diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at')
33 files changed, 3928 insertions, 464 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index d088edf34..47e6e83d5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -1,29 +1,49 @@ package at.gv.egovernment.moa.id.configuration; public class Constants { + public static final String FILEPREFIX = "file:"; + + public static final String SERVLET_PVP2ASSERTION = "pvp2login.action"; + public static final String SERVLET_ACCOUNTVERIFICATION = "mailAddressVerification.action"; + public static final String STRUTS_SUCCESS = "success"; public static final String STRUTS_ERROR = "error"; public static final String STRUTS_ERROR_VALIDATION = "error_validation"; public static final String STRUTS_OA_EDIT = "editOA"; public static final String STRUTS_REAUTHENTICATE = "reauthentication"; public static final String STRUTS_NOTALLOWED = "notallowed"; + public static final String STRUTS_NEWUSER = "newuser"; + public static final String STRUTS_SSOLOGOUT = "ssologout"; public static final String SESSION_AUTH = "authsession"; public static final String SESSION_AUTH_ERROR = "authsessionerror"; public static final String SESSION_OAID = "oadbidentifier"; + public static final String SESSION_FORMID = "formId"; + public static final String SESSION_FORM = "form"; + public static final String SESSION_PVP2REQUESTID = "pvp2requestid"; + public static final String SESSION_RETURNAREA = "returnarea"; + + public static enum STRUTS_RETURNAREA_VALUES {adminRequestsInit, main, usermanagementInit}; public static final String REQUEST_OAID = "oaid"; + public static final String REQUEST_USERREQUESTTOKKEN = "tokken"; public static final String BKU_ONLINE = "bkuonline"; public static final String BKU_LOCAL = "bkulocal"; public static final String BKU_HANDY = "bkuhandy"; - public static final String MOA_CONFIG_BUSINESSSERVICE = "businessService"; - public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1"; public static final String MOA_CONFIG_PROTOCOL_PVP2 = "id_pvp2x"; public static final String DEFAULT_LOCALBKU_URL = "https://127.0.0.1:3496/https-security-layer-request"; public static final String DEFAULT_HANDYBKU_URL = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; + + public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at"; + + public static final String IDENIFICATIONTYPE_FN = "FN"; + public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; + public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; + + public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java index 8f75a357c..009a13f4b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java @@ -2,14 +2,19 @@ package at.gv.egovernment.moa.id.configuration.auth; import java.util.Date; +import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; + public class AuthenticatedUser { private boolean isAuthenticated = false; private boolean isAdmin = false; + private boolean isPVP2Login = false; + private boolean isMandateUser = false; private long userID; private String givenName; private String familyName; + private String institute; private String userName; private Date lastLogin; @@ -17,18 +22,26 @@ public class AuthenticatedUser { } - public AuthenticatedUser(long userID, String givenName, String familyName, String userName, - boolean isAuthenticated, boolean isAdmin) { + public AuthenticatedUser(long userID, String givenName, String familyName, String institute, + String userName, boolean isAuthenticated, boolean isAdmin, boolean isMandateUser, + boolean isPVP2Login) { this.familyName = familyName; this.givenName = givenName; this.userName = userName; this.userID = userID; + this.institute = institute; this.isAdmin = isAdmin; this.isAuthenticated = isAuthenticated; + this.isMandateUser = isMandateUser; + this.isPVP2Login = isPVP2Login; this.lastLogin = new Date(); } + public String getFormatedLastLogin() { + return DateTimeHelper.getDateTime(lastLogin); + } + /** * @return the isAuthenticated */ @@ -105,7 +118,7 @@ public class AuthenticatedUser { public Date getLastLogin() { return lastLogin; } - + /** * @param lastLogin the lastLogin to set */ @@ -126,8 +139,49 @@ public class AuthenticatedUser { public void setUserName(String userName) { this.userName = userName; } + + /** + * @return the institute + */ + public String getInstitute() { + return institute; + } + + /** + * @param institute the institute to set + */ + public void setInstitute(String institute) { + this.institute = institute; + } + + /** + * @return the isPVP2Login + */ + public boolean isPVP2Login() { + return isPVP2Login; + } + + /** + * @param isPVP2Login the isPVP2Login to set + */ + public void setPVP2Login(boolean isPVP2Login) { + this.isPVP2Login = isPVP2Login; + } + + /** + * @return the isMandateUser + */ + public boolean isMandateUser() { + return isMandateUser; + } + + /** + * @param isMandateUser the isMandateUser to set + */ + public void setMandateUser(boolean isMandateUser) { + this.isMandateUser = isMandateUser; + } - - + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java new file mode 100644 index 000000000..199e89d7c --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.RequestedAttribute; + +import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +public class AttributeListBuilder implements PVPConstants{ + + protected static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) { + RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class); + attribute.setIsRequired(required); + attribute.setName(name); + attribute.setFriendlyName(friendlyName); + attribute.setNameFormat(Attribute.URI_REFERENCE); + return attribute; + } + + public static List<RequestedAttribute> getRequestedAttributes() { + List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>(); + + requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(BPK_NAME, BPK_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true)); + + requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); + + requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); + + requestedAttributes.add(buildReqAttribute(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false)); + return requestedAttributes; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java new file mode 100644 index 000000000..ed496ae16 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java @@ -0,0 +1,245 @@ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.io.FileInputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.NameIDPolicy; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.security.MetadataCredentialResolverFactory; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.credential.BasicCredential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.iaik.commons.util.ConfigException; + + +/** + * Servlet implementation class Authenticate + */ +public class Authenticate extends HttpServlet { + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(Authenticate.class); + /** + * @see HttpServlet#HttpServlet() + */ + public Authenticate() { + super(); + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + builder = factory.newDocumentBuilder(); + } catch (ParserConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + + DocumentBuilder builder; + + public Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException { + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + } + + protected void process(HttpServletRequest request, + HttpServletResponse response, Map<String,String> legacyParameter) throws ServletException, IOException { + try { + + ConfigurationProvider config = ConfigurationProvider.getInstance(); + config.initializePVP2Login(); + + AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + HttpSession session = request.getSession(); + if (session != null) { + session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); + } + + authReq.setAssertionConsumerServiceIndex(0); + authReq.setAttributeConsumingServiceIndex(0); + authReq.setIssueInstant(new DateTime()); + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + NameID name = SAML2Utils.createSAMLObject(NameID.class); + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) + serviceURL = serviceURL + "/"; + name.setValue(serviceURL); + issuer.setValue(serviceURL); + + subject.setNameID(name); + authReq.setSubject(subject); + issuer.setFormat(NameIDType.ENTITY); + authReq.setIssuer(issuer); + NameIDPolicy policy = SAML2Utils + .createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameID.PERSISTENT); + authReq.setNameIDPolicy(policy); + + String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + SingleSignOnService redirectEndpoint = null; + for (SingleSignOnService sss : + idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { + + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { //Get the service address for the binding you wish to use + redirectEndpoint = sss; + } + } + + authReq.setDestination(redirectEndpoint.getLocation()); + + RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + + AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + + authReq.setRequestedAuthnContext(reqAuthContext); + + KeyStore keyStore = config.getPVP2KeyStore(); + + X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(authcredential); + + authReq.setSignature(signer); + + VelocityEngine engine = new VelocityEngine(); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + engine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.init(); + + HTTPPostEncoder encoder = new HTTPPostEncoder(engine, + "templates/pvp_postbinding_template.html"); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); + service.setLocation(redirectEndpoint.getLocation());; + + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(authReq); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + + } catch (Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response, null); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response, null); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java new file mode 100644 index 000000000..fa02443dc --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java @@ -0,0 +1,288 @@ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.io.IOException; +import java.io.StringWriter; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.apache.log4j.Logger; +import org.opensaml.Configuration; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.LocalizedString; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.ServiceName; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.Signer; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * Servlet implementation class BuildMetadata + */ +public class BuildMetadata extends HttpServlet { + private static final long serialVersionUID = 1L; + + private static final Logger log = Logger.getLogger(BuildMetadata.class); + + /** + * @see HttpServlet#HttpServlet() + */ + public BuildMetadata() { + super(); + } + + protected static Signature getSignature(Credential credentials) { + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + + //config.initializePVP2Login(); + + SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); + + EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. + createSAMLObject(EntitiesDescriptor.class); + + String name = config.getPVP2MetadataEntitiesName(); + if (MiscUtil.isEmpty(name)) { + log.info("NO Metadata EntitiesName configurated"); + throw new ConfigurationException("NO Metadata EntitiesName configurated"); + } + + spEntitiesDescriptor.setName(name); + spEntitiesDescriptor.setID(idGen.generateIdentifier()); + + EntityDescriptor spEntityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) + serviceURL = serviceURL + "/"; + + log.debug("Set OnlineApplicationURL to " + serviceURL); + spEntityDescriptor.setEntityID(serviceURL); + + SPSSODescriptor spSSODescriptor = SAML2Utils + .createSAMLObject(SPSSODescriptor.class); + + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(true); + + X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitEntityCertificate(true); + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + KeyStore keyStore = config.getPVP2KeyStore(); + + X509Credential signingcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreMetadataKeyAlias(), + config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); + + + log.debug("Set Metadata key information"); + //Set MetaData Signing key + KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); + entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); + Signature entitiesSignature = getSignature(signingcredential); + + X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + + //Set AuthRequest Signing certificate + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + spEntitiesDescriptor.setSignature(entitiesSignature); + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); + + spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); + + NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientnameIDFormat.setFormat(NameIDType.TRANSIENT); + + spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); + + NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); + + AssertionConsumerService postassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); + + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); + + spSSODescriptor.setWantAssertionsSigned(true); + spSSODescriptor.setAuthnRequestsSigned(true); + AttributeConsumingService attributeService = + SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "de")); + attributeService.getNames().add(serviceName); + + attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); + + spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor); + out.marshall(spEntitiesDescriptor, document); + + Signer.signObject(entitiesSignature); + + Transformer transformer = TransformerFactory.newInstance().newTransformer(); + + StringWriter sw = new StringWriter(); + StreamResult sr = new StreamResult(sw); + DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + String metadataXML = sw.toString(); + + response.setContentType("text/xml"); + response.getOutputStream().write(metadataXML.getBytes()); + + response.getOutputStream().close(); + + } catch (ConfigurationException e) { + log.warn("Configuration can not be loaded.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (NoSuchAlgorithmException e) { + log.warn("Requested Algorithm could not found.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (KeyStoreException e) { + log.warn("Requested KeyStoreType is not implemented.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (CertificateException e) { + log.warn("KeyStore can not be opend or userd.