aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java24
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java64
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java50
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java245
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java288
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java60
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java372
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java5
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java28
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java82
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java169
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java37
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java53
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java254
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java54
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java413
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java143
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java612
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java61
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java15
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java106
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java369
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java82
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java71
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java10
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java84
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java166
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java124
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java277
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java62
33 files changed, 3928 insertions, 464 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
index d088edf34..47e6e83d5 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
@@ -1,29 +1,49 @@
package at.gv.egovernment.moa.id.configuration;
public class Constants {
+ public static final String FILEPREFIX = "file:";
+
+ public static final String SERVLET_PVP2ASSERTION = "pvp2login.action";
+ public static final String SERVLET_ACCOUNTVERIFICATION = "mailAddressVerification.action";
+
public static final String STRUTS_SUCCESS = "success";
public static final String STRUTS_ERROR = "error";
public static final String STRUTS_ERROR_VALIDATION = "error_validation";
public static final String STRUTS_OA_EDIT = "editOA";
public static final String STRUTS_REAUTHENTICATE = "reauthentication";
public static final String STRUTS_NOTALLOWED = "notallowed";
+ public static final String STRUTS_NEWUSER = "newuser";
+ public static final String STRUTS_SSOLOGOUT = "ssologout";
public static final String SESSION_AUTH = "authsession";
public static final String SESSION_AUTH_ERROR = "authsessionerror";
public static final String SESSION_OAID = "oadbidentifier";
+ public static final String SESSION_FORMID = "formId";
+ public static final String SESSION_FORM = "form";
+ public static final String SESSION_PVP2REQUESTID = "pvp2requestid";
+ public static final String SESSION_RETURNAREA = "returnarea";
+
+ public static enum STRUTS_RETURNAREA_VALUES {adminRequestsInit, main, usermanagementInit};
public static final String REQUEST_OAID = "oaid";
+ public static final String REQUEST_USERREQUESTTOKKEN = "tokken";
public static final String BKU_ONLINE = "bkuonline";
public static final String BKU_LOCAL = "bkulocal";
public static final String BKU_HANDY = "bkuhandy";
-
public static final String MOA_CONFIG_BUSINESSSERVICE = "businessService";
-
public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1";
public static final String MOA_CONFIG_PROTOCOL_PVP2 = "id_pvp2x";
public static final String DEFAULT_LOCALBKU_URL = "https://127.0.0.1:3496/https-security-layer-request";
public static final String DEFAULT_HANDYBKU_URL = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx";
+
+ public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at";
+
+ public static final String IDENIFICATIONTYPE_FN = "FN";
+ public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
+ public static final String IDENIFICATIONTYPE_ZVR = "ZVR";
+
+ public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
index 8f75a357c..009a13f4b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
@@ -2,14 +2,19 @@ package at.gv.egovernment.moa.id.configuration.auth;
import java.util.Date;
+import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
+
public class AuthenticatedUser {
private boolean isAuthenticated = false;
private boolean isAdmin = false;
+ private boolean isPVP2Login = false;
+ private boolean isMandateUser = false;
private long userID;
private String givenName;
private String familyName;
+ private String institute;
private String userName;
private Date lastLogin;
@@ -17,18 +22,26 @@ public class AuthenticatedUser {
}
- public AuthenticatedUser(long userID, String givenName, String familyName, String userName,
- boolean isAuthenticated, boolean isAdmin) {
+ public AuthenticatedUser(long userID, String givenName, String familyName, String institute,
+ String userName, boolean isAuthenticated, boolean isAdmin, boolean isMandateUser,
+ boolean isPVP2Login) {
this.familyName = familyName;
this.givenName = givenName;
this.userName = userName;
this.userID = userID;
+ this.institute = institute;
this.isAdmin = isAdmin;
this.isAuthenticated = isAuthenticated;
+ this.isMandateUser = isMandateUser;
+ this.isPVP2Login = isPVP2Login;
this.lastLogin = new Date();
}
+ public String getFormatedLastLogin() {
+ return DateTimeHelper.getDateTime(lastLogin);
+ }
+
/**
* @return the isAuthenticated
*/
@@ -105,7 +118,7 @@ public class AuthenticatedUser {
public Date getLastLogin() {
return lastLogin;
}
-
+
/**
* @param lastLogin the lastLogin to set
*/
@@ -126,8 +139,49 @@ public class AuthenticatedUser {
public void setUserName(String userName) {
this.userName = userName;
}
+
+ /**
+ * @return the institute
+ */
+ public String getInstitute() {
+ return institute;
+ }
+
+ /**
+ * @param institute the institute to set
+ */
+ public void setInstitute(String institute) {
+ this.institute = institute;
+ }
+
+ /**
+ * @return the isPVP2Login
+ */
+ public boolean isPVP2Login() {
+ return isPVP2Login;
+ }
+
+ /**
+ * @param isPVP2Login the isPVP2Login to set
+ */
+ public void setPVP2Login(boolean isPVP2Login) {
+ this.isPVP2Login = isPVP2Login;
+ }
+
+ /**
+ * @return the isMandateUser
+ */
+ public boolean isMandateUser() {
+ return isMandateUser;
+ }
+
+ /**
+ * @param isMandateUser the isMandateUser to set
+ */
+ public void setMandateUser(boolean isMandateUser) {
+ this.isMandateUser = isMandateUser;
+ }
-
-
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
new file mode 100644
index 000000000..199e89d7c
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.configuration.auth.pvp2;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
+public class AttributeListBuilder implements PVPConstants{
+
+ protected static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
+ RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
+ attribute.setIsRequired(required);
+ attribute.setName(name);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ return attribute;
+ }
+
+ public static List<RequestedAttribute> getRequestedAttributes() {
+ List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
+
+ requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(BPK_NAME, BPK_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
+
+ requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
+
+ requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+
+ requestedAttributes.add(buildReqAttribute(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
+ return requestedAttributes;
+ }
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java
new file mode 100644
index 000000000..ed496ae16
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java
@@ -0,0 +1,245 @@
+package at.gv.egovernment.moa.id.configuration.auth.pvp2;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.security.MetadataCredentialResolverFactory;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.credential.BasicCredential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.iaik.commons.util.ConfigException;
+
+
+/**
+ * Servlet implementation class Authenticate
+ */
+public class Authenticate extends HttpServlet {
+ private static final long serialVersionUID = 1L;
+
+ private static final Logger log = LoggerFactory
+ .getLogger(Authenticate.class);
+ /**
+ * @see HttpServlet#HttpServlet()
+ */
+ public Authenticate() {
+ super();
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ try {
+ builder = factory.newDocumentBuilder();
+ } catch (ParserConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ DocumentBuilder builder;
+
+ public Document asDOMDocument(XMLObject object) throws IOException,
+ MarshallingException, TransformerException {
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
+ object);
+ out.marshall(object, document);
+ return document;
+ }
+
+ protected void process(HttpServletRequest request,
+ HttpServletResponse response, Map<String,String> legacyParameter) throws ServletException, IOException {
+ try {
+
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ config.initializePVP2Login();
+
+ AuthnRequest authReq = SAML2Utils
+ .createSAMLObject(AuthnRequest.class);
+ SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ authReq.setID(gen.generateIdentifier());
+
+ HttpSession session = request.getSession();
+ if (session != null) {
+ session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID());
+ }
+
+ authReq.setAssertionConsumerServiceIndex(0);
+ authReq.setAttributeConsumingServiceIndex(0);
+ authReq.setIssueInstant(new DateTime());
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ NameID name = SAML2Utils.createSAMLObject(NameID.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/"))
+ serviceURL = serviceURL + "/";
+ name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
+
+ subject.setNameID(name);
+ authReq.setSubject(subject);
+ issuer.setFormat(NameIDType.ENTITY);
+ authReq.setIssuer(issuer);
+ NameIDPolicy policy = SAML2Utils
+ .createSAMLObject(NameIDPolicy.class);
+ policy.setAllowCreate(true);
+ policy.setFormat(NameID.PERSISTENT);
+ authReq.setNameIDPolicy(policy);
+
+ String entityname = config.getPVP2IDPMetadataEntityName();
+ if (MiscUtil.isEmpty(entityname)) {
+ log.info("No IDP EntityName configurated");
+ throw new ConfigurationException("No IDP EntityName configurated");
+ }
+
+ HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
+ EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
+ if (idpEntity == null) {
+ log.info("IDP EntityName is not found in IDP Metadata");
+ throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
+ }
+
+ SingleSignOnService redirectEndpoint = null;
+ for (SingleSignOnService sss :
+ idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
+
+ if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { //Get the service address for the binding you wish to use
+ redirectEndpoint = sss;
+ }
+ }
+
+ authReq.setDestination(redirectEndpoint.getLocation());
+
+ RequestedAuthnContext reqAuthContext =
+ SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
+
+ AuthnContextClassRef authnClassRef =
+ SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+
+ authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+
+ reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
+
+ reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+
+ authReq.setRequestedAuthnContext(reqAuthContext);
+
+ KeyStore keyStore = config.getPVP2KeyStore();
+
+ X509Credential authcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestKeyAlias(),
+ config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
+
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(authcredential);
+
+ authReq.setSignature(signer);
+
+ VelocityEngine engine = new VelocityEngine();
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ engine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+ engine.init();
+
+ HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+ "templates/pvp_postbinding_template.html");
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ response, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ service.setLocation(redirectEndpoint.getLocation());;
+
+ context.setOutboundSAMLMessageSigningCredential(authcredential);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(authReq);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+
+ } catch (Exception e) {
+ log.warn("Authentication Request can not be generated", e);
+ throw new ServletException("Authentication Request can not be generated.", e);
+ }
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ process(request, response, null);
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ process(request, response, null);
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
new file mode 100644
index 000000000..fa02443dc
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
@@ -0,0 +1,288 @@
+package at.gv.egovernment.moa.id.configuration.auth.pvp2;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.log4j.Logger;
+import org.opensaml.Configuration;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.ServiceName;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.Signer;
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * Servlet implementation class BuildMetadata
+ */
+public class BuildMetadata extends HttpServlet {
+ private static final long serialVersionUID = 1L;
+
+ private static final Logger log = Logger.getLogger(BuildMetadata.class);
+
+ /**
+ * @see HttpServlet#HttpServlet()
+ */
+ public BuildMetadata() {
+ super();
+ }
+
+ protected static Signature getSignature(Credential credentials) {
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(credentials);
+ return signer;
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ try {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+
+ //config.initializePVP2Login();
+
+ SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator();
+
+ EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.
