aboutsummaryrefslogtreecommitdiff
path: root/id/moa-id-webgui/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2015-07-17 09:18:28 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2015-07-17 09:18:28 +0200
commit98dbb23fa5dcd9518beb56fd2410667b385b5524 (patch)
treeb95ad14a2401f553d72d6dc911814980689866b5 /id/moa-id-webgui/src/main/java/at/gv/egovernment
parentd774a81910498c9ee1277c1611d57b07bf069fbd (diff)
downloadmoa-id-spss-98dbb23fa5dcd9518beb56fd2410667b385b5524.tar.gz
moa-id-spss-98dbb23fa5dcd9518beb56fd2410667b385b5524.tar.bz2
moa-id-spss-98dbb23fa5dcd9518beb56fd2410667b385b5524.zip
first beta version of new MOA-ID WebGUI module for configuration
Diffstat (limited to 'id/moa-id-webgui/src/main/java/at/gv/egovernment')
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java48
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java29
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java160
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java48
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java43
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java58
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java17
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java19
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java7
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java30
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java20
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java4
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java5
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java2
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java2
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java2
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java229
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java301
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java403
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java150
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java116
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java121
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java152
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java336
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java114
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java273
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java101
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java221
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java137
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java122
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java98
31 files changed, 3278 insertions, 90 deletions
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java
index 72e2321e9..0ec230324 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java
@@ -45,6 +45,9 @@ import at.gv.egiz.components.configuration.meta.api.MetadataConfiguration;
import at.gv.egiz.components.configuration.meta.api.SchemaEntry;
import at.gv.egiz.components.configuration.meta.api.impl.BaseMetadataConfiguration;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException;
import at.gv.egovernment.moa.id.config.webgui.validation.MOAIDConfigurationValidator;
@@ -57,7 +60,7 @@ public class MOAIDConfigurationModul implements ConfigurationModul{
private static final String MODULE_NAME = "MOAIDConfigurationModul";
- private static Configuration config;
+ private static MOAIDConfiguration config;
private static Configuration meta;
private static MetadataConfiguration metadata = null;
@@ -76,23 +79,29 @@ public class MOAIDConfigurationModul implements ConfigurationModul{
}
@Autowired
- public void setDatabaseConfiguration(Configuration dbconfig) {
+ public void setDatabaseConfiguration(MOAIDConfiguration dbconfig) {
config = dbconfig;
}
/**
+ * @throws Exception
*
*/
- public MOAIDConfigurationModul() {
- loadType("general", "/gui/types/general.json");
-
-// loadType("oa", "/gui/types/oa.json");
-
- //TODO: load correct types
-// loadType("vidp", "/gui/types/oa.json");
-// loadType("iidp", "/gui/types/oa.json");
-// loadType("gateway", "/gui/types/oa.json");
+ public MOAIDConfigurationModul() throws Exception {
+ loadType("general", "/gui/types/general.json");
+ loadType("moaidoa", "/gui/types/oa.json");
+ loadType("moaidvidp", "/gui/types/vidp.json");
+ loadType("moaidiidp", "/gui/types/iidp.json");
+ loadType("moaidgateway", "/gui/types/gateway.json");
+ try {
+ MOAIDWebGUIConfiguration.getInstance();
+
+ } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) {
+ logger.error("MOA-ID WebGUI initialization FAILED! (Reason: {})", e.getMessage());
+ throw new Exception(e);
+
+ }
}
@@ -146,8 +155,19 @@ public class MOAIDConfigurationModul implements ConfigurationModul{
@Override
public String buildArrayIdentifier(String arrayId, int refCounter,
Map<String, String> properties) throws ConfigurationException {
- // TODO Auto-generated method stub
- return null;
+ logger.trace("Search next free list index for key: " + arrayId);
+
+ if (arrayId.startsWith(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) {
+ String[] allListKeys = config.findConfigurationId(arrayId + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
+ int freeIndex = KeyValueUtils.findNextFreeListCounter(allListKeys, arrayId) + refCounter;
+ logger.debug("Found free listIndex: " + freeIndex + " for serviceKey: " + arrayId);
+ return String.valueOf(freeIndex);
+
+ } else {
+ logger.warn("Actually, only services are from type array and need an index.");
+ throw new ConfigurationException("Actually, only services are from type array and need an index.");
+
+ }
}
/* (non-Javadoc)
@@ -203,7 +223,7 @@ public class MOAIDConfigurationModul implements ConfigurationModul{
Iterator<String> deleteInterator = deleted.iterator();
while (deleteInterator.hasNext()) {
String el = deleteInterator.next();
- try {
+ try {
config.deleteIds(el);
logger.trace("Delete key {}", el);
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java
index 61e1a1192..f9f8d1d2d 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java
@@ -22,10 +22,14 @@
*/
package at.gv.egovernment.moa.id.config.webgui;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import at.gv.egiz.components.spring.api.SpringResourceProvider;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolPVP2XTask;
/**
* @author tlenz
@@ -33,16 +37,33 @@ import at.gv.egiz.components.spring.api.SpringResourceProvider;
*/
public class MOAIDSpringResourceProvider implements SpringResourceProvider {
- private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig";
+ private static final Logger log = LoggerFactory.getLogger(MOAIDSpringResourceProvider.class);
/* (non-Javadoc)
* @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
*/
@Override
- public Resource[] getResourcesToLoad() {
- ClassPathResource webguicontextconfig = new ClassPathResource("/moaid.webgui.beans.xml", MOAIDSpringResourceProvider.class);
+ public Resource[] getResourcesToLoad() {
+// try {
+ //TODO: is not a nice solution -> fix in futher version
+ //MOAIDWebGUIConfiguration moaIdWebguiConfig = MOAIDWebGUIConfiguration.getInstance();
+ //JPAPropertiesWithJavaConfig.setLocalProperties(moaIdWebguiConfig.getDatabaseProperties());
+
ClassPathResource databasecontextconfig = new ClassPathResource("/configuration.beans.xml", MOAIDSpringResourceProvider.class);
- return new Resource[] {webguicontextconfig, databasecontextconfig};
+ ClassPathResource webguicontextconfig = new ClassPathResource("/moaid.webgui.beans.xml", MOAIDSpringResourceProvider.class);
+ ClassPathResource webguidatabasecontextconfig = new ClassPathResource("/moaid.migration.beans.xml", MOAIDSpringResourceProvider.class);
+
+
+
+ return new Resource[] {databasecontextconfig, webguidatabasecontextconfig, webguicontextconfig};
+
+// } catch (ConfigurationException e) {
+// log.error("Can not load MOA-ID WebGUI configuration.", e);
+// return null;
+//
+// }
+
+
}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
new file mode 100644
index 000000000..0a3a9eef8
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
@@ -0,0 +1,160 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Properties;
+
+import org.opensaml.DefaultBootstrap;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service
+public class MOAIDWebGUIConfiguration {
+
+ private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig";
+
+ private static final Logger log = LoggerFactory.getLogger(MOAIDWebGUIConfiguration.class);
+
+
+
+ private Properties props;
+ private String configFileName;
+ private String configRootDir;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.commons.config.persistence.LocalConfigurationBean#getLocalDatabaseProperties()
+ */
+
+ private static MOAIDWebGUIConfiguration instance = null;
+
+ public static MOAIDWebGUIConfiguration getInstance() throws ConfigurationException {
+ if (instance == null) {
+ instance = new MOAIDWebGUIConfiguration();
+
+ }
+ return instance;
+ }
+
+
+ MOAIDWebGUIConfiguration() throws ConfigurationException {
+ configFileName = System.getProperty(SYSTEM_PROP_CONFIG);
+
+ if (configFileName == null) {
+ throw new ConfigurationException("config.05");
+ }
+ try {
+ URI fileURI = new URI(configFileName);
+
+ // determine the directory of the root config file
+ configRootDir = new File(fileURI).getParent();
+
+ log.info("Loading MOA-ID WebGUI configuration from file " + fileURI);
+
+ //Load MOAID-2.0 properties file
+
+ File propertiesFile = new File(fileURI);
+ FileInputStream fis;
+ props = new Properties();
+
+ fis = new FileInputStream(propertiesFile);
+ props.load(fis);
+
+ fis.close();
+
+ log.debug("OpenSAML initialization started ...");
+ DefaultBootstrap.bootstrap();
+ log.info("OpenSAML initialization complete.");
+
+ log.info("Pre-Initialization step of MOA-ID WebGUI module finished ... ");