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (SecurityException e) { + log.warn("KeyStore can not be opend or used", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (ParserConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (MarshallingException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (SignatureException e) { + log.warn("PVP2 Metadata can not be signed", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (TransformerConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (TransformerFactoryConfigurationError e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (TransformerException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + catch (Exception e) { + log.warn("Unspecific PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java new file mode 100644 index 000000000..d08354c43 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.util.Iterator; + +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.x509.BasicX509Credential; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; + +public class MetaDataVerificationFilter implements MetadataFilter { + + BasicX509Credential credential; + + public MetaDataVerificationFilter(BasicX509Credential credential) { + this.credential = credential; + } + + + public void doFilter(XMLObject metadata) throws FilterException { + if (metadata instanceof EntitiesDescriptor) { + EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + + if(entitiesDescriptor.getSignature() == null) { + throw new FilterException("Root element of metadata file has to be signed", null); + } + try { + processEntitiesDescriptor(entitiesDescriptor); + + } catch (MOAIDException e) { + throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + } + } + } + + private void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException { + Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); + + if(desc.getSignature() != null) { + EntityVerifier.verify(desc, this.credential); + } + + while(entID.hasNext()) { + processEntitiesDescriptor(entID.next()); + } + + Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); + + while(entIT.hasNext()) { + EntityDescriptor entity = entIT.next(); + if (entity.getSignature() != null) + EntityVerifier.verify(entity); + } + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index aeadbd0bb..f08632d83 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -1,24 +1,55 @@ package at.gv.egovernment.moa.id.configuration.config; +import iaik.x509.X509Certificate; + import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; +import java.io.InputStream; +import java.net.MalformedURLException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; import java.util.Properties; +import java.util.Timer; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.log4j.Logger; +import org.opensaml.DefaultBootstrap; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; -import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; +import at.gv.egovernment.moa.util.MiscUtil; public class ConfigurationProvider { + private static final Logger log = Logger.getLogger(ConfigurationProvider.class); + private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; private static ConfigurationProvider instance; private Properties props; private String configFileName; + private String configRootDir; + + private HTTPMetadataProvider idpMetadataProvider = null; + private KeyStore keyStore = null; + + private String publicURLPreFix = null; + + private boolean pvp2logininitialzied = false; public static ConfigurationProvider getInstance() throws ConfigurationException { if (instance == null) { @@ -39,10 +70,14 @@ public class ConfigurationProvider { if (configFileName == null) { throw new ConfigurationException("config.01"); } - Logger.info("Loading MOA-ID-AUTH configuration " + configFileName); + + // determine the directory of the root config file + configRootDir = new File(configFileName).getParent(); + + log.info("Loading MOA-ID-AUTH configuration " + configFileName); //Initial Hibernate Framework - Logger.trace("Initializing Hibernate framework."); + log.trace("Initializing Hibernate framework."); //Load MOAID-2.0 properties file File propertiesFile = new File(configFileName); @@ -60,26 +95,349 @@ public class ConfigurationProvider { //Initial config Database ConfigurationDBUtils.initHibernate(props); } - Logger.trace("Hibernate initialization finished."); + log.trace("Hibernate initialization finished."); + DefaultBootstrap.bootstrap(); + log.info("OPENSAML initialized"); + + //TODO: start CleanUP Thread + UserRequestCleaner.start(); - + } catch (FileNotFoundException e) { throw new ConfigurationException("config.01", e); + } catch (IOException e) { throw new ConfigurationException("config.02", e); + } catch (MOADatabaseException e) { throw new ConfigurationException("config.03", e); + + } catch (org.opensaml.xml.ConfigurationException e) { + throw new ConfigurationException("config.04", e); } } + public String getPublicUrlPreFix(HttpServletRequest request) { + publicURLPreFix = props.getProperty("general.publicURLContext"); + + if (MiscUtil.isEmpty(publicURLPreFix) && request != null) { + String url = request.getRequestURL().toString(); + String contextpath = request.getContextPath(); + int index = url.indexOf(contextpath); + publicURLPreFix = url.substring(0, index + contextpath.length() + 1); + } + + return publicURLPreFix; + } + + public int getUserRequestCleanUpDelay() { + String delay = props.getProperty("general.userrequests.cleanup.delay"); + return Integer.getInteger(delay, 12); + } + + public String getContactMailAddress() { + return props.getProperty("general.contact.mail"); + } + + public String getSSOLogOutURL() { + return props.getProperty("general.login.pvp2.idp.sso.logout.url"); + } + + public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException { + if (keyStore == null) { + String keystoretype = getPVP2MetadataKeystoreType(); + if (MiscUtil.isEmpty(keystoretype)) { + log.debug("No KeyStoreType defined. Using default KeyStoreType."); + keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + + } else { + log.debug("Using " + keystoretype + " KeyStoreType."); + keyStore = KeyStore.getInstance(keystoretype); + + } + + + String file = getPVP2MetadataKeystoreURL(); + log.debug("Load KeyStore from URL " + file); + if (MiscUtil.isEmpty(file)) { + log.info("Metadata KeyStoreURL is empty"); + throw new ConfigurationException("Metadata KeyStoreURL is empty"); + } + + FileInputStream inputStream = new FileInputStream(file); + keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray()); + inputStream.close(); + } + + return keyStore; + + } + + public String getConfigFile() { + return configFileName; + } + + public String getConfigRootDir() { + return configRootDir; + } + public boolean isLoginDeaktivated() { String result = props.getProperty("general.login.deaktivate", "false"); return Boolean.parseBoolean(result); } - public String getConfigFile() { - return configFileName; + public boolean isOATargetVerificationDeaktivated() { + String result = props.getProperty("general.OATargetVerification.deaktivate", "false"); + return Boolean.parseBoolean(result); + } + + //PVP2 Login configuration + + public void initializePVP2Login() throws ConfigurationException { + if (!pvp2logininitialzied) + initalPVP2Login(); + } + + public boolean isPVP2LoginActive() { + if (!pvp2logininitialzied) + return false; + + String result = props.getProperty("general.login.pvp2.isactive", "false"); + return Boolean.parseBoolean(result); + } + + public boolean isPVP2LoginBusinessService() { + String result = props.getProperty("general.login.pvp2.isbusinessservice", "false"); + return Boolean.parseBoolean(result); + } + + public String getPVP2LoginTarget() { + return props.getProperty("general.login.pvp2.target"); + } + + public String getPVP2LoginIdenificationValue() { + return props.getProperty("general.login.pvp2.identificationvalue"); + } + + public String getPVP2MetadataEntitiesName() { + return props.getProperty("general.login.pvp2.metadata.entities.name"); + } + + public String getPVP2MetadataKeystoreURL() { + return props.getProperty("general.login.pvp2.keystore.url"); + } + + public String getPVP2MetadataKeystorePassword() { + return props.getProperty("general.login.pvp2.keystore.password"); + } + + public String getPVP2MetadataKeystoreType() { + return props.getProperty("general.login.pvp2.keystore.type"); + } + + public String getPVP2KeystoreMetadataKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.metadata.key.alias"); + } + + public String getPVP2KeystoreMetadataKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.metadata.key.password"); + } + + public String getPVP2KeystoreAuthRequestKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias"); + } + + public String getPVP2KeystoreAuthRequestKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.authrequest.key.password"); + } + + public String getPVP2IDPMetadataURL() { + return props.getProperty("general.login.pvp2.idp.metadata.url"); + } + + public String getPVP2IDPMetadataCertificate() { + return props.getProperty("general.login.pvp2.idp.metadata.certificate"); + } + + public String getPVP2IDPMetadataEntityName() { + return props.getProperty("general.login.pvp2.idp.metadata.entityID"); + } + + public HTTPMetadataProvider getMetaDataProvier() { + return idpMetadataProvider; + } + + + //SMTP Server + public String getSMTPMailHost() { + return props.getProperty("general.mail.host"); + } + + public String getSMTPMailPort() { + return props.getProperty("general.mail.host.port"); + } + + public String getSMTPMailUsername() { + return props.getProperty("general.mail.host.username"); + } + + public String getSMTPMailPassword() { + return props.getProperty("general.mail.host.password"); + } + + //Mail Configuration + public String getMailFromName() { + return props.getProperty("general.mail.from.name"); + } + + public String getMailFromAddress() { + return props.getProperty("general.mail.from.address"); + } + + public String getMailUserAcountVerificationSubject() { + return props.getProperty("general.mail.useraccountrequest.verification.subject"); + } + + public String getMailUserAcountVerificationTemplate() throws ConfigurationException { + String url = props.getProperty("general.mail.useraccountrequest.verification.template"); + + if (MiscUtil.isNotEmpty(url)) { + if (url.startsWith(Constants.FILEPREFIX)) + return url; + + else + return configRootDir + "/" + url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountVerificationTemplate is empty"); + + } + } + + public String getMailUserAcountActivationSubject() { + return props.getProperty("general.mail.useraccountrequest.isactive.subject"); + } + + public String getMailUserAcountActivationTemplate() throws ConfigurationException { + String url = props.getProperty("general.mail.useraccountrequest.isactive.template"); + + if (MiscUtil.isNotEmpty(url)) { + if (url.startsWith(Constants.FILEPREFIX)) + return url; + + else + return configRootDir + "/" + url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountActivationTemplate is empty"); + + } + } + + public String getMailOAActivationSubject() { + return props.getProperty("general.mail.createOArequest.isactive.subject"); + } + + public String getMailOAActivationTemplate() throws ConfigurationException { + String url = props.getProperty("general.mail.createOArequest.isactive.template"); + + if (MiscUtil.isNotEmpty(url)) { + if (url.startsWith(Constants.FILEPREFIX)) + return url; + + else + return configRootDir + "/" + url; + + } else { + log.warn("MailOAActivationTemplate is empty"); + throw new ConfigurationException("MailOAActivationTemplate is empty"); + + } + } + + public String getMailUserAcountRevocationTemplate() throws ConfigurationException { + String url = props.getProperty("general.mail.useraccountrequest.rejected.template"); + + if (MiscUtil.isNotEmpty(url)) { + if (url.startsWith(Constants.FILEPREFIX)) + return url; + + else + return configRootDir + "/" + url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountRevocationTemplate is empty"); + + } + } + + public String getMailAdminSubject() { + return props.getProperty("general.mail.admin.subject"); + } + + public String getMailAdminTemplate() throws ConfigurationException { + String url = props.getProperty("general.mail.admin.adresses.template"); + + if (MiscUtil.isNotEmpty(url)) { + if (url.startsWith(Constants.FILEPREFIX)) + return url; + + else + return configRootDir + "/" + url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailAdminTemplate is empty"); + + } + } + + public String getMailAdminAddress() { + return props.getProperty("general.mail.admin.adress"); + } + + + private void initalPVP2Login() throws ConfigurationException { + try { + + String metadataCert = getPVP2IDPMetadataCertificate(); + if (MiscUtil.isEmpty(metadataCert)) { + log.info("NO IDP Certificate to verify IDP Metadata"); + throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); + } + + InputStream certstream = new FileInputStream(metadataCert); + X509Certificate cert = new X509Certificate(certstream); + BasicX509Credential idpCredential = new BasicX509Credential(); + idpCredential.setEntityCertificate(cert); + + log.debug("IDP Certificate loading finished"); + + String metadataurl = getPVP2IDPMetadataURL(); + if (MiscUtil.isEmpty(metadataurl)) { + log.info("NO IDP Metadata URL."); + throw new ConfigurationException("NO IDP Metadata URL."); + } + + idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl); + idpMetadataProvider.setRequireValidMetadata(true); + idpMetadataProvider.setParserPool(new BasicParserPool()); + idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); + idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12 ); //refresh Metadata every 12h + idpMetadataProvider.initialize(); + + pvp2logininitialzied = true; + + } catch (Exception e) { + log.warn("PVP2 authentification can not be initialized."); + throw new ConfigurationException("PVP2 authentification can not be initialized.", e); + } + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java new file mode 100644 index 000000000..d0b108e1e --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.configuration.data; + +public class GeneralStorkConfig { + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java new file mode 100644 index 000000000..b1857aea1 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.configuration.data; + +public class StorkAttributes { + + + public AttributValues eIdentifier; + + + public void parse() { + eIdentifier = AttributValues.MANDATORY; + } + + + public enum AttributValues { + MANDATORY, OPTIONAL, NOT; + + public String getValue() { + if (this == MANDATORY) + return MANDATORY.name(); + if (this == OPTIONAL) + return OPTIONAL.name(); + else + return NOT.name(); + } + } + +} + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java index 881cdf277..ab08b458a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java @@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.configuration.data; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.util.data.BPK; public class UserDatabaseFrom { @@ -18,10 +17,14 @@ public class UserDatabaseFrom { private boolean active = false; private boolean admin = false; private boolean passwordActive; + private boolean isusernamepasswordallowed = false; + private boolean isadminrequest = true; + private boolean ismandateuser = false; + private boolean isPVPGenerated; private String userID = null; public UserDatabaseFrom() { - + } public UserDatabaseFrom(UserDatabase db) { @@ -41,6 +44,26 @@ public class UserDatabaseFrom { active = db.isIsActive(); admin = db.isIsAdmin(); + if (db.isIsUsernamePasswordAllowed() != null) + isusernamepasswordallowed = db.isIsUsernamePasswordAllowed(); + else + isusernamepasswordallowed = true; + + if (db.isIsAdminRequest() != null) + isadminrequest = db.isIsAdminRequest(); + else + isadminrequest = false; + + if (db.isIsMandateUser() != null) + ismandateuser = db.isIsMandateUser(); + else + ismandateuser = false; + + if (db.isIsPVP2Generated() != null) + isPVPGenerated = db.isIsPVP2Generated(); + else + isPVPGenerated = false; + userID = String.valueOf(db.getHjid()); } @@ -247,7 +270,62 @@ public class UserDatabaseFrom { public void setPassword_second(String password_second) { this.password_second = password_second; } + + /** + * @return the isusernamepasswordallowed + */ + public boolean isIsusernamepasswordallowed() { + return isusernamepasswordallowed; + } + + /** + * @param