diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-07-17 09:18:28 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-07-17 09:18:28 +0200 |
| commit | 98dbb23fa5dcd9518beb56fd2410667b385b5524 (patch) | |
| tree | b95ad14a2401f553d72d6dc911814980689866b5 /id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl | |
| parent | d774a81910498c9ee1277c1611d57b07bf069fbd (diff) | |
| download | moa-id-spss-98dbb23fa5dcd9518beb56fd2410667b385b5524.tar.gz moa-id-spss-98dbb23fa5dcd9518beb56fd2410667b385b5524.tar.bz2 moa-id-spss-98dbb23fa5dcd9518beb56fd2410667b385b5524.zip | |
first beta version of new MOA-ID WebGUI module for configuration
Diffstat (limited to 'id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl')
17 files changed, 2637 insertions, 28 deletions
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java index e4646bc04..b8836b90c 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java @@ -94,7 +94,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) */ @Override - protected void tastValidate(Map<String, String> input) + protected void taskValidate(Map<String, String> input) throws ConfigurationTaskValidationException { List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); @@ -451,7 +451,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix())); - if (MiscUtil.isEmpty(check)) { + if (MiscUtil.isEmpty(check) || check.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { log.info("AuthBlock Transformation file is empty"); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, @@ -537,6 +537,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme //TODO: add AuthBlock transformation filename String authBlockTransformation = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix())); + String[] splittet = authBlockTransformation.split(","); if (splittet.length > 1) { newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java index 95f6c8349..35fed19a3 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java @@ -54,7 +54,7 @@ public class GeneralOpenIDConfigurationTask extends AbstractTaskValidator { * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) */ @Override - protected void tastValidate(Map<String, String> input) + protected void taskValidate(Map<String, String> input) throws ConfigurationTaskValidationException { } diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java index 46dce77a0..a593b5461 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java @@ -82,7 +82,7 @@ public class GeneralPVP2XConfigurationTask extends AbstractTaskValidator impleme * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) */ @Override - protected void tastValidate(Map<String, String> input) + protected void taskValidate(Map<String, String> input) throws ConfigurationTaskValidationException { List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java index a12c8f0cd..c6086583a 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java @@ -90,7 +90,7 @@ public static final List<String> KEYWHITELIST; * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) */ @Override - public void tastValidate(Map<String, String> input) + public void taskValidate(Map<String, String> input) throws ConfigurationTaskValidationException { List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); Map<String, String> validatedCPeps = new HashedMap<String, String>(); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java new file mode 100644 index 000000000..c39e857e4 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java @@ -0,0 +1,229 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesAuthenticationInformationTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationInformationTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Authentication Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + //Check BKU URLs + String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY, + "BKU - Handy", + LanguageHelper.getErrorString("validation.general.bku.handy.valid"))); + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL, + "BKU - Local", + LanguageHelper.getErrorString("validation.general.bku.local.valid"))); + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - Online", + LanguageHelper.getErrorString("validation.general.bku.online.valid"))); + } + + //check KeyBoxIdentifier + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER); + if (MiscUtil.isEmpty(check)) { + log.info("Empty KeyBoxIdentifier"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - KeyBoxIdentifier", + LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty"))); + + } else { + if (!MOAIDConfigurationConstants.ALLOWED_KEYBOXIDENTIFIER.contains(check)) { + log.info("Not valid KeyBoxIdentifier " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - KeyBoxIdentifier", + LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid"))); + } + } + + //check LegacyMode SLTemplates + String isLegacyModeActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY); + if (MiscUtil.isNotEmpty(isLegacyModeActive) && Boolean.parseBoolean(isLegacyModeActive)) { + if (MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)) && + MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)) && + MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)) ) { + log.info("Empty OA-specific SecurityLayer Templates"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY, + "BKU - SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplates.empty"))); + + } else { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("First OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE, + "BKU - 1. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate1.valid"))); + } + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("Second OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE, + "BKU - 2. