aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java92
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java64
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java10
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java5
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java69
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java44
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java20
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java39
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java18
15 files changed, 313 insertions, 70 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
new file mode 100644
index 000000000..a25cc44ef
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.auth.pvp2;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.signature.SignatureTrustEngine;
+
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPSOAPRequestSecurityPolicy extends
+ AbstractRequestSignedSecurityPolicyRule {
+
+ /**
+ * @param trustEngine
+ * @param peerEntityRole
+ */
+ public PVPSOAPRequestSecurityPolicy(SignatureTrustEngine trustEngine,
+ QName peerEntityRole) {
+ super(trustEngine, peerEntityRole);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String)
+ */
+ @Override
+ protected boolean refreshMetadataProvider(String entityID) {
+ try {
+ HTTPMetadataProvider metadataProvider = ConfigurationProvider.getInstance().getMetaDataProvier();
+ metadataProvider.setRequireValidMetadata(true);
+ metadataProvider.refresh();
+
+ return true;
+
+ } catch (Exception e) {
+
+
+ }
+
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) {
+ if (inboundData instanceof Envelope) {
+ Envelope envelope = (Envelope) inboundData;
+ if (envelope.getBody() != null) {
+ List<XMLObject> xmlElemList = envelope.getBody().getUnknownXMLObjects();
+ if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof SignableSAMLObject)
+ return (SignableSAMLObject) xmlElemList.get(0);
+
+ }
+ }
+
+ return null;
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
index cff08740b..17d3d9e50 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
@@ -40,6 +40,7 @@ import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
@@ -49,10 +50,12 @@ import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils;
/**
* @author tlenz
@@ -77,25 +80,44 @@ public class SLOBackChannelServlet extends SLOBasicServlet {
try {
HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
- new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(
- request));
+
+ BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext();
+
+// BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+// new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
+
+ //messageContext.setMetadataProvider(getConfig().getMetaDataProvier());
+
+ //set trustPolicy
+// BasicSecurityPolicy policy = new BasicSecurityPolicy();
+// policy.getPolicyRules().add(
+// new PVPSOAPRequestSecurityPolicy(
+// PVP2Utils.getTrustEngine(getConfig()),
+// IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
+// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+// policy);
+// messageContext.setSecurityPolicyResolver(resolver);
soapDecoder.decode(messageContext);
-
+
Envelope inboundMessage = (Envelope) messageContext
.getInboundMessage();
+ LogoutResponse sloResp = null;
+
if (inboundMessage.getBody() != null) {
List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
-
- LogoutResponse sloResp;
+
if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) {
LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0);
- sloResp = processLogOutRequest(sloReq, request);
+ //validate request signature
+ PVP2Utils.validateSignature(sloReq, getConfig());
+
+ sloResp = processLogOutRequest(sloReq, request);
+
KeyStore keyStore = getConfig().getPVP2KeyStore();
X509Credential authcredential = new KeyStoreX509CredentialAdapter(
keyStore,
@@ -111,24 +133,17 @@ public class SLOBackChannelServlet extends SLOBasicServlet {
context.setOutboundMessageTransport(responseAdapter);
encoder.encode(context);
-
+
} else {
log.warn("Received request ist not of type LogOutRequest");
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ return;
}
}
- } catch (MessageDecodingException e) {
- log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
-
- } catch (SecurityException e) {
- log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
-
- } catch (NoSuchAlgorithmException e) {
- log.error("SLO message processing FAILED." , e);
+ } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) {
+ log.error("SLO message processing FAILED." , e);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
} catch (CertificateException e) {
@@ -139,15 +154,14 @@ public class SLOBackChannelServlet extends SLOBasicServlet {
log.error("SLO message processing FAILED." , e);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