+
+
+ } catch (FileNotFoundException e) {
+ throw new ConfigurationException("config.01", new Object[]{configFileName}, e);
+
+ } catch (IOException e) {
+ throw new ConfigurationException("config.02", new Object[]{configFileName}, e);
+
+ } catch (org.opensaml.xml.ConfigurationException e) {
+ throw new ConfigurationException("config.04", e);
+
+ } catch (URISyntaxException e) {
+ throw new ConfigurationException("config.06", new Object[]{MOAIDConfigurationConstants.FILE_URI_PREFIX, configFileName}, e);
+
+ }
+ }
+
+// @Override
+// protected Properties getLocalDatabaseProperties() {
+// return this.props;
+// }
+
+ public String getConfigFile() {
+ return configFileName;
+ }
+
+ public String getConfigRootDir() {
+ return configRootDir;
+ }
+
+ public String getCertStoreDirectory() throws ConfigurationException {
+ String dir = props.getProperty("general.ssl.certstore");
+ if (MiscUtil.isNotEmpty(dir))
+ return FileUtils.makeAbsoluteURL(dir, configRootDir);
+
+ else
+ throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore.");
+
+ }
+
+ public String getTrustStoreDirectory() throws ConfigurationException {
+ String dir = props.getProperty("general.ssl.truststore");
+ if (MiscUtil.isNotEmpty(dir))
+ return FileUtils.makeAbsoluteURL(dir, configRootDir);
+
+ else
+ throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore.");
+
+ }
+
+ public boolean isPVPMetadataSchemaValidationActive() {
+ return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true"));
+
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java
new file mode 100644
index 000000000..2f2decab9
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java
@@ -0,0 +1,48 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.config.webgui.exception;
+
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+
+
+public class ConfigurationException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public ConfigurationException(String errorname) {
+ super(LanguageHelper.getErrorString(errorname, null));
+ }
+
+ public ConfigurationException(String errorname, Throwable e) {
+ super(LanguageHelper.getErrorString(errorname, null), e);
+ }
+
+ public ConfigurationException(String errorname, Object[] params, Throwable e) {
+ super(LanguageHelper.getErrorString(errorname, params), e);
+ }
+
+ public ConfigurationException(Throwable e) {
+ super(e);
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java
new file mode 100644
index 000000000..3c0827a62
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.exception;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SchemaValidationException extends FilterException {
+
+ /**
+ * @param string
+ */
+ public SchemaValidationException(String string) {
+ super(string);
+
+ }
+
+ private static final long serialVersionUID = 1L;
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java
new file mode 100644
index 000000000..7c4c48e6b
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.exception;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SignatureValidationException extends FilterException {
+
+ /**
+ * @param string
+ */
+ public SignatureValidationException(String string) {
+ super(string);
+
+ }
+
+ /**
+ * @param e
+ */
+ public SignatureValidationException(Exception e) {
+ super(e);
+ }
+
+ /**
+ * @param string
+ * @param object
+ */
+ public SignatureValidationException(String string, Exception e) {
+ super(string, e);
+ }
+
+ private static final long serialVersionUID = 1L;
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java
index a1cafe702..5fc5b86d2 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java
@@ -36,6 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egiz.components.configuration.api.Configuration;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException;
@@ -48,7 +49,7 @@ import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTa
*/
public class MOAIDConfigurationValidator {
private static final Logger logger = LoggerFactory.getLogger(MOAIDConfigurationValidator.class);
- private static Configuration dbconfig;
+ private static MOAIDConfiguration dbconfig;
private static ServiceLoader<IModuleValidator> moduleLoader =
ServiceLoader.load(IModuleValidator.class);
@@ -61,7 +62,7 @@ public class MOAIDConfigurationValidator {
private boolean isDataValidated = false;
@Autowired
- public void setDatabaseConfiguration(Configuration config) {
+ public void setDatabaseConfiguration(MOAIDConfiguration config) {
dbconfig = config;
}
@@ -81,7 +82,7 @@ public class MOAIDConfigurationValidator {
}
- //load tasks
+ //load dynamic tasks
Iterator<IDynamicLoadableTaskValidator> taskLoaderInterator = taskLoader.iterator();
while (taskLoaderInterator.hasNext()) {
IDynamicLoadableTaskValidator task = taskLoaderInterator.next();
@@ -151,8 +152,13 @@ public class MOAIDConfigurationValidator {
if (moduleValidator.containsKey(moduleID)) {
logger.trace("Starting validation process of keyGroup: " + groupEl.getKey()
+ " with module: " + moduleValidator.get(moduleID).getName());
+ Map<String, String> servicekeys = KeyValueUtils.removePrefixFromKeys(groupEl.getValue(), groupEl.getKey());
+
+ //put service prefix to validation Map to check if service already stored
+ servicekeys.put(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES, groupEl.getKey());
+
moduleValidator.get(moduleID)
- .validate(KeyValueUtils.removePrefixFromKeys(groupEl.getValue(), groupEl.getKey()));
+ .validate(servicekeys);
} else
logger.info("No ModulValidator for keygroup {} found.", moduleID);
@@ -268,6 +274,7 @@ public class MOAIDConfigurationValidator {
for (String key : validationModuleKeys) {
if (el.getKey().startsWith(key)) {
selectedModul = moduleValidator.get(key);
+ break;
}
}
@@ -276,7 +283,7 @@ public class MOAIDConfigurationValidator {
String groupkey = null;
if (selectedModul.getKeyPrefix().startsWith(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) {
String oaIndex = KeyValueUtils.getFirstChildAfterPrefix(el.getKey(), selectedModul.getKeyPrefix());
- groupkey = selectedModul + "." + oaIndex;
+ groupkey = selectedModul.getKeyPrefix() + "." + oaIndex;
} else
groupkey = selectedModul.getKeyPrefix();
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java
index 22281c973..e7775beba 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java
@@ -22,12 +22,10 @@
*/
package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl;
-import java.util.Map;
-
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException;
import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator;
-import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesPVPGatewayTask;
/**
* @author tlenz
@@ -35,17 +33,12 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator;
*/
public class GatewayValidator extends AbstractModuleValidator {
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#validate(java.util.Map)
- */
- @Override
- public void validate(Map<String, String> input)
- throws ConfigurationModulValidationException {
- // TODO Auto-generated method stub
-
+ public GatewayValidator() {
+ addTaskValidator(new ServicesGeneralInformationTask());
+ addTaskValidator(new ServicesPVPGatewayTask());
}
-
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getKeyPrefix()
*/
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java
index 2e9288415..5b9312e8e 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesInterfederationIDPTask;
/**
* @author tlenz
@@ -31,6 +33,11 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleVal
*/
public class InterfederationIDPValidator extends AbstractModuleValidator {
+ public InterfederationIDPValidator() {
+ addTaskValidator(new ServicesGeneralInformationTask());
+ addTaskValidator(new ServicesInterfederationIDPTask());
+
+ }
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getKeyPrefix()
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java
index a71d425f2..dbce8ec3a 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java
@@ -22,13 +22,15 @@
*/
package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl;
-import java.util.Map;
-
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException;
-import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException;
import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator;
-import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesAuthenticationInformationTask;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesBKUSelectionTask;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolSAML1Task;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesSSOAuthenticationTask;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesTargetTask;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesbPKDecryptionTask;
/**
* @author tlenz
@@ -36,14 +38,18 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator;
*/
public class OnlineApplicationValidator extends AbstractModuleValidator {
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#validate(java.util.Map)
+ /**
+ *
*/
- @Override
- public void validate(Map<String, String> input)
- throws ConfigurationModulValidationException {
- // TODO Auto-generated method stub
-
+ public OnlineApplicationValidator() {
+ addTaskValidator(new ServicesGeneralInformationTask());
+ addTaskValidator(new ServicesTargetTask());
+ addTaskValidator(new ServicesAuthenticationInformationTask());
+ addTaskValidator(new ServicesSSOAuthenticationTask());
+ addTaskValidator(new ServicesbPKDecryptionTask());
+ addTaskValidator(new ServicesProtocolSAML1Task());
+ addTaskValidator(new ServicesBKUSelectionTask());
+
}
/* (non-Javadoc)
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java
index 17dc66550..ad3c15b16 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java
@@ -22,13 +22,11 @@
*/
package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl;
-import java.util.Map;
-
