diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-08-27 11:32:05 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-08-27 11:32:05 +0200 |
commit | bb1b12ac5b240629e16ea1c7a50891e99f4adc14 (patch) | |
tree | 5a77e4fd20a6c22f34be8d7546c01199fe343bb9 /id/ConfigWebTool/src | |
parent | ea10821a16993913222f12e1b919fe3d48c29b30 (diff) | |
download | moa-id-spss-bb1b12ac5b240629e16ea1c7a50891e99f4adc14.tar.gz moa-id-spss-bb1b12ac5b240629e16ea1c7a50891e99f4adc14.tar.bz2 moa-id-spss-bb1b12ac5b240629e16ea1c7a50891e99f4adc14.zip |
Use test- and productive TrustStore configurations in one IDP instance
- every service configuration could select its preferred TrustStore
Diffstat (limited to 'id/ConfigWebTool/src')
8 files changed, 162 insertions, 4 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index bcf99d246..83795567c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -81,6 +81,9 @@ public class GeneralMOAIDConfig { private List<String> authTransformList = null; private String moaspssIdlTrustProfile = null; + private String moaspssIdlTrustProfileTest = null; + private String moaspssAuthTrustProfileTest = null; + private String mandateURL = null; private boolean protocolActiveSAML1 = false; @@ -184,6 +187,7 @@ public class GeneralMOAIDConfig { VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock(); if (authblock != null) { moaspssAuthTrustProfile = authblock.getTrustProfileID(); + moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID(); List<String> list = authblock.getVerifyTransformsInfoProfileID(); if (list.size() == 1) @@ -197,6 +201,7 @@ public class GeneralMOAIDConfig { VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); if (idl != null) { moaspssIdlTrustProfile = idl.getTrustProfileID(); + moaspssIdlTrustProfileTest = idl.getTestTrustProfileID(); } } @@ -928,6 +933,34 @@ public class GeneralMOAIDConfig { public void setPublicURLPrefix(String publicURLPrefix) { this.publicURLPrefix = publicURLPrefix; } + + /** + * @return the moaspssIdlTrustProfileTest + */ + public String getMoaspssIdlTrustProfileTest() { + return moaspssIdlTrustProfileTest; + } + + /** + * @param moaspssIdlTrustProfileTest the moaspssIdlTrustProfileTest to set + */ + public void setMoaspssIdlTrustProfileTest(String moaspssIdlTrustProfileTest) { + this.moaspssIdlTrustProfileTest = moaspssIdlTrustProfileTest; + } + + /** + * @return the moaspssAuthTrustProfileTest + */ + public String getMoaspssAuthTrustProfileTest() { + return moaspssAuthTrustProfileTest; + } + + /** + * @param moaspssAuthTrustProfileTest the moaspssAuthTrustProfileTest to set + */ + public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) { + this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest; + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index 0c633f312..9b0172a24 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -70,7 +70,9 @@ public class OAAuthenticationData implements IOnlineApplicationData { private Map<String, byte[]> transformations; private boolean enableTestCredentials = false; - private List<String> testCredentialOIDs = null; + private List<String> testCredentialOIDs = null; + private boolean useTestIDLValidationTrustStore = false; + private boolean useTestAuthblockValidationTrustStore = false; /** * @@ -210,7 +212,9 @@ public class OAAuthenticationData implements IOnlineApplicationData { enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials(); testCredentialOIDs = new ArrayList<String>(); testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID()); - + + useTestAuthblockValidationTrustStore = oaauth.getTestCredentials().isUseTestAuthBlockTrustStore(); + useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore(); } return null; @@ -332,6 +336,17 @@ public class OAAuthenticationData implements IOnlineApplicationData { } + TestCredentials testing = authoa.getTestCredentials(); + if (testing == null) { + testing = new TestCredentials(); + authoa.setTestCredentials(testing); + + } + testing.setUseTestAuthBlockTrustStore(useTestAuthblockValidationTrustStore); + testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore); + + + return null; } @@ -614,5 +629,36 @@ public class OAAuthenticationData implements IOnlineApplicationData { this.testCredentialOIDs.add(oidList[i].trim()); } } + + /** + * @return the useTestIDLValidationTrustStore + */ + public boolean isUseTestIDLValidationTrustStore() { + return useTestIDLValidationTrustStore; + } + + /** + * @param useTestIDLValidationTrustStore the useTestIDLValidationTrustStore to set + */ + public void setUseTestIDLValidationTrustStore( + boolean useTestIDLValidationTrustStore) { + this.useTestIDLValidationTrustStore = useTestIDLValidationTrustStore; + } + + /** + * @return the useTestAuthblockValidationTrustStore + */ + public boolean isUseTestAuthblockValidationTrustStore() { + return useTestAuthblockValidationTrustStore; + } + + /** + * @param useTestAuthblockValidationTrustStore the useTestAuthblockValidationTrustStore