- } catch (ConfigurationException e) {
- log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
-
} catch (MessageEncodingException e) {
log.error("SLO message processing FAILED." , e);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
- }
+ }
+
+
+
}
protected void doGet(HttpServletRequest request,
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
index 2a35e50b1..c70d34d7e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
@@ -131,13 +131,13 @@ public class SLOBasicServlet extends HttpServlet {
} else {
log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + " is not found.");
- return createSLOResponse(sloReq, StatusCode.PARTIAL_LOGOUT_URI, request);
+ return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request);
}
}
- private LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException {
+ protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException {
LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
sloResp.setID(gen.generateIdentifier());
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
index 8df7f9d5a..274aa21bf 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
@@ -69,7 +69,6 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils;
import at.gv.egovernment.moa.id.configuration.exception.PVP2Exception;
import at.gv.egovernment.moa.id.configuration.exception.SLOException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.util.MiscUtil;
/**
@@ -99,8 +98,15 @@ public class SLOFrontChannelServlet extends SLOBasicServlet {
if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) {
//process user initiated single logout process
Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+
+ if (authUserObj == null) {
+ log.warn("No user information found. Single Log-Out not possible");
+ buildErrorMessage(request, response);
+
+ }
+
AuthenticatedUser authUser = (AuthenticatedUser) authUserObj;
-
+
String nameIDFormat = authUser.getNameIDFormat();
String nameID = authUser.getNameID();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index e2a55db60..ab6c22858 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -54,6 +54,7 @@ import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
+import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.webgui.MOAIDConfigurationModul;
@@ -65,8 +66,6 @@ import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead;
-
public class ConfigurationProvider {
@@ -602,7 +601,7 @@ public class ConfigurationProvider {
} catch (Exception e) {
log.warn("PVP2 authentification can not be initialized.");
- throw new ConfigurationException("PVP2 authentification can not be initialized.", e);
+ throw new ConfigurationException("error.initialization.pvplogin", e);
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
index 83795567c..95af93af3 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
@@ -54,7 +54,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TrustAnchor;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -126,6 +128,7 @@ public class GeneralMOAIDConfig {
private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html";
private String publicURLPrefix = null;
+ private boolean virtualPublicURLPrefixEnabled = false;
public GeneralMOAIDConfig() {
chainigmodelist = new HashMap<String, String>();
@@ -133,6 +136,26 @@ public class GeneralMOAIDConfig {
for (int i=0; i<values.length; i++) {
chainigmodelist.put(values[i].value(), values[i].value());
}
+
+ try {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ if (config != null) {
+ MOAIDConfiguration dbconfig = config.getDbRead().getMOAIDConfiguration();
+ List<TransformsInfoType> authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer().getTransformsInfo();
+
+ if (authBlockTrans != null && !authBlockTrans.isEmpty()) {
+ if (secLayerTransformation == null)
+ secLayerTransformation = new HashMap<String, byte[]>();
+ for (TransformsInfoType el : authBlockTrans)
+ secLayerTransformation.put(el.getFilename(), el.getTransformation());
+
+ }
+ }
+
+ } catch (Exception e) {
+
+ }
+
}
public void parse(MOAIDConfiguration config) {
@@ -163,7 +186,26 @@ public class GeneralMOAIDConfig {
if (authgen.isTrustManagerRevocationChecking() != null)
trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking();
- publicURLPrefix = authgen.getPublicURLPreFix();
+ virtualPublicURLPrefixEnabled =
+ KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix());
+
+ if (virtualPublicURLPrefixEnabled) {
+ //format CSV values with newlines
+ publicURLPrefix = KeyValueUtils.normalizeCSVValueString(
+ authgen.getPublicURLPreFix());
+
+ } else {
+ String tmp = authgen.getPublicURLPreFix();
+ if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) {
+ //remove trailing comma if exist
+ publicURLPrefix = tmp.substring(0,
+ tmp.indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else
+ publicURLPrefix = tmp;
+ }
+
+
