diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java')
15 files changed, 313 insertions, 70 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java new file mode 100644 index 000000000..a25cc44ef --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java @@ -0,0 +1,92 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.util.List; + +import javax.xml.namespace.QName; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.ws.soap.soap11.Envelope; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.signature.SignatureTrustEngine; + +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule; + +/** + * @author tlenz + * + */ +public class PVPSOAPRequestSecurityPolicy extends + AbstractRequestSignedSecurityPolicyRule { + + /** + * @param trustEngine + * @param peerEntityRole + */ + public PVPSOAPRequestSecurityPolicy(SignatureTrustEngine trustEngine, + QName peerEntityRole) { + super(trustEngine, peerEntityRole); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String) + */ + @Override + protected boolean refreshMetadataProvider(String entityID) { + try { + HTTPMetadataProvider metadataProvider = ConfigurationProvider.getInstance().getMetaDataProvier(); + metadataProvider.setRequireValidMetadata(true); + metadataProvider.refresh(); + + return true; + + } catch (Exception e) { + + + } + + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject) + */ + @Override + protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) { + if (inboundData instanceof Envelope) { + Envelope envelope = (Envelope) inboundData; + if (envelope.getBody() != null) { + List<XMLObject> xmlElemList = envelope.getBody().getUnknownXMLObjects(); + if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof SignableSAMLObject) + return (SignableSAMLObject) xmlElemList.get(0); + + } + } + + return null; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java index cff08740b..17d3d9e50 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java @@ -40,6 +40,7 @@ import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.client.BasicSOAPMessageContext; import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; @@ -49,10 +50,12 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.validation.ValidationException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils; /** * @author tlenz @@ -77,25 +80,44 @@ public class SLOBackChannelServlet extends SLOBasicServlet { try { HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); - BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = - new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - request)); + + BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext(); + +// BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = +// new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + + //messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); + + //set trustPolicy +// BasicSecurityPolicy policy = new BasicSecurityPolicy(); +// policy.getPolicyRules().add( +// new PVPSOAPRequestSecurityPolicy( +// PVP2Utils.getTrustEngine(getConfig()), +// IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); +// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( +// policy); +// messageContext.setSecurityPolicyResolver(resolver); soapDecoder.decode(messageContext); - + Envelope inboundMessage = (Envelope) messageContext .getInboundMessage(); + LogoutResponse sloResp = null; + if (inboundMessage.getBody() != null) { List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); - - LogoutResponse sloResp; + if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) { LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0); - sloResp = processLogOutRequest(sloReq, request); + //validate request signature + PVP2Utils.validateSignature(sloReq, getConfig()); + + sloResp = processLogOutRequest(sloReq, request); + KeyStore keyStore = getConfig().getPVP2KeyStore(); X509Credential authcredential = new KeyStoreX509CredentialAdapter( keyStore, @@ -111,24 +133,17 @@ public class SLOBackChannelServlet extends SLOBasicServlet { context.setOutboundMessageTransport(responseAdapter); encoder.encode(context); - + } else { log.warn("Received request ist not of type LogOutRequest"); response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + return; } } - } catch (MessageDecodingException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - - } catch (SecurityException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - - } catch (NoSuchAlgorithmException e) { - log.error("SLO message processing FAILED." , e); + } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) { + log.error("SLO message processing FAILED." , e); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); } catch (CertificateException e) { @@ -139,15 +154,14 @@ public class SLOBackChannelServlet extends SLOBasicServlet { log.error("SLO message processing FAILED." , e); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - } catch (ConfigurationException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - } catch (MessageEncodingException e) { log.error("SLO message processing FAILED." , e); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - } + } + + + } protected void doGet(HttpServletRequest request, diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java index 2a35e50b1..c70d34d7e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java @@ -131,13 +131,13 @@ public class SLOBasicServlet extends HttpServlet { } else { log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + " is not found."); - return createSLOResponse(sloReq, StatusCode.PARTIAL_LOGOUT_URI, request); + return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); } } - private LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException { + protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException { LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); sloResp.setID(gen.generateIdentifier()); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java index 8df7f9d5a..274aa21bf 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java @@ -69,7 +69,6 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils; import at.gv.egovernment.moa.id.configuration.exception.PVP2Exception; import at.gv.egovernment.moa.id.configuration.exception.SLOException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -99,8 +98,15 @@ public class SLOFrontChannelServlet extends SLOBasicServlet { if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) { //process user initiated single