						!onlineapplication.getPublicURLPrefix(). +						equals(generalOA.getIdentifier())) { +					 +					onlineapplication.setIsAdminRequired(true); +					onlineapplication.setIsActive(false); +					log.info("User with ID " + authUser.getUserID()  +							+ " change OA-PublicURLPrefix. Reaktivation is required."); +				} +				 +			} +			 +			if ( (onlineapplication.isIsAdminRequired() == null) ||  +					(authUser.isAdmin() && generalOA.isActive()  +										&& onlineapplication.isIsAdminRequired()) ) { +				 +				onlineapplication.setIsAdminRequired(false); +				 +				UserDatabase user = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); +				if (user != null) { +					try { +						MailHelper.sendUserOnlineApplicationActivationMail( +								user.getGivenname(),  +								user.getFamilyname(),  +								user.getInstitut(),  +								onlineapplication.getPublicURLPrefix(),  +								user.getMail()); +					} catch (ConfigurationException e) { +						log.warn("Sending Mail to User " + user.getMail() + " failed", e); +					} +				} +				 +			} +			 +			 +			String error = saveOAConfigToDatabase(onlineapplication, newentry);  			if (MiscUtil.isNotEmpty(error)) {  				log.warn("OA configuration can not be stored!"); -				addActionError(error);	 +				addActionError(error); +				 +				formID = Random.nextRandom(); +				session.setAttribute(Constants.SESSION_FORMID, formID);  				return Constants.STRUTS_ERROR_VALIDATION;  			}  		} +		Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);	 +		if (nextPageAttr != null && nextPageAttr instanceof String) { +			nextPage = (String) nextPageAttr; +			session.setAttribute(Constants.SESSION_RETURNAREA, null); +			 +		} else { +			nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); +		} -		request.getSession().setAttribute(Constants.SESSION_OAID, null); -		addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); +		if (onlineapplication.isIsAdminRequired()) { +			int numoas = 0; +			int numusers = 0; +			 +			List<OnlineApplication> openOAs = ConfigurationDBRead.getAllNewOnlineApplications(); +			if (openOAs != null) +				numoas = openOAs.size(); +			 +			List<UserDatabase> openUsers = ConfigurationDBRead.getAllNewUsers(); +			if (openUsers != null) +				numusers = openUsers.size();					 +			try { +				 +				addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request)); +				 +				if (numusers > 0 || numoas > 0) +					MailHelper.sendAdminMail(numoas, numusers); +				 +			} catch (ConfigurationException e) { +				log.warn("Sending Mail to Admin failed.", e); +			} +			 +		} else +			addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request));	 +		 +	 +		request.getSession().setAttribute(Constants.SESSION_OAID, null);  		ConfigurationDBUtils.closeSession();  		return Constants.STRUTS_SUCCESS; @@ -239,7 +389,22 @@ ServletResponseAware {  	public String cancleAndBackOA() { -		request.getSession().setAttribute(Constants.SESSION_OAID, null); +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} + +		Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);	 +		if (nextPageAttr != null && nextPageAttr instanceof String) { +			nextPage = (String) nextPageAttr; +			session.setAttribute(Constants.SESSION_RETURNAREA, null); +			 +		} else { +			nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); +		} +		 +		session.setAttribute(Constants.SESSION_OAID, null);  		addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request)); @@ -249,15 +414,52 @@ ServletResponseAware {  	}  	public String deleteOA() { +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; +		Object formidobj = session.getAttribute(Constants.SESSION_FORMID); +		if (formidobj != null && formidobj instanceof String) { +			String formid = (String) formidobj; +			if (!formid.equals(formID)) { +				log.warn("FormIDs does not match. Some suspect Form is received from user " +						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +				return Constants.STRUTS_ERROR; +			}			 +		} else { +			log.warn("FormIDs does not match. Some suspect Form is received from user " +					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +			return Constants.STRUTS_ERROR; +		} +		session.setAttribute(Constants.SESSION_FORMID, null); +		 +		Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);	 +		if (nextPageAttr != null && nextPageAttr instanceof String) { +			nextPage = (String) nextPageAttr; +			 +		} else { +			nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); +		} +				 +		UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); +		if (!authUser.isAdmin() && !userdb.isIsMailAddressVerified()) { +			log.info("Online-Applikation managemant disabled. Mail address is not verified."); +			addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); +			return Constants.STRUTS_SUCCESS; +		} +		  		String oaidentifier = generalOA.getIdentifier();  		if (MiscUtil.isEmpty(oaidentifier)) {  			log.info("Empty OA identifier");  			addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); +			 +			formID = Random.nextRandom(); +			session.setAttribute(Constants.SESSION_FORMID, formID);  			return Constants.STRUTS_ERROR_VALIDATION;  		} else { @@ -265,6 +467,9 @@ ServletResponseAware {  				log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);  				addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",   						new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); +				 +				formID = Random.nextRandom(); +				session.setAttribute(Constants.SESSION_FORMID, formID);  				return Constants.STRUTS_ERROR_VALIDATION;  			}  		} @@ -310,16 +515,8 @@ ServletResponseAware {  	} -	private String saveOAConfigToDatabase(OnlineApplication dboa) { -		 -		boolean newentry = false; -		 -		if (dboa == null) { -			dboa = new OnlineApplication(); -			newentry = true; -			dboa.setIsActive(false); -		} - +	private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) { +						  		AuthComponentOA authoa = dboa.getAuthComponentOA();  		if (authoa == null) {   			authoa = new AuthComponentOA(); @@ -331,72 +528,134 @@ ServletResponseAware {  		dboa.setFriendlyName(generalOA.getFriendlyName());  		dboa.setCalculateHPI(generalOA.isCalculateHPI()); -		dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); +		dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock()); +		 +		if (authUser.isAdmin()) +			dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); +		else { +			if (newentry) +				dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); +		} +		  		dboa.setPublicURLPrefix(generalOA.getIdentifier());  		if (generalOA.isBusinessService()) {  			dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); +			String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); +			if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) +				num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); +			 +			if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) +				num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); +			 +			if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) +				num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); +			  			IdentificationNumber idnumber = new IdentificationNumber(); -			idnumber.setValue(generalOA.getIdentificationNumber()); +			idnumber.setValue( +					Constants.PREFIX_WPBK +  +					generalOA.getIdentificationType() +  +					"+" +  +					num); +			  			authoa.setIdentificationNumber(idnumber);  		}   		else {  			dboa.setType(null); -			dboa.setTarget(generalOA.getTarget()); -			dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); +			if (authUser.isAdmin()) { +				if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) && +						generalOA.isAdminTarget() ) { +					dboa.setTarget(generalOA.getTarget_admin()); +					dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); +					 +				} else { +					String target_full = generalOA.getTarget(); +					String[] target_split = target_full.split("-"); +					if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector())) +						dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector()); +					else +						dboa.setTarget(target_full); +					 +					String targetname = TargetValidator.getTargetFriendlyName(target_full); +					if (MiscUtil.isNotEmpty(targetname)) +						dboa.setTargetFriendlyName(targetname); +					else  +						dboa.setTargetFriendlyName(TargetValidator.getTargetFriendlyName(target_split[0]));							 +				} +				 +			} else { +				if (MiscUtil.isNotEmpty(generalOA.getTarget())) { +					String target_full = generalOA.getTarget(); +					String[] target_split = target_full.split("-"); +					dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector()); +					 +					if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector())) +						dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector()); +					 +					else +						dboa.setTarget(target_full); +					 +					String targetname = TargetValidator.getTargetFriendlyName(target_full); +					if (MiscUtil.isNotEmpty(targetname)) +						dboa.setTargetFriendlyName(targetname); +					else  +						dboa.setTargetFriendlyName(TargetValidator.getTargetFriendlyName(target_split[0])); +				} +			}			  		}  		BKUURLS bkuruls = new BKUURLS();  		authoa.setBKUURLS(bkuruls); -		bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); -		bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); -		bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); +		if (authUser.isAdmin()) { +			bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); +			bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); +			bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); +		}  		Mandates mandates = new Mandates();  		mandates.setProfiles(generalOA.getMandateProfiles());  		authoa.setMandates(mandates); -		 -		authoa.setSlVersion(generalOA.getSlVersion()); -		authoa.setUseIFrame(generalOA.isUseIFrame()); -		authoa.setUseUTC(generalOA.isUseUTC()); -		 +				  		TemplatesType templates = authoa.getTemplates();  		if (templates == null) {  			templates = new TemplatesType();  			authoa.setTemplates(templates);  		} -		templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); -		List<TemplateType> template = templates.getTemplate(); -		if (generalOA.isLegacy()) { +		if (authUser.isAdmin()) { +			templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); +		 +			List<TemplateType> template = templates.getTemplate(); +			if (generalOA.isLegacy()) { -			if (template == null) -				template = new ArrayList<TemplateType>(); -			else -				template.clear(); +				if (template == null) +					template = new ArrayList<TemplateType>(); +				else +					template.clear(); -			if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { -				TemplateType el = new TemplateType(); -				el.setURL(generalOA.getSLTemplateURL1()); -				template.add(el); -			} -			if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { -				TemplateType el = new TemplateType(); -				el.setURL(generalOA.getSLTemplateURL2()); -				template.add(el); -			} -			if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { -				TemplateType el = new TemplateType(); -				el.setURL(generalOA.getSLTemplateURL3()); -				template.add(el); +				if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { +					TemplateType el = new TemplateType(); +					el.setURL(generalOA.getSLTemplateURL1()); +					template.add(el); +				} +				if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { +					TemplateType el = new TemplateType(); +					el.setURL(generalOA.getSLTemplateURL2()); +					template.add(el); +				} +				if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { +					TemplateType el = new TemplateType(); +					el.setURL(generalOA.getSLTemplateURL3()); +					template.add(el); +				} +				 +			} else { +				if (template != null && template.size() > 0) +					template.clear();  			} -			 -		} else { -			if (template != null && template.size() > 0) -				template.clear();  		}  		//set default transformation if it is empty @@ -609,4 +868,28 @@ ServletResponseAware {  		this.newOA = newOA;  	} +	/** +	 * @return the nextPage +	 */ +	public String getNextPage() { +		return nextPage; +	} + +	/** +	 * @return the formID +	 */ +	public String getFormID() { +		return formID; +	} + +	/** +	 * @param formID the formID to set +	 */ +	public void setFormID(String formID) { +		this.formID = formID; +	} +	 +	 +	 +  } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index 1cb4fa802..d3d00186f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -3,26 +3,21 @@ package at.gv.egovernment.moa.id.configuration.struts.action;  import java.io.File;  import java.io.IOException;  import java.io.InputStream; -import java.io.OutputStream; -import java.io.StringReader;  import java.io.StringWriter; -import java.net.MalformedURLException;  import java.util.List;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession;  import javax.xml.bind.JAXBContext;  import javax.xml.bind.JAXBException;  import javax.xml.bind.Marshaller;  import javax.xml.bind.Unmarshaller; -import javax.xml.transform.Result;  import org.apache.commons.io.IOUtils;  import org.apache.log4j.Logger;  import org.apache.struts2.interceptor.ServletRequestAware;  import org.apache.struts2.interceptor.ServletResponseAware; -import org.hibernate.lob.ReaderInputStream; -import org.w3c.dom.Node;  import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;  import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; @@ -35,7 +30,7 @@ import at.gv.egovernment.moa.id.configuration.Constants;  import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;  import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;  import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.iaik.commons.util.IOUtil; +import at.gv.egovernment.moa.id.util.Random;  import com.opensymphony.xwork2.ActionSupport; @@ -51,6 +46,7 @@ implements ServletRequestAware, ServletResponseAware {  	private HttpServletResponse response;  	private AuthenticatedUser authUser;  +	private String formID;  	private File fileUpload = null;  	private String fileUploadContentType = null; @@ -59,13 +55,20 @@ implements ServletRequestAware, ServletResponseAware {  	private InputStream fileInputStream;  	public String init() { +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); -		 +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj;  		if (authUser.isAdmin()) { -							 +			 +			formID = Random.nextRandom(); +			session.setAttribute(Constants.SESSION_FORMID, formID); +			  			return Constants.STRUTS_SUCCESS;  		} else { @@ -76,16 +79,39 @@ implements ServletRequestAware, ServletResponseAware {  	}  	public String importLegacyConfig() { -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; +		Object formidobj = session.getAttribute(Constants.SESSION_FORMID); +		if (formidobj != null && formidobj instanceof String) { +			String formid = (String) formidobj; +			if (!formid.equals(formID)) { +				log.warn("FormIDs does not match. Some suspect Form is received from user " +						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +				return Constants.STRUTS_ERROR; +			}			 +		} else { +			log.warn("FormIDs does not match. Some suspect Form is received from user " +					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +			return Constants.STRUTS_ERROR; +		} +		session.setAttribute(Constants.SESSION_FORMID, null); +		  		if (authUser.isAdmin()) {  			//load legacy config if it is configured  			if (fileUpload == null) {  				addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); +				 +				formID = Random.nextRandom(); +				session.setAttribute(Constants.SESSION_FORMID, formID);  				return Constants.STRUTS_ERROR_VALIDATION;  			} @@ -97,6 +123,9 @@ implements ServletRequestAware, ServletResponseAware {  			} catch (org.opensaml.xml.ConfigurationException e1) {  				log.info("Legacy configuration has an Import Error", e1);  				addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e1.getMessage()})); +				 +				formID = Random.nextRandom(); +				session.setAttribute(Constants.SESSION_FORMID, formID);  				return Constants.STRUTS_ERROR_VALIDATION;  			}  			log.debug("OpenSAML successfully initialized"); @@ -108,26 +137,24 @@ implements ServletRequestAware, ServletResponseAware {  				try {  					log.warn("WARNING! The legacy import deletes the hole old config"); -					String rootConfigFileDir = new File(ConfigurationProvider.getInstance().getConfigFile()).getParent();	 -					 -					try { -					  rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); -					   -					} catch (MalformedURLException t) { -						log.warn("RootConfiguration Directory is not found"); -						rootConfigFileDir = ""; -					} -					 +					String rootConfigFileDir = ConfigurationProvider.getInstance().getConfigRootDir();	 +										  					moaconfig = BuildFromLegacyConfig.build(fileUpload, rootConfigFileDir, moaidconfig);  				} catch (ConfigurationException e) {  					log.info("Legacy configuration has an Import Error", e);  					addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}));  					ConfigurationDBUtils.closeSession(); +					 +					formID = Random.nextRandom(); +					session.setAttribute(Constants.SESSION_FORMID, formID);  					return Constants.STRUTS_ERROR_VALIDATION;  				} catch (at.gv.egovernment.moa.id.configuration.exception.ConfigurationException e) {  					ConfigurationDBUtils.closeSession(); +					 +					formID = Random.nextRandom(); +					session.setAttribute(Constants.SESSION_FORMID, formID);  					return Constants.STRUTS_ERROR_VALIDATION;  				} @@ -155,6 +182,9 @@ implements ServletRequestAware, ServletResponseAware {  			} catch (MOADatabaseException e) {  				log.warn("General MOA-ID config can not be stored in Database");  				addActionError(e.getMessage()); +				 +				formID = Random.nextRandom(); +				session.setAttribute(Constants.SESSION_FORMID, formID);  				return Constants.STRUTS_ERROR_VALIDATION;  			} @@ -174,10 +204,30 @@ implements ServletRequestAware, ServletResponseAware {  	}  	public String downloadXMLConfig() { -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; +		Object formidobj = session.getAttribute(Constants.SESSION_FORMID); +		if (formidobj != null && formidobj instanceof String) { +			String formid = (String) formidobj; +			if (!formid.equals(formID)) { +				log.warn("FormIDs does not match. Some suspect Form is received from user " +						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +				return Constants.STRUTS_ERROR; +			}			 +		} else { +			log.warn("FormIDs does not match. Some suspect Form is received from user " +					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +			return Constants.STRUTS_ERROR; +		} +		session.setAttribute(Constants.SESSION_FORMID, null); +		  		if (authUser.isAdmin()) {  			log.info("Write MOA-ID 2.x xml config"); @@ -194,6 +244,9 @@ implements ServletRequestAware, ServletResponseAware {  				if (moaidconfig == null) {  					log.info("No MOA-ID 2.x configruation available");  					addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig")); +					 +					formID = Random.nextRandom(); +					session.setAttribute(Constants.SESSION_FORMID, formID);  					return Constants.STRUTS_ERROR_VALIDATION;  				} @@ -208,11 +261,17 @@ implements ServletRequestAware, ServletResponseAware {  				log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);  				addActionError(LanguageHelper.getErrorString("errors.importexport.export",  						new Object[]{e.getMessage()})); +				 +				formID = Random.nextRandom(); +				session.setAttribute(Constants.SESSION_FORMID, formID);  				return Constants.STRUTS_ERROR_VALIDATION;  			} catch (IOException e) {  				log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);  				addActionError(LanguageHelper.getErrorString("errors.importexport.export",  						new Object[]{e.getMessage()})); +				 +				formID = Random.nextRandom(); +				session.setAttribute(Constants.SESSION_FORMID, formID);  				return Constants.STRUTS_ERROR_VALIDATION;  			} @@ -230,10 +289,30 @@ implements ServletRequestAware, ServletResponseAware {  	public String importXMLConfig() { -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; +		Object formidobj = session.getAttribute(Constants.SESSION_FORMID); +		if (formidobj != null && formidobj instanceof String) { +			String formid = (String) formidobj; +			if (!formid.equals(formID)) { +				log.warn("FormIDs does not match. Some suspect Form is received from user " +						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +				return Constants.STRUTS_ERROR; +			}			 +		} else { +			log.warn("FormIDs does not match. Some suspect Form is received from user " +					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +			return Constants.STRUTS_ERROR; +		} +		session.setAttribute(Constants.SESSION_FORMID, null); +		  		if (authUser.isAdmin()) {  			if (fileUpload == null) { @@ -271,6 +350,9 @@ implements ServletRequestAware, ServletResponseAware {  				log.warn("MOA-ID XML configuration can not be loaded from File.", e);  				addActionError(LanguageHelper.getErrorString("errors.importexport.import",  						new Object[]{e.getMessage()})); +				 +				formID = Random.nextRandom(); +				session.setAttribute(Constants.SESSION_FORMID, formID);  				return Constants.STRUTS_ERROR_VALIDATION;  			} @@ -360,4 +442,19 @@ implements ServletRequestAware, ServletResponseAware {  	public InputStream getFileInputStream() {  		return fileInputStream;  	} + +	/** +	 * @return the formID +	 */ +	public String getFormID() { +		return formID; +	} + +	/** +	 * @param formID the formID to set +	 */ +	public void setFormID(String formID) { +		this.formID = formID; +	} +	  } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index 6078caa87..545a84800 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -1,34 +1,77 @@  package at.gv.egovernment.moa.id.configuration.struts.action; +import java.util.ArrayList;  import java.util.Date; +import java.util.List;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse;  import javax.servlet.http.HttpSession; +import org.apache.commons.lang.StringEscapeUtils;  import org.apache.log4j.Logger;  import org.apache.struts2.interceptor.ServletRequestAware;  import org.apache.struts2.interceptor.ServletResponseAware; +import org.joda.time.DateTime; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.security.MetadataCredentialResolverFactory; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoProvider; +import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider; +import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider; +import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;  import com.opensymphony.xwork2.ActionSupport;  import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;  import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;  import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.configuration.Constants;  import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;  import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;  import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;  import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; +import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;  import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper;  import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.util.MiscUtil;  public class IndexAction extends ActionSupport implements ServletRequestAware,  	ServletResponseAware { +	private static final long serialVersionUID = -2781497863862504896L; +  	private static final Logger log = Logger.getLogger(IndexAction.class);  	private HttpServletRequest request; @@ -36,6 +79,11 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,  	private String password;  	private String username; +	private UserDatabaseFrom user = null; +	private AuthenticatedUser authUser = null; +	private String formID; +	 +	private String ssologouturl;  	public String start() { @@ -80,12 +128,12 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,  			return Constants.STRUTS_ERROR;  		} else { -			if (!dbuser.isIsActive()) { -				log.warn("Username " + dbuser.getUsername() + " is not active"); +			if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) { +				log.warn("Username " + dbuser.getUsername() + " is not active or Username/Password login is not allowed");  				addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed"));  				return Constants.STRUTS_ERROR;  			} -			 +						  			if (!dbuser.getPassword().equals(key)) {  				log.warn("Username " + dbuser.getUsername() + " use a false password");  				addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed")); @@ -96,13 +144,18 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,  					dbuser.getHjid(),   					dbuser.getGivenname(),   					dbuser.getFamilyname(),  +					dbuser.getInstitut(),  					dbuser.getUsername(),   					true,  -					dbuser.isIsAdmin()); +					dbuser.isIsAdmin(), +					dbuser.isIsMandateUser(), +					false); -			authuser.setLastLogin(dbuser.getLastLoginItem()); +			Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); +			if (date != null) +				authuser.setLastLogin(date);; -			dbuser.setLastLoginItem(new Date()); +			dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));  			try {  				ConfigurationDBUtils.saveOrUpdate(dbuser); @@ -120,13 +173,515 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,  		}  	} +	public String pvp2login() { +		 +		String method = request.getMethod(); +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("NO HTTP Session"); +			return Constants.STRUTS_ERROR; +		} +		 +		String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); +		session.setAttribute(Constants.SESSION_PVP2REQUESTID, null); +		 +		if (method.equals("POST")) { +		 +			try { +				ConfigurationProvider config = ConfigurationProvider.getInstance(); +				 +				//Decode with HttpPost Binding +				HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); +				BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); +				messageContext +					.setInboundMessageTransport(new HttpServletRequestAdapter( +							request)); +				decode.decode(messageContext); +				 +				Response samlResponse = (Response) messageContext.getInboundMessage(); +			 +				Signature sign = samlResponse.getSignature(); +				if (sign == null) { +					log.info("Only http POST Requests can be used"); +					addActionError(LanguageHelper.getErrorString("error.login")); +					return Constants.STRUTS_ERROR; +				} +				 +				//Validate Signature +				SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); +				profileValidator.validate(sign); +				 +				//Verify Signature +				List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); +				keyInfoProvider.add(new DSAKeyValueProvider()); +				keyInfoProvider.add(new RSAKeyValueProvider()); +				keyInfoProvider.add(new InlineX509DataProvider()); + +				KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( +						keyInfoProvider); +				 +				MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory();     +				MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier());   +				   +				CriteriaSet criteriaSet = new CriteriaSet();   +				criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));   +				criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); +				criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); +				  				 +				ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver); +				trustEngine.validate(sign, criteriaSet); +				 +				log.info("PVP2 Assertion is valid"); +				 +				if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { +			 +					List<org.opensaml.saml2.core.Assertion> saml2assertions = samlResponse.getAssertions(); +										 +					if (MiscUtil.isEmpty(authID)) { +						log.info("NO AuthRequestID"); +						return Constants.STRUTS_ERROR; +					} +					 +					for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { +						 +						Subject subject = saml2assertion.getSubject(); +						List<SubjectConfirmation> subjectconformlist = subject.getSubjectConfirmations(); +						for (SubjectConfirmation el : subjectconformlist) { +							if (el.getMethod().equals(SubjectConfirmation.METHOD_BEARER)) { +								SubjectConfirmationData date = el.getSubjectConfirmationData(); +								 +								if (!authID.equals(date.getInResponseTo())) { +									log.warn("PVPRequestID does not match PVP2 Assertion ID!"); +									return Constants.STRUTS_ERROR; +									 +								}		 +							} +						} +												 +						Conditions conditions = saml2assertion.getConditions(); +						DateTime notbefore = conditions.getNotBefore(); +						DateTime notafter = conditions.getNotOnOrAfter(); +						if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { +							log.warn("PVP2 Assertion is out of Date"); +							return Constants.STRUTS_ERROR; +							 +						} +						 +						NameID nameID = subject.getNameID(); +						if (nameID == null) { +							log.warn("No NameID element in PVP2 assertion!"); +							return Constants.STRUTS_ERROR; +						} +						 +						String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue(); +						 +						//search user +						UserDatabase dbuser = ConfigurationDBRead.getUserWithUserBPKWBPK(bpkwbpk); +						if (dbuser == null) { +							log.info("No user found with bpk/wbpk " + bpkwbpk); +							 +							//read PVP2 assertion attributes; +							user = new UserDatabaseFrom(); +							user.setActive(false); +							user.setAdmin(false); +							user.setBpk(bpkwbpk); +							user.setIsusernamepasswordallowed(false); +							user.setIsmandateuser(false); +							user.setPVPGenerated(true); +							 +							authUser = new AuthenticatedUser(); +							authUser.setAdmin(false); +							authUser.setAuthenticated(false); +							authUser.setLastLogin(null); +							authUser.setUserID(-1); +							authUser.setUserName(null); +							authUser.setPVP2Login(true); +							authUser.setMandateUser(false); +							 +							//loop through the nodes to get what we want +							List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); +							for (int i = 0; i < attributeStatements.size(); i++) +							{ +								List<Attribute> attributes = attributeStatements.get(i).getAttributes(); +								for (int x = 0; x < attributes.size(); x++) +								{ +									String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); +									 +									if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { +										user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); +										authUser.setFamilyName(user.getFamilyName()); +									} +									 +									if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { +										user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); +										authUser.setGivenName(user.getGivenName()); +									} +									 +									if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) { +										authUser.setMandateUser(true); +										user.setIsmandateuser(true); +									} +									 +									if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) { +										user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); +										authUser.setInstitute(user.getInstitut()); +									}		 +								} +							} +							 +							//set Random value +							formID = Random.nextRandom(); +							session.setAttribute(Constants.SESSION_FORMID, formID); +							session.setAttribute(Constants.SESSION_FORM, user); +							session.setAttribute(Constants.SESSION_AUTH, authUser);	 +							 +							ConfigurationDBUtils.closeSession(); +							 +							return Constants.STRUTS_NEWUSER; +							 +						} else { +							if (!dbuser.isIsActive()) { +								 +								if (!dbuser.isIsMailAddressVerified()) { +									 +									formID = Random.nextRandom(); +									session.setAttribute(Constants.SESSION_FORMID, formID); +									 +									user = new UserDatabaseFrom(dbuser); +									authUser = new AuthenticatedUser( +											dbuser.getHjid(),  +											dbuser.getGivenname(),  +											dbuser.getFamilyname(),  +											dbuser.getInstitut(), +											dbuser.getUsername(),  +											false,  +											false, +											dbuser.isIsMandateUser(), +											true); +									session.setAttribute(Constants.SESSION_FORM, user); +									session.setAttribute(Constants.SESSION_AUTH, authUser); +									 +									return Constants.STRUTS_NEWUSER; +									 +								} +								 +								log.info("User with bpk/wbpk " + bpkwbpk + " is not active"); +								addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive")); +								return Constants.STRUTS_ERROR; +							} +							 +							authUser = new AuthenticatedUser( +									dbuser.getHjid(),  +									dbuser.getGivenname(),  +									dbuser.getFamilyname(),  +									dbuser.getInstitut(), +									dbuser.getUsername(),  +									true,  +									dbuser.isIsAdmin(), +									dbuser.isIsMandateUser(), +									true); +							 +							Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); +							if (date != null) +								authUser.setLastLogin(date);; +							 +							dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); +							 +							try { +								ConfigurationDBUtils.saveOrUpdate(dbuser); +								 +							} catch (MOADatabaseException e) { +								log.warn("UserDatabase communicaton error", e); +								addActionError(LanguageHelper.getErrorString("error.login")); +								return Constants.STRUTS_ERROR; +							} +							finally { +								ConfigurationDBUtils.closeSession(); +							} +							session.setAttribute(Constants.SESSION_AUTH, authUser); +							return Constants.STRUTS_SUCCESS; +							 +						} +					} +					 +					log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found."); +					addActionError(LanguageHelper.getErrorString("error.login")); +					return Constants.STRUTS_ERROR; +					 +				} else { +					log.info("Receive Error Assertion."); +					return Constants.STRUTS_ERROR; +				} +				 +			} catch (Exception e) { +				log.warn("Only http POST Requests can be used", e); +				addActionError(LanguageHelper.getErrorString("error.login")); +				return Constants.STRUTS_ERROR; +			} +			 +		} else { +			log.info("Only http POST Requests can be used"); +			addActionError(LanguageHelper.getErrorString("error.login")); +			return Constants.STRUTS_ERROR; +		} +	} +	 +	public String requestNewUser() { +		 +		HttpSession session = request.getSession(); +		if (session == null) { +			log.warn("No active Session found"); +			return Constants.STRUTS_ERROR; +		} +		 +		Object formidobj = session.getAttribute(Constants.SESSION_FORMID); +		if (formidobj != null && formidobj instanceof String) { +			String formid = (String) formidobj; +			if (!formid.equals(formID)) { +				log.warn("FormIDs does not match. Some suspect Form is received from user " +						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +				return Constants.STRUTS_ERROR; +			}			 +		} else { +			log.warn("FormIDs does not match. Some suspect Form is received from user " +					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +			return Constants.STRUTS_ERROR; +		} +		session.setAttribute(Constants.SESSION_FORMID, null); +		 +		Object sessionformobj = session.getAttribute(Constants.SESSION_FORM); +		if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) { +			UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj; +			 +			Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);		 +			authUser = (AuthenticatedUser) authUserObj;	 + +			if (user == null) { +				log.warn("No form transmited"); +				return Constants.STRUTS_ERROR; +			} +			 +			//get UserID +			String useridobj = user.getUserID(); +			long userID = -1; +			if (MiscUtil.isEmpty(useridobj)) { +				userID = -1; +				 +			} else { +				if (!ValidationHelper.validateOAID(useridobj)){ +					log.warn("User with ID " + authUser.getUserID()  +							+ " would access UserDatabase ID " + useridobj); +					addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); +					return Constants.STRUTS_ERROR; +				}	 +				userID = Long.valueOf(useridobj); +			} +			 +			String check; +			if (!sessionform.isIsmandateuser()) { +				check = user.getInstitut(); +				if (MiscUtil.isNotEmpty(check)) { +					if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +						log.warn("Organisation contains potentail XSS characters: " + check); +						addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid",  +								new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +					} +				} else { +					log.warn("Organisation is empty"); +					addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty"));			 +				} +			} +			 +			check = user.getMail(); +			if (MiscUtil.isNotEmpty(check)) { +				if (!ValidationHelper.isEmailAddressFormat(check)) { +					log.warn("Mailaddress is not valid: " + check); +					addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid",  +							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +				} +			} else { +				log.warn("Mailaddress is empty"); +				addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty"));			 +			} +			 +			check = user.getPhone(); +			if (MiscUtil.isNotEmpty(check)) { +				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +					log.warn("Phonenumber contains potentail XSS characters: " + check); +					addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid",  +							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +				} +			} else { +				log.warn("Phonenumber is empty"); +				addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty"));			 +			} +			 +			if (hasActionErrors()) { +				log.info("Some form errors found. Send user back to form"); +				 +				user.setPVPGenerated(true); +				user.setFamilyName(sessionform.getFamilyName()); +				user.setGivenName(sessionform.getGivenName()); +				user.setIsmandateuser(sessionform.isIsmandateuser()); +				user.setBpk(sessionform.getBpk()); +				 +				if (sessionform.isIsmandateuser()) +					user.setInstitut(sessionform.getInstitut()); +				 +				formID = Random.nextRandom(); +				session.setAttribute(Constants.SESSION_FORMID, formID); + +				return Constants.STRUTS_NEWUSER; +			} + +			UserDatabase dbuser; +			 +			if (userID < 0) { +				dbuser = new UserDatabase(); +				dbuser.setBpk(sessionform.getBpk()); +				dbuser.setFamilyname(sessionform.getFamilyName()); +				dbuser.setGivenname(sessionform.getGivenName()); + +				if (sessionform.isIsmandateuser()) +					dbuser.setInstitut(sessionform.getInstitut()); +				else +					dbuser.setInstitut(user.getInstitut()); +				 +				dbuser.setIsPVP2Generated(true); +				dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); +				dbuser.setIsActive(false); +				dbuser.setIsAdmin(false); +				dbuser.setIsMandateUser(sessionform.isIsmandateuser()); +				dbuser.setIsUsernamePasswordAllowed(false); +				 +			} else  +				dbuser = ConfigurationDBRead.getUserWithID(userID); +			 +			dbuser.setMail(user.getMail()); +			dbuser.setPhone(user.getPhone()); +			dbuser.setIsAdminRequest(true); +			dbuser.setIsMailAddressVerified(false); +			dbuser.setUserRequestTokken(Random.nextRandom()); +						 +			try { +				ConfigurationDBUtils.saveOrUpdate(dbuser); +				 +				MailHelper.sendUserMailAddressVerification(dbuser); +				 +			} catch (MOADatabaseException e) { +				log.warn("New UserRequest can not be stored in database", e); +				return Constants.STRUTS_ERROR; +				 +			} catch (ConfigurationException e) { +				log.warn("Sending of mailaddress verification mail failed.", e); +				addActionError(LanguageHelper.getErrorString("error.mail.send")); +				return Constants.STRUTS_NEWUSER; +			} +			 +			finally { +				session.setAttribute(Constants.SESSION_FORM, null); +				session.setAttribute(Constants.SESSION_AUTH, null);	 +				ConfigurationDBUtils.closeSession(); +			} +			 +			addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify")); +			 +			session.invalidate(); +			 +			return Constants.STRUTS_SUCCESS;  +			 +		} else { +			log.warn("No SessionForm found"); +			return Constants.STRUTS_ERROR; +		} +		 +	} +	 +	public String mailAddressVerification() { +		 +		String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN); +		if (MiscUtil.isNotEmpty(userrequesttokken)) { +			 +			userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken); +			 +			try { +				Long.parseLong(userrequesttokken); +				 +			} catch (NumberFormatException e) { +				log.warn("Verificationtokken has no number format."); +				return Constants.STRUTS_ERROR; +			} +			 +			UserDatabase dbuser = ConfigurationDBRead.getNewUserWithTokken(userrequesttokken); +			if (dbuser != null) { +				dbuser.setUserRequestTokken(null); +				dbuser.setIsMailAddressVerified(true); +				 +				if (dbuser.isIsActive()) +					dbuser.setIsAdminRequest(false); +				 +				try { +					ConfigurationDBUtils.saveOrUpdate(dbuser); +					 +					int numoas = 0; +					int numusers = 0; +					 +					List<OnlineApplication> openOAs = ConfigurationDBRead.getAllNewOnlineApplications(); +					if (openOAs != null) +						numoas = openOAs.size(); +					 +					List<UserDatabase> openUsers = ConfigurationDBRead.getAllNewUsers(); +					if (openUsers != null) +						numusers = openUsers.size(); +					 +					if (numusers > 0 || numoas > 0) +						MailHelper.sendAdminMail(numoas, numusers); +					 +				} catch (MOADatabaseException e) { +					log.warn("Userinformation can not be stored in Database.", e); +					addActionError(LanguageHelper.getErrorString("error.mail.verification")); +					 +				} catch (ConfigurationException e) { +					log.warn("Send mail to admin failed.", e); +				} +				 +				finally { +					ConfigurationDBUtils.closeSession(); +				} +				 +				addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress")); +				return Constants.STRUTS_SUCCESS; +			} +		}	 +		 +		return Constants.STRUTS_ERROR; +	} +	  	public String logout() {  		HttpSession session = request.getSession(); + +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); +		authUser = (AuthenticatedUser) authUserObj;  		if (session != null)  			session.invalidate(); +		try { +			ConfigurationProvider config = ConfigurationProvider.getInstance(); +			String ssologout = config.getSSOLogOutURL(); +			 +			if (MiscUtil.isNotEmpty(ssologout) && authUser != null && authUser.isPVP2Login()) { +				ssologouturl = ssologout + config.getPublicUrlPreFix(request); +				return Constants.STRUTS_SSOLOGOUT; +				 +			} +			 +		} catch (ConfigurationException e) { +			log.warn("Configuration can not be loaded.", e); +			 +		} +		  		return Constants.STRUTS_SUCCESS;  	} @@ -164,7 +719,46 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,  	public void setUsername(String username) {  		this.username = username;  	} -	 -	 +	/** +	 * @return the authUser +	 */ +	public AuthenticatedUser getAuthUser() { +		return authUser; +	} + +	/** +	 * @return the user +	 */ +	public UserDatabaseFrom getUser() { +		return user; +	} + +	/** +	 * @param user the user to set +	 */ +	public void setUser(UserDatabaseFrom user) { +		this.user = user; +	} + +	/** +	 * @return the ssologouturl +	 */ +	public String getSsologouturl() { +		return ssologouturl; +	} + +	/** +	 * @return the formID +	 */ +	public String getFormID() { +		return formID; +	} + +	/** +	 * @param formID the formID to set +	 */ +	public void setFormID(String formID) { +		this.formID = formID; +	}  } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index f5f265ea6..da3c99714 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -5,6 +5,7 @@ import java.util.List;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession;  import org.apache.log4j.Logger;  import org.apache.struts2.interceptor.ServletRequestAware; @@ -22,6 +23,7 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;  import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;  import at.gv.egovernment.moa.id.configuration.data.OAListElement;  import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;  import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;  import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;  import at.gv.egovernment.moa.util.MiscUtil; @@ -48,8 +50,13 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,  	public String listAllOnlineAppliactions() { +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; @@ -65,8 +72,16 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,  				dbOAs = authUserDB.getOnlineApplication();  		} -		addFormOAs(dbOAs);			 - +		if (dbOAs == null || dbOAs.size() == 0) { +			addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA")); +			 +		} else { +			formOAs = FormDataHelper.addFormOAs(dbOAs); +		} +		 +		session.setAttribute(Constants.SESSION_RETURNAREA,  +				Constants.STRUTS_RETURNAREA_VALUES.main.name()); +		  		ConfigurationDBUtils.closeSession();  		return Constants.STRUTS_SUCCESS; @@ -86,8 +101,13 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,  	}  	public String searchOA() { +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; @@ -125,32 +145,23 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,  			}  		} -		addFormOAs(dbOAs); -		 -		ConfigurationDBUtils.closeSession(); -		 -		return Constants.STRUTS_SUCCESS;	 -	} -	 -	private void addFormOAs(List<OnlineApplication> dbOAs) { -		 -		formOAs = new ArrayList<OAListElement>();  		if (dbOAs == null || dbOAs.size() == 0) { -			addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); +			log.debug("No OAs found with Identifier " + friendlyname); +			addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA"));  		} else { -			for (OnlineApplication dboa : dbOAs) { -				OAListElement listoa = new OAListElement(); -				listoa.setActive(dboa.isIsActive()); -				listoa.setDataBaseID(dboa.getHjid()); -				listoa.setOaFriendlyName(dboa.getFriendlyName()); -				listoa.setOaIdentifier(dboa.getPublicURLPrefix()); -				listoa.setOaType(dboa.getType()); -				formOAs.add(listoa); -			} +			 +			formOAs = FormDataHelper.addFormOAs(dbOAs); +			session.setAttribute(Constants.SESSION_RETURNAREA,  +					Constants.STRUTS_RETURNAREA_VALUES.main.name()); +			  		} -	} +		 +		ConfigurationDBUtils.closeSession(); +		return Constants.STRUTS_SUCCESS;	 +	} +		  	public void setServletResponse(HttpServletResponse arg0) {  		this.response = arg0;  	} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java index aeafe9548..c80d5484d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java @@ -2,7 +2,9 @@ package at.gv.egovernment.moa.id.configuration.struts.action;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import org.apache.log4j.Logger;  import org.apache.struts2.interceptor.ServletRequestAware;  import org.apache.struts2.interceptor.ServletResponseAware; @@ -14,6 +16,8 @@ import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;  public class MainAction implements ServletRequestAware,  	ServletResponseAware { +	private static final Logger log = Logger.getLogger(MainAction.class); +	  	private HttpServletRequest request;  	private HttpServletResponse response; @@ -30,8 +34,17 @@ public class MainAction implements ServletRequestAware,  	public String generateMainFrame() { -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +		 +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);		  		authUser = (AuthenticatedUser) authUserObj;	 +		 +		session.setAttribute(Constants.SESSION_RETURNAREA, null); +		  		return Constants.STRUTS_SUCCESS;  	} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java new file mode 100644 index 000000000..aa36d768a --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java @@ -0,0 +1,106 @@ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.OAListElement; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; + +import com.opensymphony.xwork2.ActionSupport; + +public class OpenAdminRequestsAction extends ActionSupport  +		implements ServletRequestAware, ServletResponseAware { +	 +	private static final Logger log = Logger.getLogger(OpenAdminRequestsAction.class); +	 +	private static final long serialVersionUID = 1L; + +	private HttpServletRequest request; +	private HttpServletResponse response; +	 +	private AuthenticatedUser authUser = null;  +	private List<OAListElement> formOAs = null; +	private List<AuthenticatedUser> userlist = null; +	 + +	public String init() { +		 +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +		 +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); +		 +		authUser = (AuthenticatedUser) authUserObj; +		 +		if (authUser.isAdmin()) { +			 +			List<OnlineApplication> dbOAs = ConfigurationDBRead.getAllNewOnlineApplications(); +			if (dbOAs != null) { +				formOAs = FormDataHelper.addFormOAs(dbOAs); +			} +			 +			List<UserDatabase> dbUsers = ConfigurationDBRead.getAllNewUsers(); +			if (dbUsers != null){ +				userlist = FormDataHelper.addFormUsers(dbUsers); +			} +			 +			session.setAttribute(Constants.SESSION_RETURNAREA,  +					Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()); + +			return Constants.STRUTS_SUCCESS; +		} else { +			log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID()); +			return Constants.STRUTS_NOTALLOWED; +		} +		 +	} +	 +	 +	public void setServletResponse(HttpServletResponse response) { +		this.response = response; +	} + +	public void setServletRequest(HttpServletRequest request) { +		this.request = request; +	} + + +	/** +	 * @return the authUser +	 */ +	public AuthenticatedUser getAuthUser() { +		return authUser; +	} + + +	/** +	 * @return the formOAs +	 */ +	public List<OAListElement> getFormOAs() { +		return formOAs; +	} + + +	/** +	 * @return the userlist +	 */ +	public List<AuthenticatedUser> getUserlist() { +		return userlist; +	} +		 +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index 2a9ec038f..6bc90a417 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -1,11 +1,12 @@  package at.gv.egovernment.moa.id.configuration.struts.action; -import java.util.ArrayList; -import java.util.Date; +import java.io.ByteArrayInputStream; +import java.io.InputStream;  import java.util.List;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession;  