aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java3
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java8
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java48
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java25
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java3
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java21
9 files changed, 89 insertions, 33 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
index 332adaa80..7bf2cf93f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -46,7 +46,6 @@ public class MetaDataVerificationFilter implements MetadataFilter {
public void doFilter(XMLObject metadata) throws FilterException {
if (metadata instanceof EntitiesDescriptor) {
EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
-
if(entitiesDescriptor.getSignature() == null) {
throw new FilterException("Root element of metadata file has to be signed", null);
}
@@ -57,7 +56,7 @@ public class MetaDataVerificationFilter implements MetadataFilter {
throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
}
- } if (metadata instanceof EntityDescriptor) {
+ } if (metadata instanceof EntityDescriptor) {
try {
EntityDescriptor entity = (EntityDescriptor) metadata;
if (entity.getSignature() != null)
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index 957479b29..e6000319e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -437,23 +437,23 @@ public class ConfigurationProvider {
return parseVersionFromManifest();
}
- public String getCertStoreDirectory() throws CertificateException {
+ public String getCertStoreDirectory() throws ConfigurationException {
String dir = props.getProperty("general.ssl.certstore");
if (MiscUtil.isNotEmpty(dir))
return FileUtils.makeAbsoluteURL(dir, configRootDir);
else
- throw new CertificateException("No SSLCertStore configured use default JAVA TrustStore.");
+ throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore.");
}
- public String getTrustStoreDirectory() throws CertificateException {
+ public String getTrustStoreDirectory() throws ConfigurationException {
String dir = props.getProperty("general.ssl.truststore");
if (MiscUtil.isNotEmpty(dir))
return FileUtils.makeAbsoluteURL(dir, configRootDir);
else
- throw new CertificateException("No SSLTrustStore configured use default JAVA TrustStore.");
+ throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore.");
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
index 0e65b7dca..a9c914f74 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -30,6 +30,7 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
@@ -40,6 +41,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentials;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentialsCredentialOIDItem;
import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
@@ -207,8 +209,9 @@ public class OAAuthenticationData implements IOnlineApplicationData {
}
if (oaauth.getTestCredentials() != null) {
- enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials();
- testCredentialOIDs = oaauth.getTestCredentials().getCredentialOID();
+ enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials();
+ testCredentialOIDs = new ArrayList<String>();
+ testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID());
}
@@ -315,12 +318,20 @@ public class OAAuthenticationData implements IOnlineApplicationData {
if (enableTestCredentials) {
TestCredentials testing = authoa.getTestCredentials();
- if (testing == null)
- testing = new TestCredentials();
-
- testing.setEnableTestCredentials(enableTestCredentials);
+ if (testing != null)
+ ConfigurationDBUtils.delete(testing);
+
+ testing = new TestCredentials();
+ authoa.setTestCredentials(testing);
+ testing.setEnableTestCredentials(enableTestCredentials);
testing.setCredentialOID(testCredentialOIDs);
+ } else {
+ TestCredentials testing = authoa.getTestCredentials();
+ if (testing != null) {
+ testing.setEnableTestCredentials(false);
+ }
+
}
return null;
@@ -576,12 +587,14 @@ public class OAAuthenticationData implements IOnlineApplicationData {
*/
public String getTestCredentialOIDs() {
String value = null;
- for (String el : testCredentialOIDs) {
- if (value == null)
- value = el;
- else
- value += "," + el;
+ if (testCredentialOIDs != null) {
+ for (String el : testCredentialOIDs) {
+ if (value == null)
+ value = el;
+ else
+ value += "," + el;
+ }
}
return value;
@@ -595,12 +608,13 @@ public class OAAuthenticationData implements IOnlineApplicationData {
* @param testCredentialOIDs the testCredentialOIDs to set
*/
public void setTestCredentialOIDs(String testCredentialOIDs) {
- String[] oidList = testCredentialOIDs.split(",");
+ if (MiscUtil.isNotEmpty(testCredentialOIDs)) {
+ String[] oidList = testCredentialOIDs.split(",");
- this.testCredentialOIDs = new ArrayList<String>();
- for (int i=0; i<oidList.length; i++)
- this.testCredentialOIDs.add(oidList[i].trim());
+ this.testCredentialOIDs = new ArrayList<String>();
+ for (int i=0; i<oidList.length; i++)
+ this.testCredentialOIDs.add(oidList[i].trim());
+ }
}
-
-
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
index 150483dd8..e5ee5ac09 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
@@ -60,10 +60,12 @@ public class FormDataHelper {
for (OnlineApplication dboa : dbOAs) {
- if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) ||
