aboutsummaryrefslogtreecommitdiff
path: root/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java')
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java229
1 files changed, 229 insertions, 0 deletions
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
new file mode 100644
index 000000000..c39e857e4
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
@@ -0,0 +1,229 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesAuthenticationInformationTask extends AbstractTaskValidator implements ITaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesAuthenticationInformationTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return "";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - Authentication Configuration Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ //Check BKU URLs
+ String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY);
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check)) {
+ log.info("Not valid Handy-BKU URL");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY,
+ "BKU - Handy",
+ LanguageHelper.getErrorString("validation.general.bku.handy.valid")));
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL);
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL,
+ "BKU - Local",
+ LanguageHelper.getErrorString("validation.general.bku.local.valid")));
+ }
+
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE);
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE,
+ "BKU - Online",
+ LanguageHelper.getErrorString("validation.general.bku.online.valid")));
+ }
+
+ //check KeyBoxIdentifier
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER);
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty KeyBoxIdentifier");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE,
+ "BKU - KeyBoxIdentifier",
+ LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty")));
+
+ } else {
+ if (!MOAIDConfigurationConstants.ALLOWED_KEYBOXIDENTIFIER.contains(check)) {
+ log.info("Not valid KeyBoxIdentifier " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_ONLINE,
+ "BKU - KeyBoxIdentifier",
+ LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid")));
+ }
+ }
+
+ //check LegacyMode SLTemplates
+ String isLegacyModeActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY);
+ if (MiscUtil.isNotEmpty(isLegacyModeActive) && Boolean.parseBoolean(isLegacyModeActive)) {
+ if (MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE)) &&
+ MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE)) &&
+ MiscUtil.isEmpty(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE)) ) {
+ log.info("Empty OA-specific SecurityLayer Templates");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY,
+ "BKU - SecurityLayer Templates",
+ LanguageHelper.getErrorString("validation.general.sltemplates.empty")));
+
+ } else {
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE);
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
+ log.info("First OA-specific SecurityLayer Templates is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE,
+ "BKU - 1. SecurityLayer Templates",
+ LanguageHelper.getErrorString("validation.general.sltemplate1.valid")));
+ }
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE);
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
+ log.info("Second OA-specific SecurityLayer Templates is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE,
+ "BKU - 2. SecurityLayer Templates",
+ LanguageHelper.getErrorString("validation.general.sltemplate2.valid")));
+ }
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE);
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
+ log.info("Third OA-specific SecurityLayer Templates is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE,
+ "BKU - 3. SecurityLayer Templates",
+ LanguageHelper.getErrorString("validation.general.sltemplate3.valid")));
+ }
+ }
+ }
+
+ //check Mandate Profiles
+ String checkUseMandate = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_USE);
+ if (MiscUtil.isNotEmpty(checkUseMandate) && Boolean.parseBoolean(checkUseMandate)) {
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES);
+ if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ log.warn("MandateProfiles contains potentail XSS characters: " + check);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_PROFILES,
+ "Mandates - Profiles",
+ LanguageHelper.getErrorString("validation.general.mandate.profiles",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+ }
+
+ }
+
+ String isTestCredentialsActive = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED);
+ check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs);
+ if (MiscUtil.isNotEmpty(isTestCredentialsActive) &&
+ Boolean.parseBoolean(isTestCredentialsActive) &&
+ MiscUtil.isNotEmpty(check)) {
+ String[] oids = check.split(",");
+ for (String el : oids) {
+ if (!el.startsWith(MOAIDConfigurationConstants.TESTCREDENTIALROOTOID)) {
+ log.warn("Test credential OID does not start with test credential root OID");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs,
+ "Test-Identities - allowed OIDs",
+ LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid",
+ new Object[] {el}) ));
+ }
+ }
+ }
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 15:45:42 +0000