diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java | 368 |
1 files changed, 195 insertions, 173 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 4d4f5f0e0..3b6e001bf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -1,53 +1,75 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - +/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
package at.gv.egovernment.moa.id.util;
-import java.io.IOException; -import java.io.StringReader; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.List; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.servlet.http.HttpServletRequest; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; - -import org.xml.sax.InputSource; -import org.xml.sax.SAXException; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.StringUtils; +import java.io.IOException;
+import java.io.StringReader;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.StringUtils;
public class ParamValidatorUtils implements MOAIDAuthConstants{
@@ -80,66 +102,66 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ return false;
}
- } - - /** - * Checks if the given ccc parameter is valid - * @param ccc HTTP parameter from request - * @return true if ccc is valid - */ - public static boolean isValidCCC(String ccc) { - - Logger.debug("Ueberpruefe Parameter CCC"); - - // if non parameter is given return true - if (StringUtils.isEmpty(ccc)) { - Logger.debug("Parameter CCC ist null"); - return true; - } - - - Pattern pattern = Pattern.compile("[a-zA-Z]{2}"); - Matcher matcher = pattern.matcher(ccc); - boolean b = matcher.matches(); - if (b) { - Logger.debug("Parameter CCC erfolgreich ueberprueft"); - return true; - } - else { - Logger.error("Fehler Ueberpruefung Parameter CCC. CCC entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, sowie 2 Zeichen lang)"); - return false; - } - - } - - /** - * Checks if the given target is valid - * @param sourceID HTTP parameter from request - * @return - */ - public static boolean isValidSourceID(String sourceID) { - - Logger.debug("Ueberpruefe Parameter sourceID"); - - // if non parameter is given return true - if (StringUtils.isEmpty(sourceID)) { - Logger.debug("Parameter Target ist null"); - return true; - } - - - Pattern pattern = Pattern.compile("[\\w-_]{1,20}"); - Matcher matcher = pattern.matcher(sourceID); - boolean b = matcher.matches(); - if (b) { - Logger.debug("Parameter sourceID erfolgreich ueberprueft"); - return true; - } - else { - Logger.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)"); - return false; - } - + }
+
+ /**
+ * Checks if the given ccc parameter is valid
+ * @param ccc HTTP parameter from request
+ * @return true if ccc is valid
+ */
+ public static boolean isValidCCC(String ccc) {
+
+ Logger.debug("Ueberpruefe Parameter CCC");
+
+ // if non parameter is given return true
+ if (StringUtils.isEmpty(ccc)) {
+ Logger.debug("Parameter CCC ist null");
+ return true;
+ }
+
+
+ Pattern pattern = Pattern.compile("[a-zA-Z]{2}");
+ Matcher matcher = pattern.matcher(ccc);
+ boolean b = matcher.matches();
+ if (b) {
+ Logger.debug("Parameter CCC erfolgreich ueberprueft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Ueberpruefung Parameter CCC. CCC entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, sowie 2 Zeichen lang)");
+ return false;
+ }
+
+ }
+
+ /**
+ * Checks if the given target is valid
+ * @param sourceID HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidSourceID(String sourceID) {
+
+ Logger.debug("Ueberpruefe Parameter sourceID");
+
+ // if non parameter is given return true
+ if (StringUtils.isEmpty(sourceID)) {
+ Logger.debug("Parameter Target ist null");
+ return true;
+ }
+
+
+ Pattern pattern = Pattern.compile("[\\w-_]{1,20}");
+ Matcher matcher = pattern.matcher(sourceID);
+ boolean b = matcher.matches();
+ if (b) {
+ Logger.debug("Parameter sourceID erfolgreich ueberprueft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)");
+ return false;
+ }
+
}
/**
@@ -179,7 +201,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ * @return
*/
public static boolean isValidBKUURI(String bkuURI, List<String> allowedBKUs) {
- Logger.debug("Ueberpruefe Parameter bkuURI"); + Logger.debug("Ueberpruefe Parameter bkuURI");
// if non parameter is given return true
if (StringUtils.isEmpty(bkuURI)) {
@@ -195,8 +217,8 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ // check if bkuURI is a local BKU
if (bkuURI.compareToIgnoreCase("https://localhost:3496/https-security-layer-request") == 0 ||
- bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0 || - bkuURI.compareToIgnoreCase("http://127.0.0.1:3495/http-security-layer-request") == 0 || + bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0 ||
