diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig')
3 files changed, 592 insertions, 582 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 247004b75..62d53ab56 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -32,7 +32,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; -import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; @@ -41,114 +40,115 @@ import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class MOAConfigValidator { - private static final Logger log = Logger.getLogger(MOAConfigValidator.class); - - public List<String> validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) { - - List<String> errors = new ArrayList<String>(); - - log.debug("Validate general MOA configuration"); - - - String check = form.getSaml1SourceID(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("SAML1 SourceID contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPublicURLPrefix(); - if (MiscUtil.isNotEmpty(check)) { - String[] publicURLPreFix = check.split(","); - if (form.isVirtualPublicURLPrefixEnabled()) { - for (String el : publicURLPreFix) { - if (!ValidationHelper.validateURL( - StringUtils.chomp(el.trim()))) { - log.info("Public URL Prefix " + el + " is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}, request)); - } - } - - } else { - if (!ValidationHelper.validateURL( - StringUtils.chomp(publicURLPreFix[0].trim()))) { - log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{publicURLPreFix[0]}, request)); - - } - - } - } else { - log.info("PublicURL Prefix is empty."); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); - } - - check = form.getTimeoutAssertion(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("Assertion Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - check = form.getTimeoutMOASessionCreated(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("MOASessionCreated Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - check = form.getTimeoutMOASessionUpdated(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateNumber(check)) { - log.warn("MOASessionUpdated Timeout is no number " + check); - errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - + public List<String> validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) { + + final List<String> errors = new ArrayList<>(); + + log.debug("Validate general MOA configuration"); + + String check = form.getSaml1SourceID(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("SAML1 SourceID contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPublicURLPrefix(); + if (MiscUtil.isNotEmpty(check)) { + final String[] publicURLPreFix = check.split(","); + if (form.isVirtualPublicURLPrefixEnabled()) { + for (final String el : publicURLPreFix) { + if (!ValidationHelper.validateURL( + StringUtils.chomp(el.trim()))) { + log.info("Public URL Prefix " + el + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", + new Object[] { el }, request)); + } + } + + } else { + if (!ValidationHelper.validateURL( + StringUtils.chomp(publicURLPreFix[0].trim()))) { + log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[] { + publicURLPreFix[0] }, request)); + + } + + } + } else { + log.info("PublicURL Prefix is empty."); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); + } + + check = form.getTimeoutAssertion(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Assertion Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + check = form.getTimeoutMOASessionCreated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionCreated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + check = form.getTimeoutMOASessionUpdated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionUpdated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + // check = form.getCertStoreDirectory(); // if (MiscUtil.isNotEmpty(check)) { // if (ValidationHelper.isValidOAIdentifier(check)) { // log.warn("CertStoreDirectory contains potentail XSS characters: " + check); -// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", +// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", // new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); // } // } else { // log.info("CertStoreDirectory is empty."); // errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request)); // } - - check = form.getDefaultBKUHandy(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); - } - } - - check = form.getDefaultBKULocal(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); - } - } - - check = form.getDefaultBKUOnline(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); - } - } - + + check = form.getDefaultBKUHandy(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); + } + } + + check = form.getDefaultBKULocal(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); + } + } + + check = form.getDefaultBKUOnline(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); + } + } + // check = form.getDefaultchainigmode(); // if (MiscUtil.isEmpty(check)) { // log.info("Empty Defaultchainigmode"); @@ -160,166 +160,169 @@ public class MOAConfigValidator { // errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid", request)); // } // } - - check = form.getMandateURL(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - String[] misURLs = check.split(","); - for (String el : misURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getElgaMandateServiceURL(); - if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { - String[] elgaServiceURLs = check.split(","); - for (String el : elgaServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getEidSystemServiceURL(); - if (MiscUtil.isNotEmpty(check)) { - String[] eidServiceURLs = check.split(","); - for (String el : eidServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid E-ID System Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", - new Object[]{el}, request)); - } - } - } - - check = form.getMoaspssAuthTransformations(); - List<String> authtranslist = new ArrayList<String>(); - if (isMOAIDMode) { - if (MiscUtil.isEmpty(check)) { - log.info("Empty MoaspssAuthTransformation"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request)); - } else { - - //is only required if more then one transformation is in use - // check = StringHelper.formatText(check); - // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); - // int i=1; - // for(String el : list) { - // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { - // log.info("IdentityLinkSigners is not valid: " + el); - // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", - // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); - // - // } else { - // if (MiscUtil.isNotEmpty(el.trim())) - // authtranslist.add(el.trim()); - // } - // i++; - // } - authtranslist.add(check.trim()); - } - } - form.setAuthTransformList(authtranslist); - - if (isMOAIDMode) { - check = form.getMoaspssAuthTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssIdlTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssAuthTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getMoaspssIdlTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - - check = form.getMoaspssURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid MOA-SP/SS Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); - } - } - } - - check = form.getPvp2IssuerName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 IssuerName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgDisplayName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 organisation display name is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 organisation name is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = form.getPvp2OrgURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("PVP2 organisation URL is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request)); - } - } - + + check = form.getMandateURL(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + final String[] misURLs = check.split(","); + for (final String el : misURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getElgaMandateServiceURL(); + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { + final String[] elgaServiceURLs = check.split(","); + for (final String el : elgaServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getEidSystemServiceURL(); + if (MiscUtil.isNotEmpty(check)) { + final String[] eidServiceURLs = check.split(","); + for (final String el : eidServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid E-ID System Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", + new Object[] { el }, request)); + } + } + } + + check = form.getMoaspssAuthTransformations(); + final List<String> authtranslist = new ArrayList<>(); + if (isMOAIDMode) { + if (MiscUtil.isEmpty(check)) { + log.info("Empty MoaspssAuthTransformation"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", + request)); + } else { + + // is only required if more then one transformation is in use + // check = StringHelper.formatText(check); + // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); + // int i=1; + // for(String el : list) { + // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { + // log.info("IdentityLinkSigners is not valid: " + el); + // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", + // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); + // + // } else { + // if (MiscUtil.isNotEmpty(el.trim())) + // authtranslist.add(el.trim()); + // } + // i++; + // } + authtranslist.add(check.trim()); + } + } + form.setAuthTransformList(authtranslist); + + if (isMOAIDMode) { + check = form.getMoaspssAuthTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Authblock TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssIdlTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("IdentityLink TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssAuthTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-Authblock TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssIdlTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", + request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-IdentityLink TrustProfile is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getMoaspssURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MOA-SP/SS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); + } + } + } + + check = form.getPvp2IssuerName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 IssuerName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgDisplayName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 organisation display name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 organisation name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = form.getPvp2OrgURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("PVP2 organisation URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request)); + } + } + // check = form.getPvp2PublicUrlPrefix(); // if (MiscUtil.isNotEmpty(check)) { // if (!ValidationHelper.validateURL(check)) { @@ -327,175 +330,175 @@ public class MOAConfigValidator { // errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.serviceurl.valid")); // } // } - - if (isMOAIDMode) { - check = form.getSLRequestTemplateHandy(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Handy-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Handy-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); - } - } - - check = form.getSLRequestTemplateLocal(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate local BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate local BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); - } - } - - check = form.getSLRequestTemplateOnline(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Online-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Online-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); - } - } - - check = form.getSsoFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("SSO friendlyname is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - // check = form.getSsoIdentificationNumber(); - // if (MiscUtil.isNotEmpty(check)) { - // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - // log.info("SSO IdentificationNumber is not valid: " + check); - // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", - // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - // } - // } - - // check = form.getSsoPublicUrl(); - // if (MiscUtil.isNotEmpty(check)) { - // if (!ValidationHelper.validateURL(check)) { - // log.info("SSO Public URL is not valid"); - // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); - // } - // } - - check = form.getSsoSpecialText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.info("SSO SpecialText is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", - new Object[] {ValidationHelper.getNotValidCharacter(true)} , request)); - } - } - - check = form.getSsoTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SSO Target"); - //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request)); - - } else { - if (!ValidationHelper.isValidAdminTarget(check)) { - - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - - String num = check.replaceAll(" ", ""); - - if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || - num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || - num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) { - - log.info("Not valid SSO Target"); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); - } - - } - } - - check = form.getSzrgwURL(); - if (MiscUtil.isNotEmpty(check)) { - String[] szrGWServiceURLs = check.split(","); - for (String el : szrGWServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", - new Object[]{el}, request)); - } - } - } - } - - check = form.getTrustedCACerts(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty TrustCACerts Directory"); - errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty", request)); - - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("Not valid TrustCACerts Directory"); - errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } - - - if (isMOAIDMode) { - if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { - HashMap<String, byte[]> map = new HashMap<String, byte[]>(); - for (int i=0; i<form.getFileUploadFileName().size(); i++) { - String