logout process Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + if (authUserObj == null) { + log.warn("No user information found. Single Log-Out not possible"); + buildErrorMessage(request, response); + + } + AuthenticatedUser authUser = (AuthenticatedUser) authUserObj; - + String nameIDFormat = authUser.getNameIDFormat(); String nameID = authUser.getNameID(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index e2a55db60..ab6c22858 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -54,6 +54,7 @@ import org.springframework.beans.factory.config.AutowireCapableBeanFactory; import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; +import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; import at.gv.egovernment.moa.id.config.webgui.MOAIDConfigurationModul; @@ -65,8 +66,6 @@ import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead; - public class ConfigurationProvider { @@ -602,7 +601,7 @@ public class ConfigurationProvider { } catch (Exception e) { log.warn("PVP2 authentification can not be initialized."); - throw new ConfigurationException("PVP2 authentification can not be initialized.", e); + throw new ConfigurationException("error.initialization.pvplogin", e); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 83795567c..95af93af3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -54,7 +54,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.util.MiscUtil; @@ -126,6 +128,7 @@ public class GeneralMOAIDConfig { private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html"; private String publicURLPrefix = null; + private boolean virtualPublicURLPrefixEnabled = false; public GeneralMOAIDConfig() { chainigmodelist = new HashMap<String, String>(); @@ -133,6 +136,26 @@ public class GeneralMOAIDConfig { for (int i=0; i<values.length; i++) { chainigmodelist.put(values[i].value(), values[i].value()); } + + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + if (config != null) { + MOAIDConfiguration dbconfig = config.getDbRead().getMOAIDConfiguration(); + List<TransformsInfoType> authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer().getTransformsInfo(); + + if (authBlockTrans != null && !authBlockTrans.isEmpty()) { + if (secLayerTransformation == null) + secLayerTransformation = new HashMap<String, byte[]>(); + for (TransformsInfoType el : authBlockTrans) + secLayerTransformation.put(el.getFilename(), el.getTransformation()); + + } + } + + } catch (Exception e) { + + } + } public void parse(MOAIDConfiguration config) { @@ -163,7 +186,26 @@ public class GeneralMOAIDConfig { if (authgen.isTrustManagerRevocationChecking() != null) trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); - publicURLPrefix = authgen.getPublicURLPreFix(); + virtualPublicURLPrefixEnabled = + KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix()); + + if (virtualPublicURLPrefixEnabled) { + //format CSV values with newlines + publicURLPrefix = KeyValueUtils.normalizeCSVValueString( + authgen.getPublicURLPreFix()); + + } else { + String tmp = authgen.getPublicURLPreFix(); + if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + publicURLPrefix = tmp.substring(0, + tmp.indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + publicURLPrefix = tmp; + } + + TimeOuts timeouts = authgen.getTimeOuts(); if (timeouts != null) { @@ -819,6 +861,7 @@ public class GeneralMOAIDConfig { * @return the secLayerTransformation */ public Map<String, byte[]> getSecLayerTransformation() { + return secLayerTransformation; } @@ -931,7 +974,12 @@ public class GeneralMOAIDConfig { * @param publicURLPrefix the publicURLPrefix to set */ public void setPublicURLPrefix(String publicURLPrefix) { - this.publicURLPrefix = publicURLPrefix; + if (MiscUtil.isNotEmpty(publicURLPrefix)) + this.publicURLPrefix = + KeyValueUtils.removeAllNewlineFromString(publicURLPrefix); + else + this.publicURLPrefix = publicURLPrefix; + } /** @@ -961,6 +1009,23 @@ public class GeneralMOAIDConfig { public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) { this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest; } + + /** + * @return the virtualPublicURLPrefixEnabled + */ + public boolean isVirtualPublicURLPrefixEnabled() { + return virtualPublicURLPrefixEnabled; + } + + /** + * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set + */ + public void setVirtualPublicURLPrefixEnabled( + boolean virtualPublicURLPrefixEnabled) { + this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; + } + + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index 9b0172a24..d0232e86a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -31,17 +31,13 @@ import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.DefaultBKUs; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAKeyBoxSelector; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentials; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentialsCredentialOIDItem; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType; -import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java index 441c879be..bb98d2e64 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java @@ -27,10 +27,8 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index e092d9e13..9ddb41d83 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -29,23 +29,21 @@ import java.io.File; import java.io.FileInputStream; import java.io.InputStream; import java.util.ArrayList; -import java.util.Date; +import java.util.Arrays; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import org.apache.log4j.Logger; -import edu.emory.mathcs.backport.java.util.Arrays; - import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK; -import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index a658c3f34..504b598c0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -23,9 +23,13 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.math.BigInteger; -import java.util.