+ bkuURI.compareToIgnoreCase("http://127.0.0.1:3495/http-security-layer-request") == 0 ||
bkuURI.compareToIgnoreCase("https://127.0.0.1:3496/https-security-layer-request") == 0) {
Logger.debug("Parameter bkuURI erfolgreich ueberprueft");
return true;
@@ -214,10 +236,10 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ }
}
}
- else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) { - Logger.debug("Parameter bkuURI from configuration is used."); - return true; - + else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) {
+ Logger.debug("Parameter bkuURI from configuration is used.");
+ return true;
+
} else {
Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
@@ -263,26 +285,26 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich ueberprueft");
return true;
}
- else { - //check against configured trustet template urls - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - List<String> trustedTemplateURLs = authConf.getSLRequestTemplates(); - - //get OA specific template URLs - if (oaSlTemplates != null && oaSlTemplates.size() > 0) { - for (TemplateType el : oaSlTemplates) - trustedTemplateURLs.add(el.getURL()); - } - - boolean b = trustedTemplateURLs.contains(template); - if (b) { - Logger.debug("Parameter Template erfolgreich ueberprueft"); - return true; - } - else { - Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ") bzw. ist nicht auf Liste der vertrauenswuerdigen Template URLs (Konfigurationselement: MOA-IDConfiguration/TrustedTemplateURLs)"); - return false; - } + else {
+ //check against configured trustet template urls
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ List<String> trustedTemplateURLs = authConf.getSLRequestTemplates();
+
+ //get OA specific template URLs
+ if (oaSlTemplates != null && oaSlTemplates.size() > 0) {
+ for (TemplateType el : oaSlTemplates)
+ trustedTemplateURLs.add(el.getURL());
+ }
+
+ boolean b = trustedTemplateURLs.contains(template);
+ if (b) {
+ Logger.debug("Parameter Template erfolgreich ueberprueft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ") bzw. ist nicht auf Liste der vertrauenswuerdigen Template URLs (Konfigurationselement: MOA-IDConfiguration/TrustedTemplateURLs)");
+ return false;
+ }
}
@@ -296,9 +318,9 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ } catch (MalformedURLException e) {
Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL.", e);
return false;
- } catch (ConfigurationException e) { - Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL.", e); - return false; + } catch (ConfigurationException e) {
+ Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL.", e);
+ return false;
}
}
@@ -323,9 +345,9 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ Logger.debug("Parameter MOASessionId erfolgreich ueberprueft");
return true;
}
- else { + else {
Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
- return false; + return false;
}
}
@@ -448,7 +470,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ // }
public static boolean isValidXMLDocument(String document) {
- +
if (StringUtils.isEmpty(document))
return false;
@@ -474,38 +496,38 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ return false;
}
- } - - public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) { - - String oaURL = req.getParameter(PARAM_OA); - String bkuURL = req.getParameter(PARAM_BKU); - String templateURL = req.getParameter(PARAM_TEMPLATE); - String useMandate = req.getParameter(PARAM_USEMANDATE); - String ccc = req.getParameter(PARAM_CCC); - - - // check parameter - try { - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (MiscUtil.isEmpty(bkuURL)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (MiscUtil.isEmpty(templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidUseMandate(useMandate)) - throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); - if (!ParamValidatorUtils.isValidCCC(ccc)) - throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); - - } catch (WrongParametersException e) { - return false; - } - - if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL)) - return false; - else - return true; + }
+
+ public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) {
+
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+
+
+ // check parameter
+ try {
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (MiscUtil.isEmpty(bkuURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ if (MiscUtil.isEmpty(templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidCCC(ccc))
+ throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+
+ } catch (WrongParametersException e) {
+ return false;
+ }
+
+ if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL))
+ return false;
+ else
+ return true;
}
}
|