filename = form.getFileUploadFileName().get(i); - - if (MiscUtil.isNotEmpty(filename)) { - if (ValidationHelper.containsNotValidCharacter(filename, false)) { - log.info("SL Transformation Filename is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", request)); - - } else { - try { - File file = form.getFileUpload().get(i); - FileInputStream stream = new FileInputStream(file); - map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); - - } catch (IOException e) { - log.info("SecurtiyLayerTransformation with FileName " - + filename +" can not be loaded." , e); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", - new Object[] {filename}, request )); - } - } - } - } - - form.setSecLayerTransformation(map); - - } else { - if (form.getSecLayerTransformation() == null) { - log.info("AuthBlock Transformation file is empty"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request)); - - } - } - } - - - ContactForm contact = form.getPvp2Contact(); - if (contact != null) { - PVP2ContactValidator pvp2validator = new PVP2ContactValidator(); - errors.addAll(pvp2validator.validate(contact, request)); - } - - return errors; - } + + if (isMOAIDMode) { + check = form.getSLRequestTemplateHandy(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Handy-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate Handy-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); + } + } + + check = form.getSLRequestTemplateLocal(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate local BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate local BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); + } + } + + check = form.getSLRequestTemplateOnline(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Online-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate Online-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); + } + } + + check = form.getSsoFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("SSO friendlyname is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + // check = form.getSsoIdentificationNumber(); + // if (MiscUtil.isNotEmpty(check)) { + // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + // log.info("SSO IdentificationNumber is not valid: " + check); + // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", + // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + // } + // } + + // check = form.getSsoPublicUrl(); + // if (MiscUtil.isNotEmpty(check)) { + // if (!ValidationHelper.validateURL(check)) { + // log.info("SSO Public URL is not valid"); + // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); + // } + // } + + check = form.getSsoSpecialText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, true)) { + log.info("SSO SpecialText is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + } + + check = form.getSsoTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SSO Target"); + // errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", + // request)); + + } else { + if (!ValidationHelper.isValidAdminTarget(check)) { + + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + + final String num = check.replaceAll(" ", ""); + + if (!(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || + num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || + num.startsWith(Constants.IDENIFICATIONTYPE_ERSB))) { + + log.info("Not valid SSO Target"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); + } + + } + } + + check = form.getSzrgwURL(); + if (MiscUtil.isNotEmpty(check)) { + final String[] szrGWServiceURLs = check.split(","); + for (final String el : szrGWServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", + new Object[] { el }, request)); + } + } + } + } + + check = form.getTrustedCACerts(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty TrustCACerts Directory"); + errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty", request)); + + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("Not valid TrustCACerts Directory"); + errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request)); + } + } + + if (isMOAIDMode) { + if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { + final HashMap<String, byte[]> map = new HashMap<>(); + for (int i = 0; i < form.getFileUploadFileName().size(); i++) { + final String filename = form.getFileUploadFileName().get(i); + + if (MiscUtil.isNotEmpty(filename)) { + if (ValidationHelper.containsNotValidCharacter(filename, false)) { + log.info("SL Transformation Filename is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", + request)); + + } else { + try { + final File file = form.getFileUpload().get(i); + final FileInputStream stream = new FileInputStream(file); + map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); + + } catch (final IOException e) { + log.info("SecurtiyLayerTransformation with FileName " + + filename + " can not be loaded.", e); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", + new Object[] { filename }, request)); + } + } + } + } + + form.setSecLayerTransformation(map); + + } else { + if (form.getSecLayerTransformation() == null) { + log.info("AuthBlock Transformation file is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request)); + + } + } + } + + final ContactForm contact = form.getPvp2Contact(); + if (contact != null) { + final PVP2ContactValidator pvp2validator = new PVP2ContactValidator(); + errors.addAll(pvp2validator.validate(contact, request)); + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java index f7edbee71..f6deb6b09 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java @@ -28,76 +28,76 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; - +@Slf4j public class PVP2ContactValidator { - public static final List<String> AllowedTypes= Arrays.asList( - "technical", - "support", - "administrative", - "billing", - "other"); - - private static final Logger log = Logger.getLogger(PVP2ContactValidator.class); - - public List<String >validate(ContactForm contact, HttpServletRequest request) { - List<String> errors = new ArrayList<String>(); - - String check = contact.getCompany(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: Company is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getGivenname(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: GivenName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getSurname(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("PVP2 Contact: SureName is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - } - - check = contact.getType(); - if (MiscUtil.isNotEmpty(check)) { - if (!AllowedTypes.contains(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid", request)); - } - } - - check = contact.getMail(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isEmailAddressFormat(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid", request)); - } - } - - check = contact.getPhone(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validatePhoneNumber(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid", request)); - } - } - - return errors; - } + public static final List<String> AllowedTypes = Arrays.asList( + "technical", + "support", + "administrative", + "billing", + "other"); + + public List<String> validate(ContactForm contact, HttpServletRequest request) { + final List<String> errors = new ArrayList<>(); + + String check = contact.getCompany(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: Company is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getGivenname(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: GivenName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getSurname(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("PVP2 Contact: SureName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + } + + check = contact.getType(); + if (MiscUtil.isNotEmpty(check)) { + if (!AllowedTypes.contains(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid", + request)); + } + } + + check = contact.