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate2.valid"))); + } + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("Third OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE, + "BKU - 3. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate3.valid"))); + } + } + } + + //check Mandate Profiles + String checkUseMandate = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_USE); + if (MiscUtil.isNotEmpty(checkUseMandate) && Boolean.parseBoolean(checkUseMandate)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES); + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("MandateProfiles contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES, + "Mandates - Profiles", + LanguageHelper.getErrorString("validation.general.mandate.profiles", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + + } + + String isTestCredentialsActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED); + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs); + if (MiscUtil.isNotEmpty(isTestCredentialsActive) && + Boolean.parseBoolean(isTestCredentialsActive) && + MiscUtil.isNotEmpty(check)) { + String[] oids = check.split(","); + for (String el : oids) { + if (!el.startsWith(MOAIDConfigurationConstants.TESTCREDENTIALROOTOID)) { + log.warn("Test credential OID does not start with test credential root OID"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs, + "Test-Identities - allowed OIDs", + LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", + new Object[] {el}) )); + } + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java new file mode 100644 index 000000000..087334c4b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java @@ -0,0 +1,301 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationSTORKTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + Map<String, String> newConfigValues = new HashMap<String, String>(); + + //C-PEPS + try { + //search all actually configured C-PEPS + String[] cPepsKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY); + List<String> cPepsCountries = new ArrayList<String>(); + for (String el : cPepsKeys) { + String country = dbconfig.getStringValue(el); + if (MiscUtil.isNotEmpty(el)) + cPepsCountries.add(country); + + } + + //check SERVICE STORK countries against C-PEPS configuration + Map<String, String> GUICountries = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST); + Iterator<Entry<String, String>> GUICountriesInterator = GUICountries.entrySet().iterator(); + while (GUICountriesInterator.hasNext()) { + Entry<String, String> entry = GUICountriesInterator.next(); + if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE)) { + + if (cPepsCountries.contains(entry.getValue())) { + //Service contains C-PEPS + log.trace("Service contains C-PEPS with countryCode: " + entry.getValue()); + cPepsCountries.remove(entry.getValue()); + + } else { + //Service contains countryCode which is not a C-PEPS --> remove country code from service + log.debug("No C-PEPS with service countryCode: " + entry.getValue() + + " Remove countryCode from service."); + String index = KeyValueUtils.getParentKey(entry.getKey()); + if (MiscUtil.isNotEmpty(index)) { + keysToDelete.add( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + index + "*"); + + } else + log.warn("Can not remove countryCode from service. Suspect key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + entry.getKey()); + + } + } + } + + // add new C-PEPS to service + int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUICountries.keySet(), new String()); + for (String el : cPepsCountries) { + log.debug("Add new C-PEPS: " + el + " to service with key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE, + el); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED, + String.valueOf(true)); + nextFreeIndex++; + } + + + } catch (ConfigurationException e) { + log.error("Can not access configuration.", e); + + } + + + //STORK attributes + try { + //search all actually configured C-PEPS + String[] attributeKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME); + List<String> attributeNames = new ArrayList<String>(); + for (String el : attributeKeys) { + String country = dbconfig.getStringValue(el); + if (MiscUtil.isNotEmpty(el)) + attributeNames.add(country); + + } + + //check SERVICE STORK countries against C-PEPS configuration + Map<String, String> GUIAttributes = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST); + Iterator<Entry<String, String>> GUIAttributesInterator = GUIAttributes.entrySet().iterator(); + while (GUIAttributesInterator.hasNext()) { + Entry<String, String> entry = GUIAttributesInterator.next(); + if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME)) { + + if (attributeNames.contains(entry.getValue())) { + //Service contains C-PEPS + log.trace("Service contains STORK attribute with name: " + entry.getValue()); + attributeNames.remove(entry.getValue()); + + } else { + //Service contains countryCode which is not a C-PEPS --> remove country code from service + log.debug("No STORK attribute with service attributeName: " + entry.getValue() + + " Remove STORK attribte from service."); + String index = KeyValueUtils.getParentKey(entry.getKey()); + if (MiscUtil.isNotEmpty(index)) { + keysToDelete.add( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + index + "*"); + + } else + log.warn("Can not remove STORK attribute from service. Suspect key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + entry.getKey()); + + } + } + } + + // add new C-PEPS to service + int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUIAttributes.keySet(), new String()); + for (String el : attributeNames) { + log.debug("Add new STORK attribute: " + el + " to service with