diff options
Diffstat (limited to 'id/ConfigWebTool')
21 files changed, 389 insertions, 82 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index e0321dece..71893fca2 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -97,6 +97,12 @@ <artifactId>moa-id-module-stork</artifactId> </dependency> --> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + <version>${org.apache.commons.collections4.version}</version> + </dependency> + <dependency> <groupId>at.gv.util</groupId> diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java new file mode 100644 index 000000000..a25cc44ef --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java @@ -0,0 +1,92 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.util.List; + +import javax.xml.namespace.QName; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.ws.soap.soap11.Envelope; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.signature.SignatureTrustEngine; + +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule; + +/** + * @author tlenz + * + */ +public class PVPSOAPRequestSecurityPolicy extends + AbstractRequestSignedSecurityPolicyRule { + + /** + * @param trustEngine + * @param peerEntityRole + */ + public PVPSOAPRequestSecurityPolicy(SignatureTrustEngine trustEngine, + QName peerEntityRole) { + super(trustEngine, peerEntityRole); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String) + */ + @Override + protected boolean refreshMetadataProvider(String entityID) { + try { + HTTPMetadataProvider metadataProvider = ConfigurationProvider.getInstance().getMetaDataProvier(); + metadataProvider.setRequireValidMetadata(true); + metadataProvider.refresh(); + + return true; + + } catch (Exception e) { + + + } + + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject) + */ + @Override + protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) { + if (inboundData instanceof Envelope) { + Envelope envelope = (Envelope) inboundData; + if (envelope.getBody() != null) { + List<XMLObject> xmlElemList = envelope.getBody().getUnknownXMLObjects(); + if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof SignableSAMLObject) + return (SignableSAMLObject) xmlElemList.get(0); + + } + } + + return null; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java index cff08740b..17d3d9e50 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java @@ -40,6 +40,7 @@ import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.client.BasicSOAPMessageContext; import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; @@ -49,10 +50,12 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.validation.ValidationException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils; /** * @author tlenz @@ -77,25 +80,44 @@ public class SLOBackChannelServlet extends SLOBasicServlet { try { HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); - BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = - new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter( - request)); + + BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext(); + +// BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = +// new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + + messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); + + //messageContext.setMetadataProvider(getConfig().getMetaDataProvier()); + + //set trustPolicy +// BasicSecurityPolicy policy = new BasicSecurityPolicy(); +// policy.getPolicyRules().add( +// new PVPSOAPRequestSecurityPolicy( +// PVP2Utils.getTrustEngine(getConfig()), +// IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); +// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( +// policy); +// messageContext.setSecurityPolicyResolver(resolver); soapDecoder.decode(messageContext); - + Envelope inboundMessage = (Envelope) messageContext .getInboundMessage(); + LogoutResponse sloResp = null; + if (inboundMessage.getBody() != null) { List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); - - LogoutResponse sloResp; + if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) { LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0); - sloResp = processLogOutRequest(sloReq, request); + //validate request signature + PVP2Utils.validateSignature(sloReq, getConfig()); + + sloResp = processLogOutRequest(sloReq, request); + KeyStore keyStore = getConfig().getPVP2KeyStore(); X509Credential authcredential = new KeyStoreX509CredentialAdapter( keyStore, @@ -111,24 +133,17 @@ public class SLOBackChannelServlet extends SLOBasicServlet { context.setOutboundMessageTransport(responseAdapter); encoder.encode(context); - + } else { log.warn("Received request ist not of type LogOutRequest"); response.setStatus(HttpServletResponse.SC_BAD_REQUEST); + return; } } - } catch (MessageDecodingException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - - } catch (SecurityException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - - } catch (NoSuchAlgorithmException e) { - log.error("SLO message processing FAILED." , e); + } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) { + log.error("SLO message processing FAILED." , e); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); } catch (CertificateException e) { @@ -139,15 +154,14 @@ public class SLOBackChannelServlet extends SLOBasicServlet { log.error("SLO message processing FAILED." , e); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - } catch (ConfigurationException e) { - log.error("SLO message processing FAILED." , e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - } catch (MessageEncodingException e) { log.error("SLO message