*; - +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import java.util.Set; +import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; @@ -58,6 +62,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TimeOuts; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; @@ -179,7 +184,12 @@ public class EditGeneralConfigAction extends BasicAction { String error = saveFormToDatabase(); if (error != null) { log.warn("General MOA-ID config can not be stored in Database"); - addActionError(error); + + //set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + addActionError(error); return Constants.STRUTS_ERROR_VALIDATION; } @@ -248,13 +258,27 @@ public class EditGeneralConfigAction extends BasicAction { // if (oldauth != null) // oldauthgeneral = oldauth.getGeneralConfiguration(); - //set Public URL Prefix - String pubURLPrefix = moaconfig.getPublicURLPrefix(); - if(pubURLPrefix.endsWith("/")) { - int length = pubURLPrefix.length(); - pubURLPrefix = pubURLPrefix.substring(0, length-1); - } - dbauthgeneral.setPublicURLPreFix(pubURLPrefix); + //set Public URL Prefix + String pubURLPrefix = moaconfig.getPublicURLPrefix(); + if (moaconfig.isVirtualPublicURLPrefixEnabled()) { + dbauthgeneral.setPublicURLPreFix( + KeyValueUtils.normalizeCSVValueString(pubURLPrefix)); + + } else { + if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) { + dbauthgeneral.setPublicURLPreFix( + pubURLPrefix.trim().substring(0, + pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER))); + + } else + dbauthgeneral.setPublicURLPreFix( + StringUtils.chomp(pubURLPrefix.trim())); + + } + + dbauthgeneral.setVirtualPublicURLPrefixEnabled( + moaconfig.isVirtualPublicURLPrefixEnabled()); + // if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID())) // dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID()); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index a2c5da247..a9889da9c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -53,8 +53,6 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; -import com.fasterxml.jackson.core.JsonProcessingException; - public class ImportExportAction extends BasicAction { private static final Logger log = Logger.getLogger(ImportExportAction.class); @@ -150,7 +148,7 @@ public class ImportExportAction extends BasicAction { } - } catch (JsonProcessingException | JAXBException | FileNotFoundException e) { + } catch (JAXBException | FileNotFoundException e) { log.info("Legacy configuration has an Import Error", e); addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}, request)); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index 8be24edb4..384f0662f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -271,7 +271,7 @@ public class InterfederationIDPAction extends BasicOAAction { businessID = new IdentificationNumber(); onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID); } - businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP"); + businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP"); } else onlineapplication.setTarget("MOA-IDP"); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java index fc310900e..eca4c05ef 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java @@ -94,6 +94,26 @@ public class SAML2Utils { return document; } +// public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() throws ConfigurationException { +// MetadataCredentialResolver resolver; +// +// resolver = new MetadataCredentialResolver(ConfigurationProvider.getInstance().getMetaDataProvier()); +// +// List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); +// keyInfoProvider.add(new DSAKeyValueProvider()); +// keyInfoProvider.add(new RSAKeyValueProvider()); +// keyInfoProvider.add(new InlineX509DataProvider()); +// +// KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( +// keyInfoProvider); +// +// ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( +// resolver, keyInfoResolver); +// +// return engine; +// +// } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 95502cedb..d4e8e957d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -28,10 +28,10 @@ import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; -import java.util.Map; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; @@ -39,8 +39,6 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.helper.StringHelper; -import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -66,14 +64,29 @@ public class MOAConfigValidator { check = form.getPublicURLPrefix(); if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Public URL Prefix is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", request)); - } + String[] publicURLPreFix = check.split(","); + if (form.isVirtualPublicURLPrefixEnabled()) { + for (String el : publicURLPreFix) { + if (!ValidationHelper.validateURL( + StringUtils.chomp(el.trim()))) { + log.info("Public URL Prefix " + el + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}, request)); + } + } + + } else { + if (!ValidationHelper.validateURL( + StringUtils.chomp(publicURLPreFix[0].trim()))) { + log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{publicURLPreFix[0]}, request)); + + } + + } } else { log.info("PublicURL Prefix is empty."); errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); - } + } check = form.getTimeoutAssertion(); if (MiscUtil.isNotEmpty(check)) { @@ -401,7 +414,7 @@ public class MOAConfigValidator { - if (form.getFileUploadFileName() != null) { + if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { HashMap<String, byte[]> map = new HashMap<String, byte[]>(); for (int i=0; i<form.getFileUploadFileName().size(); i++) { String filename = form.getFileUploadFileName().get(i); @@ -426,7 +439,15 @@ public class MOAConfigValidator { } } } + form.setSecLayerTransformation(map); + + } else { + if (form.getSecLayerTransformation() == null) { + log.info("AuthBlock Transformation file is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request)); + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 35b69274f..6476ea1f1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -43,6 +43,7 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.x509.BasicX509Credential; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; @@ -76,9 +77,20 @@ public class OAPVP2ConfigValidation { else { try { - //OracleDB does not allow the selection of a lob in SQL where expression - String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class"); - boolean backupVersion = MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc."); + //Some databases does not allow the selection of a lob in SQL where expression + String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class"); + boolean backupVersion = false; + if (MiscUtil.isNotEmpty(dbDriver)) { + for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { + if (dbDriver.startsWith(el)) { + backupVersion = true; + log.debug("JDBC driver '" + dbDriver + + "' is blacklisted --> Switch to alternative DB access methode implementation."); + + } + + } + } Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion); if (oa != null && |