TimeOuts timeouts = authgen.getTimeOuts();
if (timeouts != null) {
@@ -819,6 +861,7 @@ public class GeneralMOAIDConfig {
* @return the secLayerTransformation
*/
public Map<String, byte[]> getSecLayerTransformation() {
+
return secLayerTransformation;
}
@@ -931,7 +974,12 @@ public class GeneralMOAIDConfig {
* @param publicURLPrefix the publicURLPrefix to set
*/
public void setPublicURLPrefix(String publicURLPrefix) {
- this.publicURLPrefix = publicURLPrefix;
+ if (MiscUtil.isNotEmpty(publicURLPrefix))
+ this.publicURLPrefix =
+ KeyValueUtils.removeAllNewlineFromString(publicURLPrefix);
+ else
+ this.publicURLPrefix = publicURLPrefix;
+
}
/**
@@ -961,6 +1009,23 @@ public class GeneralMOAIDConfig {
public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) {
this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest;
}
+
+ /**
+ * @return the virtualPublicURLPrefixEnabled
+ */
+ public boolean isVirtualPublicURLPrefixEnabled() {
+ return virtualPublicURLPrefixEnabled;
+ }
+
+ /**
+ * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set
+ */
+ public void setVirtualPublicURLPrefixEnabled(
+ boolean virtualPublicURLPrefixEnabled) {
+ this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled;
+ }
+
+
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
index 9b0172a24..d0232e86a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -31,17 +31,13 @@ import javax.servlet.http.HttpServletRequest;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS;
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.DefaultBKUs;
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAKeyBoxSelector;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.Mandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentials;
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentialsCredentialOIDItem;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType;
-import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
index 441c879be..bb98d2e64 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
@@ -27,10 +27,8 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index e092d9e13..9ddb41d83 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -29,23 +29,21 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.util.ArrayList;
-import java.util.Date;
+import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
-import edu.emory.mathcs.backport.java.util.Arrays;
-
import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK;
-import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index a658c3f34..504b598c0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -23,9 +23,13 @@
package at.gv.egovernment.moa.id.configuration.struts.action;
import java.math.BigInteger;
-import java.util.*;
-
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
@@ -58,6 +62,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TimeOuts;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
@@ -179,7 +184,12 @@ public class EditGeneralConfigAction extends BasicAction {
String error = saveFormToDatabase();
if (error != null) {
log.warn("General MOA-ID config can not be stored in Database");
- addActionError(error);
+
+ //set new formID
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ addActionError(error);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -248,13 +258,27 @@ public class EditGeneralConfigAction extends BasicAction {
// if (oldauth != null)
// oldauthgeneral = oldauth.getGeneralConfiguration();
- //set Public URL Prefix
- String pubURLPrefix = moaconfig.getPublicURLPrefix();
- if(pubURLPrefix.endsWith("/")) {
- int length = pubURLPrefix.length();
- pubURLPrefix = pubURLPrefix.substring(0, length-1);
- }
- dbauthgeneral.setPublicURLPreFix(pubURLPrefix);
+ //set Public URL Prefix
+ String pubURLPrefix = moaconfig.getPublicURLPrefix();
+ if (moaconfig.isVirtualPublicURLPrefixEnabled()) {
+ dbauthgeneral.setPublicURLPreFix(
+ KeyValueUtils.normalizeCSVValueString(pubURLPrefix));
+
+ } else {
+ if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) {
+ dbauthgeneral.setPublicURLPreFix(
+ pubURLPrefix.trim().substring(0,
+ pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER)));
+
+ } else
+ dbauthgeneral.setPublicURLPreFix(
+ StringUtils.chomp(pubURLPrefix.trim()));
+
+ }
+
+ dbauthgeneral.setVirtualPublicURLPrefixEnabled(
+ moaconfig.isVirtualPublicURLPrefixEnabled());
+
// if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID()))
// dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID());
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
index a2c5da247..a9889da9c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
@@ -53,8 +53,6 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
-import com.fasterxml.jackson.core.JsonProcessingException;
-
public class ImportExportAction extends BasicAction {
private static final Logger log = Logger.getLogger(ImportExportAction.class);
