diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at')
9 files changed, 89 insertions, 33 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java index 332adaa80..7bf2cf93f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -46,7 +46,6 @@ public class MetaDataVerificationFilter implements MetadataFilter { public void doFilter(XMLObject metadata) throws FilterException { if (metadata instanceof EntitiesDescriptor) { EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; - if(entitiesDescriptor.getSignature() == null) { throw new FilterException("Root element of metadata file has to be signed", null); } @@ -57,7 +56,7 @@ public class MetaDataVerificationFilter implements MetadataFilter { throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); } - } if (metadata instanceof EntityDescriptor) { + } if (metadata instanceof EntityDescriptor) { try { EntityDescriptor entity = (EntityDescriptor) metadata; if (entity.getSignature() != null) diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 957479b29..e6000319e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -437,23 +437,23 @@ public class ConfigurationProvider { return parseVersionFromManifest(); } - public String getCertStoreDirectory() throws CertificateException { + public String getCertStoreDirectory() throws ConfigurationException { String dir = props.getProperty("general.ssl.certstore"); if (MiscUtil.isNotEmpty(dir)) return FileUtils.makeAbsoluteURL(dir, configRootDir); else - throw new CertificateException("No SSLCertStore configured use default JAVA TrustStore."); + throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore."); } - public String getTrustStoreDirectory() throws CertificateException { + public String getTrustStoreDirectory() throws ConfigurationException { String dir = props.getProperty("general.ssl.truststore"); if (MiscUtil.isNotEmpty(dir)) return FileUtils.makeAbsoluteURL(dir, configRootDir); else - throw new CertificateException("No SSLTrustStore configured use default JAVA TrustStore."); + throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore."); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index 0e65b7dca..a9c914f74 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -30,6 +30,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; @@ -40,6 +41,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentials; +import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentialsCredentialOIDItem; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; @@ -207,8 +209,9 @@ public class OAAuthenticationData implements IOnlineApplicationData { } if (oaauth.getTestCredentials() != null) { - enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials(); - testCredentialOIDs = oaauth.getTestCredentials().getCredentialOID(); + enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials(); + testCredentialOIDs = new ArrayList<String>(); + testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID()); } @@ -315,12 +318,20 @@ public class OAAuthenticationData implements IOnlineApplicationData { if (enableTestCredentials) { TestCredentials testing = authoa.getTestCredentials(); - if (testing == null) - testing = new TestCredentials(); - - testing.setEnableTestCredentials(enableTestCredentials); + if (testing != null) + ConfigurationDBUtils.delete(testing); + + testing = new TestCredentials(); + authoa.setTestCredentials(testing); + testing.setEnableTestCredentials(enableTestCredentials); testing.setCredentialOID(testCredentialOIDs); + } else { + TestCredentials testing = authoa.getTestCredentials(); + if (testing != null) { + testing.setEnableTestCredentials(false); + } + } return null; @@ -576,12 +587,14 @@ public class OAAuthenticationData implements IOnlineApplicationData { */ public String getTestCredentialOIDs() { String value = null; - for (String el : testCredentialOIDs) { - if (value == null) - value = el; - else - value += "," + el; + if (testCredentialOIDs != null) { + for (String el : testCredentialOIDs) { + if (value == null) + value = el; + else + value += "," + el; + } } return value; @@ -595,12 +608,13 @@ public class OAAuthenticationData implements IOnlineApplicationData { * @param testCredentialOIDs the testCredentialOIDs to set */ public void setTestCredentialOIDs(String testCredentialOIDs) { - String[] oidList = testCredentialOIDs.split(","); + if (MiscUtil.isNotEmpty(testCredentialOIDs)) { + String[] oidList = testCredentialOIDs.split(","); - this.testCredentialOIDs = new ArrayList<String>(); - for (int i=0; i<oidList.length; i++) - this.testCredentialOIDs.add(oidList[i].trim()); + this.testCredentialOIDs = new ArrayList<String>(); + for (int i=0; i<oidList.length; i++) + this.testCredentialOIDs.add(oidList[i].trim()); + } } - - + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java index 150483dd8..e5ee5ac09 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -60,10 +60,12 @@ public class FormDataHelper { for (OnlineApplication dboa : dbOAs) { - if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) || + if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) || + (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) || (dboa.getAuthComponentOA().getOASTORK() != null && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null - && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()))) { + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) || + (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() ))) { formOAs.add(addOAFormListElement(dboa, ServiceType.OA)); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index 5a9787069..26d97484b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -291,8 +291,17 @@ public class BasicOAAction extends BasicAction { } else { - if (oaid == -1) { - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + if (oaid == -1) { + List<OnlineApplication> oaList = ConfigurationDBRead.getAllOnlineApplications(); + for (OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier) ) + onlineapplication = el; + + } + if (onlineapplication == null) { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + + } setNewOA(true); if (onlineapplication != null) { log.info("The OAIdentifier is not unique"); @@ -306,7 +315,17 @@ public class BasicOAAction extends BasicAction { onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { - if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { + OnlineApplication dbOA = null; + List<OnlineApplication> oaList = ConfigurationDBRead.getAllOnlineApplications(); + for (OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier) ) + dbOA = el; + + } + if (dbOA == null) + dbOA = ConfigurationDBRead.getOnlineApplication(oaidentifier); + + if ( (dbOA != null && !dbOA.getHjid().equals(oaid))) { log.info("The OAIdentifier is not unique"); throw new BasicOAActionException( LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request), diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 31c29aef0..4236c0d13 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -241,6 +241,9 @@ public class EditGeneralConfigAction extends BasicAction { } MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (dbconfig == null) + dbconfig = new MOAIDConfiguration(); + AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); if (dbauth == null) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index 7f7f083c9..335dbc91e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -133,7 +133,7 @@ public class ListOAsAction extends BasicAction { } else { if (ValidationHelper.containsPotentialCSSCharacter(friendlyname, false)) { log.warn("SearchOA textfield contains potential XSS characters"); - addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname", + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request)); return Constants.STRUTS_SUCCESS; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index fd40bd447..fd4226c5b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -147,12 +147,14 @@ public class OAAuthenticationDataValidation { } } - if (form.isEnableTestCredentials()) { + if (form.isEnableTestCredentials() + && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) { for (String el : form.getTestCredialOIDList()) { - if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID)) + if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID)) { log.warn("Test credential OID does not start with test credential root OID"); errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", new Object[] {el}, request )); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 40e243d0b..8e1dd6e64 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -36,8 +36,10 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.MOAHttpClient; import org.apache.log4j.Logger; import org.opensaml.Configuration; +import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataFilterChain; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.io.MarshallerFactory; @@ -58,6 +60,7 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.util.MiscUtil; public class OAPVP2ConfigValidation { @@ -126,17 +129,29 @@ public class OAPVP2ConfigValidation { } catch (ConfigurationException e) { log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); - } + } + + List<MetadataFilter> filterList = new ArrayList<MetadataFilter>(); + filterList.add(new MetaDataVerificationFilter(credential)); + filterList.add(new SchemaValidationFilter()); + MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); httpProvider = new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); httpProvider.setParserPool(new BasicParserPool()); httpProvider.setRequireValidMetadata(true); - httpProvider.setMetadataFilter(new MetaDataVerificationFilter(credential)); + httpProvider.setMetadataFilter(filter); httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + + httpProvider.setRequireValidMetadata(true); + httpProvider.initialize(); + + + if (httpProvider.getMetadata() == null) { log.info("Metadata could be received but validation FAILED."); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); @@ -157,6 +172,8 @@ public class OAPVP2ConfigValidation { } catch (MetadataProviderException e) { + + //TODO: check exception handling if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { log.info("SSL Server certificate not trusted.", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); |