+ createSAMLObject(EntitiesDescriptor.class);
+
+ String name = config.getPVP2MetadataEntitiesName();
+ if (MiscUtil.isEmpty(name)) {
+ log.info("NO Metadata EntitiesName configurated");
+ throw new ConfigurationException("NO Metadata EntitiesName configurated");
+ }
+
+ spEntitiesDescriptor.setName(name);
+ spEntitiesDescriptor.setID(idGen.generateIdentifier());
+
+ EntityDescriptor spEntityDescriptor = SAML2Utils
+ .createSAMLObject(EntityDescriptor.class);
+
+ spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/"))
+ serviceURL = serviceURL + "/";
+
+ log.debug("Set OnlineApplicationURL to " + serviceURL);
+ spEntityDescriptor.setEntityID(serviceURL);
+
+ SPSSODescriptor spSSODescriptor = SAML2Utils
+ .createSAMLObject(SPSSODescriptor.class);
+
+ spSSODescriptor.setAuthnRequestsSigned(true);
+ spSSODescriptor.setWantAssertionsSigned(true);
+
+ X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory();
+ keyInfoFactory.setEmitEntityCertificate(true);
+ KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
+
+ KeyStore keyStore = config.getPVP2KeyStore();
+
+ X509Credential signingcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreMetadataKeyAlias(),
+ config.getPVP2KeystoreMetadataKeyPassword().toCharArray());
+
+
+ log.debug("Set Metadata key information");
+ //Set MetaData Signing key
+ KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ entitiesSignKeyDescriptor.setUse(UsageType.SIGNING);
+ entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential));
+ Signature entitiesSignature = getSignature(signingcredential);
+
+ X509Credential authcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestKeyAlias(),
+ config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
+
+
+ //Set AuthRequest Signing certificate
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
+ spEntitiesDescriptor.setSignature(entitiesSignature);
+ spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistentnameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat);
+
+ NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientnameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ spSSODescriptor.getNameIDFormats().add(transientnameIDFormat);
+
+ NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat);
+
+ AssertionConsumerService postassertionConsumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+
+ postassertionConsumerService.setIndex(0);
+ postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION);
+
+ spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
+
+ spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
+
+ spSSODescriptor.setWantAssertionsSigned(true);
+ spSSODescriptor.setAuthnRequestsSigned(true);
+ AttributeConsumingService attributeService =
+ SAML2Utils.createSAMLObject(AttributeConsumingService.class);
+
+ attributeService.setIndex(0);
+ attributeService.setIsDefault(true);
+ ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
+ serviceName.setName(new LocalizedString("Default Service", "de"));
+ attributeService.getNames().add(serviceName);
+
+ attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes());
+
+ spSSODescriptor.getAttributeConsumingServices().add(attributeService);
+
+ DocumentBuilder builder;
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+
+ builder = factory.newDocumentBuilder();
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor);
+ out.marshall(spEntitiesDescriptor, document);
+
+ Signer.signObject(entitiesSignature);
+
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
+
+ StringWriter sw = new StringWriter();
+ StreamResult sr = new StreamResult(sw);
+ DOMSource source = new DOMSource(document);
+ transformer.transform(source, sr);
+ sw.close();
+
+ String metadataXML = sw.toString();
+
+ response.setContentType("text/xml");
+ response.getOutputStream().write(metadataXML.getBytes());
+
+ response.getOutputStream().close();
+
+ } catch (ConfigurationException e) {
+ log.warn("Configuration can not be loaded.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (NoSuchAlgorithmException e) {
+ log.warn("Requested Algorithm could not found.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (KeyStoreException e) {
+ log.warn("Requested KeyStoreType is not implemented.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (CertificateException e) {
+ log.warn("KeyStore can not be opend or userd.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (SecurityException e) {
+ log.warn("KeyStore can not be opend or used", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (ParserConfigurationException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (MarshallingException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (SignatureException e) {
+ log.warn("PVP2 Metadata can not be signed", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (TransformerConfigurationException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (TransformerFactoryConfigurationError e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (TransformerException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+ }
+
+ catch (Exception e) {
+ log.warn("Unspecific PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+ }
+
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
new file mode 100644
index 000000000..d08354c43
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.configuration.auth.pvp2;
+
+import java.util.Iterator;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
+
+public class MetaDataVerificationFilter implements MetadataFilter {
+
+ BasicX509Credential credential;
+
+ public MetaDataVerificationFilter(BasicX509Credential credential) {
+ this.credential = credential;
+ }
+
+
+ public void doFilter(XMLObject metadata) throws FilterException {
+ if (metadata instanceof EntitiesDescriptor) {
+ EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
+
+ if(entitiesDescriptor.getSignature() == null) {
+ throw new FilterException("Root element of metadata file has to be signed", null);
+ }
+ try {
+ processEntitiesDescriptor(entitiesDescriptor);
+
+ } catch (MOAIDException e) {
+ throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+ }
+ }
+ }
+
+ private void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
+ Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
+
+ if(desc.getSignature() != null) {
+ EntityVerifier.verify(desc, this.credential);
+ }
+
+ while(entID.hasNext()) {
+ processEntitiesDescriptor(entID.next());
+ }
+
+ Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+
+ while(entIT.hasNext()) {
+ EntityDescriptor entity = entIT.next();
+ if (entity.getSignature() != null)
+ EntityVerifier.verify(entity);
+ }
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index aeadbd0bb..f08632d83 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -1,24 +1,55 @@
package at.gv.egovernment.moa.id.configuration.config;
+import iaik.x509.X509Certificate;
+
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
import java.util.Properties;
+import java.util.Timer;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.log4j.Logger;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
-import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
+import at.gv.egovernment.moa.util.MiscUtil;
public class ConfigurationProvider {
+ private static final Logger log = Logger.getLogger(ConfigurationProvider.class);
+
private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig";
private static ConfigurationProvider instance;
private Properties props;
private String configFileName;
+ private String configRootDir;
+
+ private HTTPMetadataProvider idpMetadataProvider = null;
+ private KeyStore keyStore = null;
+
+ private String publicURLPreFix = null;
+
+ private boolean pvp2logininitialzied = false;
public static ConfigurationProvider getInstance() throws ConfigurationException {
if (instance == null) {
@@ -39,10 +70,14 @@ public class ConfigurationProvider {
if (configFileName == null) {
throw new ConfigurationException("config.01");
}
- Logger.info("Loading MOA-ID-AUTH configuration " + configFileName);
+
+ // determine the directory of the root config file
+ configRootDir = new File(configFileName).getParent();
+
+ log.info("Loading MOA-ID-AUTH configuration " + configFileName);
//Initial Hibernate Framework
- Logger.trace("Initializing Hibernate framework.");
+ log.trace("Initializing Hibernate framework.");
//Load MOAID-2.0 properties file
File propertiesFile = new File(configFileName);
@@ -60,26 +95,349 @@ public class ConfigurationProvider {
//Initial config Database
ConfigurationDBUtils.initHibernate(props);
}
- Logger.trace("Hibernate initialization finished.");
+ log.trace("Hibernate initialization finished.");
+ DefaultBootstrap.bootstrap();
+ log.info("OPENSAML initialized");
+
+ //TODO: start CleanUP Thread
+ UserRequestCleaner.start();
-
+
} catch (FileNotFoundException e) {
throw new ConfigurationException("config.01", e);
+
} catch (IOException e) {
throw new ConfigurationException("config.02", e);
+
} catch (MOADatabaseException e) {
throw new ConfigurationException("config.03", e);
+
+ } catch (org.opensaml.xml.ConfigurationException e) {
+ throw new ConfigurationException("config.04", e);
}
}
+ public String getPublicUrlPreFix(HttpServletRequest request) {
+ publicURLPreFix = props.getProperty("general.publicURLContext");
+
+ if (MiscUtil.isEmpty(publicURLPreFix) && request != null) {
+ String url = request.getRequestURL().toString();
+ String contextpath = request.getContextPath();
+ int index = url.indexOf(contextpath);
+ publicURLPreFix = url.substring(0, index + contextpath.length() + 1);
+ }
+
+ return publicURLPreFix;
+ }
+
+ public int getUserRequestCleanUpDelay() {
+ String delay = props.getProperty("general.userrequests.cleanup.delay");
+ return Integer.getInteger(delay, 12);
+ }
+
+ public String getContactMailAddress() {
+ return props.getProperty("general.contact.mail");
+ }
+
+ public String getSSOLogOutURL() {
+ return props.getProperty("general.login.pvp2.idp.sso.logout.url");
+ }
+
+ public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
+ if (keyStore == null) {
+ String keystoretype = getPVP2MetadataKeystoreType();
+ if (MiscUtil.isEmpty(keystoretype)) {
+ log.debug("No KeyStoreType defined. Using default KeyStoreType.");
+ keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+
+ } else {
+ log.debug("Using " + keystoretype + " KeyStoreType.");
+ keyStore = KeyStore.getInstance(keystoretype);
+
+ }
+
+
+ String file = getPVP2MetadataKeystoreURL();
+ log.debug("Load KeyStore from URL " + file);
+ if (MiscUtil.isEmpty(file)) {
+ log.info("Metadata KeyStoreURL is empty");
+ throw new ConfigurationException("Metadata KeyStoreURL is empty");
+ }
+
+ FileInputStream inputStream = new FileInputStream(file);
+ keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray());
+ inputStream.close();
+ }
+
+ return keyStore;
+
+ }
+
+ public String getConfigFile() {
+ return configFileName;
+ }
+
+ public String getConfigRootDir() {
+ return configRootDir;
+ }
+
public boolean isLoginDeaktivated() {
String result = props.getProperty("general.login.deaktivate", "false");
return Boolean.parseBoolean(result);
}
- public String getConfigFile() {
- return configFileName;
+ public boolean isOATargetVerificationDeaktivated() {
+ String result = props.getProperty("general.OATargetVerification.deaktivate", "false");
+ return Boolean.parseBoolean(result);
+ }
+
+ //PVP2 Login configuration
+
+ public void initializePVP2Login() throws ConfigurationException {
+ if (!pvp2logininitialzied)
+ initalPVP2Login();
+ }
+
+ public boolean isPVP2LoginActive() {
+ if (!pvp2logininitialzied)
+ return false;
+
+ String result = props.getProperty("general.login.pvp2.isactive", "false");
+ return Boolean.parseBoolean(result);
+ }
+
+ public boolean isPVP2LoginBusinessService() {
+ String result = props.getProperty("general.login.pvp2.isbusinessservice", "false");
+ return Boolean.parseBoolean(result);
+ }
+
+ public String getPVP2LoginTarget() {
+ return props.getProperty("general.login.pvp2.target");
+ }
+
+ public String getPVP2LoginIdenificationValue() {
+ return props.getProperty("general.login.pvp2.identificationvalue");
+ }
+
+ public String getPVP2MetadataEntitiesName() {
+ return props.getProperty("general.login.pvp2.metadata.entities.name");
+ }
+
+ public String getPVP2MetadataKeystoreURL() {
+ return props.getProperty("general.login.pvp2.keystore.url");
+ }
+
+ public String getPVP2MetadataKeystorePassword() {
+ return props.getProperty("general.login.pvp2.keystore.password");
+ }
+
+ public String getPVP2MetadataKeystoreType() {
+ return props.getProperty("general.login.pvp2.keystore.type");
+ }
+
+ public String getPVP2KeystoreMetadataKeyAlias() {
+ return props.getProperty("general.login.pvp2.keystore.metadata.key.alias");
+ }
+
+ public String getPVP2KeystoreMetadataKeyPassword() {
+ return props.getProperty("general.login.pvp2.keystore.metadata.key.password");
+ }
+
+ public String getPVP2KeystoreAuthRequestKeyAlias() {
+ return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias");
+ }
+
+ public String getPVP2KeystoreAuthRequestKeyPassword() {
+ return props.getProperty("general.login.pvp2.keystore.authrequest.key.password");
+ }
+
+ public String getPVP2IDPMetadataURL() {
+ return props.getProperty("general.login.pvp2.idp.metadata.url");
+ }
+
+ public String getPVP2IDPMetadataCertificate() {
+ return props.getProperty("general.login.pvp2.idp.metadata.certificate");
+ }
+
+ public String getPVP2IDPMetadataEntityName() {
+ return props.getProperty("general.login.pvp2.idp.metadata.entityID");
+ }
+
+ public HTTPMetadataProvider getMetaDataProvier() {
+ return idpMetadataProvider;
+ }
+
+
+ //SMTP Server
+ public String getSMTPMailHost() {
+ return props.getProperty("general.mail.host");
+ }
+
+ public String getSMTPMailPort() {
+ return props.getProperty("general.mail.host.port");
+ }
+
+ public String getSMTPMailUsername() {
+ return props.getProperty("general.mail.host.username");
+ }
+
+ public String getSMTPMailPassword() {
+ return props.getProperty("general.mail.host.password");
+ }
+
+ //Mail Configuration
+ public String getMailFromName() {
+ return props.getProperty("general.mail.from.name");
+ }
+
+ public String getMailFromAddress() {
+ return props.getProperty("general.mail.from.address");
+ }
+
+ public String getMailUserAcountVerificationSubject() {
+ return props.getProperty("general.mail.useraccountrequest.verification.subject");
+ }
+
+ public String getMailUserAcountVerificationTemplate() throws ConfigurationException {
+ String url = props.getProperty("general.mail.useraccountrequest.verification.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ if (url.startsWith(Constants.FILEPREFIX))
+ return url;
+
+ else
+ return configRootDir + "/" + url;
+
+ } else {
+ log.warn("MailUserAcountVerificationTemplate is empty");
+ throw new ConfigurationException("MailUserAcountVerificationTemplate is empty");
+
+ }
+ }
+
+ public String getMailUserAcountActivationSubject() {
+ return props.getProperty("general.mail.useraccountrequest.isactive.subject");
+ }
+
+ public String getMailUserAcountActivationTemplate() throws ConfigurationException {
+ String url = props.getProperty("general.mail.useraccountrequest.isactive.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ if (url.startsWith(Constants.FILEPREFIX))
+ return url;
+
+ else
+ return configRootDir + "/" + url;
+
+ } else {
+ log.warn("MailUserAcountVerificationTemplate is empty");
+ throw new ConfigurationException("MailUserAcountActivationTemplate is empty");
+
+ }
+ }
+
+ public String getMailOAActivationSubject() {
+ return props.getProperty("general.mail.createOArequest.isactive.subject");
+ }
+
+ public String getMailOAActivationTemplate() throws ConfigurationException {
+ String url = props.getProperty("general.mail.createOArequest.isactive.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ if (url.startsWith(Constants.FILEPREFIX))
+ return url;
+
+ else
+ return configRootDir + "/" + url;
+
+ } else {
+ log.warn("MailOAActivationTemplate is empty");
+ throw new ConfigurationException("MailOAActivationTemplate is empty");
+
+ }
+ }
+
+ public String getMailUserAcountRevocationTemplate() throws ConfigurationException {
+ String url = props.getProperty("general.mail.useraccountrequest.rejected.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ if (url.startsWith(Constants.FILEPREFIX))
+ return url;
+
+ else
+ return configRootDir + "/" + url;
+
+ } else {
+ log.warn("MailUserAcountVerificationTemplate is empty");
+ throw new ConfigurationException("MailUserAcountRevocationTemplate is empty");
+
+ }
+ }
+
+ public String getMailAdminSubject() {
+ return props.getProperty("general.mail.admin.subject");
+ }
+
+ public String getMailAdminTemplate() throws ConfigurationException {
+ String url = props.getProperty("general.mail.admin.adresses.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ if (url.startsWith(Constants.FILEPREFIX))
+ return url;
+
+ else
+ return configRootDir + "/" + url;
+
+ } else {
+ log.warn("MailUserAcountVerificationTemplate is empty");
+ throw new ConfigurationException("MailAdminTemplate is empty");
+
+ }
+ }
+
+ public String getMailAdminAddress() {
+ return props.getProperty("general.mail.admin.adress");