key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME, + el); + + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED, + String.valueOf(false)); + + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, + String.valueOf(false)); + + nextFreeIndex++; + } + + + } catch (ConfigurationException e) { + log.error("Can not access configuration.", e); + + } + + + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + // check qaa + String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL); + if (MiscUtil.isNotEmpty(qaaString)) { + try { + int qaa = Integer.parseInt(qaaString); + if(1 > qaa && 4 < qaa) { + log.warn("QAA is out of range : " + qaa); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + "STORK - minimal QAA level", + LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaa}))); + } + + } catch (NumberFormatException e) { + log.warn("QAA level is not a number: " + qaaString); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + "STORK - minimal QAA level", + LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaaString}))); + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List<String> getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java new file mode 100644 index 000000000..7ed9751cb --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java @@ -0,0 +1,403 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.apache.commons.codec.binary.Base64; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesBKUSelectionTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesBKUSelectionTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "auth.templates"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - BKU-Selection Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + + Map<String, String> newConfigValues = new HashMap<String, String>(); + + String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME); + if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, bkuSelectTemplateUploadedFileName); + + } + + String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME); + if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, sendAssertionTemplateUploadedFileName); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + + //validate aditionalAuthBlockText + String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT, + "AuthBlock - Addition AuthBlocktext", + LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } + + //validate BKU selection template + String bkuSelectTemplate = null; + String bkuSelectionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); + if (MiscUtil.isNotEmpty(bkuSelectionFileUpload) && + !bkuSelectionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) ) { + String bkuSelectTemplateFileName = "unknown"; + try { + String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME); + if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) { + if (ValidationHelper.containsPotentialCSSCharacter(bkuSelectTemplateUploadedFileName, false)) { + log.info("BKU Selection Filename is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME, + "Templates - BKU Selection Filename", + LanguageHelper.getErrorString("validation.general.bkuselection.filename.valid"))); + + } else + bkuSelectTemplateFileName = bkuSelectTemplateUploadedFileName; + + } else { + String bkuSelectTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW); + if (MiscUtil.isNotEmpty(bkuSelectTemplatePreView)) + bkuSelectTemplateFileName = bkuSelectTemplatePreView; + + } + + String[] bkuSelectTemplateSplitted = bkuSelectionFileUpload.split(","); + if (bkuSelectTemplateSplitted.length > 1) + bkuSelectTemplate = bkuSelectTemplateSplitted[1]; + else + bkuSelectTemplate = bkuSelectionFileUpload; + + if (!Base64.isBase64(bkuSelectTemplate)) { + log.info("BKU Selection Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, + "Templates - BKU Selection", + LanguageHelper.getErrorString("validation.general.bkuselection.file.valid", + new Object[] {bkuSelectTemplateFileName}))); + + } + + } catch (Exception e) { + log.info("BKU Selection Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, + "Templates - BKU Selection", + LanguageHelper.getErrorString("validation.general.bkuselection.file.valid", + new Object[] {bkuSelectTemplateFileName}))); + + } + + } + + //validate send-assertion template + String sendAssertionTemplate = null; + String sendAssertionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); + if (MiscUtil.isNotEmpty(sendAssertionFileUpload) && + !sendAssertionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + String sendAssertionTemplateFileName = "unknown"; + try { + String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME); + if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) { + if (ValidationHelper.containsPotentialCSSCharacter(sendAssertionTemplateUploadedFileName, false)) { + log.info("Send Assertion Filename is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME, + "Templates - Send Assertion Filename", + LanguageHelper.getErrorString("validation.general.sendassertion.filename.valid"))); + + } else + sendAssertionTemplateFileName = sendAssertionTemplateUploadedFileName; + + } else { + String sendAssertionTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_PREVIEW); + if (MiscUtil.isNotEmpty(sendAssertionTemplatePreView)) + sendAssertionTemplateFileName = sendAssertionTemplatePreView; + + } + + String[] sendAssertionTemplateSplitted = sendAssertionFileUpload.split(","); + if (sendAssertionTemplateSplitted.length > 1) + sendAssertionTemplate = sendAssertionTemplateSplitted[1]; + else + sendAssertionTemplate = sendAssertionFileUpload; + + if (!Base64.isBase64(sendAssertionTemplate)) { + log.info("Send Assertion Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, + "Templates - Send Assertion", + LanguageHelper.getErrorString("validation.general.sendassertion.file.valid", + new Object[] {sendAssertionTemplateFileName}))); + + } + + } catch (Exception e) { + log.info("Send Assertion Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, + "Templates - Send Assertion", + LanguageHelper.getErrorString("validation.general.sendassertion.file.valid", + new Object[] {sendAssertionTemplateFileName}))); + + } + + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR, + "Templates - Background Color", + LanguageHelper.getErrorString("validation.general.form.color.background"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR, + "Templates - Front Color", + LanguageHelper.getErrorString("validation.general.form.