processing FAILED." , e); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); - } + } + + + } protected void doGet(HttpServletRequest request, diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java index 2a35e50b1..c70d34d7e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java @@ -131,13 +131,13 @@ public class SLOBasicServlet extends HttpServlet { } else { log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + " is not found."); - return createSLOResponse(sloReq, StatusCode.PARTIAL_LOGOUT_URI, request); + return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request); } } - private LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException { + protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException { LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); sloResp.setID(gen.generateIdentifier()); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java index 8df7f9d5a..274aa21bf 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java @@ -69,7 +69,6 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils; import at.gv.egovernment.moa.id.configuration.exception.PVP2Exception; import at.gv.egovernment.moa.id.configuration.exception.SLOException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -99,8 +98,15 @@ public class SLOFrontChannelServlet extends SLOBasicServlet { if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) { //process user initiated single logout process Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + if (authUserObj == null) { + log.warn("No user information found. Single Log-Out not possible"); + buildErrorMessage(request, response); + + } + AuthenticatedUser authUser = (AuthenticatedUser) authUserObj; - + String nameIDFormat = authUser.getNameIDFormat(); String nameID = authUser.getNameID(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index e2a55db60..ab6c22858 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -54,6 +54,7 @@ import org.springframework.beans.factory.config.AutowireCapableBeanFactory; import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; +import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; import at.gv.egovernment.moa.id.config.webgui.MOAIDConfigurationModul; @@ -65,8 +66,6 @@ import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead; - public class ConfigurationProvider { @@ -602,7 +601,7 @@ public class ConfigurationProvider { } catch (Exception e) { log.warn("PVP2 authentification can not be initialized."); - throw new ConfigurationException("PVP2 authentification can not be initialized.", e); + throw new ConfigurationException("error.initialization.pvplogin", e); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 83795567c..95af93af3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -54,7 +54,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.util.MiscUtil; @@ -126,6 +128,7 @@ public class GeneralMOAIDConfig { private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html"; private String publicURLPrefix = null; + private boolean virtualPublicURLPrefixEnabled = false; public GeneralMOAIDConfig() { chainigmodelist = new HashMap<String, String>(); @@ -133,6 +136,26 @@ public class GeneralMOAIDConfig { for (int i=0; i<values.length; i++) { chainigmodelist.put(values[i].value(), values[i].value()); } + + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + if (config != null) { + MOAIDConfiguration dbconfig = config.getDbRead().getMOAIDConfiguration(); + List<TransformsInfoType> authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer().getTransformsInfo(); + + if (authBlockTrans != null && !authBlockTrans.isEmpty()) { + if (secLayerTransformation == null) + secLayerTransformation = new HashMap<String, byte[]>(); + for (TransformsInfoType el : authBlockTrans) + secLayerTransformation.put(el.getFilename(), el.getTransformation()); + + } + } + + } catch (Exception e) { + + } + } public void parse(MOAIDConfiguration config) { @@ -163,7 +186,26 @@ public class GeneralMOAIDConfig { if (authgen.isTrustManagerRevocationChecking() != null) trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); - publicURLPrefix = authgen.getPublicURLPreFix(); + virtualPublicURLPrefixEnabled = + KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix()); + + if (virtualPublicURLPrefixEnabled) { + //format CSV values with newlines + publicURLPrefix = KeyValueUtils.normalizeCSVValueString( + authgen.getPublicURLPreFix()); + + } else { + String tmp = authgen.getPublicURLPreFix(); + if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + publicURLPrefix = tmp.substring(0, + tmp.indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + publicURLPrefix = tmp; + } + + TimeOuts timeouts = authgen.getTimeOuts(); if (timeouts != null) { @@ -819,6 +861,7 @@ public class GeneralMOAIDConfig { * @return the secLayerTransformation */ public Map<String, byte[]> getSecLayerTransformation() { + return secLayerTransformation; } @@ -931,7 +974,12 @@ public class GeneralMOAIDConfig { * @param publicURLPrefix the publicURLPrefix to set */ public void setPublicURLPrefix(String publicURLPrefix) { - this.publicURLPrefix = publicURLPrefix; + if (MiscUtil.isNotEmpty(publicURLPrefix)) + this.publicURLPrefix = + KeyValueUtils.removeAllNewlineFromString(publicURLPrefix); + else + this.publicURLPrefix = publicURLPrefix; + } /** @@ -961,6 +1009,23 @@ public class GeneralMOAIDConfig { public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) { this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest; } + + /** + * @return the virtualPublicURLPrefixEnabled + */ + public