+ }
+
+
+ private void initalPVP2Login() throws ConfigurationException {
+ try {
+
+ String metadataCert = getPVP2IDPMetadataCertificate();
+ if (MiscUtil.isEmpty(metadataCert)) {
+ log.info("NO IDP Certificate to verify IDP Metadata");
+ throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata");
+ }
+
+ InputStream certstream = new FileInputStream(metadataCert);
+ X509Certificate cert = new X509Certificate(certstream);
+ BasicX509Credential idpCredential = new BasicX509Credential();
+ idpCredential.setEntityCertificate(cert);
+
+ log.debug("IDP Certificate loading finished");
+
+ String metadataurl = getPVP2IDPMetadataURL();
+ if (MiscUtil.isEmpty(metadataurl)) {
+ log.info("NO IDP Metadata URL.");
+ throw new ConfigurationException("NO IDP Metadata URL.");
+ }
+
+ idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl);
+ idpMetadataProvider.setRequireValidMetadata(true);
+ idpMetadataProvider.setParserPool(new BasicParserPool());
+ idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential));
+ idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12 ); //refresh Metadata every 12h
+ idpMetadataProvider.initialize();
+
+ pvp2logininitialzied = true;
+
+ } catch (Exception e) {
+ log.warn("PVP2 authentification can not be initialized.");
+ throw new ConfigurationException("PVP2 authentification can not be initialized.", e);
+ }
+
+
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
new file mode 100644
index 000000000..d0b108e1e
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
@@ -0,0 +1,5 @@
+package at.gv.egovernment.moa.id.configuration.data;
+
+public class GeneralStorkConfig {
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java
new file mode 100644
index 000000000..b1857aea1
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.configuration.data;
+
+public class StorkAttributes {
+
+
+ public AttributValues eIdentifier;
+
+
+ public void parse() {
+ eIdentifier = AttributValues.MANDATORY;
+ }
+
+
+ public enum AttributValues {
+ MANDATORY, OPTIONAL, NOT;
+
+ public String getValue() {
+ if (this == MANDATORY)
+ return MANDATORY.name();
+ if (this == OPTIONAL)
+ return OPTIONAL.name();
+ else
+ return NOT.name();
+ }
+ }
+
+}
+
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
index 881cdf277..ab08b458a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
@@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.configuration.data;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.util.data.BPK;
public class UserDatabaseFrom {
@@ -18,10 +17,14 @@ public class UserDatabaseFrom {
private boolean active = false;
private boolean admin = false;
private boolean passwordActive;
+ private boolean isusernamepasswordallowed = false;
+ private boolean isadminrequest = true;
+ private boolean ismandateuser = false;
+ private boolean isPVPGenerated;
private String userID = null;
public UserDatabaseFrom() {
-
+
}
public UserDatabaseFrom(UserDatabase db) {
@@ -41,6 +44,26 @@ public class UserDatabaseFrom {
active = db.isIsActive();
admin = db.isIsAdmin();
+ if (db.isIsUsernamePasswordAllowed() != null)
+ isusernamepasswordallowed = db.isIsUsernamePasswordAllowed();
+ else
+ isusernamepasswordallowed = true;
+
+ if (db.isIsAdminRequest() != null)
+ isadminrequest = db.isIsAdminRequest();
+ else
+ isadminrequest = false;
+
+ if (db.isIsMandateUser() != null)
+ ismandateuser = db.isIsMandateUser();
+ else
+ ismandateuser = false;
+
+ if (db.isIsPVP2Generated() != null)
+ isPVPGenerated = db.isIsPVP2Generated();
+ else
+ isPVPGenerated = false;
+
userID = String.valueOf(db.getHjid());
}
@@ -247,7 +270,62 @@ public class UserDatabaseFrom {
public void setPassword_second(String password_second) {
this.password_second = password_second;
}
+
+ /**
+ * @return the isusernamepasswordallowed
+ */
+ public boolean isIsusernamepasswordallowed() {
+ return isusernamepasswordallowed;
+ }
+
+ /**
+ * @param isusernamepasswordallowed the isusernamepasswordallowed to set
+ */
+ public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) {
+ this.isusernamepasswordallowed = isusernamepasswordallowed;
+ }
+
+ /**
+ * @return the ismandateuser
+ */
+ public boolean isIsmandateuser() {
+ return ismandateuser;
+ }
+ /**
+ * @param ismandateuser the ismandateuser to set
+ */
+ public void setIsmandateuser(boolean ismandateuser) {
+ this.ismandateuser = ismandateuser;
+ }
+
+ /**
+ * @return the isadminrequest
+ */
+ public boolean isIsadminrequest() {
+ return isadminrequest;
+ }
+
+ /**
+ * @param isadminrequest the isadminrequest to set
+ */
+ public void setIsadminrequest(boolean isadminrequest) {
+ this.isadminrequest = isadminrequest;
+ }
+
+ /**
+ * @return the isPVPGenerated
+ */
+ public boolean isPVPGenerated() {
+ return isPVPGenerated;
+ }
+
+ /**
+ * @param isPVPGenerated the isPVPGenerated to set
+ */
+ public void setPVPGenerated(boolean isPVPGenerated) {
+ this.isPVPGenerated = isPVPGenerated;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
index 57ae4863a..2b4ea53c1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
@@ -1,9 +1,11 @@
package at.gv.egovernment.moa.id.configuration.data.oa;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
@@ -18,6 +20,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.validation.TargetValidator;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -35,19 +38,21 @@ public class OAGeneralConfig {
private boolean businessService = false;
private String target = null;
+ private String target_subsector = null;
+ private String target_admin = null;
+ private static List<String> targetList = null;
private String targetFriendlyName = null;
+ private boolean isAdminTarget = false;
private String identificationNumber = null;
private String identificationType = null;
+ private static List<String> identificationTypeList = null;
private String aditionalAuthBlockText = null;
private String mandateProfiles = null;
private boolean isActive = false;
- private String slVersion = null;
- private boolean useIFrame = false;
- private boolean useUTC = false;
private boolean calculateHPI = false;
private String keyBoxIdentifier = null;
@@ -56,6 +61,8 @@ public class OAGeneralConfig {
private boolean legacy = false;
List<String> SLTemplates = null;
+ private boolean isHideBPKAuthBlock = false;
+
private Map<String, byte[]> transformations;
@@ -69,6 +76,14 @@ public class OAGeneralConfig {
bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL;
bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL;
+
+ targetList = TargetValidator.getListOfTargets();
+ target = "";
+
+ identificationTypeList = Arrays.asList(
+ Constants.IDENIFICATIONTYPE_FN,
+ Constants.IDENIFICATIONTYPE_ZVR,
+ Constants.IDENIFICATIONTYPE_ERSB);
}
@@ -81,8 +96,32 @@ public class OAGeneralConfig {
keyBoxIdentifier = dbOAConfig.getKeyBoxIdentifier().value();
identifier = dbOAConfig.getPublicURLPrefix();
- target = dbOAConfig.getTarget();
- targetFriendlyName = dbOAConfig.getTargetFriendlyName();
+
+ String target_full = dbOAConfig.getTarget();
+
+ if (MiscUtil.isNotEmpty(target_full)) {
+ String[] target_split = target_full.split("-");
+
+ if (TargetValidator.isValidTarget(target_full)) {
+ target = dbOAConfig.getTarget();
+ if (target_split.length > 1)
+ target_subsector = target_split[1];
+
+ } else {
+ if (TargetValidator.isValidTarget(target_split[0])) {
+ target = target_split[0];
+ if (target_split.length > 1)
+ target_subsector = target_split[1];
+
+ } else {
+ target = "";
+ target_subsector = null;
+ target_admin = target_full;
+ isAdminTarget = true;
+ }
+ }
+ targetFriendlyName = dbOAConfig.getTargetFriendlyName();
+ }
if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE))
businessService = true;
@@ -127,7 +166,15 @@ public class OAGeneralConfig {
IdentificationNumber idnumber = oaauth.getIdentificationNumber();
if (idnumber != null) {
- identificationNumber = idnumber.getValue();
+ String number = idnumber.getValue();
+ if (MiscUtil.isNotEmpty(number)) {
+ String[] split = number.split("\\+");
+
+ if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
+ identificationType = split[1];
+ identificationNumber = split[2];
+ }
+ }
}
Mandates mandates = oaauth.getMandates();
@@ -135,8 +182,6 @@ public class OAGeneralConfig {
mandateProfiles = mandates.getProfiles();
}
- slVersion = oaauth.getSlVersion();
-
TemplatesType templates = oaauth.getTemplates();
if (templates != null) {
aditionalAuthBlockText = templates.getAditionalAuthBlockText();
@@ -162,11 +207,9 @@ public class OAGeneralConfig {
transformations.put(el.getFilename(), el.getTransformation());
}
- useIFrame = oaauth.isUseIFrame();
- useUTC = oaauth.isUseUTC();
}
-
+ isHideBPKAuthBlock = dbOAConfig.isRemoveBPKFromAuthBlock();
}
@@ -243,30 +286,6 @@ public class OAGeneralConfig {
this.isActive = isActive;
}
- public String getSlVersion() {
- return slVersion;
- }
-
- public void setSlVersion(String slVersion) {
- this.slVersion = slVersion;
- }
-
- public boolean isUseIFrame() {
- return useIFrame;
- }
-
- public void setUseIFrame(boolean useIFrame) {
- this.useIFrame = useIFrame;
- }
-
- public boolean isUseUTC() {
- return useUTC;
- }
-
- public void setUseUTC(boolean useUTC) {
- this.useUTC = useUTC;
- }
-
public boolean isBusinessService() {
return businessService;
}
@@ -461,6 +480,84 @@ public class OAGeneralConfig {
SLTemplates.add(sLTemplateURL3);
}
-
+
+ /**
+ * @return the target_subsector
+ */
+ public String getTarget_subsector() {
+ return target_subsector;
+ }
+
+
+ /**
+ * @param target_subsector the target_subsector to set
+ */
+ public void setTarget_subsector(String target_subsector) {
+ this.target_subsector = target_subsector;
+ }
+
+
+ /**
+ * @return the target_admin
+ */
+ public String getTarget_admin() {
+ return target_admin;
+ }
+
+
+ /**
+ * @param target_admin the target_admin to set
+ */
+ public void setTarget_admin(String target_admin) {
+ this.target_admin = target_admin;
+ }
+
+
+ /**
+ * @return the targetList
+ */
+ public List<String> getTargetList() {
+ return targetList;
+ }
+
+
+ /**
+ * @return the identificationTypeList
+ */
+ public List<String> getIdentificationTypeList() {
+ return identificationTypeList;
+ }
+
+
+ /**
+ * @return the isAdminTarget
+ */
+ public boolean isAdminTarget() {
+ return isAdminTarget;
+ }
+
+
+ /**
+ * @param isAdminTarget the isAdminTarget to set
+ */
+ public void setAdminTarget(boolean isAdminTarget) {
+ this.isAdminTarget = isAdminTarget;
+ }
+
+
+ /**
+ * @return the isHideBPKAuthBlock
+ */
+ public boolean isHideBPKAuthBlock() {
+ return isHideBPKAuthBlock;
+ }
+
+
+ /**
+ * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set
+ */
+ public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) {
+ this.isHideBPKAuthBlock = isHideBPKAuthBlock;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java
index e83bf6997..0c78f996c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.configuration.exception;
+import javax.mail.MessagingException;
+
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
public class ConfigurationException extends Exception {
@@ -14,4 +16,8 @@ public class ConfigurationException extends Exception {
super(LanguageHelper.getErrorString(errorname), e);
}
+ public ConfigurationException(Throwable e) {
+ super(e);
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
index 7dac458ca..9f81e1212 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
@@ -129,7 +129,7 @@ public class AuthenticationFilter implements Filter{
if (authuser == null) {
- authuser = new AuthenticatedUser(0, "Max", "TestUser", "maxtestuser", true, true);
+ authuser = new AuthenticatedUser(0, "Max", "TestUser", null, "maxtestuser", true, true, false, false);
//authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false);
httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser);
}
@@ -184,7 +184,7 @@ public class AuthenticationFilter implements Filter{
filterchain.doFilter(req, resp);
} catch (Exception e) {
-
+
// String redirectURL = "./index.action";
// HttpServletResponse httpResp = (HttpServletResponse) resp;
// redirectURL = httpResp.encodeRedirectURL(redirectURL);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java
new file mode 100644
index 000000000..aed20ce9e
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.configuration.helper;
+
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class DateTimeHelper {
+
+ private static final Logger log = Logger.getLogger(DateTimeHelper.class);
+
+ private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm";
+
+ public static String getDateTime(Date date) {
+ SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN);
+ return f.format(date);
+ }
+
+ public static Date parseDateTime(String date) {
+ SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN);
+
+ if (MiscUtil.isNotEmpty(date)) {
+
+ try {
+ return f.parse(date);
+
+ } catch (ParseException e) {
+ log.warn("Parse DATETIME String " + date + " failed", e);
+
+ }
+ }
+ return null;
+ }
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
new file mode 100644
index 000000000..d2814f6a6
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
@@ -0,0 +1,53 @@
+package at.gv.egovernment.moa.id.configuration.helper;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.data.OAListElement;
+
+public class FormDataHelper {
+
+ public static ArrayList<OAListElement> addFormOAs(List<OnlineApplication> dbOAs) {
+
+ ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>();
+
+ for (OnlineApplication dboa : dbOAs) {
+ OAListElement listoa = new OAListElement();
+ listoa.setActive(dboa.isIsActive());
+ listoa.setDataBaseID(dboa.getHjid());
+ listoa.setOaFriendlyName(dboa.getFriendlyName());
+ listoa.setOaIdentifier(dboa.getPublicURLPrefix());
+ listoa.setOaType(dboa.getType());
+ formOAs.add(listoa);
+ }
+
+ return formOAs;
+ }
+
+ public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) {
+ ArrayList<AuthenticatedUser> userlist = new ArrayList<AuthenticatedUser>();
+
+ for (UserDatabase dbuser : dbuserlist) {
+
+ boolean ismandate = false;
+ if (dbuser.isIsMandateUser() != null)
+ ismandate = dbuser.isIsMandateUser();
+
+
+ userlist.add(new AuthenticatedUser(
+ dbuser.getHjid(),
+ dbuser.getGivenname(),
+ dbuser.getFamilyname(),
+ dbuser.getInstitut(),
+ dbuser.getUsername(),
+ dbuser.isIsActive(),
+ dbuser.isIsAdmin(),
+ ismandate,
+ false));
+ }
+ return userlist;
+ }
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
new file mode 100644
index 000000000..3081f3929
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
@@ -0,0 +1,254 @@
+package at.gv.egovernment.moa.id.configuration.helper;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Properties;
+
+import javax.mail.BodyPart;
+import javax.mail.Message;
+import javax.mail.MessagingException;
+import javax.mail.Session;
+import javax.mail.Transport;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.MimeBodyPart;
+import javax.mail.internet.MimeMessage;
+import javax.mail.internet.MimeMultipart;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class MailHelper {
+
+ private static final Logger log = Logger.getLogger(MailHelper.class);
+
+ private static final String PATTERN_GIVENNAME = "#GIVENNAME#";
+ private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#";
+ private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#";
+ private static final String PATTERN_DATE = "#TODAY_DATE#";
+ private static final String PATTERN_OPENOAS = "#NUMBER_OAS#";
+ private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#";
+ private static final String PATTERN_OANAME = "#OANAME#";
+
+ public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException {
+
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String templateurl = config.getMailUserAcountVerificationTemplate();
+
+ String template = readTemplateFromURL(templateurl);
+
+ if (userdb.isIsMandateUser()) {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut());
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname());
+ template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname());
+ }
+
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ String verificationURL = config.getPublicUrlPreFix(null);
+
+ if (!verificationURL.endsWith("/"))
+ verificationURL = verificationURL + "/";
+
+ verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION +
+ "?" + Constants.REQUEST_USERREQUESTTOKKEN +
+ "=" + userdb.getUserRequestTokken();
+ template = template.replace(PATTERN_URL, verificationURL);
+
+ sendMail(config, config.getMailUserAcountVerificationSubject(),
+ userdb.getMail(), template);
+
+ }
+
+ public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String templateurl = config.getMailAdminTemplate();
+
+ String template = readTemplateFromURL(templateurl);
+ template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs));
+ template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers));
+
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template);
+
+ }
+
+ public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, String mailurl) throws ConfigurationException {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String templateurl = config.getMailUserAcountActivationTemplate();
+
+ String template = readTemplateFromURL(templateurl);
+ if (MiscUtil.isNotEmpty(institut)) {
