diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-07-17 11:33:52 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-07-17 11:33:52 +0200 |
commit | 2a5dc4175eeb29331b1af83b0e03fa965d447533 (patch) | |
tree | 09231f884800b8513c44844aab605582e2aa100f /id/moa-id-webgui/src/main | |
parent | 9e62eee118784c8f42c60254944f23427751223e (diff) | |
parent | ebb9207bb7895ce59feb34d4d911ba9f0f0add9f (diff) | |
download | moa-id-spss-2a5dc4175eeb29331b1af83b0e03fa965d447533.tar.gz moa-id-spss-2a5dc4175eeb29331b1af83b0e03fa965d447533.tar.bz2 moa-id-spss-2a5dc4175eeb29331b1af83b0e03fa965d447533.zip |
Merge branch 'new_key-value_solution' into moa-id-3.0.0-snapshot
Conflicts:
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
id/server/moa-id-commons/pom.xml
id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
pom.xml
Diffstat (limited to 'id/moa-id-webgui/src/main')
56 files changed, 9423 insertions, 0 deletions
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java new file mode 100644 index 000000000..80ee9d8c1 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java @@ -0,0 +1,273 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui; + +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import org.apache.commons.io.IOUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egiz.components.configuration.file.PropertiesBasedConfiguration; +import at.gv.egiz.components.configuration.meta.api.ConfigurationModul; +import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; +import at.gv.egiz.components.configuration.meta.api.MetadataConfiguration; +import at.gv.egiz.components.configuration.meta.api.SchemaEntry; +import at.gv.egiz.components.configuration.meta.api.impl.BaseMetadataConfiguration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; +import at.gv.egovernment.moa.id.config.webgui.validation.MOAIDConfigurationValidator; + +/** + * @author tlenz + * + */ +@Service +public class MOAIDConfigurationModul implements ConfigurationModul{ + + private static final String MODULE_NAME = "MOAIDConfigurationModul"; + + private static MOAIDConfiguration config; + private static Configuration meta; + private static MetadataConfiguration metadata = null; + + private List<SchemaEntry> schemaList = new ArrayList<SchemaEntry>(); + private static final Logger logger = LoggerFactory.getLogger(MOAIDConfigurationModul.class); + + static { + logger.info("Loading class {}", MOAIDConfigurationModul.class.getName()); + try { + meta = new PropertiesBasedConfiguration(MOAIDConfigurationModul.class.getResourceAsStream("/gui/meta.properties")); + + } catch (IOException | ConfigurationException e) { + logger.error("Failed to build internal datasets in MOAIDConfiguration modul!"); + + } + } + + @Autowired + public void setDatabaseConfiguration(MOAIDConfiguration dbconfig) { + config = dbconfig; + } + + /** + * @throws Exception + * + */ + public MOAIDConfigurationModul() throws Exception { + loadType("general", "/gui/types/general.json"); + loadType("moaidoa", "/gui/types/oa.json"); + loadType("moaidvidp", "/gui/types/vidp.json"); + loadType("moaidiidp", "/gui/types/iidp.json"); + loadType("moaidgateway", "/gui/types/gateway.json"); + + try { + MOAIDWebGUIConfiguration.getInstance(); + + } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { + logger.error("MOA-ID WebGUI initialization FAILED! (Reason: {})", e.getMessage()); + throw new Exception(e); + + } + + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.configuration.meta.api.ConfigurationModul#getSchemas() + */ + @Override + public List<SchemaEntry> getSchemas() { + return schemaList; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.configuration.meta.api.ConfigurationModul#getName() + */ + @Override + public String getName() { + return MODULE_NAME; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.configuration.meta.api.ConfigurationModul#getPrefix() + */ + @Override + public String getPrefix() { + return MOAIDConfigurationConstants.PREFIX_MOAID; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.configuration.meta.api.ConfigurationModul#getConfigurationAccess() + */ + @Override + public Configuration getConfigurationAccess() { + return config; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.configuration.meta.api.ConfigurationModul#getMetadataConfiguration() + */ + @Override + public MetadataConfiguration getMetadataConfiguration() { + if (metadata == null) { + metadata = new BaseMetadataConfiguration(config, meta); + + } + return metadata; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.configuration.meta.api.ConfigurationModul#buildArrayIdentifier(java.lang.String, int, java.util.Map) + */ + @Override + public String buildArrayIdentifier(String arrayId, int refCounter, + Map<String, String> properties) throws ConfigurationException { + logger.trace("Search next free list index for key: " + arrayId); + + if (arrayId.startsWith(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) { + String[] allListKeys = config.findConfigurationId(arrayId + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + int freeIndex = KeyValueUtils.findNextFreeListCounter(allListKeys, arrayId) + refCounter; + logger.debug("Found free listIndex: " + freeIndex + " for serviceKey: " + arrayId); + return String.valueOf(freeIndex); + + } else { + logger.warn("Actually, only services are from type array and need an index."); + throw new ConfigurationException("Actually, only services are from type array and need an index."); + + } + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.configuration.meta.api.ConfigurationModul#storeChanges(java.util.Map, java.util.Map, java.util.List) + */ + @Override + public void storeChanges(Map<String, String> changed, + Map<String, String> added, List<String> deleted) + throws ConfigurationStorageException { + + logger.debug("Start configuration saving process ..."); + MOAIDConfigurationValidator configValidator = new MOAIDConfigurationValidator(); + int numOfGroups = configValidator.preProcess(changed, added, deleted); + + if (configValidator.getPreProcessedConfigurationData() != null && + numOfGroups > 0) { + logger.trace("Validate {} groups of key/value pairs", numOfGroups); + try { + configValidator.validate(); + + } catch (ConfigurationValidationException e) { + logger.warn("Validation of MOA-ID configuration FAILED."); + + //TODO: update ConfigurationStorageException to add specific information of validation errors + throw new ConfigurationStorageException( + "Configuration validation finds " + e.getValidationErrors().size() + " errors!", + e, false, false); + } + + try { + logger.trace("PreProcess configuration before saving."); + Map<String, String> configToStore = configValidator.postProcessing(deleted); + + //store all keys + logger.debug("Store {} key/value pairs to configuration", configToStore.size()); + Iterator<Entry<String, String>> storageInterator = configToStore.entrySet().iterator(); + while (storageInterator.hasNext()) { + Entry<String, String> el = storageInterator.next(); + try { + config.setStringValue(el.getKey(), el.getValue()); + logger.trace("Store key: " + el.getKey() + " with value: " + + el.getValue()); + + } catch (ConfigurationException e) { + logger.error("Store key: " + el.getKey() + " with value: " + + el.getValue() + " FAILED.", e); + + } + } + + //delete all unused keys + deleteEntries(deleted); + + } catch (Exception e) { + logger.warn("Configuration post-processing FAILED.", e); + throw new ConfigurationStorageException("Configuration can not be stored.", e); + + } + + + } else if (deleted != null && deleted.size() > 0) { + deleteEntries(deleted); + + + } else { + logger.info("Configuration saving process finished without operations: No key/value pairs found."); + + } + } + + private void deleteEntries(List<String> deleted) { + logger.debug("Delete {} keys pairs from configuration", deleted.size()); + Iterator<String> deleteInterator = deleted.iterator(); + while (deleteInterator.hasNext()) { + String el = deleteInterator.next(); + try { + config.deleteIds(el); + logger.trace("Delete key {}", el); + + } catch (ConfigurationException e) { + logger.error("Delete key: " + el + " FAILED.", e); + + } + } + + } + + private void loadType(String name, String resource) { + InputStream is = null; + try { + SchemaEntry entry = new SchemaEntry(); + is = MOAIDConfigurationModul.class.getResourceAsStream(resource); + entry.jsonSchema = IOUtils.toString(is); + entry.typeName = name; + schemaList.add(entry); + } catch (IOException e) { + logger.error("Failed to load Type OA!", e); + } finally { + IOUtils.closeQuietly(is); + } + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java new file mode 100644 index 000000000..f9f8d1d2d --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDSpringResourceProvider.java @@ -0,0 +1,86 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolPVP2XTask; + +/** + * @author tlenz + * + */ +public class MOAIDSpringResourceProvider implements SpringResourceProvider { + + private static final Logger log = LoggerFactory.getLogger(MOAIDSpringResourceProvider.class); + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { +// try { + //TODO: is not a nice solution -> fix in futher version + //MOAIDWebGUIConfiguration moaIdWebguiConfig = MOAIDWebGUIConfiguration.getInstance(); + //JPAPropertiesWithJavaConfig.setLocalProperties(moaIdWebguiConfig.getDatabaseProperties()); + + ClassPathResource databasecontextconfig = new ClassPathResource("/configuration.beans.xml", MOAIDSpringResourceProvider.class); + ClassPathResource webguicontextconfig = new ClassPathResource("/moaid.webgui.beans.xml", MOAIDSpringResourceProvider.class); + ClassPathResource webguidatabasecontextconfig = new ClassPathResource("/moaid.migration.beans.xml", MOAIDSpringResourceProvider.class); + + + + return new Resource[] {databasecontextconfig, webguidatabasecontextconfig, webguicontextconfig}; + +// } catch (ConfigurationException e) { +// log.error("Can not load MOA-ID WebGUI configuration.", e); +// return null; +// +// } + + + + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "MOAIDConfiguration_SpringResourceDefinition"; + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java new file mode 100644 index 000000000..0a3a9eef8 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java @@ -0,0 +1,160 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.Properties; + +import org.opensaml.DefaultBootstrap; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Service +public class MOAIDWebGUIConfiguration { + + private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; + + private static final Logger log = LoggerFactory.getLogger(MOAIDWebGUIConfiguration.class); + + + + private Properties props; + private String configFileName; + private String configRootDir; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.commons.config.persistence.LocalConfigurationBean#getLocalDatabaseProperties() + */ + + private static MOAIDWebGUIConfiguration instance = null; + + public static MOAIDWebGUIConfiguration getInstance() throws ConfigurationException { + if (instance == null) { + instance = new MOAIDWebGUIConfiguration(); + + } + return instance; + } + + + MOAIDWebGUIConfiguration() throws ConfigurationException { + configFileName = System.getProperty(SYSTEM_PROP_CONFIG); + + if (configFileName == null) { + throw new ConfigurationException("config.05"); + } + try { + URI fileURI = new URI(configFileName); + + // determine the directory of the root config file + configRootDir = new File(fileURI).getParent(); + + log.info("Loading MOA-ID WebGUI configuration from file " + fileURI); + + //Load MOAID-2.0 properties file + + File propertiesFile = new File(fileURI); + FileInputStream fis; + props = new Properties(); + + fis = new FileInputStream(propertiesFile); + props.load(fis); + + fis.close(); + + log.debug("OpenSAML initialization started ..."); + DefaultBootstrap.bootstrap(); + log.info("OpenSAML initialization complete."); + + log.info("Pre-Initialization step of MOA-ID WebGUI module finished ... "); + + + } catch (FileNotFoundException e) { + throw new ConfigurationException("config.01", new Object[]{configFileName}, e); + + } catch (IOException e) { + throw new ConfigurationException("config.02", new Object[]{configFileName}, e); + + } catch (org.opensaml.xml.ConfigurationException e) { + throw new ConfigurationException("config.04", e); + + } catch (URISyntaxException e) { + throw new ConfigurationException("config.06", new Object[]{MOAIDConfigurationConstants.FILE_URI_PREFIX, configFileName}, e); + + } + } + +// @Override +// protected Properties getLocalDatabaseProperties() { +// return this.props; +// } + + public String getConfigFile() { + return configFileName; + } + + public String getConfigRootDir() { + return configRootDir; + } + + public String getCertStoreDirectory() throws ConfigurationException { + String dir = props.getProperty("general.ssl.certstore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore."); + + } + + public String getTrustStoreDirectory() throws ConfigurationException { + String dir = props.getProperty("general.ssl.truststore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore."); + + } + + public boolean isPVPMetadataSchemaValidationActive() { + return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true")); + + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java new file mode 100644 index 000000000..2f2decab9 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationException.java @@ -0,0 +1,48 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; + + +public class ConfigurationException extends Exception { + + private static final long serialVersionUID = 1L; + + public ConfigurationException(String errorname) { + super(LanguageHelper.getErrorString(errorname, null)); + } + + public ConfigurationException(String errorname, Throwable e) { + super(LanguageHelper.getErrorString(errorname, null), e); + } + + public ConfigurationException(String errorname, Object[] params, Throwable e) { + super(LanguageHelper.getErrorString(errorname, params), e); + } + + public ConfigurationException(Throwable e) { + super(e); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationModulValidationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationModulValidationException.java new file mode 100644 index 000000000..b2103da54 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationModulValidationException.java @@ -0,0 +1,53 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import java.util.Arrays; +import java.util.List; + +/** + * @author tlenz + * + */ +public class ConfigurationModulValidationException extends + ConfigurationValidationException { + + /** + * @param errors + */ + public ConfigurationModulValidationException( + List<ValidationObjectIdentifier> errors) { + super(errors); + } + + /** + * @param validationObjectIdentifier + */ + public ConfigurationModulValidationException( + ValidationObjectIdentifier validationObjectIdentifier) { + super(Arrays.asList(validationObjectIdentifier)); + } + + private static final long serialVersionUID = 2961444276927305856L; + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationTaskValidationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationTaskValidationException.java new file mode 100644 index 000000000..6ce2ccbb6 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationTaskValidationException.java @@ -0,0 +1,54 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import java.util.Arrays; +import java.util.List; + +/** + * @author tlenz + * + */ +public class ConfigurationTaskValidationException extends + ConfigurationModulValidationException { + + /** + * @param errors + */ + public ConfigurationTaskValidationException( + List<ValidationObjectIdentifier> errors) { + super(errors); + } + + /** + * @param validationObjectIdentifier + */ + public ConfigurationTaskValidationException( + ValidationObjectIdentifier validationObjectIdentifier) { + super(Arrays.asList(validationObjectIdentifier)); + + } + + private static final long serialVersionUID = -8983804572579884044L; + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationValidationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationValidationException.java new file mode 100644 index 000000000..859f2e45e --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ConfigurationValidationException.java @@ -0,0 +1,49 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import java.util.List; + +/** + * @author tlenz + * + */ +public class ConfigurationValidationException extends Exception { + + private static final long serialVersionUID = 1L; + + List<ValidationObjectIdentifier> errors = null; + + /** + * + */ + public ConfigurationValidationException(List<ValidationObjectIdentifier> errors) { + this.errors = errors; + } + + public List<ValidationObjectIdentifier> getValidationErrors() { + return this.errors; + + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java new file mode 100644 index 000000000..3c0827a62 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SchemaValidationException.java @@ -0,0 +1,43 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import org.opensaml.saml2.metadata.provider.FilterException; + +/** + * @author tlenz + * + */ +public class SchemaValidationException extends FilterException { + + /** + * @param string + */ + public SchemaValidationException(String string) { + super(string); + + } + + private static final long serialVersionUID = 1L; + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java new file mode 100644 index 000000000..7c4c48e6b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/SignatureValidationException.java @@ -0,0 +1,58 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.exception; + +import org.opensaml.saml2.metadata.provider.FilterException; + +/** + * @author tlenz + * + */ +public class SignatureValidationException extends FilterException { + + /** + * @param string + */ + public SignatureValidationException(String string) { + super(string); + + } + + /** + * @param e + */ + public SignatureValidationException(Exception e) { + super(e); + } + + /** + * @param string + * @param object + */ + public SignatureValidationException(String string, Exception e) { + super(string, e); + } + + private static final long serialVersionUID = 1L; + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ValidationObjectIdentifier.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ValidationObjectIdentifier.java new file mode 100644 index 000000000..0a6112ebb --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/exception/ValidationObjectIdentifier.java @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.exception; + +/** + * @author tlenz + * + */ +public class ValidationObjectIdentifier { + private String key; + private String friendlyName; + private String message; + + /** + * Create a validation error object identifier + * + * @param key configuration key + * @param friendlyName friendly name in configuration GUI + * @param message error message + */ + public ValidationObjectIdentifier(String key, String friendlyName, String message) { + this.key = key; + this.friendlyName = friendlyName; + this.message = message; + } + + + /** + * @return the configuration key + */ + public String getKey() { + return key; + } + /** + * @return the friendly name, which is used in the GUI + */ + public String getFriendlyName() { + return friendlyName; + } + /** + * @return the error message + */ + public String getMessage() { + return message; + } +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/helper/LanguageHelper.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/helper/LanguageHelper.java new file mode 100644 index 000000000..122626ae8 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/helper/LanguageHelper.java @@ -0,0 +1,81 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.config.webgui.helper; + +import java.text.MessageFormat; +import java.util.Locale; +import java.util.ResourceBundle; + + +public class LanguageHelper { + + + private static String errorLanguage(String code, Locale locale) { + return ResourceBundle.getBundle("applicationResources", locale).getString(code); + + } + + private static String guiLanguage(String code, Locale locale) { + return ResourceBundle.getBundle("applicationResources", locale).getString(code); + + } + + public static String getGUIString(String code) { + return guiLanguage(code, getLangFromConfig()); + } + + + public static String getErrorString(String code) { + return errorLanguage(code, getLangFromConfig()); + } + + public static String getGUIString(String code, String parameter) { + return MessageFormat.format(getGUIString(code), parameter); + } + + public static String getErrorString(String code, Object[] parameter) { + + return MessageFormat.format(getGUIString(code), parameter); + } + + + private static Locale getLangFromConfig() { + + Locale defaultLanguage = Locale.forLanguageTag("de"); + +// try { +// ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); +// defaultLanguage = Locale.forLanguageTag(configurationProvider.getDefaultLanguage()); +// +// } catch (ConfigurationException e) { +// log.error("Configuration exception while getting ConfigurationProvider instance", e); +// } + + + return defaultLanguage; + + + + } +} + diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java new file mode 100644 index 000000000..5fc5b86d2 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java @@ -0,0 +1,309 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation; + +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.ServiceLoader; +import java.util.Map.Entry; +import java.util.Set; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException; +import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; + +/** + * @author tlenz + * + */ +public class MOAIDConfigurationValidator { + private static final Logger logger = LoggerFactory.getLogger(MOAIDConfigurationValidator.class); + private static MOAIDConfiguration dbconfig; + + private static ServiceLoader<IModuleValidator> moduleLoader = + ServiceLoader.load(IModuleValidator.class); + private static Map<String, IModuleValidator> moduleValidator = null; + + private static ServiceLoader<IDynamicLoadableTaskValidator> taskLoader = + ServiceLoader.load(IDynamicLoadableTaskValidator.class); + + private Map<String, Map<String,String>> data = null; + private boolean isDataValidated = false; + + @Autowired + public void setDatabaseConfiguration(MOAIDConfiguration config) { + dbconfig = config; + + } + + /** + * + */ + public MOAIDConfigurationValidator() { + //load modules + if (moduleValidator == null ) { + moduleValidator = new HashMap<String, IModuleValidator>(); + Iterator<IModuleValidator> moduleLoaderInterator = moduleLoader.iterator(); + while (moduleLoaderInterator.hasNext()) { + IModuleValidator modul = moduleLoaderInterator.next(); + logger.info("Load validation module for key: {}", modul.getKeyPrefix()); + moduleValidator.put(modul.getKeyPrefix(), modul); + + } + + //load dynamic tasks + Iterator<IDynamicLoadableTaskValidator> taskLoaderInterator = taskLoader.iterator(); + while (taskLoaderInterator.hasNext()) { + IDynamicLoadableTaskValidator task = taskLoaderInterator.next(); + List<String> modulesToInject = task.getModulValidatorPrefix(); + for (String el : modulesToInject) { + if (moduleValidator.containsKey(el)) { + moduleValidator.get(el).addTaskValidator(task); + logger.info("Task " + task.getName() + + " is injected to module with prefix " + el); + + } else { + logger.warn("Task " + task.getName() + + " could NOT injected: No module with prefix " + el); + + } + } + } + } + } + + /** + * Get the internal key/value configuration data set + * + * @return full configuration block of key/value pairs {Map<String, String>} sorted by MOA-ID configuration groups or null if preprocessing was done + */ + public Map<String, Map<String,String>> getPreProcessedConfigurationData() { + return data; + } + + /** + * PreProcess MOA-ID key/value configuration before validation and sort the keys into MOA-ID configuration groups + * + * @param changed all changed key/value pairs + * @param added all added key/value pairs + * @param deleted all deleted key/value pairs + * @return Number of MOA-ID configuration groups which was found + */ + public int preProcess(Map<String, String> changed, + Map<String, String> added, List<String> deleted) { + data = new HashMap<String, Map<String, String>>(); + + //classify changed key/value pairs + keyValueClassification(changed.entrySet().iterator(), data); + + //classify new key/value pairs + keyValueClassification(added.entrySet().iterator(), data); + + return data.size(); + } + + /** + * Validate MOA-ID key/value configuration before saving + * + * @throws ConfigurationValidationException + */ + + public void validate() throws ConfigurationValidationException { + logger.trace("Starting MOA-ID configuration validation process ..."); + + Iterator<Entry<String, Map<String, String>>> groupInterator = data.entrySet().iterator(); + while (groupInterator.hasNext()) { + Entry<String, Map<String, String>> groupEl = groupInterator.next(); + + try { + if (groupEl.getKey().startsWith(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) { + String moduleID = KeyValueUtils.getParentKey(groupEl.getKey()); + if (moduleValidator.containsKey(moduleID)) { + logger.trace("Starting validation process of keyGroup: " + groupEl.getKey() + + " with module: " + moduleValidator.get(moduleID).getName()); + Map<String, String> servicekeys = KeyValueUtils.removePrefixFromKeys(groupEl.getValue(), groupEl.getKey()); + + //put service prefix to validation Map to check if service already stored + servicekeys.put(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES, groupEl.getKey()); + + moduleValidator.get(moduleID) + .validate(servicekeys); + + } else + logger.info("No ModulValidator for keygroup {} found.", moduleID); + + } else if (moduleValidator.containsKey(groupEl.getKey())) { + logger.trace("Starting validation process of keyGroup: " + groupEl.getKey() + + " with module: " + moduleValidator.get(groupEl.getKey()).getName()); + moduleValidator.get(groupEl.getKey()) + .validate(KeyValueUtils.removePrefixFromKeys(groupEl.getValue(), groupEl.getKey())); + + } else { + logger.info("No ModulValidator for keygroup {} found.", groupEl.getKey()); + + } + + } catch (ConfigurationModulValidationException e) { + logger.warn("Validation of keyGroup: " + groupEl.getKey() + + " FAILED with " + e.getValidationErrors().size() + " errors"); + throw e; + + } + + } + isDataValidated = true; + } + + /** + * Post-process the validated configuration to generate storeable key/value pairs + * @param deleted + * + * @return {Map<String, String>} of key/value pairs which could be stored into configuration + */ + + public Map<String, String> postProcessing(List<String> deleted) { + if (!isDataValidated) + logger.warn("Post-Processing non validated key/value pairs!"); + + Map<String, String> configToStore = new HashMap<String, String>(); + + Iterator<Entry<String, Map<String, String>>> groupInterator = data.entrySet().iterator(); + while (groupInterator.hasNext()) { + Entry<String, Map<String, String>> groupEl = groupInterator.next(); + + try { + if (groupEl.getKey().startsWith(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) { + String moduleID = KeyValueUtils.getParentKey(groupEl.getKey()); + if (moduleValidator.containsKey(moduleID)) { + logger.trace("Start postProcessing of keyGroup: " + groupEl.getKey() + + " with module: " + moduleValidator.get(moduleID).getName()); + postProcessing(groupEl, moduleValidator.get(moduleID), configToStore, deleted); + + } else + logger.info("No Module for keygroup {} found.", moduleID); + + } else if (moduleValidator.containsKey(groupEl.getKey())) { + logger.trace("Start postProcessing of keyGroup: " + groupEl.getKey() + + " with module: " + moduleValidator.get(groupEl.getKey()).getName()); + postProcessing(groupEl, moduleValidator.get(groupEl.getKey()), configToStore, deleted); + + } else { + logger.info("No ModulValidator for keygroup {} found.", groupEl.getKey()); + + } + + } catch (Exception e) { + logger.error("Post-Processing for keygroup: " + groupEl.getKey() + " FAILED!", e); + + } + + } + return configToStore; + } + + private void postProcessing(Entry<String, Map<String, String>> groupEl, + IModuleValidator module, Map<String, String> configToStore, List<String> deleted ) { + + //add all key/value pairs from user configuration GUI + configToStore.putAll(KeyValueUtils.makeKeysAbsolut( + groupEl.getValue(), + groupEl.getKey(), + MOAIDConfigurationConstants.PREFIX_MOAID)); + + //add or update key/value pairs from users with module or task specific information + Map<String, String> toBeAdded = module.postProcessing( + KeyValueUtils.removePrefixFromKeys(groupEl.getValue(), groupEl.getKey()), + deleted, + dbconfig); + if (toBeAdded != null) { + toBeAdded = KeyValueUtils.makeKeysAbsolut(toBeAdded, groupEl.getKey(), MOAIDConfigurationConstants.PREFIX_MOAID); + for (Entry<String, String> el : toBeAdded.entrySet()) { + if (configToStore.containsKey(el.getKey())) { + logger.info("Overwrite key: " + el.getKey() + + " userValue:" + configToStore.get(el.getKey()) + + " postProcessing: " + toBeAdded.get(el.getKey())); + + } + configToStore.put(el.getKey(), el.getValue()); + } + } + + } + + private void keyValueClassification(Iterator<Entry<String, String>> config, Map<String, Map<String,String>> result) { + Set<String> validationModuleKeys = moduleValidator.keySet(); + + while(config.hasNext()) { + Entry<String, String> el = config.next(); + logger.trace("Preprocess configuration element with key: " + + el.getKey() + " value: " + el.getValue()); + + //search configuration module + IModuleValidator selectedModul = null; + for (String key : validationModuleKeys) { + if (el.getKey().startsWith(key)) { + selectedModul = moduleValidator.get(key); + break; + } + } + + //group key/value pair to configuration modules + if (selectedModul != null) { + String groupkey = null; + if (selectedModul.getKeyPrefix().startsWith(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES)) { + String oaIndex = KeyValueUtils.getFirstChildAfterPrefix(el.getKey(), selectedModul.getKeyPrefix()); + groupkey = selectedModul.getKeyPrefix() + "." + oaIndex; + + } else + groupkey = selectedModul.getKeyPrefix(); + + if (!result.containsKey(groupkey)) { + result.put(groupkey, new HashMap<String, String>()); + + } + Map<String, String> resultElement = result.get(groupkey); + logger.trace("Put key/value pair to keyGroup: " + + groupkey + "with friendlyName: " + selectedModul.getName()); + resultElement.put(el.getKey(), el.getValue()); + + } else { + logger.warn("Configuration Key {} is not part of a loaded MOA-ID configuration validation-module!", el.getKey()); + + } + + } + } + + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/AbstractModuleValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/AbstractModuleValidator.java new file mode 100644 index 000000000..076f5c75e --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/AbstractModuleValidator.java @@ -0,0 +1,148 