diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java | 151 |
1 files changed, 151 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java new file mode 100644 index 000000000..0bbf2116d --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -0,0 +1,151 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.validation.oa; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +public class OAAuthenticationDataValidation { + + private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); + + public List<String> validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) { + + List<String> errors = new ArrayList<String>(); + String check; + + + + //Check BKU URLs + if (isAdmin) { + check =form.getBkuHandyURL(); + if (MiscUtil.isNotEmpty(check)) { +// log.info("Empty Handy-BKU URL"); +// errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); +// +// } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); + } + } + + check =form.getBkuLocalURL(); + if (MiscUtil.isNotEmpty(check)) { +// log.info("Empty Local-BKU URL"); +// errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); +// +// } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); + } + } + + check =form.getBkuOnlineURL(); + if (MiscUtil.isNotEmpty(check)) { +// log.info("Empty Online-BKU URL"); +// errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); +// +// } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); + } + } + } + + if (isAdmin) { + //check KeyBoxIdentifier + check = form.getKeyBoxIdentifier(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty KeyBoxIdentifier"); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request)); + } else { + Map<String, String> list = form.getKeyBoxIdentifierList(); + if (!list.containsKey(check)) { + log.info("Not valid KeyBoxIdentifier " + check); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request)); + } + } + + //check LegacyMode SLTemplates + if (form.isLegacy()) { + if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && + MiscUtil.isEmpty(form.getSLTemplateURL2()) && + MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { + log.info("Empty OA-specific SecurityLayer Templates"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request)); + + } else { + check = form.getSLTemplateURL1(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("First OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request)); + } + check = form.getSLTemplateURL2(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("Second OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request)); + } + check = form.getSLTemplateURL3(); + if (MiscUtil.isNotEmpty(check) && + ValidationHelper.isNotValidIdentityLinkSigner(check) ) { + log.info("Third OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request)); + } + } + } + } + + //check Mandate Profiles + check = form.getMandateProfiles(); + if (MiscUtil.isNotEmpty(check)) { + + if (!form.isUseMandates()) { + log.info("MandateProfiles configured but useMandates is false."); + errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request)); + } + + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("MandateProfiles contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); + } + } + + return errors; + } +} |