diff options
6 files changed, 589 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java index 38bcfa2af..a90d71a18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java @@ -43,8 +43,24 @@ public class UserWhitelistStore { try { InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); String whiteListString = IOUtils.toString(new InputStreamReader(is)); - whitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString)); + List<String> preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString)); + + //remove prefix if required + for (String bPK : preWhitelist) { + String[] bPKSplit = bPK.split(":"); + if (bPKSplit.length == 1) + whitelist.add(bPK); + + else if (bPKSplit.length ==2 ) + whitelist.add(bPKSplit[1]); + + else + Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ..."); + + } + Logger.info("User whitelist is initialized with " + whitelist.size() + " entries."); + } catch (FileNotFoundException e) { Logger.warn("Do not initialize user whitelist. Reason: CSV file with bPKs NOT found", e); @@ -62,6 +78,15 @@ public class UserWhitelistStore { } /** + * Get the number of entries of the static whitelist + * + * @return + */ + public int getNumberOfEntries() { + return whitelist.size(); + } + + /** * Check if bPK is in whitelist * * @param bPK @@ -76,6 +101,11 @@ public class UserWhitelistStore { } public boolean isUserbPKInWhitelistDynamic(String bPK) { + return isUserbPKInWhitelistDynamic(bPK, false); + + } + + public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) { try { if (absWhiteListUrl != null) { InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); @@ -86,7 +116,8 @@ public class UserWhitelistStore { } else { Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... "); - return isUserbPKInWhitelist(bPK); + if (!onlyDynamic) + return isUserbPKInWhitelist(bPK); } } @@ -94,8 +125,11 @@ public class UserWhitelistStore { Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e); } + if (!onlyDynamic) + return isUserbPKInWhitelist(bPK); - return isUserbPKInWhitelist(bPK); + + return false; } } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java new file mode 100644 index 000000000..d72e2f28c --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java @@ -0,0 +1,387 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.io.IOException; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IStorkConfig; +import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.util.config.EgovUtilPropertiesConfiguration; + +public class DummyAuthConfig implements AuthConfiguration { + + @Override + public String getRootConfigFileDir() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultChainingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getTrustedCACertificates() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isTrustmanagerrevoationchecking() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getActiveProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralPVP2ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralOAuth20ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ProtocolAllowed getAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map<String, String> getConfigurationWithPrefix(String Prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationWithKey(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBasicMOAIDConfiguration(String key) { + if (UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE.equals(key)) { + String current; + try { + current = new java.io.File( "." ).getCanonicalPath(); + return "file:" + current + "/src/test/resources/BPK-Whitelist_20180607.csv"; + } catch (IOException e) { + e.printStackTrace(); + } + } + + return null; + } + + @Override + public String getBasicMOAIDConfiguration(String key, String defaultValue) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public int getTransactionTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOCreatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOUpdatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getAlternativeSourceID() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getLegacyAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public IOAAuthParameters getOnlineApplicationParameter(String oaURL) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten"; + else + return "MOAIDBuergerkarteAuthentisierungsDaten"; + } + + @Override + public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) + throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) + throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkartePersonenbindungMitTestkarten"; + else + return "MOAIDBuergerkartePersonenbindung"; + } + + @Override + public List<String> getTransformsInfos() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getSLRequestTemplates() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSLRequestTemplates(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getDefaultBKUURLs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultBKUURL(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOTagetIdentifier() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOSpecialText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOASessionEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOAConfigurationEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isIdentityLinkResigning() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getIdentityLinkResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isMonitoringActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getMonitoringTestIdentityLinkURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMonitoringMessageSuccess() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isAdvancedLoggingActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getPublicURLPrefix() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isVirtualIDPsEnabled() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPVP2AssertionEncryptionActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isCertifiacteQCActive() { + return