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.modul; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; + +/** + * @author tlenz + * + */ +public abstract class AbstractModuleValidator implements IModuleValidator { + private static final Logger logger = LoggerFactory.getLogger(AbstractModuleValidator.class); + protected List<ITaskValidator>taskValidator = new ArrayList<ITaskValidator>(); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator#validate(java.util.Map) + */ + @Override + public void validate(Map<String, String> input) + throws ConfigurationModulValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + +// //perform whitelist checks +// List<Pattern> allowedPatterns = new ArrayList<Pattern>(); +// for (ITaskValidator task : taskValidator) +// allowedPatterns.addAll(task.getAllAllowedPatterns()); +// +// for (String el : input.keySet()) { +// boolean valid = false; +// +// for (Pattern pat : allowedPatterns) { +// if (pat.matcher(el).matches()) { +// valid = true; +// break; +// } +// } +// +// if (!valid) { +// logger.warn("Task-Validator for keyPrefix: " +// + getKeyPrefix() + " found a non-whitelisted key: " + el); +// throw new ConfigurationModulValidationException( +// new ValidationObjectIdentifier(el, "unkown", "This key is not allowed!")); +// +// } +// } + + for (ITaskValidator task : taskValidator) { + try { + task.validate(input); + + } catch (ConfigurationTaskValidationException e) { + logger.debug("Task " + task.getName() + + " found " + e.getValidationErrors().size() + + " errors in configuration"); + errors.addAll(e.getValidationErrors()); + } + } + + if (!errors.isEmpty()) + throw new ConfigurationModulValidationException(errors); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator#validate(java.util.Map) + */ + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + Map<String, String> added = new HashMap<String, String>(); + + for (ITaskValidator task : taskValidator) { + try { + Map<String, String> taskResult = task.postProcessing(input, keysToDelete, dbconfig); + if (taskResult != null) + added.putAll(taskResult); + + } catch (Exception e) { + logger.warn("Post processing of task: " + task.getName() + + " FAILED!", e); + + } + } + if (added.isEmpty()) + return null; + else + return added; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator#getKeyPrefix() + */ + @Override + abstract public String getKeyPrefix(); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator#getName() + */ + @Override + abstract public String getName(); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator#addTaskValidator(at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicTaskValidator) + */ + @Override + public void addTaskValidator(IDynamicLoadableTaskValidator validator) { + taskValidator.add(validator); + + } + + protected void addTaskValidator(ITaskValidator validator) { + taskValidator.add(validator); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/IModuleValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/IModuleValidator.java new file mode 100644 index 000000000..3ee665a87 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/IModuleValidator.java @@ -0,0 +1,79 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.modul; + +import java.util.List; +import java.util.Map; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; + +/** + * @author tlenz + * + */ +public interface IModuleValidator { + + /** + * Validate a specific key/value configuration + * + * @param input key/value configuration pairs without prefix + * @throws ConfigurationModulValidationException + */ + public void validate(Map<String, String> input) throws ConfigurationModulValidationException; + + /** + * Get module specific additional key/value pairs which must be added + * + * @param input Set of key/value pairs + * @param keysToDelete List<String> of keys which should be deleted + * @param dbconfig {Configuration} to access the current used configuration + * @return {Map<String, String>} of key/value pairs which had to be added to configuration or null + */ + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig); + + + /** + * Key prefix for which this validation module is sensitive + * + * @return + */ + public String getKeyPrefix(); + + /** + * Friendly name of the validation module + * + * @return + */ + public String getName(); + + + /** + * + * + * @param validator + */ + public void addTaskValidator(IDynamicLoadableTaskValidator validator); +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java new file mode 100644 index 000000000..e7775beba --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GatewayValidator.java @@ -0,0 +1,58 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; + +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesPVPGatewayTask; + +/** + * @author tlenz + * + */ +public class GatewayValidator extends AbstractModuleValidator { + + public GatewayValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesPVPGatewayTask()); + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_GATEWAY; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getName() + */ + @Override + public String getName() { + return "MOA-ID STORK<->PVP Gateway Configuration"; + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GeneralConfigurationValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GeneralConfigurationValidator.java new file mode 100644 index 000000000..01114d235 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/GeneralConfigurationValidator.java @@ -0,0 +1,62 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; + +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.GeneralMOAIDConfigurationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.GeneralOpenIDConfigurationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.GeneralPVP2XConfigurationTask; + +/** + * @author tlenz + * + */ +public class GeneralConfigurationValidator extends AbstractModuleValidator { + + + public GeneralConfigurationValidator() { + //add default task to this module + addTaskValidator(new GeneralMOAIDConfigurationTask()); + addTaskValidator(new GeneralPVP2XConfigurationTask()); + addTaskValidator(new GeneralOpenIDConfigurationTask()); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getName() + */ + @Override + public String getName() { + return "General MOA-ID Configuration"; + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java new file mode 100644 index 000000000..5b9312e8e --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/InterfederationIDPValidator.java @@ -0,0 +1,57 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; + +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesInterfederationIDPTask; + +/** + * @author tlenz + * + */ +public class InterfederationIDPValidator extends AbstractModuleValidator { + + public InterfederationIDPValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesInterfederationIDPTask()); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_IIDP; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getName() + */ + @Override + public String getName() { + return "MOA-ID Interfederation IDP Configuration"; + } +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java new file mode 100644 index 000000000..dbce8ec3a --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/OnlineApplicationValidator.java @@ -0,0 +1,71 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; + +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesAuthenticationInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesBKUSelectionTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolSAML1Task; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesSSOAuthenticationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesTargetTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesbPKDecryptionTask; + +/** + * @author tlenz + * + */ +public class OnlineApplicationValidator extends AbstractModuleValidator { + + /** + * + */ + public OnlineApplicationValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesTargetTask()); + addTaskValidator(new ServicesAuthenticationInformationTask()); + addTaskValidator(new ServicesSSOAuthenticationTask()); + addTaskValidator(new ServicesbPKDecryptionTask()); + addTaskValidator(new ServicesProtocolSAML1Task()); + addTaskValidator(new ServicesBKUSelectionTask()); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getName() + */ + @Override + public String getName() { + return "MOA-ID Online-Application Configuration"; + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java new file mode 100644 index 000000000..ad3c15b16 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/modul/impl/VIDPValidator.java @@ -0,0 +1,61 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.modul.impl; + +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.validation.modul.AbstractModuleValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesBKUSelectionTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask; +import at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesTargetTask; + +/** + * @author tlenz + * + */ +public class VIDPValidator extends AbstractModuleValidator { + + + public VIDPValidator() { + addTaskValidator(new ServicesGeneralInformationTask()); + addTaskValidator(new ServicesTargetTask()); + addTaskValidator(new ServicesBKUSelectionTask()); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_VIDP; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.IModuleValidator#getName() + */ + @Override + public String getName() { + return "MOA-ID V-IDP Configuration"; + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java new file mode 100644 index 000000000..a124949f1 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/AbstractTaskValidator.java @@ -0,0 +1,106 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; + +/** + * @author tlenz + * + */ +public abstract class AbstractTaskValidator implements ITaskValidator { + private static final Logger logger = LoggerFactory.getLogger(AbstractTaskValidator.class); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) + */ + @Override + public void validate(Map<String, String> input) + throws ConfigurationTaskValidationException { + + //start task specific validation + taskValidate(input); + + } + + /** + * Validate a specific set of key/value pairs without whitelist checks + * + * @param input Key/Value pairs of a module for validation + * @throws ConfigurationModulValidationException + */ + abstract protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + abstract public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + abstract public String getKeyPrefix(); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + abstract public String getName(); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getAllAllowedKeys() + */ + @Override + abstract public List<Pattern> getAllAllowedPatterns(); + + protected List<Pattern> generatePatternsFromKeys(List<String> keys) { + List<Pattern> patterns = new ArrayList<Pattern>(); + for (String key : keys) { + if (key != null) { + String patternKey; + if (key.contains(".")) { + patternKey = key.replaceAll("\\.", "\\\\."); + } else + patternKey = key; + + patterns.add(Pattern.compile(patternKey)); + } else + logger.info("Found NULL key in whitelist of task: " + getName()); + } + return patterns; + } +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/IDynamicLoadableTaskValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/IDynamicLoadableTaskValidator.java new file mode 100644 index 000000000..b1a38ab67 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/IDynamicLoadableTaskValidator.java @@ -0,0 +1,39 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task; + +import java.util.List; + +/** + * @author tlenz + * + */ +public interface IDynamicLoadableTaskValidator extends ITaskValidator { + + /** + * Get a list of {IModuleValidator} prefixes in which this task should be added + * + * @return List of prefix keys + */ + public List<String> getModulValidatorPrefix(); +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/ITaskValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/ITaskValidator.java new file mode 100644 index 000000000..f91440d3a --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/ITaskValidator.java @@ -0,0 +1,79 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task; + +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; + +/** + * @author tlenz + * + */ +public interface ITaskValidator { + + /** + * Validate a specific set of key/value pairs (whitelist checks are included) + * + * @param input Key/Value pairs of a module for validation + * @throws ConfigurationModulValidationException + */ + public void validate(Map<String, String> input) throws ConfigurationTaskValidationException; + + /** + * Get task specific key/value pairs which must be added + * The return keys must be full qualified according to the MOA-ID key namespace definition + * + * @param input Set of key/value pairs + * @param keysToDelete List<String> of keys which should be deleted + * @param dbconfig {Configuration} to access the current used configuration + * @return {Map<String, String>} of key/value pairs which had to be added to configuration or null + */ + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig); + + /** + * Get a key prefix for with this validation task is sensitive + * + * @return keyPrefix {String} or null if no prefix is defined + */ + public String getKeyPrefix(); + + /** + * Get the friendly name of this validation task + * + * @return friendlyName {String} + */ + public String getName(); + + /** + * Get a list of keys which are white listed for this task + * + * @return {List<Pattern>} of keys which are allowed + */ + public List<Pattern> getAllAllowedPatterns(); + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java new file mode 100644 index 000000000..b8836b90c --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java @@ -0,0 +1,579 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator implements ITaskValidator { + + private static final Logger log = LoggerFactory.getLogger(GeneralMOAIDConfigurationTask.class); + public static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_ONLINE, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_NAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_TEST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_TEST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_REVOCATIONCHECKING, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_CREATE, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_UPDATE, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUTS_TRANSACTION, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_LEGACY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + //check all keys against key whitelist + + + String check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("SAML1 SourceID contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID, + "SAML1 - SourceID", + LanguageHelper.getErrorString("validation.general.SAML1SourceID", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Public URL Prefix is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, + "Public URL Prefix", + LanguageHelper.getErrorString("validation.general.publicURLprefix.valid"))); + } + } else { + log.info("PublicURL Prefix is empty."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, + "Public URL Prefix", + LanguageHelper.getErrorString("validation.general.publicURLprefix.empty"))); + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUTS_TRANSACTION, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Assertion Timeout is no number " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUTS_TRANSACTION, + "Timeout - Transaction", + LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); + } + } + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_CREATE, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionCreated Timeout is no number " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_CREATE, + "Timeout - SSO created", + LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); + } + } + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_UPDATE, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionUpdated Timeout is no number " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_UPDATE, + "Timeout - SSO updated", + LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.isValidOAIdentifier(check)) { + log.warn("CertStoreDirectory contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, + "Certificate - CertStore Directory", + LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); + } + } else { + log.info("CertStoreDirectory is empty."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, + "Certificate - CertStore Directory", + LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty"))); + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY, + "Default BKUs - Handy", + LanguageHelper.getErrorString("validation.general.bku.handy.valid"))); + } + } else { + log.info("Empty Handy-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY, + "Default BKUs - Handy", + LanguageHelper.getErrorString("validation.general.bku.handy.empty"))); + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL, + "Default BKUs - Local", + LanguageHelper.getErrorString("validation.general.bku.local.valid"))); + } + } else { + log.info("Empty Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL, + "Default BKUs - Local", + LanguageHelper.getErrorString("validation.general.bku.local.empty"))); + + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE, + "Default BKUs - Online", + LanguageHelper.getErrorString("validation.general.bku.online.valid"))); + } + } else { + log.info("Empty Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_ONLINE, + "Default BKUs - Online", + LanguageHelper.getErrorString("validation.general.bku.online.empty"))); + + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL, + "Services - OVS", + LanguageHelper.getErrorString("validation.general.mandateservice.valid"))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, getKeyPrefix())); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MoaspssAuthTransformation"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, + "MOA-SP - AuthBlocktransformation", + LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty"))); + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("IdentityLinkSigners is not valid: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, + "MOA-SP - AuthBlocktransformationx", + LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ))); + + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, getKeyPrefix())); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Authblock TrustProfile"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, + "MOA-SP - TrustProfile AuthBlock", + LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty"))); + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("Authblock TrustProfile is not valid: " +check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, + "MOA-SP - TrustProfile AuthBlock", + LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, getKeyPrefix())); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, + "MOA-SP - TrustProfile IdL", + LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty"))); + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("IdentityLink TrustProfile is not valid: " +check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, + "MOA-SP - TrustProfile IdL", + LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + } + + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, getKeyPrefix())); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Handy-BKU"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, + "Default SL-Templates - Handy", + LanguageHelper.getErrorString("validation.general.slrequest.handy.empty"))); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate Handy-BKU is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, + "Default SL-Templates - ", + LanguageHelper.getErrorString("validation.general.slrequest.handy.valid"))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, getKeyPrefix())); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate local BKU"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, + "Default SL-Templates - Local", + LanguageHelper.getErrorString("validation.general.slrequest.local.empty"))); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate local BKU is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, + "Default SL-Templates - Local", + LanguageHelper.getErrorString("validation.general.slrequest.local.valid"))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_ONLINE, getKeyPrefix())); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Online-BKU"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_ONLINE, + "Default SL-Templates - Online ", + LanguageHelper.getErrorString("validation.general.slrequest.online.empty"))); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate Online-BKU is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_ONLINE, + "Default SL-Templates - Online", + LanguageHelper.getErrorString("validation.general.slrequest.online.valid"))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("SSO friendlyname is not valid: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, + "SSO - Servicename", + LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.info("SSO SpecialText is not valid: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, + "SSO - AuthBlocktext", + LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} ))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, getKeyPrefix())); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SSO Target"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, + "SSO - Target", + LanguageHelper.getErrorString("validation.general.sso.target.empty"))); + + } else { + + //TODO: maybe store full bPK target (incl. prefix) + if (!ValidationHelper.isValidAdminTarget(check)) { + + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, + "SSO - Target", + LanguageHelper.getErrorString("validation.general.sso.target.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + + String num = check.replaceAll(" ", ""); + + boolean isSSOTargetValid = false; + for (String allowedPrefix : MOAIDConfigurationConstants.ALLOWED_WBPK_PREFIXES) { + if (num.startsWith(allowedPrefix)) { + isSSOTargetValid = true; + break; + } + } + + if (!isSSOTargetValid) { + log.info("Not valid SSO Target"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, + "SSO - Target", + LanguageHelper.getErrorString("validation.general.sso.target.valid"))); + } + + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("SZRGW URL is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_SZRGW_URL, + "Services - SZR-GW URL", + LanguageHelper.getErrorString("validation.general.szrgw.url.valid"))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL, getKeyPrefix())); + if (MiscUtil.isEmpty(check)) { + log.info("Empty TrustCACerts Directory"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL, + "Certificate - TrustStore Directory", + LanguageHelper.getErrorString("validation.general.trustedcacerts.empty"))); + + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("Not valid TrustCACerts Directory"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL, + "Certificate - TrustStore Directory", + LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix())); + if (MiscUtil.isEmpty(check) || check.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + log.info("AuthBlock Transformation file is empty"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, + "AuthBlock - Transformation", + LanguageHelper.getErrorString("validation.general.slrequest.file.empty"))); + + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + + Map<String, String> newConfigValues = new HashMap<String, String>(); + + String pubURLPrefix = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, getKeyPrefix())); + if(pubURLPrefix.endsWith("/")) { + int length = pubURLPrefix.length(); + pubURLPrefix = pubURLPrefix.substring(0, length-1); + newConfigValues.put(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, pubURLPrefix); + log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX + + " from value: " + input.get(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX) + + " to value: " + pubURLPrefix); + } + + String ssoTarget = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, getKeyPrefix())); + if (MiscUtil.isNotEmpty(ssoTarget)) { + String newTarget = null; + if (!ValidationHelper.isValidAdminTarget(ssoTarget)) { + String num = ssoTarget.replaceAll(" ", ""); + String pre = null; + if (!num.startsWith(MOAIDConfigurationConstants.PREFIX_WPBK)) { + //add wbPK prefix + if (num.startsWith(MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN)) { + num = num.substring(MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + pre = MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN; + } + + if (num.startsWith(MOAIDConfigurationConstants.IDENIFICATIONTYPE_ZVR)) { + num = num.substring(MOAIDConfigurationConstants.IDENIFICATIONTYPE_ZVR.length()); + pre = MOAIDConfigurationConstants.IDENIFICATIONTYPE_ZVR; + } + + if (num.startsWith(MOAIDConfigurationConstants.IDENIFICATIONTYPE_ERSB)){ + num = num.substring(MOAIDConfigurationConstants.IDENIFICATIONTYPE_ERSB.length()); + pre = MOAIDConfigurationConstants.IDENIFICATIONTYPE_ERSB; + } + + newTarget = MOAIDConfigurationConstants.PREFIX_WPBK + pre + "+" + num; + + } else { + //wbPK prefix is already added + newTarget = num; + + } + + newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET + , newTarget); + log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET + + " from value: " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET) + + " to value: " + newTarget); + + } else { + //TODO: maybe store full bPK target (incl. prefix) + newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET + , ssoTarget); + log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET + + " from value: " + input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, getKeyPrefix())) + + " to value: " + ssoTarget); + + } + } + + //TODO: add AuthBlock transformation filename + String authBlockTransformation = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix())); + + String[] splittet = authBlockTransformation.split(","); + if (splittet.length > 1) { + newConfigValues.put(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, + splittet[1]); + log.debug("Extract AuthBlock Transformation from GUI upload and add it to key: {}", MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "General MOA-ID Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java new file mode 100644 index 000000000..35fed19a3 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java @@ -0,0 +1,95 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; + +/** + * @author tlenz + * + */ +public class GeneralOpenIDConfigurationTask extends AbstractTaskValidator { + + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_ENABLED, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_LEGACY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getName() + */ + @Override + public String getName() { + return "General OpenID Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java new file mode 100644 index 000000000..a593b5461 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java @@ -0,0 +1,236 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class GeneralPVP2XConfigurationTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger logger = LoggerFactory.getLogger(GeneralPVP2XConfigurationTask.class); + + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_LEGACY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_COMPANY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_FAMLIYNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_GIVENNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_MAIL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_PHONE, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_TYPE, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_FULLNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_SHORTNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + public static final List<String> AllowedTypes= Arrays.asList( + "technical", + "support", + "administrative", + "billing", + "other"); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String check = + input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + logger.info("PVP2 IssuerName is not valid: " + check); + errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME, + "Service Name", + LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } + + check = + input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_FULLNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + logger.info("PVP2 organisation display name is not valid: " + check); + errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_FULLNAME, + "Organisation - Full name", + LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_SHORTNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + logger.info("PVP2 organisation name is not valid: " + check); + errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_SHORTNAME, + "Organisation - Short name", + LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + logger.info("PVP2 organisation URL is not valid"); + errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_URL, + "Organisation - URL", + LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid"))); + } + } + + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_COMPANY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + logger.info("PVP2 Contact: Company is not valid: " + check); + errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_COMPANY, + "Contact - Company", + LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_GIVENNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + logger.info("PVP2 Contact: GivenName is not valid: " + check); + errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_GIVENNAME, + "Contact - GivenName", + LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_FAMLIYNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + logger.info("PVP2 Contact: SureName is not valid: " + check); + errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_FAMLIYNAME, + "Contact - FamilyName", + LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_TYPE, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (MiscUtil.isNotEmpty(check)) { + if (!AllowedTypes.contains(check)) { + errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_TYPE, + "Contact - Type", + LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid"))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_MAIL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_MAIL, + "Contact - Mail", + LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid"))); + } + } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_PHONE, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validatePhoneNumber(check)) { + errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_PHONE, + "Contact - Phone", + LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid"))); + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "General PVP2X Configuration Task"; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java new file mode 100644 index 000000000..c6086583a --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java @@ -0,0 +1,612 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.apache.commons.collections4.map.HashedMap; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class GeneralSTORKConfigurationTask extends AbstractTaskValidator implements + IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(GeneralSTORKConfigurationTask.class); + +public static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + temp.add( + KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL) + + ".