+ template = template.replace(PATTERN_GIVENNAME, institut);
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, givenname);
+ template = template.replace(PATTERN_FAMILYNAME, familyname);
+ }
+
+
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ String verificationURL = config.getPublicUrlPreFix(null);
+ if (!verificationURL.endsWith("/"))
+ verificationURL = verificationURL + "/";
+
+ template = template.replace(PATTERN_URL, verificationURL);
+
+ sendMail(config, config.getMailUserAcountActivationSubject(),
+ mailurl, template);
+ }
+
+ public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, String institut, String oaname, String mailurl) throws ConfigurationException {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String templateurl = config.getMailOAActivationTemplate();
+
+ String template = readTemplateFromURL(templateurl);
+ if (MiscUtil.isNotEmpty(institut)) {
+ template = template.replace(PATTERN_GIVENNAME, institut);
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, givenname);
+ template = template.replace(PATTERN_FAMILYNAME, familyname);
+ }
+
+ template = template.replace(PATTERN_OANAME, oaname);
+
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ String verificationURL = config.getPublicUrlPreFix(null);
+ if (!verificationURL.endsWith("/"))
+ verificationURL = verificationURL + "/";
+
+ template = template.replace(PATTERN_URL, verificationURL);
+
+ sendMail(config, config.getMailOAActivationSubject(),
+ mailurl, template);
+ }
+
+ public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String templateurl = config.getMailUserAcountRevocationTemplate();
+
+ String template = readTemplateFromURL(templateurl);
+
+ if (userdb.isIsMandateUser()) {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut());
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname());
+ template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname());
+ }
+
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ sendMail(config, config.getMailUserAcountActivationSubject(),
+ userdb.getMail(), template);
+ }
+
+ private static String readTemplateFromURL(String templateurl) throws ConfigurationException {
+ InputStream input;
+ try {
+ File file = new File(templateurl);
+ input = new FileInputStream(file);
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ input.close();
+ return writer.toString();
+
+ } catch (Exception e) {
+ log.warn("Mailtemplate can not be read from source" + templateurl);
+ throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl);
+
+ }
+ }
+
+ private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) throws ConfigurationException {
+ try {
+ log.debug("Sending mail.");
+ MiscUtil.assertNotNull(subject, "subject");
+ MiscUtil.assertNotNull(recipient, "recipient");
+ MiscUtil.assertNotNull(content, "content");
+
+ Properties props = new Properties();
+ props.setProperty("mail.transport.protocol", "smtp");
+ props.setProperty("mail.host", config.getSMTPMailHost());
+ log.trace("Mail host: " + config.getSMTPMailHost());
+ if (config.getSMTPMailPort() != null) {
+ log.trace("Mail port: " + config.getSMTPMailPort());
+ props.setProperty("mail.port", config.getSMTPMailPort());
+ }
+ if (config.getSMTPMailUsername() != null) {
+ log.trace("Mail user: " + config.getSMTPMailUsername());
+ props.setProperty("mail.user", config.getSMTPMailUsername());
+ }
+ if (config.getSMTPMailPassword() != null) {
+ log.trace("Mail password: " + config.getSMTPMailPassword());
+ props.setProperty("mail.password", config.getSMTPMailPassword());
+ }
+
+ Session mailSession = Session.getDefaultInstance(props, null);
+ Transport transport = mailSession.getTransport();
+
+ MimeMessage message = new MimeMessage(mailSession);
+ message.setSubject(subject);
+ log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress());
+ message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName()));
+ log.trace("Recipient: " + recipient);
+ message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient));
+
+ log.trace("Creating multipart content of mail.");
+ MimeMultipart multipart = new MimeMultipart("related");
+
+ log.trace("Adding first part (html)");
+ BodyPart messageBodyPart = new MimeBodyPart();
+ messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15");
+ multipart.addBodyPart(messageBodyPart);
+
+// log.trace("Adding mail images");
+// messageBodyPart = new MimeBodyPart();
+// for (Image image : images) {
+// messageBodyPart.setDataHandler(new DataHandler(image));
+// messageBodyPart.setHeader("Content-ID", "<" + image.getContentId() + ">");
+// multipart.addBodyPart(messageBodyPart);
+// }
+
+ message.setContent(multipart);
+ transport.connect();
+ log.trace("Sending mail message.");
+ transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO));
+ log.trace("Successfully sent.");
+ transport.close();
+
+ } catch(MessagingException e) {
+ throw new ConfigurationException(e);
+
+ } catch (UnsupportedEncodingException e) {
+ throw new ConfigurationException(e);
+
+ }
+ }
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 3f6005b97..bad522a4b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -10,6 +10,7 @@ import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
@@ -53,6 +54,7 @@ import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator;
import at.gv.egovernment.moa.id.configuration.validation.moaconfig.PVP2ContactValidator;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
import com.opensymphony.xwork2.ActionSupport;
@@ -67,12 +69,18 @@ public class EditGeneralConfigAction extends ActionSupport
private HttpServletResponse response;
private AuthenticatedUser authUser;
-
private GeneralMOAIDConfig moaconfig;
+ private String formID;
+
public String loadConfig() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
if (authUser.isAdmin()) {
@@ -84,6 +92,9 @@ public class EditGeneralConfigAction extends ActionSupport
ConfigurationDBUtils.closeSession();
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
return Constants.STRUTS_SUCCESS;
} else {
@@ -93,11 +104,30 @@ public class EditGeneralConfigAction extends ActionSupport
}
public String saveConfig() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
-
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
if (authUser.isAdmin()) {
MOAConfigValidator validator = new MOAConfigValidator();
@@ -109,6 +139,8 @@ public class EditGeneralConfigAction extends ActionSupport
for (String el : errors)
addActionError(el);
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -505,6 +537,20 @@ public class EditGeneralConfigAction extends ActionSupport
public void setMoaconfig(GeneralMOAIDConfig moaconfig) {
this.moaconfig = moaconfig;
}
+
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 297d80726..8d20fe118 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -8,6 +8,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
@@ -38,13 +39,17 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config;
import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig;
import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
+import at.gv.egovernment.moa.id.configuration.validation.TargetValidator;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
import com.opensymphony.xwork2.ActionSupport;
@@ -63,6 +68,9 @@ ServletResponseAware {
private String oaidobj;
private boolean newOA;
+ private String formID;
+
+ private String nextPage;
private OAGeneralConfig generalOA = new OAGeneralConfig();
private OAPVP2Config pvp2OA = new OAPVP2Config();
@@ -72,11 +80,16 @@ ServletResponseAware {
//STRUTS actions
public String inital() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
-
+
long oaid = -1;
if (!ValidationHelper.validateOAID(oaidobj)) {
@@ -88,8 +101,15 @@ ServletResponseAware {
OnlineApplication onlineapplication = null;;
if (authUser.isAdmin())
onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
+
else {
UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+
+ if (!userdb.isIsMailAddressVerified() && !authUser.isAdmin()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
+ }
+
List<OnlineApplication> oas = userdb.getOnlineApplication();
for (OnlineApplication oa : oas) {
if (oa.getHjid() == oaid) {
@@ -115,7 +135,10 @@ ServletResponseAware {
ConfigurationDBUtils.closeSession();
- request.getSession().setAttribute(Constants.SESSION_OAID, oaid);
+ session.setAttribute(Constants.SESSION_OAID, oaid);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
newOA = false;
@@ -124,24 +147,66 @@ ServletResponseAware {
public String newOA() {
log.debug("insert new Online-Application");
+
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ session.setAttribute(Constants.SESSION_OAID, null);
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
- request.getSession().setAttribute(Constants.SESSION_OAID, null);
-
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+ if (!userdb.isIsMailAddressVerified() && !authUser.isAdmin()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
+ }
+
newOA = true;
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
return Constants.STRUTS_OA_EDIT;
}
public String saveOA() {
-
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+ if (!authUser.isAdmin() && !userdb.isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
+ return Constants.STRUTS_SUCCESS;
+ }
+
OnlineApplication onlineapplication = null;
List<String> errors = new ArrayList<String>();
@@ -170,15 +235,15 @@ ServletResponseAware {
} else {
- //TODO: oaidentifier has to be a URL according to PVP2.1 specification
- if (ValidationHelper.isValidOAIdentifier(oaidentifier)) {
- log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);
+ if (!ValidationHelper.validateURL(oaidentifier)) {
+ log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier);
errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
} else {
if (oaid == -1) {
onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
+ newOA = true;
if (onlineapplication != null) {
log.info("The OAIdentifier is not unique");
errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique"));
@@ -215,23 +280,108 @@ ServletResponseAware {
for (String el : errors)
addActionError(el);
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
} else {
- String error = saveOAConfigToDatabase(onlineapplication);
+ boolean newentry = false;
+
+ if (onlineapplication == null) {
+ onlineapplication = new OnlineApplication();
+ newentry = true;
+ onlineapplication.setIsActive(false);
+
+ if (!authUser.isAdmin()) {
+ onlineapplication.setIsAdminRequired(true);
+ }
+
+ } else {
+ if (!authUser.isAdmin() &&
+ !onlineapplication.getPublicURLPrefix().
+ equals(generalOA.getIdentifier())) {
+
+ onlineapplication.setIsAdminRequired(true);
+ onlineapplication.setIsActive(false);
+ log.info("User with ID " + authUser.getUserID()
+ + " change OA-PublicURLPrefix. Reaktivation is required.");
+ }
+
+ }
+
+ if ( (onlineapplication.isIsAdminRequired() == null) ||
+ (authUser.isAdmin() && generalOA.isActive()
+ && onlineapplication.isIsAdminRequired()) ) {
+
+ onlineapplication.setIsAdminRequired(false);
+
+ UserDatabase user = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid());
+ if (user != null) {
+ try {
+ MailHelper.sendUserOnlineApplicationActivationMail(
+ user.getGivenname(),
+ user.getFamilyname(),
+ user.getInstitut(),
+ onlineapplication.getPublicURLPrefix(),
+ user.getMail());
+ } catch (ConfigurationException e) {
+ log.warn("Sending Mail to User " + user.getMail() + " failed", e);
+ }
+ }
+
+ }
+
+
+ String error = saveOAConfigToDatabase(onlineapplication, newentry);
if (MiscUtil.isNotEmpty(error)) {
log.warn("OA configuration can not be stored!");
- addActionError(error);
+ addActionError(error);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
}
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String) {
+ nextPage = (String) nextPageAttr;
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+ }
- request.getSession().setAttribute(Constants.SESSION_OAID, null);
- addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request));
+ if (onlineapplication.isIsAdminRequired()) {
+ int numoas = 0;
+ int numusers = 0;
+
+ List<OnlineApplication> openOAs = ConfigurationDBRead.getAllNewOnlineApplications();
+ if (openOAs != null)
+ numoas = openOAs.size();
+
+ List<UserDatabase> openUsers = ConfigurationDBRead.getAllNewUsers();
+ if (openUsers != null)
+ numusers = openUsers.size();
+ try {
+
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request));
+
+ if (numusers > 0 || numoas > 0)
+ MailHelper.sendAdminMail(numoas, numusers);
+
+ } catch (ConfigurationException e) {
+ log.warn("Sending Mail to Admin failed.", e);
+ }
+
+ } else
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request));
+
+
+ request.getSession().setAttribute(Constants.SESSION_OAID, null);
ConfigurationDBUtils.closeSession();
return Constants.STRUTS_SUCCESS;
@@ -239,7 +389,22 @@ ServletResponseAware {
public String cancleAndBackOA() {
- request.getSession().setAttribute(Constants.SESSION_OAID, null);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String) {
+ nextPage = (String) nextPageAttr;
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+ }
+
+ session.setAttribute(Constants.SESSION_OAID, null);
addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request));
@@ -249,15 +414,52 @@ ServletResponseAware {
}
public String deleteOA() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
-
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String) {
+ nextPage = (String) nextPageAttr;
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+ }
+
+ UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+ if (!authUser.isAdmin() && !userdb.isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
+ return Constants.STRUTS_SUCCESS;
+ }
+
String oaidentifier = generalOA.getIdentifier();
if (MiscUtil.isEmpty(oaidentifier)) {
log.info("Empty OA identifier");
addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty"));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
} else {
@@ -265,6 +467,9 @@ ServletResponseAware {
log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);
addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
}
@@ -310,16 +515,8 @@ ServletResponseAware {
}
- private String saveOAConfigToDatabase(OnlineApplication dboa) {
-
- boolean newentry = false;
-
- if (dboa == null) {
- dboa = new OnlineApplication();
- newentry = true;
- dboa.setIsActive(false);
- }
-
+ private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) {
+
AuthComponentOA authoa = dboa.getAuthComponentOA();
if (authoa == null) {
authoa = new AuthComponentOA();
@@ -331,72 +528,134 @@ ServletResponseAware {
dboa.setFriendlyName(generalOA.getFriendlyName());
dboa.setCalculateHPI(generalOA.isCalculateHPI());
- dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier()));
+ dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock());
+
+ if (authUser.isAdmin())
+ dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier()));
+ else {
+ if (newentry)
+ dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR);
+ }
+
dboa.setPublicURLPrefix(generalOA.getIdentifier());
if (generalOA.isBusinessService()) {
dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
+ String num = generalOA.getIdentificationNumber().replaceAll(" ", "");
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_FN))
+ num = num.substring(Constants.IDENIFICATIONTYPE_FN.length());
+
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR))
+ num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
+
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB))
+ num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
+
IdentificationNumber idnumber = new IdentificationNumber();
- idnumber.setValue(generalOA.getIdentificationNumber());
+ idnumber.setValue(
+ Constants.PREFIX_WPBK +
+ generalOA.getIdentificationType() +
+ "+" +
+ num);
+
authoa.setIdentificationNumber(idnumber);
}
else {
dboa.setType(null);
- dboa.setTarget(generalOA.getTarget());
- dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName());
+ if (authUser.isAdmin()) {
+ if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) &&
+ generalOA.isAdminTarget() ) {
+ dboa.setTarget(generalOA.getTarget_admin());
+ dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName());
+
+ } else {
+ String target_full = generalOA.getTarget();
+ String[] target_split = target_full.split("-");
+ if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()))
+ dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector());
+ else
+ dboa.setTarget(target_full);
+
+ String targetname = TargetValidator.getTargetFriendlyName(target_full);
+ if (MiscUtil.isNotEmpty(targetname))
+ dboa.setTargetFriendlyName(targetname);
+ else
+ dboa.setTargetFriendlyName(TargetValidator.getTargetFriendlyName(target_split[0]));
+ }
+
+ } else {
+ if (MiscUtil.isNotEmpty(generalOA.getTarget())) {
+ String target_full = generalOA.getTarget();
+ String[] target_split = target_full.split("-");
+ dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector());
+
+ if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()))
+ dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector());
+
+ else
+ dboa.setTarget(target_full);
+
+ String targetname = TargetValidator.getTargetFriendlyName(target_full);