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR, + "Templates - Header Background-Color", + LanguageHelper.getErrorString("validation.general.form.header.color.back"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR, + "Templates - Header Front-Color", + LanguageHelper.getErrorString("validation.general.form.header.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("HeaderText contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT, + "Templates - Header Text", + LanguageHelper.getErrorString("validation.general.form.header.text", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR, + "Templates - Button Background-Color", + LanguageHelper.getErrorString("validation.general.form.button.color.back"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS, + "Templates - Button Background-Color on Focus", + LanguageHelper.getErrorString("validation.general.form.button.color.back.focus"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR, + "Templates - Button Front-Color", + LanguageHelper.getErrorString("validation.general.form.button.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!MOAIDConfigurationConstants.ALLOWED_REDIRECTTARGETNAMES.contains(check)) { + log.warn("AppletRedirectTarget has not valid value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET, + "Templates - Applet Redirect-Target", + LanguageHelper.getErrorString("validation.general.form.appletredirecttarget"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("FontType contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE, + "Templates - Font Type", + LanguageHelper.getErrorString("validation.general.form.fonttype", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet height "+ check + " is no valid number"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT, + "Templates - Applet Height", + LanguageHelper.getErrorString("validation.general.form.applet.height", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet width "+ check + " is no valid number"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH, + "Templates - Applet Width", + LanguageHelper.getErrorString("validation.general.form.applet.width", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java index f27cb9ce7..86d047c74 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java @@ -28,47 +28,50 @@ import java.util.List; import java.util.Map; import java.util.regex.Pattern; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ public class ServicesGeneralInformationTask extends AbstractTaskValidator implements ITaskValidator { - + private static final Logger log = LoggerFactory.getLogger(ServicesGeneralInformationTask.class); private static final List<String> KEYWHITELIST; + private static MOAIDConfiguration dbconfig; + static { - ArrayList<String> temp = new ArrayList<String>(); - temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_ENABLED, MOAIDConfigurationConstants.PREFIX_GENERAL)); - temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_LEGACY, MOAIDConfigurationConstants.PREFIX_GENERAL)); - + ArrayList<String> temp = new ArrayList<String>(); KEYWHITELIST = Collections.unmodifiableList(temp); } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) - */ - @Override - public void validate(Map<String, String> input) - throws ConfigurationTaskValidationException { - // TODO Auto-generated method stub + @Autowired + public void setDatabaseConfiguration(MOAIDConfiguration config) { + dbconfig = config; + } - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() */ @Override public String getKeyPrefix() { - // TODO Auto-generated method stub - return null; + return ""; } /* (non-Javadoc) @@ -76,8 +79,7 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem */ @Override public String getName() { - // TODO Auto-generated method stub - return null; + return "Service - General Configuration Task"; } /* (non-Javadoc) @@ -86,7 +88,6 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem @Override public Map<String, String> postProcessing(Map<String, String> input, List<String> keysToDelete, Configuration dbconfig) { - // TODO Auto-generated method stub return null; } @@ -94,10 +95,113 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) */ @Override - protected void tastValidate(Map<String, String> input) - throws ConfigurationTaskValidationException { - // TODO Auto-generated method stub + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + if (dbconfig == null) { + throw new ConfigurationTaskValidationException( + new ValidationObjectIdentifier("internal", "Internal Error", "Configuration is not readable!")); + + } + + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("OAFriendlyName contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, + "FriendlyName", + LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } else { + log.info("OA friendlyName is empty"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, + "FriendlyName", + LanguageHelper.getErrorString("validation.general.oafriendlyname.empty"))); + } + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + if (MiscUtil.isEmpty(isBusinessService)) { + log.info("OA businessservice flag is empty"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, + "BusinessService", + LanguageHelper.getErrorString("validation.general.businessservice.empty"))); + + } + + String servicePrefixId = input.