\\S?." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY); + + temp.add( + KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL) + + ".\\S?." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME); + + temp.add( + KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL) + + ".\\S?." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_SUPPORT_XMLDSIG); + + temp.add( + KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL) + + ".\\S?." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY); + + temp.add( + KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL) + + ".\\S?." + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL); + + temp.add( + KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + + + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#validate(java.util.Map) + */ + @Override + public void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + Map<String, String> validatedCPeps = new HashedMap<String, String>(); + List<String> validatedAttributes = new ArrayList<String>(); + + //validate C-PEPS entries + Map<String, String> cPepsList = KeyValueUtils.getSubSetWithPrefix(input, + KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (!cPepsList.isEmpty()) { + Iterator<String> cPepsKeys = cPepsList.keySet().iterator(); + while (cPepsKeys.hasNext()) { + String cpepsKey = cPepsKeys.next(); + String index = KeyValueUtils.getParentKey(cpepsKey); + + if (cpepsKey.endsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY)) { + String cc = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL) + + "." + cpepsKey); + String url = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL) + + "." + index + "." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL); + + log.trace("Extract C-PEPS for country: " + cc + " with URL:" + url); + if (!validatedCPeps.containsKey(cc)) { + if (MiscUtil.isNotEmpty(cc)) { + if (ValidationHelper.containsPotentialCSSCharacter(cc, false)) { + log.warn("CPEPS config countrycode contains potentail XSS characters: " + cc); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + "." + cpepsKey, + "STORK - CPEPS Country", + LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + if(!cc.toLowerCase().matches("^[a-z][a-z]$")) { + log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + cc); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + "." + cpepsKey, + "STORK - CPEPS Country", + LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] {cc}))); + } + } else { + log.warn("CPEPS config countrycode is empty : " + cc); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + "." + cpepsKey, + "STORK - CPEPS Country", + LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] {cc}))); + } + + // check url + if (MiscUtil.isNotEmpty(url)) { + if (!ValidationHelper.validateURL(url)) { + log.info("CPEPS config URL is invalid : " + url); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + "." + index + "." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL, + "STORK - CPEPS URL", + LanguageHelper.getErrorString("validation.stork.cpeps.url"))); + } + } else { + log.warn("CPEPS config url is empty : " + url); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + "." + index + "." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL, + "STORK - CPEPS URL", + LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] {url}))); + + } + validatedCPeps.put(cc, url); + + } else { + log.warn("Duplicated C-PEPS country with countryCode: " + cc + " found."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + "." + cpepsKey, + "STORK - CPEPS Country", + LanguageHelper.getErrorString("validation.stork.cpeps.duplicate"))); + + } + } + } + } + + + // check qaa + try { + int qaa = Integer.valueOf(input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL))); + if(1 > qaa && 4 < qaa) { + log.warn("QAA is out of range : " + qaa); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, + "STORK - QAA Level", + LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaa}))); + } + } catch (Exception e) { + log.warn("STORK QAA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA)); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, + "STORK - QAA Level", + LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA)}))); + + } + + + // check attributes + Map<String, String> attributeList = KeyValueUtils.getSubSetWithPrefix(input, + KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (!attributeList.isEmpty()) { + for(String key : attributeList.keySet()) { + if (key.endsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME)) { + String value = attributeList.get(key); + if (!validatedAttributes.contains(value)) { + if (ValidationHelper.containsPotentialCSSCharacter(value, true)) { + log.warn("default attributes contains potentail XSS characters: " + value); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, + "STORK - Attributes", + LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}))); + } + if(!value.toLowerCase().matches("^[a-z0-9]*$")) { + log.warn("default attributes do not match the requested format : " + value); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, + "STORK - Attributes", + LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] {value}))); + } + validatedAttributes.add(value); + + } else { + log.warn("Duplicated STORK attribute: " + value + " found."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + + "." + key, + "STORK - Attributes", + LanguageHelper.getErrorString("validation.stork.requestedattributes"))); + + } + } + } + + } + + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + List<String> currentCEPSCountries = new ArrayList<String>(); + List<String> currentAttributeNames = new ArrayList<String>(); + + List<String> cPESCountriesToAdd = new ArrayList<String>(); + List<String> attributeNamesToAdd = new ArrayList<String>(); + List<String> cPESCountriesToDelete = new ArrayList<String>(); + List<String> attributeNamesToDelete = new ArrayList<String>(); + + Map<String, String> newConfigValues = new HashMap<String, String>(); + + try { + //load current configuration + String[] currentCPEPSKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY); + if (currentCPEPSKeys != null) { + for (String el : currentCPEPSKeys) { + String cc = dbconfig.getStringValue(el); + if (MiscUtil.isNotEmpty(cc)) + currentCEPSCountries.add(cc); + + else { + //if empty, mark do delete + String keyToDelete = KeyValueUtils.getParentKey(el) + ".*"; + log.trace("Mark C-PEPS key: {} for deleting.", keyToDelete); + keysToDelete.add(keyToDelete); + } + } + cPESCountriesToDelete.addAll(currentCEPSCountries); + } + + String[] currentAttributeKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME); + if (currentAttributeKeys != null) { + for (String el : currentAttributeKeys) { + String cc = dbconfig.getStringValue(el); + if (MiscUtil.isNotEmpty(cc)) + currentAttributeNames.add(cc); + + else { + //if empty, mark do delete + String keyToDelete = KeyValueUtils.getParentKey(el) + ".*"; + log.trace("Mark empty STORK attribute key: {} for deleting.", keyToDelete); + keysToDelete.add(keyToDelete); + + } + } + attributeNamesToDelete.addAll(currentAttributeNames); + } + + //parse new configuration + Map<String, String> cPepsList = KeyValueUtils.getSubSetWithPrefix(input, + KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (!cPepsList.isEmpty()) { + Iterator<String> cPepsKeys = cPepsList.keySet().iterator(); + while (cPepsKeys.hasNext()) { + String cpepsKey = cPepsKeys.next(); + + if (cpepsKey.endsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY)) { + String cc = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL) + + "." + cpepsKey); + + //check new configuration against current configuration + if (currentCEPSCountries.contains(cc)) { + log.trace("C-PEPS for country {} is already in configuration", cc); + cPESCountriesToDelete.remove(cc); + + } else { + if (MiscUtil.isNotEmpty(cc)) { + log.trace("C-PEPS for country {} must be added to Service configurations", cc); + cPESCountriesToAdd.add(cc); + + } + } + } + } + } + + Map<String, String> attributeList = KeyValueUtils.getSubSetWithPrefix(input, + KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (!attributeList.isEmpty()) { + Iterator<String> attributeKeys = attributeList.keySet().iterator(); + while (attributeKeys.hasNext()) { + String attributeKey = attributeKeys.next(); + + if (attributeKey.endsWith(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME)) { + String attributeName = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL) + + "." + attributeKey); + + //check new configuration against current configuration + if (currentAttributeNames.contains(attributeName)) { + log.trace("STORK Attribute {} is already in configuration", attributeName); + attributeNamesToDelete.remove(attributeName); + + } else { + if (MiscUtil.isNotEmpty(attributeName)) { + log.trace("STORK Attribute {} must be added to Service configurations", attributeName); + attributeNamesToAdd.add(attributeName); + + } } + } + } + } + + //add new key/value pairs to online Applications + if (!cPESCountriesToAdd.isEmpty() || !attributeNamesToAdd.isEmpty()) { + String[] currentOAServices = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + + ".%." + + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + + for(String el : currentOAServices) { + String oaKey = KeyValueUtils.getParentKey(el); + String[] oaCPEPSList = dbconfig.findConfigurationId( + oaKey + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + ".%." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE); + + int nextListCounter = KeyValueUtils.findNextFreeListCounter(oaCPEPSList, oaKey + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST); + + //get all C-PEPS countries from OA + List<String> actuallyAddedOACPEPS = new ArrayList<String>(); + for (String oaCPEPS : oaCPEPSList) { + String oaCC = dbconfig.getStringValue(oaCPEPS); + if (MiscUtil.isNotEmpty(oaCC) && !actuallyAddedOACPEPS.contains(oaCC)) + actuallyAddedOACPEPS.add(oaCC); + + } + + for (String cc : cPESCountriesToAdd) { + if (!actuallyAddedOACPEPS.contains(cc)) { + log.debug("Add key: " + + oaKey + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + String.valueOf(nextListCounter) + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE + + " and value: " + cc + " to configuration."); + newConfigValues.put(oaKey + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + String.valueOf(nextListCounter) + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE + , cc); + + log.debug("Add key: " + + oaKey + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + String.valueOf(nextListCounter) + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED + + " and value: true" + " to configuration."); + newConfigValues.put(oaKey + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + String.valueOf(nextListCounter) + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED + , String.valueOf(true)); + + nextListCounter++; + + } else { + log.info("Configuration is maybe inconsistend! New C-PEPS country: " + + cc + " is already added on Service: " + oaKey); + + } + } + + String[] oaAttributeList = dbconfig.findConfigurationId( + oaKey + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + ".%." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME); + + int nextAttributeListCounter = KeyValueUtils.findNextFreeListCounter(oaAttributeList, oaKey + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST); + + //get all STORK attributes from OA + List<String> actuallyAddedOAAttributes = new ArrayList<String>(); + for (String oaAttr : oaAttributeList) { + String oaAttrName = dbconfig.getStringValue(oaAttr); + if (MiscUtil.isNotEmpty(oaAttrName) && !actuallyAddedOAAttributes.contains(oaAttrName)) + actuallyAddedOAAttributes.add(oaAttrName); + + } + + for (String attrName : attributeNamesToAdd) { + if (!actuallyAddedOAAttributes.contains(attrName)) { + log.debug("Add key: " + + oaKey + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(nextAttributeListCounter) + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME + + " and value: " + attrName + " to configuration."); + newConfigValues.put(oaKey + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(nextAttributeListCounter) + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME + , attrName); + + log.debug("Add key: " + + oaKey + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(nextAttributeListCounter) + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED + + " and value: true" + " to configuration."); + newConfigValues.put(oaKey + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(nextAttributeListCounter) + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED + , String.valueOf(true)); + + log.debug("Add key: " + + oaKey + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(nextAttributeListCounter) + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY + + " and value: false" + " to configuration."); + newConfigValues.put(oaKey + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + String.valueOf(nextAttributeListCounter) + + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY + , String.valueOf(false)); + + } else { + log.info("Configuration is maybe inconsistend! New STORK attribute: " + + attrName + " is already added on Service: " + oaKey); + + } + } + } + } + + //delete unused key/value pairs from online applications + if (!cPESCountriesToDelete.isEmpty()) { + for (String el : cPESCountriesToDelete) { + //mark general config to delete + String[] generalCPEPS = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY); + + for (String ccKey : generalCPEPS) { + String storedCC = dbconfig.getStringValue(ccKey); + if (el.equals(storedCC)) { + //delete C-PEPS + String keyToDelete = KeyValueUtils.getParentKey(ccKey) + ".*"; + log.debug("Mark key: " + keyToDelete + " for deleting."); + keysToDelete.add(keyToDelete); + + } + } + + //mark service key to delete + String[] servicesOAs = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + + ".%." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + ".%." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE); + + for (String ccKey : servicesOAs) { + String storedCC = dbconfig.getStringValue(ccKey); + if (el.equals(storedCC)) { + //delete C-PEPS + String keyToDelete = KeyValueUtils.getParentKey(ccKey) + ".*"; + log.debug("Mark key: " + keyToDelete + " for deleting."); + keysToDelete.add(keyToDelete); + + } + } + } + } + if (!attributeNamesToDelete.isEmpty()) { + for (String el : attributeNamesToDelete) { + //mark general config to delete + String[] generalAttributes = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME); + + for (String attrKey : generalAttributes) { + String storedAttr = dbconfig.getStringValue(attrKey); + if (el.equals(storedAttr)) { + //delete C-PEPS + String keyToDelete = KeyValueUtils.getParentKey(attrKey) + ".*"; + log.debug("Mark key: " + keyToDelete + " for deleting."); + keysToDelete.add(keyToDelete); + + } + } + + + //mark service key to delete + String[] servicesOAs = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + + ".%." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + ".%." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME); + + for (String attrKey : servicesOAs) { + String storedAttr = dbconfig.getStringValue(attrKey); + if (el.equals(storedAttr)) { + //delete C-PEPS + String keyToDelete = KeyValueUtils.getParentKey(attrKey) + ".*"; + log.debug("Mark key: " + keyToDelete + " for deleting."); + keysToDelete.add(keyToDelete); + + } + } + } + } + + } catch (ConfigurationException e) { + log.error("Configuration is not accessable!", e); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.GENERAL_AUTH_STORK; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "General STORK Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List<String> getModulValidatorPrefix() { + return Arrays.asList(MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java new file mode 100644 index 000000000..c39e857e4 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java @@ -0,0 +1,229 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesAuthenticationInformationTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationInformationTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Authentication Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + //Check BKU URLs + String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY, + "BKU - Handy", + LanguageHelper.getErrorString("validation.general.bku.handy.valid"))); + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL, + "BKU - Local", + LanguageHelper.getErrorString("validation.general.bku.local.valid"))); + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - Online", + LanguageHelper.getErrorString("validation.general.bku.online.valid"))); + } + + //check KeyBoxIdentifier + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER); + if (MiscUtil.isEmpty(check)) { + log.info("Empty KeyBoxIdentifier"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - KeyBoxIdentifier", + LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty"))); + + } else { + if (!MOAIDConfigurationConstants.ALLOWED_KEYBOXIDENTIFIER.contains(check)) { + log.info("Not valid KeyBoxIdentifier " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE, + "BKU - KeyBoxIdentifier", + LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid"))); + } + } + + //check LegacyMode SLTemplates + String isLegacyModeActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY); + if (MiscUtil.isNotEmpty(isLegacyModeActive) && Boolean.parseBoolean(isLegacyModeActive)) { + if (MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)) && + MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)) && + MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)) ) { + log.info("Empty OA-specific SecurityLayer Templates"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY, + "BKU - SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplates.empty"))); + + } else { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("First OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE, + "BKU - 1. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate1.valid"))); + } + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("Second OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE, + "BKU - 2. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate2.valid"))); + } + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("Third OA-specific SecurityLayer Templates is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE, + "BKU - 3. SecurityLayer Templates", + LanguageHelper.getErrorString("validation.general.sltemplate3.valid"))); + } + } + } + + //check Mandate Profiles + String checkUseMandate = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_USE); + if (MiscUtil.isNotEmpty(checkUseMandate) && Boolean.parseBoolean(checkUseMandate)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES); + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("MandateProfiles contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES, + "Mandates - Profiles", + LanguageHelper.getErrorString("validation.general.mandate.profiles", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + + } + + String isTestCredentialsActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED); + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs); + if (MiscUtil.isNotEmpty(isTestCredentialsActive) && + Boolean.parseBoolean(isTestCredentialsActive) && + MiscUtil.isNotEmpty(check)) { + String[] oids = check.split(","); + for (String el : oids) { + if (!el.startsWith(MOAIDConfigurationConstants.TESTCREDENTIALROOTOID)) { + log.warn("Test credential OID does not start with test credential root OID"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs, + "Test-Identities - allowed OIDs", + LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", + new Object[] {el}) )); + } + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java new file mode 100644 index 000000000..087334c4b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java @@ -0,0 +1,301 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationSTORKTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + Map<String, String> newConfigValues = new HashMap<String, String>(); + + //C-PEPS + try { + //search all actually configured C-PEPS + String[] cPepsKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_COUNTRY); + List<String> cPepsCountries = new ArrayList<String>(); + for (String el : cPepsKeys) { + String country = dbconfig.getStringValue(el); + if (MiscUtil.isNotEmpty(el)) + cPepsCountries.add(country); + + } + + //check SERVICE STORK countries against C-PEPS configuration + Map<String, String> GUICountries = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST); + Iterator<Entry<String, String>> GUICountriesInterator = GUICountries.entrySet().iterator(); + while (GUICountriesInterator.hasNext()) { + Entry<String, String> entry = GUICountriesInterator.next(); + if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE)) { + + if (cPepsCountries.contains(entry.getValue())) { + //Service contains C-PEPS + log.trace("Service contains C-PEPS with countryCode: " + entry.getValue()); + cPepsCountries.remove(entry.getValue()); + + } else { + //Service contains countryCode which is not a C-PEPS --> remove country code from service + log.debug("No C-PEPS with service countryCode: " + entry.getValue() + + " Remove countryCode from service."); + String index = KeyValueUtils.getParentKey(entry.getKey()); + if (MiscUtil.isNotEmpty(index)) { + keysToDelete.add( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + index + "*"); + + } else + log.warn("Can not remove countryCode from service. Suspect key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + entry.getKey()); + + } + } + } + + // add new C-PEPS to service + int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUICountries.keySet(), new String()); + for (String el : cPepsCountries) { + log.debug("Add new C-PEPS: " + el + " to service with key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE, + el); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED, + String.valueOf(true)); + nextFreeIndex++; + } + + + } catch (ConfigurationException e) { + log.error("Can not access configuration.", e); + + } + + + //STORK attributes + try { + //search all actually configured C-PEPS + String[] attributeKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST + + ".%." + + MOAIDConfigurationConstants.GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME); + List<String> attributeNames = new ArrayList<String>(); + for (String el : attributeKeys) { + String country = dbconfig.getStringValue(el); + if (MiscUtil.isNotEmpty(el)) + attributeNames.add(country); + + } + + //check SERVICE STORK countries against C-PEPS configuration + Map<String, String> GUIAttributes = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST); + Iterator<Entry<String, String>> GUIAttributesInterator = GUIAttributes.entrySet().iterator(); + while (GUIAttributesInterator.hasNext()) { + Entry<String, String> entry = GUIAttributesInterator.next(); + if (entry.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME)) { + + if (attributeNames.contains(entry.getValue())) { + //Service contains C-PEPS + log.trace("Service contains STORK attribute with name: " + entry.getValue()); + attributeNames.remove(entry.getValue()); + + } else { + //Service contains countryCode which is not a C-PEPS --> remove country code from service + log.debug("No STORK attribute with service attributeName: " + entry.getValue() + + " Remove STORK attribte from service."); + String index = KeyValueUtils.getParentKey(entry.getKey()); + if (MiscUtil.isNotEmpty(index)) { + keysToDelete.add( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + index + "*"); + + } else + log.warn("Can not remove STORK attribute from service. Suspect key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + entry.getKey()); + + } + } + } + + // add new C-PEPS to service + int nextFreeIndex = KeyValueUtils.findNextFreeListCounter(GUIAttributes.keySet(), new String()); + for (String el : attributeNames) { + log.debug("Add new STORK attribute: " + el + " to service with key: " + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME, + el); + + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED, + String.valueOf(false)); + + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST + + "." + nextFreeIndex + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY, + String.valueOf(false)); + + nextFreeIndex++; + } + + + } catch (ConfigurationException e) { + log.error("Can not access configuration.", e); + + } + + + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + // check qaa + String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL); + if (MiscUtil.isNotEmpty(qaaString)) { + try { + int qaa = Integer.parseInt(qaaString); + if(1 > qaa && 4 < qaa) { + log.warn("QAA is out of range : " + qaa); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + "STORK - minimal QAA level", + LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaa}))); + } + + } catch (NumberFormatException e) { + log.warn("QAA level is not a number: " + qaaString); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + "STORK - minimal QAA level", + LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaaString}))); + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List<String> getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java new file mode 100644 index 000000000..7ed9751cb --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java @@ -0,0 +1,403 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.apache.commons.codec.binary.Base64; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesBKUSelectionTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesBKUSelectionTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "auth.templates"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - BKU-Selection Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + + Map<String, String> newConfigValues = new HashMap<String, String>(); + + String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME); + if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, bkuSelectTemplateUploadedFileName); + + } + + String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME); + if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW, sendAssertionTemplateUploadedFileName); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + + //validate aditionalAuthBlockText + String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT, + "AuthBlock - Addition AuthBlocktext", + LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } + + //validate BKU selection template + String bkuSelectTemplate = null; + String bkuSelectionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA); + if (MiscUtil.isNotEmpty(bkuSelectionFileUpload) && + !bkuSelectionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT) ) { + String bkuSelectTemplateFileName = "unknown"; + try { + String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME); + if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) { + if (ValidationHelper.containsPotentialCSSCharacter(bkuSelectTemplateUploadedFileName, false)) { + log.info("BKU Selection Filename is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME, + "Templates - BKU Selection Filename", + LanguageHelper.getErrorString("validation.general.bkuselection.filename.valid"))); + + } else + bkuSelectTemplateFileName = bkuSelectTemplateUploadedFileName; + + } else { + String bkuSelectTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW); + if (MiscUtil.isNotEmpty(bkuSelectTemplatePreView)) + bkuSelectTemplateFileName = bkuSelectTemplatePreView; + + } + + String[] bkuSelectTemplateSplitted = bkuSelectionFileUpload.split(","); + if (bkuSelectTemplateSplitted.length > 1) + bkuSelectTemplate = bkuSelectTemplateSplitted[1]; + else + bkuSelectTemplate = bkuSelectionFileUpload; + + if (!Base64.isBase64(bkuSelectTemplate)) { + log.info("BKU Selection Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, + "Templates - BKU Selection", + LanguageHelper.getErrorString("validation.general.bkuselection.file.valid", + new Object[] {bkuSelectTemplateFileName}))); + + } + + } catch (Exception e) { + log.info("BKU Selection Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA, + "Templates - BKU Selection", + LanguageHelper.getErrorString("validation.general.bkuselection.file.valid", + new Object[] {bkuSelectTemplateFileName}))); + + } + + } + + //validate send-assertion template + String sendAssertionTemplate = null; + String sendAssertionFileUpload = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA); + if (MiscUtil.isNotEmpty(sendAssertionFileUpload) && + !sendAssertionFileUpload.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + String sendAssertionTemplateFileName = "unknown"; + try { + String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME); + if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) { + if (ValidationHelper.containsPotentialCSSCharacter(sendAssertionTemplateUploadedFileName, false)) { + log.info("Send Assertion Filename is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME, + "Templates - Send Assertion Filename", + LanguageHelper.getErrorString("validation.general.sendassertion.filename.valid"))); + + } else + sendAssertionTemplateFileName = sendAssertionTemplateUploadedFileName; + + } else { + String sendAssertionTemplatePreView = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_PREVIEW); + if (MiscUtil.isNotEmpty(sendAssertionTemplatePreView)) + sendAssertionTemplateFileName = sendAssertionTemplatePreView; + + } + + String[] sendAssertionTemplateSplitted = sendAssertionFileUpload.split(","); + if (sendAssertionTemplateSplitted.length > 1) + sendAssertionTemplate = sendAssertionTemplateSplitted[1]; + else + sendAssertionTemplate = sendAssertionFileUpload; + + if (!Base64.isBase64(sendAssertionTemplate)) { + log.info("Send Assertion Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, + "Templates - Send Assertion", + LanguageHelper.getErrorString("validation.general.sendassertion.file.valid", + new Object[] {sendAssertionTemplateFileName}))); + + } + + } catch (Exception e) { + log.info("Send Assertion Template is not decodeable."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA, + "Templates - Send Assertion", + LanguageHelper.getErrorString("validation.general.sendassertion.file.valid", + new Object[] {sendAssertionTemplateFileName}))); + + } + + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR, + "Templates - Background Color", + LanguageHelper.getErrorString("validation.general.form.color.background"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR, + "Templates - Front Color", + LanguageHelper.getErrorString("validation.general.form.