import org.apache.log4j.Logger;  import org.apache.struts2.interceptor.ServletRequestAware; @@ -18,10 +19,14 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.configuration.Constants;  import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;  import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;  import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;  import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper;  import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;  import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.util.MiscUtil;  import com.opensymphony.xwork2.ActionSupport; @@ -43,30 +48,34 @@ public class UserManagementAction extends ActionSupport  	private String useridobj = null;  	private static boolean newUser = false; +	private InputStream stream; +	private String nextPage; +	private String formID;  	public String init() { -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; -		 +				  		if (authUser.isAdmin()) { +			log.info("Show NewserRequests"); +			  			log.info("Show UserList");  			List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers(); +						  			if (dbuserlist != null) { -				userlist = new ArrayList<AuthenticatedUser>(); -				 -				for (UserDatabase dbuser : dbuserlist) { -					userlist.add(new AuthenticatedUser( -							dbuser.getHjid(),  -							dbuser.getGivenname(),  -							dbuser.getFamilyname(), -							dbuser.getUsername(), -							dbuser.isIsActive(),  -							dbuser.isIsAdmin())); -				} +				userlist = FormDataHelper.addFormUsers(dbuserlist);  			} +		 +			session.setAttribute(Constants.SESSION_RETURNAREA, +					Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name());  			ConfigurationDBUtils.closeSession();  			return Constants.STRUTS_SUCCESS; @@ -79,20 +88,37 @@ public class UserManagementAction extends ActionSupport  			}  			user = new UserDatabaseFrom(dbuser);  			ConfigurationDBUtils.closeSession(); +			 +			session.setAttribute(Constants.SESSION_RETURNAREA, +					Constants.STRUTS_RETURNAREA_VALUES.main.name()); +			 +			formID = Random.nextRandom(); +			session.setAttribute(Constants.SESSION_FORMID, formID); +			  			return Constants.STRUTS_NOTALLOWED;  		}  	}  	public String createuser() { -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +		 +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; +		nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();  		if (authUser.isAdmin()) {  			user = new UserDatabaseFrom();  			newUser = true; +			 +			formID = Random.nextRandom(); +			session.setAttribute(Constants.SESSION_FORMID, formID);  			return Constants.STRUTS_SUCCESS;  		} else { @@ -101,10 +127,27 @@ public class UserManagementAction extends ActionSupport  	}  	public String edituser() { -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; +		Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);	 +		if (nextPageAttr != null && nextPageAttr instanceof String  +				&& MiscUtil.isNotEmpty((String)nextPageAttr) ) { +			nextPage = (String) nextPageAttr; +			 +		} else { +			nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); +		} +		 +		formID = Random.nextRandom(); +		session.setAttribute(Constants.SESSION_FORMID, formID); +		  		if (authUser.isAdmin()) {  			long userid = -1; @@ -136,11 +179,31 @@ public class UserManagementAction extends ActionSupport  		}		  	} -	public String saveuser() { -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +	public String saveuser() {	 +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; +		Object formidobj = session.getAttribute(Constants.SESSION_FORMID); +		if (formidobj != null && formidobj instanceof String) { +			String formid = (String) formidobj; +			if (!formid.equals(formID)) { +				log.warn("FormIDs does not match. Some suspect Form is received from user " +						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +				return Constants.STRUTS_ERROR; +			}			 +		} else { +			log.warn("FormIDs does not match. Some suspect Form is received from user " +					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +			return Constants.STRUTS_ERROR; +		} +		session.setAttribute(Constants.SESSION_FORMID, null); +		  		String useridobj = user.getUserID();  		long userID = -1;  		if (MiscUtil.isEmpty(useridobj)) { @@ -156,9 +219,30 @@ public class UserManagementAction extends ActionSupport  			userID = Long.valueOf(useridobj);  		} +		UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); +		 +		if( dbuser == null) { +			dbuser = new UserDatabase(); +			dbuser.setIsMandateUser(false); +			dbuser.setIsAdminRequest(false); +			dbuser.setIsPVP2Generated(false); +			dbuser.setUserRequestTokken(null); +			dbuser.setIsMailAddressVerified(false); +			dbuser.setUsername(user.getUsername()); +		} +		  		List<String> errors;  		UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); -		errors = validator.validate(user, userID); +		 +		boolean ispvp2 = false; +		boolean ismandate = false; +		if (dbuser.isIsPVP2Generated() != null) +			ispvp2 = dbuser.isIsPVP2Generated(); +		 +		if (dbuser.isIsMandateUser() != null) +			ismandate = dbuser.isIsMandateUser(); +		 +		errors = validator.validate(user, userID, ispvp2, ismandate);  		if (errors.size() > 0) {  			log.info("UserDataForm has some erros."); @@ -169,6 +253,14 @@ public class UserManagementAction extends ActionSupport  			if (MiscUtil.isEmpty(user.getUsername()))  				newUser = true; +			user.setIsmandateuser(ismandate); +			user.setPVPGenerated(ispvp2); +			if (dbuser.isIsUsernamePasswordAllowed() != null) +				user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed());	 +			 +			formID = Random.nextRandom(); +			session.setAttribute(Constants.SESSION_FORMID, formID); +			  			return Constants.STRUTS_ERROR_VALIDATION;  		} @@ -181,8 +273,49 @@ public class UserManagementAction extends ActionSupport  			}  		} - -		String error = saveFormToDB(); +				 +		if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) { +			dbuser.setIsMailAddressVerified(false); +			dbuser.setUserRequestTokken(Random.nextRandom()); +			 +			try { +				MailHelper.sendUserMailAddressVerification(dbuser); +				addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify")); +				 +			} catch (ConfigurationException e) { +				log.warn("Sending of mailaddress verification mail failed.", e); +				addActionError(LanguageHelper.getErrorString("error.mail.send")); +			} +		} +			 +		Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);	 +		if (nextPageAttr != null && nextPageAttr instanceof String  +				&& MiscUtil.isNotEmpty((String)nextPageAttr) ) { +			nextPage = (String) nextPageAttr; +			 +			if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) && +					user.isActive()) { +				dbuser.setIsAdminRequest(false); +				try {	 +					if (dbuser.isIsMandateUser()) +						MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), +								dbuser.getInstitut(), user.getMail()); +					else +						MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), +								null, user.getMail()); +					 +				} catch (ConfigurationException e) { +					log.warn("Send UserAccountActivation mail failed", e); +				} +			} +			session.setAttribute(Constants.SESSION_RETURNAREA, null); +			 +		} else { +			nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); +		} +		 +		String error = saveFormToDB(dbuser); +				  		if (error != null) {  			log.warn("UserData can not be stored in Database");  			addActionError(error); @@ -194,10 +327,30 @@ public class UserManagementAction extends ActionSupport  	}  	public String deleteuser() { -		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);  		authUser = (AuthenticatedUser) authUserObj; -							 +		 +		Object formidobj = session.getAttribute(Constants.SESSION_FORMID); +		if (formidobj != null && formidobj instanceof String) { +			String formid = (String) formidobj; +			if (!formid.equals(formID)) { +				log.warn("FormIDs does not match. Some suspect Form is received from user " +						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +				return Constants.STRUTS_ERROR; +			}			 +		} else { +			log.warn("FormIDs does not match. Some suspect Form is received from user " +					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); +			return Constants.STRUTS_ERROR; +		} +		session.setAttribute(Constants.SESSION_FORMID, null); +		  		String useridobj = user.getUserID();  		long userID = -1;  		if (MiscUtil.isEmpty(useridobj)) { @@ -222,6 +375,16 @@ public class UserManagementAction extends ActionSupport  			}  		} +		Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);	 +		if (nextPageAttr != null && nextPageAttr instanceof String  +				&& MiscUtil.isNotEmpty((String)nextPageAttr)  ) { +			nextPage = (String) nextPageAttr; +			session.setAttribute(Constants.SESSION_RETURNAREA, null); +			 +		} else { +			nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); +		} +		  		UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);  		if (dbuser != null) {  			dbuser.setOnlineApplication(null); @@ -230,8 +393,22 @@ public class UserManagementAction extends ActionSupport  				ConfigurationDBUtils.saveOrUpdate(dbuser);  				ConfigurationDBUtils.delete(dbuser); +				if (authUser.isAdmin()) { +					MailHelper.sendUserAccountRevocationMail(dbuser); +				} +				 +				if (dbuser.getHjid() == authUser.getUserID()) { +					ConfigurationDBUtils.closeSession(); +					return Constants.STRUTS_REAUTHENTICATE; +				} +					  			} catch (MOADatabaseException e) { -				log.warn("UserData can not be deleted from Database"); +				log.warn("UserData can not be deleted from Database", e); +				addActionError(e.getMessage()); +				return Constants.STRUTS_SUCCESS; +				 +			} catch (ConfigurationException e) { +				log.warn("Information mail sending failed.", e);  				addActionError(e.getMessage());  				return Constants.STRUTS_SUCCESS;  			} @@ -242,39 +419,93 @@ public class UserManagementAction extends ActionSupport  		}  		ConfigurationDBUtils.closeSession(); +			  		return Constants.STRUTS_SUCCESS;  	} -	private String saveFormToDB() { +	public String sendVerificationMail () { +		HttpSession session = request.getSession(); +		if (session == null) { +			log.info("No http Session found."); +			return Constants.STRUTS_ERROR; +		} -		UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(user.getUsername()); +		String 	message = LanguageHelper.getErrorString("error.mail.verification"); -		if( dbuser == null) { -			dbuser = new UserDatabase(); +		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); +		authUser = (AuthenticatedUser) authUserObj; +		 +		if (authUser != null) { +			UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID()); +			 +			if (dbuser != null) {	 +				dbuser.setIsMailAddressVerified(false); +				dbuser.setUserRequestTokken(Random.nextRandom()); +				 +				try { +					ConfigurationDBUtils.saveOrUpdate(dbuser); + +					MailHelper.sendUserMailAddressVerification(dbuser); +					 +					message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message"); +					 +				} catch (ConfigurationException e) { +					log.warn("Sending of mailaddress verification mail failed.", e); +					message = LanguageHelper.getErrorString("error.mail.send"); +					 +				} catch (MOADatabaseException e) { +					log.warn("Access UserInformationDatabase failed.", e); +				}	 +			}   		} -		dbuser.setBpk(user.getBpk()); -		dbuser.setFamilyname(user.getFamilyName()); -		dbuser.setGivenname(user.getGivenName()); -		dbuser.setInstitut(user.getInstitut()); +		stream = new ByteArrayInputStream(message.getBytes()); +		 +		return SUCCESS; +	} +	 +	private String saveFormToDB(UserDatabase dbuser) { +				  		dbuser.setMail(user.getMail());  		dbuser.setPhone(user.getPhone()); -		dbuser.setUsername(user.getUsername()); -		if (authUser.isAdmin()) { -			dbuser.setIsActive(user.isActive()); -			dbuser.setIsAdmin(user.isAdmin()); +		if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) { +			dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed()); +			 +			if (authUser.isAdmin()) { +				dbuser.setIsActive(user.isActive()); +				dbuser.setIsAdmin(user.isAdmin()); +			 +			}  		} -		if (MiscUtil.isNotEmpty(user.getPassword())) { -			String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); -			if (key == null) { -				return LanguageHelper.getErrorString("errors.edit.user.save"); +		if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) { +			dbuser.setFamilyname(user.getFamilyName()); +			dbuser.setGivenname(user.getGivenName()); +			