boolean isVirtualPublicURLPrefixEnabled() { + return virtualPublicURLPrefixEnabled; + } + + /** + * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set + */ + public void setVirtualPublicURLPrefixEnabled( + boolean virtualPublicURLPrefixEnabled) { + this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled; + } + + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index 9b0172a24..d0232e86a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -31,17 +31,13 @@ import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.DefaultBKUs; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAKeyBoxSelector; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentials; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentialsCredentialOIDItem; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType; -import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java index 441c879be..bb98d2e64 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java @@ -27,10 +27,8 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; -import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index e092d9e13..9ddb41d83 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -29,23 +29,21 @@ import java.io.File; import java.io.FileInputStream; import java.io.InputStream; import java.util.ArrayList; -import java.util.Date; +import java.util.Arrays; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import org.apache.log4j.Logger; -import edu.emory.mathcs.backport.java.util.Arrays; - import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK; -import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index a658c3f34..504b598c0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -23,9 +23,13 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.math.BigInteger; -import java.util.*; - +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import java.util.Set; +import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; @@ -58,6 +62,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TimeOuts; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; @@ -179,7 +184,12 @@ public class EditGeneralConfigAction extends BasicAction { String error = saveFormToDatabase(); if (error != null) { log.warn("General MOA-ID config can not be stored in Database"); - addActionError(error); + + //set new formID + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + addActionError(error); return Constants.STRUTS_ERROR_VALIDATION; } @@ -248,13 +258,27 @@ public class EditGeneralConfigAction extends BasicAction { // if (oldauth != null) // oldauthgeneral = oldauth.getGeneralConfiguration(); - //set Public URL Prefix - String pubURLPrefix = moaconfig.getPublicURLPrefix(); - if(pubURLPrefix.endsWith("/")) { - int length = pubURLPrefix.length(); - pubURLPrefix = pubURLPrefix.substring(0, length-1); - } - dbauthgeneral.setPublicURLPreFix(pubURLPrefix); + //set Public URL Prefix + String pubURLPrefix = moaconfig.getPublicURLPrefix(); + if (moaconfig.isVirtualPublicURLPrefixEnabled()) { + dbauthgeneral.setPublicURLPreFix( + KeyValueUtils.normalizeCSVValueString(pubURLPrefix)); + + } else { + if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) { + dbauthgeneral.setPublicURLPreFix( + pubURLPrefix.trim().substring(0, + pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER))); + + } else + dbauthgeneral.setPublicURLPreFix( + StringUtils.chomp(pubURLPrefix.trim())); + + } + + dbauthgeneral.setVirtualPublicURLPrefixEnabled( + moaconfig.isVirtualPublicURLPrefixEnabled()); + // if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID())) // dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID()); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index a2c5da247..a9889da9c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -53,8 +53,6 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; -import com.fasterxml.jackson.core.JsonProcessingException; - public class ImportExportAction extends BasicAction { private static final Logger log = Logger.getLogger(ImportExportAction.class); @@ -150,7 +148,7 @@ public class ImportExportAction extends BasicAction { } - } catch (JsonProcessingException | JAXBException | FileNotFoundException e) { + } catch (JAXBException | FileNotFoundException e) { log.info("Legacy configuration has an Import Error", e); addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}, request)); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index 8be24edb4..384f0662f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -271,7 +271,7 @@ public class InterfederationIDPAction extends BasicOAAction { businessID = new IdentificationNumber(); onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID); } - businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP"); + businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP"); } else onlineapplication.setTarget("MOA-IDP"); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java index fc310900e..eca4c05ef 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java @@ -94,6 +94,26 @@ public class SAML2Utils { return document; } +// public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() throws ConfigurationException { +// MetadataCredentialResolver resolver; +// +// resolver = new MetadataCredentialResolver(ConfigurationProvider.getInstance().getMetaDataProvier()); +// +// List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); +// keyInfoProvider.add(new DSAKeyValueProvider()); +// keyInfoProvider.add(new RSAKeyValueProvider()); +// keyInfoProvider.add(new