diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation')
13 files changed, 270 insertions, 668 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java index ae7ee3c8e..c9a174813 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java deleted file mode 100644 index 6d7032f9d..000000000 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java +++ /dev/null @@ -1,104 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.configuration.validation; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import at.gv.egovernment.moa.util.MiscUtil; - - -public class TargetValidator { - - private static Map<String, String> targetList = null; - - static { - targetList = new HashMap<String, String>(); - targetList.put("AR", "Arbeit"); - targetList.put("AS", "Amtliche Statistik"); - targetList.put("BF", "Bildung und Forschung"); - targetList.put("BW", "Bauen und Wohnen"); - targetList.put("EA", "EU und Auswärtige Angelegenheiten"); - targetList.put("EF", "Ein- und Ausfuhr"); - targetList.put("GH", "Gesundheit"); - targetList.put("GS", "Gesellschaft und Soziales"); -// targetList.put("GS-RE", "Restitution"); - targetList.put("JR", "Justiz/Zivilrechtswesen"); - targetList.put("KL", "Kultus"); - targetList.put("KU", "Kunst und Kultur"); - targetList.put("LF", "Land- und Forstwirtschaft"); - targetList.put("LV", "Landesverteidigung"); - targetList.put("RT", "Rundfunk und sonstige Medien sowie Telekommunikation"); - targetList.put("SA", "Steuern und Abgaben"); - targetList.put("SA", "Sport und Freizeit"); - targetList.put("SO", "Sicherheit und Ordnung"); -// targetList.put("SO-VR", "Vereinsregister"); -// targetList.put("SR-RG", "Strafregister"); - targetList.put("SV", "Sozialversicherung"); - targetList.put("UW", "Umwelt"); - targetList.put("VT", "Verkehr und Technik"); - targetList.put("VV", "Vermögensverwaltung"); - targetList.put("WT", "Wirtschaft"); - targetList.put("ZP", "Personenidentität und Bürgerrechte(zur Person)"); - targetList.put("BR", "Bereichsübergreifender Rechtsschutz"); - targetList.put("HR", "Zentrales Rechnungswesen"); - targetList.put("KI", "Auftraggeberinterne allgemeine Kanzleiindizes"); - targetList.put("OI", "Öffentlichkeitsarbeit"); - targetList.put("PV", "Personalverwaltung"); - targetList.put("RD", "Zentraler Rechtsdienst"); - targetList.put("VS", "Zentrale Durchführung von Verwaltungsstrafverfahren"); -// targetList.put("VS-RG", "Zentrales Verwaltungsstrafregister"); - targetList.put("ZU", "Zustellungen"); - } - - public static List<String> getListOfTargets() { - Map<String, String> list = new HashMap<String, String>(); - list.put("", ""); - list.putAll(targetList); - - List<String> sortedList = new ArrayList<String>(); - sortedList.addAll(list.keySet()); - Collections.sort(sortedList); - - return sortedList; - - } - - public static String getTargetFriendlyName(String target) { - String name = targetList.get(target); - - if (MiscUtil.isNotEmpty(name)) - return name; - else - return null; - } - - public static boolean isValidTarget(String target) { - return targetList.containsKey(target); - } - - -} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java index 3ed0157da..662694ce7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -31,6 +31,7 @@ import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java deleted file mode 100644 index 3749975df..000000000 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java +++ /dev/null @@ -1,384 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.configuration.validation; - -import iaik.asn1.ObjectID; -import iaik.utils.Util; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; - -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URL; -import java.net.UnknownHostException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; - -import org.apache.log4j.Logger; - -public class ValidationHelper { - - private static final Logger log = Logger.getLogger(ValidationHelper.class); - - private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy"; - - - public static boolean isPublicServiceAllowed(String identifier) { - - SSLSocket socket = null; - - try { - URL url = new URL(identifier); - String host = url.getHost(); - - if (host.endsWith("/")) - host = host.substring(0, host.length()-1); - - if (url.getHost().endsWith(at.gv.egovernment.moa.id.configuration.Constants.PUBLICSERVICE_URL_POSTFIX)) { - log.debug("PublicURLPrefix with .gv.at Domain found."); - return true; - - } else { - SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory(); - socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort()); - socket.startHandshake(); - - SSLSession session = socket.getSession(); - Certificate[] servercerts = session.getPeerCertificates(); - X509Certificate[] iaikChain = new X509Certificate[servercerts.length]; - for (int i=0; i<servercerts.length; i++) { - iaikChain[i] = new