+ if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) ||
+ (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) ||
(dboa.getAuthComponentOA().getOASTORK() != null
&& dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
- && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()))) {
+ && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) ||
+ (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() ))) {
formOAs.add(addOAFormListElement(dboa, ServiceType.OA));
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 5a9787069..26d97484b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -291,8 +291,17 @@ public class BasicOAAction extends BasicAction {
} else {
- if (oaid == -1) {
- onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
+ if (oaid == -1) {
+ List<OnlineApplication> oaList = ConfigurationDBRead.getAllOnlineApplications();
+ for (OnlineApplication el : oaList) {
+ if (el.getPublicURLPrefix().startsWith(oaidentifier) )
+ onlineapplication = el;
+
+ }
+ if (onlineapplication == null) {
+ onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
+
+ }
setNewOA(true);
if (onlineapplication != null) {
log.info("The OAIdentifier is not unique");
@@ -306,7 +315,17 @@ public class BasicOAAction extends BasicAction {
onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) {
- if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) {
+ OnlineApplication dbOA = null;
+ List<OnlineApplication> oaList = ConfigurationDBRead.getAllOnlineApplications();
+ for (OnlineApplication el : oaList) {
+ if (el.getPublicURLPrefix().startsWith(oaidentifier) )
+ dbOA = el;
+
+ }
+ if (dbOA == null)
+ dbOA = ConfigurationDBRead.getOnlineApplication(oaidentifier);
+
+ if ( (dbOA != null && !dbOA.getHjid().equals(oaid))) {
log.info("The OAIdentifier is not unique");
throw new BasicOAActionException(
LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request),
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 31c29aef0..4236c0d13 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -241,6 +241,9 @@ public class EditGeneralConfigAction extends BasicAction {
}
MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ if (dbconfig == null)
+ dbconfig = new MOAIDConfiguration();
+
AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral();
if (dbauth == null) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
index 7f7f083c9..335dbc91e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
@@ -133,7 +133,7 @@ public class ListOAsAction extends BasicAction {
} else {
if (ValidationHelper.containsPotentialCSSCharacter(friendlyname, false)) {
log.warn("SearchOA textfield contains potential XSS characters");
- addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname",
+ addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request));
return Constants.STRUTS_SUCCESS;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index fd40bd447..fd4226c5b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -147,12 +147,14 @@ public class OAAuthenticationDataValidation {
}
}
- if (form.isEnableTestCredentials()) {
+ if (form.isEnableTestCredentials()
+ && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) {
for (String el : form.getTestCredialOIDList()) {
- if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID))
+ if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID)) {
log.warn("Test credential OID does not start with test credential root OID");
errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid",
new Object[] {el}, request ));
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 40e243d0b..8e1dd6e64 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -36,8 +36,10 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.MOAHttpClient;
import org.apache.log4j.Logger;
import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataFilterChain;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallerFactory;
@@ -58,6 +60,7 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.util.MiscUtil;
public class OAPVP2ConfigValidation {
@@ -126,17 +129,29 @@ public class OAPVP2ConfigValidation {
} catch (ConfigurationException e) {
log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
- }
+ }
+
+ List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
+ filterList.add(new MetaDataVerificationFilter(credential));
+ filterList.add(new SchemaValidationFilter());
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.setFilters(filterList);
httpProvider =
new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
httpProvider.setParserPool(new BasicParserPool());
httpProvider.setRequireValidMetadata(true);
- httpProvider.setMetadataFilter(new MetaDataVerificationFilter(credential));
+ httpProvider.setMetadataFilter(filter);
httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+
+ httpProvider.setRequireValidMetadata(true);
+
httpProvider.initialize();
+
+
+
if (httpProvider.getMetadata() == null) {
log.info("Metadata could be received but validation FAILED.");
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
@@ -157,6 +172,8 @@ public class OAPVP2ConfigValidation {
} catch (MetadataProviderException e) {
+
+ //TODO: check exception handling
if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
log.info("SSL Server certificate not trusted.", e);
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));