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + if (MiscUtil.isNotEmpty(servicePrefixId)) { + String uniqueServiceID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (MiscUtil.isEmpty(uniqueServiceID)) { + log.info("Empty unique service identifier"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.empty"))); + + } else { + if (!ValidationHelper.validateURL(uniqueServiceID)) { + log.warn("Unique serice identifier is not a valid URL: " + uniqueServiceID); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.valid"))); + + } else { + //check uniqueness of service identifier + try { + String[] allServiceKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + +".%." + + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (allServiceKeys != null) { + List<String> foundKeys = new ArrayList<String>(); + for (String elKey : allServiceKeys) { + String elValue = dbconfig.getStringValue(elKey); + if (uniqueServiceID.startsWith(elValue) || + (elValue != null && elValue.startsWith(uniqueServiceID))) { + log.debug("Found service with key: " + elKey + + " and uniqueID: " + elValue + + " which maches to edited service with uniqueID:" + + uniqueServiceID); + foundKeys.add(elKey); + + } + + } + if ((foundKeys.size() > 1) || + ((foundKeys.size() == 1) && !foundKeys.get(0).startsWith(servicePrefixId) )) { + log.info("The service identifier is not unique"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.notunique"))); + + } + } + + } catch (ConfigurationException e) { + log.error("Configuration not readable!", e); + new ValidationObjectIdentifier("internal", "Internal Error", "Configuration is not readable!"); + + } + } + } + + } else { + throw new ConfigurationTaskValidationException( + new ValidationObjectIdentifier("internal", "Internal Error", "No MOA-ID service prefix! Can not check uniqueness of service configuration.")); + + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + } /* (non-Javadoc) diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java new file mode 100644 index 000000000..8c3475d8b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java @@ -0,0 +1,116 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesInterfederationIDPTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesInterfederationIDPTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "interfederation"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Interfederation IDP"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String queryURL = input.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL); + if (MiscUtil.isNotEmpty(queryURL)) { + if (!ValidationHelper.validateURL(queryURL)) { + log.info("AttributeQuery URL is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL, + "Attribute Querry URL", + LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid"))); + + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java new file mode 100644 index 000000000..2e9dd1c30 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java @@ -0,0 +1,121 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesPVPGatewayTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesPVPGatewayTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "interfederation"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - PVP Gateway Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String entityID = input.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER); + if (MiscUtil.isNotEmpty(entityID)) { + if (!ValidationHelper.validateURL(entityID)) { + log.info("PVP gateway EntityID is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER, + "EntityID of PVP Portal ", + LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid"))); + + } + + } else + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER, + "EntityID of PVP Portal ", + LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty"))); + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java new file mode 100644 index 000000000..e8cdbba90 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java @@ -0,0 +1,152 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.regex.Pattern; + +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolOpenIDTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolOpenIDTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + Map<String, String> newConfigValues = new HashMap<String, String>(); + + //TODO: check secret + String guiClientID = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID); + String guiClientSecret = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET); + + if (MiscUtil.isEmpty(guiClientSecret)) { + log.info("OpenID Connect client-secret is empty --> generate a new secrete."); + guiClientSecret = UUID.randomUUID().toString(); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET, + guiClientSecret); + + } + + if (MiscUtil.isEmpty(guiClientID)) { + log.info("OpenID Connect ClientID is empty --> Set ClientID to unique identifier."); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID, + input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER)); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String redirectURL = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL); + // validate redirectUri + if (StringUtils.isNotEmpty(redirectURL) && !ValidationHelper.validateURL(redirectURL)) { + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL, + "OpenID - Redirect URL", + LanguageHelper.getErrorString("error.oa.oauth.redirecturi"))); + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List<String> getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java new file mode 100644 index 