aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java154
1 files changed, 154 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
new file mode 100644
index 000000000..9c296e2b8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -0,0 +1,154 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.io.IOUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
+
+@Service("UserWhiteList_Store")
+public class UserWhitelistStore {
+
+ @Autowired(required=true) AuthConfiguration authConfig;
+
+ private List<String> whitelist = new ArrayList<String>();
+ private String absWhiteListUrl = null;
+
+ @PostConstruct
+ private void initialize() {
+ String whiteListUrl = authConfig.getBasicConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE);
+ String internalTarget = authConfig.getBasicConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR);
+ if (MiscUtil.isEmpty(whiteListUrl) || MiscUtil.isEmpty(internalTarget))
+ Logger.debug("Do not initialize user whitelist. Reason: NO configuration path to CSV file or NO internal bPK target for whitelist");
+
+ else {
+ if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_CDID))
+ internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_CDID.length());
+ else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_WPBK))
+ internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_WPBK.length());
+ else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_EIDAS))
+ internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_EIDAS.length());
+ else {
+ Logger.warn("Sector: " + internalTarget + " is NOT supported for user whitelist.");
+ Logger.info("User whitelist-store MAY NOT contains all user from whitelist");
+ }
+
+ try {
+ absWhiteListUrl = new URL(FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getConfigurationRootDirectory()))
+ .toURI().toString().substring("file:".length());
+ InputStream is = new FileInputStream(new File(absWhiteListUrl));
+ String whiteListString = IOUtils.toString(new InputStreamReader(is));
+ List<String> preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
+
+
+
+ //remove prefix if required
+ for (String bPK : preWhitelist) {
+ String[] bPKSplit = bPK.split(":");
+ if (bPKSplit.length == 1)
+ whitelist.add(bPK);
+
+ else if (bPKSplit.length ==2 ) {
+ if (internalTarget.equals(bPKSplit[0]))
+ whitelist.add(bPKSplit[1]);
+ else
+ Logger.info("Whitelist entry: " + bPK + " has an unsupported target. Entry will be removed ...");
+
+ } else
+ Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ...");
+
+ }
+
+ Logger.info("User whitelist is initialized with " + whitelist.size() + " entries.");
+
+
+ } catch (FileNotFoundException e) {
+ Logger.warn("Do not initialize user whitelist. Reason: CSV file with bPKs NOT found", e);
+
+ } catch (IOException e) {
+ Logger.warn("Do not initialize user whitelist. Reason: CSV file is NOT readable", e);
+
+ } catch (URISyntaxException e) {
+ Logger.warn("Do not initialize user whitelist. Reason: CSV file looks wrong", e);
+
+ }
+
+ }
+
+ }
+
+ /**
+ * Get the number of entries of the static whitelist
+ *
+ * @return
+ */
+ public int getNumberOfEntries() {
+ return whitelist.size();
+ }
+
+ /**
+ * Check if bPK is in whitelist
+ *
+ * @param bPK
+ * @return true if bPK is in whitelist, otherwise false
+ */
+ public boolean isUserbPKInWhitelist(String bPK) {
+ if (whitelist != null)
+ return whitelist.contains(bPK);
+ else
+ return false;
+
+ }
+
+ public boolean isUserbPKInWhitelistDynamic(String bPK) {
+ return isUserbPKInWhitelistDynamic(bPK, false);
+
+ }
+
+ public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) {
+ try {
+ if (absWhiteListUrl != null) {
+ InputStream is = new FileInputStream(new File(absWhiteListUrl));
+ String whiteListString = IOUtils.toString(new InputStreamReader(is));
+ if (whiteListString != null && whiteListString.contains(bPK)) {
+ Logger.trace("Find user with dynamic whitelist check");
+ return true;
+
+ } else {
+ Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... ");
+ if (!onlyDynamic)
+ return isUserbPKInWhitelist(bPK);
+ }
+
+ }
+ } catch (Exception e) {
+ Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e);
+
+ }
+ if (!onlyDynamic)
+ return isUserbPKInWhitelist(bPK);
+
+
+ return false;
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 18:41:19 +0000