diff options
5 files changed, 64 insertions, 7 deletions
| diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/id/server/auth/src/main/webapp/index.html diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index 07679999b..47f784c33 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -99,7 +99,7 @@ public class Random {  		char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)];  		//generate ID -		return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue), true)); // 20 bytes = 160 bits +		return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits  	} @@ -111,7 +111,7 @@ public class Random {  	 * @return random hex encoded value [256bit]  	 */  	public static String nextHexRandom() { -		return new String(Hex.encodeHex(nextByteRandom(32), true)); // 32 bytes = 256 bits +		return new String(Hex.encodeHex(nextByteRandom(32))); // 32 bytes = 256 bits  	} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java index cbdd13d0e..add929e1d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java @@ -31,8 +31,6 @@ import java.util.Map;  import java.util.Map.Entry;  import java.util.Set; -import org.apache.commons.lang3.StringUtils; -  import at.gv.egovernment.moa.util.MiscUtil;  /** @@ -283,6 +281,27 @@ public class KeyValueUtils {  		return false;  	} +	/** +	 * Convert a CSV list to a List of CSV values +	 * <br><br> +	 * This method removes all whitespace at the begin or the  +	 * end of CSV values and remove newLine signs at the end of value. +	 * The ',' is used as list delimiter +	 *  +	 * @param csv CSV encoded input data +	 * @return List of CSV normalized values, but never null +	 */ +	public static List<String> getListOfCSVValues(String csv) { +		List<String> list = new ArrayList<String>(); +		if (MiscUtil.isNotEmpty(csv)) {		 +			String[] values = csv.split(CSV_DELIMITER); +			for (String el: values) +				list.add(el.trim()); +		 +		} +		 +		return list; +	}  	/**  	 * This method remove all newline delimiter (\n or \r\n) from input data diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java index f682913e6..acb0b3aa1 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java @@ -52,6 +52,7 @@ public class ELGAMandatesAuthConstants {  	public static final String CONFIG_PROPS_ENTITYID = CONFIG_PROPS_PREFIX + "service.entityID";  	public static final String CONFIG_PROPS_METADATAURL = CONFIG_PROPS_PREFIX + "service.metadataurl";  	public static final String CONFIG_PROPS_METADATA_TRUSTPROFILE = CONFIG_PROPS_PREFIX + "service.metadata.trustprofileID"; +	public static final String CONFIG_PROPS_ALLOWED_MANDATE_TYPES = "service.mandateprofiles";  	public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path";  	public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java index 50bac3eab..03711aa40 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java @@ -22,6 +22,8 @@   */  package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks; +import java.util.List; +  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; @@ -30,8 +32,10 @@ import org.springframework.stereotype.Component;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException;  import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;  import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;  import at.gv.egovernment.moa.id.process.api.ExecutionContext;  import at.gv.egovernment.moa.logging.Logger; @@ -69,8 +73,7 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica  					elgaMandateUsed = (boolean) elgaMandateUsedObj;  			} -			 -			 +						  			//check if both mandate Services are requested  			if ( (misMandateUsed != null && misMandateUsed) &&  					elgaMandateUsed ) { @@ -79,8 +82,19 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica  			} -			//remove MIS-Mandate flag and set useMandate flag to MOASession +			  			if (elgaMandateUsed) { +				//check mandateProfiles against ELGA-MandateService configuration				 +				if (!checkServiceProviderAgainstELGAModulConfigration()) { +					Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()  +							+ " does not fulfill requirements to use ELGA-MandateService."); +					throw new MOAIDException("service.10", new Object[]{ +							ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, +							"No valid mandate-profile defined"}); +					 +				} +				 +				//remove MIS-Mandate flag and set useMandate flag to MOASession  				Logger.debug("Authentication process select ELGA-MandateService.");  				executionContext.remove(MOAIDAuthConstants.PARAM_USEMISMANDATE);  				moasession.setUseMandates(elgaMandateUsed); @@ -104,4 +118,27 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica  		}  	} + +	/** +	 * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService. +	 *  +	 * @return true, if ELGA mandateservice is allowed, otherwise false +	 */ +	private boolean checkServiceProviderAgainstELGAModulConfigration() { +		String allowedMandateTypesCSV =  +				authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);		 +		List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);		 +		List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles(); + +		boolean isELGAMandateServiceAllowed = false; +		if (spMandateProfiles != null) {			 +			for (String el : allowedMandateTypes) { +				if (spMandateProfiles.contains(el)) +					isELGAMandateServiceAllowed = true; +			 +			} +		} +		 +		return isELGAMandateServiceAllowed; +	}  } | 
