diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-03-09 09:15:03 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-03-09 09:15:03 +0100 |
commit | f9020f47b60bc1cff6c671461924ba606ce87853 (patch) | |
tree | dd05ff3e0467293094253a495eb203e71a5d1be5 /id | |
parent | f66ed1831a4877d6c7cb3c55bbc3fd84024a1523 (diff) | |
download | moa-id-spss-f9020f47b60bc1cff6c671461924ba606ce87853.tar.gz moa-id-spss-f9020f47b60bc1cff6c671461924ba606ce87853.tar.bz2 moa-id-spss-f9020f47b60bc1cff6c671461924ba606ce87853.zip |
fix some problems in ELGA-mandate module
Diffstat (limited to 'id')
5 files changed, 64 insertions, 7 deletions
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/id/server/auth/src/main/webapp/index.html diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index 07679999b..47f784c33 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -99,7 +99,7 @@ public class Random { char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)]; //generate ID - return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue), true)); // 20 bytes = 160 bits + return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits } @@ -111,7 +111,7 @@ public class Random { * @return random hex encoded value [256bit] */ public static String nextHexRandom() { - return new String(Hex.encodeHex(nextByteRandom(32), true)); // 32 bytes = 256 bits + return new String(Hex.encodeHex(nextByteRandom(32))); // 32 bytes = 256 bits } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java index cbdd13d0e..add929e1d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java @@ -31,8 +31,6 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Set; -import org.apache.commons.lang3.StringUtils; - import at.gv.egovernment.moa.util.MiscUtil; /** @@ -283,6 +281,27 @@ public class KeyValueUtils { return false; } + /** + * Convert a CSV list to a List of CSV values + * <br><br> + * This method removes all whitespace at the begin or the + * end of CSV values and remove newLine signs at the end of value. + * The ',' is used as list delimiter + * + * @param csv CSV encoded input data + * @return List of CSV normalized values, but never null + */ + public static List<String> getListOfCSVValues(String csv) { + List<String> list = new ArrayList<String>(); + if (MiscUtil.isNotEmpty(csv)) { + String[] values = csv.split(CSV_DELIMITER); + for (String el: values) + list.add(el.trim()); + + } + + return list; + } /** * This method remove all newline delimiter (\n or \r\n) from input data diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java index f682913e6..acb0b3aa1 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java @@ -52,6 +52,7 @@ public class ELGAMandatesAuthConstants { public static final String CONFIG_PROPS_ENTITYID = CONFIG_PROPS_PREFIX + "service.entityID"; public static final String CONFIG_PROPS_METADATAURL = CONFIG_PROPS_PREFIX + "service.metadataurl"; public static final String CONFIG_PROPS_METADATA_TRUSTPROFILE = CONFIG_PROPS_PREFIX + "service.metadata.trustprofileID"; + public static final String CONFIG_PROPS_ALLOWED_MANDATE_TYPES = "service.mandateprofiles"; public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path"; public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java index 50bac3eab..03711aa40 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java @@ -22,6 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks; +import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -30,8 +32,10 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; @@ -69,8 +73,7 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica elgaMandateUsed = (boolean) elgaMandateUsedObj; } - - + //check if both mandate Services are requested if ( (misMandateUsed != null && misMandateUsed) && elgaMandateUsed ) { @@ -79,8 +82,19 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica } - //remove MIS-Mandate flag and set useMandate flag to MOASession + if (elgaMandateUsed) { + //check mandateProfiles against ELGA-MandateService configuration + if (!checkServiceProviderAgainstELGAModulConfigration()) { + Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + + " does not fulfill requirements to use ELGA-MandateService."); + throw new MOAIDException("service.10", new Object[]{ + ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, + "No valid mandate-profile defined"}); + + } + + //remove MIS-Mandate flag and set useMandate flag to MOASession Logger.debug("Authentication process select ELGA-MandateService."); executionContext.remove(MOAIDAuthConstants.PARAM_USEMISMANDATE); moasession.setUseMandates(elgaMandateUsed); @@ -104,4 +118,27 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica } } + + /** + * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService. + * + * @return true, if ELGA mandateservice is allowed, otherwise false + */ + private boolean checkServiceProviderAgainstELGAModulConfigration() { + String allowedMandateTypesCSV = + authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES); + List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV); + List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles(); + + boolean isELGAMandateServiceAllowed = false; + if (spMandateProfiles != null) { + for (String el : allowedMandateTypes) { + if (spMandateProfiles.contains(el)) + isELGAMandateServiceAllowed = true; + + } + } + + return isELGAMandateServiceAllowed; + } } |