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR, + "Templates - Header Background-Color", + LanguageHelper.getErrorString("validation.general.form.header.color.back"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR, + "Templates - Header Front-Color", + LanguageHelper.getErrorString("validation.general.form.header.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("HeaderText contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT, + "Templates - Header Text", + LanguageHelper.getErrorString("validation.general.form.header.text", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR, + "Templates - Button Background-Color", + LanguageHelper.getErrorString("validation.general.form.button.color.back"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS, + "Templates - Button Background-Color on Focus", + LanguageHelper.getErrorString("validation.general.form.button.color.back.focus"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonFrontColor is not a valid hex value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR, + "Templates - Button Front-Color", + LanguageHelper.getErrorString("validation.general.form.button.color.front"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!MOAIDConfigurationConstants.ALLOWED_REDIRECTTARGETNAMES.contains(check)) { + log.warn("AppletRedirectTarget has not valid value " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET, + "Templates - Applet Redirect-Target", + LanguageHelper.getErrorString("validation.general.form.appletredirecttarget"))); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("FontType contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE, + "Templates - Font Type", + LanguageHelper.getErrorString("validation.general.form.fonttype", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet height "+ check + " is no valid number"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT, + "Templates - Applet Height", + LanguageHelper.getErrorString("validation.general.form.applet.height", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet width "+ check + " is no valid number"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH, + "Templates - Applet Width", + LanguageHelper.getErrorString("validation.general.form.applet.width", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) )); + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java new file mode 100644 index 000000000..86d047c74 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java @@ -0,0 +1,215 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesGeneralInformationTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesGeneralInformationTask.class); + private static final List<String> KEYWHITELIST; + + private static MOAIDConfiguration dbconfig; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + + @Autowired + public void setDatabaseConfiguration(MOAIDConfiguration config) { + dbconfig = config; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + if (dbconfig == null) { + throw new ConfigurationTaskValidationException( + new ValidationObjectIdentifier("internal", "Internal Error", "Configuration is not readable!")); + + } + + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("OAFriendlyName contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, + "FriendlyName", + LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); + } + } else { + log.info("OA friendlyName is empty"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, + "FriendlyName", + LanguageHelper.getErrorString("validation.general.oafriendlyname.empty"))); + } + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + if (MiscUtil.isEmpty(isBusinessService)) { + log.info("OA businessservice flag is empty"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, + "BusinessService", + LanguageHelper.getErrorString("validation.general.businessservice.empty"))); + + } + + String servicePrefixId = input.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + if (MiscUtil.isNotEmpty(servicePrefixId)) { + String uniqueServiceID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (MiscUtil.isEmpty(uniqueServiceID)) { + log.info("Empty unique service identifier"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.empty"))); + + } else { + if (!ValidationHelper.validateURL(uniqueServiceID)) { + log.warn("Unique serice identifier is not a valid URL: " + uniqueServiceID); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.valid"))); + + } else { + //check uniqueness of service identifier + try { + String[] allServiceKeys = dbconfig.findConfigurationId( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + +".%." + + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (allServiceKeys != null) { + List<String> foundKeys = new ArrayList<String>(); + for (String elKey : allServiceKeys) { + String elValue = dbconfig.getStringValue(elKey); + if (uniqueServiceID.startsWith(elValue) || + (elValue != null && elValue.startsWith(uniqueServiceID))) { + log.debug("Found service with key: " + elKey + + " and uniqueID: " + elValue + + " which maches to edited service with uniqueID:" + + uniqueServiceID); + foundKeys.add(elKey); + + } + + } + if ((foundKeys.size() > 1) || + ((foundKeys.size() == 1) && !foundKeys.get(0).startsWith(servicePrefixId) )) { + log.info("The service identifier is not unique"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER, + "Unique Identifier", + LanguageHelper.getErrorString("validation.general.oaidentifier.notunique"))); + + } + } + + } catch (ConfigurationException e) { + log.error("Configuration not readable!", e); + new ValidationObjectIdentifier("internal", "Internal Error", "Configuration is not readable!"); + + } + } + } + + } else { + throw new ConfigurationTaskValidationException( + new ValidationObjectIdentifier("internal", "Internal Error", "No MOA-ID service prefix! Can not check uniqueness of service configuration.")); + + } + + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java new file mode 100644 index 000000000..8c3475d8b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesInterfederationIDPTask.java @@ -0,0 +1,116 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesInterfederationIDPTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesInterfederationIDPTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "interfederation"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Interfederation IDP"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String queryURL = input.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL); + if (MiscUtil.isNotEmpty(queryURL)) { + if (!ValidationHelper.validateURL(queryURL)) { + log.info("AttributeQuery URL is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL, + "Attribute Querry URL", + LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid"))); + + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java new file mode 100644 index 000000000..2e9dd1c30 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesPVPGatewayTask.java @@ -0,0 +1,121 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesPVPGatewayTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesPVPGatewayTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "interfederation"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - PVP Gateway Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String entityID = input.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER); + if (MiscUtil.isNotEmpty(entityID)) { + if (!ValidationHelper.validateURL(entityID)) { + log.info("PVP gateway EntityID is not valid"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER, + "EntityID of PVP Portal ", + LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid"))); + + } + + } else + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER, + "EntityID of PVP Portal ", + LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty"))); + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java new file mode 100644 index 000000000..e8cdbba90 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolOpenIDTask.java @@ -0,0 +1,152 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.regex.Pattern; + +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolOpenIDTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolOpenIDTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + Map<String, String> newConfigValues = new HashMap<String, String>(); + + //TODO: check secret + String guiClientID = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID); + String guiClientSecret = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET); + + if (MiscUtil.isEmpty(guiClientSecret)) { + log.info("OpenID Connect client-secret is empty --> generate a new secrete."); + guiClientSecret = UUID.randomUUID().toString(); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET, + guiClientSecret); + + } + + if (MiscUtil.isEmpty(guiClientID)) { + log.info("OpenID Connect ClientID is empty --> Set ClientID to unique identifier."); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID, + input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER)); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String redirectURL = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL); + // validate redirectUri + if (StringUtils.isNotEmpty(redirectURL) && !ValidationHelper.validateURL(redirectURL)) { + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL, + "OpenID - Redirect URL", + LanguageHelper.getErrorString("error.oa.oauth.redirecturi"))); + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List<String> getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java new file mode 100644 index 000000000..787cd136d --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java @@ -0,0 +1,336 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Timer; +import java.util.regex.Pattern; + +import javax.net.ssl.SSLHandshakeException; + +import org.apache.commons.httpclient.MOAHttpClient; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataFilterChain; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.MOAIDWebGUIConfiguration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.MetaDataVerificationFilter; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.SchemaValidationFilter; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolPVP2XTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + + Map<String, String> newConfigValues = new HashMap<String, String>(); + String certBase64 = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + String[] splittet = certBase64.split(","); + if (splittet.length > 1) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE, + splittet[1]); + log.debug("Extract PVP2X metadata validation certificate from GUI upload and add it to key: {}", MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + try { + byte[] certSerialized = null; + if (MiscUtil.isNotEmpty(splittet[1])) { + certSerialized = Base64Utils.decode(splittet[1], true); + X509Certificate cert = new X509Certificate(certSerialized); + newConfigValues.put( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE_SUBJECT, + cert.getSubjectDN().getName()); + + } + + } catch (IOException | CertificateException e) { + log.error("PVP2X metadata signing certificate is not parseable.", e); + + } + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + Timer timer = null; + MOAHttpClient httpClient = null; + HTTPMetadataProvider httpProvider = null; + + String certBase64 = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); + + try { + byte[] certSerialized = null; + if (MiscUtil.isNotEmpty(certBase64) && + !certBase64.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { + String[] splittet = certBase64.split(","); + if (splittet.length > 1) + certSerialized = Base64Utils.decode(splittet[1], true); + else + certSerialized = Base64Utils.decode(certBase64, true); + } + + + String metadataURL = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL); + if (MiscUtil.isNotEmpty(metadataURL)) { + + if (!ValidationHelper.validateURL(metadataURL)) { + log.info("MetaDataURL has no valid form."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata URL", + LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid"))); + + } else { + + if (certSerialized == null) { + log.info("No certificate for metadata validation"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE, + "PVP2x - Metadata Certificate", + LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"))); + + } else { + + X509Certificate cert = new X509Certificate(certSerialized); + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); + + timer = new Timer(); + httpClient = new MOAHttpClient(); + + if (metadataURL.startsWith("https:")) + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + MOAIDWebGUIConfiguration.getInstance().getCertStoreDirectory(), + MOAIDWebGUIConfiguration.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true); + + httpClient.setCustomSSLTrustStore( + metadataURL, + protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); + + } + + List<MetadataFilter> filterList = new ArrayList<MetadataFilter>(); + filterList.add(new MetaDataVerificationFilter(credential)); + + try { + filterList.add(new SchemaValidationFilter( + MOAIDWebGUIConfiguration.getInstance().isPVPMetadataSchemaValidationActive())); + + } catch (at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException e) { + log.warn("Configuration access FAILED!", e); + + } + + MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); + + httpProvider = + new HTTPMetadataProvider(timer, httpClient, metadataURL); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMetadataFilter(filter); + httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes + httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + httpProvider.setRequireValidMetadata(true); + httpProvider.initialize(); + + if (httpProvider.getMetadata() == null) { + log.info("Metadata could be received but validation FAILED."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.validation"))); + } + } + } + } + + } catch (CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"))); + + } catch (IOException e) { + log.info("Metadata can not be loaded from URL", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadataurl.read"))); + + } catch (MetadataProviderException e) { + + try { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.ssl"))); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig"))); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema"))); + + } else { + log.info("MetaDate verification failed", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general"))); + } + + } catch (Exception e1) { + log.info("MetaDate verification failed", e1); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL, + "PVP2x - Metadata", + LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general"))); + + } + + } finally { + if (httpProvider != null) + httpProvider.destroy(); + + if (timer != null) + timer.cancel(); + + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List<String> getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA, + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_IIDP + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java new file mode 100644 index 000000000..fe3a791e7 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSAML1Task.java @@ -0,0 +1,114 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolSAML1Task extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolSAML1Task.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "protocols.saml1"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - SAML1 Protocol Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + String isProvideBaseID = input.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID); + + if (Boolean.parseBoolean(isBusinessService) && + MiscUtil.isNotEmpty(isProvideBaseID) && Boolean.parseBoolean(isProvideBaseID)) { + log.info("ProvideStammZahl can not be used with BusinessService applications"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID, + "Protocols - SAML1 BaseID", + LanguageHelper.getErrorString("validation.saml1.providestammzahl"))); + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java new file mode 100644 index 000000000..d4e80bed9 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java @@ -0,0 +1,273 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesProtocolSTORKTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesProtocolSTORKTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - General Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + Map<String, String> newConfigValues = new HashMap<String, String>(); + + try { + //search actually stored service configurations + List<String> storedServices = new ArrayList<String>(); + for (String prefix : getModulValidatorPrefix()) { + String[] storedService = dbconfig.findConfigurationId(prefix + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (storedService != null && storedService.length > 0) + storedServices.addAll(Arrays.asList(storedService)); + } + + String GUIServiceUniqueID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + String selectedServiceKey = null; + for (String serviceKey : storedServices) { + String storedUniqueId = dbconfig.getStringValue(serviceKey); + if (storedUniqueId.equals(GUIServiceUniqueID)) { + selectedServiceKey = KeyValueUtils.getPrefixFromKey(serviceKey, MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + log.debug("Find service with key: " + selectedServiceKey + " --> Start STORK attribute provider postProcessing."); + break; + } + + } + + //load actually stored attribute provider names for service + Map<String, String> storedAttributeProviders = new HashMap<String, String>(); + if (MiscUtil.isNotEmpty(selectedServiceKey)) { + String[] storedAttribteProviderNames = dbconfig.findConfigurationId( + selectedServiceKey + "." + + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + ".%." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME); + if (storedAttribteProviderNames != null) { + for (String el : storedAttribteProviderNames) { + String attrProviderName = dbconfig.getStringValue(el); + storedAttributeProviders.put(attrProviderName, el); + + } + } + } + + Map<String, String> storkAttrProviders = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); + Iterator<Entry<String, String>> interator = storkAttrProviders.entrySet().iterator(); + while (interator.hasNext()) { + Entry<String, String> current = interator.next(); + if (current.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME)) { + String guiAttrProviderName = current.getValue(); + if (storedAttributeProviders.containsKey(guiAttrProviderName)) { + log.trace("STORK attribute provider: " + guiAttrProviderName + + " is already stored"); + storedAttributeProviders.remove(guiAttrProviderName); + + } else { + log.trace("Add new STORK attribute provider: " + guiAttrProviderName + + " to service"); + + } + } + } + + if (!storedAttributeProviders.isEmpty()) { + log.trace("Remove STORK attribute providers from configuration."); + for (String el : storedAttributeProviders.values()) { + String removeString = KeyValueUtils.getPrefixFromKey(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME); + keysToDelete.add(removeString + "*"); + log.debug("Remove STORK attribute provider with key:" + removeString + "*"); + + } + + } + + } catch (ConfigurationException e) { + log.error("Configuration access FAILED.", e); + + } + + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + //check V-IDP specific Target configurations + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + if (!Boolean.parseBoolean(isBusinessService)) { + log.info("STORK V-IDP only allowed as business Service."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, + "BusinessService", + "STORK V-IDP only allowed as business Service.")); + } + + String identificationType = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + if (MiscUtil.isEmpty(identificationType) || + !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) { + log.info("STORK V-IDP only allowes identification numbers with STORK prefix."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, + "BusinessService - IdentificationType", + "STORK V-IDP only allowes identification numbers with STORK prefix")); + + } + + + Map<String, String> storkAttrProviders = KeyValueUtils.getSubSetWithPrefix(input, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST); + Iterator<Entry<String, String>> interator = storkAttrProviders.entrySet().iterator(); + while (interator.hasNext()) { + Entry<String, String> current = interator.next(); + if (current.getKey().endsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME)) { + log.trace("Validate STORK attribute provider with key: " + current.getKey() + " value: " + current.getValue()); + String index = KeyValueUtils.getParentKey(current.getKey()); + + //validate attribute provider name + String attrProviderName = current.getValue(); + if (MiscUtil.isEmpty(attrProviderName)) { + log.info("AttributeProviderPlugin Name is empty."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.name.empty"))); + + } else { + if (!MOAIDConfigurationConstants.ALLOWED_STORKATTRIBUTEPROVIDERS.contains(attrProviderName)) { + log.info("AttributeProviderPlugin Name is not supported."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.name.valid"))); + } + } + + String attrProviderURL = storkAttrProviders.get(index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL); + String attrProviderAttr = storkAttrProviders.get(index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES); + + if (MiscUtil.isEmpty(attrProviderURL) || !ValidationHelper.validateURL(attrProviderURL)) { + log.info("AttributeProviderPlugin URL has no valid form."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.url.valid"))); + } + + + if (MiscUtil.isEmpty(attrProviderAttr) || !attrProviderAttr.matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { + log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST + + "." + index + "." + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES, + "STORK - Attribute Provider", + LanguageHelper.getErrorString("validation.stork.ap.attributes.valid"))); + } + + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List<String> getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_VIDP + ); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java new file mode 100644 index 000000000..bf2a38cd9 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesSSOAuthenticationTask.java @@ -0,0 +1,101 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; + +/** + * @author tlenz + * + */ +public class ServicesSSOAuthenticationTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesSSOAuthenticationTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return "auth.sso"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - SSO Authentication Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + //Actually, there is nothing to validate. + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java new file mode 100644 index 000000000..766032f1f --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java @@ -0,0 +1,221 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.utils.CompanyNumberValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesTargetTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesTargetTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Target Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); + String check; + if (Boolean.parseBoolean(isBusinessService)) { + + //check identification type + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE); + if (!MOAIDConfigurationConstants.BUSINESSSERVICENAMES.keySet().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, + "BusinessService - Type", + LanguageHelper.getErrorString("validation.general.stork.sptarget"))); + } + + //check identification number + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE); + if (MiscUtil.isEmpty(check)) { + log.info("Empty IdentificationNumber"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.empty"))); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + + if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) + .equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN)) { + CompanyNumberValidator val = new CompanyNumberValidator(); + if (!val.validate(check)) { + log.info("Not valid CompanyNumber"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, + "BusinessService - Value", + LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid"))); + } + } + } + + } else { + + //check own target + String useOwnTarget = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN); + if (MiscUtil.isNotEmpty(useOwnTarget) && Boolean.parseBoolean(useOwnTarget)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME, + "Own Target - FriendlyName", + LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) )); + } + } + + //check Own Target + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET, + "Own Target - Target", + LanguageHelper.getErrorString("validation.general.target.admin.valid"))); + } + } + + } else { + + //check PublicURL Prefix allows PublicService + String uniqueID = input.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); + if (!ValidationHelper.isPublicServiceAllowed(input.get(uniqueID))) { + log.warn("PublicURLPrefix does not allow PublicService: " + uniqueID); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET, + "PublicService - Target", + LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] {uniqueID}) )); + + } + + //check Target + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET, + "PublicService - Target", + LanguageHelper.getErrorString("validation.general.target.valid"))); + } + } + + String isSubTargetUsed = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB); + if (MiscUtil.isNotEmpty(isSubTargetUsed) && Boolean.parseBoolean(isSubTargetUsed)) { + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB); + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB, + "PublicService - Target SubSector", + LanguageHelper.getErrorString("validation.general.target.subsector.valid"))); + + } + } + } + } + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java new file mode 100644 index 000000000..96088b6eb --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesbPKDecryptionTask.java @@ -0,0 +1,137 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.regex.Pattern; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesbPKDecryptionTask extends AbstractTaskValidator implements ITaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesbPKDecryptionTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return ""; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - bPK-Decryption Configuration Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + + //TODO: + + +// String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME); +// if (MiscUtil.isNotEmpty(check)) { +// if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +// log.warn("OAFriendlyName contains potentail XSS characters: " + check); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, +// "FriendlyName", +// LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", +// new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}))); +// } +// } else { +// log.info("OA friendlyName is empty"); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME, +// "FriendlyName", +// LanguageHelper.getErrorString("validation.general.oafriendlyname.empty"))); +// } +// +// String isBusinessService = input.