aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/auth/src/main/webapp/index.html0
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java23
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java1
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java43
5 files changed, 64 insertions, 7 deletions
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/id/server/auth/src/main/webapp/index.html
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index 07679999b..47f784c33 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -99,7 +99,7 @@ public class Random {
char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)];
//generate ID
- return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue), true)); // 20 bytes = 160 bits
+ return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits
}
@@ -111,7 +111,7 @@ public class Random {
* @return random hex encoded value [256bit]
*/
public static String nextHexRandom() {
- return new String(Hex.encodeHex(nextByteRandom(32), true)); // 32 bytes = 256 bits
+ return new String(Hex.encodeHex(nextByteRandom(32))); // 32 bytes = 256 bits
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
index cbdd13d0e..add929e1d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
@@ -31,8 +31,6 @@ import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
-import org.apache.commons.lang3.StringUtils;
-
import at.gv.egovernment.moa.util.MiscUtil;
/**
@@ -283,6 +281,27 @@ public class KeyValueUtils {
return false;
}
+ /**
+ * Convert a CSV list to a List of CSV values
+ * <br><br>
+ * This method removes all whitespace at the begin or the
+ * end of CSV values and remove newLine signs at the end of value.
+ * The ',' is used as list delimiter
+ *
+ * @param csv CSV encoded input data
+ * @return List of CSV normalized values, but never null
+ */
+ public static List<String> getListOfCSVValues(String csv) {
+ List<String> list = new ArrayList<String>();
+ if (MiscUtil.isNotEmpty(csv)) {
+ String[] values = csv.split(CSV_DELIMITER);
+ for (String el: values)
+ list.add(el.trim());
+
+ }
+
+ return list;
+ }
/**
* This method remove all newline delimiter (\n or \r\n) from input data
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
index f682913e6..acb0b3aa1 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -52,6 +52,7 @@ public class ELGAMandatesAuthConstants {
public static final String CONFIG_PROPS_ENTITYID = CONFIG_PROPS_PREFIX + "service.entityID";
public static final String CONFIG_PROPS_METADATAURL = CONFIG_PROPS_PREFIX + "service.metadataurl";
public static final String CONFIG_PROPS_METADATA_TRUSTPROFILE = CONFIG_PROPS_PREFIX + "service.metadata.trustprofileID";
+ public static final String CONFIG_PROPS_ALLOWED_MANDATE_TYPES = "service.mandateprofiles";
public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path";
public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password";
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
index 50bac3eab..03711aa40 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
@@ -22,6 +22,8 @@
*/
package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+import java.util.List;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -30,8 +32,10 @@ import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
@@ -69,8 +73,7 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica
elgaMandateUsed = (boolean) elgaMandateUsedObj;
}
-
-
+
//check if both mandate Services are requested
if ( (misMandateUsed != null && misMandateUsed) &&
elgaMandateUsed ) {
@@ -79,8 +82,19 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica
}
- //remove MIS-Mandate flag and set useMandate flag to MOASession
+
if (elgaMandateUsed) {
+ //check mandateProfiles against ELGA-MandateService configuration
+ if (!checkServiceProviderAgainstELGAModulConfigration()) {
+ Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()
+ + " does not fulfill requirements to use ELGA-MandateService.");
+ throw new MOAIDException("service.10", new Object[]{
+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+ "No valid mandate-profile defined"});
+
+ }
+
+ //remove MIS-Mandate flag and set useMandate flag to MOASession
Logger.debug("Authentication process select ELGA-MandateService.");
executionContext.remove(MOAIDAuthConstants.PARAM_USEMISMANDATE);
moasession.setUseMandates(elgaMandateUsed);
@@ -104,4 +118,27 @@ public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthentica
}
}
+
+ /**
+ * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService.
+ *
+ * @return true, if ELGA mandateservice is allowed, otherwise false
+ */
+ private boolean checkServiceProviderAgainstELGAModulConfigration() {
+ String allowedMandateTypesCSV =
+ authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);
+ List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);
+ List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
+
+ boolean isELGAMandateServiceAllowed = false;
+ if (spMandateProfiles != null) {
+ for (String el : allowedMandateTypes) {
+ if (spMandateProfiles.contains(el))
+ isELGAMandateServiceAllowed = true;
+
+ }
+ }
+
+ return isELGAMandateServiceAllowed;
+ }
}