aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java151
1 files changed, 151 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
new file mode 100644
index 000000000..0bbf2116d
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -0,0 +1,151 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.configuration.validation.oa;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class OAAuthenticationDataValidation {
+
+ private static final Logger log = Logger.getLogger(OASSOConfigValidation.class);
+
+ public List<String> validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) {
+
+ List<String> errors = new ArrayList<String>();
+ String check;
+
+
+
+ //Check BKU URLs
+ if (isAdmin) {
+ check =form.getBkuHandyURL();
+ if (MiscUtil.isNotEmpty(check)) {
+// log.info("Empty Handy-BKU URL");
+// errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty"));
+//
+// } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Handy-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request));
+ }
+ }
+
+ check =form.getBkuLocalURL();
+ if (MiscUtil.isNotEmpty(check)) {
+// log.info("Empty Local-BKU URL");
+// errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty"));
+//
+// } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request));
+ }
+ }
+
+ check =form.getBkuOnlineURL();
+ if (MiscUtil.isNotEmpty(check)) {
+// log.info("Empty Online-BKU URL");
+// errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty"));
+//
+// } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request));
+ }
+ }
+ }
+
+ if (isAdmin) {
+ //check KeyBoxIdentifier
+ check = form.getKeyBoxIdentifier();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty KeyBoxIdentifier");
+ errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request));
+ } else {
+ Map<String, String> list = form.getKeyBoxIdentifierList();
+ if (!list.containsKey(check)) {
+ log.info("Not valid KeyBoxIdentifier " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request));
+ }
+ }
+
+ //check LegacyMode SLTemplates
+ if (form.isLegacy()) {
+ if (MiscUtil.isEmpty(form.getSLTemplateURL1()) &&
+ MiscUtil.isEmpty(form.getSLTemplateURL2()) &&
+ MiscUtil.isEmpty(form.getSLTemplateURL3()) ) {
+ log.info("Empty OA-specific SecurityLayer Templates");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request));
+
+ } else {
+ check = form.getSLTemplateURL1();
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
+ log.info("First OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request));
+ }
+ check = form.getSLTemplateURL2();
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
+ log.info("Second OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request));
+ }
+ check = form.getSLTemplateURL3();
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
+ log.info("Third OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request));
+ }
+ }
+ }
+ }
+
+ //check Mandate Profiles
+ check = form.getMandateProfiles();
+ if (MiscUtil.isNotEmpty(check)) {
+
+ if (!form.isUseMandates()) {
+ log.info("MandateProfiles configured but useMandates is false.");
+ errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request));
+ }
+
+ if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ log.warn("MandateProfiles contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+ }
+ }
+
+ return errors;
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 19:23:27 +0000