diff options
Diffstat (limited to 'id/server/moa-id-commons')
2 files changed, 491 insertions, 0 deletions
| diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java new file mode 100644 index 000000000..2ad50568a --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java @@ -0,0 +1,104 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.commons.validation; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.util.MiscUtil; + + +public class TargetValidator { + +	private static Map<String, String> targetList = null; +	 +	static { +		targetList = new HashMap<String, String>(); +		targetList.put("AR", "Arbeit"); +		targetList.put("AS", "Amtliche Statistik"); +		targetList.put("BF", "Bildung und Forschung"); +		targetList.put("BW", "Bauen und Wohnen"); +		targetList.put("EA", "EU und Auswärtige Angelegenheiten"); +		targetList.put("EF", "Ein- und Ausfuhr"); +		targetList.put("GH", "Gesundheit"); +		targetList.put("GS", "Gesellschaft und Soziales"); +//		targetList.put("GS-RE", "Restitution"); +		targetList.put("JR", "Justiz/Zivilrechtswesen"); +		targetList.put("KL", "Kultus"); +		targetList.put("KU", "Kunst und Kultur"); +		targetList.put("LF", "Land- und Forstwirtschaft"); +		targetList.put("LV", "Landesverteidigung"); +		targetList.put("RT", "Rundfunk und sonstige Medien sowie Telekommunikation"); +		targetList.put("SA", "Steuern und Abgaben"); +		targetList.put("SA", "Sport und Freizeit"); +		targetList.put("SO", "Sicherheit und Ordnung"); +//		targetList.put("SO-VR", "Vereinsregister"); +//		targetList.put("SR-RG", "Strafregister"); +		targetList.put("SV", "Sozialversicherung"); +		targetList.put("UW", "Umwelt"); +		targetList.put("VT", "Verkehr und Technik"); +		targetList.put("VV", "Vermögensverwaltung"); +		targetList.put("WT", "Wirtschaft"); +		targetList.put("ZP", "Personenidentität und Bürgerrechte(zur Person)"); +		targetList.put("BR", "Bereichsübergreifender Rechtsschutz"); +		targetList.put("HR", "Zentrales Rechnungswesen"); +		targetList.put("KI", "Auftraggeberinterne allgemeine Kanzleiindizes"); +		targetList.put("OI", "Öffentlichkeitsarbeit"); +		targetList.put("PV", "Personalverwaltung"); +		targetList.put("RD", "Zentraler Rechtsdienst"); +		targetList.put("VS", "Zentrale Durchführung von Verwaltungsstrafverfahren"); +//		targetList.put("VS-RG", "Zentrales Verwaltungsstrafregister"); +		targetList.put("ZU", "Zustellungen"); +	} +	 +	public static List<String> getListOfTargets() { +		Map<String, String> list = new HashMap<String, String>(); +		list.put("", ""); +		list.putAll(targetList); +		 +		List<String> sortedList = new ArrayList<String>(); +		sortedList.addAll(list.keySet()); +		Collections.sort(sortedList); +		 +		return sortedList; +	 +	} +	 +	public static String getTargetFriendlyName(String target) { +		String name = targetList.get(target); +		 +		if (MiscUtil.isNotEmpty(name)) +			return name; +		else +			return null; +	} +	 +	public static boolean isValidTarget(String target) { +		return targetList.containsKey(target); +	} +	 +	 +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java new file mode 100644 index 000000000..be6d7d01e --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java @@ -0,0 +1,387 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.commons.validation; + +import iaik.asn1.ObjectID; +import iaik.utils.Util; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.UnknownHostException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + +import org.apache.log4j.Logger; + + +public class ValidationHelper { + +	public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at"; +	 +	private static final Logger log = Logger.getLogger(ValidationHelper.class);	 +	private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy"; +	 + +	 +	public static boolean isPublicServiceAllowed(String identifier) { +		 +		SSLSocket socket = null; +		 +		try { +			URL url = new URL(identifier); +			String host = url.getHost(); +			 +			if (host.endsWith("/")) +				host = host.substring(0, host.length()-1); +			 +			if (url.getHost().endsWith(PUBLICSERVICE_URL_POSTFIX)) { +				log.debug("PublicURLPrefix with .gv.at Domain found."); +				return true; +				 +			} else { +				SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();			 +				socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort()); +				socket.startHandshake(); +				 +				SSLSession session = socket.getSession(); +				Certificate[] servercerts = session.getPeerCertificates(); +				X509Certificate[] iaikChain = new X509Certificate[servercerts.length]; +				for (int i=0; i<servercerts.length; i++) { +					iaikChain[i] = new X509Certificate(servercerts[i].getEncoded()); +				} +				 +				 +				X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0]; +				 +				if (cert != null) { +					ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft +					ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft +					 +					 +					if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) { +						return false; +						 +					} else { +						log.info("Found correct X509 Extension in server certificate. PublicService is allowed"); +						return true; +					}		 +				} +				 +				return false; +			} +				 +		} catch (MalformedURLException e) { +			log.warn("PublicURLPrefix can not parsed to URL", e); +			return false; +			 +		} catch (UnknownHostException e) { +			log.warn("Can not connect to PublicURLPrefix Server", e); +			return false; +			 +		} catch (IOException e) { +			log.warn("Can not connect to PublicURLPrefix Server", e); +			return false; +			 +		} catch (CertificateEncodingException e) { +			log.warn("Can not parse X509 server certificate", e); +			return false; +			 +		} catch (CertificateException e) { +			log.warn("Can not read X509 server certificate", e); +			return false; +			 +		} catch (X509ExtensionInitException e) { +			log.warn("Can not read X509 server certificate extension", e); +			return false; +		} +		 +		finally { +			if (socket != null) +				try { +					socket.close(); +				} catch (IOException e) { +					log.warn("SSL Socket can not be closed.", e); +				} +		} +	} +	 +	public static boolean validateOAID(String oaIDObj) { +		if (oaIDObj != null) { +			try { +				 +				long oaID = Long.valueOf(oaIDObj); +			 +				if (oaID > 0 && oaID < Long.MAX_VALUE) +					return true; +				 +			} catch (Throwable t) { +				log.warn("No valid DataBase OAID received! " + oaIDObj); +			} +		} +		return false; +	} +	 +	public static boolean validateNumber(String value) { +		 +		log.debug("Validate Number " + value); + +		try { +			Float.valueOf(value); +			 +			return true; +			 +		} catch (NumberFormatException e) { +			return false; +		} +		 +		 +	} +	 +	public static boolean validatePhoneNumber(String value) { +		log.debug ("Validate PhoneNumber " + value); +		 +        /* ************************************************************************************************ +         * Legende:  +         * ========   AA = post/pre-Text +         *            BB = (+49) +         *            CC = Vorwahl   +         *            DD = Durchwahl +         *            EE = Nebenstelle                                                                 +         * Pattern p = Pattern.compile("^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]* [0-9][ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $"); +         *                                ------- AA -------      --------------------- BB ---------------------      --------- CC --------          - DD -          - EE -          ------- AA ------- +         * ************************************************************************************************ */ +        Pattern pattern = Pattern.compile("^[a-zA-Z .,;:/\\-]*[ ]*[(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1}[ ]*[0-9]*[ ]*[0-9]*[ ]*[0-9]*[ ]*[a-zA-Z .,;:\\/-]*$"); +        Matcher matcher = pattern.matcher(value); +        boolean b = matcher.matches(); +        if (b) { +     	   log.debug("Parameter PhoneNumber erfolgreich ueberprueft"); +     	  return true; +        } +        else { +     	   log.error("Fehler Ueberpruefung Parameter PhoneNumber. PhoneNumber entspricht nicht den Kriterien ^ [a-zA-Z .,;:/\\-]* [ ]* [(]{0,1}[ ]*[+]{0,1}[ ]*[0-9]{0,2}[ ]*[)]{0,1} [ ]* [0-9]*[ ]*[/\\-]{0,1} [ ]*[ ]* [0-9]* [ ]* [a-zA-Z .,;:\\/-]* $"); +     	  return false;   +        }   +         +		 +	} +	 +	public static boolean validateURL(String urlString) { +		 +		log.debug("Validate URL " + urlString); +		 +		if (urlString.startsWith("http") || urlString.startsWith("https")) { +  		  try { +			new URL(urlString); +			return true; +			 +  		  } catch (MalformedURLException e) { +  		  } +		} +		 +		return false; +	} +	 +//	public static boolean validateGeneralURL(String urlString) { +//		 +//		log.debug("Validate URL " + urlString); +//		 +//  		  try { +//			new URL(urlString); +//			return true; +//			 +//  		  } catch (MalformedURLException e) { +//  			   +//  		  } +//		 +//		return false; +//	} +	 +	public static boolean isValidAdminTarget(String target) { +		    +	   log.debug("Ueberpruefe Parameter Target"); +	             +       Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}"); +       Matcher matcher = pattern.matcher(target); +       boolean b = matcher.matches(); +       if (b) { +    	   log.debug("Parameter SSO-Target erfolgreich ueberprueft. SSO Target is PublicService."); +    	  return true; +       } +       else { +    	   log.info("Parameter SSO-Target entspricht nicht den Kriterien " + +    	   		"(nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang) fuer den oeffentlichen Bereich. " + +    	   		"Valiere SSO-Target fuer privatwirtschaftliche Bereiche."); +    	  return false;   +       }            +	} +	 +	public static boolean isValidTarget(String target) { +		    +		   log.debug("Ueberpruefe Parameter Target"); +		             +	       if (TargetValidator.isValidTarget(target)) { +	    	   log.debug("Parameter Target erfolgreich ueberprueft"); +	    	  return true; +	       } +	       else { +	    	   log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); +	    	  return false;   +	       } +		             +		} +	 +	public static boolean isValidSourceID(String sourceID) { +		    +	   log.debug("Ueberpruefe Parameter sourceID"); + +	   Pattern pattern = Pattern.compile("[\\w-_]{1,20}"); +	   Matcher matcher = pattern.matcher(sourceID); +	   boolean b = matcher.matches(); +	   if (b) { +	 	  log.debug("Parameter sourceID erfolgreich ueberprueft"); +	 	  return true; +      } +      else { +    	  log.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)"); +    	  return false;   +      }             +	} +	 +	public static boolean isDateFormat(String dateString) { +		if (dateString.length() > TEMPLATE_DATEFORMAT.length()) +			return false; +		 +		SimpleDateFormat sdf = new SimpleDateFormat(TEMPLATE_DATEFORMAT); +		try { +			sdf.parse(dateString); +			return true; +			 +		} catch (ParseException e) { +			return false; +		} +	} + +	public static boolean isEmailAddressFormat(String address) { +		if (address == null) { +			return false; +		} +		return Pattern.compile("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,6}$").matcher(address).matches(); +	} +	 +	public static boolean isValidOAIdentifier(String param) { +		if (param == null) { +			return false; +		} +		return param.indexOf(";") != -1 || +					 param.indexOf("%") != -1 || +					 param.indexOf("\"") != -1 || +					 param.indexOf("'") != -1 || +					 param.indexOf("?") != -1 || +					 param.indexOf("`") != -1 || +					 param.indexOf(",") != -1 || +					 param.indexOf("<") != -1 || +					 param.indexOf(">") != -1 || +					 param.indexOf("\\") != -1;	 +		 +	} +	 +	public static String getNotValidOAIdentifierCharacters() { +		 +		return "; % \" ' ` , < > \\"; +	}	 +	 +	public static boolean containsPotentialCSSCharacter(String param, boolean commaallowed) { +		 +		if (param == null) { +			return false; +		} +		return param.indexOf(";") != -1 || +					 param.indexOf("%") != -1 || +					 param.indexOf("\"") != -1 || +					 param.indexOf("'") != -1 || +					 param.indexOf("?") != -1 || +					 param.indexOf("`") != -1 || +					 ( param.indexOf(",") != -1 && !commaallowed ) || +					 param.indexOf("<") != -1 || +					 param.indexOf(">") != -1 || +					 param.indexOf("\\") != -1 || +					 param.indexOf("/") != -1;					 					 +	} +	 +	public static String getPotentialCSSCharacter(boolean commaallowed) { +		 +		if (commaallowed) +			return "; % \" ' ` < > \\ /"; +		else +			return "; % \" ' ` , < > \\ /"; +	} +	 +	public static boolean isNotValidIdentityLinkSigner(String param) { +		if (param == null) { +			return false; +		} +		return param.indexOf(";") != -1 || +					 param.indexOf("%") != -1 || +					 param.indexOf("\"") != -1 || +					 param.indexOf("'") != -1 || +					 param.indexOf("?") != -1 || +					 param.indexOf("`") != -1 || +					 param.indexOf("<") != -1 || +					 param.indexOf(">") != -1;	 +		 +	} +	 +	public static String getNotValidIdentityLinkSignerCharacters() { +		 +		return "; % \" ' ` < >"; +	} +	 +	public static boolean isValidHexValue(String param) { +		 +		try { +			if (param.startsWith("#") && param.length() <= 7) {			 +				Long.decode(param); +				return true; +			} +			 +		} catch (Exception e) { +			 +		} +		return false; +		 +	} +	 +} | 