InlineX509DataProvider()); +// +// KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( +// keyInfoProvider); +// +// ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( +// resolver, keyInfoResolver); +// +// return engine; +// +// } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 95502cedb..d4e8e957d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -28,10 +28,10 @@ import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; -import java.util.Map; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; @@ -39,8 +39,6 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.helper.StringHelper; -import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -66,14 +64,29 @@ public class MOAConfigValidator { check = form.getPublicURLPrefix(); if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Public URL Prefix is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", request)); - } + String[] publicURLPreFix = check.split(","); + if (form.isVirtualPublicURLPrefixEnabled()) { + for (String el : publicURLPreFix) { + if (!ValidationHelper.validateURL( + StringUtils.chomp(el.trim()))) { + log.info("Public URL Prefix " + el + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}, request)); + } + } + + } else { + if (!ValidationHelper.validateURL( + StringUtils.chomp(publicURLPreFix[0].trim()))) { + log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{publicURLPreFix[0]}, request)); + + } + + } } else { log.info("PublicURL Prefix is empty."); errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); - } + } check = form.getTimeoutAssertion(); if (MiscUtil.isNotEmpty(check)) { @@ -401,7 +414,7 @@ public class MOAConfigValidator { - if (form.getFileUploadFileName() != null) { + if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { HashMap<String, byte[]> map = new HashMap<String, byte[]>(); for (int i=0; i<form.getFileUploadFileName().size(); i++) { String filename = form.getFileUploadFileName().get(i); @@ -426,7 +439,15 @@ public class MOAConfigValidator { } } } + form.setSecLayerTransformation(map); + + } else { + if (form.getSecLayerTransformation() == null) { + log.info("AuthBlock Transformation file is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request)); + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 35b69274f..6476ea1f1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -43,6 +43,7 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.x509.BasicX509Credential; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; @@ -76,9 +77,20 @@ public class OAPVP2ConfigValidation { else { try { - //OracleDB does not allow the selection of a lob in SQL where expression - String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class"); - boolean backupVersion = MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc."); + //Some databases does not allow the selection of a lob in SQL where expression + String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class"); + boolean backupVersion = false; + if (MiscUtil.isNotEmpty(dbDriver)) { + for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) { + if (dbDriver.startsWith(el)) { + backupVersion = true; + log.debug("JDBC driver '" + dbDriver + + "' is blacklisted --> Switch to alternative DB access methode implementation."); + + } + + } + } Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion); if (oa != null && diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 36c952ad0..ab404f65b 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -7,6 +7,8 @@ config.03=Hibernate Database connector can not be initialized config.04=OpenSAML (PVP2 Login) can not be initialized config.05=Configuration file not defined +error.initialization.pvplogin=PVP2 authentication can not be initialized. + error.title=Fehler: error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. @@ -125,6 +127,7 @@ webpages.inderfederation.gateway.entityID=EntityID des PVP Portals webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert. webpages.moaconfig.header=Allgemeine Konfiguration webpages.oaconfig.general.publicURLPreFix=Public URL Prefix +webpages.moaconfig.general.virtualPublicURLPrefixEnabled=Virtuelle IDP aktivieren webpages.moaconfig.defaultbkus.header=Default BKUs webpages.moaconfig.slrequesttemplates.header=SecurityLayer Request Templates webpages.moaconfig.slrequesttemplates.local=Locale BKU @@ -438,8 +441,8 @@ validation.general.szrgw.url.valid=Die URL des SZR Gateways hat kein g\u00F6ltig validation.general.trustedcacerts.empty=Das Feld TrustedCACertificates ist leer. validation.general.trustedcacerts.valid=Das Feld TrustedCACertificates enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.slrequest.filename.valid=Der Dateiname der angegebenen SecurtityLayer Transformation enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} -validation.general.slrequest.file.valid=Die angegebenen SecurtityLayer Transformation konnte nicht geladen werden. -validation.general.slrequest.file.empty=Die SecurtityLayer Transformation fehlt. +validation.general.slrequest.file.valid=Die angegebenen AuthBlock Transformation konnte nicht geladen werden. +validation.general.slrequest.file.empty=Die AuthBlock Transformation fehlt. validation.general.aditionalauthblocktext=Der Zusatztext f\u00FCr den AuthBlock enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.bku.handy.empty=Die URL f\u00FCr die Handy-BKU ist leer. diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 439b1111e..29db35a0e 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -7,6 +7,8 @@ config.03=Hibernate Database connector can not be initialized config.04=OpenSAML (PVP2 Login) can not