+ if (MiscUtil.isNotEmpty(targetname))
+ dboa.setTargetFriendlyName(targetname);
+ else
+ dboa.setTargetFriendlyName(TargetValidator.getTargetFriendlyName(target_split[0]));
+ }
+ }
}
BKUURLS bkuruls = new BKUURLS();
authoa.setBKUURLS(bkuruls);
- bkuruls.setHandyBKU(generalOA.getBkuHandyURL());
- bkuruls.setLocalBKU(generalOA.getBkuLocalURL());
- bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL());
+ if (authUser.isAdmin()) {
+ bkuruls.setHandyBKU(generalOA.getBkuHandyURL());
+ bkuruls.setLocalBKU(generalOA.getBkuLocalURL());
+ bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL());
+ }
Mandates mandates = new Mandates();
mandates.setProfiles(generalOA.getMandateProfiles());
authoa.setMandates(mandates);
-
- authoa.setSlVersion(generalOA.getSlVersion());
- authoa.setUseIFrame(generalOA.isUseIFrame());
- authoa.setUseUTC(generalOA.isUseUTC());
-
+
TemplatesType templates = authoa.getTemplates();
if (templates == null) {
templates = new TemplatesType();
authoa.setTemplates(templates);
}
- templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText());
- List<TemplateType> template = templates.getTemplate();
- if (generalOA.isLegacy()) {
+ if (authUser.isAdmin()) {
+ templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText());
+
+ List<TemplateType> template = templates.getTemplate();
+ if (generalOA.isLegacy()) {
- if (template == null)
- template = new ArrayList<TemplateType>();
- else
- template.clear();
+ if (template == null)
+ template = new ArrayList<TemplateType>();
+ else
+ template.clear();
- if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) {
- TemplateType el = new TemplateType();
- el.setURL(generalOA.getSLTemplateURL1());
- template.add(el);
- }
- if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) {
- TemplateType el = new TemplateType();
- el.setURL(generalOA.getSLTemplateURL2());
- template.add(el);
- }
- if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) {
- TemplateType el = new TemplateType();
- el.setURL(generalOA.getSLTemplateURL3());
- template.add(el);
+ if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) {
+ TemplateType el = new TemplateType();
+ el.setURL(generalOA.getSLTemplateURL1());
+ template.add(el);
+ }
+ if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) {
+ TemplateType el = new TemplateType();
+ el.setURL(generalOA.getSLTemplateURL2());
+ template.add(el);
+ }
+ if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) {
+ TemplateType el = new TemplateType();
+ el.setURL(generalOA.getSLTemplateURL3());
+ template.add(el);
+ }
+
+ } else {
+ if (template != null && template.size() > 0)
+ template.clear();
}
-
- } else {
- if (template != null && template.size() > 0)
- template.clear();
}
//set default transformation if it is empty
@@ -609,4 +868,28 @@ ServletResponseAware {
this.newOA = newOA;
}
+ /**
+ * @return the nextPage
+ */
+ public String getNextPage() {
+ return nextPage;
+ }
+
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
+
+
+
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
index 1cb4fa802..d3d00186f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
@@ -3,26 +3,21 @@ package at.gv.egovernment.moa.id.configuration.struts.action;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.StringReader;
import java.io.StringWriter;
-import java.net.MalformedURLException;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.Result;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
-import org.hibernate.lob.ReaderInputStream;
-import org.w3c.dom.Node;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
@@ -35,7 +30,7 @@ import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.iaik.commons.util.IOUtil;
+import at.gv.egovernment.moa.id.util.Random;
import com.opensymphony.xwork2.ActionSupport;
@@ -51,6 +46,7 @@ implements ServletRequestAware, ServletResponseAware {
private HttpServletResponse response;
private AuthenticatedUser authUser;
+ private String formID;
private File fileUpload = null;
private String fileUploadContentType = null;
@@ -59,13 +55,20 @@ implements ServletRequestAware, ServletResponseAware {
private InputStream fileInputStream;
public String init() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
-
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
if (authUser.isAdmin()) {
-
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
return Constants.STRUTS_SUCCESS;
} else {
@@ -76,16 +79,39 @@ implements ServletRequestAware, ServletResponseAware {
}
public String importLegacyConfig() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
if (authUser.isAdmin()) {
//load legacy config if it is configured
if (fileUpload == null) {
addActionError(LanguageHelper.getErrorString("errors.importexport.nofile"));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -97,6 +123,9 @@ implements ServletRequestAware, ServletResponseAware {
} catch (org.opensaml.xml.ConfigurationException e1) {
log.info("Legacy configuration has an Import Error", e1);
addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e1.getMessage()}));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
log.debug("OpenSAML successfully initialized");
@@ -108,26 +137,24 @@ implements ServletRequestAware, ServletResponseAware {
try {
log.warn("WARNING! The legacy import deletes the hole old config");
- String rootConfigFileDir = new File(ConfigurationProvider.getInstance().getConfigFile()).getParent();
-
- try {
- rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
-
- } catch (MalformedURLException t) {
- log.warn("RootConfiguration Directory is not found");
- rootConfigFileDir = "";
- }
-
+ String rootConfigFileDir = ConfigurationProvider.getInstance().getConfigRootDir();
+
moaconfig = BuildFromLegacyConfig.build(fileUpload, rootConfigFileDir, moaidconfig);
} catch (ConfigurationException e) {
log.info("Legacy configuration has an Import Error", e);
addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}));
ConfigurationDBUtils.closeSession();
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
} catch (at.gv.egovernment.moa.id.configuration.exception.ConfigurationException e) {
ConfigurationDBUtils.closeSession();
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -155,6 +182,9 @@ implements ServletRequestAware, ServletResponseAware {
} catch (MOADatabaseException e) {
log.warn("General MOA-ID config can not be stored in Database");
addActionError(e.getMessage());
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -174,10 +204,30 @@ implements ServletRequestAware, ServletResponseAware {
}
public String downloadXMLConfig() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
if (authUser.isAdmin()) {
log.info("Write MOA-ID 2.x xml config");
@@ -194,6 +244,9 @@ implements ServletRequestAware, ServletResponseAware {
if (moaidconfig == null) {
log.info("No MOA-ID 2.x configruation available");
addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig"));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -208,11 +261,17 @@ implements ServletRequestAware, ServletResponseAware {
log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);
addActionError(LanguageHelper.getErrorString("errors.importexport.export",
new Object[]{e.getMessage()}));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
} catch (IOException e) {
log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);
addActionError(LanguageHelper.getErrorString("errors.importexport.export",
new Object[]{e.getMessage()}));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -230,10 +289,30 @@ implements ServletRequestAware, ServletResponseAware {
public String importXMLConfig() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
if (authUser.isAdmin()) {
if (fileUpload == null) {
@@ -271,6 +350,9 @@ implements ServletRequestAware, ServletResponseAware {
log.warn("MOA-ID XML configuration can not be loaded from File.", e);
addActionError(LanguageHelper.getErrorString("errors.importexport.import",
new Object[]{e.getMessage()}));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -360,4 +442,19 @@ implements ServletRequestAware, ServletResponseAware {
public InputStream getFileInputStream() {
return fileInputStream;
}
+
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index 6078caa87..545a84800 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -1,34 +1,77 @@
package at.gv.egovernment.moa.id.configuration.struts.action;
+import java.util.ArrayList;
import java.util.Date;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
+import org.joda.time.DateTime;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.security.MetadataCredentialResolverFactory;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
+import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
+import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
+import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
+import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
+import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
import com.opensymphony.xwork2.ActionSupport;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
+import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
public class IndexAction extends ActionSupport implements ServletRequestAware,
ServletResponseAware {
+ private static final long serialVersionUID = -2781497863862504896L;
+
private static final Logger log = Logger.getLogger(IndexAction.class);
private HttpServletRequest request;
@@ -36,6 +79,11 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
private String password;
private String username;
+ private UserDatabaseFrom user = null;
+ private AuthenticatedUser authUser = null;
+ private String formID;
+
+ private String ssologouturl;
public String start() {
@@ -80,12 +128,12 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
return Constants.STRUTS_ERROR;
} else {
- if (!dbuser.isIsActive()) {
- log.warn("Username " + dbuser.getUsername() + " is not active");
+ if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) {
+ log.warn("Username " + dbuser.getUsername() + " is not active or Username/Password login is not allowed");
addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed"));
return Constants.STRUTS_ERROR;
}
-
+
if (!dbuser.getPassword().equals(key)) {
log.warn("Username " + dbuser.getUsername() + " use a false password");
addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed"));
@@ -96,13 +144,18 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
dbuser.getHjid(),
dbuser.getGivenname(),
dbuser.getFamilyname(),
+ dbuser.getInstitut(),
dbuser.getUsername(),
true,
- dbuser.isIsAdmin());
+ dbuser.isIsAdmin(),
+ dbuser.isIsMandateUser(),
+ false);
- authuser.setLastLogin(dbuser.getLastLoginItem());
+ Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
+ if (date != null)
+ authuser.setLastLogin(date);;
- dbuser.setLastLoginItem(new Date());
+ dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
try {
ConfigurationDBUtils.saveOrUpdate(dbuser);
@@ -120,13 +173,515 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
}
}
+ public String pvp2login() {
+
+ String method = request.getMethod();
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("NO HTTP Session");
+ return Constants.STRUTS_ERROR;
+ }
+
+ String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID);
+ session.setAttribute(Constants.SESSION_PVP2REQUESTID, null);
+
+ if (method.equals("POST")) {
+
+ try {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+
+ //Decode with HttpPost Binding
+ HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(
+ request));
+ decode.decode(messageContext);
+
+ Response samlResponse = (Response) messageContext.getInboundMessage();
+
+ Signature sign = samlResponse.getSignature();
+ if (sign == null) {
+ log.info("Only http POST Requests can be used");
+ addActionError(LanguageHelper.getErrorString("error.login"));
+ return Constants.STRUTS_ERROR;
+ }
+
+ //Validate Signature
+ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ profileValidator.validate(sign);
+
+ //Verify Signature
+ List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
+ keyInfoProvider.add(new DSAKeyValueProvider());
+ keyInfoProvider.add(new RSAKeyValueProvider());
+ keyInfoProvider.add(new InlineX509DataProvider());
+
+ KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+ keyInfoProvider);
+
+ MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory();
+ MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier());
+
+ CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
+ criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName()));
+ criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
+
+ ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver);
+ trustEngine.validate(sign, criteriaSet);
+
+ log.info("PVP2 Assertion is valid");
+
+ if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+
+ List<org.opensaml.saml2.core.Assertion> saml2assertions = samlResponse.getAssertions();
+
+ if (MiscUtil.isEmpty(authID)) {
+ log.info("NO AuthRequestID");
+ return Constants.STRUTS_ERROR;
+ }
+
+ for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
+
+ Subject subject = saml2assertion.getSubject();
+ List<SubjectConfirmation> subjectconformlist = subject.getSubjectConfirmations();
+ for (SubjectConfirmation el : subjectconformlist) {
+ if (el.getMethod().equals(SubjectConfirmation.METHOD_BEARER)) {
+ SubjectConfirmationData date = el.getSubjectConfirmationData();
+
+ if (!authID.equals(date.getInResponseTo())) {
+ log.warn("PVPRequestID does not match PVP2 Assertion ID!");
+ return Constants.STRUTS_ERROR;
+
+ }
+ }
+ }
+
+ Conditions conditions = saml2assertion.getConditions();
+ DateTime notbefore = conditions.getNotBefore();
+ DateTime notafter = conditions.getNotOnOrAfter();
+ if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
+ log.warn("PVP2 Assertion is out of Date");
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ NameID nameID = subject.getNameID();
+ if (nameID == null) {
+ log.warn("No NameID element in PVP2 assertion!");
+ return Constants.STRUTS_ERROR;
+ }
+
+ String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue();
+
+ //search user
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithUserBPKWBPK(bpkwbpk);
+ if (dbuser == null) {
+ log.info("No user found with bpk/wbpk " + bpkwbpk);
+
+ //read PVP2 assertion attributes;
+ user = new UserDatabaseFrom();
+ user.setActive(false);
+ user.setAdmin(false);
+ user.setBpk(bpkwbpk);
+ user.setIsusernamepasswordallowed(false);
+ user.setIsmandateuser(false);
+ user.setPVPGenerated(true);
+
+ authUser = new AuthenticatedUser();
+ authUser.setAdmin(false);
+ authUser.setAuthenticated(false);
+ authUser.setLastLogin(null);
+ authUser.setUserID(-1);
+ authUser.setUserName(null);
+ authUser.setPVP2Login(true);
+ authUser.setMandateUser(false);
+
+ //loop through the nodes to get what we want
+ List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements();
+ for (int i = 0; i < attributeStatements.size(); i++)
+ {
+ List<Attribute> attributes = attributeStatements.get(i).getAttributes();
+ for (int x = 0; x < attributes.size(); x++)
+ {
+ String strAttributeName = attributes.get(x).getDOM().getAttribute("Name");
+
+ if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) {
+ user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent());
+ authUser.setFamilyName(user.getFamilyName());
+ }
+
+ if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) {
+ user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent());
+ authUser.setGivenName(user.getGivenName());
+ }
+
+ if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) {
+ authUser.setMandateUser(true);
+ user.setIsmandateuser(true);
+ }
+
+ if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) {
+ user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent());
+ authUser.setInstitute(user.getInstitut());
+ }
+ }
+ }
+
+ //set Random value
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ session.setAttribute(Constants.SESSION_FORM, user);
+ session.setAttribute(Constants.SESSION_AUTH, authUser);
+
+ ConfigurationDBUtils.closeSession();
+
+ return Constants.STRUTS_NEWUSER;
+
+ } else {
+ if (!dbuser.isIsActive()) {
+
+ if (!dbuser.isIsMailAddressVerified()) {
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ user = new UserDatabaseFrom(dbuser);
+ authUser = new AuthenticatedUser(
+ dbuser.getHjid(),
+ dbuser.getGivenname(),
+ dbuser.getFamilyname(),
+ dbuser.getInstitut(),
+ dbuser.getUsername(),
+ false,
+ false,
+ dbuser.isIsMandateUser(),
+ true);
+ session.setAttribute(Constants.SESSION_FORM, user);
+ session.setAttribute(Constants.SESSION_AUTH, authUser);
+
+ return Constants.STRUTS_NEWUSER;
+
+ }
+
+ log.info("User with bpk/wbpk " + bpkwbpk + " is not active");
+ addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive"));
+ return Constants.STRUTS_ERROR;
+ }
+
+ authUser = new AuthenticatedUser(
+ dbuser.getHjid(),
+ dbuser.getGivenname(),
+ dbuser.getFamilyname(),
+ dbuser.getInstitut(),
+ dbuser.getUsername(),
+ true,
+ dbuser.isIsAdmin(),
+ dbuser.isIsMandateUser(),
+ true);
+
+ Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
+ if (date != null)
+ authUser.setLastLogin(date);;
+
+ dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
+
+ try {
+ ConfigurationDBUtils.saveOrUpdate(dbuser);
+
+ } catch (MOADatabaseException e) {