isusernamepasswordallowed the isusernamepasswordallowed to set + */ + public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) { + this.isusernamepasswordallowed = isusernamepasswordallowed; + } + + /** + * @return the ismandateuser + */ + public boolean isIsmandateuser() { + return ismandateuser; + } + /** + * @param ismandateuser the ismandateuser to set + */ + public void setIsmandateuser(boolean ismandateuser) { + this.ismandateuser = ismandateuser; + } + + /** + * @return the isadminrequest + */ + public boolean isIsadminrequest() { + return isadminrequest; + } + + /** + * @param isadminrequest the isadminrequest to set + */ + public void setIsadminrequest(boolean isadminrequest) { + this.isadminrequest = isadminrequest; + } + + /** + * @return the isPVPGenerated + */ + public boolean isPVPGenerated() { + return isPVPGenerated; + } + + /** + * @param isPVPGenerated the isPVPGenerated to set + */ + public void setPVPGenerated(boolean isPVPGenerated) { + this.isPVPGenerated = isPVPGenerated; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index 57ae4863a..2b4ea53c1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -1,9 +1,11 @@ package at.gv.egovernment.moa.id.configuration.data.oa; import java.util.ArrayList; +import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; @@ -18,6 +20,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; import at.gv.egovernment.moa.util.MiscUtil; @@ -35,19 +38,21 @@ public class OAGeneralConfig { private boolean businessService = false; private String target = null; + private String target_subsector = null; + private String target_admin = null; + private static List<String> targetList = null; private String targetFriendlyName = null; + private boolean isAdminTarget = false; private String identificationNumber = null; private String identificationType = null; + private static List<String> identificationTypeList = null; private String aditionalAuthBlockText = null; private String mandateProfiles = null; private boolean isActive = false; - private String slVersion = null; - private boolean useIFrame = false; - private boolean useUTC = false; private boolean calculateHPI = false; private String keyBoxIdentifier = null; @@ -56,6 +61,8 @@ public class OAGeneralConfig { private boolean legacy = false; List<String> SLTemplates = null; + private boolean isHideBPKAuthBlock = false; + private Map<String, byte[]> transformations; @@ -69,6 +76,14 @@ public class OAGeneralConfig { bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL; bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; + + targetList = TargetValidator.getListOfTargets(); + target = ""; + + identificationTypeList = Arrays.asList( + Constants.IDENIFICATIONTYPE_FN, + Constants.IDENIFICATIONTYPE_ZVR, + Constants.IDENIFICATIONTYPE_ERSB); } @@ -81,8 +96,32 @@ public class OAGeneralConfig { keyBoxIdentifier = dbOAConfig.getKeyBoxIdentifier().value(); identifier = dbOAConfig.getPublicURLPrefix(); - target = dbOAConfig.getTarget(); - targetFriendlyName = dbOAConfig.getTargetFriendlyName(); + + String target_full = dbOAConfig.getTarget(); + + if (MiscUtil.isNotEmpty(target_full)) { + String[] target_split = target_full.split("-"); + + if (TargetValidator.isValidTarget(target_full)) { + target = dbOAConfig.getTarget(); + if (target_split.length > 1) + target_subsector = target_split[1]; + + } else { + if (TargetValidator.isValidTarget(target_split[0])) { + target = target_split[0]; + if (target_split.length > 1) + target_subsector = target_split[1]; + + } else { + target = ""; + target_subsector = null; + target_admin = target_full; + isAdminTarget = true; + } + } + targetFriendlyName = dbOAConfig.getTargetFriendlyName(); + } if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) businessService = true; @@ -127,7 +166,15 @@ public class OAGeneralConfig { IdentificationNumber idnumber = oaauth.getIdentificationNumber(); if (idnumber != null) { - identificationNumber = idnumber.getValue(); + String number = idnumber.getValue(); + if (MiscUtil.isNotEmpty(number)) { + String[] split = number.split("\\+"); + + if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { + identificationType = split[1]; + identificationNumber = split[2]; + } + } } Mandates mandates = oaauth.getMandates(); @@ -135,8 +182,6 @@ public class OAGeneralConfig { mandateProfiles = mandates.getProfiles(); } - slVersion = oaauth.getSlVersion(); - TemplatesType templates = oaauth.getTemplates(); if (templates != null) { aditionalAuthBlockText = templates.getAditionalAuthBlockText(); @@ -162,11 +207,9 @@ public class OAGeneralConfig { transformations.put(el.getFilename(), el.getTransformation()); } - useIFrame = oaauth.isUseIFrame(); - useUTC = oaauth.isUseUTC(); } - + isHideBPKAuthBlock = dbOAConfig.isRemoveBPKFromAuthBlock(); } @@ -243,30 +286,6 @@ public class OAGeneralConfig { this.isActive = isActive; } - public String getSlVersion() { - return slVersion; - } - - public void setSlVersion(String slVersion) { - this.slVersion = slVersion; - } - - public boolean isUseIFrame() { - return useIFrame; - } - - public void setUseIFrame(boolean useIFrame) { - this.useIFrame = useIFrame; - } - - public boolean isUseUTC() { - return useUTC; - } - - public void setUseUTC(boolean useUTC) { - this.useUTC = useUTC; - } - public boolean isBusinessService() { return businessService; } @@ -461,6 +480,84 @@ public class OAGeneralConfig { SLTemplates.add(sLTemplateURL3); } - + + /** + * @return the target_subsector + */ + public String getTarget_subsector() { + return target_subsector; + } + + + /** + * @param target_subsector the target_subsector to set + */ + public void setTarget_subsector(String target_subsector) { + this.target_subsector = target_subsector; + } + + + /** + * @return the target_admin + */ + public String getTarget_admin() { + return target_admin; + } + + + /** + * @param target_admin the target_admin to set + */ + public void setTarget_admin(String target_admin) { + this.target_admin = target_admin; + } + + + /** + * @return the targetList + */ + public List<String> getTargetList() { + return targetList; + } + + + /** + * @return the identificationTypeList + */ + public List<String> getIdentificationTypeList() { + return identificationTypeList; + } + + + /** + * @return the isAdminTarget + */ + public boolean isAdminTarget() { + return isAdminTarget; + } + + + /** + * @param isAdminTarget the isAdminTarget to set + */ + public void setAdminTarget(boolean isAdminTarget) { + this.isAdminTarget = isAdminTarget; + } + + + /** + * @return the isHideBPKAuthBlock + */ + public boolean isHideBPKAuthBlock() { + return isHideBPKAuthBlock; + } + + + /** + * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set + */ + public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { + this.isHideBPKAuthBlock = isHideBPKAuthBlock; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java index e83bf6997..0c78f996c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.configuration.exception; +import javax.mail.MessagingException; + import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; public class ConfigurationException extends Exception { @@ -14,4 +16,8 @@ public class ConfigurationException extends Exception { super(LanguageHelper.getErrorString(errorname), e); } + public ConfigurationException(Throwable e) { + super(e); + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index 7dac458ca..9f81e1212 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -129,7 +129,7 @@ public class AuthenticationFilter implements Filter{ if (authuser == null) { - authuser = new AuthenticatedUser(0, "Max", "TestUser", "maxtestuser", true, true); + authuser = new AuthenticatedUser(0, "Max", "TestUser", null, "maxtestuser", true, true, false, false); //authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false); httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser); } @@ -184,7 +184,7 @@ public class AuthenticationFilter implements Filter{ filterchain.doFilter(req, resp); } catch (Exception e) { - + // String redirectURL = "./index.action"; // HttpServletResponse httpResp = (HttpServletResponse) resp; // redirectURL = httpResp.encodeRedirectURL(redirectURL); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java new file mode 100644 index 000000000..aed20ce9e --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.configuration.helper; + +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.util.MiscUtil; + +public class DateTimeHelper { + + private static final Logger log = Logger.getLogger(DateTimeHelper.class); + + private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm"; + + public static String getDateTime(Date date) { + SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); + return f.format(date); + } + + public static Date parseDateTime(String date) { + SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); + + if (MiscUtil.isNotEmpty(date)) { + + try { + return f.parse(date); + + } catch (ParseException e) { + log.warn("Parse DATETIME String " + date + " failed", e); + + } + } + return null; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java new file mode 100644 index 000000000..d2814f6a6 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -0,0 +1,53 @@ +package at.gv.egovernment.moa.id.configuration.helper; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.OAListElement; + +public class FormDataHelper { + + public static ArrayList<OAListElement> addFormOAs(List<OnlineApplication> dbOAs) { + + ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>(); + + for (OnlineApplication dboa : dbOAs) { + OAListElement listoa = new OAListElement(); + listoa.setActive(dboa.isIsActive()); + listoa.setDataBaseID(dboa.getHjid()); + listoa.setOaFriendlyName(dboa.getFriendlyName()); + listoa.setOaIdentifier(dboa.getPublicURLPrefix()); + listoa.setOaType(dboa.getType()); + formOAs.add(listoa); + } + + return formOAs; + } + + public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) { + ArrayList<AuthenticatedUser> userlist = new ArrayList<AuthenticatedUser>(); + + for (UserDatabase dbuser : dbuserlist) { + + boolean ismandate = false; + if (dbuser.isIsMandateUser() != null) + ismandate = dbuser.isIsMandateUser(); + + + userlist.add(new AuthenticatedUser( + dbuser.getHjid(), + dbuser.getGivenname(), + dbuser.getFamilyname(), + dbuser.getInstitut(), + dbuser.getUsername(), + dbuser.isIsActive(), + dbuser.isIsAdmin(), + ismandate, + false)); + } + return userlist; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java new file mode 100644 index 000000000..3081f3929 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java @@ -0,0 +1,254 @@ +package at.gv.egovernment.moa.id.configuration.helper; + +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; +import java.text.SimpleDateFormat; +import java.util.Date; +import java.util.Properties; + +import javax.mail.BodyPart; +import javax.mail.Message; +import javax.mail.MessagingException; +import javax.mail.Session; +import javax.mail.Transport; +import javax.mail.internet.InternetAddress; +import javax.mail.internet.MimeBodyPart; +import javax.mail.internet.MimeMessage; +import javax.mail.internet.MimeMultipart; + +import org.apache.commons.io.IOUtils; +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.util.MiscUtil; + +public class MailHelper { + + private static final Logger log = Logger.getLogger(MailHelper.class); + + private static final String PATTERN_GIVENNAME = "#GIVENNAME#"; + private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#"; + private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#"; + private static final String PATTERN_DATE = "#TODAY_DATE#"; + private static final String PATTERN_OPENOAS = "#NUMBER_OAS#"; + private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#"; + private static final String PATTERN_OANAME = "#OANAME#"; + + public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException { + + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateurl = config.getMailUserAcountVerificationTemplate(); + + String template = readTemplateFromURL(templateurl); + + if (userdb.isIsMandateUser()) { + template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); + template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); + } + + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + + if (!verificationURL.endsWith("/")) + verificationURL = verificationURL + "/"; + + verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION + + "?" + Constants.REQUEST_USERREQUESTTOKKEN + + "=" + userdb.getUserRequestTokken(); + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailUserAcountVerificationSubject(), + userdb.getMail(), template); + + } + + public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateurl = config.getMailAdminTemplate(); + + String template = readTemplateFromURL(templateurl); + template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs)); + template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers)); + + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template); + + } + + public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, String mailurl) throws ConfigurationException { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateurl = config.getMailUserAcountActivationTemplate(); + + String template = readTemplateFromURL(templateurl); + if (MiscUtil.isNotEmpty(institut)) { + template = template.replace(PATTERN_GIVENNAME, institut); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, givenname); + template = template.replace(PATTERN_FAMILYNAME, familyname); + } + + + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + if (!verificationURL.endsWith("/")) + verificationURL = verificationURL + "/"; + + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailUserAcountActivationSubject(), + mailurl, template); + } + + public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, String institut, String oaname, String mailurl) throws ConfigurationException { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateurl = config.getMailOAActivationTemplate(); + + String template = readTemplateFromURL(templateurl); + if (MiscUtil.isNotEmpty(institut)) { + template = template.replace(PATTERN_GIVENNAME, institut); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, givenname); + template = template.replace(PATTERN_FAMILYNAME, familyname); + } + + template = template.replace(PATTERN_OANAME, oaname); + + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + if (!verificationURL.endsWith("/")) + verificationURL = verificationURL + "/"; + + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailOAActivationSubject(), + mailurl, template); + } + + public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateurl = config.getMailUserAcountRevocationTemplate(); + + String template = readTemplateFromURL(templateurl); + + if (userdb.isIsMandateUser()) { + template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); + template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); + } + + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + sendMail(config, config.getMailUserAcountActivationSubject(), + userdb.getMail(), template); + } + + private static String readTemplateFromURL(String templateurl) throws ConfigurationException { + InputStream input; + try { + File file = new File(templateurl); + input = new FileInputStream(file); + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + input.close(); + return writer.toString(); + + } catch (Exception e) { + log.warn("Mailtemplate can not be read from