000000000..6da1bc389 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java @@ -0,0 +1,336 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Timer; +import java.util.regex.Pattern; + +import javax.net.ssl.SSLHandshakeException; + +import org.apache.commons.httpclient.MOAHttpClient; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataFilterChain; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.MOAIDWebGUIConfiguration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.MetaDataVerificationFilter; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.SchemaValidationFilter; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolPVP2XTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + + Map<String, String> newConfigValues = new HashMap<String, String>(); + String certBase64 = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + String[] splittet = certBase64.split(","); + if (splittet.length > 1) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE, + splittet[1]); + log.debug("Extract PVP2X metadata validation certificate from GUI upload and add it to key: {}", MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + try { + byte[] certSerialized = null; + if (MiscUtil.isNotEmpty(certBase64)) { + certSerialized = Base64Utils.decode(certBase64, true); + X509Certificate cert = new X509Certificate(certSerialized); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE_SUBJECT, + cert.getSubjectDN().getName()); + + } + + } catch (IOException | CertificateException e) { + log.error("PVP2X metadata signing certificate is not parseable.", e); + + } + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + Timer timer = null; + MOAHttpClient httpClient = null; + HTTPMetadataProvider httpProvider = null; + + String certBase64 = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + try { + byte[] certSerialized = null; + if (MiscUtil.isNotEmpty(certBase64) && + !certBase64.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + String[] splittet = certBase64.split(","); + if (splittet.length > 1) + certSerialized = Base64Utils.decode(splittet[1], true); + else + certSerialized = Base64Utils.decode(certBase64, true); + } + + + String metadataURL = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); + if (MiscUtil.isNotEmpty(metadataURL)) { + + if (!ValidationHelper.validateURL(metadataURL)) { + log.info("MetaDataURL has no valid form."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata URL", + LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid"))); + + } else { + + if (certSerialized == null) { + log.info("No certificate for metadata validation"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE, + "PVP2x - Metadata Certificate", + LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"))); + + } else { + + X509Certificate cert = new X509Certificate(certSerialized); + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); + + timer = new Timer(); + httpClient = new MOAHttpClient(); + + if (metadataURL.startsWith("https:")) + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + MOAIDWebGUIConfiguration.getInstance().getCertStoreDirectory(), + MOAIDWebGUIConfiguration.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true); + + httpClient.setCustomSSLTrustStore( + metadataURL, + protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); + + } + + List<MetadataFilter> filterList = new ArrayList<MetadataFilter>(); + filterList.add(new MetaDataVerificationFilter(credential)); + + try { + filterList.add(new SchemaValidationFilter( + MOAIDWebGUIConfiguration.getInstance().isPVPMetadataSchemaValidationActive())); + + } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { + log.warn("Configuration access FAILED!", e); + + } + + MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + httpProvider = + new HTTPMetadataProvider(timer, httpClient, metadataURL); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMetadataFilter(filter); + httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes + httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + httpProvider.setRequireValidMetadata(true); + httpProvider.initialize(); + + if (httpProvider.getMetadata() == null) { + log.info("Metadata could be received but validation FAILED."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.validation"))); + } + } + } + } + + } catch (CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"))); + + } catch (IOException e) { + log.info("Metadata can not be loaded from URL", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadataurl.read"))); + + } catch (MetadataProviderException e) { + + try { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.ssl"))); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig"))); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema"))); + + } else { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general"))); + } + + } catch (Exception e1) { + log.info("MetaDate verification failed", e1); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general"))); + + } + + } finally { + if (httpProvider != null) + httpProvider.destroy(); + + if (timer != null) + timer.cancel(); + + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List<String> getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA, + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_IIDP + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java new file mode 100644 index 000000000..fe3a791e7 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java @@ -0,0 +1,114 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolSAML1Task extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolSAML1Task.