true; + } + + @Override + public IStorkConfig getStorkConfig() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDocumentServiceUrl() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isStorkFakeIdLActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getStorkFakeIdLCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getStorkNoSignatureCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getStorkFakeIdLResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPVPSchemaValidationActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Map<String, String> getConfigurationWithWildCard(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<Integer> getDefaultRevisionsLogEventCodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isHTTPAuthAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getRevocationMethodOrder() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { + // TODO Auto-generated method stub + return false; + } + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java new file mode 100644 index 000000000..71956990e --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java @@ -0,0 +1,136 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.xml.ConfigurationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_basic_user_whitelist.xml") +public class UserRestrictionWhiteListTest { + + @Autowired(required=true) UserWhitelistStore whitelistStore; + + private static String bPK_1 = "/7eNkLgqP71U8dBwa0lSI8/2EFY="; + private static String bPK_2 = "gr88V4oH5KLlurBCcCAbKJNMF18="; + private static String bPK_3 = "0Fq3KqgYTbK8MsxymLe7tbuXhpA="; + private static String bPK_4 = "JWiLzwktCITGg+ztRKEAwWloSNM="; + + private static String bPK_5 = "JWiLzwktCIXXX+ztRKEAwWloSNM="; + private static String bPK_6 = "WtHxBxLqOThNU9YF8fzXXXcZLBs="; + + @Test + public void checkNumberOfEntries() throws Exception { + if (whitelistStore.getNumberOfEntries() != 12) + throw new Exception("Number of entries not valid"); + + } + + + @Test + public void checkEntry_1() throws Exception { + String bPK = bPK_1; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_1() throws Exception { + String bPK = bPK_1; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_2() throws Exception { + String bPK = bPK_2; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_2() throws Exception { + String bPK = bPK_2; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + + @Test + public void checkEntry_3() throws Exception { + String bPK = bPK_3; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_3() throws Exception { + String bPK = bPK_3; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_4() throws Exception { + String bPK = bPK_4; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_4() throws Exception { + String bPK = bPK_4; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_5() throws Exception { + String bPK = bPK_5; + if (whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_5() throws Exception { + String bPK = bPK_5; + if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_6() throws Exception { + String bPK = bPK_6; + if (whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_6() throws Exception { + String bPK = bPK_6; + if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + +} diff --git a/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv new file mode 100644 index 000000000..099fc0f7e --- /dev/null +++ b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv @@ -0,0 +1,10 @@ +/7eNkLgqP71U8dBwa0lSI8/2EFY=,ZP-MH:xm1zT43aGLfTRLnDsxYoFk3XwDU=,ZP-MH:gr88V4oH5KLlurBCcCAbKJNMF18=,
+ZP-MH:LvrdIGoL4MXTjy7EJgPhoz3koL4=,
+ZP-MH:EcILNYQIZ4qfhLlZFzHivCu0Hfc=,
+ZP-MH:WtHxBxLqOThNU9YF8fzyvXcZLBs=,
+ZP-MH:0Fq3KqgYTbK8MsxymLe7tbuXhpA=,
+ZP-MH:DJ6nGg2JgcPH768BhqTNXVsGhOY=,
+JWiLzwktCITGg+ztRKEAwWloSNM=,
+ZP-MH:+cyQbhr1fQ8hLhazL62tFRq47iY=,
+ZP-MH:AFmfywfYPHcl2Lxp138upielmrs=,
+ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0=
diff --git a/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml new file mode 100644 index 000000000..85788714a --- /dev/null +++ b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + + <bean id="UserWhiteList_Store" + class="at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore"/> + + <bean id="DummyAuthConfig" + class="at.gv.egovernment.moa.id.config.auth.data.DummyAuthConfig"/> +</beans> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index 85c823258..a131e5e29 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -42,7 +42,7 @@ public abstract class eIDDataVerifierTest { Logger.info("Loading Java security providers."); //System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml"); String current = new java.io.File( "." ).getCanonicalPath(); - System.setProperty("moa.spss.server.configuration", current + "\\src\\test\\resources\\moaspss_config\\MOASPSSConfiguration.xml"); + System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml"); IAIK.addAsProvider(); ECCelerate.addAsProvider(); |