source" + templateurl); + throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl); + + } + } + + private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) throws ConfigurationException { + try { + log.debug("Sending mail."); + MiscUtil.assertNotNull(subject, "subject"); + MiscUtil.assertNotNull(recipient, "recipient"); + MiscUtil.assertNotNull(content, "content"); + + Properties props = new Properties(); + props.setProperty("mail.transport.protocol", "smtp"); + props.setProperty("mail.host", config.getSMTPMailHost()); + log.trace("Mail host: " + config.getSMTPMailHost()); + if (config.getSMTPMailPort() != null) { + log.trace("Mail port: " + config.getSMTPMailPort()); + props.setProperty("mail.port", config.getSMTPMailPort()); + } + if (config.getSMTPMailUsername() != null) { + log.trace("Mail user: " + config.getSMTPMailUsername()); + props.setProperty("mail.user", config.getSMTPMailUsername()); + } + if (config.getSMTPMailPassword() != null) { + log.trace("Mail password: " + config.getSMTPMailPassword()); + props.setProperty("mail.password", config.getSMTPMailPassword()); + } + + Session mailSession = Session.getDefaultInstance(props, null); + Transport transport = mailSession.getTransport(); + + MimeMessage message = new MimeMessage(mailSession); + message.setSubject(subject); + log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress()); + message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName())); + log.trace("Recipient: " + recipient); + message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient)); + + log.trace("Creating multipart content of mail."); + MimeMultipart multipart = new MimeMultipart("related"); + + log.trace("Adding first part (html)"); + BodyPart messageBodyPart = new MimeBodyPart(); + messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15"); + multipart.addBodyPart(messageBodyPart); + +// log.trace("Adding mail images"); +// messageBodyPart = new MimeBodyPart(); +// for (Image image : images) { +// messageBodyPart.setDataHandler(new DataHandler(image)); +// messageBodyPart.setHeader("Content-ID", "<" + image.getContentId() + ">"); +// multipart.addBodyPart(messageBodyPart); +// } + + message.setContent(multipart); + transport.connect(); + log.trace("Sending mail message."); + transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO)); + log.trace("Successfully sent."); + transport.close(); + + } catch(MessagingException e) { + throw new ConfigurationException(e); + + } catch (UnsupportedEncodingException e) { + throw new ConfigurationException(e); + + } + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 3f6005b97..bad522a4b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -10,6 +10,7 @@ import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; @@ -53,6 +54,7 @@ import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.PVP2ContactValidator; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; import com.opensymphony.xwork2.ActionSupport; @@ -67,12 +69,18 @@ public class EditGeneralConfigAction extends ActionSupport private HttpServletResponse response; private AuthenticatedUser authUser; - private GeneralMOAIDConfig moaconfig; + private String formID; + public String loadConfig() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; if (authUser.isAdmin()) { @@ -84,6 +92,9 @@ public class EditGeneralConfigAction extends ActionSupport ConfigurationDBUtils.closeSession(); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_SUCCESS; } else { @@ -93,11 +104,30 @@ public class EditGeneralConfigAction extends ActionSupport } public String saveConfig() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + if (authUser.isAdmin()) { MOAConfigValidator validator = new MOAConfigValidator(); @@ -109,6 +139,8 @@ public class EditGeneralConfigAction extends ActionSupport for (String el : errors) addActionError(el); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -505,6 +537,20 @@ public class EditGeneralConfigAction extends ActionSupport public void setMoaconfig(GeneralMOAIDConfig moaconfig) { this.moaconfig = moaconfig; } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 297d80726..8d20fe118 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -8,6 +8,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; @@ -38,13 +39,17 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config; import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper; +import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation; import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation; import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation; import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; import com.opensymphony.xwork2.ActionSupport; @@ -63,6 +68,9 @@ ServletResponseAware { private String oaidobj; private boolean newOA; + private String formID; + + private String nextPage; private OAGeneralConfig generalOA = new OAGeneralConfig(); private OAPVP2Config pvp2OA = new OAPVP2Config(); @@ -72,11 +80,16 @@ ServletResponseAware { //STRUTS actions public String inital() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; - + long oaid = -1; if (!ValidationHelper.validateOAID(oaidobj)) { @@ -88,8 +101,15 @@ ServletResponseAware { OnlineApplication onlineapplication = null;; if (authUser.isAdmin()) onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + else { UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (!userdb.isIsMailAddressVerified() && !authUser.isAdmin()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + } + List<OnlineApplication> oas = userdb.getOnlineApplication(); for (OnlineApplication oa : oas) { if (oa.getHjid() == oaid) { @@ -115,7 +135,10 @@ ServletResponseAware { ConfigurationDBUtils.closeSession(); - request.getSession().setAttribute(Constants.SESSION_OAID, oaid); + session.setAttribute(Constants.SESSION_OAID, oaid); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); newOA = false; @@ -124,24 +147,66 @@ ServletResponseAware { public String newOA() { log.debug("insert new Online-Application"); + + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + session.setAttribute(Constants.SESSION_OAID, null); + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - request.getSession().setAttribute(Constants.SESSION_OAID, null); - - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!userdb.isIsMailAddressVerified() && !authUser.isAdmin()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + } + newOA = true; + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_OA_EDIT; } public String saveOA() { - - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + OnlineApplication onlineapplication = null; List<String> errors = new ArrayList<String>(); @@ -170,15 +235,15 @@ ServletResponseAware { } else { - //TODO: oaidentifier has to be a URL according to PVP2.1 specification - if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + if (!ValidationHelper.validateURL(oaidentifier)) { + log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); } else { if (oaid == -1) { onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + newOA = true; if (onlineapplication != null) { log.info("The OAIdentifier is not unique"); errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); @@ -215,23 +280,108 @@ ServletResponseAware { for (String el : errors) addActionError(el); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } else { - String error = saveOAConfigToDatabase(onlineapplication); + boolean newentry = false; + + if (onlineapplication == null) { + onlineapplication = new OnlineApplication(); + newentry = true; + onlineapplication.setIsActive(false); + + if (!authUser.isAdmin()) { + onlineapplication.setIsAdminRequired(true); + } + + } else { + if (!authUser.isAdmin() && + !onlineapplication.getPublicURLPrefix(). + equals(generalOA.getIdentifier())) { + + onlineapplication.setIsAdminRequired(true); + onlineapplication.setIsActive(false); + log.info("User with ID " + authUser.getUserID() + + " change OA-PublicURLPrefix. Reaktivation is required."); + } + + } + + if ( (onlineapplication.isIsAdminRequired() == null) || + (authUser.isAdmin() && generalOA.isActive() + && onlineapplication.isIsAdminRequired()) ) { + + onlineapplication.setIsAdminRequired(false); + + UserDatabase user = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); + if (user != null) { + try { + MailHelper.sendUserOnlineApplicationActivationMail( + user.getGivenname(), + user.getFamilyname(), + user.getInstitut(), + onlineapplication.getPublicURLPrefix(), + user.getMail()); + } catch (ConfigurationException e) { + log.warn("Sending Mail to User " + user.getMail() + " failed", e); + } + } + + } + + + String error = saveOAConfigToDatabase(onlineapplication, newentry); if (MiscUtil.isNotEmpty(error)) { log.warn("OA configuration can not be stored!"); - addActionError(error); + addActionError(error); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } } + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } - request.getSession().setAttribute(Constants.SESSION_OAID, null); - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); + if (onlineapplication.isIsAdminRequired()) { + int numoas = 0; + int numusers = 0; + + List<OnlineApplication> openOAs = ConfigurationDBRead.getAllNewOnlineApplications(); + if (openOAs != null) + numoas = openOAs.size(); + + List<UserDatabase> openUsers = ConfigurationDBRead.getAllNewUsers(); + if (openUsers != null) + numusers = openUsers.size(); + try { + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request)); + + if (numusers > 0 || numoas > 0) + MailHelper.sendAdminMail(numoas, numusers); + + } catch (ConfigurationException e) { + log.warn("Sending Mail to Admin failed.", e); + } + + } else + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); + + + request.getSession().setAttribute(Constants.SESSION_OAID, null); ConfigurationDBUtils.closeSession(); return Constants.STRUTS_SUCCESS; @@ -239,7 +389,22 @@ ServletResponseAware { public String cancleAndBackOA() { - request.getSession().setAttribute(Constants.SESSION_OAID, null); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + session.setAttribute(Constants.SESSION_OAID, null); addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request)); @@ -249,15 +414,52 @@ ServletResponseAware { } public String deleteOA() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + String oaidentifier = generalOA.getIdentifier(); if (MiscUtil.isEmpty(oaidentifier)) { log.info("Empty OA identifier"); addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } else { @@ -265,6 +467,9 @@ ServletResponseAware { log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } } @@ -310,16 +515,8 @@ ServletResponseAware { } - private String saveOAConfigToDatabase(OnlineApplication dboa) { - - boolean newentry = false; - - if (dboa == null) { - dboa = new OnlineApplication(); - newentry = true; - dboa.setIsActive(false); - } - + private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) { + AuthComponentOA authoa = dboa.getAuthComponentOA(); if (authoa == null) { authoa = new AuthComponentOA(); @@ -331,72 +528,134 @@ ServletResponseAware { dboa.setFriendlyName(generalOA.getFriendlyName()); dboa.setCalculateHPI(generalOA.isCalculateHPI()); - dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); + dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock()); + + if (authUser.isAdmin()) + dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); + else { + if (newentry) + dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + } + dboa.setPublicURLPrefix(generalOA.getIdentifier()); if (generalOA.isBusinessService()) { dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + IdentificationNumber idnumber = new IdentificationNumber(); - idnumber.setValue(generalOA.getIdentificationNumber()); + idnumber.setValue( + Constants.PREFIX_WPBK + + generalOA.getIdentificationType() + + "+" + + num); + authoa.setIdentificationNumber(idnumber); } else { dboa.setType(null); - dboa.setTarget(generalOA.getTarget()); - dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); + if (authUser.isAdmin()) { + if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) && + generalOA.isAdminTarget() ) { + dboa.setTarget(generalOA.getTarget_admin()); + dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); + + } else { + String target_full = generalOA.getTarget(); + String[] target_split = target_full.split("-"); + if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector())) + dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector()); + else + dboa.setTarget(target_full); + + String targetname = TargetValidator.getTargetFriendlyName(target_full); + if (MiscUtil.isNotEmpty(targetname)) + dboa.setTargetFriendlyName(targetname); + else + dboa.setTargetFriendlyName(TargetValidator.getTargetFriendlyName(target_split[0])); + } + + } else { + if (MiscUtil.isNotEmpty(generalOA.getTarget())) { + String target_full = generalOA.getTarget(); + String[] target_split = target_full.split("-"); + dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector()); + + if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector())) + dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector()); + + else + dboa.setTarget(target_full); + + String targetname = TargetValidator.getTargetFriendlyName(target_full); + if (MiscUtil.isNotEmpty(targetname)) + dboa.setTargetFriendlyName(targetname); + else + dboa.setTargetFriendlyName(TargetValidator.getTargetFriendlyName(target_split[0])); + } + } } BKUURLS bkuruls = new BKUURLS(); authoa.setBKUURLS(bkuruls); - bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); - bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); - bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); + if (authUser.isAdmin()) { + bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); + bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); + bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); + } Mandates mandates = new Mandates(); mandates.setProfiles(generalOA.getMandateProfiles()); authoa.setMandates(mandates); - - authoa.setSlVersion(generalOA.getSlVersion()); - authoa.setUseIFrame(generalOA.isUseIFrame()); - authoa.setUseUTC(generalOA.isUseUTC()); - + TemplatesType templates = authoa.getTemplates(); if (templates == null) { templates = new TemplatesType(); authoa.setTemplates(templates); } - templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); - List<TemplateType> template = templates.getTemplate(); - if (generalOA.isLegacy()) { + if (authUser.isAdmin()) { + templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); + + List<TemplateType> template = templates.getTemplate(); + if (generalOA.isLegacy()) { - if (template == null) - template = new ArrayList<TemplateType>(); - else - template.clear(); + if (template == null) + template = new ArrayList<TemplateType>(); + else + template.clear(); - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL1()); - template.add(el); - } - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL2()); - template.add(el); - } - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL3()); - template.add(el); + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL1()); + template.add(el); + } + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL2()); + template.add(el); + } + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL3()); + template.add(el); + } + + } else { + if (template != null && template.size() > 0) + template.clear(); } - - } else { - if (template != null && template.size() > 0) - template.clear(); } //set default transformation if it is empty @@ -609,4 +868,28 @@ ServletResponseAware { this.newOA = newOA; } + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } + + + + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index 1cb4fa802..d3d00186f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -3,26 +3,21 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.io.File; import java.io.IOException; import java.io.InputStream; -import java.io.OutputStream; -import java.io.StringReader; import java.io.StringWriter; -import java.net.MalformedURLException; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; -import javax.xml.transform.Result; import org.apache.commons.io.IOUtils; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; -import org.hibernate.lob.ReaderInputStream; -import org.w3c.dom.Node; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; @@ -35,7 +30,7 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.iaik.commons.util.IOUtil; +import at.gv.egovernment.moa.id.util.Random; import com.opensymphony.xwork2.ActionSupport; @@ -51,6 +46,7 @@ implements ServletRequestAware, ServletResponseAware { private HttpServletResponse response; private AuthenticatedUser authUser; + private String formID; private File fileUpload = null; private String fileUploadContentType = null; @@ -59,13 +55,20 @@ implements ServletRequestAware, ServletResponseAware { private InputStream fileInputStream; public String init() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; if (authUser.isAdmin()) { - + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_SUCCESS; } else { @@ -76,16 +79,39 @@ implements ServletRequestAware, ServletResponseAware { } public String importLegacyConfig() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + if (authUser.isAdmin()) { //load legacy config if it is configured if (fileUpload == null) { addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -97,6 +123,9 @@ implements ServletRequestAware, ServletResponseAware { } catch (org.opensaml.xml.ConfigurationException e1) { log.info("Legacy configuration has an Import Error", e1); addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e1.getMessage()})); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } log.debug("OpenSAML successfully initialized"); @@ -108,26 +137,24 @@ implements ServletRequestAware, ServletResponseAware { try { log.warn("WARNING! The legacy import deletes the hole old config"); - String rootConfigFileDir = new File(ConfigurationProvider.getInstance().getConfigFile()).getParent(); - - try { - rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); - - } catch (MalformedURLException t) { - log.warn("RootConfiguration Directory is not found"); - rootConfigFileDir = ""; - } - + String rootConfigFileDir = ConfigurationProvider.getInstance().getConfigRootDir(); + moaconfig = BuildFromLegacyConfig.build(fileUpload, rootConfigFileDir, moaidconfig); } catch (ConfigurationException e) { log.info("Legacy configuration has an Import Error", e); addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()})); ConfigurationDBUtils.closeSession(); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } catch (at.gv.egovernment.moa.id.configuration.exception.ConfigurationException e) { ConfigurationDBUtils.closeSession(); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -155,6 +182,9 @@ implements ServletRequestAware, ServletResponseAware { } catch (MOADatabaseException e) { log.warn("General MOA-ID config can not be stored in Database"); addActionError(e.getMessage()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -174,10 +204,30 @@ implements ServletRequestAware, ServletResponseAware { } public String downloadXMLConfig() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + if (authUser.isAdmin()) { log.info("Write MOA-ID 2.x xml config"); @@ -194,6 +244,9 @@ implements ServletRequestAware, ServletResponseAware { if (moaidconfig == null) { log.info("No MOA-ID 2.x configruation available"); addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig")); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -208,11 +261,17 @@ implements ServletRequestAware, ServletResponseAware { log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); addActionError(LanguageHelper.getErrorString("errors.importexport.export", new Object[]{e.getMessage()})); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } catch (IOException e) { log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); addActionError(LanguageHelper.getErrorString("errors.importexport.export", new Object[]{e.getMessage()})); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -230,10 +289,30 @@ implements ServletRequestAware, ServletResponseAware { public String importXMLConfig() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + if (authUser.isAdmin()) { if (fileUpload == null) { @@ -271,6 +350,9 @@ implements ServletRequestAware, ServletResponseAware { log.warn("MOA-ID XML configuration can not be loaded from File.", e); addActionError(LanguageHelper.getErrorString("errors.importexport.import", new Object[]{e.getMessage()})); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -360,4 +442,19 @@ implements ServletRequestAware, ServletResponseAware { public InputStream getFileInputStream() { return fileInputStream; } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index 6078caa87..545a84800 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -1,34 +1,77 @@ package at.gv.egovernment.moa.id.configuration.struts.action; +import java.util.ArrayList; import java.util.Date; +import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.commons.lang.StringEscapeUtils; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; +import org.joda.time.DateTime; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.security.MetadataCredentialResolverFactory; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoProvider; +import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider; +import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider; +import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; import com.opensymphony.xwork2.ActionSupport; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; +import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; public class IndexAction extends ActionSupport implements ServletRequestAware, ServletResponseAware { + private static final long serialVersionUID = -2781497863862504896L; + private static final Logger log = Logger.getLogger(IndexAction.class); private HttpServletRequest request; @@ -36,6 +79,11 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, private String password; private String username; + private UserDatabaseFrom user = null; + private AuthenticatedUser authUser = null; + private String formID; + + private String ssologouturl; public String start() { @@ -80,12 +128,12 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, return Constants.STRUTS_ERROR; } else { - if (!dbuser.isIsActive()) { - log.warn("Username " + dbuser.getUsername() + " is not active"); + if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) { + log.warn("Username " + dbuser.getUsername() + " is not active or Username/Password login is not allowed"); addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed")); return Constants.STRUTS_ERROR; } - + if (!dbuser.getPassword().equals(key)) { log.warn("Username " + dbuser.getUsername() + " use a false password"); addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed")); @@ -96,13 +144,18 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, dbuser.getHjid(), dbuser.getGivenname(), dbuser.getFamilyname(), + dbuser.getInstitut(), dbuser.getUsername(), true, - dbuser.isIsAdmin()); + dbuser.isIsAdmin(), + dbuser.isIsMandateUser(), + false); - authuser.setLastLogin(dbuser.getLastLoginItem()); + Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + if (date != null) + authuser.setLastLogin(date);; - dbuser.setLastLoginItem(new Date()); + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); try { ConfigurationDBUtils.saveOrUpdate(dbuser); @@ -120,13 +173,515 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, } } + public String pvp2login() { + + String method = request.getMethod(); + HttpSession session = request.getSession(); + if (session == null) { + log.info("NO HTTP Session"); + return Constants.STRUTS_ERROR; + } + + String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); + session.setAttribute(Constants.SESSION_PVP2REQUESTID, null); + + if (method.equals("POST")) { + + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + + //Decode with HttpPost Binding + HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + request)); + decode.decode(messageContext); + + Response samlResponse = (Response) messageContext.getInboundMessage(); + + Signature sign = samlResponse.getSignature(); + if (sign == null) { + log.info("Only http POST Requests can be used"); + addActionError(LanguageHelper.getErrorString("error.login")); + return Constants.STRUTS_ERROR; + } + + //Validate Signature + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + profileValidator.validate(sign); + + //Verify Signature + List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory(); + MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier()); + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); + criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); + criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); + + ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver); + trustEngine.validate(sign, criteriaSet); + + log.info("PVP2 Assertion is valid"); + + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + List<org.opensaml.saml2.core.Assertion> saml2assertions = samlResponse.getAssertions(); + + if (MiscUtil.isEmpty(authID)) { + log.info("NO AuthRequestID"); + return Constants.STRUTS_ERROR; + } + + for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + + Subject subject = saml2assertion.getSubject(); + List<SubjectConfirmation> subjectconformlist = subject.getSubjectConfirmations(); + for (SubjectConfirmation el : subjectconformlist) { + if (el.getMethod().equals(SubjectConfirmation.METHOD_BEARER)) { + SubjectConfirmationData date = el.getSubjectConfirmationData(); + + if (!authID.equals(date.getInResponseTo())) { + log.warn("PVPRequestID does not match PVP2 Assertion ID!"); + return Constants.STRUTS_ERROR; + + } + } + } + + Conditions conditions = saml2assertion.getConditions(); + DateTime notbefore = conditions.getNotBefore(); + DateTime notafter = conditions.getNotOnOrAfter(); + if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { + log.warn("PVP2 Assertion is out of Date"); + return Constants.STRUTS_ERROR; + + } + + NameID nameID = subject.getNameID(); + if (nameID == null) { + log.warn("No NameID element in PVP2 assertion!"); + return Constants.STRUTS_ERROR; + } + + String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue(); + + //search user + UserDatabase dbuser = ConfigurationDBRead.getUserWithUserBPKWBPK(bpkwbpk); + if (dbuser == null) { + log.info("No user found with bpk/wbpk " + bpkwbpk); + + //read PVP2 assertion attributes; + user = new UserDatabaseFrom(); + user.setActive(false); + user.setAdmin(false); + user.setBpk(bpkwbpk); + user.setIsusernamepasswordallowed(false); + user.setIsmandateuser(false); + user.setPVPGenerated(true); + + authUser = new AuthenticatedUser(); + authUser.setAdmin(false); + authUser.setAuthenticated(false); + authUser.setLastLogin(null); + authUser.setUserID(-1); + authUser.setUserName(null); + authUser.setPVP2Login(true); + authUser.setMandateUser(false); + + //loop through the nodes to get what we want + List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); + for (int i = 0; i < attributeStatements.size(); i++) + { + List<Attribute> attributes = attributeStatements.get(i).getAttributes(); + for (int x = 0; x < attributes.size(); x++) + { + String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); + + if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { + user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); + authUser.setFamilyName(user.getFamilyName()); + } + + if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { + user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); + authUser.setGivenName(user.getGivenName()); + } + + if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) { + authUser.setMandateUser(true); + user.setIsmandateuser(true); + } + + if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) { + user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); + authUser.setInstitute(user.getInstitut()); + } + } + } + + //set Random value + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_FORM, user); + session.setAttribute(Constants.SESSION_AUTH, authUser); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_NEWUSER; + + } else { + if (!dbuser.isIsActive()) { + + if (!dbuser.isIsMailAddressVerified()) { + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + user = new UserDatabaseFrom(dbuser); + authUser = new AuthenticatedUser( + dbuser.getHjid(), + dbuser.getGivenname(), + dbuser.getFamilyname(), + dbuser.getInstitut(), + dbuser.getUsername(), + false, + false, + dbuser.isIsMandateUser(), + true); + session.setAttribute(Constants.SESSION_FORM, user); + session.setAttribute(Constants.SESSION_AUTH, authUser); + + return Constants.STRUTS_NEWUSER; + + } + + log.info("User with bpk/wbpk " + bpkwbpk + " is not active"); + addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive")); + return Constants.STRUTS_ERROR; + } + + authUser = new AuthenticatedUser( + dbuser.getHjid(), + dbuser.getGivenname(), + dbuser.getFamilyname(), + dbuser.getInstitut(), + dbuser.getUsername(), + true, + dbuser.isIsAdmin(), + dbuser.isIsMandateUser(), + true); + + Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + if (date != null) + authUser.setLastLogin(date);; + + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + + } catch (MOADatabaseException e) { + log.warn("UserDatabase communicaton error", e); + addActionError(LanguageHelper.getErrorString("error.login")); + return Constants.STRUTS_ERROR; + } + finally { + ConfigurationDBUtils.closeSession(); + } + session.setAttribute(Constants.SESSION_AUTH, authUser); + return Constants.STRUTS_SUCCESS; + + } + } + + log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found."); + addActionError(LanguageHelper.getErrorString("error.login")); + return Constants.STRUTS_ERROR; + + } else { + log.info("Receive Error Assertion."); + return Constants.STRUTS_ERROR; + } + + } catch (Exception e) { + log.warn("Only http POST Requests can be used", e); + addActionError(LanguageHelper.getErrorString("error.login")); + return Constants.STRUTS_ERROR; + } + + } else { + log.info("Only http POST Requests can be used"); + addActionError(LanguageHelper.getErrorString("error.login")); + return Constants.STRUTS_ERROR; + } + } + + public String requestNewUser() { + + HttpSession session = request.getSession(); + if (session == null) { + log.warn("No active Session found"); + return Constants.STRUTS_ERROR; + } + + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + Object sessionformobj = session.getAttribute(Constants.SESSION_FORM); + if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) { + UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj; + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + if (user == null) { + log.warn("No form transmited"); + return Constants.STRUTS_ERROR; + } + + //get UserID + String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)){ + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + String check; + if (!sessionform.isIsmandateuser()) { + check = user.