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE); +// if (MiscUtil.isEmpty(isBusinessService)) { +// log.info("OA businessservice flag is empty"); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE, +// "BusinessService", +// LanguageHelper.getErrorString("validation.general.businessservice.empty"))); +// +// } + + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/CompanyNumberValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/CompanyNumberValidator.java new file mode 100644 index 000000000..b9eb76857 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/CompanyNumberValidator.java @@ -0,0 +1,78 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.config.webgui.validation.utils; + +import org.apache.commons.lang.StringUtils; + +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; + +public class CompanyNumberValidator implements IdentificationNumberValidator { + + public boolean validate(String commercialRegisterNumber) { + + String normalizedNumber = commercialRegisterNumber.replaceAll(" ", ""); + if(normalizedNumber.startsWith(MOAIDConfigurationConstants.IDENIFICATIONTYPE_FN)) + normalizedNumber = normalizedNumber.substring(2); + + return checkCommercialRegisterNumber(normalizedNumber); + } + + private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) { + if (commercialRegisterNumber == null) { + return false; + } + commercialRegisterNumber = StringUtils.leftPad(commercialRegisterNumber, 7, + '0'); + if (!commercialRegisterNumber.matches("\\d{6}[abdfghikmpstvwxzy]")) { + return false; + } + String digits = commercialRegisterNumber.substring(0, + commercialRegisterNumber.length() - 1); + char checkDigit = commercialRegisterNumber.charAt(commercialRegisterNumber + .length() - 1); + boolean result = calcCheckDigitFromCommercialRegisterNumber(digits) == checkDigit; + return result; + } + + public static char calcCheckDigitFromCommercialRegisterNumber( + String commercialRegisterDigits) { + final int[] WEIGHT = { 6, 4, 14, 15, 10, 1 }; + final char[] CHECKDIGIT = { 'a', 'b', 'd', 'f', 'g', 'h', 'i', 'k', 'm', + 'p', 's', 't', 'v', 'w', 'x', 'y', 'z' }; + if (commercialRegisterDigits == null) { + throw new NullPointerException("Commercial register number missing."); + } + commercialRegisterDigits = StringUtils.leftPad(commercialRegisterDigits, 6, + '0'); + if (!commercialRegisterDigits.matches("\\d{6}")) { + throw new IllegalArgumentException( + "Invalid commercial register number provided."); + } + int sum = 0; + for (int i = 0; i < commercialRegisterDigits.length(); i++) { + int value = commercialRegisterDigits.charAt(i) - '0'; + sum += WEIGHT[i] * value; + } + return CHECKDIGIT[sum % 17]; + } +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/IdentificationNumberValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/IdentificationNumberValidator.java new file mode 100644 index 000000000..1ecbd3f82 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/IdentificationNumberValidator.java @@ -0,0 +1,29 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.config.webgui.validation.utils; + +public interface IdentificationNumberValidator { + + boolean validate(String idNumber); + +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java new file mode 100644 index 000000000..6ec48fa43 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/MetaDataVerificationFilter.java @@ -0,0 +1,122 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.config.webgui.validation.utils; + +import java.util.Iterator; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.opensaml.xml.signature.SignatureValidator; +import org.opensaml.xml.validation.ValidationException; + +import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException; +import at.gv.egovernment.moa.logging.Logger; + +public class MetaDataVerificationFilter implements MetadataFilter { + + BasicX509Credential credential; + + public MetaDataVerificationFilter(BasicX509Credential credential) { + this.credential = credential; + } + + + public void doFilter(XMLObject metadata) throws SignatureValidationException { + + if (metadata instanceof EntitiesDescriptor) { + EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + if(entitiesDescriptor.getSignature() == null) { + throw new SignatureValidationException("Root element of metadata file has to be signed"); + } + try { + processEntitiesDescriptor(entitiesDescriptor); + + } catch (SignatureValidationException e) { + throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor"); + } + + } if (metadata instanceof EntityDescriptor) { + try { + EntityDescriptor entity = (EntityDescriptor) metadata; + if (entity.getSignature() != null) + verify(entity, this.credential); + + else + throw new SignatureValidationException("Root element of metadata file has to be signed", null); + + } catch (SignatureValidationException e) { + throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null); + } + } + } + + private void processEntitiesDescriptor(EntitiesDescriptor desc) throws SignatureValidationException { + Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); + + if(desc.getSignature() != null) { + verify(desc, this.credential); + } + + while(entID.hasNext()) { + processEntitiesDescriptor(entID.next()); + } + + Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); + + while(entIT.hasNext()) { + EntityDescriptor entity = entIT.next(); + if (entity.getSignature() != null) + verify(entity, this.credential); + } + } + + private void verify(SignableSAMLObject entityDescriptor, Credential cred) + throws SignatureValidationException { + if (entityDescriptor.getSignature() == null) { + throw new SignatureValidationException("PVP2X Metadata not signed"); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SignatureValidationException("Failed to validate Signature", e); + } + + SignatureValidator sigValidator = new SignatureValidator(cred); + try { + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SignatureValidationException("Failed to verfiy Signature", e); + + } + } +} diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java new file mode 100644 index 000000000..587afe381 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/utils/SchemaValidationFilter.java @@ -0,0 +1,98 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.utils; + +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; + +import javax.xml.transform.dom.DOMSource; +import javax.xml.validation.Schema; +import javax.xml.validation.Validator; + +import org.opensaml.common.xml.SAMLSchemaBuilder; + +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class SchemaValidationFilter implements MetadataFilter { + + private boolean isActive = true; + + /** + * + */ + public SchemaValidationFilter(boolean useSchemaValidation) { + this.isActive = useSchemaValidation; + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject arg0) throws SchemaValidationException { + + String errString = null; + + if (isActive) { + try { + Schema test = SAMLSchemaBuilder.getSAML11Schema(); + Validator val = test.newValidator(); + DOMSource source = new DOMSource(arg0.getDOM()); + val.validate(source); + Logger.info("Metadata Schema validation check done OK"); + return; + + } catch (SAXException e) { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) + Logger.warn("Metadata Schema validation FAILED with exception:", e); + else + Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage()); + + errString = e.getMessage(); + + } catch (Exception e) { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) + Logger.warn("Metadata Schema validation FAILED with exception:", e); + else + Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage()); + + errString = e.getMessage(); + + } + + throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString); + + } else + Logger.info("Metadata Schema validation check is DEACTIVATED!"); + + } + +} diff --git a/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egiz.components.configuration.meta.api.ConfigurationModul b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egiz.components.configuration.meta.api.ConfigurationModul new file mode 100644 index 000000000..f228893b9 --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egiz.components.configuration.meta.api.ConfigurationModul @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.config.webgui.MOAIDConfigurationModul
\ No newline at end of file diff --git a/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..b0b17a83c --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.config.webgui.MOAIDSpringResourceProvider
\ No newline at end of file diff --git a/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator new file mode 100644 index 000000000..8e29f32f0 --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator @@ -0,0 +1,5 @@ +at.gv.egovernment.moa.id.config.webgui.validation.modul.impl.GeneralConfigurationValidator +at.gv.egovernment.moa.id.config.webgui.validation.modul.impl.GatewayValidator +at.gv.egovernment.moa.id.config.webgui.validation.modul.impl.InterfederationIDPValidator +at.gv.egovernment.moa.id.config.webgui.validation.modul.impl.OnlineApplicationValidator +at.gv.egovernment.moa.id.config.webgui.validation.modul.impl.VIDPValidator diff --git a/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator new file mode 100644 index 000000000..8faf16843 --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator @@ -0,0 +1,5 @@ +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolOpenIDTask +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolPVP2XTask +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.GeneralSTORKConfigurationTask +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesAuthenticationSTORKTask +at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesProtocolSTORKTask
\ No newline at end of file diff --git a/id/moa-id-webgui/src/main/resources/applicationResources_de.properties b/id/moa-id-webgui/src/main/resources/applicationResources_de.properties new file mode 100644 index 000000000..bb0499020 --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/applicationResources_de.properties @@ -0,0 +1,525 @@ +title=MOA-ID 2.x Configuration Tool + + +config.01=Configfile is not found. ({0}) +config.02=Configfile is not readable. ({0}) +config.03=Hibernate Database connector can not be initialized +config.04=OpenSAML (PVP2 Login) can not be initialized +config.05=Configuration file not defined +config.06=Configfile {1} does not start with {0} prefix. + +error.title=Fehler: +error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. +error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. +errors.listOAs.noOA=Es wurden keine Online-Applikationen in der Datenbank gefunden. +errors.listIDPs.noIDP=Es wurden kein IdentityProvider f\u00FCr Interfederation in der Datenbank gefunden. +errors.edit.oa.oaid=Es wurde keine g\u00FCtige Online-Applikations-ID \u00FCbergeben. +errors.edit.oa.oaid.allowed=Sie besitzen nicht die ben\u00F6tigen Rechte um auf diese Online-Applikation zuzugreifen. +error.oa.pvp2.certificate=Das hinterlegte PVP2 Zertifikat konnte nicht gelesen werden. +error.db.oa.store=Die Konfiguration konnte nicht in der Datenbank gespeichert werden. +errors.notallowed=Sie besitzen nicht die n\u00F6tigen Rechte um diese Funktion zu benutzen. +errors.importexport.nofile=Es wurde keine Datei angegeben. +errors.importexport.legacyimport=Der Importvorgang der Legacy-Konfiguration wurde mit einem Fehler abgebrochen (Fehler={0}). +errors.importexport.export=Die MOA-ID 2.x Konfiguration konnte nicht in ein XML File exportiert werden. (Fehler={0}) +errors.importexport.import=Der Importvorgang der XML Konfiguration wurde mit einem Fehler abgebrochen (Fehler={0}). +errors.importexport.export.noconfig=Die Konfiguration kann nicht exportiert werden da keine MOA-ID Konfiguration vorhanden ist. +errors.edit.user.userid=Es wurde keine g\u00FCtige User ID \u00FCbergeben. +errors.edit.user.save=Der Benutzer konnte nicht in die Datenbank eingetragen werden. +errors.edit.user.notallowed=Das Bearbeiten fremder Benutzereinstellungen ist nur dem Admin erlaubt. +error.login=Der Anmeldevorgang wurde abgebrochen. Bitte Versuchen sie es noch einmal. +error.mail.send=An die angegebene Mailadresse konnte keine Nachticht versendet werden. +error.mail.verification=Der Verifikationsvorgang wurde durch einen internen Fehler unterbrochen. Bitte Versuchen sie es noch einmal. +error.editoa.mailverification=Die Verwaltung von Online-Applikationen ist vor\u00FCbergehend deaktiviert, da die Mailadresse des Benutzeraccounts noch nicht verifiziert wurde. +error.bkuformpreview.notpossible="Die Vorschau konnte nicht generiert werden da ein interner Fehler auftreten ist." +error.oa.oauth.redirecturi=Redirect URL ist keine richtige URL +error.oa.oauth.clientSecret=Client-Secret darf nicht leer sein +error.oa.oauth.keyname=Key-Name darf nicht leer sein +error.oa.oauth.keystore=Keystore darf nicht leer sein und muss eine richtige URL sein. + + +mail.userrequest.subject=Accountanforderung MOA-ID 2.x Konfigurationstool + +webpages.slo.error=Der Abmeldevorgang bei allen Online-Applikationen war nicht erfolgreich. Bitte schlie \t\u00DFen Sie aus Sicherheitsgr\u00FCnden ihren Browser. +webpages.slo.success=Sie wurden erfolgreich bei allen Online-Applikationen abgemeldet. + +webpages.error.header=Es ist ein Fehler aufgetreten +webpages.index.header=Willkommen bei der MOA-ID 2.x Konfigurationsapplikation +webpages.index.desciption.head=Um dieses Service nutzen zu k\u00F6nnen m\u00FCssen sie sich einloggen. +webpages.index.login=Anmelden +webpages.index.logout=Abmelden +webpages.index.login.pvp2=Anmeldung mit B\u00FCrgerkarte oder Handy-Signature +webpages.index.login.notallowed=Entweder sind Benutzername oder Passwort sind nicht korrekt oder der Account wurde noch nicht aktiviert. +webpages.index.username.unkown=Der Benutzer ist nicht bekannt. +webpages.index.username.notactive=Der Benutzer wurde durch den Administrator noch nicht freigeschalten. +webpages.index.password.false=Das Passwort stimmt nicht. + +webpages.inportexport.header=Konfiguration Importieren/Exportieren +webpages.inportexport.success=Die Konfiguration konnte erfolgreich importiert werden. +webpages.inportexport.legacyimport.header=Legacy Konfiguration importieren (MOA-ID < 2.0) +webpages.inportexport.legacyimport.upload=Legacy Konfiguration +webpages.edit.import=Importieren +webpages.edit.export=Exportieren +webpages.inportexport.import.header=MOA-ID 2.x Konfiguration +webpages.inportexport.import.upload=Konfiguration importieren +webpages.inportexport.import.download=Konfiguration exportieren +webpages.inportexport.descripten=ACHTUNG\: Die importierte Konfiguration ersetzt eine aktuell vorhandene Konfiguration vollst\u00E4ndig\! + +webpages.usermanagement.newuser=Neuen Benutzer erstellen +webpages.usermanagement.header=Benutzerverwaltung +webpages.listUsers.list.header=Liste aller vorhandenen Benutzer +webpages.listUsers.list.first=Familien-/Firmenname +webpages.listUsers.list.second=Vorname +webpages.listUsers.list.third=Benutzername +webpages.edituser.header=Benutzerdaten +webpages.edituser.givenname=Vorname +webpages.edituser.familyName=Familienname +webpages.edituser.institut=Organisation +webpages.edituser.phone=Telefonnummer +webpages.edituser.mail=EMail Adresse +webpages.edituser.access.header=Zugangsdaten +webpages.edituser.username=Benutzername +webpages.edituser.password=Kennwort +webpages.edituser.password_second=Kennwort wiederholen +webpages.edituser.bpk=BPK +webpages.edituser.role.header=Rechte und Role +webpages.edituser.active=Benutzer ist aktiviert +webpages.edituser.admin=Benutzer ist Admin +webpages.edit.delete.user=Benutzer l\u00F6schen +webpages.edit.newUser=Neuen Benutzer anfordern +webpages.edituser.isusernamepasswordallowed=Benutzername/Passwort erlauben +webpages.edituser.changemailaddress.verify=Bevor Sie Online-Applikationen verwalten k\u00F6nnen muss Ihre Mailadresse verifzieren werden. Eine entsprechende Mail wurde bereits an Ihr angegebenes Postfach versendet. +webpages.edituser.verify.mail.button=Mailadresse pr\u00FCfen +webpages.edituser.verify.mail.message=Es wurde eine Verifikationsmail an Ihr Postfach versendet + +webpages.mainpage.menu.oa.insert=Neue Applikation anlegen +webpages.mainpage.menu.oa.display=Meine Applikationen +webpages.mainpage.menu.oa.search=Applikation suchen +webpages.mainpage.menu.general.user=Meine Daten +webpages.mainpage.menu.general.importexport=Importieren/Exportieren +webpages.mainpage.menu.general.config.moaid=Allgemeine Konfiguration +webpages.mainpage.menu.general.usermanagement=Benutzerverwaltung +webpages.mainpage.menu.general.adminrequests=Offene Anfragen +webpages.mainpage.menu.interfederation=Interfederation + +webpages.interfederation.header=IDP Interfederation Konfiguration +webpages.interfederation.list.header=Liste aller konfiguerierten IDPs +webpages.inderfederation.moaid.header=Interfederation +webpages.inderfederation.moaid.businessServiceIDP=Privatwirtschaftlicher IDP +webpages.inderfederation.moaid.inboundSSO=Eingehendes SSO erlauben +webpages.inderfederation.moaid.outboundSSO=Ausgehendes SSO erlauben +webpages.inderfederation.moaid.storeSSOSession=SSO Session speichern +webpages.inderfederation.moaid.attributQueryURL=AttributQuery Service URL +webpages.inderfederation.moaid.sendPassivRequest=Verwende SAML2 isPassive Attribut +webpages.inderfederation.moaid.perfomLocalAuthOnError=Im Fehlerfall Authentifizierung lokal durchf\u00FChren +webpages.interfederation.new.header=Neuen Identity Provider hinzuf\u00FCgen +webpages.interfederation.new.vidp=STORK VIDP +webpages.interfederation.new.moaid=MOA-ID IDP +webpages.interfederation.new.gateway=STORK<->PVP Gateway +webpages.inderfederation.gateway.entityID=EntityID des PVP Portals + + + +webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert. +webpages.moaconfig.header=Allgemeine Konfiguration +webpages.oaconfig.general.publicURLPreFix=Public URL Prefix +webpages.moaconfig.defaultbkus.header=Default BKUs +webpages.moaconfig.slrequesttemplates.header=SecurityLayer Request Templates +webpages.moaconfig.slrequesttemplates.local=Locale BKU +webpages.moaconfig.slrequesttemplates.handy=Handy BKU +webpages.moaconfig.slrequesttemplates.online=Online BKU +webpages.moaconfig.certificates.header=Zertifikatspr\u00FCfung +webpages.moaconfig.certificates.certstore=CertStoreDirecorty +webpages.moaconfig.certificates.trustmanagerrev=TrustManagerRevocationChecking +webpages.moaconfig.certificates.trustCACerts=TrustedCACertificates +webpages.moaconfig.certificates.chainingmode=ChainingMode +webpages.moaconfig.timeout.header=Session TimeOuts +webpages.moaconfig.timeout.assertion=Anmeldedaten [sec] +webpages.moaconfig.timeout.MOASessionCreated=SSO Session authentifiziert [sec] +webpages.moaconfig.timeout.MOASessionUpdated=SSO Session letzter Zugriff [sec] +webpages.moaconfig.moasp.header=MOA-SP Konfiguration +webpages.moaconfig.moasp.idltrustprofile=Personenbindung Trustprofil +webpages.moaconfig.moasp.authtrustprofile=Authentfizierungsblock Trustprofil +webpages.moaconfig.moasp.authblocktransform=Authentfizierungsblock Transformationen +webpages.moaconfig.moasp.url=URL zum MOA-SP Service +webpages.moaconfig.identitylinksigners=IdentityLinkSigners +webpages.moaconfig.services.header=Externe Services +webpages.moaconfig.services.mandates=Online-Vollmachten Service URL +webpages.moaconfig.services.szrgw=SZR Gateway Service URL +webpages.moaconfig.sso.header=Single Sign-On +webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix +webpages.moaconfig.sso.FriendlyName=SSO Service Name +webpages.moaconfig.services.sso.Target=SSO Service Target +webpages.moaconfig.services.sso.SpecialText=SSO AuthBlockText +webpages.moaconfig.protocols.header=Protokolle +webpages.moaconfig.protocols.allowed.header=Protokolle aktivieren +webpages.moaconfig.protocols.legacy.header=Legacy Modus aktivieren +webpages.moaconfig.protocols.legacy.saml1=SAML1 +webpages.moaconfig.protocols.legacy.pvp2=PVP2.1 +webpages.moaconfig.protocols.oauth=OpenID Connect +webpages.moaconfig.protocols.saml1.header=SAML1 Konfiguration +webpages.moaconfig.protocols.saml1.sourceID=SourceID +webpages.moaconfig.protocols.pvp2.header=PVP2 Konfiguration +webpages.moaconfig.protocols.pvp2.PublicUrlPrefix=PVP2 Service URL-Prefix +webpages.moaconfig.protocols.pvp2.IssuerName=PVP Service Name +webpages.moaconfig.protocols.pvp2.org.header=Organisation +webpages.moaconfig.protocols.pvp2.org.name=Kurzbezeichnung +webpages.moaconfig.protocols.pvp2.org.displayname=Vollst\u00E4ndiger Name +webpages.moaconfig.protocols.pvp2.org.url=URL der Organisation +webpages.moaconfig.protocols.pvp2.contact.header=Kontaktdaten +webpages.moaconfig.protocols.pvp2.contact.surename=Familienname +webpages.moaconfig.protocols.pvp2.contact.givenname=Vorname +webpages.moaconfig.protocols.pvp2.contact.email=Mailadresse +webpages.moaconfig.protocols.pvp2.contact.company=Unternehmen +webpages.moaconfig.protocols.pvp2.contact.phone=Telefonnummer +webpages.moaconfig.protocols.pvp2.contact.type=Type des Kontakts +webpages.moaconfig.sl.transormations.header=SecurityLayer Transformationen +webpages.moaconfig.sl.transormations.filename=Dateiname +webpages.moaconfig.sl.transormations.upload=Neue Transformation hochladen + +webpages.listOAs.list.elInfo=Type +webpages.listOAs.list.first=Eindeutige Kennung +webpages.listOAs.list.second=Name der Online-Applikation + +webpages.searchoa.header=Online-Applikation suchen +webpages.searchoa.search.friendlyname=Name der Online-Applikation +webpages.searchoa.butten.search=Suchen + +webpages.oaconfig.header=Konfiguration der Onlineapplikation +webpages.oaconfig.general.isActive=Online-Applikation ist aktiviert +webpages.oaconfig.general.bku.header=BKU Konfiguration +webpages.oaconfig.general.bku.local=Locale BKU +webpages.oaconfig.general.bku.online=Online BKU +webpages.oaconfig.general.bku.handy=Handy BKU +webpages.oaconfig.general.bku.slversion=SecurityLayer Version +webpages.oaconfig.general.bku.keyboxidentifier=KeyBoxIdentifier +webpages.oaconfig.general.bku.legacy=SecurityLayerTemplates (Legacy Request) +webpages.oaconfig.general.bku.sltemplate.first=SecurityLayer Template +webpages.oaconfig.general.bku.sltemplate.second=SecurityLayer Template (WhiteList) +webpages.oaconfig.general.bku.sltemplate.third=SecurityLayer Template (WhiteList) + +webpages.oaconfig.general.bku.delete=L\u00F6schen +webpages.oaconfig.general.bku.bkuselection.header=BKU-Selection Template +webpages.oaconfig.general.bku.bkuselection.filename=Dateiname +webpages.oaconfig.general.bku.bkuselection.upload=Neues Template hochladen +webpages.oaconfig.general.bku.sendassertion.header=Send-Assertion Template +webpages.oaconfig.general.bku.sendassertion.filename=Dateiname +webpages.oaconfig.general.bku.sendassertion.upload=Neues Template hochladen + +webpages.oaconfig.bPKEncDec.header=Fremd-bPK Konfiguration +webpages.oaconfig.bPKEncDec.keystore.header=KeyStore Konfiguration +webpages.oaconfig.bPKEncDec.filename=Dateiname +webpages.oaconfig.bPKEncDec.delete=L\u00F6schen +webpages.oaconfig.bPKEncDec.upload=KeyStore hochladen +webpages.oaconfig.bPKEncDec.keyStorePassword=KeyStore Password +webpages.oaconfig.bPKEncDec.keyAlias=Schl\u00FCsselname +webpages.oaconfig.bPKEncDec.keyPassword=Schl\u00FCsselpassword + +webpages.oaconfig.general.identification=Eindeutiger Identifikatior (PublicURLPrefix) +webpages.oaconfig.general.mandate.header=Vollmachten +webpages.oaconfig.general.mandate.profiles=Profile +webpages.oaconfig.general.mandate.usemandate=Vollmachten (ja/nein) +webpages.oaconfig.general.friendlyname=Name der Online-Applikation +webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation +webpages.oaconfig.general.isstorkservice=Stork Applikation +webpages.oaconfig.general.public.header=Öffentlicher Bereich +webpages.oaconfig.general.stork.header=STORK Bereich +webpages.oaconfig.general.stork.countrycode=Landesvorwahl +webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar) +webpages.oaconfig.general.target.admin.checkbox=Anderen Bereich frei definieren +webpages.oaconfig.general.target.admin=Bereich (Frei w\u00E4hlbar) +webpages.oaconfig.general.target.friendlyname.disabled=Bezeichnung des Bereichs (vom Administrator eingestellt) +webpages.oaconfig.general.target.admin.disabled=Bereich (vom Administrator eingestellt) +webpages.oaconfig.general.target=Bereich (Target) +webpages.oaconfig.general.target.subsector=Sub-Bereich +webpages.oaconfig.general.target.subsector.checkbox=Target verfeinern +webpages.oaconfig.general.business.header=Privatwirtschaftlicher Bereich +webpages.oaconfig.general.business.value=Identifikationsnummer +webpages.oaconfig.general.business.type=Type der Identifikationsnummer +webpages.oaconfig.general.aditional.header=Zusätzliche allgemeine Einstellungen +webpages.oaconfig.general.aditional.authblocktext=AuthblockText +webpages.oaconfig.general.aditional.iframe=B\u00FCrgerkartenauswahl im IFrame +webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden +webpages.oaconfig.general.aditional.calculateHPI="TODO!" +webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden + +webpages.oaconfig.menu.saml1.show=SAML1 Konfiguration einblenden +webpages.oaconfig.menu.saml1.hidden=SAML1 Konfiguration ausblenden +webpages.oaconfig.menu.pvp2.show=PVP2 Konfiguration einblenden +webpages.oaconfig.menu.pvp2.hidden=PVP2 Konfiguration ausblenden +webpages.oaconfig.menu.oauth20.show=OAuth 2.0 Konfiguration einblenden +webpages.oaconfig.menu.oauth20.hidden=OAuth 2.0 Konfiguration ausblenden +webpages.oaconfig.menu.vidp.show=VIDP Konfiguration einblenden +webpages.oaconfig.menu.vidp.hidden=VIDP Konfiguration ausblenden + +webpages.oaconfig.menu.stork=STORK Konfiguration + +webpages.oaconfig.protocols.header=Authentifizierungsprotokolle + +webpages.oaconfig.general.BKUSelection.button.show=Login-Fenster Konfiguration einblenden +webpages.oaconfig.general.BKUSelection.button.hidden=Login-Fenster Konfiguration ausblenden +webpages.oaconfig.general.BKUSelection.header=Formularkonfiguration +webpages.oaconfig.general.BKUSelection.isOnlyMandateLoginAllowed=Nur Vollmachtenanmeldung erlauben +webpages.oaconfig.general.BKUSelection.backgroundcolor=Hintergrundfarbe der BKU-Auswahl +webpages.oaconfig.general.BKUSelection.frontcolor=Vordergrundfarbe der BKU-Auswahl +webpages.oaconfig.general.BKUSelection.header.backgroundcolor=Hintergrundfarbe der \u00DCberschrift +webpages.oaconfig.general.BKUSelection.header.frontcolor=Vordergrundfarbe der \u00DCberschrift +webpages.oaconfig.general.BKUSelection.header.text=\u00DCberschriftstext +webpages.oaconfig.general.BKUSelection.header.button.background=Hintergrundfarbe der Schaltfl\u00E4chen +webpages.oaconfig.general.BKUSelection.header.button.background.focus=Hintergrundfarbe der Schaltfl\u00E4chen (Focus) +webpages.oaconfig.general.BKUSelection.header.button.front=Vordergrundfarbe der Schaltfl\u00E4chen +webpages.oaconfig.general.BKUSelection.redirectTarget=Targetparameter +webpages.oaconfig.general.BKUSelection.fonttype=Formularschrifttyp +webpages.oaconfig.general.BKUSelection.fonttype.list=Formularschrifttypen +webpages.oaconfig.general.BKUSelection.header.applet.height=Appleth\u00F6he +webpages.oaconfig.general.BKUSelection.header.applet.width=Appletbreite + +webpages.oaconfig.general.testing.header=Test Identit\u00E4ten +webpages.oaconfig.general.testing.usetesting=Test Identit\u00E4ten erlauben +webpages.oaconfig.general.testing.oids=OIDs f\u00FCr Test Identit\u00E4ten einschr\u00E4nken. + +webpages.oaconfig.sso.header=Single Sign-On +webpages.oaconfig.sso.singlelogouturl=Single Log-Out URL +webpages.oaconfig.sso.useauthdataframe=Zus\u00E4tzliche Userabfrage +webpages.oaconfig.sso.usesso=Single Sign-On verwenden + +webpages.oaconfig.stork.header=Secure idenTity acrOss boRders linKed +webpages.oaconfig.stork.enabledcpeps=aktivierte Zielländer +webpages.oaconfig.stork.attributes.header=angeforderte Attribute +webpages.oaconfig.stork.attributes.used=anfordern? +webpages.oaconfig.stork.attributes.name=Attributname +webpages.oaconfig.stork.attributes.mandatory=obligatorisch? +webpages.oaconfig.stork.usestork=STORK Logon aktivieren +webpages.moaconfig.stork.pepslist=C-PEPS Konfiguration +webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren +webpages.moaconfig.stork.removepeps=l\u00F6schen +webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen +webpages.moaconfig.stork.attributes.heading=Attributkonfiguration +webpages.moaconfig.stork.attributes.new=Neues Attribut hinzuf\u00FCgen +webpages.moaconfig.stork.attributes.heading.name=Attributname +webpages.moaconfig.stork.attributes.heading.mandatory=zwingend +webpages.moaconfig.stork.attributes.remove=l\u00F6schen +webpages.moaconfig.stork.qaa=Mindest-QAA-Level f\u00FCr diese OA ausw\u00E4hlen + +webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration +webpages.oaconfig.saml1.isActice=SAML1 aktivieren +webpages.oaconfig.saml1.provideStammZahl=Stammzahl \u00FCbertragen +webpages.oaconfig.saml1.provideAuthBlock=Authentifizierungsblock \u00FCbertragen +webpages.oaconfig.saml1.provideIdentityLink=Personenbindung \u00FCbertragen +webpages.oaconfig.saml1.provideCertificate=Zertifikat \u00FCbertragen +webpages.oaconfig.saml1.provideFullMandateData=Vollst\u00E4ndige Vollmacht \u00FCbertragen +webpages.oaconfig.saml1.useCondition=Usecondition +webpages.oaconfig.saml1.conditionLength=ConditionLength +webpages.oaconfig.saml1.provideAllErrors=Fehlermeldungen an OA \u00FCbertragen + +webpages.oaconfig.protocols.pvp2.header=PVP2.x Konfiguration +webpages.oaconfig.pvp2.reload=PVP2.x konfiguration neu laden +webpages.oaconfig.pvp2.metaDataURL=URL zu den Metadaten +webpages.oaconfig.pvp2.certifcate=Zertifikat hochladen +webpages.oaconfig.pvp2.certifcate.info=Infos zum Zertifikat + +webpages.oaconfig.protocols.oauth20.header=OAuth 2.0 Konfiguration +webpages.oaconfig.oauth20.clientId=Client ID +webpages.oaconfig.oauth20.clientSecret=Client Passwort +webpages.oaconfig.oauth20.redirectUri=Redirect Uri + +webpages.oaconfig.vidp.enabled=VIDP interface aktiv +webpages.oaconfig.vidp.requireconsent=Zustimmung f\u00FCr das Ausliefern der Attribute vom Benutzer einholen? +webpages.oaconfig.vidp.ap.new=Neuen Attribut Provider erstellen +webpages.oaconfig.vidp.ap.remove=Entfernen +webpages.oaconfig.vidp.ap.list=Liste der konfigurierten Attribut Provider + + +message.title=Meldung: +webpages.oaconfig.success=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. +webpages.oaconfig.success.admin=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. Es ist jedoch eine Aktivierung durch den Administrator erforderlich. +webpages.oaconfig.cancle=Die Bearbeitung der Online-Applikation {0} wurde abgebrochen. +webpages.idp.success=Der IdentityProvider {0} konnte erfolgreich gespeichert werden. +webpages.idp.cancle=Die Bearbeitung des IdentityProvider {0} wurde abgebrochen. + +webpages.oaconfig.delete.message=Die Online-Applikation {0} wurde erfolgreich gel\u00F6scht. +webpages.oaconfig.delete.error=Die Online-Applikation {0} konnte nicht gel\u00F6scht werden. + +webpages.edit.save=\u00C4nderungen Speichern +webpages.edit.back=Zur\u00FCck und \u00C4nderungen verwerfen +webpages.edit.delete=Online-Applikation l\u00F6schen + +webpages.header.info=Sie sind angemeldet als: +webpages.header.lastlogin=Letzte Anmeldung am: + +webpages.openadminrequests.header=Offene Antr\u00E4ge +webpages.openadminrequests.users.header=Benutzeraccounts +webpages.openadminrequests.oas.header=Online-Applikationen + + +validation.newuser.mailaddress=Die Validierung der Mailadresse konnte erfolgreich durchgef\u00FChrt werden. + +validation.edituser.familyname.empty=Der Familienname ist leer. +validation.edituser.familyname.valid=Der Familienname enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.givenname.empty=Der Vorname ist leer. +validation.edituser.givenname.valid=Der Vorname enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.institut.empty=Die Organisation ist leer. +validation.edituser.institut.valid=Die Organisation enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.mail.empty=Die EMail Adresse ist leer. +validation.edituser.mail.valid=Die EMail Adresse hat kein g\u00FCltiges Format. +validation.edituser.phone.empty=Die Telefonnummer ist leer. +validation.edituser.phone.valid=Die Telefonnummer hat kein g\u00FCltiges Form +validation.edituser.username.empty=Der Benutzername ist leer. +validation.edituser.username.valid=Der Benutzername enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.username.duplicate=Der Benutzername ist bereits vergeben +validation.edituser.password.empty=Das Passwort ist leer. +validation.edituser.password.valid=Das Passwort konnte nicht in einen g\u00FCltigen Schl\u00FCssel transferiert werden. +validation.edituser.password.equal=Die Passw\u00F6rter sind nicht identisch. +validation.edituser.bpk.valid=Die BPK enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} + +validation.general.SAML1SourceID=Die SAML1SourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.publicURLprefix.empty=Public URL Prefix Feld ist leer. +validation.general.publicURLprefix.valid=Public URL Prefix hat kein g\u00FCltiges Format. +validation.general.businessservice.empty=Die Application ist weder dem \u00F6ffentlichen noch dem privaten Sektor zugeordnet. +validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer. +validation.general.certStoreDirectory.valid=Das CertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.Defaultchainigmode.empty=Es wurde kein DefaultChainingMode gew\u00E4hlt. +validation.general.Defaultchainigmode.valid=Der DefaultChainingMode enth\u00E4lt einen ung\u00F6ltigen Wert. +validation.general.IdentityLinkSigners.empty=Es wurde kein IdentityLinkSigner angegeben +validation.general.IdentityLinkSigners.valid=Der IdentityLinkSigner in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1} +validation.general.mandateservice.valid=Die URL zum Online-Vollmachten Service hat kein g\u00F6ltiges Format. +validation.general.moasp.auth.transformation.empty=Die Transformation f\u00F6r den Authentfizierungsblock ist leer. +validation.general.moasp.auth.transformation.valid=Die Transformation f\u00F6r den Authentfizierungsblock in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1} +validation.general.moasp.auth.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock ist leer. +validation.general.moasp.auth.trustprofile.valid=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.moasp.idl.