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException;
-import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException;
import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator;
-import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesBKUSelectionTask;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesTargetTask;
/**
* @author tlenz
@@ -36,14 +34,12 @@ import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator;
*/
public class VIDPValidator extends AbstractModuleValidator {
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#validate(java.util.Map)
- */
- @Override
- public void validate(Map<String, String> input)
- throws ConfigurationModulValidationException {
- // TODO Auto-generated method stub
+ public VIDPValidator() {
+ addTaskValidator(new ServicesGeneralInformationTask());
+ addTaskValidator(new ServicesTargetTask());
+ addTaskValidator(new ServicesBKUSelectionTask());
+
}
/* (non-Javadoc)
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java
index 394bc4da7..a124949f1 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java
@@ -49,7 +49,7 @@ public abstract class AbstractTaskValidator implements ITaskValidator {
throws ConfigurationTaskValidationException {
//start task specific validation
- tastValidate(input);
+ taskValidate(input);
}
@@ -59,7 +59,7 @@ public abstract class AbstractTaskValidator implements ITaskValidator {
* @param input Key/Value pairs of a module for validation
* @throws ConfigurationModulValidationException
*/
- abstract protected void tastValidate(Map<String, String> input)
+ abstract protected void taskValidate(Map<String, String> input)
throws ConfigurationTaskValidationException;
/* (non-Javadoc)
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
index e4646bc04..b8836b90c 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
@@ -94,7 +94,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
* @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map)
*/
@Override
- protected void tastValidate(Map<String, String> input)
+ protected void taskValidate(Map<String, String> input)
throws ConfigurationTaskValidationException {
List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
@@ -451,7 +451,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
}
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix()));
- if (MiscUtil.isEmpty(check)) {
+ if (MiscUtil.isEmpty(check) || check.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) {
log.info("AuthBlock Transformation file is empty");
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64,
@@ -537,6 +537,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
//TODO: add AuthBlock transformation filename
String authBlockTransformation = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix()));
+
String[] splittet = authBlockTransformation.split(",");
if (splittet.length > 1) {
newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64,
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java
index 95f6c8349..35fed19a3 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java
@@ -54,7 +54,7 @@ public class GeneralOpenIDConfigurationTask extends AbstractTaskValidator {
* @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
*/
@Override
- protected void tastValidate(Map<String, String> input)
+ protected void taskValidate(Map<String, String> input)
throws ConfigurationTaskValidationException {
}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
index 46dce77a0..a593b5461 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
@@ -82,7 +82,7 @@ public class GeneralPVP2XConfigurationTask extends AbstractTaskValidator impleme
* @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map)
*/
@Override
- protected void tastValidate(Map<String, String> input)
+ protected void taskValidate(Map<String, String> input)
throws ConfigurationTaskValidationException {
List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index a12c8f0cd..c6086583a 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -90,7 +90,7 @@ public static final List<String> KEYWHITELIST;
* @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map)
*/
@Override
- public void tastValidate(Map<String, String> input)
+ public void taskValidate(Map<String, String> input)
throws ConfigurationTaskValidationException {
List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
Map<String, String> validatedCPeps = new HashedMap<String, String>();
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
new file mode 100644
index 000000000..c39e857e4
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
@@ -0,0 +1,229 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesAuthenticationInformationTask extends AbstractTaskValidator implements ITaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationInformationTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - Authentication Configuration Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ //Check BKU URLs
+ String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY);
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check)) {
+ log.info("Not valid Handy-BKU URL");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY,
+ "BKU - Handy",
+ LanguageHelper.getErrorString("validation.general.bku.handy.valid")));
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL);
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL,
+ "BKU - Local",
+ LanguageHelper.getErrorString("validation.general.bku.local.valid")));
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE);
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE,
+ "BKU - Online",
+ LanguageHelper.getErrorString("validation.general.bku.online.valid")));
+ }
+
+ //check KeyBoxIdentifier
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER);
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty KeyBoxIdentifier");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE,
+ "BKU - KeyBoxIdentifier",
+ LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty")));
+
+ } else {
+ if (!MOAIDConfigurationConstants.ALLOWED_KEYBOXIDENTIFIER.contains(check)) {
+ log.info("Not valid KeyBoxIdentifier " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE,
+ "BKU - KeyBoxIdentifier",
+ LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid")));
+ }
+ }
+
+ //check LegacyMode SLTemplates
+ String isLegacyModeActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY);
+ if (MiscUtil.isNotEmpty(isLegacyModeActive) && Boolean.parseBoolean(isLegacyModeActive)) {
+ if (MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)) &&
+ MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)) &&
+ MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)) ) {
+ log.info("Empty OA-specific SecurityLayer Templates");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY,
+ "BKU - SecurityLayer Templates",
+ LanguageHelper.getErrorString("validation.general.sltemplates.empty")));
+
+ } else {
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE);
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
+ log.info("First OA-specific SecurityLayer Templates is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE,
+ "BKU - 1. SecurityLayer Templates",
+ LanguageHelper.getErrorString("validation.general.sltemplate1.valid")));
+ }
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE);
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
+ log.info("Second OA-specific SecurityLayer Templates is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE,
+ "BKU - 2. SecurityLayer Templates",
+ LanguageHelper.getErrorString("validation.general.sltemplate2.valid")));
+ }
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE);
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
+ log.info("Third OA-specific SecurityLayer Templates is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE,
+ "BKU - 3. SecurityLayer Templates",
+ LanguageHelper.getErrorString("validation.general.sltemplate3.valid")));
+ }
+ }
+ }
+
+ //check Mandate Profiles
+ String checkUseMandate = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_USE);
+ if (MiscUtil.isNotEmpty(checkUseMandate) && Boolean.parseBoolean(checkUseMandate)) {
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES);
+ if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ log.warn("MandateProfiles contains potentail XSS characters: " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES,
+ "Mandates - Profiles",
+ LanguageHelper.getErrorString("validation.general.mandate.profiles",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+ }
+
+ }
+
+ String isTestCredentialsActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED);
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs);
+ if (MiscUtil.isNotEmpty(isTestCredentialsActive) &&
+ Boolean.parseBoolean(isTestCredentialsActive) &&
+ MiscUtil.isNotEmpty(check)) {
+ String[] oids = check.split(",");
+ for (String el : oids) {
+ if (!el.startsWith(MOAIDConfigurationConstants.TESTCREDENTIALROOTOID)) {
+ log.warn("Test credential OID does not start with test credential root OID");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs,
+ "Test-Identities - allowed OIDs",
+ LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid",
+ new Object[] {el}) ));
+ }
+ }
+ }
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
new file mode 100644
index 000000000..087334c4b
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
@@ -0,0 +1,301 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationSTORKTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - General Configuration Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ Map<String, String> newConfigValues = new HashMap<String, String>();
+
+ //C-PEPS
+ try {
+ //search all actually configured C-PEPS
+ String[] cPepsKeys = dbconfig.findConfigurationId(
+ MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST
+ + ".%."
+ + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY);
+ List<String> cPepsCountries = new ArrayList<String>();
+ for (String el : cPepsKeys) {
+ String country = dbconfig.getStringValue(el);
+ if (MiscUtil.isNotEmpty(el))
+ cPepsCountries.add(country);
+
+ }
+
+ //check SERVICE STORK countries against C-PEPS configuration
+ Map<String, String> GUICountries = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST);
+ Iterator<Entry<String, String>> GUICountriesInterator = GUICountries.entrySet().iterator();
+ while (GUICountriesInterator.hasNext()) {
+ Entry<String, String> entry = GUICountriesInterator.next();
+ if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE)) {
+
+ if (cPepsCountries.contains(entry.getValue())) {
+ //Service contains C-PEPS
+ log.trace("Service contains C-PEPS with countryCode: " + entry.getValue());
+ cPepsCountries.remove(entry.getValue());
+
+ } else {
+ //Service contains countryCode which is not a C-PEPS --> remove country code from service
+ log.debug("No C-PEPS with service countryCode: " + entry.getValue()
+ + " Remove countryCode from service.");
+ String index = KeyValueUtils.getParentKey(entry.getKey());
+ if (MiscUtil.isNotEmpty(index)) {
+ keysToDelete.add(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST
+ + "." + index + "*");
+
+ } else
+ log.warn("Can not remove countryCode from service. Suspect key: "
+ + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST
+ + "." + entry.getKey());
+
+ }
+ }
+ }
+
+ // add new C-PEPS to service
+ int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUICountries.keySet(), new String());
+ for (String el : cPepsCountries) {
+ log.debug("Add new C-PEPS: " + el + " to service with key: "
+ + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST
+ + "." + nextFreeIndex);
+ newConfigValues.put(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST
+ + "." + nextFreeIndex + "."
+ + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE,
+ el);
+ newConfigValues.put(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST
+ + "." + nextFreeIndex + "."
+ + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED,
+ String.valueOf(true));
+ nextFreeIndex++;
+ }
+
+
+ } catch (ConfigurationException e) {
+ log.error("Can not access configuration.", e);
+
+ }
+
+
+ //STORK attributes
+ try {
+ //search all actually configured C-PEPS
+ String[] attributeKeys = dbconfig.findConfigurationId(
+ MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST
+ + ".%."
+ + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME);
+ List<String> attributeNames = new ArrayList<String>();
+ for (String el : attributeKeys) {
+ String country = dbconfig.getStringValue(el);
+ if (MiscUtil.isNotEmpty(el))
+ attributeNames.add(country);
+
+ }
+
+ //check SERVICE STORK countries against C-PEPS configuration
+ Map<String, String> GUIAttributes = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST);
+ Iterator<Entry<String, String>> GUIAttributesInterator = GUIAttributes.entrySet().iterator();
+ while (GUIAttributesInterator.hasNext()) {
+ Entry<String, String> entry = GUIAttributesInterator.next();
+ if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME)) {
+
+ if (attributeNames.contains(entry.getValue())) {
+ //Service contains C-PEPS
+ log.trace("Service contains STORK attribute with name: " + entry.getValue());
+ attributeNames.remove(entry.getValue());
+
+ } else {
+ //Service contains countryCode which is not a C-PEPS --> remove country code from service
+ log.debug("No STORK attribute with service attributeName: " + entry.getValue()
+ + " Remove STORK attribte from service.");
+ String index = KeyValueUtils.getParentKey(entry.getKey());
+ if (MiscUtil.isNotEmpty(index)) {
+ keysToDelete.add(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
+ + "." + index + "*");
+
+ } else
+ log.warn("Can not remove STORK attribute from service. Suspect key: "
+ + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
+ + "." + entry.getKey());
+
+ }
+ }
+ }
+
+ // add new C-PEPS to service
+ int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUIAttributes.keySet(), new String());
+ for (String el : attributeNames) {
+ log.debug("Add new STORK attribute: " + el + " to service with key: "
+ + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
+ + "." + nextFreeIndex);
+ newConfigValues.put(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
+ + "." + nextFreeIndex + "."
+ + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME,
+ el);
+
+ newConfigValues.put(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
+ + "." + nextFreeIndex + "."
+ + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED,
+ String.valueOf(false));
+
+ newConfigValues.put(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
+ + "." + nextFreeIndex + "."
+ + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY,
+ String.valueOf(false));
+
+ nextFreeIndex++;
+ }
+
+
+ } catch (ConfigurationException e) {
+ log.error("Can not access configuration.", e);
+
+ }
+
+
+
+ if (newConfigValues.isEmpty())
+ return null;
+ else
+ return newConfigValues;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ // check qaa
+ String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);
+ if (MiscUtil.isNotEmpty(qaaString)) {
+ try {
+ int qaa = Integer.parseInt(qaaString);
+ if(1 > qaa && 4 < qaa) {
+ log.warn("QAA is out of range : " + qaa);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
+ "STORK - minimal QAA level",
+ LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
+ new Object[] {qaa})));
+ }
+
+ } catch (NumberFormatException e) {
+ log.warn("QAA level is not a number: " + qaaString);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
+ "STORK - minimal QAA level",
+ LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
+ new Object[] {qaaString})));
+ }
+ }
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix()
+ */
+ @Override
+ public List<String> getModulValidatorPrefix() {
+ return Arrays.asList(
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA
+ );
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java
new file mode 100644
index 000000000..7ed9751cb
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java
@@ -0,0 +1,403 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.apache.commons.codec.binary.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesBKUSelectionTask extends AbstractTaskValidator implements ITaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesBKUSelectionTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "auth.templates";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - BKU-Selection Configuration Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+
+ Map<String, String> newConfigValues = new HashMap<String, String>();
+
+ String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME);
+ if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) {
+ newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, bkuSelectTemplateUploadedFileName);
+
+ }
+
+ String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME);
+ if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) {
+ newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, sendAssertionTemplateUploadedFileName);
+
+ }
+
+ if (newConfigValues.isEmpty())
+ return null;
+ else
+ return newConfigValues;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+
+ //validate aditionalAuthBlockText
+ String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT,
+ "AuthBlock - Addition AuthBlocktext",
+ LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ }
+ }
+
+ //validate BKU selection template
+ String bkuSelectTemplate = null;
+ String bkuSelectionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA);
+ if (MiscUtil.isNotEmpty(bkuSelectionFileUpload) &&
+ !bkuSelectionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) ) {
+ String bkuSelectTemplateFileName = "unknown";
+ try {
+ String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME);
+ if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(bkuSelectTemplateUploadedFileName, false)) {
+ log.info("BKU Selection Filename is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME,
+ "Templates - BKU Selection Filename",
+ LanguageHelper.getErrorString("validation.general.bkuselection.filename.valid")));
+
+ } else
+ bkuSelectTemplateFileName = bkuSelectTemplateUploadedFileName;
+
+ } else {
+ String bkuSelectTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW);
+ if (MiscUtil.isNotEmpty(bkuSelectTemplatePreView))
+ bkuSelectTemplateFileName = bkuSelectTemplatePreView;
+
+ }
+
+ String[] bkuSelectTemplateSplitted = bkuSelectionFileUpload.split(",");
+ if (bkuSelectTemplateSplitted.length > 1)
+ bkuSelectTemplate = bkuSelectTemplateSplitted[1];
+ else
+ bkuSelectTemplate = bkuSelectionFileUpload;
+
+ if (!Base64.isBase64(bkuSelectTemplate)) {
+ log.info("BKU Selection Template is not decodeable.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA,
+ "Templates - BKU Selection",
+ LanguageHelper.getErrorString("validation.general.bkuselection.file.valid",
+ new Object[] {bkuSelectTemplateFileName})));
+
+ }
+
+ } catch (Exception e) {
+ log.info("BKU Selection Template is not decodeable.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA,
+ "Templates - BKU Selection",
+ LanguageHelper.getErrorString("validation.general.bkuselection.file.valid",
+ new Object[] {bkuSelectTemplateFileName})));
+
+ }
+
+ }
+
+ //validate send-assertion template
+ String sendAssertionTemplate = null;
+ String sendAssertionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA);
+ if (MiscUtil.isNotEmpty(sendAssertionFileUpload) &&
+ !sendAssertionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) {
+ String sendAssertionTemplateFileName = "unknown";
+ try {