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid", + request)); + } + } + + check = contact.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validatePhoneNumber(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid", + request)); + } + } + + return errors; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 41fce8e60..088e377b4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -5,8 +5,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import org.apache.log4j.Logger; - import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; @@ -14,108 +12,117 @@ import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class StorkConfigValidator { - private static final Logger log = Logger.getLogger(StorkConfigValidator.class); + public List<String> validate(GeneralStorkConfig form, HttpServletRequest request) { - public List<String> validate(GeneralStorkConfig form, HttpServletRequest request) { + final List<String> errors = new ArrayList<>(); - List<String> errors = new ArrayList<String>(); + log.debug("Validate general STORK configuration"); - log.debug("Validate general STORK configuration"); + // check peps list - // check peps list - // if (form.getCpepslist() != null) { // for(CPEPS current : form.getCpepslist()) { - if (form.getRawCPEPSList() != null) { - for(CPEPS current : form.getRawCPEPSList()) { - // if an existing record got deleted - if(null == current) - continue; - - // check country code - String check = current.getCountryCode(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); - } - if(!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) { - log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {check}, request )); - } - - // check url - check = current.getURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("CPEPS config URL is invalid : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request)); - } - } else { - log.warn("CPEPS config url is empty : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {check}, request )); - } - - } else { - log.warn("CPEPS config countrycode is empty : " + check); + if (form.getRawCPEPSList() != null) { + for (final CPEPS current : form.getRawCPEPSList()) { + // if an existing record got deleted + if (null == current) { + continue; + } + + // check country code + String check = current.getCountryCode(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] { ValidationHelper.getNotValidCharacter(false) }, request)); + } + if (!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) { + log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] { check }, request)); + } + + // check url + check = current.getURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("CPEPS config URL is invalid : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request)); + } + } else { + log.warn("CPEPS config url is empty : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] { check }, request)); + } + + } else { + log.warn("CPEPS config countrycode is empty : " + check); // errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", // new Object[] {check}, request )); - } - - } - - if (form.getCpepslist() != null) { - // ensure uniqueness of country code - for (CPEPS one : form.getCpepslist()) - for (CPEPS another : form.getCpepslist()) - if (null != one && null != another && one.getCountryCode() != null) - if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) { - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request)); - break; - } - } - } - - // check qaa - String qaa = form.getDefaultQaa(); - if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { - log.warn("eIDAS LoA is not allowed : " + qaa); - errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", - new Object[] {qaa}, request )); - } - - // check attributes - if (MiscUtil.isNotEmpty(form.getAttributes())) { - for(StorkAttribute check : form.getAttributes()) { - if (check != null && MiscUtil.isNotEmpty(check.getName())) { - String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI? - if (ValidationHelper.containsNotValidCharacter(tmp, true)) { - log.warn("default attributes contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {ValidationHelper.getNotValidCharacter(true)}, request )); - } - if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) { - log.warn("default attributes do not match the requested format : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {check}, request )); - } - - } - } - - //TODO: STORK attributes check if no attribute is set + } + + } + + if (form.getCpepslist() != null) { + // ensure uniqueness of country code + for (final CPEPS one : form.getCpepslist()) { + for (final CPEPS another : form.getCpepslist()) { + if (null != one && null != another && one.getCountryCode() != null) { + if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) { + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request)); + break; + } + } + } + } + } + } + + // check qaa + final String qaa = form.getDefaultQaa(); + if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { + log.warn("eIDAS LoA is not allowed : " + qaa); + errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] { qaa }, request)); + } + + // check attributes + if (MiscUtil.isNotEmpty(form.getAttributes())) { + for (final StorkAttribute check : form.getAttributes()) { + if (check != null && MiscUtil.isNotEmpty(check.getName())) { + final String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come + // with a "/", we need to + // exclude them from + // validation. TODO Or should + // we require the admin to + // escape them in the UI? + if (ValidationHelper.containsNotValidCharacter(tmp, true)) { + log.warn("default attributes contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] { ValidationHelper.getNotValidCharacter(true) }, request)); + } + if (!tmp.toLowerCase().matches("^[A-Za-z]*$")) { + log.warn("default attributes do not match the requested format : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] { check }, request)); + } + + } + } + + // TODO: STORK attributes check if no attribute is set // } else { // log.warn("no attributes specified"); // errors.add(LanguageHelper.getErrorString("validation.stork.attributes.empty", // new Object[] {} )); - } + } - return errors; - } + return errors; + } } |