+ log.warn("UserDatabase communicaton error", e);
+ addActionError(LanguageHelper.getErrorString("error.login"));
+ return Constants.STRUTS_ERROR;
+ }
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+ session.setAttribute(Constants.SESSION_AUTH, authUser);
+ return Constants.STRUTS_SUCCESS;
+
+ }
+ }
+
+ log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found.");
+ addActionError(LanguageHelper.getErrorString("error.login"));
+ return Constants.STRUTS_ERROR;
+
+ } else {
+ log.info("Receive Error Assertion.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ } catch (Exception e) {
+ log.warn("Only http POST Requests can be used", e);
+ addActionError(LanguageHelper.getErrorString("error.login"));
+ return Constants.STRUTS_ERROR;
+ }
+
+ } else {
+ log.info("Only http POST Requests can be used");
+ addActionError(LanguageHelper.getErrorString("error.login"));
+ return Constants.STRUTS_ERROR;
+ }
+ }
+
+ public String requestNewUser() {
+
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.warn("No active Session found");
+ return Constants.STRUTS_ERROR;
+ }
+
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ Object sessionformobj = session.getAttribute(Constants.SESSION_FORM);
+ if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) {
+ UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj;
+
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
+ authUser = (AuthenticatedUser) authUserObj;
+
+ if (user == null) {
+ log.warn("No form transmited");
+ return Constants.STRUTS_ERROR;
+ }
+
+ //get UserID
+ String useridobj = user.getUserID();
+ long userID = -1;
+ if (MiscUtil.isEmpty(useridobj)) {
+ userID = -1;
+
+ } else {
+ if (!ValidationHelper.validateOAID(useridobj)){
+ log.warn("User with ID " + authUser.getUserID()
+ + " would access UserDatabase ID " + useridobj);
+ addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+ return Constants.STRUTS_ERROR;
+ }
+ userID = Long.valueOf(useridobj);
+ }
+
+ String check;
+ if (!sessionform.isIsmandateuser()) {
+ check = user.getInstitut();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("Organisation contains potentail XSS characters: " + check);
+ addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("Organisation is empty");
+ addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty"));
+ }
+ }
+
+ check = user.getMail();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isEmailAddressFormat(check)) {
+ log.warn("Mailaddress is not valid: " + check);
+ addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("Mailaddress is empty");
+ addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty"));
+ }
+
+ check = user.getPhone();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("Phonenumber contains potentail XSS characters: " + check);
+ addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("Phonenumber is empty");
+ addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty"));
+ }
+
+ if (hasActionErrors()) {
+ log.info("Some form errors found. Send user back to form");
+
+ user.setPVPGenerated(true);
+ user.setFamilyName(sessionform.getFamilyName());
+ user.setGivenName(sessionform.getGivenName());
+ user.setIsmandateuser(sessionform.isIsmandateuser());
+ user.setBpk(sessionform.getBpk());
+
+ if (sessionform.isIsmandateuser())
+ user.setInstitut(sessionform.getInstitut());
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ return Constants.STRUTS_NEWUSER;
+ }
+
+ UserDatabase dbuser;
+
+ if (userID < 0) {
+ dbuser = new UserDatabase();
+ dbuser.setBpk(sessionform.getBpk());
+ dbuser.setFamilyname(sessionform.getFamilyName());
+ dbuser.setGivenname(sessionform.getGivenName());
+
+ if (sessionform.isIsmandateuser())
+ dbuser.setInstitut(sessionform.getInstitut());
+ else
+ dbuser.setInstitut(user.getInstitut());
+
+ dbuser.setIsPVP2Generated(true);
+ dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
+ dbuser.setIsActive(false);
+ dbuser.setIsAdmin(false);
+ dbuser.setIsMandateUser(sessionform.isIsmandateuser());
+ dbuser.setIsUsernamePasswordAllowed(false);
+
+ } else
+ dbuser = ConfigurationDBRead.getUserWithID(userID);
+
+ dbuser.setMail(user.getMail());
+ dbuser.setPhone(user.getPhone());
+ dbuser.setIsAdminRequest(true);
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUserRequestTokken(Random.nextRandom());
+
+ try {
+ ConfigurationDBUtils.saveOrUpdate(dbuser);
+
+ MailHelper.sendUserMailAddressVerification(dbuser);
+
+ } catch (MOADatabaseException e) {
+ log.warn("New UserRequest can not be stored in database", e);
+ return Constants.STRUTS_ERROR;
+
+ } catch (ConfigurationException e) {
+ log.warn("Sending of mailaddress verification mail failed.", e);
+ addActionError(LanguageHelper.getErrorString("error.mail.send"));
+ return Constants.STRUTS_NEWUSER;
+ }
+
+ finally {
+ session.setAttribute(Constants.SESSION_FORM, null);
+ session.setAttribute(Constants.SESSION_AUTH, null);
+ ConfigurationDBUtils.closeSession();
+ }
+
+ addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify"));
+
+ session.invalidate();
+
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ log.warn("No SessionForm found");
+ return Constants.STRUTS_ERROR;
+ }
+
+ }
+
+ public String mailAddressVerification() {
+
+ String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN);
+ if (MiscUtil.isNotEmpty(userrequesttokken)) {
+
+ userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken);
+
+ try {
+ Long.parseLong(userrequesttokken);
+
+ } catch (NumberFormatException e) {
+ log.warn("Verificationtokken has no number format.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ UserDatabase dbuser = ConfigurationDBRead.getNewUserWithTokken(userrequesttokken);
+ if (dbuser != null) {
+ dbuser.setUserRequestTokken(null);
+ dbuser.setIsMailAddressVerified(true);
+
+ if (dbuser.isIsActive())
+ dbuser.setIsAdminRequest(false);
+
+ try {
+ ConfigurationDBUtils.saveOrUpdate(dbuser);
+
+ int numoas = 0;
+ int numusers = 0;
+
+ List<OnlineApplication> openOAs = ConfigurationDBRead.getAllNewOnlineApplications();
+ if (openOAs != null)
+ numoas = openOAs.size();
+
+ List<UserDatabase> openUsers = ConfigurationDBRead.getAllNewUsers();
+ if (openUsers != null)
+ numusers = openUsers.size();
+
+ if (numusers > 0 || numoas > 0)
+ MailHelper.sendAdminMail(numoas, numusers);
+
+ } catch (MOADatabaseException e) {
+ log.warn("Userinformation can not be stored in Database.", e);
+ addActionError(LanguageHelper.getErrorString("error.mail.verification"));
+
+ } catch (ConfigurationException e) {
+ log.warn("Send mail to admin failed.", e);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+
+ addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress"));
+ return Constants.STRUTS_SUCCESS;
+ }
+ }
+
+ return Constants.STRUTS_ERROR;
+ }
+
public String logout() {
HttpSession session = request.getSession();
+
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
+ authUser = (AuthenticatedUser) authUserObj;
if (session != null)
session.invalidate();
+ try {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String ssologout = config.getSSOLogOutURL();
+
+ if (MiscUtil.isNotEmpty(ssologout) && authUser != null && authUser.isPVP2Login()) {
+ ssologouturl = ssologout + config.getPublicUrlPreFix(request);
+ return Constants.STRUTS_SSOLOGOUT;
+
+ }
+
+ } catch (ConfigurationException e) {
+ log.warn("Configuration can not be loaded.", e);
+
+ }
+
return Constants.STRUTS_SUCCESS;
}
@@ -164,7 +719,46 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
public void setUsername(String username) {
this.username = username;
}
-
-
+ /**
+ * @return the authUser
+ */
+ public AuthenticatedUser getAuthUser() {
+ return authUser;
+ }
+
+ /**
+ * @return the user
+ */
+ public UserDatabaseFrom getUser() {
+ return user;
+ }
+
+ /**
+ * @param user the user to set
+ */
+ public void setUser(UserDatabaseFrom user) {
+ this.user = user;
+ }
+
+ /**
+ * @return the ssologouturl
+ */
+ public String getSsologouturl() {
+ return ssologouturl;
+ }
+
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
index f5f265ea6..da3c99714 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
@@ -5,6 +5,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
@@ -22,6 +23,7 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.OAListElement;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -48,8 +50,13 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,
public String listAllOnlineAppliactions() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
@@ -65,8 +72,16 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,
dbOAs = authUserDB.getOnlineApplication();
}
- addFormOAs(dbOAs);
-
+ if (dbOAs == null || dbOAs.size() == 0) {
+ addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA"));
+
+ } else {
+ formOAs = FormDataHelper.addFormOAs(dbOAs);
+ }
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.main.name());
+
ConfigurationDBUtils.closeSession();
return Constants.STRUTS_SUCCESS;
@@ -86,8 +101,13 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,
}
public String searchOA() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
@@ -125,32 +145,23 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,
}
}
- addFormOAs(dbOAs);
-
- ConfigurationDBUtils.closeSession();
-
- return Constants.STRUTS_SUCCESS;
- }
-
- private void addFormOAs(List<OnlineApplication> dbOAs) {
-
- formOAs = new ArrayList<OAListElement>();
if (dbOAs == null || dbOAs.size() == 0) {
- addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request));
+ log.debug("No OAs found with Identifier " + friendlyname);
+ addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA"));
} else {
- for (OnlineApplication dboa : dbOAs) {
- OAListElement listoa = new OAListElement();
- listoa.setActive(dboa.isIsActive());
- listoa.setDataBaseID(dboa.getHjid());
- listoa.setOaFriendlyName(dboa.getFriendlyName());
- listoa.setOaIdentifier(dboa.getPublicURLPrefix());
- listoa.setOaType(dboa.getType());
- formOAs.add(listoa);
- }
+
+ formOAs = FormDataHelper.addFormOAs(dbOAs);
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.main.name());
+
}
- }
+
+ ConfigurationDBUtils.closeSession();
+ return Constants.STRUTS_SUCCESS;
+ }
+
public void setServletResponse(HttpServletResponse arg0) {
this.response = arg0;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java
index aeafe9548..c80d5484d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java
@@ -2,7 +2,9 @@ package at.gv.egovernment.moa.id.configuration.struts.action;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
@@ -14,6 +16,8 @@ import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
public class MainAction implements ServletRequestAware,
ServletResponseAware {
+ private static final Logger log = Logger.getLogger(MainAction.class);
+
private HttpServletRequest request;
private HttpServletResponse response;
@@ -30,8 +34,17 @@ public class MainAction implements ServletRequestAware,
public String generateMainFrame() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
return Constants.STRUTS_SUCCESS;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java
new file mode 100644
index 000000000..aa36d768a
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java
@@ -0,0 +1,106 @@
+package at.gv.egovernment.moa.id.configuration.struts.action;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.log4j.Logger;
+import org.apache.struts2.interceptor.ServletRequestAware;
+import org.apache.struts2.interceptor.ServletResponseAware;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.data.OAListElement;
+import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
+
+import com.opensymphony.xwork2.ActionSupport;
+
+public class OpenAdminRequestsAction extends ActionSupport
+ implements ServletRequestAware, ServletResponseAware {
+
+ private static final Logger log = Logger.getLogger(OpenAdminRequestsAction.class);
+
+ private static final long serialVersionUID = 1L;
+
+ private HttpServletRequest request;
+ private HttpServletResponse response;
+
+ private AuthenticatedUser authUser = null;
+ private List<OAListElement> formOAs = null;
+ private List<AuthenticatedUser> userlist = null;
+
+
+ public String init() {
+
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
+
+ authUser = (AuthenticatedUser) authUserObj;
+
+ if (authUser.isAdmin()) {
+
+ List<OnlineApplication> dbOAs = ConfigurationDBRead.getAllNewOnlineApplications();
+ if (dbOAs != null) {
+ formOAs = FormDataHelper.addFormOAs(dbOAs);
+ }
+
+ List<UserDatabase> dbUsers = ConfigurationDBRead.getAllNewUsers();
+ if (dbUsers != null){
+ userlist = FormDataHelper.addFormUsers(dbUsers);
+ }
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name());
+
+ return Constants.STRUTS_SUCCESS;
+ } else {
+ log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID());
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ }
+
+
+ public void setServletResponse(HttpServletResponse response) {
+ this.response = response;
+ }
+
+ public void setServletRequest(HttpServletRequest request) {
+ this.request = request;
+ }
+
+
+ /**
+ * @return the authUser
+ */
+ public AuthenticatedUser getAuthUser() {
+ return authUser;
+ }
+
+
+ /**
+ * @return the formOAs
+ */
+ public List<OAListElement> getFormOAs() {
+ return formOAs;
+ }
+
+
+ /**
+ * @return the userlist
+ */
+ public List<AuthenticatedUser> getUserlist() {
+ return userlist;
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
index 2a9ec038f..6bc90a417 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
@@ -1,11 +1,12 @@
package at.gv.egovernment.moa.id.configuration.struts.action;
-import java.util.ArrayList;
-import java.util.Date;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
@@ -18,10 +19,14 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
import com.opensymphony.xwork2.ActionSupport;
@@ -43,30 +48,34 @@ public class UserManagementAction extends ActionSupport
private String useridobj = null;
private static boolean newUser = false;
+ private InputStream stream;
+ private String nextPage;
+ private String formID;
public String init() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
-
+
if (authUser.isAdmin()) {
+ log.info("Show NewserRequests");
+
log.info("Show UserList");
List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers();
+
if (dbuserlist != null) {
- userlist = new ArrayList<AuthenticatedUser>();
-
- for (UserDatabase dbuser : dbuserlist) {
- userlist.add(new AuthenticatedUser(
- dbuser.getHjid(),
- dbuser.getGivenname(),
- dbuser.getFamilyname(),
- dbuser.getUsername(),
- dbuser.isIsActive(),
- dbuser.isIsAdmin()));
- }
+ userlist = FormDataHelper.addFormUsers(dbuserlist);
}
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name());
ConfigurationDBUtils.closeSession();
return Constants.STRUTS_SUCCESS;
@@ -79,20 +88,37 @@ public class UserManagementAction extends ActionSupport
}
user = new UserDatabaseFrom(dbuser);
ConfigurationDBUtils.closeSession();
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.main.name());
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
return Constants.STRUTS_NOTALLOWED;
}
}
public String createuser() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
if (authUser.isAdmin()) {
user = new UserDatabaseFrom();
newUser = true;
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_SUCCESS;
} else {
@@ -101,10 +127,27 @@ public class UserManagementAction extends ActionSupport
}
public String edituser() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String
+ && MiscUtil.isNotEmpty((String)nextPageAttr) ) {
+ nextPage = (String) nextPageAttr;
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+ }
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
if (authUser.isAdmin()) {
long userid = -1;
@@ -136,11 +179,31 @@ public class UserManagementAction extends ActionSupport
}
}
- public String saveuser() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ public String saveuser() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
String useridobj = user.getUserID();
long userID = -1;
if (MiscUtil.isEmpty(useridobj)) {
@@ -156,9 +219,30 @@ public class UserManagementAction extends ActionSupport
userID = Long.valueOf(useridobj);
}
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+
+ if( dbuser == null) {
+ dbuser = new UserDatabase();
+ dbuser.setIsMandateUser(false);
+ dbuser.setIsAdminRequest(false);
+ dbuser.setIsPVP2Generated(false);
+ dbuser.setUserRequestTokken(null);
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUsername(user.getUsername());
+ }
+
List<String> errors;
UserDatabaseFormValidator validator = new UserDatabaseFormValidator();
- errors = validator.validate(user, userID);
+
+ boolean ispvp2 = false;
+ boolean ismandate = false;
+ if (dbuser.isIsPVP2Generated() != null)
+ ispvp2 = dbuser.isIsPVP2Generated();
+
+ if (dbuser.isIsMandateUser() != null)
+ ismandate = dbuser.isIsMandateUser();
+
+ errors = validator.validate(user, userID, ispvp2, ismandate);
if (errors.size() > 0) {
log.info("UserDataForm has some erros.");
@@ -169,6 +253,14 @@ public class UserManagementAction extends ActionSupport
if (MiscUtil.isEmpty(user.getUsername()))
newUser = true;
+ user.setIsmandateuser(ismandate);
+ user.setPVPGenerated(ispvp2);
+ if (dbuser.isIsUsernamePasswordAllowed() != null)
+ user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed());