+ String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME);
+ if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(sendAssertionTemplateUploadedFileName, false)) {
+ log.info("Send Assertion Filename is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME,
+ "Templates - Send Assertion Filename",
+ LanguageHelper.getErrorString("validation.general.sendassertion.filename.valid")));
+
+ } else
+ sendAssertionTemplateFileName = sendAssertionTemplateUploadedFileName;
+
+ } else {
+ String sendAssertionTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_PREVIEW);
+ if (MiscUtil.isNotEmpty(sendAssertionTemplatePreView))
+ sendAssertionTemplateFileName = sendAssertionTemplatePreView;
+
+ }
+
+ String[] sendAssertionTemplateSplitted = sendAssertionFileUpload.split(",");
+ if (sendAssertionTemplateSplitted.length > 1)
+ sendAssertionTemplate = sendAssertionTemplateSplitted[1];
+ else
+ sendAssertionTemplate = sendAssertionFileUpload;
+
+ if (!Base64.isBase64(sendAssertionTemplate)) {
+ log.info("Send Assertion Template is not decodeable.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA,
+ "Templates - Send Assertion",
+ LanguageHelper.getErrorString("validation.general.sendassertion.file.valid",
+ new Object[] {sendAssertionTemplateFileName})));
+
+ }
+
+ } catch (Exception e) {
+ log.info("Send Assertion Template is not decodeable.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA,
+ "Templates - Send Assertion",
+ LanguageHelper.getErrorString("validation.general.sendassertion.file.valid",
+ new Object[] {sendAssertionTemplateFileName})));
+
+ }
+
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#"))
+ check = "#" + check;
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR,
+ "Templates - Background Color",
+ LanguageHelper.getErrorString("validation.general.form.color.background")));
+ }
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#"))
+ check = "#" + check;
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("BKUSelectionFrontColor is not a valid hex value " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR,
+ "Templates - Front Color",
+ LanguageHelper.getErrorString("validation.general.form.color.front")));
+ }
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#"))
+ check = "#" + check;
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("HeaderBackGroundColor is not a valid hex value " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR,
+ "Templates - Header Background-Color",
+ LanguageHelper.getErrorString("validation.general.form.header.color.back")));
+ }
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#"))
+ check = "#" + check;
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("HeaderFrontColor is not a valid hex value " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR,
+ "Templates - Header Front-Color",
+ LanguageHelper.getErrorString("validation.general.form.header.color.front")));
+ }
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("HeaderText contains potentail XSS characters: " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT,
+ "Templates - Header Text",
+ LanguageHelper.getErrorString("validation.general.form.header.text",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ }
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#"))
+ check = "#" + check;
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("ButtonBackGroundColor is not a valid hex value " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR,
+ "Templates - Button Background-Color",
+ LanguageHelper.getErrorString("validation.general.form.button.color.back")));
+ }
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#"))
+ check = "#" + check;
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS,
+ "Templates - Button Background-Color on Focus",
+ LanguageHelper.getErrorString("validation.general.form.button.color.back.focus")));
+ }
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#"))
+ check = "#" + check;
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("ButtonFrontColor is not a valid hex value " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR,
+ "Templates - Button Front-Color",
+ LanguageHelper.getErrorString("validation.general.form.button.color.front")));
+ }
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!MOAIDConfigurationConstants.ALLOWED_REDIRECTTARGETNAMES.contains(check)) {
+ log.warn("AppletRedirectTarget has not valid value " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET,
+ "Templates - Applet Redirect-Target",
+ LanguageHelper.getErrorString("validation.general.form.appletredirecttarget")));
+ }
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ log.warn("FontType contains potentail XSS characters: " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE,
+ "Templates - Font Type",
+ LanguageHelper.getErrorString("validation.general.form.fonttype",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+ }
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("Applet height "+ check + " is no valid number");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT,
+ "Templates - Applet Height",
+ LanguageHelper.getErrorString("validation.general.form.applet.height",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+ }
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("Applet width "+ check + " is no valid number");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH,
+ "Templates - Applet Width",
+ LanguageHelper.getErrorString("validation.general.form.applet.width",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+ }
+ }
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java
index f27cb9ce7..86d047c74 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java
@@ -28,47 +28,50 @@ import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.components.configuration.api.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
*
*/
public class ServicesGeneralInformationTask extends AbstractTaskValidator implements ITaskValidator {
-
+ private static final Logger log = LoggerFactory.getLogger(ServicesGeneralInformationTask.class);
private static final List<String> KEYWHITELIST;
+ private static MOAIDConfiguration dbconfig;
+
static {
- ArrayList<String> temp = new ArrayList<String>();
- temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_ENABLED, MOAIDConfigurationConstants.PREFIX_GENERAL));
- temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_LEGACY, MOAIDConfigurationConstants.PREFIX_GENERAL));
-
+ ArrayList<String> temp = new ArrayList<String>();
KEYWHITELIST = Collections.unmodifiableList(temp);
}
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map)
- */
- @Override
- public void validate(Map<String, String> input)
- throws ConfigurationTaskValidationException {
- // TODO Auto-generated method stub
+ @Autowired
+ public void setDatabaseConfiguration(MOAIDConfiguration config) {
+ dbconfig = config;
+
}
-
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
*/
@Override
public String getKeyPrefix() {
- // TODO Auto-generated method stub
- return null;
+ return "";
}
/* (non-Javadoc)
@@ -76,8 +79,7 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem
*/
@Override
public String getName() {
- // TODO Auto-generated method stub
- return null;
+ return "Service - General Configuration Task";
}
/* (non-Javadoc)
@@ -86,7 +88,6 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem
@Override
public Map<String, String> postProcessing(Map<String, String> input,
List<String> keysToDelete, Configuration dbconfig) {
- // TODO Auto-generated method stub
return null;
}
@@ -94,10 +95,113 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem
* @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
*/
@Override
- protected void tastValidate(Map<String, String> input)
- throws ConfigurationTaskValidationException {
- // TODO Auto-generated method stub
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ if (dbconfig == null) {
+ throw new ConfigurationTaskValidationException(
+ new ValidationObjectIdentifier("internal", "Internal Error", "Configuration is not readable!"));
+
+ }
+
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("OAFriendlyName contains potentail XSS characters: " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME,
+ "FriendlyName",
+ LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ }
+ } else {
+ log.info("OA friendlyName is empty");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME,
+ "FriendlyName",
+ LanguageHelper.getErrorString("validation.general.oafriendlyname.empty")));
+ }
+
+ String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE);
+ if (MiscUtil.isEmpty(isBusinessService)) {
+ log.info("OA businessservice flag is empty");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE,
+ "BusinessService",
+ LanguageHelper.getErrorString("validation.general.businessservice.empty")));
+
+ }
+
+ String servicePrefixId = input.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES);
+ if (MiscUtil.isNotEmpty(servicePrefixId)) {
+ String uniqueServiceID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
+ if (MiscUtil.isEmpty(uniqueServiceID)) {
+ log.info("Empty unique service identifier");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER,
+ "Unique Identifier",
+ LanguageHelper.getErrorString("validation.general.oaidentifier.empty")));
+
+ } else {
+ if (!ValidationHelper.validateURL(uniqueServiceID)) {
+ log.warn("Unique serice identifier is not a valid URL: " + uniqueServiceID);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER,
+ "Unique Identifier",
+ LanguageHelper.getErrorString("validation.general.oaidentifier.valid")));
+
+ } else {
+ //check uniqueness of service identifier
+ try {
+ String[] allServiceKeys = dbconfig.findConfigurationId(
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
+ +".%."
+ + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
+ if (allServiceKeys != null) {
+ List<String> foundKeys = new ArrayList<String>();
+ for (String elKey : allServiceKeys) {
+ String elValue = dbconfig.getStringValue(elKey);
+ if (uniqueServiceID.startsWith(elValue) ||
+ (elValue != null && elValue.startsWith(uniqueServiceID))) {
+ log.debug("Found service with key: " + elKey
+ + " and uniqueID: " + elValue
+ + " which maches to edited service with uniqueID:"
+ + uniqueServiceID);
+ foundKeys.add(elKey);
+
+ }
+
+ }
+ if ((foundKeys.size() > 1) ||
+ ((foundKeys.size() == 1) && !foundKeys.get(0).startsWith(servicePrefixId) )) {
+ log.info("The service identifier is not unique");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER,
+ "Unique Identifier",
+ LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")));
+
+ }
+ }
+
+ } catch (ConfigurationException e) {
+ log.error("Configuration not readable!", e);
+ new ValidationObjectIdentifier("internal", "Internal Error", "Configuration is not readable!");
+
+ }
+ }
+ }
+
+ } else {
+ throw new ConfigurationTaskValidationException(
+ new ValidationObjectIdentifier("internal", "Internal Error", "No MOA-ID service prefix! Can not check uniqueness of service configuration."));
+
+ }
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
}
/* (non-Javadoc)
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java
new file mode 100644
index 000000000..8c3475d8b
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java
@@ -0,0 +1,116 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesInterfederationIDPTask extends AbstractTaskValidator implements ITaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesInterfederationIDPTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "interfederation";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - Interfederation IDP";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ String queryURL = input.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL);
+ if (MiscUtil.isNotEmpty(queryURL)) {
+ if (!ValidationHelper.validateURL(queryURL)) {
+ log.info("AttributeQuery URL is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL,
+ "Attribute Querry URL",
+ LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid")));
+
+ }
+ }
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java
new file mode 100644
index 000000000..2e9dd1c30
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesPVPGatewayTask extends AbstractTaskValidator implements ITaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesPVPGatewayTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "interfederation";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - PVP Gateway Configuration Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ String entityID = input.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER);
+ if (MiscUtil.isNotEmpty(entityID)) {
+ if (!ValidationHelper.validateURL(entityID)) {
+ log.info("PVP gateway EntityID is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER,
+ "EntityID of PVP Portal ",
+ LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid")));
+
+ }
+
+ } else
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER,
+ "EntityID of PVP Portal ",
+ LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty")));
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java
new file mode 100644
index 000000000..e8cdbba90
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesProtocolOpenIDTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesProtocolOpenIDTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - General Configuration Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ Map<String, String> newConfigValues = new HashMap<String, String>();
+
+ //TODO: check secret
+ String guiClientID = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID);
+ String guiClientSecret = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET);
+
+ if (MiscUtil.isEmpty(guiClientSecret)) {
+ log.info("OpenID Connect client-secret is empty --> generate a new secrete.");
+ guiClientSecret = UUID.randomUUID().toString();
+ newConfigValues.put(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET,
+ guiClientSecret);
+
+ }
+
+ if (MiscUtil.isEmpty(guiClientID)) {
+ log.info("OpenID Connect ClientID is empty --> Set ClientID to unique identifier.");
+ newConfigValues.put(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID,
+ input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER));
+
+ }
+
+ if (newConfigValues.isEmpty())
+ return null;
+ else
+ return newConfigValues;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ String redirectURL = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL);
+ // validate redirectUri
+ if (StringUtils.isNotEmpty(redirectURL) && !ValidationHelper.validateURL(redirectURL)) {
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL,
+ "OpenID - Redirect URL",
+ LanguageHelper.getErrorString("error.oa.oauth.redirecturi")));
+ }
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix()
+ */
+ @Override
+ public List<String> getModulValidatorPrefix() {
+ return Arrays.asList(
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA
+ );
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
new file mode 100644
index 000000000..6da1bc389
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
@@ -0,0 +1,336 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Timer;
+import java.util.regex.Pattern;
+
+import javax.net.ssl.SSLHandshakeException;
+
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataFilterChain;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.MOAIDWebGUIConfiguration;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.utils.MetaDataVerificationFilter;
+import at.gv.egovernment.moa.id.config.webgui.validation.utils.SchemaValidationFilter;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesProtocolPVP2XTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - General Configuration Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+
+ Map<String, String> newConfigValues = new HashMap<String, String>();
+ String certBase64 = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+
+ String[] splittet = certBase64.split(",");
+ if (splittet.length > 1) {
+ newConfigValues.put(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE,
+ splittet[1]);
+ log.debug("Extract PVP2X metadata validation certificate from GUI upload and add it to key: {}", MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+
+ try {
+ byte[] certSerialized = null;
+ if (MiscUtil.isNotEmpty(certBase64)) {
+ certSerialized = Base64Utils.decode(certBase64, true);
+ X509Certificate cert = new X509Certificate(certSerialized);
+ newConfigValues.put(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE_SUBJECT,
+ cert.getSubjectDN().getName());
+
+ }
+
+ } catch (IOException | CertificateException e) {
+ log.error("PVP2X metadata signing certificate is not parseable.", e);
+
+ }
+ }
+
+ if (newConfigValues.isEmpty())
+ return null;
+ else
+ return newConfigValues;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ Timer timer = null;
+ MOAHttpClient httpClient = null;
+ HTTPMetadataProvider httpProvider = null;
+
+ String certBase64 = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+
+ try {
+ byte[] certSerialized = null;
+ if (MiscUtil.isNotEmpty(certBase64) &&
+ !certBase64.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) {
+ String[] splittet = certBase64.split(",");
+ if (splittet.length > 1)
+ certSerialized = Base64Utils.decode(splittet[1], true);
+ else
+ certSerialized = Base64Utils.decode(certBase64, true);
+ }
+
+
+ String metadataURL = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
+ if (MiscUtil.isNotEmpty(metadataURL)) {
+
+ if (!ValidationHelper.validateURL(metadataURL)) {
+ log.info("MetaDataURL has no valid form.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL,
+ "PVP2x - Metadata URL",
+ LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid")));
+
+ } else {
+
+ if (certSerialized == null) {
+ log.info("No certificate for metadata validation");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE,
+ "PVP2x - Metadata Certificate",
+ LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")));
+
+ } else {
+
+ X509Certificate cert = new X509Certificate(certSerialized);
+ BasicX509Credential credential = new BasicX509Credential();
+ credential.setEntityCertificate(cert);
+
+ timer = new Timer();
+ httpClient = new MOAHttpClient();
+
+ if (metadataURL.startsWith("https:"))
+ try {
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ "MOAMetaDataProvider",
+ MOAIDWebGUIConfiguration.getInstance().getCertStoreDirectory(),
+ MOAIDWebGUIConfiguration.getInstance().getTrustStoreDirectory(),
+ null,
+ "pkix",
+ true);
+
+ httpClient.setCustomSSLTrustStore(
+ metadataURL,
+ protoSocketFactory);
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+
+ } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) {
+ log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
+
+ }
+
+ List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
+ filterList.add(new MetaDataVerificationFilter(credential));
+
+ try {
+ filterList.add(new SchemaValidationFilter(
+ MOAIDWebGUIConfiguration.getInstance().isPVPMetadataSchemaValidationActive()));
+
+ } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) {
+ log.warn("Configuration access FAILED!", e);
+
+ }
+
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.setFilters(filterList);
+
+ httpProvider =
+ new HTTPMetadataProvider(timer, httpClient, metadataURL);
+ httpProvider.setParserPool(new BasicParserPool());
+ httpProvider.setRequireValidMetadata(true);
+ httpProvider.setMetadataFilter(filter);
+ httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+ httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+ httpProvider.setRequireValidMetadata(true);
+ httpProvider.initialize();
+
+ if (httpProvider.getMetadata() == null) {
+ log.info("Metadata could be received but validation FAILED.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL,
+ "PVP2x - Metadata",
+ LanguageHelper.getErrorString("validation.pvp2.metadata.validation")));
+ }
+ }
+ }
+ }
+
+ } catch (CertificateException e) {
+ log.info("Uploaded Certificate can not be found", e);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL,
