diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 065615666..0e468bb6b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -49,6 +49,7 @@ package at.gv.egovernment.moa.id.util; import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
+import java.net.URISyntaxException;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
@@ -63,6 +64,7 @@ import javax.xml.parsers.ParserConfigurationException; import org.xml.sax.SAXException;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -309,7 +311,7 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ }
}
- } catch (MalformedURLException | ConfigurationException e) {
+ } catch (MalformedURLException | ConfigurationException | URISyntaxException e) {
Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL.", e);
return false;
@@ -529,24 +531,42 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ }
private static boolean validateTemplateUrlToWhiteList(String template, List<String> oaSlTemplates)
- throws ConfigurationException {
+ throws ConfigurationException, MalformedURLException, URISyntaxException {
//check against configured trustet template urls
AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance();
List<String> trustedTemplateURLs = authConf.getSLRequestTemplates();
//get OA specific template URLs
- if (oaSlTemplates != null && oaSlTemplates.size() > 0) {
+ if (oaSlTemplates != null && !oaSlTemplates.isEmpty()) {
for (String el : oaSlTemplates)
if (MiscUtil.isNotEmpty(el))
trustedTemplateURLs.add(el);
}
- boolean b = trustedTemplateURLs.contains(template);
+ boolean b = false;
+ if (template.startsWith("file:")) {
+ for (String el : trustedTemplateURLs) {
+ URL templateUrl = new URL(template);
+ URL trustedUrl = new URL(FileUtils.makeAbsoluteURL(el, authConf.getConfigurationRootDirectory()));
+ b = trustedUrl.equals(templateUrl);
+ if (b) {
+ break;
+ }
+ }
+
+ } else {
+ b = trustedTemplateURLs.contains(template);
+
+ }
+
+
if (b) {
Logger.debug("Parameter Template erfolgreich ueberprueft");
return true;
} else {
+ Logger.info("Template:" + template + " DOES NOT match to allowed templates: ["
+ + org.apache.commons.lang3.StringUtils.join(trustedTemplateURLs, ",") + "]");
Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. "
+ "Parameter ist nicht auf Liste der vertrauenswuerdigen Template URLs "
+ "(Konfigurationselement: MOA-IDConfiguration/TrustedTemplateURLs)");
|