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung der Personenbindung ist leer. +validation.general.moasp.idl.trustprofile.valid=Das TrustProfile zur Pr\u00F6fung der Personenbindung enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.moaspss.url.valid=Die URL zum MOA-SP/SS Service hat kein g\u00F6ltiges Format. +validation.general.protocol.pvp2.issuername.valid=PVP2\: Service Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.org.displayname.valid=PVP2 Organisation\: Vollst\u00E4ndiger Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.org.name.valid=PVP2 Organisation\: Kurzbezeichnung enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.org.url.valid=PVP2 Organisation\: URL hat kein g\u00F6ltiges Format. +validation.general.protocol.pvp2.serviceurl.valid=PVP2\: Service URL-Prefix hat kein g\u00F6ltiges Format. +validation.general.protocol.pvp2.contact.company.valid=PVP2 Kontaktdaten\: Der Firmenname enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.contact.givenname.valid=PVP2 Kontaktdaten\: Der Familienname enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.contact.surename.valid=PVP2 Kontaktdaten\: Der Vorname enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.contact.type.valid=PVP2 Kontaktdaten: Der angegebene Kontakttyp existiert nicht. +validation.general.protocol.pvp2.contact.mail.valid=PVP2 Kontaktdaten\: Die EMail Adresse ist nicht g\u00FCltig. +validation.general.protocol.pvp2.contact.phone.valid=PVP2 Kontaktdaten\: Die Telefonnummer ist nicht g\u00FCltig. +validation.general.timeouts.assertion.valid=Das Feld Assertion TimeOut hat keinen g\u00F6ltigen Wert. +validation.general.timeouts.moasessioncreated.valid=Das Feld MOASessionCreated TimeOut hat keinen g\u00FCltigen Wert. +validation.general.timeouts.moasessionupdated.valid=Das Feld MOASessionUpdated TimeOut hat keinen g\u00FCltigen Wert. + +validation.general.slrequest.handy.empty=Die URL zum SecurityLayer Template f\u00F6r die Handy-BKU ist leer. +validation.general.slrequest.handy.valid=Die URL zum SecurityLayer Template f\u00F6r die Handy-BKU hat kein g\u00F6ltiges Format. +validation.general.slrequest.local.empty=Die URL zum SecurityLayer Template f\u00F6r die locale BKU ist leer. +validation.general.slrequest.local.valid=Die URL zum SecurityLayer Template f\u00F6r die locale BKU hat kein g\u00F6ltiges Format. +validation.general.slrequest.online.empty=Die URL zum SecurityLayer Template f\u00F6r die Online-BKU ist leer. +validation.general.slrequest.online.valid=Die URL zum SecurityLayer Template f\u00F6r die Online-BKU hat kein g\u00F6ltiges Format. +validation.general.sso.friendlyname.valid=Der SSO Service Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.sso.identificationnumber.valid=Die SSO IdentificationNumber enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.sso.publicurl.valid=Der SSO Service URL-Prefix hat kein g\u00F6ltiges Format. +validation.general.sso.specialauthtext.valid=Der SSO AuthBlockText enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.sso.target.empty=Das SSO Target Feld ist leer. +validation.general.sso.target.valid=Das SSO Target Feld enth\u00E4lt ein ung\u00FCltiges Target. +validation.general.szrgw.url.valid=Die URL des SZR Gateways hat kein g\u00F6ltiges Format. +validation.general.trustedcacerts.empty=Das Feld TrustedCACertificates ist leer. +validation.general.trustedcacerts.valid=Das Feld TrustedCACertificates enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.slrequest.filename.valid=Der Dateiname der angegebenen SecurtityLayer Transformation enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.slrequest.file.valid=Die angegebenen AuthBlock Transformation konnte nicht geladen werden. +validation.general.slrequest.file.empty=Die AuthBlock Transformation ist leer. + +validation.general.aditionalauthblocktext=Der Zusatztext f\u00FCr den AuthBlock enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.bku.handy.empty=Die URL f\u00FCr die Handy-BKU ist leer. +validation.general.bku.handy.valid=Die URL f\u00FCr die Handy-BKU hat kein g\u00FCltiges Format. +validation.general.bku.local.empty=Die URL f\u00FCr die lokale BKU ist leer. +validation.general.bku.local.valid=Die URL f\u00FCr die locale BKU hat kein g\u00FCltiges Format. +validation.general.bku.online.empty=Die URL f\u00FCr die Online-BKU ist leer. +validation.general.bku.online.valid=Die URL f\u00FCr die Online-BKU hat kein g\u00FCltiges Format. +validation.general.oafriendlyname.empty=Es wurde kein Name f\u00FCr die Online-Applikation angegeben. +validation.general.oafriendlyname.valid=Der Name der Online-Applikation enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.keyboxidentifier.empty=Es wurde kein KeyBoxIdentifier ausgew\u00E4hlt. +validation.general.keyboxidentifier.valid=Der KeyBoxIdentifier hat ein ung\u00FCltiges Format. +validation.general.sltemplates.empty=Wenn der Legacymodus verwendet werden soll muss zumindest ein SecurityLayer Template angegeben werden. +validation.general.sltemplate1.valid=Die erste SecurityLayer Template URL hat kein g\u00FCltiges Format. +validation.general.sltemplate2.valid=Die zweite SecurityLayer Template URL hat kein g\u00FCltiges Format. +validation.general.sltemplate3.valid=Die dritte SecurityLayer Template URL hat kein g\u00FCltiges Format. +validation.general.mandate.profiles=Die Liste von Vollmachtsprofilen enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.mandate.usemandate=Die Konfiguration von Vollmachtsprofile ist nur mit aktivierten Vollmachten m\u00F6glich. +validation.general.target.empty=Der Target f\u00FCr die Online-Applikation ist leer. +validation.general.target.valid=Der Target f\u00FCr die Online-Applikation hat kein g\u00FCltiges Format. +validation.general.target.subsector.valid=Der Target-Subsektor hat kein g\u00FCltiges Format. +validation.general.target.admin.valid=Der Admin-Target f\u00FCr die Online-Applikation hat kein g\u00FCltiges Format. +validation.general.target.publicserviceurl=Die Domain des eindeutigen Identifiers f\u00FCr die Online-Applikation erlaubt nur Applikationen aus dem privatwirtschaftlichen Bereich. +validation.general.slversion=Die SecurityLayer Version ist kein Zahlenformat. +validation.general.slversion.business=Im privatwirtschaftlichen Bereich muss die SecurityLayerversion mindestes 1.2 betragen. Die SLVersion wurde auf 1.2 ge\u00E4ndert. +validation.general.targetfriendlyname=Der Name des Bereichs (Target) enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.identificationtype.valid=Der Identifikationstype wird nicht unterst\u00FCtzt. +validation.general.identificationnumber.empty=Im privatwirtschaftlichen Bereich ist eine Identifikationsnummer erforderlich. +validation.general.identificationnumber.valid=Die Identifikationsnummer f\u00FCr den privatwirtschaftlichen Bereich enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.identificationnumber.fn.valid=Die Firmenbuchnummer hat kein g\u00FCltiges Format. +validation.general.oaidentifier.empty=Es wurde kein eindeutiger Identifier f\u00FCr die Online-Applikation angegeben. +validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation ist keine g\u00FCltige URL. +validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifier ist bereits vorhanden. Eine Eintragung der Online-Applikation ist nicht m\u00F6glich. +validation.general.stork.sptarget=Der STORK SP-Target ist leer. +validation.general.stork.sptargetsize=Die Definition von STORK SP-Target ist nicht korrekt: zu viele Buchstaben. +validation.general.bkuselection.filename.valid=Der Dateiname des BKU-Selektion Templates enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.bkuselection.file.valid=Das BKU-Selektion Templates konnte nicht geladen werden. +validation.general.bkuselection.file.selected=Es kann nur EIN BKU-Selektion Template angegeben werden. +validation.general.sendassertion.filename.valid=Der Dateiname des Send-Assertion Templates enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.sendassertion.file.valid=Das Send-Assertion Templates konnte nicht geladen werden. +validation.general.sendassertion.file.selected=Es kann nur EIN Send-Assertion Template angegeben werden. +validation.general.testcredentials.oid.valid=Die Testdaten OID {0} ist ung\u00FCltig. + +validation.bPKDec.keyStorePassword.empty=Das Password f\u00FCr den KeyStore ist leer. +validation.bPKDec.keyStorePassword.valid=Das Password f\u00FCr den KeyStore enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.bPKDec.keyAlias.empty=Der Schl\u00FCsselname ist leer. +validation.bPKDec.keyAlias.valid=Der Schl\u00FCsselname enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.bPKDec.keyPassword.empty=Das Password f\u00FCr den privaten Schl\u00FCssel ist leer. +validation.bPKDec.keyPassword.valid=Das Password f\u00FCr den privaten Schl\u00FCssel enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.bPKDec.keyStore.filename.valid=Der Dateiname des KeyStores enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.bPKDec.keyStore.file.valid=Der KeyStore konnte nicht geladen oder ge\u00F6ffnet werden. Eventuell sind das Passwort oder der Schl\u00FCsselname nicht korrekt. +validation.bPKDec.keyStore.file.selected=Es kann nur EIN KeyStore angegeben werden. + +validation.stork.cpeps.cc=CPEPS L\u00E4ndercode folgt nicht ISO 3166-2 +validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig +validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig +validation.stork.cpeps.duplicate=L\u00E4ndercodes sind nicht eindeutig +validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2 +validation.stork.qaa.outofrange=G\u00FCltige QAA Werte sind 1, 2, 3, und 4 +validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein +validation.stork.ap.url.valid=Ung\u00FCltige AttributProvider Url +validation.stork.ap.name.empty=Ung\u00FCltiger AttributProvider Name +validation.stork.ap.name.valid=Ung\u00FCltiger AttributProvider Name +validation.stork.ap.attributes.valid=Ung\u00FCltige Attributconfiguration f\u00FCr ein Attribut Provider Plugin. Feld darf nicht leer sein und ist als csv anzugeben. + +validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. +validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. +validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten keine Informationen abgerufen werden. +validation.pvp2.metadata.verify.sig=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden. +validation.pvp2.metadata.verify.schema=Die Schema-Validierung der Metadaten ist fehlgeschlagen. +validation.pvp2.metadata.verify.general=Bei der Validierung der Metadaten ist ein allgemeiner Fehler aufgetreten. +validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf. +validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt. +validation.pvp2.metadata.ssl=Das SSL Serverzertifikat des Metadaten Service ist nicht vertrauensw\u00FCrdig. +validation.pvp2.metadata.validation=Die Metadaten konnten von der angegebenen URL geladen werden, jedoch schlug die Validierung der Metadaten fehl. + +validation.sso.logouturl.empty=Eine URL zum Single Log-Out Service ist erforderlich. +validation.sso.logouturl.valid=Die URL zum Single Log-Out Service wei\u00DFt kein g\u00FCltiges Format auf. + +validation.interfederation.moaidp.queryurl.valid=Die URL zum AttributQuery Service wei\u00DFt kein g\u00FCltiges Format auf. +validation.interfederation.moaidp.queryurl.empty=Die URL zum AttributQuery Service muss konfiguriert werden. +validation.interfederation.moaidp.metadataurl.publicservice=Die Domain des Metadaten Services f\u00FCr diesen IDP erlaubt nur Applikationen aus dem privatwirtschaftlichen Bereich. +validation.interfederation.gateway.entityID.valid=Die EntityID zum PVP Portal wei\u00DFt kein g\u00FCltiges Format auf. +validation.interfederation.gateway.entityID.empty=Die EntityID zum PVP Portal muss konfiguriert werden. + +validation.saml1.providestammzahl=ProvideStammZahl kann nicht mit Applikationen aus dem privatwirtschaftlichen Bereich kombiniert werden. + +validation.general.bkuselection.specialfeatures.valid=Die speziellen Einstellungen f\u00FCr die BKU Auswahl (Vollmachtsanmeldung ausblenden / zwingend voraussetzen) k\u00F6nnen nicht in Kombination mit SSO verwendet werden. +validation.general.bkuselection.specialfeatures.combination=Eine zwingend erforderliche Vollmachtenanmeldung in Kombination mit einer ausgeblendeten Vollmachtenauswahlcheckbox ist nicht m\u00F6glich. +validation.general.form.color.background=Die Hintergrundfarbe f\\u00FCr die BKU Auswahl enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.color.front=Die Vordergrundfarbe f\\u00FCr die BKU Auswahl enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.header.color.back=Die Hintergrundfarbe der BKU-Auswahl\\u00FCberschrift enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.header.color.front=Die Vordergrundfarbe der BKU-Auswahl\\u00FCberschrift enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.header.text=Die BKU-Auswahl\\u00FCberschrift enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.form.button.color.back.focus=Die Hintergrundfarbe f\\u00FCr Focus der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.button.color.back=Die Hintergrundfarbe der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.button.color.front=Die Vordergrundfarbe der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.appletredirecttarget=Der RedirectTarget beinhaltet einen ung\\u00FCltiten Wert. +validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.form.applet.width=Die Appleth\u00F6he ist keine g\\u00FCltige Zahl. +validation.general.form.applet.height=Die Appletbreite ist keine g\\u00FCltige Zahl. diff --git a/id/moa-id-webgui/src/main/resources/applicationResources_en.properties b/id/moa-id-webgui/src/main/resources/applicationResources_en.properties new file mode 100644 index 000000000..420ac27ec --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/applicationResources_en.properties @@ -0,0 +1,522 @@ +title=MOA-ID 2.x Configuration Tool + + +config.01=Configfile is not found. ({0}) +config.02=Configfile is not readable. ({0}) +config.03=Hibernate Database connector can not be initialized +config.04=OpenSAML (PVP2 Login) can not be initialized +config.05=Configuration file is not defined +config.06=Configfile {1} does not start with {0} prefix. + +error.title=Error: +error.login.internal=The error occurred during the processing. Please try again or contact Administrator. +error.general.text=During the processing the error condition occured. Please try again or contact the administrator. +errors.listOAs.noOA=There is no Online-Application found in the database. +errors.listIDPs.noIDP=There is no interfederation IdentityProvider found in the database. +errors.edit.oa.oaid=There is no valid Online-Application ID transfered. +errors.edit.oa.oaid.allowed=You do not possess the necessary rights in order to access this Online-Application. +error.oa.pvp2.certificate=Provided PVP2 certificate could not be read. +error.db.oa.store=The configuration could not be saved in the database. +errors.notallowed=You do not posses necessary righs in order to use this function. +errors.importexport.nofile=There is no file provided. +errors.importexport.legacyimport=The Import of the legacy configuration was interrupted due to the error. (Error={0}). +errors.importexport.export=The MOA-ID 2.x configuration could not be exported to XML file. (Error={0}) +errors.importexport.import=The import of XML configuration was interrupted due to the error. (Error={0}). +errors.importexport.export.noconfig=The configuration could not be exported as there is no MOA-ID configuration available. +errors.edit.user.userid=There is no valid user ID provided. +errors.edit.user.save=The user could not be inserted in the database. +errors.edit.user.notallowed=The editing of the other users configuration can be only done by administrators. +error.login=The login procedure was interrupted. Please try again. +error.mail.send=The message could not be sent to the provided address. +error.mail.verification=The verification procedure was interrupted due to the error. Please try again. +error.editoa.mailverification=The administration of the Online-Applications is temporarly deactivated because the email address of user's account is not verified. +error.bkuformpreview.notpossible="The preview could not be generated as due to internal error." +error.oa.oauth.redirecturi=Redirect URL ist not valid URL +error.oa.oauth.clientSecret=Client-Secret cannot be blank +error.oa.oauth.keyname=Key-Name cannot be blank +error.oa.oauth.keystore=Keystore cannot be blank and has to be provided in the form of valid URL. + +mail.userrequest.subject=Requesting accounts - MOA-ID 2.x Config Tool + + +webpages.slo.error=LogOut process finished with an error. For security reasons, please close your browser. +webpages.slo.success=LogOut process finished successful + +webpages.error.header=The error occured +webpages.index.header=Welcome to MOA-ID 2.x Configuration +webpages.index.desciption.head=In order to use this service you should log in +webpages.index.login=Login +webpages.index.logout=Logout +webpages.index.login.pvp2=Login with Buergerkarte or Handy-Signature +webpages.index.login.notallowed=The user name or password are wrong, or the user account is not activated. +webpages.index.username.unkown=The user is unknown. +webpages.index.username.notactive=The user is still not activated by the administrator. +webpages.index.password.false=The password is not valid. + +webpages.inportexport.header=Import/export configuration +webpages.inportexport.success=The configuration was imported successfully +webpages.inportexport.legacyimport.header=Import legacy configuration (MOA-ID < 2.0) +webpages.inportexport.legacyimport.upload=Legacy configuration +webpages.edit.import=Import +webpages.edit.export=Export +webpages.inportexport.import.header=MOA-ID 2.x configuration +webpages.inportexport.import.upload=Import configuration +webpages.inportexport.import.download=Export configuration +webpages.inportexport.descripten=WARNING\: The imported configuration will completely replace currently active configuration\! + +webpages.usermanagement.newuser=Create new user +webpages.usermanagement.header=User management +webpages.listUsers.list.header=List all users +webpages.listUsers.list.first=Surname-/Company +webpages.listUsers.list.second=Name +webpages.listUsers.list.third=User name +webpages.edituser.header=User data +webpages.edituser.givenname=Name +webpages.edituser.familyName=Surname +webpages.edituser.institut=Organization +webpages.edituser.phone=Phone number +webpages.edituser.mail=Email Address +webpages.edituser.access.header=Login +webpages.edituser.username=User name +webpages.edituser.password=Password +webpages.edituser.password_second=Repeat password +webpages.edituser.bpk=BPK +webpages.edituser.role.header=Rights and roles +webpages.edituser.active=The user is activated +webpages.edituser.admin=The user is admin +webpages.edit.delete.user=Remove user +webpages.edit.newUser=Request new user +webpages.edituser.isusernamepasswordallowed=Allow username/password +webpages.edituser.changemailaddress.verify=Your email address should be verified, in order to be able to manage Online-Applications. The verification email has been already sent to your email-address. +webpages.edituser.verify.mail.button=Check email address +webpages.edituser.verify.mail.message=Verification email has been sent to your inbox. + +webpages.mainpage.menu.oa.insert=Create new application +webpages.mainpage.menu.oa.display=My applications +webpages.mainpage.menu.oa.search=Find application +webpages.mainpage.menu.general.user=My data +webpages.mainpage.menu.general.importexport=Import/export +webpages.mainpage.menu.general.config.moaid=General configuration +webpages.mainpage.menu.general.usermanagement=User management +webpages.mainpage.menu.general.adminrequests=Open requests + +webpages.mainpage.menu.interfederation=Interfederation +webpages.interfederation.header=IDP Interfederation Configuration +webpages.interfederation.list.header=List of all interfederation IDPs +webpages.inderfederation.moaid.businessServiceIDP=BusinessService IDP +webpages.inderfederation.moaid.header=Interfederation +webpages.inderfederation.moaid.inboundSSO=Allow inbound SSO +webpages.inderfederation.moaid.outboundSSO=Allow outbound SSO +webpages.inderfederation.moaid.storeSSOSession=Store SSO session +webpages.inderfederation.moaid.attributQueryURL=AttributQuery service URL +webpages.inderfederation.moaid.sendPassivRequest=Use SAML2 isPassive attribute +webpages.inderfederation.moaid.perfomLocalAuthOnError=Local authentication in case of an error +webpages.interfederation.new.header=Add new Identity Provider +webpages.interfederation.new.vidp=STORK VIDP +webpages.interfederation.new.moaid=MOA-ID IDP +webpages.interfederation.new.gateway=STORK<->PVP Gateway +webpages.inderfederation.gateway.entityID=PVP portal EntityID + +webpages.moaconfig.save.success=MOA-ID has been successfully saved. +webpages.moaconfig.header=General configuration +webpages.oaconfig.general.publicURLPreFix=Public URL Prefix +webpages.moaconfig.defaultbkus.header=Default CCE +webpages.moaconfig.slrequesttemplates.header=SecurityLayer Request Templates +webpages.moaconfig.slrequesttemplates.local=Local CCE +webpages.moaconfig.slrequesttemplates.handy=Mobile CCE +webpages.moaconfig.slrequesttemplates.online=Online CCE +webpages.moaconfig.certificates.header=Certificate check +webpages.moaconfig.certificates.certstore=CertStoreDirectory +webpages.moaconfig.certificates.trustmanagerrev=TrustManagerRevocationChecking +webpages.moaconfig.certificates.trustCACerts=TrustedCACertificates +webpages.moaconfig.certificates.chainingmode=ChainingMode +webpages.moaconfig.timeout.header=Session TimeOuts +webpages.moaconfig.timeout.assertion=Assertion [sec] +webpages.moaconfig.timeout.MOASessionCreated=SSO Session authenticated [sec] +webpages.moaconfig.timeout.MOASessionUpdated=SSO Session last access[sec] +webpages.moaconfig.moasp.header=MOA-SP configuration +webpages.moaconfig.moasp.idltrustprofile=Trustprofile for IdentityLink +webpages.moaconfig.moasp.authtrustprofile=Trustprofile for authentication block +webpages.moaconfig.moasp.authblocktransform=Transformations for authentication block +webpages.moaconfig.moasp.url=URL for MOA-SP Service +webpages.moaconfig.identitylinksigners=IdentityLinkSigners +webpages.moaconfig.services.header=External Services +webpages.moaconfig.services.mandates=Online-Mandate Service URL +webpages.moaconfig.services.szrgw=SZR Gateway Service URL +webpages.moaconfig.sso.header=Single Sign-On +webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix +webpages.moaconfig.sso.FriendlyName=SSO Service Name +webpages.moaconfig.services.sso.Target=SSO Service Target +webpages.moaconfig.services.sso.SpecialText=SSO AuthBlockText +webpages.moaconfig.protocols.header=Logging +webpages.moaconfig.protocols.allowed.header=Activate logging +webpages.moaconfig.protocols.legacy.header=Activate Legacy Mode +webpages.moaconfig.protocols.legacy.saml1=SAML1 +webpages.moaconfig.protocols.legacy.pvp2=PVP2.1 +webpages.moaconfig.protocols.oauth=OpenID Connect +webpages.moaconfig.protocols.saml1.header=SAML1 Configuration +webpages.moaconfig.protocols.saml1.sourceID=SourceID +webpages.moaconfig.protocols.pvp2.header=PVP2 Configuration +webpages.moaconfig.protocols.pvp2.PublicUrlPrefix=PVP2 Service URL-Prefix +webpages.moaconfig.protocols.pvp2.IssuerName=PVP Service Name +webpages.moaconfig.protocols.pvp2.org.header=Organization +webpages.moaconfig.protocols.pvp2.org.name=Short description +webpages.moaconfig.protocols.pvp2.org.displayname=Complete name +webpages.moaconfig.protocols.pvp2.org.url=Organization's URL +webpages.moaconfig.protocols.pvp2.contact.header=Contact data +webpages.moaconfig.protocols.pvp2.contact.surename=Surname +webpages.moaconfig.protocols.pvp2.contact.givenname=Name +webpages.moaconfig.protocols.pvp2.contact.email=E-mail address +webpages.moaconfig.protocols.pvp2.contact.company=Company +webpages.moaconfig.protocols.pvp2.contact.phone=Phone number +webpages.moaconfig.protocols.pvp2.contact.type=Contact type +webpages.moaconfig.sl.transormations.header=SecurityLayer Transformations +webpages.moaconfig.sl.transormations.filename=File name +webpages.moaconfig.sl.transormations.upload=Upload new transformations + +webpages.listOAs.list.elInfo=Type +webpages.listOAs.list.first=Unique identifier +webpages.listOAs.list.second=Name of the Online-Application + +webpages.searchoa.header=Find Online-Application +webpages.searchoa.search.friendlyname=Name of the Online-Applikation +webpages.searchoa.butten.search=Search + +webpages.oaconfig.header=Configuration of the Online-Application +webpages.oaconfig.general.isActive=Online-Application is activated +webpages.oaconfig.general.bku.header=CCE configuration +webpages.oaconfig.general.bku.local=Local CCE +webpages.oaconfig.general.bku.online=Online CCE +webpages.oaconfig.general.bku.handy=Mobile CCE +webpages.oaconfig.general.bku.slversion=SecurityLayer Version +webpages.oaconfig.general.bku.keyboxidentifier=KeyBoxIdentifier +webpages.oaconfig.general.bku.legacy=SecurityLayerTemplates (Legacy Request) +webpages.oaconfig.general.bku.sltemplate.first=SecurityLayer Template +webpages.oaconfig.general.bku.sltemplate.second=SecurityLayer Template (WhiteList) +webpages.oaconfig.general.bku.sltemplate.third=SecurityLayer Template (WhiteList) + +webpages.oaconfig.general.testing.header=Test Credentials +webpages.oaconfig.general.testing.usetesting=Allow test credentials +webpages.oaconfig.general.testing.oids=Use special test credential OIDs + +webpages.oaconfig.general.bku.delete=Remove +webpages.oaconfig.general.bku.bkuselection.header=CCE-Selection Template +webpages.oaconfig.general.bku.bkuselection.filename=Filename +webpages.oaconfig.general.bku.bkuselection.upload=Upload new template +webpages.oaconfig.general.bku.sendassertion.header=Send-Assertion Template +webpages.oaconfig.general.bku.sendassertion.filename=Filename +webpages.oaconfig.general.bku.sendassertion.upload=Upload new template + +webpages.oaconfig.bPKEncDec.header=Foreign-bPK Configuration +webpages.oaconfig.bPKEncDec.keystore.header=Keystore configuration +webpages.oaconfig.bPKEncDec.filename=Filename +webpages.oaconfig.bPKEncDec.delete=Remove +webpages.oaconfig.bPKEncDec.upload=Upload new keystore +webpages.oaconfig.bPKEncDec.keyStorePassword=Keystore password +webpages.oaconfig.bPKEncDec.keyAlias=Key alias +webpages.oaconfig.bPKEncDec.keyPassword=Key password + +webpages.oaconfig.general.identification=Unique identifier (PublicURLPrefix) +webpages.oaconfig.general.mandate.header=Mandates +webpages.oaconfig.general.mandate.profiles=Profile +webpages.oaconfig.general.mandate.usemandate=Mandates (ja/nein) +webpages.oaconfig.general.friendlyname=Name of the Online-Application +webpages.oaconfig.general.isbusinessservice=Private sector application +webpages.oaconfig.general.isstorkservice=Stork application +webpages.oaconfig.general.public.header=Public sector +webpages.oaconfig.general.stork.header=STORK sector +webpages.oaconfig.general.stork.countrycode=Country code +webpages.oaconfig.general.target.friendlyname=Name of the sector (arbitrary defined) +webpages.oaconfig.general.target.admin.checkbox=Define other sector arbitrary +webpages.oaconfig.general.target.admin=Sector (arbitrary defined) +webpages.oaconfig.general.target.friendlyname.disabled=Name of the sector (defined by admin) +webpages.oaconfig.general.target.admin.disabled=Sector (defined by admin) +webpages.oaconfig.general.target=Sector (Target) +webpages.oaconfig.general.target.subsector=Sub-sector +webpages.oaconfig.general.target.subsector.checkbox=Refine target +webpages.oaconfig.general.business.header=Private sector +webpages.oaconfig.general.business.value=Identification number +webpages.oaconfig.general.business.type=Type of identification number +webpages.oaconfig.general.aditional.header=Additional general settings +webpages.oaconfig.general.aditional.authblocktext=AuthblockText +webpages.oaconfig.general.aditional.iframe=Selection of citizen card in IFrame +webpages.oaconfig.general.aditional.useUTC=Use UTC time +webpages.oaconfig.general.aditional.calculateHPI="TODO!" +webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock + +webpages.oaconfig.menu.saml1.show=Show SAML1 configuration +webpages.oaconfig.menu.saml1.hidden=Hide SAML1 configuration +webpages.oaconfig.menu.pvp2.show=Show PVP2 configuration +webpages.oaconfig.menu.pvp2.hidden=Hide PVP2 configuration +webpages.oaconfig.menu.oauth20.show=Show OAuth 2.0 configuration +webpages.oaconfig.menu.oauth20.hidden=Hide OAuth 2.0 configuration +webpages.oaconfig.menu.vidp.show=Show VIDP configuration +webpages.oaconfig.menu.vidp.hidden=Hide VIDP configuration + +webpages.oaconfig.menu.stork=STORK configuration + +webpages.oaconfig.protocols.header=Authentication protocols + +webpages.oaconfig.general.BKUSelection.button.show=Show configuration of login window +webpages.oaconfig.general.BKUSelection.button.hidden=Hide configuration of login window +webpages.oaconfig.general.BKUSelection.header=Configuration of form +webpages.oaconfig.general.BKUSelection.isOnlyMandateLoginAllowed=Allow mandated login only +webpages.oaconfig.general.BKUSelection.backgroundcolor=Background color of CCE-Auswahl +webpages.oaconfig.general.BKUSelection.frontcolor=Foreground color of CCE-Auswahl +webpages.oaconfig.general.BKUSelection.header.backgroundcolor=Background color of header +webpages.oaconfig.general.BKUSelection.header.frontcolor=Foreground color of header +webpages.oaconfig.general.BKUSelection.header.text=Header text +webpages.oaconfig.general.BKUSelection.header.button.background=Background color of button +webpages.oaconfig.general.BKUSelection.header.button.background.focus=Background color of button (focus) +webpages.oaconfig.general.BKUSelection.header.button.front=Foreground color of buton +webpages.oaconfig.general.BKUSelection.redirectTarget=Targetparameter +webpages.oaconfig.general.BKUSelection.fonttype=Form font type +webpages.oaconfig.general.BKUSelection.fonttype.list=Form font type list +webpages.oaconfig.general.BKUSelection.header.applet.height=Height of applet +webpages.oaconfig.general.BKUSelection.header.applet.width=Width of applet + +webpages.oaconfig.sso.header=Single Sign-On +webpages.oaconfig.sso.singlelogouturl=Single Log-Out URL +webpages.oaconfig.sso.useauthdataframe=Additional user request +webpages.oaconfig.sso.usesso=Use Single Sign-On + +webpages.oaconfig.stork.header=Secure idenTity acrOss boRders linKed +webpages.oaconfig.stork.usestork=Activate STORK Logon +webpages.oaconfig.stork.attributes.header=requested attributes +webpages.oaconfig.stork.attributes.used=require? +webpages.oaconfig.stork.attributes.name=Attribute name +webpages.oaconfig.stork.attributes.mandatory=mandatory? +webpages.oaconfig.stork.enabledcpeps=activated target countries +webpages.moaconfig.stork.pepslist=C-PEPS configuration +webpages.moaconfig.stork.newpeps=Configure new PEPS +webpages.moaconfig.stork.removepeps=remove +webpages.moaconfig.stork.qaa.default=Select standard QAA-Level +webpages.moaconfig.stork.attributes.heading=Configuration of attributes +webpages.moaconfig.stork.attributes.new=Add new attribute +webpages.moaconfig.stork.attributes.heading.name=Name of attribute +webpages.moaconfig.stork.attributes.heading.mandatory=mandatory +webpages.moaconfig.stork.attributes.remove=remove +webpages.moaconfig.stork.qaa=Select minimal QAA-Level for current OA + +webpages.oaconfig.protocols.saml1.header=SAML1 configuration +webpages.oaconfig.saml1.isActice=Activate SAML1 +webpages.oaconfig.saml1.provideStammZahl=Transfer SourcePIN +webpages.oaconfig.saml1.provideAuthBlock=Transfer Authentication block +webpages.oaconfig.saml1.provideIdentityLink=Transfer IdentityLink +webpages.oaconfig.saml1.provideCertificate=Transfer certificate +webpages.oaconfig.saml1.provideFullMandateData=Transfer complete mandate data +webpages.oaconfig.saml1.useCondition=Use condition +webpages.oaconfig.saml1.conditionLength=Condition length +webpages.oaconfig.saml1.provideAllErrors=Transfer errors to application + +webpages.oaconfig.protocols.pvp2.header=PVP2.x configuration +webpages.oaconfig.pvp2.reload=Load new PVP2.x configuration +webpages.oaconfig.pvp2.metaDataURL=Metadata URL +webpages.oaconfig.pvp2.certifcate=Upload certificate +webpages.oaconfig.pvp2.certifcate.info=Certificate infos + +webpages.oaconfig.protocols.oauth20.header=OAuth 2.0 configuration +webpages.oaconfig.oauth20.clientId=Client ID +webpages.oaconfig.oauth20.clientSecret=Client Password +webpages.oaconfig.oauth20.redirectUri=Redirect URI + +webpages.oaconfig.vidp.enabled=VIDP interface is active +webpages.oaconfig.vidp.requireconsent=Ask the user for attributes transfer consent? +webpages.oaconfig.vidp.ap.new=Create new attribute provider +webpages.oaconfig.vidp.ap.remove=Remove +webpages.oaconfig.vidp.ap.list=List of configured attribute providers + + +message.title=Announcement: +webpages.oaconfig.success=The Online-Application {0} could be saved. +webpages.oaconfig.success.admin=Online-Applikation {0} could be saved. The activation by the Administrator is necessary. +webpages.oaconfig.cancle=The processing of Online-Applikation {0} was interrupted. +webpages.idp.success=IdentityProvider {0} could be saved. +webpages.idp.cancle=The processing of IdentityProvider {0} was interrupted. + +webpages.oaconfig.delete.message=Online-Application {0} was succesfully removed. +webpages.oaconfig.delete.error=Online-Application {0} could not be removed. + +webpages.edit.save=Save changes +webpages.edit.back=Forget changes and go back +webpages.edit.delete=Remove Online-Application + +webpages.header.info=You are logged in as: +webpages.header.lastlogin=Last login on: + +webpages.openadminrequests.header=Active requests: +webpages.openadminrequests.users.header=User accounts +webpages.openadminrequests.oas.header=Online-Applications + + +validation.newuser.mailaddress=Validation of eMail address completed. + +validation.edituser.familyname.empty=The surname is blank. +validation.edituser.familyname.valid=The surname contains forbidden characters. The following characters are not allowed\: {0} +validation.edituser.givenname.empty=The name is blank. +validation.edituser.givenname.valid=The name contains forbidden characters. The following characters are not allowed\: {0} +validation.edituser.institut.empty=The organization is blank. +validation.edituser.institut.valid=The organization contains forbidden characters. The following characters are not allowed\: {0} +validation.edituser.mail.empty=The eMail address is blank. +validation.edituser.mail.valid=The eMail address has invalid format. +validation.edituser.phone.empty=The phone number is blank. +validation.edituser.phone.valid=The phone number has invalid form +validation.edituser.username.empty=The user name is blank. +validation.edituser.username.valid=The user name contains forbidden characters. The following characters are not allowed\: {0} +validation.edituser.username.duplicate=The user name is already used +validation.edituser.password.empty=The password is blank. +validation.edituser.password.valid=The password could not be transferred into valid key. +validation.edituser.password.equal=The passwords are not identical. +validation.edituser.bpk.valid=BPK contains forbidden characters. The following characters are not allowed\: {0} + +validation.general.SAML1SourceID=SAML1SourceID contains forbidden characters. The following characters are not allowed\: {0} +validation.general.publicURLprefix.empty=Public URL Prefix is blank. +validation.general.publicURLprefix.valid=Public URL Prefix has invalid format. +validation.general.businessservice.empty=Online application is no public or private application. +validation.general.certStoreDirectory.empty=CertStoreDirectory is blank. +validation.general.certStoreDirectory.valid=CertStoreDirectory Feld contains forbidden characters. The following characters are not allowed\: {0} +validation.general.Defaultchainigmode.empty=There is no DefaultChainingMode selected. +validation.general.Defaultchainigmode.valid=DefaultChainingMode contains invalid value. +validation.general.IdentityLinkSigners.empty=There is no IdentityLinkSigner given +validation.general.IdentityLinkSigners.valid=IdentityLinkSigner in the line {0} contains forbidden characters. The following characters are not allowed\: {1} +validation.general.mandateservice.valid=URL for Online-Mandating Service has invalid format. +validation.general.moasp.auth.transformation.empty=Transformation for authentication block is blank. +validation.general.moasp.auth.transformation.valid=Transformation for authentication block in the line {0} contians forbidden characters. The following characters are not allowed\: {1} +validation.general.moasp.auth.trustprofile.empty=TrustProfile for checking of authentication block is blank. +validation.general.moasp.auth.trustprofile.valid=TrustProfile for checking of authentication block contains forbidden characters. The following characters are not allowed\: {0} +validation.general.moasp.idl.trustprofile.empty=TrustProfile for checking of IdentityLink is blank. +validation.general.moasp.idl.trustprofile.valid=TrustProfile for checking of IdentityLink contain forbidden characters. The following characters are not allowed\: {0} +validation.general.moaspss.url.valid=URL for MOA-SP/SS service has invalid format. +validation.general.protocol.pvp2.issuername.valid=PVP2\: service name contains forbidden characters. The following characters are not allowed\: {0} +validation.general.protocol.pvp2.org.displayname.valid=PVP2 organization\: complete name contains forbidden characters. The following characters are not allowed\: {0} +validation.general.protocol.pvp2.org.name.valid=PVP2 organization\: Short description contains forbidden characters. The following characters are not allowed\: {0} +validation.general.protocol.pvp2.org.url.valid=PVP2 organization\: URL has invalid format. +validation.general.protocol.pvp2.serviceurl.valid=PVP2\: service URL-Prefix has invalid format. +validation.general.protocol.pvp2.contact.company.valid=PVP2 contact data\: the company name contains forbidden characters. The following characters are not allowed\: {0} +validation.general.protocol.pvp2.contact.givenname.valid=PVP2 contact data\: the surname contains forbidden characters. The following characters are not allowed\: {0} +validation.general.protocol.pvp2.contact.surename.valid=PVP2 contact data\: the name contains forbidden characters. The following characters are not allowed\: {0} +validation.general.protocol.pvp2.contact.type.valid=PVP2 contact data: the provided contact type is not existing. +validation.general.protocol.pvp2.contact.mail.valid=PVP2 contact data\: the e-Mail address provided is invalid. +validation.general.protocol.pvp2.contact.phone.valid=PVP2 contact data\: the phone number provided is invalid. +validation.general.timeouts.assertion.valid=The field assertion timeout has invalid value. +validation.general.timeouts.moasessioncreated.valid=The field MOASessionCreated TimeOut has invalid value. +validation.general.timeouts.moasessionupdated.valid=The field MOASessionUpdated TimeOut has invalid value. + +validation.general.slrequest.handy.empty=URL for SecurityLayer Template for die Handy-CCE is blank. +validation.general.slrequest.handy.valid=URL for SecurityLayer Template for Mobile-CCE has invalid format. +validation.general.slrequest.local.empty=URL for SecurityLayer Template for local CCE is blank. +validation.general.slrequest.local.valid=URL for SecurityLayer Template for local CCE has invalid format. +validation.general.slrequest.online.empty=URL for SecurityLayer Template for Online-CCE is blank. +validation.general.slrequest.online.valid=URL for SecurityLayer Template for die Online-CCE has invalid format. +validation.general.sso.friendlyname.valid=SSO Service Name contains forbidden characters. The following characters are not allowed\: {0} +validation.general.sso.identificationnumber.valid=SSO IdentificationNumber contains forbidden characters. The following characters are not allowed\: {0} +validation.general.sso.publicurl.valid=SSO Service URL-Prefix has invalid format. +validation.general.sso.specialauthtext.valid=SSO AuthBlockText contains forbidden characters. The following characters are not allowed\: {0} +validation.general.sso.target.empty=SSO Target field is blank. +validation.general.sso.target.valid=SSO Target field contains invalid target. +validation.general.szrgw.url.valid=URL for SZR Gateway has invalid format. +validation.general.trustedcacerts.empty=Field TrustedCACertificates is blank. +validation.general.trustedcacerts.valid=Das Feld TrustedCACertificates contains forbidden characters. The following characters are not allowed\: {0} +validation.general.slrequest.filename.valid=File name of provided AuthBlock transformation contains forbidden characters. The following characters are not allowed\: {0} +validation.general.slrequest.file.valid=The provided AuthBlock transformation could not be loaded. +validation.general.slrequest.file.empty=The AuthBlock transformation is empty + +validation.general.aditionalauthblocktext=The additional text for AuthBlock contains forbidden characters. The following characters are not allowed\: {0} +validation.general.bku.handy.empty=URL for Mobile-CCE is blank. +validation.general.bku.handy.valid=URL for Mobile-CCE has invalid format. +validation.general.bku.local.empty=URL for local CCE is blank. +validation.general.bku.local.valid=URL for local CCE has invalid format. +validation.general.bku.online.empty=URL for Online-CCE is blank. +validation.general.bku.online.valid=URL for Online-CCE has invalid format. +validation.general.oafriendlyname.empty=There is no name for Online-Application provided. +validation.general.oafriendlyname.valid=The name of Online-Application contains forbidden characters. The following characters are not allowed\: {0} +validation.general.keyboxidentifier.empty=There is no KeyBoxIdentifier selected. +validation.general.keyboxidentifier.valid=The KeyBoxIdentifier has invalid format. +validation.general.sltemplates.empty=When the Legacy mod is used werden, at least one SecurityLayer Template should be provided. +validation.general.sltemplate1.valid=First SecurityLayer Template URL has invalid format. +validation.general.sltemplate2.valid=Second SecurityLayer Template URL has invalid format. +validation.general.sltemplate3.valid=Third SecurityLayer Template URL has invalid format. +validation.general.mandate.profiles=The list of Mandate profiles contains forbidden characters. The following characters are not allowed\: {0} +validation.general.mandate.usemandate=The configuration of Mandate profile is only with activated mandating support possible. +validation.general.target.empty=The Target for the Online-Application is blank. +validation.general.target.valid=The Target for the Online-Application has invalid format. +validation.general.target.subsector.valid=The Target-Subsector has invalid format. +validation.general.target.admin.valid=The Admin-Target for the Online-Application has invalid format. +validation.general.target.publicserviceurl=The domain of unique identifier for the Online-Application permits applications from the private sector only. +validation.general.slversion=The version of SecurityLayer is not the number. +validation.general.slversion.business=In private sector the version of SecurityLayer should be at least 1.2. SLVersion was set on 1.2. +validation.general.targetfriendlyname=The name of the sector (Target) contains forbidden characters. The following characters are not allowed\: {0} +validation.general.identificationtype.valid=The identification type is not supported. +validation.general.identificationnumber.empty=The identification number is necessary for private sector. +validation.general.identificationnumber.valid=The identification number for the private sector contains forbidden characters. The following characters are not allowed\: {0} +validation.general.identificationnumber.fn.valid=The identification number has invalid format. +validation.general.oaidentifier.empty=There is no unique identifier for the Online-Application provided. +validation.general.oaidentifier.valid=The unique identifier for the Online-Application is not valid URL. +validation.general.oaidentifier.notunique=The selected unique identifier is already available. Registration of the Online-Application was not possible. +validation.general.stork.sptarget=STORK SP-Target is blank. +validation.general.stork.sptargetsize=The Definition of STORK SP-Target is incorrect: too many characters. +validation.general.bkuselection.filename.valid=The file name of CCE-selection template contains forbidden characters. The following characters are not allowed\: {0} +validation.general.bkuselection.file.valid=The CCE-selection template could not be loaded. +validation.general.bkuselection.file.selected=Only one CCE-selection template can be provided. +validation.general.sendassertion.filename.valid=The file name of Send-Assertion Templates contains forbidden characters. The following characters are not allowed\: {0} +validation.general.sendassertion.file.valid=Send-Assertion Templates could not be loaded. +validation.general.sendassertion.file.selected=Only one Send-Assertion Template can be provided. +validation.general.testcredentials.oid.valid=The OID {0} for test credentials is not a valid. + +validation.bPKDec.keyStorePassword.empty=KeyStore password is blank. +validation.bPKDec.keyStorePassword.valid=The keyStore password contains forbidden characters. The following characters are not allowed\: {0} +validation.bPKDec.keyAlias.empty=Key alias is blank. +validation.bPKDec.keyAlias.valid=The key alias contains forbidden characters. The following characters are not allowed\: {0} +validation.bPKDec.keyPassword.empty=Key password is blank. +validation.bPKDec.keyPassword.valid=The key password contains forbidden characters. The following characters are not allowed\: {0} +validation.bPKDec.keyStore.filename.valid=The keyStore filename contains forbidden characters. The following characters are not allowed\: {0} +validation.bPKDec.keyStore.file.valid=KeyStore can not loaded. Maybe keyStore password or key alias are wrong. +validation.bPKDec.keyStore.file.selected=Only one keyStore can be provided. + +validation.stork.cpeps.cc=CPEPS country code is not based on 3166-2 +validation.stork.cpeps.empty=CPEPS configuration is incomplete +validation.stork.cpeps.url=CPEPS URL is invalid +validation.stork.cpeps.duplicate=Country codes are not unique +validation.stork.requestedattributes=STORK attributes are incorrect. Example: attr1, attr2 +validation.stork.qaa.outofrange=Valid QAA values are 1, 2, 3, and 4 +validation.stork.attributes.empty=Only one attribute can be provided +validation.stork.ap.url.valid=Invalid URL of AttributeProvider +validation.stork.ap.name.empty=Invalid name of AttributeProvider +validation.stork.ap.name.valid=Invalid Name of AttributeProvider +validation.stork.ap.attributes.valid=Invalid attribute configuration for Attribute Provider Plugin. The field may not be blank und must be provided as csv. + +validation.pvp2.metadataurl.empty=There is no metadata URL provided. +validation.pvp2.metadataurl.valid=The metadata URL has invalid URL format . +validation.pvp2.metadataurl.read=No information could be found under provided URL. +validation.pvp2.metadata.verify.sig=The metadata could not be verified with the provided certificate. +validation.pvp2.metadata.verify.schema=Metadata schema validation FAILED. +validation.pvp2.metadata.verify.general=Metadata validation has an generic error. +validation.pvp2.certificate.format=The provided PVP2 certificate has invalid format. +validation.pvp2.certificate.notfound=There is no PVP2 inserted. +validation.pvp2.metadata.ssl=The SSL server certificate is not trusted. + +validation.sso.logouturl.empty=URL for Single Log-Out Service is necessary. +validation.sso.logouturl.valid=URL for Single Log-Out Service has incorrect format. + +validation.interfederation.moaidp.queryurl.valid=URL for AttributQuery Service has incorrect format. +validation.interfederation.moaidp.queryurl.empty=URL for AttributQuery Service is necessary. +validation.interfederation.moaidp.metadataurl.publicservice=The domain of Metadata service for that IDP permits private sector only. +validation.interfederation.gateway.entityID.valid=PVP portal EntityID has an incorrect format. +validation.interfederation.gateway.entityID.empty=PVP portal EntityID is necessary. + +validation.saml1.providestammzahl=ProvideSourcePIN cannot be combined with applications from private sector. + +validation.general.bkuselection.specialfeatures.valid=The special settings for the selection of CCE (Hide mandate login / compulsory required) could not be used in combination with SSO. +validation.general.bkuselection.specialfeatures.combination=Required mandate based in combination with hidden checkbox for selection of mandating is not possible. +validation.general.form.color.background=Background color for CCE selection contains invalid hexadecimal value. (e.g. \\\#FFFFFF) +validation.general.form.color.front=Foreground color for CCE selection contains invalid hexadecimal value. (e.g. \\\#FFFFFF) +validation.general.form.header.color.back=Background color for the caption of CCE selection contains no valid hexadecimal value. (e.g. \\\#FFFFFF) +validation.general.form.header.color.front=Foreground collor for the caption of CCE selection contains no valid hexadecimal value. (e.g. \\\#FFFFFF) +validation.general.form.header.text=The caption of CCE contains forbidden characters. The following characters are not allowed\: {0} +validation.general.form.button.color.back.focus=Die Hintergrundfarbe f\\u00FCr Focus der CCE-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.button.color.back=Background color for selection buttons for CCE contains no valid hexadecimal value. (e.g. \\\#FFFFFF) +validation.general.form.button.color.front=Foreground color for selection buttons for CCE contains no valid hexadecimal value. (e.g. \\\#FFFFFF) +validation.general.form.appletredirecttarget=RedirectTarget contains invalud value. +validation.general.form.fonttype=Font type for CCE selection contains forbidden characters. The following characters are not allowed\: {0} +validation.general.form.applet.width=The height of applet is invalid number. +validation.general.form.applet.height=The width of applet is invalid number. diff --git a/id/moa-id-webgui/src/main/resources/gui/meta.properties b/id/moa-id-webgui/src/main/resources/gui/meta.properties new file mode 100644 index 000000000..0abf358d9 --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/meta.properties @@ -0,0 +1,76 @@ +__BASE__.moaidgeneral.0=moa.id.general +__BASE__.moaidoa.0=moa.id.services.oa +__BASE__.moaidinterfederation.0=moa.id.services + +moa.id.general.__TY=general +moa.id.general.__CA=General Configuration +moa.id.general.__DE=General MOA-ID Configuration + +moa.id.services.__TY=GROUP +moa.id.services.__CA=MOA-ID Interfederation Services +moa.id.services.__DE=Interfederation Services + +##Online application## +moa.id.services.oa.__TY=ARRAY +moa.id.services.oa.__ADD=true +moa.id.services.oa.__DEL=true +moa.id.services.oa.__CA=List of online Applications +moa.id.services.oa.__DE=All actually configured online application +moa.id.services.oa.__CTY=moaidoa +moa.id.services.oa.__CCA=Unique ID;Friendlyname +moa.id.services.oa.__CIDS=uniqueID;friendlyName +moa.id.services.oa.__CDE=Online Application + +moa.id.services.oa.__TE.friendlyName=Sample Name +moa.id.services.oa.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.oa.__TE.isActive=false + +##V-IDP## +moa.id.services.vidp.__GR=moa.id.services +moa.id.services.vidp.__TY=ARRAY +moa.id.services.vidp.__ADD=true +moa.id.services.vidp.__DEL=true +moa.id.services.vidp.__CA=List of V-IDPs +moa.id.services.vidp.__DE=All actually configured V-IDP instances +moa.id.services.vidp.__CTY=moaidvidp +moa.id.services.vidp.__CCA=Unique ID;Friendlyname +moa.id.services.vidp.__CIDS=uniqueID;friendlyName +moa.id.services.vidp.__CDE=V-IDP + +moa.id.services.vidp.__TE.friendlyName=Sample V-IDP +moa.id.services.vidp.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.vidp.__TE.isActive=false + +##I-IDP## +moa.id.services.iidp.__GR=moa.id.services +moa.id.services.iidp.__TY=ARRAY +moa.id.services.iidp.__ADD=true +moa.id.services.iidp.__DEL=true +moa.id.services.iidp.__CA=List of Interfederation IDPs +moa.id.services.iidp.__DE=All actually configured I-IDP instances +moa.id.services.iidp.__CTY=moaidiidp +moa.id.services.iidp.__CCA=Unique ID;Friendlyname +moa.id.services.iidp.__CIDS=uniqueID;friendlyName +moa.id.services.iidp.__CDE=I-IDP + +moa.id.services.iidp.__TE.friendlyName=Sample I-IDP +moa.id.services.iidp.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.iidp.__TE.isActive=false + +##Gateway## +moa.id.services.gateway.__GR=moa.id.services +moa.id.services.gateway.__TY=ARRAY +moa.id.services.gateway.__ADD=true +moa.id.services.gateway.__DEL=true +moa.id.services.gateway.__CA=List of STORK<->PVP Gateways +moa.id.services.gateway.__DE=All actually configured Gateway instances +moa.id.services.gateway.__CTY=moaidgateway +moa.id.services.gateway.__CCA=Unique ID;Friendlyname +moa.id.services.gateway.__CIDS=uniqueID;friendlyName +moa.id.services.gateway.__CDE=V-IDP + +moa.id.services.gateway.__TE.friendlyName=Sample Gateway +moa.id.services.gateway.__TE.uniqueID=http://sampleonline.application.com/ +moa.id.services.gateway.__TE.isActive=false + + diff --git a/id/moa-id-webgui/src/main/resources/gui/types/gateway.json b/id/moa-id-webgui/src/main/resources/gui/types/gateway.json new file mode 100644 index 000000000..50ccd200c --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/types/gateway.json @@ -0,0 +1,50 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "id": "http://www.egiz.gv.at/dynUI/OA", + "typeName": "moaidgateway", + "type": "object", + "title": "STORK<->PVP Gateway", + "format": "tabs", + "properties": { + "isActive" : { + "id": "http://www.egiz.gv.at/dynUI/OA/isactive", + "type": "boolean", + "format" : "checkbox", + "title": "is Active" + }, + "uniqueID": { + "id": "http://www.egiz.gv.at/dynUI/OA/uniqueId", + "type": "string", + "format": "url", + "title": "Unique Identifier (PublicURLPrefix)" + }, + "friendlyName": { + "id": "http://www.egiz.gv.at/dynUI/OA/friendlyname", + "type": "string", + "title": "Friendlyname" + }, + "businessservice" : { + "id": "http://www.egiz.gv.at/dynUI/OA/type", + "type": "boolean", + "format" : "checkbox", + "title": "Private Sector application" + }, + "interfederation": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation", + "type": "object", + "title": "PVP Gateway", + "description": "STORK<->PVP Gateway configuration", + "options": { + "collapsed": true + }, + "properties": { + "forward.IDP": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/forward/entityID", + "type": "string", + "title": "PVP portal EntityID" + } + } + } + }, + "required": ["uniqueID", "friendlyName"] +} diff --git a/id/moa-id-webgui/src/main/resources/gui/types/general.json b/id/moa-id-webgui/src/main/resources/gui/types/general.json new file mode 100644 index 000000000..f7861332d --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/types/general.json @@ -0,0 +1,448 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "id": "http://www.egiz.gv.at/dynUI/general", + "typeName": "general", + "type": "object", + "title": "General MOA-ID Configuration", + "format": "tabs", + "properties": { + "publicURLPrefix": { + "id": "http://www.egiz.gv.at/dynUI/general/publicurlprefix", + "type": "string", + "format": "url", + "title": "Public URL Prefix" + }, + "defaults.bku": { + "id": "http://www.egiz.gv.at/dynUI/general/bkuurls", + "type": "object", + "title": "Default BKUs", + "description": "Default BKUs for authentication", + "options": { + "collapsed": true + }, + "properties": { + "onlineBKU" : { + "id": "http://www.egiz.gv.at/dynUI/general/bkuurls/online", + "type": "string", + "format": "url", + "title": "Online BKU" + }, + "handyBKU" : { + "id": "http://www.egiz.gv.at/dynUI/general/bkuurls/handy", + "type": "string", + "format": "url", + "title": "Handy BKU" + }, + "localBKU" : { + "id": "http://www.egiz.gv.at/dynUI/general/bkuurls/local", + "type": "string", + "format": "url", + "title": "Local BKU" + } + } + }, + "defaults.templates": { + "id": "http://www.egiz.gv.at/dynUI/general/templates", + "type": "object", + "title": "Default SL-Templates", + "description": "Default SecurityLayer templates", + "options": { + "collapsed": true + }, + "properties": { + "onlineBKU" : { + "id": "http://www.egiz.gv.at/dynUI/general/templates/online", + "type": "string", + "title": "Online BKU" + }, + "handyBKU" : { + "id": "http://www.egiz.gv.at/dynUI/general/templates/handy", + "type": "string", + "title": "Handy BKU" + }, + "localBKU" : { + "id": "http://www.egiz.gv.at/dynUI/general/templates/local", + "type": "string", + "title": "Local BKU" + } + } + }, + "auth": { + "id": "http://www.egiz.gv.at/dynUI/general/auth", + "type": "object", + "title": "Authentication", + "description": "Authentication configuration", + "options": { + "collapsed": true + }, + "properties": { + "authblock.transformation": { + "id": "http://www.egiz.gv.at/dynUI/general/auth/authblock/transform", + "type": "object", + "format": "file", + "title": "AuthBlock transformation", + "description": "XML Transformation for AuthBlock generation", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/authblock/transform/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/authblock/transform/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/general/auth/authblock/transform/filename", + "type": "string" + } + } + }, + "timeouts": { + "id": "http://www.egiz.gv.at/dynUI/general/auth/timeouts", + "type": "object", + "title": "Timeout Configuration", + "description": "Session and Process timeout configuration", + "options": { + "collapsed": true + }, + "properties": { + "sso.create" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/timeouts/ss/create", + "type": "integer", + "title": "SSO created" + }, + "sso.update" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/timeouts/sso/update", + "type": "integer", + "title": "SSO updated" + }, + "transaction" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/timeouts/transaction", + "type": "integer", + "title": "Transaction" + } + } + }, + "moasp": { + "id": "http://www.egiz.gv.at/dynUI/general/auth/moasp", + "type": "object", + "title": "MOA-SP", + "description": "IdentityLink and Authblock validation", + "options": { + "collapsed": true + }, + "properties": { + "trustprofile.idl.prod" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/moasp/trust/idl", + "type": "string", + "title": "TrustProfile IdentityLink" + }, + "trustprofile.authblock.prod" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/moasp/trust/authblock", + "type": "string", + "title": "TrustProfile AuthBlock" + }, + "authblock.transform" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/moasp/authblock/transform", + "type": "string", + "title": "AuthBlock Transformation" + } + } + }, + "certificate": { + "id": "http://www.egiz.gv.at/dynUI/general/auth/certificate", + "type": "object", + "title": "X509 validation", + "description": "Validation of X509 certificates", + "options": { + "collapsed": true + }, + "properties": { + "certstore.url" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/certificate/certstore", + "type": "string", + "title": "CertStore URL (relative to MOA-ID config directory)" + }, + "truststore.url" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/certificate/truststore", + "type": "string", + "title": "TrustStore URL (relative to MOA-ID config directory)" + }, + "revocationchecking" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/certificate/revocationchecking", + "type": "boolean", + "format" : "checkbox", + "title": "Activate X509 certificate revocation check" + } + } + }, + "services": { + "id": "http://www.egiz.gv.at/dynUI/general/auth/services", + "type": "object", + "title": "External services", + "description": "Configuration of externel services", + "options": { + "collapsed": true + }, + "properties": { + "ovs.url" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/services/ovs/url", + "type": "string", + "format": "url", + "title": "URL to online mandate service (OVS)" + }, + "szrgw.url" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/services/szrgw/url", + "type": "string", + "format": "url", + "title": "URL to Stammzahlenregistergateway (SZR-GW)" + } + } + }, + "sso": { + "id": "http://www.egiz.gv.at/dynUI/general/auth/sso", + "type": "object", + "title": "SSO Configuration", + "description": "Single Sign-On authentication", + "options": { + "collapsed": true + }, + "properties": { + "servicename" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/sso/idpname", + "type": "string", + "title": "Service name" + }, + "target" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/sso/target", + "type": "string", + "title": "Service Target" + }, + "authblock.text" : { + "id": "http://www.egiz.gv.at/dynUI/general/auth/sso/authblocktext", + "type": "string", + "format": "textarea", + "title": "AuthBlock Text" + } + } + } + } + }, + "protocols": { + "id": "http://www.egiz.gv.at/dynUI/general/protocols", + "type": "object", + "title": "Protocols", + "description": "Authentication protocol configuration", + "options": { + "collapsed": true + }, + "properties": { + "saml1": { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/saml1", + "type": "object", + "title": "SAML1 Configuration", + "description": "SAML1 authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/saml1/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enabled" + }, + "legacy" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/saml1/legacy", + "type": "boolean", + "format" : "checkbox", + "title": "Legacy mode enabled" + }, + "sourceID" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/saml1/sourceid", + "type": "string", + "title": "SourceID" + } + } + }, + "pvp2x": { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x", + "type": "object", + "title": "PVP Configuration", + "description": "PVP 2.x authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enabled" + }, + "legacy" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2/legacyx", + "type": "boolean", + "format" : "checkbox", + "title": "Legacy mode enabled" + }, + "metadata" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/metadata", + "type": "object", + "title": "Metadata", + "description": "PVP 2.x Metadata configuration", + "options": { + "collapsed": true + }, + "properties": { + "servicename" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/metadata/servicename", + "type": "string", + "title": "Service Name" + }, + "org.name.short" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/metadata/org/name/short", + "type": "string", + "title": "Organisation - Short name" + }, + "org.name.full" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/metadata/org/name/full", + "type": "string", + "title": "Organisation - Full name" + }, + "org.url" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/metadata/org/url", + "type": "string", + "format": "url", + "title": "Organisation - URL" + }, + "contact.givenname" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/metadata/contact/givenname", + "type": "string", + "title": "Contact - Givenname" + }, + "contact.familyname" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/metadata/contact/familyname", + "type": "string", + "title": "Contact - Familyname" + }, + "contact.company" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/metadata/contact/company", + "type": "string", + "title": "Contact - Company" + }, + "contact.mail" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/metadata/contact/mail", + "type": "string", + "format": "email", + "title": "Contact - Mail" + }, + "contact.phone" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/metadata/contact/phone", + "type": "string", + "format": "tel", + "title": "Contact - phone" + }, + "contact.type" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/pvp2x/metadata/contact/type", + "type": "string", + "title": "Contact - Type", + "enum": [ + "technical", + "support", + "administrative", + "billing", + "other" + ] + } + } + } + } + }, + "openID": { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/openid", + "type": "object", + "title": "OpenID Connect Configuration", + "description": "OpenID Connect authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/general/protocols/openid/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enabled" + } + } + } + } + }, + "auth.stork": { + "id": "http://www.egiz.gv.at/dynUI/general/auth/stork", + "type": "object", + "title": "STORK", + "description": "STORK cross boarder eID", + "options": { + "collapsed": true + }, + "properties": { + "qaa": { + "id": "http://www.egiz.gv.at/dynUI/general/auth/stork/qaa", + "type": "integer", + "title": "Minimal QAA level" + }, + "cpeps" : { + "type": "array", + "title": "C-PEPS services", + "format": "table", + "options": { + "collapsed": true + }, + "items": { + "type": "object", + "properties": { + "countrycode": { + "type": "string", + "title": "CountryCode" + }, + "url": { + "type": "string", + "format": "url", + "title": "URL" + }, + "support.xmldsig": { + "type": "boolean", + "format": "checkbox", + "title": "XMLDsig supported" + } + } + } + }, + "attributes" : { + "type": "array", + "title": "STORK attributes", + "format": "table", + "options": { + "collapsed": true + }, + "items": { + "type": "object", + "properties": { + "friendlyname": { + "type": "string", + "title": "Attribute name" + }, + "mandatory": { + "type": "boolean", + "format": "checkbox", + "title": "Mandatory" + } + } + } + } + } + } + }, + "required": ["publicURLPrefix"] +} diff --git a/id/moa-id-webgui/src/main/resources/gui/types/iidp.json b/id/moa-id-webgui/src/main/resources/gui/types/iidp.json new file mode 100644 index 000000000..a42254c36 --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/types/iidp.