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -181,8 +273,49 @@ public class UserManagementAction extends ActionSupport
}
}
-
- String error = saveFormToDB();
+
+ if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) {
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUserRequestTokken(Random.nextRandom());
+
+ try {
+ MailHelper.sendUserMailAddressVerification(dbuser);
+ addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify"));
+
+ } catch (ConfigurationException e) {
+ log.warn("Sending of mailaddress verification mail failed.", e);
+ addActionError(LanguageHelper.getErrorString("error.mail.send"));
+ }
+ }
+
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String
+ && MiscUtil.isNotEmpty((String)nextPageAttr) ) {
+ nextPage = (String) nextPageAttr;
+
+ if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) &&
+ user.isActive()) {
+ dbuser.setIsAdminRequest(false);
+ try {
+ if (dbuser.isIsMandateUser())
+ MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(),
+ dbuser.getInstitut(), user.getMail());
+ else
+ MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(),
+ null, user.getMail());
+
+ } catch (ConfigurationException e) {
+ log.warn("Send UserAccountActivation mail failed", e);
+ }
+ }
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+ }
+
+ String error = saveFormToDB(dbuser);
+
if (error != null) {
log.warn("UserData can not be stored in Database");
addActionError(error);
@@ -194,10 +327,30 @@ public class UserManagementAction extends ActionSupport
}
public String deleteuser() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
-
+
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
String useridobj = user.getUserID();
long userID = -1;
if (MiscUtil.isEmpty(useridobj)) {
@@ -222,6 +375,16 @@ public class UserManagementAction extends ActionSupport
}
}
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String
+ && MiscUtil.isNotEmpty((String)nextPageAttr) ) {
+ nextPage = (String) nextPageAttr;
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+ }
+
UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
if (dbuser != null) {
dbuser.setOnlineApplication(null);
@@ -230,8 +393,22 @@ public class UserManagementAction extends ActionSupport
ConfigurationDBUtils.saveOrUpdate(dbuser);
ConfigurationDBUtils.delete(dbuser);
+ if (authUser.isAdmin()) {
+ MailHelper.sendUserAccountRevocationMail(dbuser);
+ }
+
+ if (dbuser.getHjid() == authUser.getUserID()) {
+ ConfigurationDBUtils.closeSession();
+ return Constants.STRUTS_REAUTHENTICATE;
+ }
+
} catch (MOADatabaseException e) {
- log.warn("UserData can not be deleted from Database");
+ log.warn("UserData can not be deleted from Database", e);
+ addActionError(e.getMessage());
+ return Constants.STRUTS_SUCCESS;
+
+ } catch (ConfigurationException e) {
+ log.warn("Information mail sending failed.", e);
addActionError(e.getMessage());
return Constants.STRUTS_SUCCESS;
}
@@ -242,39 +419,93 @@ public class UserManagementAction extends ActionSupport
}
ConfigurationDBUtils.closeSession();
+
return Constants.STRUTS_SUCCESS;
}
- private String saveFormToDB() {
+ public String sendVerificationMail () {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(user.getUsername());
+ String message = LanguageHelper.getErrorString("error.mail.verification");
- if( dbuser == null) {
- dbuser = new UserDatabase();
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
+ authUser = (AuthenticatedUser) authUserObj;
+
+ if (authUser != null) {
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+
+ if (dbuser != null) {
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUserRequestTokken(Random.nextRandom());
+
+ try {
+ ConfigurationDBUtils.saveOrUpdate(dbuser);
+
+ MailHelper.sendUserMailAddressVerification(dbuser);
+
+ message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message");
+
+ } catch (ConfigurationException e) {
+ log.warn("Sending of mailaddress verification mail failed.", e);
+ message = LanguageHelper.getErrorString("error.mail.send");
+
+ } catch (MOADatabaseException e) {
+ log.warn("Access UserInformationDatabase failed.", e);
+ }
+ }
}
- dbuser.setBpk(user.getBpk());
- dbuser.setFamilyname(user.getFamilyName());
- dbuser.setGivenname(user.getGivenName());
- dbuser.setInstitut(user.getInstitut());
+ stream = new ByteArrayInputStream(message.getBytes());
+
+ return SUCCESS;
+ }
+
+ private String saveFormToDB(UserDatabase dbuser) {
+
dbuser.setMail(user.getMail());
dbuser.setPhone(user.getPhone());
- dbuser.setUsername(user.getUsername());
- if (authUser.isAdmin()) {
- dbuser.setIsActive(user.isActive());
- dbuser.setIsAdmin(user.isAdmin());
+ if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) {
+ dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed());
+
+ if (authUser.isAdmin()) {
+ dbuser.setIsActive(user.isActive());
+ dbuser.setIsAdmin(user.isAdmin());
+
+ }
}
- if (MiscUtil.isNotEmpty(user.getPassword())) {
- String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword());
- if (key == null) {
- return LanguageHelper.getErrorString("errors.edit.user.save");
+ if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) {
+ dbuser.setFamilyname(user.getFamilyName());
+ dbuser.setGivenname(user.getGivenName());
+ dbuser.setInstitut(user.getInstitut());
+
+ if (authUser.isAdmin())
+ dbuser.setBpk(user.getBpk());
+
+ } else {
+ if (!dbuser.isIsMandateUser())
+ dbuser.setInstitut(user.getInstitut());
+ }
+
+ if (dbuser.isIsUsernamePasswordAllowed()) {
+
+ if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername()))
+ dbuser.setUsername(user.getUsername());
+
+ if (MiscUtil.isNotEmpty(user.getPassword())) {
+ String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword());
+ if (key == null) {
+ return LanguageHelper.getErrorString("errors.edit.user.save");
+ }
+ dbuser.setPassword(key);
}
- dbuser.setPassword(key);
}
-
try {
ConfigurationDBUtils.saveOrUpdate(dbuser);
} catch (MOADatabaseException e) {
@@ -284,27 +515,7 @@ public class UserManagementAction extends ActionSupport
return null;
}
-
-// public String createTestUser() throws MOADatabaseException {
-//
-// UserDatabase user = new UserDatabase();
-// user.setBpk("");
-// user.setFamilyname("Max");
-// user.setGivenname("Mustermann");
-// user.setIsActive(true);
-// user.setIsAdmin(false);
-// user.setInstitut("EGIZ");
-// user.setLastLoginItem(new Date());
-// user.setMail("masdf@amfasdf.com");
-// user.setPhone("00660011542");
-// user.setUsername("testuser");
-//
-// ConfigurationDBUtils.save(user);
-//
-// return Constants.STRUTS_SUCCESS;
-// }
-
-
+
public void setServletResponse(HttpServletResponse response) {
this.response = response;
@@ -370,7 +581,33 @@ public class UserManagementAction extends ActionSupport
public boolean isNewUser() {
return newUser;
}
-
-
+
+ /**
+ * @return the nextPage
+ */
+ public String getNextPage() {
+ return nextPage;
+ }
+
+ /**
+ * @return the stream
+ */
+ public InputStream getStream() {
+ return stream;
+ }
+
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
new file mode 100644
index 000000000..ede8c09a8
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
@@ -0,0 +1,82 @@
+package at.gv.egovernment.moa.id.configuration.utils;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.Configuration;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilder;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+
+public class SAML2Utils {
+
+ static {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setValidating(false);
+ try {
+ builder = factory.newDocumentBuilder();
+ } catch (ParserConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ private static DocumentBuilder builder;
+
+ public static <T> T createSAMLObject(final Class<T> clazz) {
+ try {
+
+ XMLObjectBuilderFactory builderFactory = Configuration
+ .getBuilderFactory();
+
+ QName defaultElementName = (QName) clazz.getDeclaredField(
+ "DEFAULT_ELEMENT_NAME").get(null);
+ Map<QName, XMLObjectBuilder> builder = builderFactory.getBuilders();
+ Iterator<QName> it = builder.keySet().iterator();
+
+ while (it.hasNext()) {
+ QName qname = it.next();
+ if (qname.equals(defaultElementName)) {
+ System.out.printf("Builder for: %s\n", qname.toString());
+ }
+ }
+ XMLObjectBuilder xmlBuilder = builderFactory
+ .getBuilder(defaultElementName);
+
+ T object = (T) xmlBuilder.buildObject(defaultElementName);
+ return object;
+ } catch (Throwable e) {
+ System.out.printf("Failed to create object for: %s\n",
+ clazz.toString());
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException,
+ MarshallingException, TransformerException {
+ org.w3c.dom.Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
+ object);
+ out.marshall(object, document);
+ return document;
+ }
+
+
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java
new file mode 100644
index 000000000..96e99e8c7
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java
@@ -0,0 +1,71 @@
+package at.gv.egovernment.moa.id.configuration.utils;
+
+import java.util.Calendar;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
+
+
+public class UserRequestCleaner implements Runnable {
+
+ private static final Logger log = Logger.getLogger(UserRequestCleaner.class);
+
+ private static final long SESSION_CLEANUP_INTERVAL = 60 * 60; // 60 min
+
+ public void run() {
+ while (true) {
+ try {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+
+ List<UserDatabase> userrequests = ConfigurationDBRead.getAllOpenUsersRequests();
+ if (userrequests != null) {
+ Calendar cal = Calendar.getInstance();
+ cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay()*-1);
+ Date cleanupdate = cal.getTime();
+
+ for(UserDatabase dbuser : userrequests) {
+ Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
+
+ if (requestdate != null && requestdate.after(cleanupdate)) {
+ log.info("Remove UserRequest from Database");
+ ConfigurationDBUtils.delete(dbuser);
+ }
+
+ }
+ }
+
+ Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000);
+
+ } catch (ConfigurationException e) {
+ log.info("UserRequestCleaner can not load configuration", e);
+
+ } catch (InterruptedException e) {
+
+ } finally {
+ ConfigurationDBUtils.closeSession();
+
+ }
+ }
+ }
+
+ /**
+ * start the sessionCleaner
+ */
+ public static void start() {
+ // start the session cleanup thread
+ Thread sessionCleaner = new Thread(new UserRequestCleaner());
+ sessionCleaner.setName("UserRequestCleaner");
+ sessionCleaner.setDaemon(true);
+ sessionCleaner.setPriority(Thread.MIN_PRIORITY);
+ sessionCleaner.start();
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java
index 820aa7c57..466867367 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java
@@ -2,17 +2,17 @@ package at.gv.egovernment.moa.id.configuration.validation;
import org.apache.commons.lang.StringUtils;
+import at.gv.egovernment.moa.id.configuration.Constants;
+
public class CompanyNumberValidator implements IdentificationNumberValidator {
public boolean validate(String commercialRegisterNumber) {
String normalizedNumber = commercialRegisterNumber.replaceAll(" ", "");
- if(normalizedNumber.startsWith("FN")) {
+ if(normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN))
normalizedNumber = normalizedNumber.substring(2);
- return checkCommercialRegisterNumber(normalizedNumber);
-
- } else
- return true;
+
+ return checkCommercialRegisterNumber(normalizedNumber);
}
private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java
new file mode 100644
index 000000000..65e8a549e
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java
@@ -0,0 +1,84 @@
+package at.gv.egovernment.moa.id.configuration.validation;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+
+public class TargetValidator {
+
+ private static Map<String, String> targetList = null;
+
+ static {
+ targetList = new HashMap<String, String>();
+ targetList.put("AR", "Arbeit");
+ targetList.put("AS", "Amtliche Statistik");
+ targetList.put("BF", "Bildung und Forschung");
+ targetList.put("BW", "Bauen und Wohnen");
+ targetList.put("EA", "EU und Auswärtige Angelegenheiten");
+ targetList.put("EF", "Ein- und Ausfuhr");
+ targetList.put("GH", "Gesundheit");
+ targetList.put("GS", "Gesellschaft und Soziales");
+ targetList.put("GS-RE", "Restitution");
+ targetList.put("JR", "Justiz/Zivilrechtswesen");
+ targetList.put("KL", "Kultus");
+ targetList.put("KU", "Kunst und Kultur");
+ targetList.put("LF", "Land- und Forstwirtschaft");
+ targetList.put("LV", "Landesverteidigung");
+ targetList.put("RT", "Rundfunk und sonstige Medien sowie Telekommunikation");
+ targetList.put("SA", "Steuern und Abgaben");
+ targetList.put("SA", "Sport und Freizeit");
+ targetList.put("SO", "Sicherheit und Ordnung");
+ targetList.put("SO-VR", "Vereinsregister");
+ targetList.put("SR-RG", "Strafregister");
+ targetList.put("SV", "Sozialversicherung");
+ targetList.put("UW", "Umwelt");
+ targetList.put("VT", "Verkehr und Technik");
+ targetList.put("VV", "Vermögensverwaltung");
+ targetList.put("WT", "Wirtschaft");
+ targetList.put("ZP", "Personenidentität und Bürgerrechte(zur Person)");
+ targetList.put("BR", "Bereichsübergreifender Rechtsschutz");
+ targetList.put("HR", "Zentrales Rechnungswesen");
+ targetList.put("KI", "Auftraggeberinterne allgemeine Kanzleiindizes");
+ targetList.put("OI", "Öffentlichkeitsarbeit");
+ targetList.put("PV", "Personalverwaltung");
+ targetList.put("RD", "Zentraler Rechtsdienst");
+ targetList.put("VS", "Zentrale Durchführung von Verwaltungsstrafverfahren");
+ targetList.put("VS-RG", "Zentrales Verwaltungsstrafregister");
+ targetList.put("ZU", "Zustellungen");
+ }
+
+ public static List<String> getListOfTargets() {
+ Map<String, String> list = new HashMap<String, String>();
+ list.put("", "");
+ list.putAll(targetList);
+
+ List<String> sortedList = new ArrayList<String>();
+ sortedList.addAll(list.keySet());
+ Collections.sort(sortedList);
+
+ return sortedList;
+
+ }
+
+ public static String getTargetFriendlyName(String target) {
+ String name = targetList.get(target);
+
+ if (MiscUtil.isNotEmpty(name))
+ return name;
+ else
+ return null;
+ }
+
+ public static boolean isValidTarget(String target) {
+ return targetList.containsKey(target);
+ }
+
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
index 276b0b4c8..88e1e6cf5 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
@@ -16,44 +16,50 @@ public class UserDatabaseFormValidator {
private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class);
- public List<String> validate(UserDatabaseFrom form, long userID) {
+ public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, boolean isMandateUser) {
List<String> errors = new ArrayList<String>();
-
- String check = form.getGivenName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("GivenName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
- }
- } else {
- log.warn("GivenName is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty"));
- }
+ String check = null;
- check = form.getFamilyName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("FamilyName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ if (!isPVP2Generated) {
+ check = form.getGivenName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("GivenName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("GivenName is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty"));
+ }
+
+
+ check = form.getFamilyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("FamilyName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("FamilyName is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty"));
}
- } else {
- log.warn("FamilyName is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty"));
}
-
- check = form.getInstitut();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("Organisation contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+
+ if (!isMandateUser) {
+ check = form.getInstitut();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("Organisation contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("Organisation is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty"));
}
- } else {
- log.warn("Organisation is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty"));
}
check = form.getMail();
@@ -80,67 +86,67 @@ public class UserDatabaseFormValidator {
errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty"));
}
- check = form.getUsername();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("Username contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
-
- } else {
- UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check);
- if (dbuser != null && userID != dbuser.getHjid()) {
- log.warn("Username " + check + " exists in UserDatabase");
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate"));
- form.setUsername("");
- }
- }
- } else {
- if (userID == -1) {
- log.warn("Username is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty"));
+ if (form.isIsusernamepasswordallowed()) {
+ check = form.getUsername();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("Username contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+
+ } else {
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check);
+ if (dbuser != null && userID != dbuser.getHjid()) {
+ log.warn("Username " + check + " exists in UserDatabase");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate"));
