diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java | 167 |
1 files changed, 161 insertions, 6 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java index aeac75e44..46d9f4db8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java @@ -1,18 +1,140 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation; +import iaik.asn1.ObjectID; +import iaik.utils.Util; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; + +import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; +import java.net.UnknownHostException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.regex.Matcher; import java.util.regex.Pattern; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + import org.apache.log4j.Logger; public class ValidationHelper { private static final Logger log = Logger.getLogger(ValidationHelper.class); + private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy"; + + + public static boolean isPublicServiceAllowed(String identifier) { + + SSLSocket socket = null; + + try { + URL url = new URL(identifier); + String host = url.getHost(); + + if (host.endsWith("/")) + host = host.substring(0, host.length()-1); + + if (url.getHost().endsWith(at.gv.egovernment.moa.id.configuration.Constants.PUBLICSERVICE_URL_POSTFIX)) { + log.debug("PublicURLPrefix with .gv.at Domain found."); + return true; + + } else { + SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory(); + socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort()); + socket.startHandshake(); + + SSLSession session = socket.getSession(); + Certificate[] servercerts = session.getPeerCertificates(); + X509Certificate[] iaikChain = new X509Certificate[servercerts.length]; + for (int i=0; i<servercerts.length; i++) { + iaikChain[i] = new X509Certificate(servercerts[i].getEncoded()); + } + + + X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0]; + + if (cert != null) { + ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft + ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft + + + if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) { + return false; + + } else { + log.info("Found correct X509 Extension in server certificate. PublicService is allowed"); + return true; + } + } + + return false; + } + + } catch (MalformedURLException e) { + log.warn("PublicURLPrefix can not parsed to URL", e); + return false; + + } catch (UnknownHostException e) { + log.warn("Can not connect to PublicURLPrefix Server", e); + return false; + + } catch (IOException e) { + log.warn("Can not connect to PublicURLPrefix Server", e); + return false; + + } catch (CertificateEncodingException e) { + log.warn("Can not parse X509 server certificate", e); + return false; + + } catch (CertificateException e) { + log.warn("Can not read X509 server certificate", e); + return false; + + } catch (X509ExtensionInitException e) { + log.warn("Can not read X509 server certificate extension", e); + return false; + } + + finally { + if (socket != null) + try { + socket.close(); + } catch (IOException e) { + log.warn("SSL Socket can not be closed.", e); + } + } + } + public static boolean validateOAID(String oaIDObj) { if (oaIDObj != null) { try { @@ -34,7 +156,7 @@ public class ValidationHelper { log.debug("Validate Number " + value); try { - float num = Float.valueOf(value); + Float.valueOf(value); return true; @@ -52,7 +174,7 @@ public class ValidationHelper { if (urlString.startsWith("http") || urlString.startsWith("https")) { try { - URL url =new URL(urlString); + new URL(urlString); return true; } catch (MalformedURLException e) { @@ -62,7 +184,7 @@ public class ValidationHelper { return false; } - public static boolean isValidTarget(String target) { + public static boolean isValidAdminTarget(String target) { log.debug("Ueberpruefe Parameter Target"); @@ -76,10 +198,24 @@ public class ValidationHelper { else { log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); return false; - } - + } } + public static boolean isValidTarget(String target) { + + log.debug("Ueberpruefe Parameter Target"); + + if (TargetValidator.isValidTarget(target)) { + log.debug("Parameter Target erfolgreich ueberprueft"); + return true; + } + else { + log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); + return false; + } + + } + public static boolean isValidSourceID(String sourceID) { log.debug("Ueberpruefe Parameter sourceID"); @@ -98,7 +234,10 @@ public class ValidationHelper { } public static boolean isDateFormat(String dateString) { - SimpleDateFormat sdf = new SimpleDateFormat("dd.MM.yyyy"); + if (dateString.length() > TEMPLATE_DATEFORMAT.length()) + return false; + + SimpleDateFormat sdf = new SimpleDateFormat(TEMPLATE_DATEFORMAT); try { sdf.parse(dateString); return true; @@ -182,4 +321,20 @@ public class ValidationHelper { return "; % \" ' ` < >"; } + + public static boolean isValidHexValue(String param) { + + try { + if (param.startsWith("#") && param.length() <= 7) { + Long.decode(param); + return true; + } + + } catch (Exception e) { + + } + return false; + + } + } |