X509Certificate(servercerts[i].getEncoded()); - } - - - X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0]; - - if (cert != null) { - ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft - ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft - - - if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) { - return false; - - } else { - log.info("Found correct X509 Extension in server certificate. PublicService is allowed"); - return true; - } - } - - return false; - } - - } catch (MalformedURLException e) { - log.warn("PublicURLPrefix can not parsed to URL", e); - return false; - - } catch (UnknownHostException e) { - log.warn("Can not connect to PublicURLPrefix Server", e); - return false; - - } catch (IOException e) { - log.warn("Can not connect to PublicURLPrefix Server", e); - return false; - - } catch (CertificateEncodingException e) { - log.warn("Can not parse X509 server certificate", e); - return false; - - } catch (CertificateException e) { - log.warn("Can not read X509 server certificate", e); - return false; - - } catch (X509ExtensionInitException e) { - log.warn("Can not read X509 server certificate extension", e); - return false; - } - - finally { - if (socket != null) - try { - socket.close(); - } catch (IOException e) { - log.warn("SSL Socket can not be closed.", e); - } - } - } - - public static boolean validateOAID(String oaIDObj) { - if (oaIDObj != null) { - try { - - long oaID = Long.valueOf(oaIDObj); - - if (oaID > 0 && oaID < Long.MAX_VALUE) - return true; - - } catch (Throwable t) { - log.warn("No valid DataBase OAID received! " + oaIDObj); - } - } - return false; - } - - public static boolean validateNumber(String value) { - - log.debug("Validate Number " + value); - - try { - Float.valueOf(value); - - return true; - - } catch (NumberFormatException e) { - return false; - } - - - } - - public static boolean validatePhoneNumber(String value) { - log.debug ("Validate PhoneNumber " + value); - - /* ************************************************************************************************ - * Legende: - * ======== AA = post/pre-Text - * BB = (+49) - * CC = Vorwahl - * DD = Durchwahl - * EE = Nebenstelle - * Pattern p = Pattern.compile("^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]* [0-9][ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $"); - * ------- AA ------- --------------------- BB --------------------- --------- CC -------- - DD - - EE - ------- AA ------- - * ************************************************************************************************ */ - Pattern pattern = Pattern.compile("^[a-zA-Z .,;:/\\-]*[ ]*[(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1}[ ]*[0-9]*[ ]*[0-9]*[ ]*[0-9]*[ ]*[a-zA-Z .,;:\\/-]*$"); - Matcher matcher = pattern.matcher(value); - boolean b = matcher.matches(); - if (b) { - log.debug("Parameter PhoneNumber erfolgreich ueberprueft"); - return true; - } - else { - log.error("Fehler Ueberpruefung Parameter PhoneNumber. PhoneNumber entspricht nicht den Kriterien ^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]*[/\\-]{0,1} [ ]*[ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $"); - return false; - } - - - } - - public static boolean validateURL(String urlString) { - - log.debug("Validate URL " + urlString); - - if (urlString.startsWith("http") || urlString.startsWith("https")) { - try { - new URL(urlString); - return true; - - } catch (MalformedURLException e) { - } - } - - return false; - } - -// public static boolean validateGeneralURL(String urlString) { -// -// log.debug("Validate URL " + urlString); -// -// try { -// new URL(urlString); -// return true; -// -// } catch (MalformedURLException e) { -// -// } -// -// return false; -// } - - public static boolean isValidAdminTarget(String target) { - - log.debug("Ueberpruefe Parameter Target"); - - Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}"); - Matcher matcher = pattern.matcher(target); - boolean b = matcher.matches(); - if (b) { - log.debug("Parameter SSO-Target erfolgreich ueberprueft. SSO Target is PublicService."); - return true; - } - else { - log.info("Parameter SSO-Target entspricht nicht den Kriterien " + - "(nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang) fuer den oeffentlichen Bereich. " + - "Valiere SSO-Target fuer privatwirtschaftliche Bereiche."); - return false; - } - } - - public static boolean isValidTarget(String target) { - - log.debug("Ueberpruefe Parameter Target"); - - if (TargetValidator.isValidTarget(target)) { - log.debug("Parameter Target erfolgreich ueberprueft"); - return true; - } - else { - log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); - return false; - } - - } - - public static boolean isValidSourceID(String sourceID) { - - log.debug("Ueberpruefe Parameter sourceID"); - - Pattern pattern = Pattern.compile("[\\w-_]{1,20}"); - Matcher matcher = pattern.matcher(sourceID); - boolean b = matcher.matches(); - if (b) { - log.debug("Parameter sourceID erfolgreich ueberprueft"); - return true; - } - else { - log.