+ form.setUsername("");
+ }
+ }
} else {
- UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
- if (dbuser == null) {
+ if (userID == -1) {
log.warn("Username is empty");
errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty"));
} else {
- form.setUsername(dbuser.getUsername());
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+ if (dbuser == null) {
+ log.warn("Username is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty"));
+ } else {
+ form.setUsername(dbuser.getUsername());
+ }
}
}
- }
-
- check = form.getPassword();
- if (MiscUtil.isEmpty(check)) {
- if (userID == -1) {
- log.warn("Password is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty"));
- } else {
- UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
- if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
+ check = form.getPassword();
+
+ if (MiscUtil.isEmpty(check)) {
+ if (userID == -1) {
log.warn("Password is empty");
errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty"));
- }
- }
-
- } else {
-
- if (check.equals(form.getPassword_second())) {
-
- String key = AuthenticationHelper.generateKeyFormPassword(check);
- if (key == null) {
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid"));
+ } else {
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+ if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
+ log.warn("Password is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty"));
+ }
}
- }
- else {
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal"));
+ } else {
+
+ if (check.equals(form.getPassword_second())) {
+
+ String key = AuthenticationHelper.generateKeyFormPassword(check);
+ if (key == null) {
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid"));
+ }
+
+ }
+ else {
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal"));
+ }
}
}
-
-
-
+
check = form.getBpk();
if (MiscUtil.isNotEmpty(check)) {
if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
index aeac75e44..eadf15f84 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
@@ -1,18 +1,122 @@
package at.gv.egovernment.moa.id.configuration.validation;
+import iaik.asn1.ObjectID;
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
+
+import java.io.IOException;
import java.net.MalformedURLException;
+import java.net.Socket;
import java.net.URL;
+import java.net.UnknownHostException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.util.Constants;
+
public class ValidationHelper {
private static final Logger log = Logger.getLogger(ValidationHelper.class);
+ public static boolean isPublicServiceAllowed(String identifier) {
+
+ SSLSocket socket = null;
+
+ try {
+ URL url = new URL(identifier);
+ String host = url.getHost();
+
+ if (host.endsWith("/"))
+ host = host.substring(0, host.length()-1);
+
+ if (url.getHost().endsWith(at.gv.egovernment.moa.id.configuration.Constants.PUBLICSERVICE_URL_POSTFIX)) {
+ log.debug("PublicURLPrefix with .gv.at Domain found.");
+ return true;
+
+ } else {
+ SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
+ socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort());
+ socket.startHandshake();
+
+ SSLSession session = socket.getSession();
+ Certificate[] servercerts = session.getPeerCertificates();
+ X509Certificate[] iaikChain = new X509Certificate[servercerts.length];
+ for (int i=0; i<servercerts.length; i++) {
+ iaikChain[i] = new X509Certificate(servercerts[i].getEncoded());
+ }
+
+
+ X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0];
+
+ if (cert != null) {
+ ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft
+ ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft
+
+
+ if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) {
+ return false;
+
+ } else {
+ log.info("Found correct X509 Extension in server certificate. PublicService is allowed");
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ } catch (MalformedURLException e) {
+ log.warn("PublicURLPrefix can not parsed to URL", e);
+ return false;
+
+ } catch (UnknownHostException e) {
+ log.warn("Can not connect to PublicURLPrefix Server", e);
+ return false;
+
+ } catch (IOException e) {
+ log.warn("Can not connect to PublicURLPrefix Server", e);
+ return false;
+
+ } catch (CertificateEncodingException e) {
+ log.warn("Can not parse X509 server certificate", e);
+ return false;
+
+ } catch (CertificateException e) {
+ log.warn("Can not read X509 server certificate", e);
+ return false;
+
+ } catch (X509ExtensionInitException e) {
+ log.warn("Can not read X509 server certificate extension", e);
+ return false;
+ }
+
+ finally {
+ if (socket != null)
+ try {
+ socket.close();
+ } catch (IOException e) {
+ log.warn("SSL Socket can not be closed.", e);
+ }
+ }
+ }
+
public static boolean validateOAID(String oaIDObj) {
if (oaIDObj != null) {
try {
@@ -62,7 +166,7 @@ public class ValidationHelper {
return false;
}
- public static boolean isValidTarget(String target) {
+ public static boolean isValidAdminTarget(String target) {
log.debug("Ueberpruefe Parameter Target");
@@ -76,10 +180,24 @@ public class ValidationHelper {
else {
log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
return false;
- }
-
+ }
}
+ public static boolean isValidTarget(String target) {
+
+ log.debug("Ueberpruefe Parameter Target");
+
+ if (TargetValidator.isValidTarget(target)) {
+ log.debug("Parameter Target erfolgreich ueberprueft");
+ return true;
+ }
+ else {
+ log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
+ return false;
+ }
+
+ }
+
public static boolean isValidSourceID(String sourceID) {
log.debug("Ueberpruefe Parameter sourceID");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index f51095cac..5fc5189d9 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -292,7 +292,7 @@ public class MOAConfigValidator {
errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty"));
} else {
- if (!ValidationHelper.isValidTarget(check)) {
+ if (!ValidationHelper.isValidAdminTarget(check)) {
log.info("Not valid SSO Target");
errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid"));
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java
index fa992674e..99371a0e7 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java
@@ -7,7 +7,10 @@ import java.util.Map;
import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
@@ -20,51 +23,56 @@ public class OAGeneralConfigValidation {
public List<String> validate(OAGeneralConfig form, boolean isAdmin) {
List<String> errors = new ArrayList<String>();
+ String check;
- //validate aditionalAuthBlockText
- String check = form.getAditionalAuthBlockText();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ if (isAdmin) {
+ //validate aditionalAuthBlockText
+ check = form.getAditionalAuthBlockText();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
}
}
//Check BKU URLs
- check =form.getBkuHandyURL();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty Handy-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty"));
-
- } else {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Handy-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid"));
+ if (isAdmin) {
+ check =form.getBkuHandyURL();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty Handy-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty"));
+
+ } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Handy-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid"));
+ }
}
- }
-
- check =form.getBkuLocalURL();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty Local-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty"));
- } else {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Online-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid"));
+ check =form.getBkuLocalURL();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty Local-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty"));
+
+ } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid"));
+ }
}
- }
-
- check =form.getBkuOnlineURL();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty Online-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty"));
- } else {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Online-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid"));
+ check =form.getBkuOnlineURL();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty"));
+
+ } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid"));
+ }
}
}
@@ -78,47 +86,49 @@ public class OAGeneralConfigValidation {
}
}
- //check KeyBoxIdentifier
- check = form.getKeyBoxIdentifier();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty KeyBoxIdentifier");
- errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty"));
- } else {
- Map<String, String> list = form.getKeyBoxIdentifierList();
- if (!list.containsKey(check)) {
- log.info("Not valid KeyBoxIdentifier " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid"));
- }
- }
-
- //check LegacyMode SLTemplates
- if (form.isLegacy()) {
- if (MiscUtil.isEmpty(form.getSLTemplateURL1()) &&
- MiscUtil.isEmpty(form.getSLTemplateURL2()) &&
- MiscUtil.isEmpty(form.getSLTemplateURL3()) ) {
- log.info("Empty OA-specific SecurityLayer Templates");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty"));
-
+ if (isAdmin) {
+ //check KeyBoxIdentifier
+ check = form.getKeyBoxIdentifier();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty KeyBoxIdentifier");
+ errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty"));
} else {
- check = form.getSLTemplateURL1();
- if (MiscUtil.isNotEmpty(check) &&
- !ValidationHelper.validateURL(check) ) {
- log.info("First OA-specific SecurityLayer Templates is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid"));
- }
- check = form.getSLTemplateURL2();
- if (MiscUtil.isNotEmpty(check) &&
- !ValidationHelper.validateURL(check) ) {
- log.info("Second OA-specific SecurityLayer Templates is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid"));
- }
- check = form.getSLTemplateURL3();
- if (MiscUtil.isNotEmpty(check) &&
- !ValidationHelper.validateURL(check) ) {
- log.info("Third OA-specific SecurityLayer Templates is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid"));
+ Map<String, String> list = form.getKeyBoxIdentifierList();
+ if (!list.containsKey(check)) {
+ log.info("Not valid KeyBoxIdentifier " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid"));
}
- }
+ }
+
+ //check LegacyMode SLTemplates
+ if (form.isLegacy()) {
+ if (MiscUtil.isEmpty(form.getSLTemplateURL1()) &&
+ MiscUtil.isEmpty(form.getSLTemplateURL2()) &&
+ MiscUtil.isEmpty(form.getSLTemplateURL3()) ) {
+ log.info("Empty OA-specific SecurityLayer Templates");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty"));
+
+ } else {
+ check = form.getSLTemplateURL1();
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check) ) {
+ log.info("First OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid"));
+ }
+ check = form.getSLTemplateURL2();
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check) ) {
+ log.info("Second OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid"));
+ }
+ check = form.getSLTemplateURL3();
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check) ) {
+ log.info("Third OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid"));
+ }
+ }
+ }
}
//check Mandate Profiles
@@ -130,23 +140,18 @@ public class OAGeneralConfigValidation {
new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} ));
}
}
-
- //check SL Version
- check = form.getSlVersion();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty SLVersion. Set SLVersion to 1.2");
- form.setSlVersion("1.2");
-
- } else {
- if (!ValidationHelper.validateNumber(check)) {
- log.info("Not valid SLVersion");
- errors.add(LanguageHelper.getErrorString("validation.general.slversion"));
- }
- }
-
+
boolean businessservice = form.isBusinessService();
if (businessservice) {
+
+ //check identification type
+ check = form.getIdentificationType();
+ if (!form.getIdentificationTypeList().contains(check)) {
+ log.info("IdentificationType is not known.");
+ errors.add(LanguageHelper.getErrorString("validation.general.identificationtype.valid"));
+ }
+
//check identification number
check = form.getIdentificationNumber();
if (MiscUtil.isEmpty(check)) {
@@ -160,49 +165,85 @@ public class OAGeneralConfigValidation {
new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
}
- if (check.startsWith("FN")) {
+ if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) {
CompanyNumberValidator val = new CompanyNumberValidator();
- if (val.validate(check)) {
+ if (!val.validate(check)) {
log.info("Not valid CompanyNumber");
errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid"));
}
}
}
-
- try {
- float slversion = Float.valueOf(form.getSlVersion());
- if (slversion < 1.2) {
- log.info("BusinessService Applications requires SLVersion >= 1.2");
- errors.add(LanguageHelper.getErrorString("validation.general.slversion.business"));
- form.setSlVersion("1.2");
- }
-
- } catch (NumberFormatException e) {
- }
-
+
} else {
- //check targetFrindlyName();
- check = form.getTargetFriendlyName();
+
+ check = form.getTarget_subsector();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ if (!ValidationHelper.isValidAdminTarget(check)) {
+ log.info("Not valid Target-Subsector");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid"));
}
}
- //check Target
- check = form.getTarget();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.empty"));
+
+ if (!isAdmin) {
+ //check PublicURL Prefix allows PublicService
+ if (!ValidationHelper.isPublicServiceAllowed(form.getIdentifier())) {
+ log.warn("PublicURLPrefix does not allow PublicService: " + form.getIdentifier());
+ errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl",
+ new Object[] {form.getIdentifier()} ));
+ form.setBusinessService(true);
+ return errors;
+
+ }
+
+ //check Target
+ check = form.getTarget();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.empty"));
+
+ } else {
+ if (!ValidationHelper.isValidTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.valid"));
+ }
+ }
} else {
- if (!ValidationHelper.isValidTarget(check)) {
- log.info("Not valid Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.valid"));
+
+ //check targetFrindlyName();
+ check = form.getTargetFriendlyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
}
- }
+
+ if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) {
+ log.info("Empty Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.empty"));
+ }
+
+ //check Target
+ check = form.getTarget();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.valid"));
+ }
+ }
+
+ //check Admin Target
+ check = form.getTarget_admin();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidAdminTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid"));
+ }
+ }
+ }
}
return errors;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 4a1ef9261..e6ff0a166 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -1,15 +1,22 @@
package at.gv.egovernment.moa.id.configuration.validation.oa;
import java.io.IOException;
+import java.net.URL;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.parse.BasicParserPool;
import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class OAPVP2ConfigValidation {
@@ -19,24 +26,59 @@ public class OAPVP2ConfigValidation {
public List<String> validate(OAPVP2Config form) {
List<String> errors = new ArrayList<String>();
-
- String url = form.getMetaDataURL();
- if (MiscUtil.isNotEmpty(url) && !ValidationHelper.validateURL(url)) {
- log.info("MetaDataURL has no valid form.");
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid"));
- }
-
try {
+ byte[] metadata = null;
+ byte[] cert = null;
+
+ String check = form.getMetaDataURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("MetaDataURL has no valid form.");
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid"));
+
+ } else {
+ metadata = FileUtils.readURL(check);
+ if (MiscUtil.isEmpty(metadata)) {
+ log.info("Filecontent can not be read form MetaDataURL.");
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read"));
+ }
+ }
+ }
+
if (form.getFileUpload() != null)
- form.getCertificate();
+ cert = form.getCertificate();
+
+// else {
+// if (metadata != null) {
+// log.info("No certificate to verify the Metadata defined.");
+// errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"));
+// }
+// }
+
+// if (cert != null && metadata != null) {
+// HTTPMetadataProvider httpProvider = new HTTPMetadataProvider(
+// check, 20000);
+// httpProvider.setParserPool(new BasicParserPool());
+// httpProvider.setRequireValidMetadata(true);
+// MetadataFilter filter = new MetadataSignatureFilter(
+// check, cert);
+// httpProvider.setMetadataFilter(filter);
+// httpProvider.initialize();
+//
+// }
+
} catch (CertificateException e) {
log.info("Uploaded Certificate can not be found", e);
errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"));
} catch (IOException e) {
- log.info("Uploaded Certificate can not be parsed", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.format"));
+ log.info("Metadata can not be loaded from URL", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read"));
+
+// } catch (MetadataProviderException e) {
+// log.info("MetaDate verification failed");
+// errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify"));
}
return errors;