to set + */ + public void setUseTestAuthblockValidationTrustStore( + boolean useTestAuthblockValidationTrustStore) { + this.useTestAuthblockValidationTrustStore = useTestAuthblockValidationTrustStore; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 13256a6a0..725a2eded 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -586,12 +586,15 @@ public class EditGeneralConfigAction extends BasicAction { dbmoasp.setVerifyIdentityLink(moaidl); } moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); + moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest()); + VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); if (moaauth == null) { moaauth = new VerifyAuthBlock(); dbmoasp.setVerifyAuthBlock(moaauth); } moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); + moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest()); if (moaauth.getVerifyTransformsInfoProfileID() != null && moaauth.getVerifyTransformsInfoProfileID().size() > 0) diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 73f5e098f..95502cedb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -207,6 +207,31 @@ public class MOAConfigValidator { } } + check = form.getMoaspssAuthTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request)); + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("Test-Authblock TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + } + + check = form.getMoaspssIdlTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request)); + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("Test-IdentityLink TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + } + + check = form.getMoaspssURL(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 9116d6ef8..5248690d6 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -138,8 +138,10 @@ webpages.moaconfig.timeout.assertion=Anmeldedaten [sec] webpages.moaconfig.timeout.MOASessionCreated=SSO Session authentifiziert [sec] webpages.moaconfig.timeout.MOASessionUpdated=SSO Session letzter Zugriff [sec] webpages.moaconfig.moasp.header=MOA-SP Konfiguration -webpages.moaconfig.moasp.idltrustprofile=Personenbindung Trustprofil +webpages.moaconfig.moasp.idltrustprofile=Personenbindung Trustprofil +webpages.moaconfig.moasp.idltrustprofile.test=Test-Personenbindung Trustprofil webpages.moaconfig.moasp.authtrustprofile=Authentfizierungsblock Trustprofil +webpages.moaconfig.moasp.authtrustprofile.test=Test-Authentfizierungsblock Trustprofil webpages.moaconfig.moasp.authblocktransform=Authentfizierungsblock Transformationen webpages.moaconfig.moasp.url=URL zum MOA-SP Service webpages.moaconfig.identitylinksigners=IdentityLinkSigners @@ -281,6 +283,9 @@ webpages.oaconfig.general.BKUSelection.header.applet.width=Appletbreite webpages.oaconfig.general.testing.header=Test Identit\u00E4ten webpages.oaconfig.general.testing.usetesting=Test Identit\u00E4ten erlauben webpages.oaconfig.general.testing.oids=OIDs f\u00FCr Test Identit\u00E4ten einschr\u00E4nken. +webpages.oaconfig.general.testing.idltruststore=Test-Persondenbindungs TrustStore verwenden +webpages.oaconfig.general.testing.authblocktruststore=Test-AuthBlockValidation TrustStore verwenden + webpages.oaconfig.sso.header=Single Sign-On webpages.oaconfig.sso.singlelogouturl=Single Log-Out URL @@ -378,7 +383,7 @@ validation.edituser.bpk.valid=Die BPK enth\u00E4lt nicht erlaubte Zeichen. Folge validation.general.SAML1SourceID=Die SAML1SourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.publicURLprefix.empty=Public URL Prefix Feld ist leer. -validation.general.publicURLprefix.valid=Public URL Prefix hat kein g\u00F6ltiges Format. +validation.general.publicURLprefix.valid=Public URL Prefix {0} hat kein g\u00F6ltiges Format. validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer. validation.general.certStoreDirectory.valid=Das CertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.Defaultchainigmode.empty=Es wurde kein DefaultChainingMode gew\u00E4hlt. @@ -392,6 +397,12 @@ validation.general.moasp.auth.trustprofile.empty=Das TrustProfile zur Pr\u00F6fu validation.general.moasp.auth.trustprofile.valid=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.moasp.idl.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung der Personenbindung ist leer. validation.general.moasp.idl.trustprofile.valid=Das TrustProfile zur Pr\u00F6fung der Personenbindung enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} + +validation.general.moasp.auth.trustprofile.test.empty=Das Test-TrustProfile zur Pr\u00F6fung des Authentfizierungsblock ist leer. +validation.general.moasp.auth.trustprofile.test.valid=Das Test-TrustProfile zur Pr\u00F6fung des Authentfizierungsblock enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.moasp.idl.trustprofile.test.empty=Das Test-TrustProfile zur Pr\u00F6fung der Personenbindung ist leer. +validation.general.moasp.idl.trustprofile.test.valid=Das Test-TrustProfile zur Pr\u00F6fung der Personenbindung enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} + validation.general.moaspss.url.valid=Die URL zum MOA-SP/SS Service hat kein g\u00F6ltiges Format. validation.general.protocol.pvp2.issuername.valid=PVP2\: Service Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.protocol.pvp2.org.displayname.valid=PVP2 Organisation\: Vollst\u00E4ndiger Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 38cc6341b..22453ed2b 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -139,6 +139,8 @@ webpages.moaconfig.timeout.MOASessionUpdated=SSO Session last access[sec] webpages.moaconfig.moasp.header=MOA-SP configuration webpages.moaconfig.moasp.idltrustprofile=Trustprofile for IdentityLink webpages.moaconfig.moasp.authtrustprofile=Trustprofile for authentication block +webpages.moaconfig.moasp.idltrustprofile.test=Test Trustprofile for IdentityLink +webpages.moaconfig.moasp.authtrustprofile.test=Test Trustprofile for authentication block webpages.moaconfig.moasp.authblocktransform=Transformations for authentication block webpages.moaconfig.moasp.url=URL for MOA-SP Service webpages.moaconfig.identitylinksigners=IdentityLinkSigners @@ -200,6 +202,8 @@ webpages.oaconfig.general.bku.sltemplate.third=SecurityLayer Template (WhiteList webpages.oaconfig.general.testing.header=Test Credentials webpages.oaconfig.general.testing.usetesting=Allow test credentials webpages.oaconfig.general.testing.oids=Use special test credential OIDs +webpages.oaconfig.general.testing.idltruststore=Use Test-IdentityLink TrustStore +webpages.oaconfig.general.testing.authblocktruststore=Use Test-AuthBlockValidation TrustStore webpages.oaconfig.revisionsLog.header=Revisions Logging webpages.oaconfig.revisionsLog.active=Activ @@ -391,6 +395,12 @@ validation.general.moasp.auth.trustprofile.empty=TrustProfile for checking of au validation.general.moasp.auth.trustprofile.valid=TrustProfile for checking of authentication block contains forbidden characters. The following characters are not allowed\: {0} validation.general.moasp.idl.trustprofile.empty=TrustProfile for checking of IdentityLink is blank. validation.general.moasp.idl.trustprofile.valid=TrustProfile for checking of IdentityLink contain forbidden characters. The following characters are not allowed\: {0} + +validation.general.moasp.auth.trustprofile.test.empty=Test-TrustProfile for checking of authentication block is blank. +validation.general.moasp.auth.trustprofile.test.valid=Test-TrustProfile for checking of authentication block contains forbidden characters. The following characters are not allowed\: {0} +validation.general.moasp.idl.trustprofile.test.empty=Test-TrustProfile for checking of IdentityLink is blank. +validation.general.moasp.idl.trustprofile.test.valid=Test-TrustProfile for checking of IdentityLink contain forbidden characters. The following characters are not allowed\: {0} + validation.general.moaspss.url.valid=URL for MOA-SP/SS service has invalid format. validation.general.protocol.pvp2.issuername.valid=PVP2\: service name contains forbidden characters. The following characters are not allowed\: {0} validation.general.protocol.pvp2.org.displayname.valid=PVP2 organization\: complete name contains forbidden characters. The following characters are not allowed\: {0} diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 03f8a6b50..e6f07f847 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -152,6 +152,13 @@ cssClass="textfield_long"> </s:textfield> + <s:textfield name="moaconfig.moaspssIdlTrustProfileTest" + value="%{moaconfig.moaspssIdlTrustProfileTest}" + labelposition="left" + key="webpages.moaconfig.moasp.idltrustprofile.test" + cssClass="textfield_long"> + </s:textfield> + <%-- <s:textarea name="moaconfig.identityLinkSigners" value="%{moaconfig.identityLinkSigners}" labelposition="left" @@ -166,6 +173,14 @@ cssClass="textfield_long"> </s:textfield> + <s:textfield name="moaconfig.moaspssAuthTrustProfileTest" + value="%{moaconfig.moaspssAuthTrustProfileTest}" + labelposition="left" + key="webpages.moaconfig.moasp.authtrustprofile.test" + cssClass="textfield_long"> + </s:textfield> + + <%-- <s:textarea name="moaconfig.moaspssAuthTransformations" value="%{moaconfig.moaspssAuthTransformations}" labelposition="left" diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp index 3dda0c0a4..f0b5c816a 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp @@ -84,6 +84,21 @@ key="webpages.oaconfig.general.testing.oids" cssClass="textfield_long"> </s:textfield> + + <s:checkbox key="webpages.oaconfig.general.testing.idltruststore" + labelposition="left" + cssClass="checkbox" + value="%{authOA.useTestIDLValidationTrustStore}" + name="authOA.useTestIDLValidationTrustStore"> + </s:checkbox> + + <s:checkbox key="webpages.oaconfig.general.testing.authblocktruststore" + labelposition="left" + cssClass="checkbox" + value="%{authOA.useTestAuthblockValidationTrustStore}" + name="authOA.useTestAuthblockValidationTrustStore"> + </s:checkbox> + </div> |