+ "PVP2x - Metadata",
+ LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")));
+
+ } catch (IOException e) {
+ log.info("Metadata can not be loaded from URL", e);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL,
+ "PVP2x - Metadata",
+ LanguageHelper.getErrorString("validation.pvp2.metadataurl.read")));
+
+ } catch (MetadataProviderException e) {
+
+ try {
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ log.info("SSL Server certificate not trusted.", e);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL,
+ "PVP2x - Metadata",
+ LanguageHelper.getErrorString("validation.pvp2.metadata.ssl")));
+
+ } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
+ log.info("MetaDate verification failed", e);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL,
+ "PVP2x - Metadata",
+ LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig")));
+
+ } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+ log.info("MetaDate verification failed", e);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL,
+ "PVP2x - Metadata",
+ LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema")));
+
+ } else {
+ log.info("MetaDate verification failed", e);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL,
+ "PVP2x - Metadata",
+ LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general")));
+ }
+
+ } catch (Exception e1) {
+ log.info("MetaDate verification failed", e1);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL,
+ "PVP2x - Metadata",
+ LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general")));
+
+ }
+
+ } finally {
+ if (httpProvider != null)
+ httpProvider.destroy();
+
+ if (timer != null)
+ timer.cancel();
+
+ }
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix()
+ */
+ @Override
+ public List<String> getModulValidatorPrefix() {
+ return Arrays.asList(
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA,
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_IIDP
+ );
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java
new file mode 100644
index 000000000..fe3a791e7
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesProtocolSAML1Task extends AbstractTaskValidator implements ITaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesProtocolSAML1Task.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "protocols.saml1";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - SAML1 Protocol Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE);
+ String isProvideBaseID = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID);
+
+ if (Boolean.parseBoolean(isBusinessService) &&
+ MiscUtil.isNotEmpty(isProvideBaseID) && Boolean.parseBoolean(isProvideBaseID)) {
+ log.info("ProvideStammZahl can not be used with BusinessService applications");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID,
+ "Protocols - SAML1 BaseID",
+ LanguageHelper.getErrorString("validation.saml1.providestammzahl")));
+ }
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
new file mode 100644
index 000000000..d4e80bed9
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
@@ -0,0 +1,273 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesProtocolSTORKTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesProtocolSTORKTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - General Configuration Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ Map<String, String> newConfigValues = new HashMap<String, String>();
+
+ try {
+ //search actually stored service configurations
+ List<String> storedServices = new ArrayList<String>();
+ for (String prefix : getModulValidatorPrefix()) {
+ String[] storedService = dbconfig.findConfigurationId(prefix + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
+ if (storedService != null && storedService.length > 0)
+ storedServices.addAll(Arrays.asList(storedService));
+ }
+
+ String GUIServiceUniqueID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
+ String selectedServiceKey = null;
+ for (String serviceKey : storedServices) {
+ String storedUniqueId = dbconfig.getStringValue(serviceKey);
+ if (storedUniqueId.equals(GUIServiceUniqueID)) {
+ selectedServiceKey = KeyValueUtils.getPrefixFromKey(serviceKey, MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
+ log.debug("Find service with key: " + selectedServiceKey + " --> Start STORK attribute provider postProcessing.");
+ break;
+ }
+
+ }
+
+ //load actually stored attribute provider names for service
+ Map<String, String> storedAttributeProviders = new HashMap<String, String>();
+ if (MiscUtil.isNotEmpty(selectedServiceKey)) {
+ String[] storedAttribteProviderNames = dbconfig.findConfigurationId(
+ selectedServiceKey + "."
+ + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST
+ + ".%." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME);
+ if (storedAttribteProviderNames != null) {
+ for (String el : storedAttribteProviderNames) {
+ String attrProviderName = dbconfig.getStringValue(el);
+ storedAttributeProviders.put(attrProviderName, el);
+
+ }
+ }
+ }
+
+ Map<String, String> storkAttrProviders = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST);
+ Iterator<Entry<String, String>> interator = storkAttrProviders.entrySet().iterator();
+ while (interator.hasNext()) {
+ Entry<String, String> current = interator.next();
+ if (current.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME)) {
+ String guiAttrProviderName = current.getValue();
+ if (storedAttributeProviders.containsKey(guiAttrProviderName)) {
+ log.trace("STORK attribute provider: " + guiAttrProviderName
+ + " is already stored");
+ storedAttributeProviders.remove(guiAttrProviderName);
+
+ } else {
+ log.trace("Add new STORK attribute provider: " + guiAttrProviderName
+ + " to service");
+
+ }
+ }
+ }
+
+ if (!storedAttributeProviders.isEmpty()) {
+ log.trace("Remove STORK attribute providers from configuration.");
+ for (String el : storedAttributeProviders.values()) {
+ String removeString = KeyValueUtils.getPrefixFromKey(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME);
+ keysToDelete.add(removeString + "*");
+ log.debug("Remove STORK attribute provider with key:" + removeString + "*");
+
+ }
+
+ }
+
+ } catch (ConfigurationException e) {
+ log.error("Configuration access FAILED.", e);
+
+ }
+
+
+ if (newConfigValues.isEmpty())
+ return null;
+ else
+ return newConfigValues;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ //check V-IDP specific Target configurations
+ String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE);
+ if (!Boolean.parseBoolean(isBusinessService)) {
+ log.info("STORK V-IDP only allowed as business Service.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE,
+ "BusinessService",
+ "STORK V-IDP only allowed as business Service."));
+ }
+
+ String identificationType = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE);
+ if (MiscUtil.isEmpty(identificationType) ||
+ !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) {
+ log.info("STORK V-IDP only allowes identification numbers with STORK prefix.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE,
+ "BusinessService - IdentificationType",
+ "STORK V-IDP only allowes identification numbers with STORK prefix"));
+
+ }
+
+
+ Map<String, String> storkAttrProviders = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST);
+ Iterator<Entry<String, String>> interator = storkAttrProviders.entrySet().iterator();
+ while (interator.hasNext()) {
+ Entry<String, String> current = interator.next();
+ if (current.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME)) {
+ log.trace("Validate STORK attribute provider with key: " + current.getKey() + " value: " + current.getValue());
+ String index = KeyValueUtils.getParentKey(current.getKey());
+
+ //validate attribute provider name
+ String attrProviderName = current.getValue();
+ if (MiscUtil.isEmpty(attrProviderName)) {
+ log.info("AttributeProviderPlugin Name is empty.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST
+ + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME,
+ "STORK - Attribute Provider",
+ LanguageHelper.getErrorString("validation.stork.ap.name.empty")));
+
+ } else {
+ if (!MOAIDConfigurationConstants.ALLOWED_STORKATTRIBUTEPROVIDERS.contains(attrProviderName)) {
+ log.info("AttributeProviderPlugin Name is not supported.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST
+ + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME,
+ "STORK - Attribute Provider",
+ LanguageHelper.getErrorString("validation.stork.ap.name.valid")));
+ }
+ }
+
+ String attrProviderURL = storkAttrProviders.get(index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL);
+ String attrProviderAttr = storkAttrProviders.get(index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES);
+
+ if (MiscUtil.isEmpty(attrProviderURL) || !ValidationHelper.validateURL(attrProviderURL)) {
+ log.info("AttributeProviderPlugin URL has no valid form.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST
+ + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL,
+ "STORK - Attribute Provider",
+ LanguageHelper.getErrorString("validation.stork.ap.url.valid")));
+ }
+
+
+ if (MiscUtil.isEmpty(attrProviderAttr) || !attrProviderAttr.matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) {
+ log.info("AttributeProviderPlugin attributes are empty or do not match csv format.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST
+ + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES,
+ "STORK - Attribute Provider",
+ LanguageHelper.getErrorString("validation.stork.ap.attributes.valid")));
+ }
+
+ }
+ }
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix()
+ */
+ @Override
+ public List<String> getModulValidatorPrefix() {
+ return Arrays.asList(
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_VIDP
+ );
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java
new file mode 100644
index 000000000..bf2a38cd9
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesSSOAuthenticationTask extends AbstractTaskValidator implements ITaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesSSOAuthenticationTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "auth.sso";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - SSO Authentication Configuration Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ //Actually, there is nothing to validate.
