aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java361
1 files changed, 361 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
new file mode 100644
index 000000000..f51095cac
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -0,0 +1,361 @@
+package at.gv.egovernment.moa.id.configuration.validation.moaconfig;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
+import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.helper.StringHelper;
+import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class MOAConfigValidator {
+
+ private static final Logger log = Logger.getLogger(MOAConfigValidator.class);
+
+ public List<String> validate(GeneralMOAIDConfig form) {
+
+ List<String> errors = new ArrayList<String>();
+
+ log.debug("Validate general MOA configuration");
+
+
+ String check = form.getAlternativeSourceID();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("AlternativeSourceID contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.AlternativeSourceID",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ }
+
+ check = form.getTimeoutAssertion();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("Assertion Timeout is no number " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid",
+ new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+ }
+ }
+ check = form.getTimeoutMOASessionCreated();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("MOASessionCreated Timeout is no number " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid",
+ new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+ }
+ }
+ check = form.getTimeoutMOASessionUpdated();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("MOASessionUpdated Timeout is no number " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid",
+ new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+ }
+ }
+
+ check = form.getCertStoreDirectory();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.isValidOAIdentifier(check)) {
+ log.warn("CertStoreDirectory contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid",
+ new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+ }
+ } else {
+ log.info("CertStoreDirectory is empty.");
+ errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty"));
+ }
+
+ check = form.getDefaultBKUHandy();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Handy-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid"));
+ }
+ }
+
+ check = form.getDefaultBKULocal();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid"));
+ }
+ }
+
+ check = form.getDefaultBKUOnline();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid"));
+ }
+ }
+
+ check = form.getDefaultchainigmode();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty Defaultchainigmode");
+ errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.empty"));
+ } else {
+ Map<String, String> list = form.getChainigmodelist();
+ if (!list.containsKey(check)) {
+ log.info("Not valid Defaultchainigmode " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid"));
+ }
+ }
+
+ check = form.getMandateURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-Mandate Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid"));
+ }
+ }
+
+ check = form.getMoaspssAuthTransformations();
+ List<String> authtranslist = new ArrayList<String>();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MoaspssAuthTransformation");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty"));
+ } else {
+ check = StringHelper.formatText(check);
+ String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER);
+ int i=1;
+ for(String el : list) {
+ if (ValidationHelper.containsPotentialCSSCharacter(el, false)) {
+ log.info("IdentityLinkSigners is not valid: " + el);
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid",
+ new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} ));
+
+ } else {
+ if (MiscUtil.isNotEmpty(el.trim()))
+ authtranslist.add(el.trim());
+ }
+ i++;
+ }
+ }
+ form.setAuthTransformList(authtranslist);
+
+ check = form.getMoaspssAuthTrustProfile();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MOA-SP/SS Authblock TrustProfile");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty"));
+ } else {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.info("Authblock TrustProfile is not valid: " +check);
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ }
+
+ check = form.getMoaspssIdlTrustProfile();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MOA-SP/SS IdentityLink TrustProfile");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty"));
+ } else {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.info("IdentityLink TrustProfile is not valid: " +check);
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ }
+
+ check = form.getMoaspssURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid MOA-SP/SS Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid"));
+ }
+ }
+
+ check = form.getPvp2IssuerName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.info("PVP2 IssuerName is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ }
+
+ check = form.getPvp2OrgDisplayName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.info("PVP2 organisation display name is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ }
+
+ check = form.getPvp2OrgName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.info("PVP2 organisation name is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ }
+
+ check = form.getPvp2OrgURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("PVP2 organisation URL is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid"));
+ }
+ }
+
+ check = form.getPvp2PublicUrlPrefix();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("PVP2 Service URL is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.serviceurl.valid"));
+ }
+ }
+
+ check = form.getSLRequestTemplateHandy();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SLRequestTemplate Handy-BKU");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty"));
+ } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("SLRequestTemplate Handy-BKU is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid"));
+ }
+ }
+
+ check = form.getSLRequestTemplateLocal();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SLRequestTemplate local BKU");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty"));
+ } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("SLRequestTemplate local BKU is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid"));
+ }
+ }
+
+ check = form.getSLRequestTemplateOnline();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SLRequestTemplate Online-BKU");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty"));
+ } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("SLRequestTemplate Online-BKU is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid"));
+ }
+ }
+
+ check = form.getSsoFriendlyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.info("SSO friendlyname is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ }
+
+ check = form.getSsoIdentificationNumber();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.info("SSO IdentificationNumber is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ }
+
+ check = form.getSsoPublicUrl();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("SSO Public URL is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid"));
+ }
+ }
+
+ check = form.getSsoSpecialText();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ log.info("SSO SpecialText is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} ));
+ }
+ }
+
+ check = form.getSsoTarget();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SSO Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty"));
+
+ } else {
+ if (!ValidationHelper.isValidTarget(check)) {
+ log.info("Not valid SSO Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid"));
+ }
+ }
+
+ check = form.getSzrgwURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("SZRGW URL is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid"));
+ }
+ }
+
+ check = form.getTrustedCACerts();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty TrustCACerts Directory");
+ errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty"));
+
+ } else {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("Not valid TrustCACerts Directory");
+ errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid",
+ new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+ }
+ }
+
+
+
+ if (form.getFileUploadFileName() != null) {
+ HashMap<String, byte[]> map = new HashMap<String, byte[]>();
+ for (int i=0; i<form.getFileUploadFileName().size(); i++) {
+ String filename = form.getFileUploadFileName().get(i);
+
+ if (MiscUtil.isNotEmpty(filename)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) {
+ log.info("SL Transformation Filename is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid"));
+
+ } else {
+ try {
+ File file = form.getFileUpload().get(i);
+ FileInputStream stream = new FileInputStream(file);
+ map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8"));
+
+ } catch (IOException e) {
+ log.info("SecurtiyLayerTransformation with FileName "
+ + filename +" can not be loaded." , e);
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid",
+ new Object[] {filename} ));
+ }
+ }
+ }
+ }
+ form.setSecLayerTransformation(map);
+ }
+
+
+ ContactForm contact = form.getPvp2Contact();
+ if (contact != null) {
+ PVP2ContactValidator pvp2validator = new PVP2ContactValidator();
+ errors.addAll(pvp2validator.validate(contact));
+ }
+
+ return errors;
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 13:04:12 +0000