aboutsummaryrefslogtreecommitdiff
path: root/id/moa-id-webgui/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/moa-id-webgui/src/main')
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java37
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java15
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java22
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java5
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java3
5 files changed, 38 insertions, 44 deletions
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
index 9b25f17e8..f66b4359f 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
@@ -184,24 +184,25 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) ));
}
}
-
- check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, getKeyPrefix()));
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.isValidOAIdentifier(check)) {
- log.warn("CertStoreDirectory contains potentail XSS characters: " + check);
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL,
- "Certificate - CertStore Directory",
- LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid",
- new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) ));
- }
- } else {
- log.info("CertStoreDirectory is empty.");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL,
- "Certificate - CertStore Directory",
- LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty")));
- }
+
+ //INFO: CertStore directory is not required any more since version 3.2.0, because MOA-SPSS certstore is always used
+// check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL, getKeyPrefix()));
+// if (MiscUtil.isNotEmpty(check)) {
+// if (ValidationHelper.isValidOAIdentifier(check)) {
+// log.warn("CertStoreDirectory contains potentail XSS characters: " + check);
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL,
+// "Certificate - CertStore Directory",
+// LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid",
+// new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}) ));
+// }
+// } else {
+// log.info("CertStoreDirectory is empty.");
+// errors.add(new ValidationObjectIdentifier(
+// MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL,
+// "Certificate - CertStore Directory",
+// LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty")));
+// }
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY, getKeyPrefix()));
if (MiscUtil.isNotEmpty(check)) {
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index 8a1a2925b..6d1dafd6c 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.components.configuration.api.Configuration;
import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -185,20 +186,20 @@ public static final List<String> KEYWHITELIST;
// check qaa
try {
- int qaa = Integer.valueOf(input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)));
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
+ String eIDAS_LOA = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(eIDAS_LOA)) {
+ log.warn("eIDAS LoA is not allowed : " + eIDAS_LOA);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- "STORK - QAA Level",
+ "eIDAS - LoA Level",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
- new Object[] {qaa})));
+ new Object[] {eIDAS_LOA})));
}
} catch (Exception e) {
- log.warn("STORK QAA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA));
+ log.warn("eIDAS LoA can not parsed : " + input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA));
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
- "STORK - QAA Level",
+ "eIDAS - LoA Level",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {input.get(MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA)})));
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
index 087334c4b..7f5e93ff9 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
import at.gv.egiz.components.configuration.api.Configuration;
import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
@@ -253,26 +254,15 @@ public class ServicesAuthenticationSTORKTask extends AbstractTaskValidator imple
// check qaa
String qaaString = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);
- if (MiscUtil.isNotEmpty(qaaString)) {
- try {
- int qaa = Integer.parseInt(qaaString);
- if(1 > qaa && 4 < qaa) {
- log.warn("QAA is out of range : " + qaa);
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
- "STORK - minimal QAA level",
- LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
- new Object[] {qaa})));
- }
-
- } catch (NumberFormatException e) {
- log.warn("QAA level is not a number: " + qaaString);
+ if (MiscUtil.isNotEmpty(qaaString)) {
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaaString)) {
+ log.warn("eIDAS-LoA is not allowed: " + qaaString);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL,
- "STORK - minimal QAA level",
+ "eIDAS - LoA is not allowed",
LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
new Object[] {qaaString})));
- }
+ }
}
if (!errors.isEmpty())
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
index 3c358b85f..dac5ae1ee 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolPVP2XTask.java
@@ -185,7 +185,7 @@ public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(cert);
- timer = new Timer();
+ timer = new Timer(true);
httpClient = new MOAHttpClient();
if (metadataURL.startsWith("https:"))
@@ -196,7 +196,8 @@ public class ServicesProtocolPVP2XTask extends AbstractTaskValidator implements
MOAIDWebGUIConfiguration.getInstance().getTrustStoreDirectory(),
null,
"pkix",
- true);
+ true,
+ new String[]{"crl"});
httpClient.setCustomSSLTrustStore(
metadataURL,
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
index c7a74d1a1..eb881d465 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
@@ -190,7 +190,8 @@ public class ServicesProtocolSTORKTask extends AbstractTaskValidator implements
// if (MiscUtil.isEmpty(identificationType) ||
// !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) {
if (MiscUtil.isNotEmpty(identificationType) &&
- !MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)) {
+ !(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK.equals(identificationType)
+ || MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS.equals(identificationType))) {
log.info("STORK V-IDP only allowes identification numbers with STORK prefix.");
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE,