aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java40
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java387
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java136
-rw-r--r--id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv10
-rw-r--r--id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml18
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java2
6 files changed, 589 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
index 38bcfa2af..a90d71a18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -43,8 +43,24 @@ public class UserWhitelistStore {
try {
InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
String whiteListString = IOUtils.toString(new InputStreamReader(is));
- whitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
+ List<String> preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
+
+ //remove prefix if required
+ for (String bPK : preWhitelist) {
+ String[] bPKSplit = bPK.split(":");
+ if (bPKSplit.length == 1)
+ whitelist.add(bPK);
+
+ else if (bPKSplit.length ==2 )
+ whitelist.add(bPKSplit[1]);
+
+ else
+ Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ...");
+
+ }
+
Logger.info("User whitelist is initialized with " + whitelist.size() + " entries.");
+
} catch (FileNotFoundException e) {
Logger.warn("Do not initialize user whitelist. Reason: CSV file with bPKs NOT found", e);
@@ -62,6 +78,15 @@ public class UserWhitelistStore {
}
/**
+ * Get the number of entries of the static whitelist
+ *
+ * @return
+ */
+ public int getNumberOfEntries() {
+ return whitelist.size();
+ }
+
+ /**
* Check if bPK is in whitelist
*
* @param bPK
@@ -76,6 +101,11 @@ public class UserWhitelistStore {
}
public boolean isUserbPKInWhitelistDynamic(String bPK) {
+ return isUserbPKInWhitelistDynamic(bPK, false);
+
+ }
+
+ public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) {
try {
if (absWhiteListUrl != null) {
InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
@@ -86,7 +116,8 @@ public class UserWhitelistStore {
} else {
Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... ");
- return isUserbPKInWhitelist(bPK);
+ if (!onlyDynamic)
+ return isUserbPKInWhitelist(bPK);
}
}
@@ -94,8 +125,11 @@ public class UserWhitelistStore {
Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e);
}
+ if (!onlyDynamic)
+ return isUserbPKInWhitelist(bPK);
- return isUserbPKInWhitelist(bPK);
+
+ return false;
}
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
new file mode 100644
index 000000000..d72e2f28c
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
@@ -0,0 +1,387 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
+import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.util.config.EgovUtilPropertiesConfiguration;
+
+public class DummyAuthConfig implements AuthConfiguration {
+
+ @Override
+ public String getRootConfigFileDir() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getDefaultChainingMode() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getTrustedCACertificates() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isTrustmanagerrevoationchecking() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String[] getActiveProfiles() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Properties getGeneralPVP2ProperiesConfig() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Properties getGeneralOAuth20ProperiesConfig() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public ProtocolAllowed getAllowedProtocols() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Map<String, String> getConfigurationWithPrefix(String Prefix) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getConfigurationWithKey(String key) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getBasicMOAIDConfiguration(String key) {
+ if (UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE.equals(key)) {
+ String current;
+ try {
+ current = new java.io.File( "." ).getCanonicalPath();
+ return "file:" + current + "/src/test/resources/BPK-Whitelist_20180607.csv";
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+ return null;
+ }
+
+ @Override
+ public String getBasicMOAIDConfiguration(String key, String defaultValue) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public int getTransactionTimeOut() {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+ @Override
+ public int getSSOCreatedTimeOut() {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+ @Override
+ public int getSSOUpdatedTimeOut() {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+ @Override
+ public String getAlternativeSourceID() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getLegacyAllowedProtocols() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public IOAAuthParameters getOnlineApplicationParameter(String oaURL) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+ if (useTestTrustStore)
+ return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten";
+ else
+ return "MOAIDBuergerkarteAuthentisierungsDaten";
+ }
+
+ @Override
+ public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters)
+ throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters)
+ throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+ if (useTestTrustStore)
+ return "MOAIDBuergerkartePersonenbindungMitTestkarten";
+ else
+ return "MOAIDBuergerkartePersonenbindung";
+ }
+
+ @Override
+ public List<String> getTransformsInfos() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getSLRequestTemplates() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getSLRequestTemplates(String type) throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getDefaultBKUURLs() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getDefaultBKUURL(String type) throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getSSOTagetIdentifier() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getSSOFriendlyName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getSSOSpecialText() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getMOASessionEncryptionKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getMOAConfigurationEncryptionKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isIdentityLinkResigning() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String getIdentityLinkResigningKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isMonitoringActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String getMonitoringTestIdentityLinkURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getMonitoringMessageSuccess() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isAdvancedLoggingActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<String> getPublicURLPrefix() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isVirtualIDPsEnabled() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isPVP2AssertionEncryptionActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isCertifiacteQCActive() {
+ return true;
+ }
+
+ @Override
+ public IStorkConfig getStorkConfig() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getDocumentServiceUrl() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isStorkFakeIdLActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<String> getStorkFakeIdLCountries() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getStorkNoSignatureCountries() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getStorkFakeIdLResigningKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isPVPSchemaValidationActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public Map<String, String> getConfigurationWithWildCard(String key) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<Integer> getDefaultRevisionsLogEventCodes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isHTTPAuthAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String[] getRevocationMethodOrder() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java
new file mode 100644
index 000000000..71956990e
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java
@@ -0,0 +1,136 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.xml.ConfigurationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_basic_user_whitelist.xml")
+public class UserRestrictionWhiteListTest {
+
+ @Autowired(required=true) UserWhitelistStore whitelistStore;
+
+ private static String bPK_1 = "/7eNkLgqP71U8dBwa0lSI8/2EFY=";
+ private static String bPK_2 = "gr88V4oH5KLlurBCcCAbKJNMF18=";
+ private static String bPK_3 = "0Fq3KqgYTbK8MsxymLe7tbuXhpA=";
+ private static String bPK_4 = "JWiLzwktCITGg+ztRKEAwWloSNM=";
+
+ private static String bPK_5 = "JWiLzwktCIXXX+ztRKEAwWloSNM=";
+ private static String bPK_6 = "WtHxBxLqOThNU9YF8fzXXXcZLBs=";
+
+ @Test
+ public void checkNumberOfEntries() throws Exception {
+ if (whitelistStore.getNumberOfEntries() != 12)
+ throw new Exception("Number of entries not valid");
+
+ }
+
+
+ @Test
+ public void checkEntry_1() throws Exception {
+ String bPK = bPK_1;
+ if (!whitelistStore.isUserbPKInWhitelist(bPK))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+ @Test
+ public void checkEntryDynamic_1() throws Exception {
+ String bPK = bPK_1;
+ if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+ @Test
+ public void checkEntry_2() throws Exception {
+ String bPK = bPK_2;
+ if (!whitelistStore.isUserbPKInWhitelist(bPK))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+ @Test
+ public void checkEntryDynamic_2() throws Exception {
+ String bPK = bPK_2;
+ if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+
+ @Test
+ public void checkEntry_3() throws Exception {
+ String bPK = bPK_3;
+ if (!whitelistStore.isUserbPKInWhitelist(bPK))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+ @Test
+ public void checkEntryDynamic_3() throws Exception {
+ String bPK = bPK_3;
+ if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+ @Test
+ public void checkEntry_4() throws Exception {
+ String bPK = bPK_4;
+ if (!whitelistStore.isUserbPKInWhitelist(bPK))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+ @Test
+ public void checkEntryDynamic_4() throws Exception {
+ String bPK = bPK_4;
+ if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+ @Test
+ public void checkEntry_5() throws Exception {
+ String bPK = bPK_5;
+ if (whitelistStore.isUserbPKInWhitelist(bPK))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+ @Test
+ public void checkEntryDynamic_5() throws Exception {
+ String bPK = bPK_5;
+ if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+ @Test
+ public void checkEntry_6() throws Exception {
+ String bPK = bPK_6;
+ if (whitelistStore.isUserbPKInWhitelist(bPK))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+ @Test
+ public void checkEntryDynamic_6() throws Exception {
+ String bPK = bPK_6;
+ if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+ throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv
new file mode 100644
index 000000000..099fc0f7e
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv
@@ -0,0 +1,10 @@
+/7eNkLgqP71U8dBwa0lSI8/2EFY=,ZP-MH:xm1zT43aGLfTRLnDsxYoFk3XwDU=,ZP-MH:gr88V4oH5KLlurBCcCAbKJNMF18=,
+ZP-MH:LvrdIGoL4MXTjy7EJgPhoz3koL4=,
+ZP-MH:EcILNYQIZ4qfhLlZFzHivCu0Hfc=,
+ZP-MH:WtHxBxLqOThNU9YF8fzyvXcZLBs=,
+ZP-MH:0Fq3KqgYTbK8MsxymLe7tbuXhpA=,
+ZP-MH:DJ6nGg2JgcPH768BhqTNXVsGhOY=,
+JWiLzwktCITGg+ztRKEAwWloSNM=,
+ZP-MH:+cyQbhr1fQ8hLhazL62tFRq47iY=,
+ZP-MH:AFmfywfYPHcl2Lxp138upielmrs=,
+ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0=
diff --git a/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml
new file mode 100644
index 000000000..85788714a
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+
+ <bean id="UserWhiteList_Store"
+ class="at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore"/>
+
+ <bean id="DummyAuthConfig"
+ class="at.gv.egovernment.moa.id.config.auth.data.DummyAuthConfig"/>
+</beans>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
index 85c823258..a131e5e29 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
@@ -42,7 +42,7 @@ public abstract class eIDDataVerifierTest {
Logger.info("Loading Java security providers.");
//System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml");
String current = new java.io.File( "." ).getCanonicalPath();
- System.setProperty("moa.spss.server.configuration", current + "\\src\\test\\resources\\moaspss_config\\MOASPSSConfiguration.xml");
+ System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml");
IAIK.addAsProvider();
ECCelerate.addAsProvider();