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "protocols.saml1"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - SAML1 Protocol Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + String isProvideBaseID = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID); + + if (Boolean.parseBoolean(isBusinessService) && + MiscUtil.isNotEmpty(isProvideBaseID) && Boolean.parseBoolean(isProvideBaseID)) { + log.info("ProvideStammZahl can not be used with BusinessService applications"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID, + "Protocols - SAML1 BaseID", + LanguageHelper.getErrorString("validation.saml1.providestammzahl"))); + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java new file mode 100644 index 000000000..d4e80bed9 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java @@ -0,0 +1,273 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolSTORKTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolSTORKTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + Map<String, String> newConfigValues = new HashMap<String, String>(); + + try { + //search actually stored service configurations + List<String> storedServices = new ArrayList<String>(); + for (String prefix : getModulValidatorPrefix()) { + String[] storedService = dbconfig.findConfigurationId(prefix + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (storedService != null && storedService.length > 0) + storedServices.addAll(Arrays.asList(storedService)); + } + + String GUIServiceUniqueID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + String selectedServiceKey = null; + for (String serviceKey : storedServices) { + String storedUniqueId = dbconfig.getStringValue(serviceKey); + if (storedUniqueId.equals(GUIServiceUniqueID)) { + selectedServiceKey = KeyValueUtils.getPrefixFromKey(serviceKey, MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + log.debug("Find service with key: " + selectedServiceKey + " --> Start STORK attribute provider postProcessing."); + break; + } + + } + + //load actually stored attribute provider names for service + Map<String, String> storedAttributeProviders = new HashMap<String, String>(); + if (MiscUtil.isNotEmpty(selectedServiceKey)) { + String[] storedAttribteProviderNames = dbconfig.findConfigurationId( + selectedServiceKey + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + ".%." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME); + if (storedAttribteProviderNames != null) { + for (String el : storedAttribteProviderNames) { + String attrProviderName = dbconfig.getStringValue(el); + storedAttributeProviders.put(attrProviderName, el); + + } + } + } + + Map<String, String> storkAttrProviders = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); + Iterator<Entry<String, String>> interator = storkAttrProviders.entrySet().iterator(); + while (interator.hasNext()) { + Entry<String, String> current = interator.next(); + if (current.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME)) { + String guiAttrProviderName = current.getValue(); + if (storedAttributeProviders.containsKey(guiAttrProviderName)) { + log.trace("STORK attribute provider: " + guiAttrProviderName + + " is already stored"); + storedAttributeProviders.remove(guiAttrProviderName); + + } else { + log.trace("Add new STORK attribute provider: " + guiAttrProviderName + + " to service"); + + } + } + } + + if (!storedAttributeProviders.isEmpty()) { + log.trace("Remove STORK attribute providers from configuration."); + for (String el : storedAttributeProviders.values()) { + String removeString = KeyValueUtils.getPrefixFromKey(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME); + keysToDelete.add(removeString + "*"); + log.debug("Remove STORK attribute provider with key:" + removeString + "*"); + + } + + } + + } catch (ConfigurationException e) { + log.error("Configuration access FAILED.", e); + + } + + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + //check V-IDP specific Target configurations + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + if (!Boolean.parseBoolean(isBusinessService)) { + log.info("STORK V-IDP only allowed as business Service."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, + "BusinessService", + "STORK V-IDP only allowed as business Service.")); + } + + String identificationType = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + if (MiscUtil.isEmpty(identificationType) || + !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) { + log.info("STORK V-IDP only allowes identification numbers with STORK prefix."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, + "BusinessService - IdentificationType", + "STORK V-IDP only allowes identification numbers with STORK prefix")); + + } + + + Map<String, String> storkAttrProviders = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); + Iterator<Entry<String, String>> interator = storkAttrProviders.entrySet().iterator(); + while (interator.hasNext()) { + Entry<String, String> current = interator.next(); + if (current.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME)) { + log.trace("Validate STORK attribute provider with key: " + current.getKey() + " value: " + current.getValue()); + String index = KeyValueUtils.getParentKey(current.getKey()); + + //validate attribute provider name + String attrProviderName = current.getValue(); + if (MiscUtil.isEmpty(attrProviderName)) { + log.info("AttributeProviderPlugin Name is empty."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.name.empty"))); + + } else { + if (!MOAIDConfigurationConstants.ALLOWED_STORKATTRIBUTEPROVIDERS.contains(attrProviderName)) { + log.info("AttributeProviderPlugin Name is not supported."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.name.valid"))); + } + } + + String attrProviderURL = storkAttrProviders.get(index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL); + String attrProviderAttr = storkAttrProviders.get(index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES); + + if (MiscUtil.isEmpty(attrProviderURL) || !ValidationHelper.validateURL(attrProviderURL)) { + log.info("AttributeProviderPlugin URL has no valid form."