@@ -150,7 +148,7 @@ public class ImportExportAction extends BasicAction {
}
- } catch (JsonProcessingException | JAXBException | FileNotFoundException e) {
+ } catch (JAXBException | FileNotFoundException e) {
log.info("Legacy configuration has an Import Error", e);
addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}, request));
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
index 8be24edb4..384f0662f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
@@ -271,7 +271,7 @@ public class InterfederationIDPAction extends BasicOAAction {
businessID = new IdentificationNumber();
onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID);
}
- businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP");
+ businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP");
} else
onlineapplication.setTarget("MOA-IDP");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
index fc310900e..eca4c05ef 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
@@ -94,6 +94,26 @@ public class SAML2Utils {
return document;
}
+// public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() throws ConfigurationException {
+// MetadataCredentialResolver resolver;
+//
+// resolver = new MetadataCredentialResolver(ConfigurationProvider.getInstance().getMetaDataProvier());
+//
+// List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
+// keyInfoProvider.add(new DSAKeyValueProvider());
+// keyInfoProvider.add(new RSAKeyValueProvider());
+// keyInfoProvider.add(new InlineX509DataProvider());
+//
+// KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+// keyInfoProvider);
+//
+// ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
+// resolver, keyInfoResolver);
+//
+// return engine;
+//
+// }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index 95502cedb..d4e8e957d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -28,10 +28,10 @@ import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -39,8 +39,6 @@ import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.helper.StringHelper;
-import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -66,14 +64,29 @@ public class MOAConfigValidator {
check = form.getPublicURLPrefix();
if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Public URL Prefix is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", request));
- }
+ String[] publicURLPreFix = check.split(",");
+ if (form.isVirtualPublicURLPrefixEnabled()) {
+ for (String el : publicURLPreFix) {
+ if (!ValidationHelper.validateURL(
+ StringUtils.chomp(el.trim()))) {
+ log.info("Public URL Prefix " + el + " is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}, request));
+ }
+ }
+
+ } else {
+ if (!ValidationHelper.validateURL(
+ StringUtils.chomp(publicURLPreFix[0].trim()))) {
+ log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{publicURLPreFix[0]}, request));
+
+ }
+
+ }
} else {
log.info("PublicURL Prefix is empty.");
errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request));
- }
+ }
check = form.getTimeoutAssertion();
if (MiscUtil.isNotEmpty(check)) {
@@ -401,7 +414,7 @@ public class MOAConfigValidator {
- if (form.getFileUploadFileName() != null) {
+ if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) {
HashMap<String, byte[]> map = new HashMap<String, byte[]>();
for (int i=0; i<form.getFileUploadFileName().size(); i++) {
String filename = form.getFileUploadFileName().get(i);
@@ -426,7 +439,15 @@ public class MOAConfigValidator {
}
}
}
+
form.setSecLayerTransformation(map);
+
+ } else {
+ if (form.getSecLayerTransformation() == null) {
+ log.info("AuthBlock Transformation file is empty");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request));
+
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 35b69274f..6476ea1f1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -43,6 +43,7 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.x509.BasicX509Credential;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
@@ -76,9 +77,20 @@ public class OAPVP2ConfigValidation {
else {
try {
- //OracleDB does not allow the selection of a lob in SQL where expression
- String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class");
- boolean backupVersion = MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc.");
+ //Some databases does not allow the selection of a lob in SQL where expression
+ String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class");
+ boolean backupVersion = false;
+ if (MiscUtil.isNotEmpty(dbDriver)) {
+ for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) {
+ if (dbDriver.startsWith(el)) {
+ backupVersion = true;
+ log.debug("JDBC driver '" + dbDriver
+ + "' is blacklisted --> Switch to alternative DB access methode implementation.");
+
+ }
+
+ }
+ }
Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion);
if (oa != null &&