diff options
Diffstat (limited to 'id/moa-id-webgui/src/main/java/at/gv/egovernment/moa')
5 files changed, 38 insertions, 44 deletions
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java index 9b25f17e8..f66b4359f 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java @@ -184,24 +184,25 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); } } - - check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, getKeyPrefix())); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.isValidOAIdentifier(check)) { - log.warn("CertStoreDirectory contains potentail XSS characters: " + check); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, - "Certificate - CertStore Directory", - LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); - } - } else { - log.info("CertStoreDirectory is empty."); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, - "Certificate - CertStore Directory", - LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty"))); - } + + //INFO: CertStore directory is not required any more since version 3.2.0, because MOA-SPSS certstore is always used +// check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, getKeyPrefix())); +// if (MiscUtil.isNotEmpty(check)) { +// if (ValidationHelper.isValidOAIdentifier(check)) { +// log.warn("CertStoreDirectory contains potentail XSS characters: " + check); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, +// "Certificate - CertStore Directory", +// LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", +// new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) )); +// } +// } else { +// log.info("CertStoreDirectory is empty."); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, +// "Certificate - CertStore Directory", +// LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty"))); +// } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY, getKeyPrefix())); if (MiscUtil.isNotEmpty(check)) { diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java index 8a1a2925b..6d1dafd6c 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java @@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; @@ -185,20 +186,20 @@ public static final List<String> KEYWHITELIST; // check qaa try { - int qaa = Integer.valueOf(input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL))); - if(1 > qaa && 4 < qaa) { - log.warn("QAA is out of range : " + qaa); + String eIDAS_LOA = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(eIDAS_LOA)) { + log.warn("eIDAS LoA is not allowed : " + eIDAS_LOA); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, - "STORK - QAA Level", + "eIDAS - LoA Level", LanguageHelper.getErrorString("validation.stork.qaa.outofrange", - new Object[] {qaa}))); + new Object[] {eIDAS_LOA}))); } } catch (Exception e) { - log.warn("STORK QAA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA)); + log.warn("eIDAS LoA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA)); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, - "STORK - QAA Level", + "eIDAS - LoA Level", LanguageHelper.getErrorString("validation.stork.qaa.outofrange", new Object[] {input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA)}))); diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java index 087334c4b..7f5e93ff9 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java @@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.components.configuration.api.Configuration; import at.gv.egiz.components.configuration.api.ConfigurationException; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; @@ -253,26 +254,15 @@ public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator imple // check qaa String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL); - if (MiscUtil.isNotEmpty(qaaString)) { - try { - int qaa = Integer.parseInt(qaaString); - if(1 > qaa && 4 < qaa) { - log.warn("QAA is out of range : " + qaa); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, - "STORK - minimal QAA level", - LanguageHelper.getErrorString("validation.stork.qaa.outofrange", - new Object[] {qaa}))); - } - - } catch (NumberFormatException e) { - log.warn("QAA level is not a number: " + qaaString); + if (MiscUtil.isNotEmpty(qaaString)) { + if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaaString)) { + log.warn("eIDAS-LoA is not allowed: " + qaaString); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, - "STORK - minimal QAA level", + "eIDAS - LoA is not allowed", LanguageHelper.getErrorString("validation.stork.qaa.outofrange", new Object[] {qaaString}))); - } + } } if (!errors.isEmpty()) diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java index 3c358b85f..dac5ae1ee 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java @@ -185,7 +185,7 @@ public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(cert); - timer = new Timer(); + timer = new Timer(true); httpClient = new MOAHttpClient(); if (metadataURL.startsWith("https:")) @@ -196,7 +196,8 @@ public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements MOAIDWebGUIConfiguration.getInstance().getTrustStoreDirectory(), null, "pkix", - true); + true, + new String[]{"crl"}); httpClient.setCustomSSLTrustStore( metadataURL, diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java index c7a74d1a1..eb881d465 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java @@ -190,7 +190,8 @@ public class ServicesProtocolSTORKTask extends AbstractTaskValidator implements // if (MiscUtil.isEmpty(identificationType) || // !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) { if (MiscUtil.isNotEmpty(identificationType) && - !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) { + !(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType) + || MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS.equals(identificationType))) { log.info("STORK V-IDP only allowes identification numbers with STORK prefix."); errors.add(new ValidationObjectIdentifier( MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, |