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.url.valid"))); + } + + + if (MiscUtil.isEmpty(attrProviderAttr) || !attrProviderAttr.matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { + log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.attributes.valid"))); + } + + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List<String> getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_VIDP + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java new file mode 100644 index 000000000..bf2a38cd9 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java @@ -0,0 +1,101 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; + +/** + * @author tlenz + * + */ +public class ServicesSSOAuthenticationTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesSSOAuthenticationTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "auth.sso"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - SSO Authentication Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + //Actually, there is nothing to validate. + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java new file mode 100644 index 000000000..766032f1f --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java @@ -0,0 +1,221 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.CompanyNumberValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesTargetTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesTargetTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Target Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + String check; + if (Boolean.parseBoolean(isBusinessService)) { + + //check identification type + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + if (!MOAIDConfigurationConstants.BUSINESSSERVICENAMES.keySet().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, + "BusinessService - Type", + LanguageHelper.getErrorString("validation.general.stork.sptarget"))); + } + + //check identification number + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE); + if (MiscUtil.isEmpty(check)) { + log.info("Empty IdentificationNumber"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.empty"))); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + + if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) + .equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN)) { + CompanyNumberValidator val = new CompanyNumberValidator(); + if (!val.validate(check)) { + log.info("Not valid CompanyNumber"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid"))); + } + } + } + + } else { + + //check own target + String useOwnTarget = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN); + if (MiscUtil.isNotEmpty(useOwnTarget) && Boolean.parseBoolean(useOwnTarget)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME, + "Own Target - FriendlyName", + LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + } + + //check Own Target + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET, + "Own Target - Target", + LanguageHelper.getErrorString("validation.general.target.admin.valid"))); + } + } + + } else { + + //check PublicURL Prefix allows PublicService + String uniqueID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (!ValidationHelper.isPublicServiceAllowed(input.get(uniqueID))) { + log.warn("PublicURLPrefix does not allow PublicService: " + uniqueID); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET, + "PublicService - Target", + LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] {uniqueID}) )); + + } + + //check Target + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET, + "PublicService - Target", + LanguageHelper.getErrorString("validation.general.target.valid"))); + } + } + + String isSubTargetUsed = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB); + if (MiscUtil.isNotEmpty(isSubTargetUsed) && Boolean.parseBoolean(isSubTargetUsed)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB); + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB, + "PublicService - Target SubSector", + LanguageHelper.getErrorString("validation.general.target.subsector.valid"))); + + } + } + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java new file mode 100644 index 000000000..96088b6eb --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java @@ -0,0 +1,137 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesbPKDecryptionTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesbPKDecryptionTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - bPK-Decryption Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + + //TODO: + + +// String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); +// if (MiscUtil.isNotEmpty(check)) { +// if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +// log.warn("OAFriendlyName contains potentail XSS characters: " + check); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, +// "FriendlyName", +// LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", +// new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); +// } +// } else { +// log.info("OA friendlyName is empty"); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, +// "FriendlyName", +// LanguageHelper.getErrorString("validation.general.oafriendlyname.empty"))); +// } +// +// String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); +// if (MiscUtil.isEmpty(isBusinessService)) { +// log.info("OA businessservice flag is empty"); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, +// "BusinessService", +// LanguageHelper.getErrorString("validation.general.businessservice.empty"))); +// +// } + + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} |