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + check); + addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Organisation is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty")); + } + } + + check = user.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + log.warn("Mailaddress is not valid: " + check); + addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Mailaddress is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty")); + } + + check = user.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Phonenumber contains potentail XSS characters: " + check); + addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Phonenumber is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty")); + } + + if (hasActionErrors()) { + log.info("Some form errors found. Send user back to form"); + + user.setPVPGenerated(true); + user.setFamilyName(sessionform.getFamilyName()); + user.setGivenName(sessionform.getGivenName()); + user.setIsmandateuser(sessionform.isIsmandateuser()); + user.setBpk(sessionform.getBpk()); + + if (sessionform.isIsmandateuser()) + user.setInstitut(sessionform.getInstitut()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_NEWUSER; + } + + UserDatabase dbuser; + + if (userID < 0) { + dbuser = new UserDatabase(); + dbuser.setBpk(sessionform.getBpk()); + dbuser.setFamilyname(sessionform.getFamilyName()); + dbuser.setGivenname(sessionform.getGivenName()); + + if (sessionform.isIsmandateuser()) + dbuser.setInstitut(sessionform.getInstitut()); + else + dbuser.setInstitut(user.getInstitut()); + + dbuser.setIsPVP2Generated(true); + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + dbuser.setIsActive(false); + dbuser.setIsAdmin(false); + dbuser.setIsMandateUser(sessionform.isIsmandateuser()); + dbuser.setIsUsernamePasswordAllowed(false); + + } else + dbuser = ConfigurationDBRead.getUserWithID(userID); + + dbuser.setMail(user.getMail()); + dbuser.setPhone(user.getPhone()); + dbuser.setIsAdminRequest(true); + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + + MailHelper.sendUserMailAddressVerification(dbuser); + + } catch (MOADatabaseException e) { + log.warn("New UserRequest can not be stored in database", e); + return Constants.STRUTS_ERROR; + + } catch (ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + addActionError(LanguageHelper.getErrorString("error.mail.send")); + return Constants.STRUTS_NEWUSER; + } + + finally { + session.setAttribute(Constants.SESSION_FORM, null); + session.setAttribute(Constants.SESSION_AUTH, null); + ConfigurationDBUtils.closeSession(); + } + + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify")); + + session.invalidate(); + + return Constants.STRUTS_SUCCESS; + + } else { + log.warn("No SessionForm found"); + return Constants.STRUTS_ERROR; + } + + } + + public String mailAddressVerification() { + + String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN); + if (MiscUtil.isNotEmpty(userrequesttokken)) { + + userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken); + + try { + Long.parseLong(userrequesttokken); + + } catch (NumberFormatException e) { + log.warn("Verificationtokken has no number format."); + return Constants.STRUTS_ERROR; + } + + UserDatabase dbuser = ConfigurationDBRead.getNewUserWithTokken(userrequesttokken); + if (dbuser != null) { + dbuser.setUserRequestTokken(null); + dbuser.setIsMailAddressVerified(true); + + if (dbuser.isIsActive()) + dbuser.setIsAdminRequest(false); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + + int numoas = 0; + int numusers = 0; + + List<OnlineApplication> openOAs = ConfigurationDBRead.getAllNewOnlineApplications(); + if (openOAs != null) + numoas = openOAs.size(); + + List<UserDatabase> openUsers = ConfigurationDBRead.getAllNewUsers(); + if (openUsers != null) + numusers = openUsers.size(); + + if (numusers > 0 || numoas > 0) + MailHelper.sendAdminMail(numoas, numusers); + + } catch (MOADatabaseException e) { + log.warn("Userinformation can not be stored in Database.", e); + addActionError(LanguageHelper.getErrorString("error.mail.verification")); + + } catch (ConfigurationException e) { + log.warn("Send mail to admin failed.", e); + } + + finally { + ConfigurationDBUtils.closeSession(); + } + + addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress")); + return Constants.STRUTS_SUCCESS; + } + } + + return Constants.STRUTS_ERROR; + } + public String logout() { HttpSession session = request.getSession(); + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; if (session != null) session.invalidate(); + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String ssologout = config.getSSOLogOutURL(); + + if (MiscUtil.isNotEmpty(ssologout) && authUser != null && authUser.isPVP2Login()) { + ssologouturl = ssologout + config.getPublicUrlPreFix(request); + return Constants.STRUTS_SSOLOGOUT; + + } + + } catch (ConfigurationException e) { + log.warn("Configuration can not be loaded.", e); + + } + return Constants.STRUTS_SUCCESS; } @@ -164,7 +719,46 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, public void setUsername(String username) { this.username = username; } - - + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + /** + * @return the user + */ + public UserDatabaseFrom getUser() { + return user; + } + + /** + * @param user the user to set + */ + public void setUser(UserDatabaseFrom user) { + this.user = user; + } + + /** + * @return the ssologouturl + */ + public String getSsologouturl() { + return ssologouturl; + } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index f5f265ea6..da3c99714 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -5,6 +5,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; @@ -22,6 +23,7 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; @@ -48,8 +50,13 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, public String listAllOnlineAppliactions() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; @@ -65,8 +72,16 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, dbOAs = authUserDB.getOnlineApplication(); } - addFormOAs(dbOAs); - + if (dbOAs == null || dbOAs.size() == 0) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA")); + + } else { + formOAs = FormDataHelper.addFormOAs(dbOAs); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + ConfigurationDBUtils.closeSession(); return Constants.STRUTS_SUCCESS; @@ -86,8 +101,13 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, } public String searchOA() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; @@ -125,32 +145,23 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, } } - addFormOAs(dbOAs); - - ConfigurationDBUtils.closeSession(); - - return Constants.STRUTS_SUCCESS; - } - - private void addFormOAs(List<OnlineApplication> dbOAs) { - - formOAs = new ArrayList<OAListElement>(); if (dbOAs == null || dbOAs.size() == 0) { - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + log.debug("No OAs found with Identifier " + friendlyname); + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA")); } else { - for (OnlineApplication dboa : dbOAs) { - OAListElement listoa = new OAListElement(); - listoa.setActive(dboa.isIsActive()); - listoa.setDataBaseID(dboa.getHjid()); - listoa.setOaFriendlyName(dboa.getFriendlyName()); - listoa.setOaIdentifier(dboa.getPublicURLPrefix()); - listoa.setOaType(dboa.getType()); - formOAs.add(listoa); - } + + formOAs = FormDataHelper.addFormOAs(dbOAs); + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + } - } + + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; + } + public void setServletResponse(HttpServletResponse arg0) { this.response = arg0; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java index aeafe9548..c80d5484d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java @@ -2,7 +2,9 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; @@ -14,6 +16,8 @@ import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; public class MainAction implements ServletRequestAware, ServletResponseAware { + private static final Logger log = Logger.getLogger(MainAction.class); + private HttpServletRequest request; private HttpServletResponse response; @@ -30,8 +34,17 @@ public class MainAction implements ServletRequestAware, public String generateMainFrame() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + + session.setAttribute(Constants.SESSION_RETURNAREA, null); + return Constants.STRUTS_SUCCESS; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java new file mode 100644 index 000000000..aa36d768a --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java @@ -0,0 +1,106 @@ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.OAListElement; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; + +import com.opensymphony.xwork2.ActionSupport; + +public class OpenAdminRequestsAction extends ActionSupport + implements ServletRequestAware, ServletResponseAware { + + private static final Logger log = Logger.getLogger(OpenAdminRequestsAction.class); + + private static final long serialVersionUID = 1L; + + private HttpServletRequest request; + private HttpServletResponse response; + + private AuthenticatedUser authUser = null; + private List<OAListElement> formOAs = null; + private List<AuthenticatedUser> userlist = null; + + + public String init() { + + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + + List<OnlineApplication> dbOAs = ConfigurationDBRead.getAllNewOnlineApplications(); + if (dbOAs != null) { + formOAs = FormDataHelper.addFormOAs(dbOAs); + } + + List<UserDatabase> dbUsers = ConfigurationDBRead.getAllNewUsers(); + if (dbUsers != null){ + userlist = FormDataHelper.addFormUsers(dbUsers); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()); + + return Constants.STRUTS_SUCCESS; + } else { + log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID()); + return Constants.STRUTS_NOTALLOWED; + } + + } + + + public void setServletResponse(HttpServletResponse response) { + this.response = response; + } + + public void setServletRequest(HttpServletRequest request) { + this.request = request; + } + + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + + /** + * @return the formOAs + */ + public List<OAListElement> getFormOAs() { + return formOAs; + } + + + /** + * @return the userlist + */ + public List<AuthenticatedUser> getUserlist() { + return userlist; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index 2a9ec038f..6bc90a417 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -1,11 +1,12 @@ package at.gv.egovernment.moa.id.configuration.struts.action; -import java.util.ArrayList; -import java.util.Date; +import java.io.ByteArrayInputStream; +import java.io.InputStream; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; @@ -18,10 +19,14 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; import com.opensymphony.xwork2.ActionSupport; @@ -43,30 +48,34 @@ public class UserManagementAction extends ActionSupport private String useridobj = null; private static boolean newUser = false; + private InputStream stream; + private String nextPage; + private String formID; public String init() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; - + if (authUser.isAdmin()) { + log.info("Show NewserRequests"); + log.info("Show UserList"); List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers(); + if (dbuserlist != null) { - userlist = new ArrayList<AuthenticatedUser>(); - - for (UserDatabase dbuser : dbuserlist) { - userlist.add(new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getUsername(), - dbuser.isIsActive(), - dbuser.isIsAdmin())); - } + userlist = FormDataHelper.addFormUsers(dbuserlist); } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name()); ConfigurationDBUtils.closeSession(); return Constants.STRUTS_SUCCESS; @@ -79,20 +88,37 @@ public class UserManagementAction extends ActionSupport } user = new UserDatabaseFrom(dbuser); ConfigurationDBUtils.closeSession(); + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_NOTALLOWED; } } public String createuser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); if (authUser.isAdmin()) { user = new UserDatabaseFrom(); newUser = true; + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_SUCCESS; } else { @@ -101,10 +127,27 @@ public class UserManagementAction extends ActionSupport } public String edituser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String)nextPageAttr) ) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + if (authUser.isAdmin()) { long userid = -1; @@ -136,11 +179,31 @@ public class UserManagementAction extends ActionSupport } } - public String saveuser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + public String saveuser() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + String useridobj = user.getUserID(); long userID = -1; if (MiscUtil.isEmpty(useridobj)) { @@ -156,9 +219,30 @@ public class UserManagementAction extends ActionSupport userID = Long.valueOf(useridobj); } + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + + if( dbuser == null) { + dbuser = new UserDatabase(); + dbuser.setIsMandateUser(false); + dbuser.setIsAdminRequest(false); + dbuser.setIsPVP2Generated(false); + dbuser.setUserRequestTokken(null); + dbuser.setIsMailAddressVerified(false); + dbuser.setUsername(user.getUsername()); + } + List<String> errors; UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); - errors = validator.validate(user, userID); + + boolean ispvp2 = false; + boolean ismandate = false; + if (dbuser.isIsPVP2Generated() != null) + ispvp2 = dbuser.isIsPVP2Generated(); + + if (dbuser.isIsMandateUser() != null) + ismandate = dbuser.isIsMandateUser(); + + errors = validator.validate(user, userID, ispvp2, ismandate); if (errors.size() > 0) { log.info("UserDataForm has some erros."); @@ -169,6 +253,14 @@ public class UserManagementAction extends ActionSupport if (MiscUtil.isEmpty(user.getUsername())) newUser = true; + user.setIsmandateuser(ismandate); + user.setPVPGenerated(ispvp2); + if (dbuser.isIsUsernamePasswordAllowed() != null) + user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; } @@ -181,8 +273,49 @@ public class UserManagementAction extends ActionSupport } } - - String error = saveFormToDB(); + + if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + MailHelper.sendUserMailAddressVerification(dbuser); + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify")); + + } catch (ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + addActionError(LanguageHelper.getErrorString("error.mail.send")); + } + } + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String)nextPageAttr) ) { + nextPage = (String) nextPageAttr; + + if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) && + user.isActive()) { + dbuser.setIsAdminRequest(false); + try { + if (dbuser.isIsMandateUser()) + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + dbuser.getInstitut(), user.getMail()); + else + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + null, user.getMail()); + + } catch (ConfigurationException e) { + log.warn("Send UserAccountActivation mail failed", e); + } + } + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + String error = saveFormToDB(dbuser); + if (error != null) { log.warn("UserData can not be stored in Database"); addActionError(error); @@ -194,10 +327,30 @@ public class UserManagementAction extends ActionSupport } public String deleteuser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; - + + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + String useridobj = user.getUserID(); long userID = -1; if (MiscUtil.isEmpty(useridobj)) { @@ -222,6 +375,16 @@ public class UserManagementAction extends ActionSupport } } + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String)nextPageAttr) ) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); if (dbuser != null) { dbuser.setOnlineApplication(null); @@ -230,8 +393,22 @@ public class UserManagementAction extends ActionSupport ConfigurationDBUtils.saveOrUpdate(dbuser); ConfigurationDBUtils.delete(dbuser); + if (authUser.isAdmin()) { + MailHelper.sendUserAccountRevocationMail(dbuser); + } + + if (dbuser.getHjid() == authUser.getUserID()) { + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_REAUTHENTICATE; + } + } catch (MOADatabaseException e) { - log.warn("UserData can not be deleted from Database"); + log.warn("UserData can not be deleted from Database", e); + addActionError(e.getMessage()); + return Constants.STRUTS_SUCCESS; + + } catch (ConfigurationException e) { + log.warn("Information mail sending failed.", e); addActionError(e.getMessage()); return Constants.STRUTS_SUCCESS; } @@ -242,39 +419,93 @@ public class UserManagementAction extends ActionSupport } ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; } - private String saveFormToDB() { + public String sendVerificationMail () { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(user.getUsername()); + String message = LanguageHelper.getErrorString("error.mail.verification"); - if( dbuser == null) { - dbuser = new UserDatabase(); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + if (authUser != null) { + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (dbuser != null) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + + MailHelper.sendUserMailAddressVerification(dbuser); + + message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message"); + + } catch (ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + message = LanguageHelper.getErrorString("error.mail.send"); + + } catch (MOADatabaseException e) { + log.warn("Access UserInformationDatabase failed.", e); + } + } } - dbuser.setBpk(user.getBpk()); - dbuser.setFamilyname(user.getFamilyName()); - dbuser.setGivenname(user.getGivenName()); - dbuser.setInstitut(user.getInstitut()); + stream = new ByteArrayInputStream(message.getBytes()); + + return SUCCESS; + } + + private String saveFormToDB(UserDatabase dbuser) { + dbuser.setMail(user.getMail()); dbuser.setPhone(user.getPhone()); - dbuser.setUsername(user.getUsername()); - if (authUser.isAdmin()) { - dbuser.setIsActive(user.isActive()); - dbuser.setIsAdmin(user.isAdmin()); + if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) { + dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed()); + + if (authUser.isAdmin()) { + dbuser.setIsActive(user.isActive()); + dbuser.setIsAdmin(user.isAdmin()); + + } } - if (MiscUtil.isNotEmpty(user.getPassword())) { - String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); - if (key == null) { - return LanguageHelper.getErrorString("errors.edit.user.save"); + if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) { + dbuser.setFamilyname(user.getFamilyName()); + dbuser.setGivenname(user.getGivenName()); + dbuser.setInstitut(user.getInstitut()); + + if (authUser.isAdmin()) + dbuser.setBpk(user.getBpk()); + + } else { + if (!dbuser.isIsMandateUser()) + dbuser.setInstitut(user.getInstitut()); + } + + if (dbuser.isIsUsernamePasswordAllowed()) { + + if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) + dbuser.setUsername(user.getUsername()); + + if (MiscUtil.isNotEmpty(user.getPassword())) { + String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); + if (key == null) { + return LanguageHelper.getErrorString("errors.edit.user.save"); + } + dbuser.setPassword(key); } - dbuser.setPassword(key); } - try { ConfigurationDBUtils.saveOrUpdate(dbuser); } catch (MOADatabaseException e) { @@ -284,27 +515,7 @@ public class UserManagementAction extends ActionSupport return null; } - -// public String createTestUser() throws MOADatabaseException { -// -// UserDatabase user = new UserDatabase(); -// user.setBpk(""); -// user.setFamilyname("Max"); -// user.setGivenname("Mustermann"); -// user.setIsActive(true); -// user.setIsAdmin(false); -// user.setInstitut("EGIZ"); -// user.setLastLoginItem(new Date()); -// user.setMail("masdf@amfasdf.com"); -// user.setPhone("00660011542"); -// user.setUsername("testuser"); -// -// ConfigurationDBUtils.save(user); -// -// return Constants.STRUTS_SUCCESS; -// } - - + public void setServletResponse(HttpServletResponse response) { this.response = response; @@ -370,7 +581,33 @@ public class UserManagementAction extends ActionSupport public boolean isNewUser() { return newUser; } - - + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java new file mode 100644 index 000000000..ede8c09a8 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java @@ -0,0 +1,82 @@ +package at.gv.egovernment.moa.id.configuration.utils; + +import java.io.IOException; +import java.util.Iterator; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.opensaml.Configuration; +import org.opensaml.DefaultBootstrap; +import org.opensaml.xml.ConfigurationException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.XMLObjectBuilder; +import org.opensaml.xml.XMLObjectBuilderFactory; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + + +public class SAML2Utils { + + static { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + factory.setValidating(false); + try { + builder = factory.newDocumentBuilder(); + } catch (ParserConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + + private static DocumentBuilder builder; + + public static <T> T createSAMLObject(final Class<T> clazz) { + try { + + XMLObjectBuilderFactory builderFactory = Configuration + .getBuilderFactory(); + + QName defaultElementName = (QName) clazz.getDeclaredField( + "DEFAULT_ELEMENT_NAME").get(null); + Map<QName, XMLObjectBuilder> builder = builderFactory.getBuilders(); + Iterator<QName> it = builder.keySet().iterator(); + + while (it.hasNext()) { + QName qname = it.next(); + if (qname.equals(defaultElementName)) { + System.out.printf("Builder for: %s\n", qname.toString()); + } + } + XMLObjectBuilder xmlBuilder = builderFactory + .getBuilder(defaultElementName); + + T object = (T) xmlBuilder.buildObject(defaultElementName); + return object; + } catch (Throwable e) { + System.out.printf("Failed to create object for: %s\n", + clazz.toString()); + e.printStackTrace(); + return null; + } + } + + public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException { + org.w3c.dom.Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java new file mode 100644 index 000000000..96e99e8c7 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java @@ -0,0 +1,71 @@ +package at.gv.egovernment.moa.id.configuration.utils; + +import java.util.Calendar; +import java.util.Date; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; + + +public class UserRequestCleaner implements Runnable { + + private static final Logger log = Logger.getLogger(UserRequestCleaner.class); + + private static final long SESSION_CLEANUP_INTERVAL = 60 * 60; // 60 min + + public void run() { + while (true) { + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + + List<UserDatabase> userrequests = ConfigurationDBRead.getAllOpenUsersRequests(); + if (userrequests != null) { + Calendar cal = Calendar.getInstance(); + cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay()*-1); + Date cleanupdate = cal.getTime(); + + for(UserDatabase dbuser : userrequests) { + Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + + if (requestdate != null && requestdate.after(cleanupdate)) { + log.info("Remove UserRequest from Database"); + ConfigurationDBUtils.delete(dbuser); + } + + } + } + + Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); + + } catch (ConfigurationException e) { + log.info("UserRequestCleaner can not load configuration", e); + + } catch (InterruptedException e) { + + } finally { + ConfigurationDBUtils.closeSession(); + + } + } + } + + /** + * start the sessionCleaner + */ + public static void start() { + // start the session cleanup thread + Thread sessionCleaner = new Thread(new UserRequestCleaner()); + sessionCleaner.setName("UserRequestCleaner"); + sessionCleaner.setDaemon(true); + sessionCleaner.setPriority(Thread.MIN_PRIORITY); + sessionCleaner.start(); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java index 820aa7c57..466867367 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java @@ -2,17 +2,17 @@ package at.gv.egovernment.moa.id.configuration.validation; import org.apache.commons.lang.StringUtils; +import at.gv.egovernment.moa.id.configuration.Constants; + public class CompanyNumberValidator implements IdentificationNumberValidator { public boolean validate(String commercialRegisterNumber) { String normalizedNumber = commercialRegisterNumber.replaceAll(" ", ""); - if(normalizedNumber.startsWith("FN")) { + if(normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN)) normalizedNumber = normalizedNumber.substring(2); - return checkCommercialRegisterNumber(normalizedNumber); - - } else - return true; + + return checkCommercialRegisterNumber(normalizedNumber); } private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java new file mode 100644 index 000000000..65e8a549e --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java @@ -0,0 +1,84 @@ +package at.gv.egovernment.moa.id.configuration.validation; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import at.gv.egovernment.moa.util.MiscUtil; + + +public class TargetValidator { + + private static Map<String, String> targetList = null; + + static { + targetList = new HashMap<String, String>(); + targetList.put("AR", "Arbeit"); + targetList.put("AS", "Amtliche Statistik"); + targetList.put("BF", "Bildung und Forschung"); + targetList.put("BW", "Bauen und Wohnen"); + targetList.put("EA", "EU und Auswärtige Angelegenheiten"); + targetList.put("EF", "Ein- und Ausfuhr"); + targetList.put("GH", "Gesundheit"); + targetList.put("GS", "Gesellschaft und Soziales"); + targetList.put("GS-RE", "Restitution"); + targetList.put("JR", "Justiz/Zivilrechtswesen"); + targetList.put("KL", "Kultus"); + targetList.put("KU", "Kunst und Kultur"); + targetList.put("LF", "Land- und Forstwirtschaft"); + targetList.put("LV", "Landesverteidigung"); + targetList.put("RT", "Rundfunk und sonstige Medien sowie Telekommunikation"); + targetList.put("SA", "Steuern und Abgaben"); + targetList.put("SA", "Sport und Freizeit"); + targetList.put("SO", "Sicherheit und Ordnung"); + targetList.put("SO-VR", "Vereinsregister"); + targetList.put("SR-RG", "Strafregister"); + targetList.put("SV", "Sozialversicherung"); + targetList.put("UW", "Umwelt"); + targetList.put("VT", "Verkehr und Technik"); + targetList.put("VV", "Vermögensverwaltung"); + targetList.put("WT", "Wirtschaft"); + targetList.put("ZP", "Personenidentität und Bürgerrechte(zur Person)"); + targetList.put("BR", "Bereichsübergreifender Rechtsschutz"); + targetList.put("HR", "Zentrales Rechnungswesen"); + targetList.put("KI", "Auftraggeberinterne allgemeine Kanzleiindizes"); + targetList.put("OI", "Öffentlichkeitsarbeit"); + targetList.put("PV", "Personalverwaltung"); + targetList.put("RD", "Zentraler Rechtsdienst"); + targetList.put("VS", "Zentrale Durchführung von Verwaltungsstrafverfahren"); + targetList.put("VS-RG", "Zentrales Verwaltungsstrafregister"); + targetList.put("ZU", "Zustellungen"); + } + + public static List<String> getListOfTargets() { + Map<String, String> list = new HashMap<String, String>(); + list.put("", ""); + list.putAll(targetList); + + List<String> sortedList = new ArrayList<String>(); + sortedList.addAll(list.keySet()); + Collections.sort(sortedList); + + return sortedList; + + } + + public static String getTargetFriendlyName(String target) { + String name = targetList.get(target); + + if (MiscUtil.isNotEmpty(name)) + return name; + else + return null; + } + + public static boolean isValidTarget(String target) { + return targetList.containsKey(target); + } + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java index 276b0b4c8..88e1e6cf5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -16,44 +16,50 @@ public class UserDatabaseFormValidator { private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class); - public List<String> validate(UserDatabaseFrom form, long userID) { + public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, boolean isMandateUser) { List<String> errors = new ArrayList<String>(); - - String check = form.getGivenName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("GivenName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - } - } else { - log.warn("GivenName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty")); - } + String check = null; - check = form.getFamilyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("FamilyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + if (!isPVP2Generated) { + check = form.getGivenName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("GivenName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("GivenName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty")); + } + + + check = form.getFamilyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("FamilyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("FamilyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty")); } - } else { - log.warn("FamilyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty")); } - - check = form.getInstitut(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("Organisation contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + + if (!isMandateUser) { + check = form.