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)"); - return false; - } - } - - public static boolean isDateFormat(String dateString) { - if (dateString.length() > TEMPLATE_DATEFORMAT.length()) - return false; - - SimpleDateFormat sdf = new SimpleDateFormat(TEMPLATE_DATEFORMAT); - try { - sdf.parse(dateString); - return true; - - } catch (ParseException e) { - return false; - } - } - - public static boolean isEmailAddressFormat(String address) { - if (address == null) { - return false; - } - return Pattern.compile("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,6}$").matcher(address).matches(); - } - - public static boolean isValidOAIdentifier(String param) { - if (param == null) { - return false; - } - return param.indexOf(";") != -1 || - param.indexOf("%") != -1 || - param.indexOf("\"") != -1 || - param.indexOf("'") != -1 || - param.indexOf("?") != -1 || - param.indexOf("`") != -1 || - param.indexOf(",") != -1 || - param.indexOf("<") != -1 || - param.indexOf(">") != -1 || - param.indexOf("\\") != -1; - - } - - public static String getNotValidOAIdentifierCharacters() { - - return "; % \" ' ` , < > \\"; - } - - public static boolean containsPotentialCSSCharacter(String param, boolean commaallowed) { - - if (param == null) { - return false; - } - return param.indexOf(";") != -1 || - param.indexOf("%") != -1 || - param.indexOf("\"") != -1 || - param.indexOf("'") != -1 || - param.indexOf("?") != -1 || - param.indexOf("`") != -1 || - ( param.indexOf(",") != -1 && !commaallowed ) || - param.indexOf("<") != -1 || - param.indexOf(">") != -1 || - param.indexOf("\\") != -1 || - param.indexOf("/") != -1; - } - - public static String getPotentialCSSCharacter(boolean commaallowed) { - - if (commaallowed) - return "; % \" ' ` < > \\ /"; - else - return "; % \" ' ` , < > \\ /"; - } - - public static boolean isNotValidIdentityLinkSigner(String param) { - if (param == null) { - return false; - } - return param.indexOf(";") != -1 || - param.indexOf("%") != -1 || - param.indexOf("\"") != -1 || - param.indexOf("'") != -1 || - param.indexOf("?") != -1 || - param.indexOf("`") != -1 || - param.indexOf("<") != -1 || - param.indexOf(">") != -1; - - } - - public static String getNotValidIdentityLinkSignerCharacters() { - - return "; % \" ' ` < >"; - } - - public static boolean isValidHexValue(String param) { - - try { - if (param.startsWith("#") && param.length() <= 7) { - Long.decode(param); - return true; - } - - } catch (Exception e) { - - } - return false; - - } - -} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index cfa00f0e1..c64ae35d3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -34,13 +34,13 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.StringHelper; import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java index f7adc1a67..e4a091c7e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java @@ -30,9 +30,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index a63b3a7b1..8bc916e5a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -9,9 +9,9 @@ import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; public class StorkConfigValidator { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index 7b68f04d8..0bbf2116d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -30,33 +30,21 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; -import at.gv.egovernment.moa.id.configuration.Constants; -import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; -public class OAGeneralConfigValidation { +public class OAAuthenticationDataValidation { private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - public List<String> validate(OAGeneralConfig form, boolean isAdmin, HttpServletRequest request) { + public List<String> validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); String check; - if (isAdmin) { - //validate aditionalAuthBlockText - check = form.getAditionalAuthBlockText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - } - } + //Check BKU URLs if (isAdmin) { @@ -97,19 +85,6 @@ public class OAGeneralConfigValidation { } } - //check OA FriendlyName - check = form.getFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("OAFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - } else { - log.info("OA friendlyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); - } - if (isAdmin) { //check KeyBoxIdentifier check = form.getKeyBoxIdentifier(); @@ -170,114 +145,7 @@ public class OAGeneralConfigValidation { new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); } } - - - - boolean businessservice = form.isBusinessService(); - - if (businessservice) { - - //check identification type - check = form.getIdentificationType(); - if (!form.getIdentificationTypeList().contains(check)) { - log.info("IdentificationType is not known."); - errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); - } - - //check identification number - check = form.getIdentificationNumber(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty IdentificationNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); - - } else { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - - if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { - CompanyNumberValidator val = new CompanyNumberValidator(); - if (!val.validate(check)) { - log.info("Not valid CompanyNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request)); - } - } - } - - } else { - - check = form.getTarget_subsector(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target-Subsector"); - errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); - } - } - - - if (!isAdmin) { - //check PublicURL Prefix allows PublicService - if (!ValidationHelper.isPublicServiceAllowed(form.getIdentifier())) { - log.warn("PublicURLPrefix does not allow PublicService: " + form.getIdentifier()); - errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", - new Object[] {form.getIdentifier()}, request )); - form.setBusinessService(true); - return errors; - - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - - } else { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - } else { - //check targetFrindlyName(); - check = form.getTargetFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("TargetFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - } - - if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - //check Admin Target - check = form.getTarget_admin(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); - } - } - } - } - return errors; } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java index bee2ba06c..de32d31c7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java @@ -36,9 +36,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.io.IOUtils; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index b26f2d9d5..62fc83ab9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -22,31 +22,68 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.oa; +import iaik.x509.X509Certificate; + import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; +import java.util.Timer; +import javax.net.ssl.SSLHandshakeException; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.httpclient.MOAHttpClient; import org.apache.log4j.Logger; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.x509.BasicX509Credential; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class OAPVP2ConfigValidation { private static final Logger log = Logger.getLogger(OAPVP2ConfigValidation.class); - public List<String> validate(OAPVP2Config form, HttpServletRequest request) { + public List<String> validate(OAPVP2Config form, String oaID, HttpServletRequest request) { + + Timer timer = null; + MOAHttpClient httpClient = null; + HTTPMetadataProvider httpProvider = null; List<String> errors = new ArrayList<String>(); try { - byte[] metadata = null; -// byte[] cert = null; + byte[] certSerialized = null; + if (form.getFileUpload() != null) + certSerialized = form.getCertificate(); + else { + OnlineApplication oa = ConfigurationDBRead.getOnlineApplication(oaID); + if (oa != null && + oa.getAuthComponentOA() != null && + oa.getAuthComponentOA().getOAPVP2() != null) { + certSerialized = oa.getAuthComponentOA().getOAPVP2().getCertificate(); + } + } + + if (certSerialized == null) { + log.info("No certificate for metadata validation"); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); + } + String check = form.getMetaDataURL(); if (MiscUtil.isNotEmpty(check)) { @@ -55,37 +92,48 @@ public class OAPVP2ConfigValidation { errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); } else { - metadata = FileUtils.readURL(check); - if (MiscUtil.isEmpty(metadata)) { - log.info("Filecontent can not be read form MetaDataURL."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); + + if (certSerialized != null) { + X509Certificate cert = new X509Certificate(certSerialized); + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); + + timer = new Timer(); + httpClient = new MOAHttpClient(); + + if (form.getMetaDataURL().startsWith("https:")) + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + ChainingModeType.PKIX, + true); + + httpClient.setCustomSSLTrustStore( + form.getMetaDataURL(), + protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } catch (ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore."); + + } + + httpProvider = + new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + MetadataFilter filter = new MetaDataVerificationFilter(credential); + httpProvider.setMetadataFilter(filter); + httpProvider.initialize(); } } } - - if (form.getFileUpload() != null) - form.getCertificate(); - -// else { -// if (metadata != null) { -// log.info("No certificate to verify the Metadata defined."); -// errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")); -// } -// } - -// if (cert != null && metadata != null) { -// HTTPMetadataProvider httpProvider = new HTTPMetadataProvider( -// check, 20000); -// httpProvider.setParserPool(new BasicParserPool()); -// httpProvider.setRequireValidMetadata(true); -// MetadataFilter filter = new MetadataSignatureFilter( -// check, cert); -// httpProvider.setMetadataFilter(filter); -// httpProvider.initialize(); -// -// } - - + } catch (CertificateException e) { log.info("Uploaded Certificate can not be found", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); @@ -94,9 +142,24 @@ public class OAPVP2ConfigValidation { log.info("Metadata can not be loaded from URL", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); -// } catch (MetadataProviderException e) { -// log.info("MetaDate verification failed"); -// errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify")); + } catch (MetadataProviderException e) { + + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + + } else { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request)); + } + + } finally { + if (httpProvider != null) + httpProvider.destroy(); + + if (timer != null) + timer.cancel(); + } return errors; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java index 6de966b8d..971e11cc4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java @@ -29,9 +29,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; public class OASSOConfigValidation { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 7bdcb65cf..60209542b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; +import java.util.Iterator; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -30,9 +31,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; public class OASTORKConfigValidation { @@ -52,7 +53,9 @@ public class OASTORKConfigValidation { } if (oageneral.isVidpEnabled()) { - for(AttributeProviderPlugin current : oageneral.getAttributeProviderPlugins()) { + Iterator<AttributeProviderPlugin> interator = oageneral.getAttributeProviderPlugins().iterator(); + while (interator.hasNext()) { + AttributeProviderPlugin current = interator.next(); if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { log.info("AttributeProviderPlugin URL has no valid form."); errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request)); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java new file mode 100644 index 000000000..650553ab3 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java @@ -0,0 +1,154 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.validation.oa; + +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +public class OATargetConfigValidation { + + private static final Logger log = Logger.getLogger(OATargetConfigValidation.class); + + public List<String> validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general, HttpServletRequest request) { + + List<String> errors = new ArrayList<String>(); + String check; + + if (general.isBusinessService()) { + + //check identification type + check = form.getIdentificationType(); + if (!form.getIdentificationTypeList().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); + } + + //check identification number + check = form.getIdentificationNumber(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty IdentificationNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + + if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { + CompanyNumberValidator val = new CompanyNumberValidator(); + if (!val.validate(check)) { + log.info("Not valid CompanyNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request)); + } + } + } + + } else { + + check = form.getTarget_subsector(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); + } + } + + + if (!isAdmin) { + //check PublicURL Prefix allows PublicService + if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) { + log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier()); + errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] {general.getIdentifier()}, request )); + general.setBusinessService(true); + return errors; + + } + + //check Target + check = form.getTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + + } else { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + } else { + + //check targetFrindlyName(); + check = form.getTargetFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + } + + if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + } + + //check Target + check = form.getTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + //check Admin Target + check = form.getTarget_admin(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); + } + } + } + } + + return errors; + } +} |