diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java | 361 |
1 files changed, 361 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java new file mode 100644 index 000000000..f51095cac --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -0,0 +1,361 @@ +package at.gv.egovernment.moa.id.configuration.validation.moaconfig; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; +import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.StringHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +public class MOAConfigValidator { + + private static final Logger log = Logger.getLogger(MOAConfigValidator.class); + + public List<String> validate(GeneralMOAIDConfig form) { + + List<String> errors = new ArrayList<String>(); + + log.debug("Validate general MOA configuration"); + + + String check = form.getAlternativeSourceID(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("AlternativeSourceID contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.AlternativeSourceID", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getTimeoutAssertion(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Assertion Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } + } + check = form.getTimeoutMOASessionCreated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionCreated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } + } + check = form.getTimeoutMOASessionUpdated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionUpdated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } + } + + check = form.getCertStoreDirectory(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.isValidOAIdentifier(check)) { + log.warn("CertStoreDirectory contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } + } else { + log.info("CertStoreDirectory is empty."); + errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty")); + } + + check = form.getDefaultBKUHandy(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid")); + } + } + + check = form.getDefaultBKULocal(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid")); + } + } + + check = form.getDefaultBKUOnline(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid")); + } + } + + check = form.getDefaultchainigmode(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Defaultchainigmode"); + errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.empty")); + } else { + Map<String, String> list = form.getChainigmodelist(); + if (!list.containsKey(check)) { + log.info("Not valid Defaultchainigmode " + check); + errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid")); + } + } + + check = form.getMandateURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid")); + } + } + + check = form.getMoaspssAuthTransformations(); + List<String> authtranslist = new ArrayList<String>(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MoaspssAuthTransformation"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty")); + } else { + check = StringHelper.formatText(check); + String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); + int i=1; + for(String el : list) { + if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { + log.info("IdentityLinkSigners is not valid: " + el); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", + new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); + + } else { + if (MiscUtil.isNotEmpty(el.trim())) + authtranslist.add(el.trim()); + } + i++; + } + } + form.setAuthTransformList(authtranslist); + + check = form.getMoaspssAuthTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty")); + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("Authblock TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getMoaspssIdlTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty")); + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("IdentityLink TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getMoaspssURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MOA-SP/SS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid")); + } + } + + check = form.getPvp2IssuerName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("PVP2 IssuerName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getPvp2OrgDisplayName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("PVP2 organisation display name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getPvp2OrgName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("PVP2 organisation name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getPvp2OrgURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("PVP2 organisation URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid")); + } + } + + check = form.getPvp2PublicUrlPrefix(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("PVP2 Service URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.serviceurl.valid")); + } + } + + check = form.getSLRequestTemplateHandy(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Handy-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty")); + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("SLRequestTemplate Handy-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid")); + } + } + + check = form.getSLRequestTemplateLocal(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate local BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty")); + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("SLRequestTemplate local BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid")); + } + } + + check = form.getSLRequestTemplateOnline(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Online-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty")); + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("SLRequestTemplate Online-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid")); + } + } + + check = form.getSsoFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("SSO friendlyname is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getSsoIdentificationNumber(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("SSO IdentificationNumber is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getSsoPublicUrl(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("SSO Public URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); + } + } + + check = form.getSsoSpecialText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.info("SSO SpecialText is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + } + } + + check = form.getSsoTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SSO Target"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty")); + + } else { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid SSO Target"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid")); + } + } + + check = form.getSzrgwURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("SZRGW URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid")); + } + } + + check = form.getTrustedCACerts(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty TrustCACerts Directory"); + errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty")); + + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("Not valid TrustCACerts Directory"); + errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } + } + + + + if (form.getFileUploadFileName() != null) { + HashMap<String, byte[]> map = new HashMap<String, byte[]>(); + for (int i=0; i<form.getFileUploadFileName().size(); i++) { + String filename = form.getFileUploadFileName().get(i); + + if (MiscUtil.isNotEmpty(filename)) { + if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) { + log.info("SL Transformation Filename is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid")); + + } else { + try { + File file = form.getFileUpload().get(i); + FileInputStream stream = new FileInputStream(file); + map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); + + } catch (IOException e) { + log.info("SecurtiyLayerTransformation with FileName " + + filename +" can not be loaded." , e); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", + new Object[] {filename} )); + } + } + } + } + form.setSecLayerTransformation(map); + } + + + ContactForm contact = form.getPvp2Contact(); + if (contact != null) { + PVP2ContactValidator pvp2validator = new PVP2ContactValidator(); + errors.addAll(pvp2validator.validate(contact)); + } + + return errors; + } +} |