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "id": "http://www.egiz.gv.at/dynUI/OA", + "typeName": "moaidiidp", + "type": "object", + "title": "Interfederation IDP", + "format": "tabs", + "properties": { + "isActive" : { + "id": "http://www.egiz.gv.at/dynUI/OA/isactive", + "type": "boolean", + "format" : "checkbox", + "title": "is Active" + }, + "uniqueID": { + "id": "http://www.egiz.gv.at/dynUI/OA/uniqueId", + "type": "string", + "format": "url", + "title": "Unique Identifier (PublicURLPrefix)" + }, + "friendlyName": { + "id": "http://www.egiz.gv.at/dynUI/OA/friendlyname", + "type": "string", + "title": "Friendlyname" + }, + "businessservice" : { + "id": "http://www.egiz.gv.at/dynUI/OA/type", + "type": "boolean", + "format" : "checkbox", + "title": "Private Sector application" + }, + "interfederation": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation", + "type": "object", + "title": "PVP Gateway", + "description": "STORK<->PVP Gateway configuration", + "options": { + "collapsed": true + }, + "properties": { + "SSO.inbound": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/inbound", + "type": "boolean", + "format" : "checkbox", + "title": "Allow inbound SSO" + }, + "SSO.outbound": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/outbound", + "type": "boolean", + "format" : "checkbox", + "title": "Allow outbound SSO" + }, + "SSO.store": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/store", + "type": "boolean", + "format" : "checkbox", + "title": "Store SSO session" + }, + "passiveReqeust": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/passiveReqeust", + "type": "boolean", + "format" : "checkbox", + "title": "Use SAML2 isPassive attribute" + }, + "localAuthOnError": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/sso/localAuthOnError", + "type": "boolean", + "format" : "checkbox", + "title": "Local authentication in case of an error" + }, + "attributequery.url": { + "id": "http://www.egiz.gv.at/dynUI/OA/interfederation/attributequery/url", + "type": "string", + "title": "AttributeQuery service URL" + } + } + }, + "protocols": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols", + "type": "object", + "title": "Protocols", + "description": "Authentication protocol configuration", + "options": { + "collapsed": true + }, + "properties": { + "pvp2x": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x", + "type": "object", + "title": "PVP Configuration", + "description": "PVP 2.x authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "URL" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/url", + "type": "string", + "title": "Metadata URL" + }, + "certificate": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate", + "type": "object", + "format": "file", + "title": "Metadata certificate", + "description": "Certificate for metadata signature validation", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/preview", + "type": "string" + } + } + } + } + } + } + } + }, + "required": ["uniqueID", "friendlyName"] +} diff --git a/id/moa-id-webgui/src/main/resources/gui/types/oa.json b/id/moa-id-webgui/src/main/resources/gui/types/oa.json new file mode 100644 index 000000000..aafc63b2e --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/types/oa.json @@ -0,0 +1,663 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "id": "http://www.egiz.gv.at/dynUI/OA", + "typeName": "moaidoa", + "type": "object", + "title": "Online Application Configuration", + "format": "tabs", + "properties": { + "isActive" : { + "id": "http://www.egiz.gv.at/dynUI/OA/isactive", + "type": "boolean", + "format" : "checkbox", + "title": "is Active" + }, + "uniqueID": { + "id": "http://www.egiz.gv.at/dynUI/OA/uniqueId", + "type": "string", + "format": "url", + "title": "Unique Identifier (PublicURLPrefix)" + }, + "friendlyName": { + "id": "http://www.egiz.gv.at/dynUI/OA/friendlyname", + "type": "string", + "title": "Friendlyname" + }, + "businessservice" : { + "id": "http://www.egiz.gv.at/dynUI/OA/type", + "type": "boolean", + "format" : "checkbox", + "title": "Private Sector application" + }, + "auth.target": { + "id": "http://www.egiz.gv.at/dynUI/OA/target", + "type": "object", + "title": "Target definition", + "description": "bPK or wbPK target definitions", + "options": { + "collapsed": true + }, + "properties": { + "public": { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public", + "type": "object", + "title": "Public Sector definition", + "description": "bPK target definitions", + "options": { + "collapsed": true + }, + "properties": { + "target" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/target", + "type": "string", + "title": "Target", + "enum": [ + "AR", + "AS", + "BF", + "BW", + "EA", + "EF", + "GH", + "GS", + "JR", + "KL", + "KU", + "LF", + "LV", + "RT", + "SA", + "SF", + "SO", + "SV", + "UW", + "VT", + "VV", + "WT", + "ZP", + "BR", + "HR", + "KI", + "OI", + "PV", + "RD", + "VS", + "ZU" + ] + }, + "use.sub" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/usesubtarget", + "type": "boolean", + "format" : "checkbox", + "title": "Use sub-target" + }, + "target.sub" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/subtarget", + "type": "string", + "title": "Sub-Target" + }, + "own" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/own", + "type": "object", + "title": "Own Target", + "description": "Own Target definition", + "options": { + "collapsed": true + }, + "properties": { + "use" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/useowntarget", + "type": "boolean", + "format" : "checkbox", + "title": "Use own-target" + }, + "target" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/owntarget", + "type": "string", + "title": "Own target" + }, + "name" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/public/owntarget/friendlyname", + "type": "string", + "title": "Own target - friendlyname" + } + } + } + } + }, + "business": { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private", + "type": "object", + "title": "Private Sector definition", + "description": "wbPK target definitions", + "options": { + "collapsed": true + }, + "properties": { + "type" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private/type", + "type": "string", + "title": "Sector Type", + "enum": [ + "FN", + "ZVR", + "ERSB", + "STORK" + ] + }, + "value" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private/value", + "type": "string", + "title": "Identifier" + } + } + } + } + }, + "auth": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth", + "type": "object", + "title": "Authentication", + "description": "Authentication configuration", + "options": { + "collapsed": true + }, + "properties": { + "bku": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku", + "type": "object", + "title": "BKU configuration", + "description": "Online application specific BKU communikation", + "options": { + "collapsed": true + }, + "properties": { + "onlineBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/online", + "type": "string", + "title": "Online BKU" + }, + "handyBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/handy", + "type": "string", + "title": "Handy BKU" + }, + "localBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/local", + "type": "string", + "title": "Local BKU" + }, + "keyBoxIdentifier" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/keyBoxIdentifier", + "type": "string", + "title": "KeyBoxIdentifier", + "enum": [ + "SecureSignatureKeypair", + "CertifiedKeypair" + ] + }, + "template": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template", + "type": "object", + "title": "SecurityLayer Templates", + "description": "Online application specific SecurityLayer templates", + "options": { + "collapsed": true + }, + "properties": { + "legacy" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template/legacy", + "type": "boolean", + "format" : "checkbox", + "title": "Activate Legacy Mode" + }, + "first.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/first/url", + "type": "string", + "title": "First SL-Template" + }, + "second.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/second/url", + "type": "string", + "title": "Second SL-Template" + }, + "third.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/third/url", + "type": "string", + "title": "Third SL-Template" + } + } + } + } + }, + "templates": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/templates", + "type": "object", + "title": "BKU selection customization", + "description": "Customization of the BKU selection form", + "options": { + "collapsed": true + }, + "properties": { + "customize": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize", + "type": "object", + "title": "Customize default template", + "description": "Customization of the default template", + "options": { + "collapsed": true + }, + "properties": { + "fonttype" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/fonttype", + "type": "string", + "title": "Font Type" + }, + "color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/back", + "type": "string", + "title": "Backcolor" + }, + "color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/front", + "type": "string", + "title": "Frontcolor" + }, + "header.color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/back", + "type": "string", + "title": "Header Backcolor" + }, + "header.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/front", + "type": "string", + "title": "Header Frontcolor" + }, + "header.text" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/text", + "type": "string", + "title": "Header Text" + }, + "button.color.back.focus" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/back/focus", + "type": "string", + "title": "Font Type" + }, + "button.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/front", + "type": "string", + "title": "Font Type" + }, + "applet.redirecttarget" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/redirecttarget", + "type": "string", + "title": "Applet - Redirect Target", + "enum": [ + "_blank", + "_self", + "_parent", + "_top" + ] + }, + "applet.hight" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/hight", + "type": "string", + "title": "Applet - Hight" + }, + "applet.width" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/width", + "type": "string", + "title": "Applet - Width" + } + } + }, + "bkuselection": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection", + "type": "object", + "format": "file", + "title": "BKU selection template", + "description": "Applicatio specific BKU selection template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/filename", + "type": "string" + } + } + }, + "sendAssertion": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion", + "type": "object", + "format": "file", + "title": "SendAssertion selection template", + "description": "Applicatio specific SendAssertion template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/filename", + "type": "string" + } + } + } + } + }, + "authblock": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock", + "type": "object", + "title": "AuthBlock configuration", + "description": "Online application specific AuthBlock configuration", + "options": { + "collapsed": true + }, + "properties": { + "removebPK" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/removebpk", + "type": "boolean", + "format" : "checkbox", + "title": "Remove bPK/wbPK" + }, + "additionaltext" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/text", + "type": "string", + "format": "textarea", + "title": "Additional AuthBlock Text" + } + } + }, + "testcredentials": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials", + "type": "object", + "title": "Test identities", + "description": "Test identities configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enable test identities" + }, + "oids" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/oids", + "type": "string", + "title": "Allowed test-identity OIDs" + } + } + }, + "mandates": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates", + "type": "object", + "title": "Mandates", + "description": "Online mandate configuration", + "options": { + "collapsed": true + }, + "properties": { + "use" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates/use", + "type": "boolean", + "format" : "checkbox", + "title": "Mandates (yes/no)" + }, + "only" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates/only", + "type": "boolean", + "format" : "checkbox", + "title": "Only mandates allowed" + }, + "profiles" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/mandates/profiles", + "type": "string", + "title": "Allowed mandated profiles" + } + } + }, + "sso": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/sso", + "type": "object", + "title": "Single Sign-On (SSO)", + "description": "Single Sign-On configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/sso/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Single Sign-On (yes/no)" + }, + "userRequest" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/sso/sendassertionrequest", + "type": "boolean", + "format" : "checkbox", + "title": "Additional Userrequest" + } + } + }, + "stork": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork", + "type": "object", + "title": "STORK", + "description": "STORK configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enable STORK logon" + }, + "minqaalevel" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork/minqaa", + "type": "boolean", + "format" : "checkbox", + "title": "Minimum QAA Level" + }, + "countries" : { + "type": "array", + "title": "Countries", + "format": "table", + "options": { + "collapsed": true, + "disable_array_add": true, + "disable_array_delete": true, + "disable_array_reorder": true + }, + "items": { + "type": "object", + "properties": { + "countrycode": { + "type": "string", + "readOnly": true, + "title": "CountryCode" + }, + "enabled": { + "type": "boolean", + "format": "checkbox", + "title": "Enabled" + } + } + } + }, + "attributes" : { + "type": "array", + "title": "Attributes", + "format": "table", + "options": { + "collapsed": true, + "disable_array_add": true, + "disable_array_delete": true, + "disable_array_reorder": true + }, + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "readOnly": true, + "title": "CountryCode" + }, + "requested": { + "type": "boolean", + "format": "checkbox", + "title": "Requested" + }, + "mandatory": { + "type": "boolean", + "format": "checkbox", + "title": "Mandatory" + } + } + } + } + } + } + } + }, + "protocols": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols", + "type": "object", + "title": "Protocols", + "description": "Authentication protocol configuration", + "options": { + "collapsed": true + }, + "properties": { + "saml1": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1", + "type": "object", + "title": "SAML1 Configuration", + "description": "SAML1 authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enabled" + }, + "idl" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/idl", + "type": "boolean", + "format" : "checkbox", + "title": "IdentityLink" + }, + "baseid" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/baseid", + "type": "boolean", + "format" : "checkbox", + "title": "BaseID" + }, + "authblock" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/authblock", + "type": "boolean", + "format" : "checkbox", + "title": "AuthBlock" + }, + "certificate" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/certificate", + "type": "boolean", + "format" : "checkbox", + "title": "Signer Certificate" + }, + "mandate" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/mandate", + "type": "boolean", + "format" : "checkbox", + "title": "Full mandate" + }, + "returnError" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/saml1/returnError", + "type": "boolean", + "format" : "checkbox", + "title": "Return Errors to Application" + } + } + }, + "pvp2x": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x", + "type": "object", + "title": "PVP Configuration", + "description": "PVP 2.x authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "URL" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/url", + "type": "string", + "title": "Metadata URL" + }, + "certificate": { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate", + "type": "object", + "format": "file", + "title": "Metadata certificate", + "description": "Certificate for metadata signature validation", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/pvp2x/metadata/certificate/preview", + "type": "string" + } + } + } + } + }, + "openID" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid", + "type": "object", + "title": "OpenID Connect Configuration", + "description": "OpenID Connect authentication protocol", + "options": { + "collapsed": true + }, + "properties": { + "clientID" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid/clientid", + "type": "string", + "readOnly" : true, + "title": "Client-ID" + }, + "secret" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid/clientsecret", + "type": "string", + "readOnly" : true, + "title": "Client-Secret" + }, + "redirectURL" : { + "id": "http://www.egiz.gv.at/dynUI/oa/protocols/openid/redirectURL", + "type": "string", + "title": "Client-Secret" + } + } + } + } + } + }, + "required": ["uniqueID", "friendlyName"] +} diff --git a/id/moa-id-webgui/src/main/resources/gui/types/vidp.json b/id/moa-id-webgui/src/main/resources/gui/types/vidp.json new file mode 100644 index 000000000..3e6e4fb7b --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/gui/types/vidp.json @@ -0,0 +1,371 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "id": "http://www.egiz.gv.at/dynUI/OA", + "typeName": "moaidvidp", + "type": "object", + "title": "STORK V-IDP", + "format": "tabs", + "properties": { + "isActive" : { + "id": "http://www.egiz.gv.at/dynUI/OA/isactive", + "type": "boolean", + "format" : "checkbox", + "title": "is Active" + }, + "uniqueID": { + "id": "http://www.egiz.gv.at/dynUI/OA/uniqueId", + "type": "string", + "format": "url", + "title": "Unique Identifier (PublicURLPrefix)" + }, + "friendlyName": { + "id": "http://www.egiz.gv.at/dynUI/OA/friendlyname", + "type": "string", + "title": "Friendlyname" + }, + "businessservice" : { + "id": "http://www.egiz.gv.at/dynUI/OA/type", + "type": "boolean", + "format" : "checkbox", + "title": "Private Sector application" + }, + "auth.target": { + "id": "http://www.egiz.gv.at/dynUI/OA/target", + "type": "object", + "title": "Target definition", + "description": "bPK or wbPK target definitions", + "options": { + "collapsed": true + }, + "properties": { + "business": { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private", + "type": "object", + "title": "Private Sector definition", + "description": "wbPK target definitions", + "options": { + "collapsed": true + }, + "properties": { + "type" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private/type", + "type": "string", + "title": "Sector Type", + "enum": [ + "FN", + "ZVR", + "ERSB", + "STORK" + ] + }, + "value" : { + "id": "http://www.egiz.gv.at/dynUI/OA/target/private/value", + "type": "string", + "title": "Identifier" + } + } + } + } + }, + "auth": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth", + "type": "object", + "title": "Authentication", + "description": "Authentication configuration", + "options": { + "collapsed": true + }, + "properties": { + "bku": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku", + "type": "object", + "title": "BKU configuration", + "description": "Online application specific BKU communikation", + "options": { + "collapsed": true + }, + "properties": { + "onlineBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/online", + "type": "string", + "title": "Online BKU" + }, + "handyBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/handy", + "type": "string", + "title": "Handy BKU" + }, + "localBKU" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/local", + "type": "string", + "title": "Local BKU" + }, + "keyBoxIdentifier" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/keyBoxIdentifier", + "type": "string", + "title": "KeyBoxIdentifier", + "enum": [ + "SecureSignatureKeypair", + "CertifiedKeypair" + ] + }, + "template": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template", + "type": "object", + "title": "SecurityLayer Templates", + "description": "Online application specific SecurityLayer templates", + "options": { + "collapsed": true + }, + "properties": { + "legacy" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/bku/template/legacy", + "type": "boolean", + "format" : "checkbox", + "title": "Activate Legacy Mode" + }, + "first.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/first/url", + "type": "string", + "title": "First SL-Template" + }, + "second.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/second/url", + "type": "string", + "title": "Second SL-Template" + }, + "third.url" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/third/url", + "type": "string", + "title": "Third SL-Template" + } + } + } + } + }, + "templates": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/templates", + "type": "object", + "title": "BKU selection customization", + "description": "Customization of the BKU selection form", + "options": { + "collapsed": true + }, + "properties": { + "customize": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize", + "type": "object", + "title": "Customize default template", + "description": "Customization of the default template", + "options": { + "collapsed": true + }, + "properties": { + "fonttype" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/fonttype", + "type": "string", + "title": "Font Type" + }, + "color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/back", + "type": "string", + "title": "Backcolor" + }, + "color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/color/front", + "type": "string", + "title": "Frontcolor" + }, + "header.color.back" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/back", + "type": "string", + "title": "Header Backcolor" + }, + "header.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/color/front", + "type": "string", + "title": "Header Frontcolor" + }, + "header.text" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/header/text", + "type": "string", + "title": "Header Text" + }, + "button.color.back.focus" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/back/focus", + "type": "string", + "title": "Font Type" + }, + "button.color.front" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/button/color/front", + "type": "string", + "title": "Font Type" + }, + "applet.redirecttarget" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/redirecttarget", + "type": "string", + "title": "Applet - Redirect Target", + "enum": [ + "_blank", + "_self", + "_parent", + "_top" + ] + }, + "applet.hight" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/hight", + "type": "string", + "title": "Applet - Hight" + }, + "applet.width" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/customize/applet/width", + "type": "string", + "title": "Applet - Width" + } + } + }, + "bkuselection": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection", + "type": "object", + "format": "file", + "title": "BKU selection template", + "description": "Applicatio specific BKU selection template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/bkuselection/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/bkuselection/filename", + "type": "string" + } + } + }, + "sendAssertion": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion", + "type": "object", + "format": "file", + "title": "SendAssertion selection template", + "description": "Applicatio specific SendAssertion template", + "properties": { + "data" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/template/sendAssertion/data", + "type": "string" + }, + "preview" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/preview", + "type": "string" + }, + "filename" : { + "id": "http://www.egiz.gv.at/dynUIOA/auth/template/sendAssertion/filename", + "type": "string" + } + } + } + } + }, + "authblock": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock", + "type": "object", + "title": "AuthBlock configuration", + "description": "Online application specific AuthBlock configuration", + "options": { + "collapsed": true + }, + "properties": { + "removebPK" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/removebpk", + "type": "boolean", + "format" : "checkbox", + "title": "Remove bPK/wbPK" + }, + "additionaltext" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/authblock/text", + "type": "string", + "format": "textarea", + "title": "Additional AuthBlock Text" + } + } + }, + "testcredentials": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials", + "type": "object", + "title": "Test identities", + "description": "Test identities configuration", + "options": { + "collapsed": true + }, + "properties": { + "enabled" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/enabled", + "type": "boolean", + "format" : "checkbox", + "title": "Enable test identities" + }, + "oids" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/testcredentials/oids", + "type": "string", + "title": "Allowed test-identity OIDs" + } + } + }, + "stork": { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork", + "type": "object", + "title": "STORK", + "description": "STORK configuration", + "options": { + "collapsed": true + }, + "properties": { + "requireConsent" : { + "id": "http://www.egiz.gv.at/dynUI/OA/auth/stork/requireConsent", + "type": "boolean", + "format" : "checkbox", + "title": "Ask the user for attributes transfer consent" + }, + "attributeprovider" : { + "type": "array", + "title": "Attribute-Provider Plug-ins", + "format": "table", + "options": { + "collapsed": true + }, + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "title": "Attribute Plug-in", + "enum": [ + "StorkAttributeRequestProvider", + "EHvdAttributeProvider_deprecated", + "EHvdAttributeProvider", + "SignedDocAttributeRequestProvider", + "MandateAttributeRequestProvider", + "PVPAuthenticationProvider" + ] + }, + "url": { + "type": "string", + "format": "url", + "title": "URL" + }, + "attributes": { + "type": "string", + "title": "Attribute (CSV)" + } + } + } + } + } + } + } + } + }, + "required": ["uniqueID", "friendlyName"] +} diff --git a/id/moa-id-webgui/src/main/resources/moaid.webgui.beans.xml b/id/moa-id-webgui/src/main/resources/moaid.webgui.beans.xml new file mode 100644 index 000000000..0ee7ac89c --- /dev/null +++ b/id/moa-id-webgui/src/main/resources/moaid.webgui.beans.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <bean id="moaidconfigurationmodul" class="at.gv.egovernment.moa.id.config.webgui.MOAIDConfigurationModul"> + <!-- <property name="databaseConfiguration" ref="moaidconfig"/> --> + </bean> + + <bean id="moaidConfigurationValidiation" class="at.gv.egovernment.moa.id.config.webgui.validation.MOAIDConfigurationValidator"> + <!-- <property name="databaseConfiguration" ref="moaidconfig"/> --> + </bean> + + <bean id="moaidServiceGeneralInfoTask" class="at.gv.egovernment.moa.id.config.webgui.validation.task.impl.ServicesGeneralInformationTask"> + <!-- <property name="databaseConfiguration" ref="moaidconfig"/> --> + </bean> + +</beans>
\ No newline at end of file |