dbuser.setInstitut(user.getInstitut()); +			 +			if (authUser.isAdmin()) +				dbuser.setBpk(user.getBpk()); +			 +		} else { +			if (!dbuser.isIsMandateUser()) +				dbuser.setInstitut(user.getInstitut()); +		} +		 +		if (dbuser.isIsUsernamePasswordAllowed()) { +			 +			if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) +				dbuser.setUsername(user.getUsername()); +			 +			if (MiscUtil.isNotEmpty(user.getPassword())) { +				String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); +				if (key == null) { +					return LanguageHelper.getErrorString("errors.edit.user.save"); +				} +				dbuser.setPassword(key);			  			} -			dbuser.setPassword(key);			  		} -		  		try {  			ConfigurationDBUtils.saveOrUpdate(dbuser);  		} catch (MOADatabaseException e) { @@ -284,27 +515,7 @@ public class UserManagementAction extends ActionSupport  		return null;  	} -	 -//	public String createTestUser() throws MOADatabaseException { -//		 -//		UserDatabase user = new UserDatabase(); -//		user.setBpk(""); -//		user.setFamilyname("Max"); -//		user.setGivenname("Mustermann"); -//		user.setIsActive(true); -//		user.setIsAdmin(false); -//		user.setInstitut("EGIZ"); -//		user.setLastLoginItem(new Date()); -//		user.setMail("masdf@amfasdf.com"); -//		user.setPhone("00660011542"); -//		user.setUsername("testuser"); -//		 -//		ConfigurationDBUtils.save(user); -//		 -//		return Constants.STRUTS_SUCCESS; -//	} -	 -	 +		  	public void setServletResponse(HttpServletResponse response) {  		this.response = response; @@ -370,7 +581,33 @@ public class UserManagementAction extends ActionSupport  	public boolean isNewUser() {  		return newUser;  	} -	 -	 + +	/** +	 * @return the nextPage +	 */ +	public String getNextPage() { +		return nextPage; +	} + +	/** +	 * @return the stream +	 */ +	public InputStream getStream() { +		return stream; +	} + +	/** +	 * @return the formID +	 */ +	public String getFormID() { +		return formID; +	} + +	/** +	 * @param formID the formID to set +	 */ +	public void setFormID(String formID) { +		this.formID = formID; +	}  } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java new file mode 100644 index 000000000..ede8c09a8 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java @@ -0,0 +1,82 @@ +package at.gv.egovernment.moa.id.configuration.utils; + +import java.io.IOException; +import java.util.Iterator; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.opensaml.Configuration; +import org.opensaml.DefaultBootstrap; +import org.opensaml.xml.ConfigurationException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.XMLObjectBuilder; +import org.opensaml.xml.XMLObjectBuilderFactory; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + + +public class SAML2Utils { + +	static { +		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); +		factory.setNamespaceAware(true); +		factory.setValidating(false); +		try { +			builder = factory.newDocumentBuilder(); +		} catch (ParserConfigurationException e) { +			// TODO Auto-generated catch block +			e.printStackTrace(); +		} +	} + +	private static DocumentBuilder builder; + +	public static <T> T createSAMLObject(final Class<T> clazz) { +		try { + +			XMLObjectBuilderFactory builderFactory = Configuration +					.getBuilderFactory(); + +			QName defaultElementName = (QName) clazz.getDeclaredField( +					"DEFAULT_ELEMENT_NAME").get(null); +			Map<QName, XMLObjectBuilder> builder = builderFactory.getBuilders(); +			Iterator<QName> it = builder.keySet().iterator(); + +			while (it.hasNext()) { +				QName qname = it.next(); +				if (qname.equals(defaultElementName)) { +					System.out.printf("Builder for: %s\n", qname.toString()); +				} +			} +			XMLObjectBuilder xmlBuilder = builderFactory +					.getBuilder(defaultElementName); +			 +			T object = (T) xmlBuilder.buildObject(defaultElementName); +			return object; +		} catch (Throwable e) { +			System.out.printf("Failed to create object for: %s\n", +					clazz.toString()); +			e.printStackTrace(); +			return null; +		} +	} + +	public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException, +			MarshallingException, TransformerException { +		org.w3c.dom.Document document = builder.newDocument(); +		Marshaller out = Configuration.getMarshallerFactory().getMarshaller( +				object); +		out.marshall(object, document); +		return document; +	} +	 + +	 +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java new file mode 100644 index 000000000..96e99e8c7 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java @@ -0,0 +1,71 @@ +package at.gv.egovernment.moa.id.configuration.utils; + +import java.util.Calendar; +import java.util.Date; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; + + +public class UserRequestCleaner implements Runnable { + +	private static final Logger log = Logger.getLogger(UserRequestCleaner.class); +	 +	private static final long SESSION_CLEANUP_INTERVAL = 60 * 60; // 60 min +		 +	public void run() { +		 while (true) { +			 try { +				ConfigurationProvider config = ConfigurationProvider.getInstance(); +				 +				List<UserDatabase> userrequests = ConfigurationDBRead.getAllOpenUsersRequests(); +				if (userrequests != null) { +					Calendar cal = Calendar.getInstance(); +					cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay()*-1); +					Date cleanupdate = cal.getTime(); +					 +					for(UserDatabase dbuser : userrequests) { +						Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + +						if (requestdate != null && requestdate.after(cleanupdate)) { +							log.info("Remove UserRequest from Database"); +							ConfigurationDBUtils.delete(dbuser); +						} +					 +					}					 +				} + +				Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); +				 +			} catch (ConfigurationException e) { +				log.info("UserRequestCleaner can not load configuration", e); +				 +			} catch (InterruptedException e) { +				 +			} finally { +				ConfigurationDBUtils.closeSession(); +				 +			} +		 } +	} +	 +	  /** +	   * start the sessionCleaner +	   */ +	  public static void start() { +	    // start the session cleanup thread +	    Thread sessionCleaner = new Thread(new UserRequestCleaner()); +	    sessionCleaner.setName("UserRequestCleaner"); +	    sessionCleaner.setDaemon(true); +	    sessionCleaner.setPriority(Thread.MIN_PRIORITY); +	    sessionCleaner.start(); +	  } +	 +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java index 820aa7c57..466867367 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java @@ -2,17 +2,17 @@ package at.gv.egovernment.moa.id.configuration.validation;  import org.apache.commons.lang.StringUtils; +import at.gv.egovernment.moa.id.configuration.Constants; +  public class CompanyNumberValidator implements IdentificationNumberValidator {  	public boolean validate(String commercialRegisterNumber) {  		String normalizedNumber = commercialRegisterNumber.replaceAll(" ", ""); -		if(normalizedNumber.startsWith("FN")) { +		if(normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN))  			normalizedNumber = normalizedNumber.substring(2); -			return checkCommercialRegisterNumber(normalizedNumber); -			 -		} else  -			return true; +		 +		return checkCommercialRegisterNumber(normalizedNumber);  	}  	private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java new file mode 100644 index 000000000..65e8a549e --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java @@ -0,0 +1,84 @@ +package at.gv.egovernment.moa.id.configuration.validation; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import at.gv.egovernment.moa.util.MiscUtil; + + +public class TargetValidator { + +	private static Map<String, String> targetList = null; +	 +	static { +		targetList = new HashMap<String, String>(); +		targetList.put("AR", "Arbeit"); +		targetList.put("AS", "Amtliche Statistik"); +		targetList.put("BF", "Bildung und Forschung"); +		targetList.put("BW", "Bauen und Wohnen"); +		targetList.put("EA", "EU und Auswärtige Angelegenheiten"); +		targetList.put("EF", "Ein- und Ausfuhr"); +		targetList.put("GH", "Gesundheit"); +		targetList.put("GS", "Gesellschaft und Soziales"); +		targetList.put("GS-RE", "Restitution"); +		targetList.put("JR", "Justiz/Zivilrechtswesen"); +		targetList.put("KL", "Kultus"); +		targetList.put("KU", "Kunst und Kultur"); +		targetList.put("LF", "Land- und Forstwirtschaft"); +		targetList.put("LV", "Landesverteidigung"); +		targetList.put("RT", "Rundfunk und sonstige Medien sowie Telekommunikation"); +		targetList.put("SA", "Steuern und Abgaben"); +		targetList.put("SA", "Sport und Freizeit"); +		targetList.put("SO", "Sicherheit und Ordnung"); +		targetList.put("SO-VR", "Vereinsregister"); +		targetList.put("SR-RG", "Strafregister"); +		targetList.put("SV", "Sozialversicherung"); +		targetList.put("UW", "Umwelt"); +		targetList.put("VT", "Verkehr und Technik"); +		targetList.put("VV", "Vermögensverwaltung"); +		targetList.put("WT", "Wirtschaft"); +		targetList.put("ZP", "Personenidentität und Bürgerrechte(zur Person)"); +		targetList.put("BR", "Bereichsübergreifender Rechtsschutz"); +		targetList.put("HR", "Zentrales Rechnungswesen"); +		targetList.put("KI", "Auftraggeberinterne allgemeine Kanzleiindizes"); +		targetList.put("OI", "Öffentlichkeitsarbeit"); +		targetList.put("PV", "Personalverwaltung"); +		targetList.put("RD", "Zentraler Rechtsdienst"); +		targetList.put("VS", "Zentrale Durchführung von Verwaltungsstrafverfahren"); +		targetList.put("VS-RG", "Zentrales Verwaltungsstrafregister"); +		targetList.put("ZU", "Zustellungen"); +	} +	 +	public static List<String> getListOfTargets() { +		Map<String, String> list = new HashMap<String, String>(); +		list.put("", ""); +		list.putAll(targetList); +		 +		List<String> sortedList = new ArrayList<String>(); +		sortedList.addAll(list.keySet()); +		Collections.sort(sortedList); +		 +		return sortedList; +	 +	} +	 +	public static String getTargetFriendlyName(String target) { +		String name = targetList.get(target); +		 +		if (MiscUtil.isNotEmpty(name)) +			return name; +		else +			return null; +	} +	 +	public static boolean isValidTarget(String target) { +		return targetList.containsKey(target); +	} +	 +	 +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java index 276b0b4c8..88e1e6cf5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -16,44 +16,50 @@ public class UserDatabaseFormValidator {  	private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class); -	public List<String> validate(UserDatabaseFrom form, long userID) { +	public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, boolean isMandateUser) {  		List<String> errors = new ArrayList<String>(); -				 -		String check = form.getGivenName(); -		if (MiscUtil.isNotEmpty(check)) { -			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { -				log.warn("GivenName contains potentail XSS characters: " + check); -				errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",  -						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); -			} -		} else { -			log.warn("GivenName is empty"); -			errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty"));			 -		} +		String check = null; -		check = form.getFamilyName(); -		if (MiscUtil.isNotEmpty(check)) { -			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { -				log.warn("FamilyName contains potentail XSS characters: " + check); -				errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",  -						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +		if (!isPVP2Generated) {  +			check = form.getGivenName(); +			if (MiscUtil.isNotEmpty(check)) { +				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +					log.warn("GivenName contains potentail XSS characters: " + check); +					errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",  +							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +				} +			} else { +				log.warn("GivenName is empty"); +				errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty"));			 +			} +			 +			 +			check = form.getFamilyName(); +			if (MiscUtil.isNotEmpty(check)) { +				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +					log.warn("FamilyName contains potentail XSS characters: " + check); +					errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",  +							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +				} +			} else { +				log.warn("FamilyName is empty"); +				errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty"));			  			} -		} else { -			log.warn("FamilyName is empty"); -			errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty"));			  		} - -		check = form.getInstitut(); -		if (MiscUtil.isNotEmpty(check)) { -			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { -				log.warn("Organisation contains potentail XSS characters: " + check); -				errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",  -						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +		 +		if (!isMandateUser) { +			check = form.getInstitut(); +			if (MiscUtil.isNotEmpty(check)) { +				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +					log.warn("Organisation contains potentail XSS characters: " + check); +					errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",  +							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +				} +			} else { +				log.warn("Organisation is empty"); +				errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty"));			  			} -		} else { -			log.warn("Organisation is empty"); -			errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty"));			  		}  		check = form.getMail(); @@ -80,67 +86,67 @@ public class UserDatabaseFormValidator {  			errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty"));			  		} -		check = form.getUsername(); -		if (MiscUtil.isNotEmpty(check)) { -			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { -				log.warn("Username contains potentail XSS characters: " + check); -				errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",  -						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); -				 -			} else { -				UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check); -				if (dbuser != null && userID != dbuser.getHjid()) { -					log.warn("Username " + check + " exists in UserDatabase"); -					errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate")); -					form.setUsername(""); -				}	 -			} -		} else { -			if (userID == -1) { -				log.warn("Username is empty"); -				errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); +		if (form.isIsusernamepasswordallowed()) { +			check = form.getUsername(); +			if (MiscUtil.isNotEmpty(check)) { +				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +					log.warn("Username contains potentail XSS characters: " + check); +					errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",  +							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +					 +				} else { +					UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check); +					if (dbuser != null && userID != dbuser.getHjid()) { +						log.warn("Username " + check + " exists in UserDatabase"); +						errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate")); +						form.setUsername(""); +					}	 +				}  			} else { -				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); -				if (dbuser == null) { +				if (userID == -1) {  					log.warn("Username is empty");  					errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty"));  				} else { -					form.setUsername(dbuser.getUsername()); +					UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); +					if (dbuser == null) { +						log.warn("Username is empty"); +						errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); +					} else { +						form.setUsername(dbuser.getUsername()); +					}  				}  			} -		} -		 -		check = form.getPassword(); -		if (MiscUtil.isEmpty(check)) { -			if (userID == -1) { -				log.warn("Password is empty"); -				errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); -			} else { -				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); -				if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { +			check = form.getPassword(); +				 +			if (MiscUtil.isEmpty(check)) { +				if (userID == -1) {  					log.warn("Password is empty");  					errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); -				} -			} -			 -		} else { -			 -			if (check.equals(form.getPassword_second())) { -			 -				String key = AuthenticationHelper.generateKeyFormPassword(check); -				if (key == null) { -					errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid")); +				} else { +					UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); +					if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { +						log.warn("Password is empty"); +						errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); +					}  				} -			} -			else { -				errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal")); +			} else { +				 +				if (check.equals(form.getPassword_second())) { +				 +					String key = AuthenticationHelper.generateKeyFormPassword(check); +					if (key == null) { +						errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid")); +					} +					 +				} +				else { +					errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal")); +				}  			}  		} -		 -		 -		 +				  		check = form.getBpk();  		if (MiscUtil.isNotEmpty(check)) {  			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java index aeac75e44..eadf15f84 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java @@ -1,18 +1,122 @@  package at.gv.egovernment.moa.id.configuration.validation; +import iaik.asn1.ObjectID; +import iaik.utils.Util; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; + +import java.io.IOException;  import java.net.MalformedURLException; +import java.net.Socket;  import java.net.URL; +import java.net.UnknownHostException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException;  import java.text.ParseException;  import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.List;  import java.util.regex.Matcher;  import java.util.regex.Pattern; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +  import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.util.Constants; +  public class ValidationHelper {  	private static final Logger log = Logger.getLogger(ValidationHelper.class); +	public static boolean isPublicServiceAllowed(String identifier) { +		 +		SSLSocket socket = null; +		 +		try { +			URL url = new URL(identifier); +			String host = url.getHost(); +			 +			if (host.endsWith("/")) +				host = host.substring(0, host.length()-1); +			 +			if (url.getHost().endsWith(at.gv.egovernment.moa.id.configuration.Constants.PUBLICSERVICE_URL_POSTFIX)) { +				log.debug("PublicURLPrefix with .gv.at Domain found."); +				return true; +				 +			} else { +				SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();			 +				socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort()); +				socket.startHandshake(); +				 +				SSLSession session = socket.getSession(); +				Certificate[] servercerts = session.getPeerCertificates(); +				X509Certificate[] iaikChain = new X509Certificate[servercerts.length]; +				for (int i=0; i<servercerts.length; i++) { +					iaikChain[i] = new X509Certificate(servercerts[i].getEncoded()); +				} +				 +				 +				X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0]; +				 +				if (cert != null) { +					ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft +					ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft +					 +					 +					if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) { +						return false; +						 +					} else { +						log.info("Found correct X509 Extension in server certificate. PublicService is allowed"); +						return true; +					}		 +				} +				 +				return false; +			} +				 +		} catch (MalformedURLException e) { +			log.warn("PublicURLPrefix can not parsed to URL", e); +			return false; +			 +		} catch (UnknownHostException e) { +			log.warn("Can not connect to PublicURLPrefix Server", e); +			return false; +			 +		} catch (IOException e) { +			log.warn("Can not connect to PublicURLPrefix Server", e); +			return false; +			 +		} catch (CertificateEncodingException e) { +			log.warn("Can not parse X509 server certificate", e); +			return false; +			 +		} catch (CertificateException e) { +			log.warn("Can not read X509 server certificate", e); +			return false; +			 +		} catch (X509ExtensionInitException e) { +			log.warn("Can not read X509 server certificate extension", e); +			return false; +		} +		 +		finally { +			if (socket != null) +				try { +					socket.close(); +				} catch (IOException e) { +					log.warn("SSL Socket can not be closed.", e); +				} +		} +	} +	  	public static boolean validateOAID(String oaIDObj) {  		if (oaIDObj != null) {  			try { @@ -62,7 +166,7 @@ public class ValidationHelper {  		return false;  	} -	public static boolean isValidTarget(String target) { +	public static boolean isValidAdminTarget(String target) {  	   log.debug("Ueberpruefe Parameter Target"); @@ -76,10 +180,24 @@ public class ValidationHelper {         else {      	   log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");      	  return false;   -       } -	             +       }             	} +	public static boolean isValidTarget(String target) { +		    +		   log.debug("Ueberpruefe Parameter Target"); +		             +	       if (TargetValidator.isValidTarget(target)) { +	    	   log.debug("Parameter Target erfolgreich ueberprueft"); +	    	  return true; +	       } +	       else { +	    	   log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); +	    	  return false;   +	       } +		             +		} +	  	public static boolean isValidSourceID(String sourceID) {  	   log.debug("Ueberpruefe Parameter sourceID"); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index f51095cac..5fc5189d9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -292,7 +292,7 @@ public class MOAConfigValidator {  			errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty"));  		} else { -			if (!ValidationHelper.isValidTarget(check)) { +			if (!ValidationHelper.isValidAdminTarget(check)) {  				log.info("Not valid SSO Target");  				errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid"));  			} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java index fa992674e..99371a0e7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java @@ -7,7 +7,10 @@ import java.util.Map;  import org.apache.log4j.Logger;  import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;  import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;  import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;  import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator;  import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; @@ -20,51 +23,56 @@ public class OAGeneralConfigValidation {  	public List<String> validate(OAGeneralConfig form, boolean isAdmin) {  		List<String> errors = new ArrayList<String>(); +		String check; -		//validate aditionalAuthBlockText -		String check = form.getAditionalAuthBlockText(); -		if (MiscUtil.isNotEmpty(check)) { -			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { -				log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); -				errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",  -						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +		if (isAdmin) { +			//validate aditionalAuthBlockText +			check = form.getAditionalAuthBlockText(); +			if (MiscUtil.isNotEmpty(check)) { +				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +					log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); +					errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",  +							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +				}  			}  		}  		//Check BKU URLs -		check =form.getBkuHandyURL(); -		if (MiscUtil.isEmpty(check)) { -			log.info("Empty Handy-BKU URL"); -			errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); -			 -		} else { -			if (!ValidationHelper.validateURL(check)) { -				log.info("Not valid Handy-BKU URL"); -				errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid")); +		if (isAdmin) { +			check =form.getBkuHandyURL(); +			if (MiscUtil.isEmpty(check)) { +				log.info("Empty Handy-BKU URL"); +				errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); +				 +			} else { +				if (!ValidationHelper.validateURL(check)) { +					log.info("Not valid Handy-BKU URL"); +					errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid")); +				}  			} -		} -		 -		check =form.getBkuLocalURL(); -		if (MiscUtil.isEmpty(check)) { -			log.info("Empty Local-BKU URL"); -			errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); -		} else { -			if (!ValidationHelper.validateURL(check)) { -				log.info("Not valid Online-BKU URL"); -				errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid")); +			check =form.getBkuLocalURL(); +			if (MiscUtil.isEmpty(check)) { +				log.info("Empty Local-BKU URL"); +				errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); +				 +			} else { +				if (!ValidationHelper.validateURL(check)) { +					log.info("Not valid Online-BKU URL"); +					errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid")); +				}  			} -		} -		 -		check =form.getBkuOnlineURL(); -		if (MiscUtil.isEmpty(check)) { -			log.info("Empty Online-BKU URL"); -			errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); -		} else { -			if (!ValidationHelper.validateURL(check)) { -				log.info("Not valid Online-BKU URL"); -				errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid")); +			check =form.getBkuOnlineURL(); +			if (MiscUtil.isEmpty(check)) { +				log.info("Empty Online-BKU URL"); +				errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); +				 +			} else { +				if (!ValidationHelper.validateURL(check)) { +					log.info("Not valid Online-BKU URL"); +					errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid")); +				}  			}  		} @@ -78,47 +86,49 @@ public class OAGeneralConfigValidation {  			}  		} -		//check KeyBoxIdentifier -		check = form.getKeyBoxIdentifier(); -		if (MiscUtil.isEmpty(check)) { -			log.info("Empty KeyBoxIdentifier"); -			errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty")); -		} else { -			Map<String, String> list = form.getKeyBoxIdentifierList(); -			if (!list.containsKey(check)) { -				log.info("Not valid KeyBoxIdentifier " + check); -				errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid")); -			} -		} -		 -		//check LegacyMode SLTemplates -		if (form.isLegacy()) { -			if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && -				MiscUtil.isEmpty(form.getSLTemplateURL2()) && -				MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { -					log.info("Empty OA-specific SecurityLayer Templates"); -					errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty")); -					 +		if (isAdmin) { +			//check KeyBoxIdentifier +			check = form.getKeyBoxIdentifier(); +			if (MiscUtil.isEmpty(check)) { +				log.info("Empty KeyBoxIdentifier"); +				errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty"));  			} else { -				check = form.getSLTemplateURL1(); -				if (MiscUtil.isNotEmpty(check) && -					!ValidationHelper.validateURL(check)	) { -						log.info("First OA-specific SecurityLayer Templates is not valid"); -						errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid")); -				} -				check = form.getSLTemplateURL2(); -				if (MiscUtil.isNotEmpty(check) && -					!ValidationHelper.validateURL(check)	) { -						log.info("Second OA-specific SecurityLayer Templates is not valid"); -						errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid")); -				} -				check = form.getSLTemplateURL3(); -				if (MiscUtil.isNotEmpty(check) && -					!ValidationHelper.validateURL(check)	) { -						log.info("Third OA-specific SecurityLayer Templates is not valid"); -						errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid")); +				Map<String, String> list = form.getKeyBoxIdentifierList(); +				if (!list.containsKey(check)) { +					log.info("Not valid KeyBoxIdentifier " + check); +					errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid"));  				} -			}	 +			} +			 +			//check LegacyMode SLTemplates +			if (form.isLegacy()) { +				if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && +					MiscUtil.isEmpty(form.getSLTemplateURL2()) && +					MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { +						log.info("Empty OA-specific SecurityLayer Templates"); +						errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty")); +						 +				} else { +					check = form.getSLTemplateURL1(); +					if (MiscUtil.isNotEmpty(check) && +						!ValidationHelper.validateURL(check)	) { +							log.info("First OA-specific SecurityLayer Templates is not valid"); +							errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid")); +					} +					check = form.getSLTemplateURL2(); +					if (MiscUtil.isNotEmpty(check) && +						!ValidationHelper.validateURL(check)	) { +							log.info("Second OA-specific SecurityLayer Templates is not valid"); +							errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid")); +					} +					check = form.getSLTemplateURL3(); +					if (MiscUtil.isNotEmpty(check) && +						!ValidationHelper.validateURL(check)	) { +							log.info("Third OA-specific SecurityLayer Templates is not valid"); +							errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid")); +					} +				}	 +			}  		}  		//check Mandate Profiles @@ -130,23 +140,18 @@ public class OAGeneralConfigValidation {  						new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} ));  			}  		} -		 -		//check SL Version -		check = form.getSlVersion(); -		if (MiscUtil.isEmpty(check)) { -			log.info("Empty SLVersion. Set SLVersion to 1.2"); -			form.setSlVersion("1.2"); -			 -		} else { -			if (!ValidationHelper.validateNumber(check)) { -				log.info("Not valid SLVersion"); -				errors.add(LanguageHelper.getErrorString("validation.general.slversion")); -			} -		} -				 +						  		boolean businessservice = form.isBusinessService();  		if (businessservice) { +			 +			//check identification type +			check = form.getIdentificationType(); +			if (!form.getIdentificationTypeList().contains(check)) { +				log.info("IdentificationType is not known."); +				errors.add(LanguageHelper.getErrorString("validation.general.identificationtype.valid")); +			} +			  			//check identification number  			check = form.getIdentificationNumber();  			if (MiscUtil.isEmpty(check)) { @@ -160,49 +165,85 @@ public class OAGeneralConfigValidation {  							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));  				} -				if (check.startsWith("FN")) { +				if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) {  					CompanyNumberValidator val = new CompanyNumberValidator(); -					if (val.validate(check)) { +					if (!val.validate(check)) {  						log.info("Not valid CompanyNumber");  						errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid"));  					}  				}  			} -			 -			try { -				float slversion = Float.valueOf(form.getSlVersion()); -				if (slversion < 1.2) { -					log.info("BusinessService Applications requires SLVersion >= 1.2"); -					errors.add(LanguageHelper.getErrorString("validation.general.slversion.business")); -					form.setSlVersion("1.2"); -				} -				 -			} catch (NumberFormatException e) { -			} -			 +						  		} else { -			//check targetFrindlyName(); -			check = form.getTargetFriendlyName(); +			 +			check = form.getTarget_subsector();  			if (MiscUtil.isNotEmpty(check)) { -				if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { -					log.warn("TargetFriendlyName contains potentail XSS characters: " + check); -					errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",  -							new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +				if (!ValidationHelper.isValidAdminTarget(check)) { +					log.info("Not valid Target-Subsector"); +					errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid"));  				}  			} -			//check Target -			check = form.getTarget(); -			if (MiscUtil.isEmpty(check)) { -				log.info("Empty Target"); -				errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); +			 +			if (!isAdmin) { +				//check PublicURL Prefix allows PublicService +				if (!ValidationHelper.isPublicServiceAllowed(form.getIdentifier())) { +					log.warn("PublicURLPrefix does not allow PublicService: " + form.getIdentifier()); +					errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl",  +							new Object[] {form.getIdentifier()} )); +					form.setBusinessService(true); +					return errors; +					 +				} +				 +				//check Target +				check = form.getTarget(); +				if (MiscUtil.isEmpty(check)) { +					log.info("Empty Target"); +					errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); +					 +				} else { +					if (!ValidationHelper.isValidTarget(check)) { +						log.info("Not valid Target"); +						errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); +					} +				}  			} else { -				if (!ValidationHelper.isValidTarget(check)) { -					log.info("Not valid Target"); -					errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); +				 +				//check targetFrindlyName(); +				check = form.getTargetFriendlyName(); +				if (MiscUtil.isNotEmpty(check)) { +					if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +						log.warn("TargetFriendlyName contains potentail XSS characters: " + check); +						errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",  +								new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +					}  				} -			}	 + +				if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { +					log.info("Empty Target"); +					errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); +				} +				 +				//check Target +				check = form.getTarget(); +				if (MiscUtil.isNotEmpty(check)) { +					if (!ValidationHelper.isValidTarget(check)) { +						log.info("Not valid Target"); +						errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); +					} +				} +				 +				//check Admin Target +				check = form.getTarget_admin(); +				if (MiscUtil.isNotEmpty(check)) { +					if (!ValidationHelper.isValidAdminTarget(check)) { +						log.info("Not valid Target"); +						errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid")); +					} +				} +			}  		}  		return errors; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 4a1ef9261..e6ff0a166 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -1,15 +1,22 @@  package at.gv.egovernment.moa.id.configuration.validation.oa;  import java.io.IOException; +import java.net.URL;  import java.security.cert.CertificateException;  import java.util.ArrayList;  import java.util.List;  import org.apache.log4j.Logger; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.parse.BasicParserPool;  import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;  import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;  import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter; +import at.gv.egovernment.moa.util.FileUtils;  import at.gv.egovernment.moa.util.MiscUtil;  public class OAPVP2ConfigValidation { @@ -19,24 +26,59 @@ public class OAPVP2ConfigValidation {  	public List<String> validate(OAPVP2Config form) {  		List<String> errors = new ArrayList<String>(); -		 -		String url = form.getMetaDataURL(); -		if (MiscUtil.isNotEmpty(url) && !ValidationHelper.validateURL(url)) { -			log.info("MetaDataURL has no valid form."); -			errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid")); -		} -		  		try { +			byte[] metadata = null; +			byte[] cert = null; +			 +			String check = form.getMetaDataURL(); +			if (MiscUtil.isNotEmpty(check)) { +				if (!ValidationHelper.validateURL(check)) { +					log.info("MetaDataURL has no valid form."); +					errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid")); +				 +				} else { +					metadata = FileUtils.readURL(check); +					if (MiscUtil.isEmpty(metadata)) { +						log.info("Filecontent can not be read form MetaDataURL."); +						errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read")); +					} +				} +			} +		  			if (form.getFileUpload() != null) -				form.getCertificate(); +				cert  = form.getCertificate(); +			 +//			else { +//				if (metadata != null) { +//					log.info("No certificate to verify the Metadata defined."); +//					errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")); +//				} +//			} +			 +//			if (cert != null && metadata != null) { +//				HTTPMetadataProvider httpProvider = new HTTPMetadataProvider( +//						check, 20000); +//				httpProvider.setParserPool(new BasicParserPool()); +//				httpProvider.setRequireValidMetadata(true); +//				MetadataFilter filter = new MetadataSignatureFilter( +//						check, cert); +//				httpProvider.setMetadataFilter(filter); +//				httpProvider.initialize(); +//				 +//			} +			  		} catch (CertificateException e) {  			log.info("Uploaded Certificate can not be found", e);  			errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"));  		} catch (IOException e) { -			log.info("Uploaded Certificate can not be parsed", e); -			errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.format")); +			log.info("Metadata can not be loaded from URL", e); +			errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read")); +			 +//		} catch (MetadataProviderException e) { +//			log.info("MetaDate verification failed"); +//			errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify"));  		}  		return errors; | 