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Organisation is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty")); } - } else { - log.warn("Organisation is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty")); } check = form.getMail(); @@ -80,67 +86,67 @@ public class UserDatabaseFormValidator { errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty")); } - check = form.getUsername(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("Username contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - - } else { - UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check); - if (dbuser != null && userID != dbuser.getHjid()) { - log.warn("Username " + check + " exists in UserDatabase"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate")); - form.setUsername(""); - } - } - } else { - if (userID == -1) { - log.warn("Username is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); + if (form.isIsusernamepasswordallowed()) { + check = form.getUsername(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Username contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + + } else { + UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check); + if (dbuser != null && userID != dbuser.getHjid()) { + log.warn("Username " + check + " exists in UserDatabase"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate")); + form.setUsername(""); + } + } } else { - UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); - if (dbuser == null) { + if (userID == -1) { log.warn("Username is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); } else { - form.setUsername(dbuser.getUsername()); + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + if (dbuser == null) { + log.warn("Username is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); + } else { + form.setUsername(dbuser.getUsername()); + } } } - } - - check = form.getPassword(); - if (MiscUtil.isEmpty(check)) { - if (userID == -1) { - log.warn("Password is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); - } else { - UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); - if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { + check = form.getPassword(); + + if (MiscUtil.isEmpty(check)) { + if (userID == -1) { log.warn("Password is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); - } - } - - } else { - - if (check.equals(form.getPassword_second())) { - - String key = AuthenticationHelper.generateKeyFormPassword(check); - if (key == null) { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid")); + } else { + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { + log.warn("Password is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); + } } - } - else { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal")); + } else { + + if (check.equals(form.getPassword_second())) { + + String key = AuthenticationHelper.generateKeyFormPassword(check); + if (key == null) { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid")); + } + + } + else { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal")); + } } } - - - + check = form.getBpk(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java index aeac75e44..eadf15f84 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java @@ -1,18 +1,122 @@ package at.gv.egovernment.moa.id.configuration.validation; +import iaik.asn1.ObjectID; +import iaik.utils.Util; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; + +import java.io.IOException; import java.net.MalformedURLException; +import java.net.Socket; import java.net.URL; +import java.net.UnknownHostException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; import java.text.ParseException; import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.util.Constants; + public class ValidationHelper { private static final Logger log = Logger.getLogger(ValidationHelper.class); + public static boolean isPublicServiceAllowed(String identifier) { + + SSLSocket socket = null; + + try { + URL url = new URL(identifier); + String host = url.getHost(); + + if (host.endsWith("/")) + host = host.substring(0, host.length()-1); + + if (url.getHost().endsWith(at.gv.egovernment.moa.id.configuration.Constants.PUBLICSERVICE_URL_POSTFIX)) { + log.debug("PublicURLPrefix with .gv.at Domain found."); + return true; + + } else { + SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory(); + socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort()); + socket.startHandshake(); + + SSLSession session = socket.getSession(); + Certificate[] servercerts = session.getPeerCertificates(); + X509Certificate[] iaikChain = new X509Certificate[servercerts.length]; + for (int i=0; i<servercerts.length; i++) { + iaikChain[i] = new X509Certificate(servercerts[i].getEncoded()); + } + + + X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0]; + + if (cert != null) { + ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft + ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft + + + if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) { + return false; + + } else { + log.info("Found correct X509 Extension in server certificate. PublicService is allowed"); + return true; + } + } + + return false; + } + + } catch (MalformedURLException e) { + log.warn("PublicURLPrefix can not parsed to URL", e); + return false; + + } catch (UnknownHostException e) { + log.warn("Can not connect to PublicURLPrefix Server", e); + return false; + + } catch (IOException e) { + log.warn("Can not connect to PublicURLPrefix Server", e); + return false; + + } catch (CertificateEncodingException e) { + log.warn("Can not parse X509 server certificate", e); + return false; + + } catch (CertificateException e) { + log.warn("Can not read X509 server certificate", e); + return false; + + } catch (X509ExtensionInitException e) { + log.warn("Can not read X509 server certificate extension", e); + return false; + } + + finally { + if (socket != null) + try { + socket.close(); + } catch (IOException e) { + log.warn("SSL Socket can not be closed.", e); + } + } + } + public static boolean validateOAID(String oaIDObj) { if (oaIDObj != null) { try { @@ -62,7 +166,7 @@ public class ValidationHelper { return false; } - public static boolean isValidTarget(String target) { + public static boolean isValidAdminTarget(String target) { log.debug("Ueberpruefe Parameter Target"); @@ -76,10 +180,24 @@ public class ValidationHelper { else { log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); return false; - } - + } } + public static boolean isValidTarget(String target) { + + log.debug("Ueberpruefe Parameter Target"); + + if (TargetValidator.isValidTarget(target)) { + log.debug("Parameter Target erfolgreich ueberprueft"); + return true; + } + else { + log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); + return false; + } + + } + public static boolean isValidSourceID(String sourceID) { log.debug("Ueberpruefe Parameter sourceID"); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index f51095cac..5fc5189d9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -292,7 +292,7 @@ public class MOAConfigValidator { errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty")); } else { - if (!ValidationHelper.isValidTarget(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { log.info("Not valid SSO Target"); errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid")); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java index fa992674e..99371a0e7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java @@ -7,7 +7,10 @@ import java.util.Map; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; @@ -20,51 +23,56 @@ public class OAGeneralConfigValidation { public List<String> validate(OAGeneralConfig form, boolean isAdmin) { List<String> errors = new ArrayList<String>(); + String check; - //validate aditionalAuthBlockText - String check = form.getAditionalAuthBlockText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + if (isAdmin) { + //validate aditionalAuthBlockText + check = form.getAditionalAuthBlockText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } } } //Check BKU URLs - check =form.getBkuHandyURL(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); - - } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid")); + if (isAdmin) { + check =form.getBkuHandyURL(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); + + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid")); + } } - } - - check =form.getBkuLocalURL(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Local-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); - } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid")); + check =form.getBkuLocalURL(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Local-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); + + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid")); + } } - } - - check =form.getBkuOnlineURL(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); - } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid")); + check =form.getBkuOnlineURL(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); + + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid")); + } } } @@ -78,47 +86,49 @@ public class OAGeneralConfigValidation { } } - //check KeyBoxIdentifier - check = form.getKeyBoxIdentifier(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty KeyBoxIdentifier"); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty")); - } else { - Map<String, String> list = form.getKeyBoxIdentifierList(); - if (!list.containsKey(check)) { - log.info("Not valid KeyBoxIdentifier " + check); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid")); - } - } - - //check LegacyMode SLTemplates - if (form.isLegacy()) { - if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && - MiscUtil.isEmpty(form.getSLTemplateURL2()) && - MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { - log.info("Empty OA-specific SecurityLayer Templates"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty")); - + if (isAdmin) { + //check KeyBoxIdentifier + check = form.getKeyBoxIdentifier(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty KeyBoxIdentifier"); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty")); } else { - check = form.getSLTemplateURL1(); - if (MiscUtil.isNotEmpty(check) && - !ValidationHelper.validateURL(check) ) { - log.info("First OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid")); - } - check = form.getSLTemplateURL2(); - if (MiscUtil.isNotEmpty(check) && - !ValidationHelper.validateURL(check) ) { - log.info("Second OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid")); - } - check = form.getSLTemplateURL3(); - if (MiscUtil.isNotEmpty(check) && - !ValidationHelper.validateURL(check) ) { - log.info("Third OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid")); + Map<String, String> list = form.getKeyBoxIdentifierList(); + if (!list.containsKey(check)) { + log.info("Not valid KeyBoxIdentifier " + check); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid")); } - } + } + + //check LegacyMode SLTemplates + if (form.isLegacy()) { + if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && + MiscUtil.isEmpty(form.getSLTemplateURL2()) && + MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { + log.info("Empty OA-specific SecurityLayer Templates"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty")); + + } else { + check = form.getSLTemplateURL1(); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check) ) { + log.info("First OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid")); + } + check = form.getSLTemplateURL2(); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check) ) { + log.info("Second OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid")); + } + check = form.getSLTemplateURL3(); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check) ) { + log.info("Third OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid")); + } + } + } } //check Mandate Profiles @@ -130,23 +140,18 @@ public class OAGeneralConfigValidation { new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); } } - - //check SL Version - check = form.getSlVersion(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLVersion. Set SLVersion to 1.2"); - form.setSlVersion("1.2"); - - } else { - if (!ValidationHelper.validateNumber(check)) { - log.info("Not valid SLVersion"); - errors.add(LanguageHelper.getErrorString("validation.general.slversion")); - } - } - + boolean businessservice = form.isBusinessService(); if (businessservice) { + + //check identification type + check = form.getIdentificationType(); + if (!form.getIdentificationTypeList().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(LanguageHelper.getErrorString("validation.general.identificationtype.valid")); + } + //check identification number check = form.getIdentificationNumber(); if (MiscUtil.isEmpty(check)) { @@ -160,49 +165,85 @@ public class OAGeneralConfigValidation { new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); } - if (check.startsWith("FN")) { + if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { CompanyNumberValidator val = new CompanyNumberValidator(); - if (val.validate(check)) { + if (!val.validate(check)) { log.info("Not valid CompanyNumber"); errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid")); } } } - - try { - float slversion = Float.valueOf(form.getSlVersion()); - if (slversion < 1.2) { - log.info("BusinessService Applications requires SLVersion >= 1.2"); - errors.add(LanguageHelper.getErrorString("validation.general.slversion.business")); - form.setSlVersion("1.2"); - } - - } catch (NumberFormatException e) { - } - + } else { - //check targetFrindlyName(); - check = form.getTargetFriendlyName(); + + check = form.getTarget_subsector(); if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("TargetFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid")); } } - //check Target - check = form.getTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); + + if (!isAdmin) { + //check PublicURL Prefix allows PublicService + if (!ValidationHelper.isPublicServiceAllowed(form.getIdentifier())) { + log.warn("PublicURLPrefix does not allow PublicService: " + form.getIdentifier()); + errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] {form.getIdentifier()} )); + form.setBusinessService(true); + return errors; + + } + + //check Target + check = form.getTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); + + } else { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); + } + } } else { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); + + //check targetFrindlyName(); + check = form.getTargetFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } } - } + + if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); + } + + //check Target + check = form.getTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); + } + } + + //check Admin Target + check = form.getTarget_admin(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid")); + } + } + } } return errors; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 4a1ef9261..e6ff0a166 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -1,15 +1,22 @@ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.io.IOException; +import java.net.URL; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; import org.apache.log4j.Logger; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.parse.BasicParserPool; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter; +import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class OAPVP2ConfigValidation { @@ -19,24 +26,59 @@ public class OAPVP2ConfigValidation { public List<String> validate(OAPVP2Config form) { List<String> errors = new ArrayList<String>(); - - String url = form.getMetaDataURL(); - if (MiscUtil.isNotEmpty(url) && !ValidationHelper.validateURL(url)) { - log.info("MetaDataURL has no valid form."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid")); - } - try { + byte[] metadata = null; + byte[] cert = null; + + String check = form.getMetaDataURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("MetaDataURL has no valid form."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid")); + + } else { + metadata = FileUtils.readURL(check); + if (MiscUtil.isEmpty(metadata)) { + log.info("Filecontent can not be read form MetaDataURL."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read")); + } + } + } + if (form.getFileUpload() != null) - form.getCertificate(); + cert = form.getCertificate(); + +// else { +// if (metadata != null) { +// log.info("No certificate to verify the Metadata defined."); +// errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")); +// } +// } + +// if (cert != null && metadata != null) { +// HTTPMetadataProvider httpProvider = new HTTPMetadataProvider( +// check, 20000); +// httpProvider.setParserPool(new BasicParserPool()); +// httpProvider.setRequireValidMetadata(true); +// MetadataFilter filter = new MetadataSignatureFilter( +// check, cert); +// httpProvider.setMetadataFilter(filter); +// httpProvider.initialize(); +// +// } + } catch (CertificateException e) { log.info("Uploaded Certificate can not be found", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")); } catch (IOException e) { - log.info("Uploaded Certificate can not be parsed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.format")); + log.info("Metadata can not be loaded from URL", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read")); + +// } catch (MetadataProviderException e) { +// log.info("MetaDate verification failed"); +// errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify")); } return errors; |