aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java69
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java154
2 files changed, 220 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index f3db82315..390b77dab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -24,10 +24,12 @@ package at.gv.egovernment.moa.id.config.auth.data;
import java.io.Serializable;
import java.security.PrivateKey;
+import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
@@ -59,7 +61,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
* @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdInternalProcessingRestriction()
*/
@Override
- public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException {
+ public boolean hasBaseIdInternalProcessingRestriction() {
return this.hasBaseIdProcessingRestriction;
}
@@ -67,7 +69,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
* @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdTransferRestriction()
*/
@Override
- public boolean hasBaseIdTransferRestriction() throws ConfigurationException {
+ public boolean hasBaseIdTransferRestriction() {
return this.hasBaseIdTransfergRestriction;
}
@@ -75,7 +77,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
* @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier()
*/
@Override
- public String getAreaSpecificTargetIdentifier() throws ConfigurationException {
+ public String getAreaSpecificTargetIdentifier() {
return this.oaTargetAreaIdentifier;
}
@@ -531,5 +533,66 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
return false;
}
+
+ @Override
+ public List<String> foreignbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean containsConfigurationKey(String arg0) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getTargetsWithNoBaseIdTransferRestriction() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getUniqueIdentifier() {
+ return getPublicURLPrefix();
+ }
+
+ @Override
+ public List<String> getRequiredLoA() {
+ if (getQaaLevel() != null)
+ return Arrays.asList(getQaaLevel());
+ else
+ return null;
+ }
+
+ @Override
+ public String getConfigurationValue(String arg0, String arg1) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Boolean isConfigurationValue(String arg0) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isConfigurationValue(String arg0, boolean arg1) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String getLoAMatchingMode() {
+ return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
new file mode 100644
index 000000000..9c296e2b8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -0,0 +1,154 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.io.IOUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
+
+@Service("UserWhiteList_Store")
+public class UserWhitelistStore {
+
+ @Autowired(required=true) AuthConfiguration authConfig;
+
+ private List<String> whitelist = new ArrayList<String>();
+ private String absWhiteListUrl = null;
+
+ @PostConstruct
+ private void initialize() {
+ String whiteListUrl = authConfig.getBasicConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE);
+ String internalTarget = authConfig.getBasicConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR);
+ if (MiscUtil.isEmpty(whiteListUrl) || MiscUtil.isEmpty(internalTarget))
+ Logger.debug("Do not initialize user whitelist. Reason: NO configuration path to CSV file or NO internal bPK target for whitelist");
+
+ else {
+ if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_CDID))
+ internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_CDID.length());
+ else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_WPBK))
+ internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_WPBK.length());
+ else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_EIDAS))
+ internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_EIDAS.length());
+ else {
+ Logger.warn("Sector: " + internalTarget + " is NOT supported for user whitelist.");
+ Logger.info("User whitelist-store MAY NOT contains all user from whitelist");
+ }
+
+ try {
+ absWhiteListUrl = new URL(FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getConfigurationRootDirectory()))
+ .toURI().toString().substring("file:".length());
+ InputStream is = new FileInputStream(new File(absWhiteListUrl));
+ String whiteListString = IOUtils.toString(new InputStreamReader(is));
+ List<String> preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
+
+
+
+ //remove prefix if required
+ for (String bPK : preWhitelist) {
+ String[] bPKSplit = bPK.split(":");
+ if (bPKSplit.length == 1)
+ whitelist.add(bPK);
+
+ else if (bPKSplit.length ==2 ) {
+ if (internalTarget.equals(bPKSplit[0]))
+ whitelist.add(bPKSplit[1]);
+ else
+ Logger.info("Whitelist entry: " + bPK + " has an unsupported target. Entry will be removed ...");
+
+ } else
+ Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ...");
+
+ }
+
+ Logger.info("User whitelist is initialized with " + whitelist.size() + " entries.");
+
+
+ } catch (FileNotFoundException e) {
+ Logger.warn("Do not initialize user whitelist. Reason: CSV file with bPKs NOT found", e);
+
+ } catch (IOException e) {
+ Logger.warn("Do not initialize user whitelist. Reason: CSV file is NOT readable", e);
+
+ } catch (URISyntaxException e) {
+ Logger.warn("Do not initialize user whitelist. Reason: CSV file looks wrong", e);
+
+ }
+
+ }
+
+ }
+
+ /**
+ * Get the number of entries of the static whitelist
+ *
+ * @return
+ */
+ public int getNumberOfEntries() {
+ return whitelist.size();
+ }
+
+ /**
+ * Check if bPK is in whitelist
+ *
+ * @param bPK
+ * @return true if bPK is in whitelist, otherwise false
+ */
+ public boolean isUserbPKInWhitelist(String bPK) {
+ if (whitelist != null)
+ return whitelist.contains(bPK);
+ else
+ return false;
+
+ }
+
+ public boolean isUserbPKInWhitelistDynamic(String bPK) {
+ return isUserbPKInWhitelistDynamic(bPK, false);
+
+ }
+
+ public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) {
+ try {
+ if (absWhiteListUrl != null) {
+ InputStream is = new FileInputStream(new File(absWhiteListUrl));
+ String whiteListString = IOUtils.toString(new InputStreamReader(is));
+ if (whiteListString != null && whiteListString.contains(bPK)) {
+ Logger.trace("Find user with dynamic whitelist check");
+ return true;
+
+ } else {
+ Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... ");
+ if (!onlyDynamic)
+ return isUserbPKInWhitelist(bPK);
+ }
+
+ }
+ } catch (Exception e) {
+ Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e);
+
+ }
+ if (!onlyDynamic)
+ return isUserbPKInWhitelist(bPK);
+
+
+ return false;
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 22:50:33 +0000