be initialized config.05=Configuration file is not defined +error.initialization.pvplogin=PVP2 authentication can not be initialized. + error.title=Error: error.login.internal=The error occurred during the processing. Please try again or contact Administrator. error.general.text=During the processing the error condition occured. Please try again or contact the administrator. @@ -124,6 +126,7 @@ webpages.inderfederation.gateway.entityID=PVP portal EntityID webpages.moaconfig.save.success=MOA-ID has been successfully saved. webpages.moaconfig.header=General configuration webpages.oaconfig.general.publicURLPreFix=Public URL Prefix +webpages.moaconfig.general.virtualPublicURLPrefixEnabled=Enable virtual IDPs webpages.moaconfig.defaultbkus.header=Default CCE webpages.moaconfig.slrequesttemplates.header=SecurityLayer Request Templates webpages.moaconfig.slrequesttemplates.local=Local CCE @@ -384,7 +387,7 @@ validation.edituser.bpk.valid=BPK contains forbidden characters. The following c validation.general.SAML1SourceID=SAML1SourceID contains forbidden characters. The following characters are not allowed\: {0} validation.general.publicURLprefix.empty=Public URL Prefix is blank. -validation.general.publicURLprefix.valid=Public URL Prefix has invalid format. +validation.general.publicURLprefix.valid=Public URL Prefix {0} has invalid format. validation.general.certStoreDirectory.empty=CertStoreDirectory is blank. validation.general.certStoreDirectory.valid=CertStoreDirectory Feld contains forbidden characters. The following characters are not allowed\: {0} validation.general.Defaultchainigmode.empty=There is no DefaultChainingMode selected. @@ -436,7 +439,8 @@ validation.general.szrgw.url.valid=URL for SZR Gateway has invalid format. validation.general.trustedcacerts.empty=Field TrustedCACertificates is blank. validation.general.trustedcacerts.valid=Das Feld TrustedCACertificates contains forbidden characters. The following characters are not allowed\: {0} validation.general.slrequest.filename.valid=File name of provided SecurityLayer Transformation contains forbidden characters. The following characters are not allowed\: {0} -validation.general.slrequest.file.valid=The provided SecurityLayer Transformation could not be loaded. +validation.general.slrequest.file.valid=The provided AuthBlock-Transformation is not loadable. +validation.general.slrequest.file.empty=No AuthBlock-Transformation found. validation.general.aditionalauthblocktext=The additional text for AuthBlock contains forbidden characters. The following characters are not allowed\: {0} validation.general.bku.handy.empty=URL for Mobile-CCE is blank. diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index 4cbfba19b..00a2fa851 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -664,3 +664,8 @@ div .wwgrp br { #stork_attributelist .wwctrl input[type="checkbox"]{ margin-left:20px; } + +#loadGeneralConfig_moaconfig_publicURLPrefix { + resize: none; + +} diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index fb71854c2..f17ee3623 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -272,4 +272,25 @@ function newAp() { clone.innerHTML = clone.innerHTML.replace(/name="storkOA.attributeProviderPlugins\[\d/g, 'name="storkOA.attributeProviderPlugins[' + nextindex); clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); target.parentNode.appendChild(clone); -}
\ No newline at end of file +} + +function setPublicURLPrefixTestBox(checkbox) { + if (checkbox.checked) { + var textarea = $("#loadGeneralConfig_moaconfig_publicURLPrefix"); + textarea.attr("rows", 6); + textarea.height(120); + + } else { + var textarea = $("#loadGeneralConfig_moaconfig_publicURLPrefix"); + textarea.attr("rows", 1); + textarea.height(25); + + } + return true; +} + +function generalConfigLoadEvent() { + var value = $("#loadGeneralConfig_moaconfig_publicURLPrefix").val(); + $("#loadGeneralConfig_moaconfig_publicURLPrefix").val(value.replace(/,/g,",\n")); + return true; +} diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index bc8c57ec2..ac2c8de5a 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -16,7 +16,7 @@ </head> - <body> + <body onload="generalConfigLoadEvent();"> <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> @@ -37,13 +37,38 @@ <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> - <s:textfield name="moaconfig.publicURLPrefix" - value="%{moaconfig.publicURLPrefix}" - labelposition="left" - key="webpages.oaconfig.general.publicURLPreFix" - cssClass="textfield_long"> - </s:textfield> + <s:if test="moaconfig.isVirtualPublicURLPrefixEnabled()"> + <s:textarea name="moaconfig.publicURLPrefix" + value="%{moaconfig.publicURLPrefix}" + labelposition="left" + key="webpages.oaconfig.general.publicURLPreFix" + cssClass="textfield_long" + rows="6" + requiredLabel="true" + style="height:120px;"> + </s:textarea> + </s:if> + <s:else> + <s:textarea name="moaconfig.publicURLPrefix" + value="%{moaconfig.publicURLPrefix}" + labelposition="left" + key="webpages.oaconfig.general.publicURLPreFix" + cssClass="textfield_long" + rows="1" + requiredLabel="true" + style="height:25px;"> + </s:textarea> + </s:else> + <s:checkbox name="moaconfig.virtualPublicURLPrefixEnabled" + value="%{moaconfig.virtualPublicURLPrefixEnabled}" + labelposition="left" + key="webpages.moaconfig.general.virtualPublicURLPrefixEnabled" + cssClass="checkbox" + onchange="setPublicURLPrefixTestBox(this);"> + </s:checkbox> + + <div class="oa_config_block"> <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.defaultbkus.header", request) %></h3> |