diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv')
11 files changed, 83 insertions, 56 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index f549db9f3..3062a61e3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -22,11 +22,10 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration; +import java.util.Collections; import java.util.Hashtable; import java.util.Map; -import java.util.Collections; - public class Constants { public static final String DEFAULT_VERSION = "1.x"; @@ -96,6 +95,7 @@ public class Constants { public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; public static final String IDENIFICATIONTYPE_STORK = "STORK"; + public static final String IDENIFICATIONTYPE_EIDAS = "eIDAS"; public static final String IDENIFICATIONTYPE_BASEID = "urn:publicid:gv.at:baseid+"; public static final String IDENIFICATIONTYPE_BASEID_FN = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_FN; @@ -103,6 +103,7 @@ public class Constants { public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+"; + public static final String PREFIX_EIDAS = "urn:publicid:gv.at:eidasid+"; public static final Map<String, String> BUSINESSSERVICENAMES; @@ -113,6 +114,7 @@ public class Constants { tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer"); tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl"); tmp.put(IDENIFICATIONTYPE_STORK, "STORK"); + tmp.put(IDENIFICATIONTYPE_EIDAS, "eIDAS"); BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index ab6c22858..c0cd971cf 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -22,8 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.config; -import iaik.x509.X509Certificate; - import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -65,6 +63,7 @@ import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUse import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; public class ConfigurationProvider { @@ -580,7 +579,8 @@ public class ConfigurationProvider { ConfigurationProvider.getInstance().getTrustStoreDirectory(), null, "pkix", - true); + true, + new String[]{"crl"}); httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); @@ -590,7 +590,7 @@ public class ConfigurationProvider { } } - idpMetadataProvider = new HTTPMetadataProvider(new Timer(), httpClient, metadataurl); + idpMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, metadataurl); idpMetadataProvider.setRequireValidMetadata(true); idpMetadataProvider.setParserPool(new BasicParserPool()); idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 86ac6f779..82eb5592a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -69,7 +69,7 @@ public class GeneralMOAIDConfig { public static final String LINE_DELIMITER = ";"; private String alternativeSourceID = null; - private String certStoreDirectory = null; +// private String certStoreDirectory = null; private boolean trustmanagerrevocationcheck = true; private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION); @@ -217,7 +217,7 @@ public class GeneralMOAIDConfig { GeneralConfiguration authgen = auth.getGeneralConfiguration(); if (authgen != null) { alternativeSourceID = authgen.getAlternativeSourceID(); - certStoreDirectory = authgen.getCertStoreDirectory(); + //certStoreDirectory = authgen.getCertStoreDirectory(); if (authgen.isTrustManagerRevocationChecking() != null) trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); @@ -449,19 +449,19 @@ public class GeneralMOAIDConfig { this.szrgwURL = szrgwURL; } - /** - * @return the certStoreDirectory - */ - public String getCertStoreDirectory() { - return certStoreDirectory; - } - - /** - * @param certStoreDirectory the certStoreDirectory to set - */ - public void setCertStoreDirectory(String certStoreDirectory) { - this.certStoreDirectory = certStoreDirectory; - } +// /** +// * @return the certStoreDirectory +// */ +// public String getCertStoreDirectory() { +// return certStoreDirectory; +// } +// +// /** +// * @param certStoreDirectory the certStoreDirectory to set +// */ +// public void setCertStoreDirectory(String certStoreDirectory) { +// this.certStoreDirectory = certStoreDirectory; +// } /** * @return the timeoutAssertion diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index e71bad299..b5c996c72 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -27,6 +27,7 @@ import java.util.List; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ForeignIdentities; @@ -40,7 +41,7 @@ public class GeneralStorkConfig { private List<CPEPS> cpepslist; private List<StorkAttribute> attributes; - private int qaa; + private String qaa; private static final Logger log = Logger.getLogger(GeneralStorkConfig.class); private MOAIDConfiguration dbconfig = null; @@ -91,10 +92,10 @@ public class GeneralStorkConfig { } try { - qaa = stork.getQualityAuthenticationAssuranceLevel(); + qaa = stork.getGeneral_eIDAS_LOA(); } catch(NullPointerException e) { - qaa = 4; + qaa = MOAIDConstants.eIDAS_LOA_HIGH; } } @@ -114,6 +115,10 @@ public class GeneralStorkConfig { attributes.add(new StorkAttribute()); } + public List<String> getAllowedLoALevels() { + return MOAIDConstants.ALLOWED_eIDAS_LOA; + } + public List<CPEPS> getRawCPEPSList() { return cpepslist; } @@ -161,11 +166,11 @@ public class GeneralStorkConfig { this.attributes = attributes; } - public int getDefaultQaa() { + public String getDefaultQaa() { return qaa; } - public void setDefaultQaa(int qaa) { + public void setDefaultQaa(String qaa) { this.qaa = qaa; } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index c0e1eaaf7..fb096a2a0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; @@ -49,7 +50,7 @@ public class OASTORKConfig implements IOnlineApplicationData{ private static final Logger log = Logger.getLogger(OASTORKConfig.class); private boolean isStorkLogonEnabled = false; - private int qaa; + private String qaa; private List<AttributeHelper> attributes = null; @@ -107,14 +108,14 @@ public class OASTORKConfig implements IOnlineApplicationData{ setStorkLogonEnabled(config.isStorkLogonEnabled()); try { - setQaa(config.getQaa()); + setQaa(config.geteIDAS_LOA()); } catch(NullPointerException e) { // if there is no configuration available for the OA, get the default qaa level try { - setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getQualityAuthenticationAssuranceLevel()); + setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getGeneral_eIDAS_LOA()); } catch (NullPointerException e1) { - setQaa(4); + setQaa(MOAIDConstants.eIDAS_LOA_HIGH); } } @@ -208,7 +209,7 @@ public class OASTORKConfig implements IOnlineApplicationData{ } // transfer the incoming data to the database model stork.setStorkLogonEnabled(isStorkLogonEnabled()); - stork.setQaa(getQaa()); + stork.seteIDAS_LOA(getQaa()); stork.setOAAttributes(getAttributes()); stork.setVidpEnabled(isVidpEnabled()); stork.setRequireConsent(isRequireConsent()); @@ -227,11 +228,11 @@ public class OASTORKConfig implements IOnlineApplicationData{ this.isStorkLogonEnabled = enabled; } - public int getQaa() { + public String getQaa() { return qaa; } - public void setQaa(int qaa) { + public void setQaa(String qaa) { this.qaa = qaa; } @@ -282,6 +283,11 @@ public class OASTORKConfig implements IOnlineApplicationData{ return citizenCountries; } + + public List<String> getAllowedLoALevels() { + return MOAIDConstants.ALLOWED_eIDAS_LOA; + } + public List<String> getEnabledCitizenCountries() { return enabledCitizenCountries; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index 19671e502..f660b5feb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -65,7 +65,8 @@ public class OATargetConfiguration implements IOnlineApplicationData { Constants.IDENIFICATIONTYPE_FN, Constants.IDENIFICATIONTYPE_ZVR, Constants.IDENIFICATIONTYPE_ERSB, - Constants.IDENIFICATIONTYPE_STORK); + Constants.IDENIFICATIONTYPE_STORK, + Constants.IDENIFICATIONTYPE_EIDAS); } @@ -120,6 +121,12 @@ public class OATargetConfiguration implements IOnlineApplicationData { if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { identificationType = split[1]; identificationNumber = split[2]; + + } else if (Constants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) { + //identificationType = split[1]; // setting at as iden category ? + identificationType = Constants.IDENIFICATIONTYPE_EIDAS; + identificationNumber = split[1] + "+" + split[2]; // setting sp country as ident type -> sp ident + } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { //identificationType = split[1]; // setting at as iden category ? identificationType = Constants.IDENIFICATIONTYPE_STORK; @@ -185,7 +192,11 @@ public class OATargetConfiguration implements IOnlineApplicationData { if (idnumber == null) idnumber = new IdentificationNumber(); - if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { + if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) { + idnumber.setValue(Constants.PREFIX_EIDAS + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + + } else if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num); idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); } else { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 27a3dcdf3..cf5911b3a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -287,8 +287,8 @@ public class EditGeneralConfigAction extends BasicAction { // dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID()); // } - if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory())) - dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory()); +// if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory())) +// dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory()); TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts(); if (dbtimeouts == null) { @@ -568,7 +568,7 @@ public class EditGeneralConfigAction extends BasicAction { try { log.error("QAAAA " + storkconfig.getDefaultQaa()); - stork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); + stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa()); if (storkconfig.getAttributes() != null) { List<StorkAttribute> dbStorkAttr = new ArrayList<StorkAttribute>(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index cb546c5a8..70c43d9b4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -113,17 +113,17 @@ public class MOAConfigValidator { } } - check = form.getCertStoreDirectory(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.isValidOAIdentifier(check)) { - log.warn("CertStoreDirectory contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); - } - } else { - log.info("CertStoreDirectory is empty."); - errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request)); - } +// check = form.getCertStoreDirectory(); +// if (MiscUtil.isNotEmpty(check)) { +// if (ValidationHelper.isValidOAIdentifier(check)) { +// log.warn("CertStoreDirectory contains potentail XSS characters: " + check); +// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", +// new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); +// } +// } else { +// log.info("CertStoreDirectory is empty."); +// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request)); +// } check = form.getDefaultBKUHandy(); if (MiscUtil.isNotEmpty(check)) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 6b5c51e3f..ed2c2f903 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -7,6 +7,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; @@ -82,9 +83,9 @@ public class StorkConfigValidator { } // check qaa - int qaa = form.getDefaultQaa(); - if(1 > qaa && 4 < qaa) { - log.warn("QAA is out of range : " + qaa); + String qaa = form.getDefaultQaa(); + if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { + log.warn("eIDAS LoA is not allowed : " + qaa); errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", new Object[] {qaa}, request )); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index cf02cd49c..970785bdb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -134,7 +134,8 @@ public class OAPVP2ConfigValidation { ConfigurationProvider.getInstance().getTrustStoreDirectory(), null, "pkix", - true); + true, + new String[]{"crl"}); httpClient.setCustomSSLTrustStore( form.getMetaDataURL(), diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 5c451c06a..00ccdca8c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; @@ -45,9 +46,9 @@ public class OASTORKConfigValidation { List<String> errors = new ArrayList<String>(); // check qaa - int qaa = oageneral.getQaa(); - if(1 > qaa && 4 < qaa) { - log.warn("QAA is out of range : " + qaa); + String qaa = oageneral.getQaa(); + if (MiscUtil.isNotEmpty(qaa) && !MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) { + log.warn("eIDAS LoA is not allowed : " + qaa); errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", new Object[] {qaa}, request )); } |