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
new file mode 100644
index 000000000..766032f1f
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
@@ -0,0 +1,221 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.utils.CompanyNumberValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesTargetTask extends AbstractTaskValidator implements ITaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesTargetTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - Target Configuration Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE);
+ String check;
+ if (Boolean.parseBoolean(isBusinessService)) {
+
+ //check identification type
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE);
+ if (!MOAIDConfigurationConstants.BUSINESSSERVICENAMES.keySet().contains(check)) {
+ log.info("IdentificationType is not known.");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE,
+ "BusinessService - Type",
+ LanguageHelper.getErrorString("validation.general.stork.sptarget")));
+ }
+
+ //check identification number
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE);
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty IdentificationNumber");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE,
+ "BusinessService - Value",
+ LanguageHelper.getErrorString("validation.general.identificationnumber.empty")));
+
+ } else {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("IdentificationNumber contains potentail XSS characters: " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE,
+ "BusinessService - Value",
+ LanguageHelper.getErrorString("validation.general.identificationnumber.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ }
+
+ if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)
+ .equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN)) {
+ CompanyNumberValidator val = new CompanyNumberValidator();
+ if (!val.validate(check)) {
+ log.info("Not valid CompanyNumber");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE,
+ "BusinessService - Value",
+ LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid")));
+ }
+ }
+ }
+
+ } else {
+
+ //check own target
+ String useOwnTarget = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN);
+ if (MiscUtil.isNotEmpty(useOwnTarget) && Boolean.parseBoolean(useOwnTarget)) {
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME,
+ "Own Target - FriendlyName",
+ LanguageHelper.getErrorString("validation.general.targetfriendlyname",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ }
+ }
+
+ //check Own Target
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidAdminTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET,
+ "Own Target - Target",
+ LanguageHelper.getErrorString("validation.general.target.admin.valid")));
+ }
+ }
+
+ } else {
+
+ //check PublicURL Prefix allows PublicService
+ String uniqueID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
+ if (!ValidationHelper.isPublicServiceAllowed(input.get(uniqueID))) {
+ log.warn("PublicURLPrefix does not allow PublicService: " + uniqueID);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET,
+ "PublicService - Target",
+ LanguageHelper.getErrorString("validation.general.target.publicserviceurl",
+ new Object[] {uniqueID}) ));
+
+ }
+
+ //check Target
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET);
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET,
+ "PublicService - Target",
+ LanguageHelper.getErrorString("validation.general.target.valid")));
+ }
+ }
+
+ String isSubTargetUsed = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB);
+ if (MiscUtil.isNotEmpty(isSubTargetUsed) && Boolean.parseBoolean(isSubTargetUsed)) {
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB);
+ if (!ValidationHelper.isValidAdminTarget(check)) {
+ log.info("Not valid Target-Subsector");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB,
+ "PublicService - Target SubSector",
+ LanguageHelper.getErrorString("validation.general.target.subsector.valid")));
+
+ }
+ }
+ }
+ }
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java
new file mode 100644
index 000000000..96088b6eb
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesbPKDecryptionTask extends AbstractTaskValidator implements ITaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesbPKDecryptionTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - bPK-Decryption Configuration Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+
+ //TODO:
+
+
+// String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME);
+// if (MiscUtil.isNotEmpty(check)) {
+// if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+// log.warn("OAFriendlyName contains potentail XSS characters: " + check);
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME,
+// "FriendlyName",
+// LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
+// new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+// }
+// } else {
+// log.info("OA friendlyName is empty");
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME,
+// "FriendlyName",
+// LanguageHelper.getErrorString("validation.general.oafriendlyname.empty")));
+// }
+//
+// String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE);
+// if (MiscUtil.isEmpty(isBusinessService)) {
+// log.info("OA businessservice flag is empty");
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE,
+// "BusinessService",
+// LanguageHelper.getErrorString("validation.general.businessservice.empty")));
+//
+// }
+
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java
new file mode 100644
index 000000000..6ec48fa43
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java
@@ -0,0 +1,122 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.config.webgui.validation.utils;
+
+import java.util.Iterator;
+
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MetaDataVerificationFilter implements MetadataFilter {
+
+ BasicX509Credential credential;
+
+ public MetaDataVerificationFilter(BasicX509Credential credential) {
+ this.credential = credential;
+ }
+
+
+ public void doFilter(XMLObject metadata) throws SignatureValidationException {
+
+ if (metadata instanceof EntitiesDescriptor) {
+ EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
+ if(entitiesDescriptor.getSignature() == null) {
+ throw new SignatureValidationException("Root element of metadata file has to be signed");
+ }
+ try {
+ processEntitiesDescriptor(entitiesDescriptor);
+
+ } catch (SignatureValidationException e) {
+ throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor");
+ }
+
+ } if (metadata instanceof EntityDescriptor) {
+ try {
+ EntityDescriptor entity = (EntityDescriptor) metadata;
+ if (entity.getSignature() != null)
+ verify(entity, this.credential);
+
+ else
+ throw new SignatureValidationException("Root element of metadata file has to be signed", null);
+
+ } catch (SignatureValidationException e) {
+ throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null);
+ }
+ }
+ }
+
+ private void processEntitiesDescriptor(EntitiesDescriptor desc) throws SignatureValidationException {
+ Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
+
+ if(desc.getSignature() != null) {
+ verify(desc, this.credential);
+ }
+
+ while(entID.hasNext()) {
+ processEntitiesDescriptor(entID.next());
+ }
+
+ Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+
+ while(entIT.hasNext()) {
+ EntityDescriptor entity = entIT.next();
+ if (entity.getSignature() != null)
+ verify(entity, this.credential);
+ }
+ }
+
+ private void verify(SignableSAMLObject entityDescriptor, Credential cred)
+ throws SignatureValidationException {
+ if (entityDescriptor.getSignature() == null) {
+ throw new SignatureValidationException("PVP2X Metadata not signed");
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to validate Signature", e);
+ throw new SignatureValidationException("Failed to validate Signature", e);
+ }
+
+ SignatureValidator sigValidator = new SignatureValidator(cred);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SignatureValidationException("Failed to verfiy Signature", e);
+
+ }
+ }
+}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java
new file mode 100644
index 000000000..587afe381
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.utils;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.Validator;
+
+import org.opensaml.common.xml.SAMLSchemaBuilder;
+
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SchemaValidationFilter implements MetadataFilter {
+
+ private boolean isActive = true;
+
+ /**
+ *
+ */
+ public SchemaValidationFilter(boolean useSchemaValidation) {
+ this.isActive = useSchemaValidation;
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(XMLObject arg0) throws SchemaValidationException {
+
+ String errString = null;
+
+ if (isActive) {
+ try {
+ Schema test = SAMLSchemaBuilder.getSAML11Schema();
+ Validator val = test.newValidator();
+ DOMSource source = new DOMSource(arg0.getDOM());
+ val.validate(source);
+ Logger.info("Metadata Schema validation check done OK");
+ return;
+
+ } catch (SAXException e) {
+ if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
+ Logger.warn("Metadata Schema validation FAILED with exception:", e);
+ else
+ Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
+
+ errString = e.getMessage();
+
+ } catch (Exception e) {
+ if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
+ Logger.warn("Metadata Schema validation FAILED with exception:", e);
+ else
+ Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
+
+ errString = e.getMessage();
+
+ }
+
+ throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString);
+
+ } else
+ Logger.info("Metadata Schema validation check is DEACTIVATED!");
+
+ }
+
+}